|
|
|
|
|
|
|
 |
 |
°Ô½ÃÆÇ ¹®ÀÇ»ó´ã |
|
|
1 : 1 ¹®ÀÇÇÏ·¯°¡±â
|
|
|
¼¹ö / IDC |
|
|
½Åû/¿î¿µ : 02-6959-3661
¼¹ö¿ä±Ý/°áÁ¦ : 02-6959-3660
|
|
|
|
¹®ÀÚ¸Þ¼¼Áö |
|
| 031-698-4744
|
|
|
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| À̸§ |
ÅëÅ«¾ÆÀÌ |
ÀÛ¼ºÀÏ |
2013-06-20 |
|
|
|
|
|
|
|
|
vsftp ¼³Ä¡ ¹æ¹ý°ú ½ÇÇà¹æ¹ý
1. FTP ¼³Ä¡
1) yum install vsftpd -y
2) ½ÃÀ۽à ÀÚµ¿ ½ÃÀÛ
- chkconfig vsftpd on
2. FTP ¼³Á¤
1) Á¶°Ç
- anonymous ±ÝÁö
- Á¢¼ÓÇÑ »ç¿ëÀÚ´Â Àڱ⠵ð·ºÅ丮 »óÀ§·Î´Â Á¢±Ù ºÒ°¡
- ±âº» home directory´Â /home/ftp-users/
- »ç¿ëÀÚ: studygroup1 ±×·ì: studygroup home:/home/ftp-users/studygroup1
- CentOS 6.3
3. vsftpd±âº»¼³Á¤
1) ¼³Á¤ÆÄÀÏ À§Ä¡
vi /etc/vsftpd/vsftpd.conf
2) ÀÚ±â Æú´õ »óÀ§ Æú´õ Á¢±Ù±ÝÁö
¤¡. ¸ðµç »ç¿ëÀÚ°¡ ÁöÁ¤ Æú´õ¿¡¼¸¸ °Ë»ö
- chroot_local_user=YES
# chroot_list_enable =YES
# chroot_list_file=/etc/vsftpd/chroot_list
¤¤. ¸®½ºÆ®¿¡ ÀÖ´Â »ç¿ëÀÚ¸¸ À̵¿ °¡´É(chroot Àû¿ë)
# chroot_local_user=YES
- chroot_list_enable =YES
- chroot_list_file=/etc/vsftpd/chroot_list
¤§. chroot_list¿¡ µî·ÏµÈ »ç¿ëÀÚ¸¦ Á¦¿ÜÇÑ ³ª¸ÓÁö »ç¿ëÀÚ¸¸ÀÇ °èÁ¤ ÁöÁ¤ Æú´õ °Ë»ö(Á¢±Ù±ÝÁö Àû¿ë)
- chroot_local_user = YES
- chroot_list_enable =YES
- chroot_list_file=/etc/vsftpd/chroot_list
¤©. »ç¿ëÀÚ Æú´õ º¯°æ ¹× root Æú´õ ÁöÁ¤[»ç¿ëÀÚ¸¶´Ù ´Ù¸§]
- usermod -d /home/ftp-users/studygroup1 studygroup1 ¼³Á¤
- vi /etc/passwd ==>
studygroup1:x:500:502: :/home/ftp-users/studygroup1/./:/bin/bash
¤±. »ç¿ëÀÚ ±âº» root Æú´õ ÁöÁ¤
- local_root=/home/ftp-users/
- passwd_chroot_enables=YES // passwd¿¡¼ userº°·Î ÁöÁ¤
¤². anonymous ±ÝÁö
- anonymous_enable = NO
¤µ. local »ç¿ëÀÚ Á¢¼Ó °¡´É
- local_enable=YES
¤·. ftp userÀÇ ¾²±â °¡´É
- write_eable=YES
¤¸. FTP »ç¿ëÀÚ ¼³Á¤
- Ãß°¡: vi /etc/vsftpd/vsftpd/user_list -> studygroup1 Ãß°¡
- vsftpd.conf -> userlist_file = /etc/vsftpd/user_list
userlist_enable=YES
userlist_deny=NO
¤º. passive mode ¼³Á¤
- pasv_enable=YES
- pasv_min_port=30000
- pasv_max_port=30100
2.2.8.1 ¹æȺ®¿¡¼ Æ÷Æ® open
- iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 30000:30100 -j ACCEPT
3) Àû¿ë
- service vsftpd restart
4. vsftpd ¿Ü ¼³Á¤
1) ¹æȺ®
- vi /etc/sysconfig/iptables
- iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 20 -j ACCEPT
- iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
2) »ç¿ëÀÚ µî·Ï
- useradd -d /home/ftp-users/studygroup1 -s /usr/sbin/nologin studygroup1
- chown -R /home/ftp-users/studygroup1 studygroup1
- chmod 775 /home/ftp-users/studygroup1
3) troubleshooting
¤¡. 550 SELINUX
- vi /etc/sysconfig/selinux -> SELINUX=disabled
- init 6
¤¤. 500 OOPS meessage ÇØ°á
- vi /etc/shells -> /usr/sbin/nologin Ãß°¡
- addgroup ftp-users
- usermod -G ftp-users studygroup1
4) Active/passive mode
- 21¹ø Æ÷Æ®´Â Á¢¼Ó¿ë, µ¥ÀÌÅÍ Àü¼ÛÀº 20¹ø ȤÀº 1024 ÀÌÈÄ ¹øÈ£
¤¡. active mode
- 21¹ø Æ÷Æ® Á¢¼Ó ÈÄ Å¬¶óÀ̾ðÆ®°¡ ¼¹ö¿¡°Ô µ¥ÀÌÅÍÀü¼Û Æ÷Æ® ¾Ë·ÁÁÜ
- ¼¹ö´Â ack·Î ÀÀ´ä, ¼¹ö¿¡¼ Ŭ¶óÀ̾ðÆ®·Î Á¢¼Ó ½Ãµµ, Ŭ¶óÀ̾ðÆ® ack ÀÀ´ä
- Ŭ¶óÀ̾ðÆ®¿¡¼ ¹æȺ®ÀÌ ¸·Çô ÀÖÀ» °æ¿ì Á¦´ë·Î ÀÛµ¿ÇÏÁö ¸øÇÔ
- Á¢¼Ó: PC ¡æ FTPd(TCP 21), FTPd(TCP 21) ¡æ PC(TCP 1023 ~ 65535)
- µ¥ÀÌÅÍ ±³È¯: FTPd(tcp 20) ¡æ PC(tcp 1023 ~ 65535), PC(tcp 1024 ~ 65535) ¡æ FTPd(TCP 20)
¤¤. passive mode
- 21¹ø Æ÷Æ® Á¢¼Ó ÈÄ ¼¹ö°¡ Ŭ¶óÀ̾ðÆ®¿¡°Ô µ¥ÀÌÅÍÀü¼Û Æ÷Æ®(1024~65535) ¾Ë·ÁÁÜ
- Ŭ¶óÀ̾ðÆ®´Â ÀÌ Æ÷Æ®·Î Á¢¼Ó ½ÃµµÇÏ¿© ¼¹ö¿¡¼ ack
- Á¢¼Ó: PC ¡æ FTPd(TCP 21), FTPd(TCP 21) ¡æ PC(TCP 1023 ~ 65535)
- µ¥ÀÌÅÍ ±³È¯: PC(tcp 1023 ~ 65535)¡æ FTPd(tcp 1023 ~ 65535)
3. ÀÏ¹Ý »ç¿ëÀÚ µî·Ï[±âº»¼³Á¤ÈÄ »ç¿ëÀÚ Ãß°¡½Ã]
1) »ç¿ëÀÚ µî·Ï
¤¡. »ç¿ëÀÚ
useradd TEST -g ftp-users -d /home/ftp-users/TEST
#usermod TEST -d /home/ftp-users/TEST //Ȩµð·ºÅ丮 ¼³Á¤
#userdel TEST
passwd TEST
mkdir /home/ftp-users/TEST
vi /etc/vsftpd/user_list
TEST Ãß°¡
2) »ç¿ëÀÚ Æú´õ¸¸ À̵¿
vi /etc/vsftpd/chroot_list
TEST Ãß°¡
3) »ç¿ëÀÚ FTPÁ¢¼Ó½Ã Æú´õ(chroot)
vi /etc/passwd
TEST/./ Ãß°¡(chrootÀû¿ë)
4) »ç¿ëÀÚ Æú´õ ¹× ±ÇÇÑ ¼³Á¤
cd /home/ftp-users
ls -al
chmod 700 Æú´õÀ̸§
usermod -G ftp-users TEST
5) service vsftpd restart
|
|
|
|
|
|
|
 |
|
|
|
|
|
|
