FTP_HTTP

原创

qushanshan 2011-11-27 09:08:50 ©著作权

©著作权归作者所有：来自51CTO博客作者qushanshan的原创作品，请联系作者获取转载授权，否则将追究法律责任

FTP

1.The name of the FTP server package in Red Hat Enterprise Linux 6 is vsftpd,which stands for Very Secure File Transfer Protocol Daemon.The service name is also called vsftpd.

2.Default configuration file supports anonymous download-only access to a chrooted tree located at /var/ftp.That means a remote FTP client can connect to the server as user anonymous or ftp with no passwd.

3Foue Steps for FTP Service:

1#yum install vsftpd

2#services vsftpd start

3#chkconfig vsftpd on

4#Test: we can use Firefox or Nautilus to see if the service is working.

4.we can use $man 5 vsftpd.conf to see the details of it.

5.We should also turn off SELinux and iptables.

Practice #1

Install vsftpd package
service vsftpd on
we can change /etc/vsftpd/vsftpd.conf to permit uploads by anonymous users in /vat/ftp/shanshan/

***we should change the permit of the directory of shanshan to user:ftp group:ftp

This line:anon_upload_enable=YES

Practice #2

1.we can change /etc/vsftpd/vsftpd.conf to permit make directory by anonymous users in /vat/ftp/shanshan/

This line:anon_mkdir_write_enable=YES

Practice #3

1Make an unique greeting banner for yourself

ftpd_banner=Welcome to blah FTP service woshi shanshan.

FTP_Security

1.The FTP protocol has two modes which use network ports differently,”active”and”passive”.

2.In “active” mode,the server will open a second connection from its 20 /tcp to a port specified by the client for each data transfer.

3.In “passive” mode, the client will open a second connection to a random high TCP port specified by the server for each data tranfer.

4.check which ports are commonly used for ftp

# grep ‘ftp’ /etc/services

5.FTP Configuration

Individual users can be denied access by placing their username in /etc/vsftpd/ftpusers.

A second file,/etc/vsftpd/user_list is only examined if userlist_enable=YES is set in /etc/vsftpd/vstfpd.conf.

6.Chroot

First, we can change these lines of /etc/vsftpd/vsftpd.conf.

$chroot_local_user=YES

$chroot_list_enable=YES

# (default follows)

$chroot_list_file=/etc/vsftpd/chroot_list

Second,we should touch the file of /etc/vsftpd/chroot_list

If we do the works above,we can use user shanshan to test.

$lftp 10.66.140.102

$user shanshan

$cd / ***Then,we can inbound the directory of /

Other,if we put the user shanshan in the file of chroot_list

we do the same words.

$lftp 10.66.140.102

$user shanshan

$cd / ***user shanshan don’t has the permission to chroot

HTTP

1#yum install httpd

2#service httpd start

3# chkconfig httpd on

4#check the DocumentRoot in Configure file

# cat /etc/httpd/conf/httpd (We can also change the port of HTTP in this file)

DocumentRoot “/var/www/html” (We can also change the directory of HTTP)

5#Create an index.html in DocumentRoot directory

6#check

HTTP virtual host

we change these lines in /etc/httpd/conf/http.conf

Such as:

# ServerAdmin webmaster@dummy-host.example.com

DocumentRoot /qss

ServerName qss.com

# ErrorLog logs/dummy-host.example.com-error_log

# CustomLog logs/dummy-host.example.com-access_log common

</VirtualHost>

# ServerAdmin webmaster@dummy-host.example.com

DocumentRoot /ssq

ServerName ssq.com

# ErrorLog logs/dummy-host.example.com-error_log

# CustomLog logs/dummy-host.example.com-access_log common

</VirtualHost>

then we can check in the firefox

7. 在虚拟机中配置 Apache 服务器。
要求：
(1) 创建 /httpd/index.html 文件，内容是你的邮箱；
(2) 从 HOST 上通过 stationX.gss.org 可以访问这个文件；
(3) 只授权 kevin 可以访问 /httpd/index.html 文件；
(4) 从 HOST 上通过 stationX.cracker.org 可以访问 /var/www/html /index.html 文件，其内容是你的英文名字。