vsftpd备忘录

实现匿名用户上传文件

#!/bin/bash
# this is vsftpd's script!
mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.back
touch /etc/vsftpd/vsftpd.conf
echo "anonymous_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "local_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "write_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "local_umask=022" >> /etc/vsftpd/vsftpd.conf
echo "anon_upload_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "dirmessage_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "xferlog_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "connect_from_port_20=YES" >> /etc/vsftpd/vsftpd.conf
echo "chown_uploads=YES" >> /etc/vsftpd/vsftpd.conf
echo "chown_username=ftp" >> /etc/vsftpd/vsftpd.conf
echo "xferlog_std_format=YES" >> /etc/vsftpd/vsftpd.conf
echo "listen=YES" >> /etc/vsftpd/vsftpd.conf
echo "pam_service_name=vsftpd" >> /etc/vsftpd/vsftpd.conf
echo "userlist_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "tcp_wrappers=YES" >> /etc/vsftpd/vsftpd.conf
mv /etc/sysconfig/iptables-config /etc/sysconfig/iptables-config.back
touch /etc/sysconfig/iptables-config
echo "IPTABLES_MODULES='ip_conntrack_netbios_ns ip_conntrack_ftp'" >>/etc/sysconfig/iptables-config
echo "IPTABLES_MODULES_UNLOAD='yes'" >>/etc/sysconfig/iptables-config
echo "IPTABLES_SAVE_ON_STOP='no'" >>/etc/sysconfig/iptables-config
echo "IPTABLES_SAVE_ON_RESTART='no'" >>/etc/sysconfig/iptables-config
echo "IPTABLES_SAVE_COUNTER='no'" >>/etc/sysconfig/iptables-config
echo "IPTABLES_STATUS_NUMERIC='yes'" >>/etc/sysconfig/iptables-config
echo "IPTABLES_STATUS_VERBOSE='no'" >>/etc/sysconfig/iptables-config
echo "IPTABLES_STATUS_LINENUMBERS='yes'" >>/etc/sysconfig/iptables-config
setsebool -P allow_ftpd_anon_write on
setsebool -P allow_ftpd_full_access on
service iptables restart
iptables -F
iptables -X
iptables -P FORWARD DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s 192.168.0.0/24 -p tcp --dport 22 -j ACCEPT
iptables -P INPUT DROP
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -d 192.168.0.0/24 -p tcp --sport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -P OUTPUT DROP
# allow inside to outside's ftp connect.
iptables -A INPUT -d 192.168.0.0/24 -p tcp --dport 21 -j ACCEPT
iptables -A OUTPUT -d 192.168.0.0/24 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -s 192.168.0.0/24 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -L
service vsftpd restart
chmod 777 /var/ftp/pub