# Example config file /etc/vsftpd/vsftpd.conf! B- ]3 K1 @/ u3 _4 {3 \
#2 ?6 F# k6 H0 v8 s- @" }
# The default compiled in settings are fairly paranoid. This sample file
* |3 f. ^& Q( k# loosens things up a bit, to make the ftp daemon more usable.
* l% K6 M3 j8 g1 p, O# Please see vsftpd.conf.5 for all compiled in defaults.
0 g# n. p# E( I! a4 c#
" N+ L! R5 z9 Y6 r4 G' x) ^# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
+ i' V- w8 g( W% m. R5 f# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's* a2 Z0 h" q( g0 s" ]
# capabilities.( t) z9 t/ j& |5 q; j) e
#, R2 F1 q% W1 F$ ]; d/ {
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
$ B; |( }- }3 N( E2 x: Q7 yanonymous_enable=NO- h7 ?) G6 A' I
## @8 V+ [+ A; q/ A! T# _4 H
# Uncomment this to allow local users to log in.' B+ b, l7 h$ X1 g
# When SELinux is enforcing check for SE bool ftp_home_dir9 x, C2 y* F' ?8 G, `+ ]8 H
local_enable=YES. W: s- {8 e1 F) d! c
#! U+ ~1 ]& c7 `6 [
# Uncomment this to enable any form of FTP write command.3 D3 p5 o% z( P o% r& @
write_enable=YES
. C# z- i% e* ]( u2 p#
! |9 R" U) \1 I9 W' D* T0 `# Default umask for local users is 077. You may wish to change this to 022,6 K, j4 g9 W9 i! `0 w0 w
# if your users expect that (022 is used by most other ftpd's)" l% W, g8 t( T `9 W' }1 k
local_umask=022; N( J" [+ F& e- ?* K1 x K4 _
# m4 L. e3 O0 q3 q" H2 Q
# Uncomment this to allow the anonymous FTP user to upload files. This only6 {% g( v* X1 [! T) p1 ]! C6 s
# has an effect if the above global write enable is activated. Also, you will' |( t2 `8 X: a' K' I
# obviously need to create a directory writable by the FTP user.
t# M0 O% Z1 k' z/ X, k+ J# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
/ H1 D! p/ O: u#anon_upload_enable=YES M, I* P. V" w9 o: {
#
. x$ z4 H9 d1 O3 F: S# Uncomment this if you want the anonymous FTP user to be able to create2 Z! X' Q5 a& ]+ C3 g) D0 q
# new directories.; k$ {$ q6 {# K: Q) e% f. B2 m) ~1 e
#anon_mkdir_write_enable=YES' r Q% {6 U9 C1 T3 m2 m
#5 d; T3 B& u, E' _
# Activate directory messages - messages given to remote users when they- y" ?9 R2 S( W( A" L1 E
# go into a certain directory.* N4 H ]( m2 S9 W* K; Z5 Z
dirmessage_enable=YES
8 U' W2 M5 k" }#! _+ k: L8 ~2 c, B1 x* E2 }
# Activate logging of uploads/downloads.
0 S* R/ }( A2 a/ cxferlog_enable=YES
3 q8 X( r2 l P" d- Q( T" v#) w$ e0 i K( k+ a1 a
# Make sure PORT transfer connections originate from port 20 (ftp-data).4 j" A; o) C. v& [7 Q5 j
connect_from_port_20=YES
9 e5 Y5 A+ r! n; s#
8 Y" C' X8 l) f5 c3 C# If you want, you can arrange for uploaded anonymous files to be owned by
# K. T/ J0 w. r7 h* j" E# a different user. Note! Using "root" for uploaded files is not
. K; {' R: B2 b( t+ n+ O* L2 I# recommended!4 E* J0 d4 ?9 m9 \
#chown_uploads=YES9 w2 l8 q2 q: R' ]# }) e
#chown_username=whoever6 T$ x* s, B0 x
#+ ]) P T2 V1 I9 B* @5 b" I! S, j, \
# You may override where the log file goes if you like. The default is shown
3 v- w' ]3 Z% i! f) v$ X6 G, }# below.
( L" Y; K' K2 E) {xferlog_file=/var/log/xferlog
$ E( T0 x8 {) r9 @, t5 H#; J" c3 H9 ]3 n) ]9 Q
# If you want, you can have your log file in standard ftpd xferlog format./ T b2 p2 u( \) k' F [( }
# Note that the default log file location is /var/log/xferlog in this case.( E- k+ M3 B- A2 O& t8 S% S8 G
xferlog_std_format=YES d, D0 h5 D7 E0 I0 w
#
8 J# b" @3 w) Z+ U }& [9 l# You may change the default value for timing out an idle session.* g @2 A( H- i8 \9 M1 \ ~# F
#idle_session_timeout=600+ G, r! t/ }5 d8 _/ s
#* w$ ?% W* z' ~: u
# You may change the default value for timing out a data connection.* c6 [+ m% Q9 Q% S- Z
#data_connection_timeout=120
$ @8 F; R% q5 p3 X2 T8 X#: @2 ]& x( K# k% N% ?; D/ A5 `
# It is recommended that you define on your system a unique user which the
8 v! J* K( ?' N: E) Z% [& L$ D5 L$ @3 C# ftp server can use as a totally isolated and unprivileged user.
- z% l6 p$ z& y. u9 M#nopriv_user=ftpsecure2 ~! p6 s( |, C) `# j
#6 V8 p, H3 h1 H- `' L! ^) K
# Enable this and the server will recognise asynchronous ABOR requests. Not
5 [9 j' \: ~6 W4 i8 X# recommended for security (the code is non-trivial). Not enabling it,
! G: o) e& H" ]4 E) K9 I# however, may confuse older FTP clients.
9 H4 o5 _+ U2 e% h#async_abor_enable=YES
5 f8 c; ]/ N1 a6 l2 \. I; s% n#4 ]+ U( }7 I% F& ]3 ^" X# X$ Y
# By default the server will pretend to allow ASCII mode but in fact ignore
" e* [2 f S0 c+ F3 |) q. ? k% E# the request. Turn on the below options to have the server actually do ASCII1 G' |, C& k- Z
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains v! G. ?9 \, S' g2 L
# the behaviour when these options are disabled.4 `3 R8 m2 ]7 K! ]. y A5 B
# Beware that on some FTP servers, ASCII support allows a denial of service% N; w$ N& u# h
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
4 `( ^; Z6 B5 B+ A) D) p7 r# predicted this attack and has always been safe, reporting the size of the
! Y8 _, ?& G) O" b# raw file.# X) v7 V A' p3 o/ B, p% d
# ASCII mangling is a horrible feature of the protocol.
, `4 _2 `. o8 t3 Hascii_upload_enable=YES
- ~" y! b l# Jascii_download_enable=YES
! L6 s+ [' k9 L3 [5 i4 I" P9 t#1 U9 t3 b8 s9 `: ?8 j. t: B; X
# You may fully customise the login banner string:
# [- N& o* a8 _#ftpd_banner=Welcome to blah FTP service.
; B1 R) K8 p0 {) P# w2 f#
7 f) ~! T: Q# D0 R# You may specify a file of disallowed anonymous e-mail addresses. Apparently- F- X( f. E% E1 A1 I) h. Z
# useful for combatting certain DoS attacks.! s% k% B7 \& }- H1 ~3 S
#deny_email_enable=YES
- w, T* |( I* P: O! v$ q: V ~7 h# (default follows)( Q5 F& h9 U6 @& X& Q. g
#banned_email_file=/etc/vsftpd/banned_emails
6 [0 {- u/ C! ^/ m; Y4 D7 c1 E* D#5 d, k! p2 o5 `, Y. l. g. Z
# You may specify an explicit list of local users to chroot() to their home: q, I/ g( l } y5 {. d
# directory. If chroot_local_user is YES, then this list becomes a list of& i* D1 q6 s" S/ |9 p
# users to NOT chroot().
2 v. S, `" b% f& g9 j) g$ r, U/ q# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that8 V; p+ `2 l6 ]9 K4 Z6 Y
# the user does not have write access to the top level directory within the* T# [) _; S1 K4 D5 S
# chroot)
+ \7 T* }" V: }: ychroot_local_user=YES- Y* E! n' r9 p- Y+ m3 A
#chroot_list_enable=YES3 F3 ~% l+ l. b0 l: M; U
# (default follows)( G2 N- }$ j* ]8 S# J' |- J! K! s
#chroot_list_file=/etc/vsftpd/chroot_list
/ }4 [) h6 C6 e4 N4 x#( |7 |9 T6 L( J5 q5 n% p
# You may activate the "-R" option to the builtin ls. This is disabled by
1 M% ]* j. x6 H+ c# t# default to avoid remote users being able to cause excessive I/O on large* a1 e" ]& P4 t3 V
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
8 z8 I: ~! p/ Y9 H( @+ r# the presence of the "-R" option, so there is a strong case for enabling it.& P" Y1 S% i2 l- C+ n+ j
#ls_recurse_enable=YES, I# c1 R# U/ K h5 u1 z" D
#; R) M1 X. f7 V6 v! ]
# When "listen" directive is enabled, vsftpd runs in standalone mode and
) g2 P1 C& \! ~$ W5 z# listens on IPv4 sockets. This directive cannot be used in conjunction
& Z: ^# R. z# r- r# with the listen_ipv6 directive.
( Q. o0 i" \. z6 E- t1 Hlisten=YES5 l9 R/ o3 K) C+ Q1 u" X
listen_port=990 A9 C C9 r7 d) B, r+ M8 Y/ C
pasv_address=公网IP
) W: t/ r) Y9 e8 z4 Y/ ^#
# Y+ o/ t& ]8 y3 d# This directive enables listening on IPv6 sockets. By default, listening% l4 `7 ^& s7 {1 j; `! W7 e- i
# on the IPv6 "any" address (: will accept connections from both IPv6
/ {! `6 l. z5 m# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
5 }. q4 ~: l6 Y, _7 T$ o4 p# sockets. If you want that (perhaps because you want to listen on specific8 ]* [6 I" B" g7 W7 A6 z0 z g5 z
# addresses) then you must run two copies of vsftpd with two configuration, {) l5 C$ w! i+ G4 j
# files.1 S) ~& S. [3 f) C+ |, ~
# Make sure, that one of the listen options is commented !!4 `8 @# X& g7 Z
listen_ipv6=NO
8 @; F4 U1 |1 U2 o) W [pam_service_name=vsftpd
+ c2 \5 U7 {: O- S# f& n+ G: Iuserlist_enable=NO
0 _4 g0 ~1 Q' |/ T' Ytcp_wrappers=YES
) ]6 X# x' J$ P' Gallow_writeable_chroot=YES0 k* c8 O# E1 O1 H& L
userlist_file=/etc/vsftpd/userlist
5 l, _8 Z! X* ^# Auserlist_deny=NO! Y, Y* Q) p' O2 O& o2 v
ssl_enable=YES: { y$ I- G) O/ h$ U+ {/ G
ssl_tlsv1_2=YES
( J4 Q8 M+ x& @; F- z1 Tssl_sslv2=YES) ^& K( w v3 L8 x& Q: X
ssl_sslv3=YES5 c8 |: o8 L k1 P _4 ~4 t
rsa_cert_file=/etc/ssl/private/vsftpd.pem4 ~! `" z* y: B# x Y, N
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
2 y& R- V3 B/ l4 i1 o) o% B* yallow_anon_ssl=NO
@4 y I. G1 j5 X- \9 z9 Cforce_local_data_ssl=YES
" n7 h5 j& }8 h& w: ~force_local_logins_ssl=YES
- G- M2 h" U! X5 p3 W' `require_ssl_reuse=NO3 u/ X! Y& g' A4 c9 i+ ^
ssl_ciphers=HIGH. p4 b1 Z0 R" ]* B6 S
implicit_ssl=YES
. i) ?- U; N+ s6 w* y$ Yftp_data_port=50000
, [0 b2 e3 O4 v* k" S% Ppasv_enable=YES4 g. o7 y- k: R
pasv_min_port=400000 [: l% Z# T; Y! R/ W- ?) E
pasv_max_port=50000
; e6 x1 @/ J- x5 j1 ^2 _8 _" b+ a& tport_enable=YES
$ w% S8 ^% Z9 ~7 ^8 S# wdebug_ssl=YES, ]% U! M' \. @5 Z( V. N
pasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting0 }; n. J1 G$ }2 } p
. D* s/ R1 J: c. S6 Z
( X6 e5 u$ U$ N& @5 y2 }不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完 - L; T' n6 n6 u1 C3 A) G- N
|
|华强北 电脑城 龙岗电子世界 龙华电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50