CentOS 6.4 + vsftpd 3.0.2 + ftps + 가상유저 설치
리눅스/설치1. 소스 다운로드
http://vsftpd.beasts.org 에서 최신 버전 소스를 다운합니다.
2. 의존성 패키지 설치
yum install pam.x86_64 pam-devel.x86_64
yum install tcp_wrappers.x86_64 tcp_wrappers-devel.x86_64 tcp_wrappers-libs.x86_64
yum install db4-utils
3. 소스 압축해제
tar xvzf vsftpd-3.0.2.tar.gz
4. 소스 패치 (2개 파일)
vi logging.c postlogin.c
str_replace_unprintable(p_str, '?'); 를 찾아서 // 로 comment 처리
vi builddefs.h (아래와 같이 udef --> define으로 변경)
#define VSF_BUILD_TCPWRAPPERS
#define VSF_BUILD_PAM
#define VSF_BUILD_SSL
5. 컴파일 및 설치
make; make install
6. init 스크립트 추가
vi /etc/init.d/vsftpd
#!/bin/bash
#
# vsftpd This shell script takes care of starting and stopping
# standalone vsftpd. Customized to be used with CentOS 5.4
# and Monit by creating PID files for each process
#
# chkconfig: - 60 50
# description: Vsftpd is a ftp daemon, which is the program \
# that answers incoming ftp service requests.
# processname: vsftpd
# config: /etc/vsftpd/vsftpd.conf
# Source function library.
. /etc/rc.d/init.d/functions
RETVAL=0
prog="vsftpd"
site="$prog"
sbin="/usr/sbin/vsftpd"
conf="/etc/vsftpd/vsftpd.conf"
pidfile="/var/run/vsftpd/vsftpd.pid"
[ -d /var/run/$prog ] || mkdir -p /var/run/$prog
start() {
[ -x $sbin ] || exit 1
[ -r $conf ] || exit 1
if [ -f $pidfile ]; then
pid=`cat $pidfile`
ps -ef | grep -v grep | grep $pid | grep $sbin > /dev/null
if [ $? -eq 0 ]; then
echo "$prog already running!"
exit 1
else
rm -f $pidfile
fi
fi
echo -n $"Starting $prog: "
$sbin $conf &
[ $? -eq 0 ] && success || failure
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
pidcmd=`ps -ef | grep -v grep | grep $sbin | awk '{print $2}'`
echo $pidcmd > $pidfile
echo
return $RETVAL
}
stop() {
echo -n $"Shutting down $prog: "
killproc $prog
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
rm -f $pidfile
return $RETVAL
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
stop
start
RETVAL=$?
;;
condrestart)
if [ -f /var/lock/subsys/$prog ]; then
stop
start
RETVAL=$?
fi
;;
status)
status $prog
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status}"
exit 2
esac
exit $RETVAL
7. vsftp 설정
# adduser virtualuser
# cp vsftpd.conf /etc/vsftpd/vsftpd.conf
# vi /etc/pam.d/vsftpd
auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/virtual_passwd
account required /lib64/security/pam_userdb.so db=/etc/vsftpd/virtual_passwd
다음 구문 추가 또는 수정
# vi /etc/vsftpd/vsftpd.conf
listen=YES
listen_port=2001
pam_service_name=vsftpd
tcp_wrappers=YES
guest_enable=YES
guest_username=virtualuser
virtual_use_local_privs=YES
hide_ids=YES
pasv_enable=YES
pasv_min_port=2002
pasv_max_port=2100
# 사용자 디렉토리 별도 지정
user_config_dir=/home/vsftpd/users
allow_writeable_chroot=YES
ssl_enable=YES
rsa_cert_file=/etc/pki/tls/certs/vsftpd.pem
force_local_logins_ssl=YES
force_local_data_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
allow_anon_ssl=NO
8. 사용자/passwd 파일 추가
# cd /etc/vsftpd
# vi virtual_user.txt
user1
user1-pass
user2
user2-pass
// 사용자 password 변환
# db_load -T -t hash -f virtual_user.txt /etc/vsftpd/virtual_passwd.db
# mkdir /home/vsftpd/users
# vi /home/vsftpd/users/user1
local_root=/home/vsftpd/user1
write_enable=no
9. ssl 설정
# cd /etc/pki/tls/certs
// 10년 짜리 키 생성
# openssl req -x509 -nodes -days 3650 -newkey rsa:1024 -keyout vsftpd.pem -out vsftpd.pem
# chmod 600 vsftpd.pem