1. Install vsftpd and enable the service, open the firewall port
# yum install vsftpd
# systemctl start vsftpd
# systemctl enable vsftpd
# firewall-cmd --zone=public --permanent --add-port=21/tcp
# firewall-cmd --zone=public --permanent --add-service=ftp
# firewall-cmd --reload
|
2. Configure the FTP server:
# cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.orig
vi vsftpd.conf
anonymous_enable=NO
userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd.userlist
chroot_local_user=YES
allow_writeable_chroot=YES
local_root=/etc/ansible/backup
# the above folder needs to be existed
or:
local_root=/var/ftp/ansible/backup
|
3. Fix the SELinux for vsftpd
# setsebool -P allow_ftpd_full_access 1
|
4. Create user for FTP access
# useradd -m -c “dennis” -s /bin/bash dennis
# passwd dennis
Changing password for user dennis.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
# echo "dennis" | tee -a /etc/vsftpd.userlist
# cat /etc/vsftpd.userlist
|
5. Create
Secure FTP
# mkdir /etc/ssl/private
# openssl req -x509 -nodes -keyout /etc/ssl/private/vsftpd.pem -out
/etc/ssl/private/vsftpd.pem -days 365 -newkey rsa:2048
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Lower Parel
Locality Name (eg, city) [Default City]:Mumbai
Organization Name (eg, company) [Default Company Ltd]:TecMint.com
Organizational Unit Name (eg, section) []:Linux and Open Source
Common Name (eg, your name or your server's hostname) []:tecmint
Email Address []:admin@tecmint.com
# firewall-cmd --zone=public --permanent --add-port=990/tcp
# firewall-cmd --zone=public --permanent --add-port=40000-50000/tcp
# firewall-cmd --reload
# vi /etc/vsftpd/vsftpd.conf
# systemctl restart vsftpd
|
No comments:
Post a Comment