# Example config file /etc/vsftpd/vsftpd.conf
8 `6 e8 }, L/ n#
- {- @- ]1 Q8 i8 Z# The default compiled in settings are fairly paranoid. This sample file" t' o% Z4 s z' d5 ` O2 _
# loosens things up a bit, to make the ftp daemon more usable.
$ |" H* g4 T& `) d# Please see vsftpd.conf.5 for all compiled in defaults.
1 v( g0 i* z) T$ S* d+ p' [#1 D( z5 Q( D8 J, s7 U- r% B
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
% p+ _& K- ^/ q1 J- i# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
- `" G7 N; s( H3 h# capabilities.2 l1 n; W2 e$ K+ x. Z
#
7 E8 v1 Z c% V- ?1 X' W2 R8 e# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
, {. T- Y: ]7 E' o' x) Oanonymous_enable=NO U4 |1 q8 d3 W, W" Q: s; Z
#' C5 p+ f' S5 {* U' D' Q4 T. I
# Uncomment this to allow local users to log in.
% f) m5 D9 r: _5 e8 t1 A6 @$ l5 v# When SELinux is enforcing check for SE bool ftp_home_dir
; i' v" {* a+ m' ]local_enable=YES
2 v1 J8 q9 p' k- Y, K( H9 y#0 T4 ^" |% {4 g. {
# Uncomment this to enable any form of FTP write command.- g9 T# n# z3 _ f7 y# E
write_enable=YES
' Q/ O+ @, a: b2 q" e#9 E0 d0 C$ v% z& y Z
# Default umask for local users is 077. You may wish to change this to 022,
" l: h. c0 I4 V! q# if your users expect that (022 is used by most other ftpd's)
5 t$ r/ a) X6 O* Tlocal_umask=022
" _+ u$ B1 S( V, k#
1 V& w$ N, \0 n. |( ^6 g! m# Uncomment this to allow the anonymous FTP user to upload files. This only4 v) P. l+ J/ C
# has an effect if the above global write enable is activated. Also, you will% ?5 H: V" d2 E0 ]8 p
# obviously need to create a directory writable by the FTP user.
) I2 R4 R! h& h# E# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access q" W/ J w. s1 K, l- y+ X: [
#anon_upload_enable=YES
7 r0 H% Z3 T& t, m' f r#/ ~# X. c& s' i8 |; q
# Uncomment this if you want the anonymous FTP user to be able to create
4 E8 t- S* B" X/ u( v# new directories.
1 p. i8 @ l2 G3 r- Y#anon_mkdir_write_enable=YES
- P! j% v6 U$ z( E( e6 ~& Y5 g#' H7 q* V! c& x0 X2 |* b
# Activate directory messages - messages given to remote users when they
2 _0 K, F% t" ^: f) N# go into a certain directory.
" a" a0 {0 f3 T3 P/ ?( E; S- idirmessage_enable=YES
1 y# S5 P( D \; K3 k, C7 s#' M) y0 P) Q9 H2 q# C" K) t
# Activate logging of uploads/downloads.
3 F8 c9 M- f& U& k+ q: c' W3 Uxferlog_enable=YES' H+ {, |$ N& n! R; E/ e- y$ h, ~
#& Z. b! D; T0 t C
# Make sure PORT transfer connections originate from port 20 (ftp-data).
6 \! j' Q) @8 w. N3 lconnect_from_port_20=YES
/ u: v$ [5 H2 ~$ x, c8 k#
7 q1 N% u5 e5 o1 i# If you want, you can arrange for uploaded anonymous files to be owned by+ N0 F# ?1 X% P6 Y3 I
# a different user. Note! Using "root" for uploaded files is not
5 h" P+ d q. I+ Y# recommended!
* w, b$ S' L6 a8 C#chown_uploads=YES1 Z$ h: v# O3 m* m5 t. q
#chown_username=whoever1 n3 I4 \0 w3 _; W" e3 W" }
#, T/ @0 s0 h9 U1 y- @7 o) N7 w& ^. I
# You may override where the log file goes if you like. The default is shown
4 F% x6 t h3 g# X: g' Y# _# below.. h8 d# l7 Y& @7 p9 b
xferlog_file=/var/log/xferlog
3 x" R9 @2 r8 |8 m! G, R9 K#7 w% f- u+ Q! F4 O* O7 t4 B4 h; @
# If you want, you can have your log file in standard ftpd xferlog format., N& Z9 ` ^4 @6 c! {
# Note that the default log file location is /var/log/xferlog in this case.6 v2 \) w. E4 v, ~) J0 U0 R
xferlog_std_format=YES8 \" J$ ]4 s- I
#
8 r U/ ? M3 @1 X. Y) i, Q& r# You may change the default value for timing out an idle session.
/ f+ O' N- ~' Z% z& k9 V#idle_session_timeout=6001 I: n, S. q' o# h; Q
#
& c7 Y+ r2 `: O. f% b: F/ {# You may change the default value for timing out a data connection.. X7 T/ F+ w/ T# v
#data_connection_timeout=120# j P" B6 P- d' C2 k; ]/ w
#
+ `! u, \" |; i6 T# It is recommended that you define on your system a unique user which the, [% ]) ?9 m# H
# ftp server can use as a totally isolated and unprivileged user.
& V' U( b; B% E& v3 Z#nopriv_user=ftpsecure, s5 y0 G r' F; w0 `
## M4 e" I. H1 \; @( ^
# Enable this and the server will recognise asynchronous ABOR requests. Not
* t" `' W% K) H ^6 I/ H+ U# recommended for security (the code is non-trivial). Not enabling it,
& _4 l- G8 x8 x1 x( {/ k$ G# however, may confuse older FTP clients., w, `1 K0 W+ b% F5 @
#async_abor_enable=YES
; f/ {* Q' X( u! ]% M; Q( Z#
s0 t( z( F- z1 L# By default the server will pretend to allow ASCII mode but in fact ignore
9 L8 V7 P% S3 [6 d! }& s, ]# the request. Turn on the below options to have the server actually do ASCII
/ N7 R7 O! T3 H3 `2 D# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains2 c+ T8 h% d; ^4 A8 y* D9 ^
# the behaviour when these options are disabled.
* P$ i, h, u: g6 ^: I# Beware that on some FTP servers, ASCII support allows a denial of service) h! M4 f4 D/ x2 f! ?) C
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd) b/ M) Z% W/ n& ]1 m
# predicted this attack and has always been safe, reporting the size of the
2 s2 p, ]2 O$ x# raw file.. j! o+ y, o$ q+ ]" L% e' N
# ASCII mangling is a horrible feature of the protocol.
0 G1 G! @) m$ p* zascii_upload_enable=YES/ A9 G" u" o% V0 i
ascii_download_enable=YES
0 n, ]/ y6 C' d7 t2 q1 V#7 i0 p, L; a8 ^8 m4 y- E% A
# You may fully customise the login banner string:
' k, ^4 G( E% M9 M ^ {#ftpd_banner=Welcome to blah FTP service.
! ^) v# D* }8 M" e#
6 H0 q8 r6 P) [& i8 q# You may specify a file of disallowed anonymous e-mail addresses. Apparently
7 x# y1 Y( t* t( u# useful for combatting certain DoS attacks.
( |! d* V0 Y# q" ]4 B#deny_email_enable=YES+ b- K2 i+ b+ ^# v4 G# J/ U* r+ H, ^
# (default follows)/ ?% v1 w0 i) P _) ^1 v
#banned_email_file=/etc/vsftpd/banned_emails
: y" ~6 n# V; A+ n+ P6 r1 C#. I9 R- P& k1 }0 n( d4 w% W0 h V0 J
# You may specify an explicit list of local users to chroot() to their home
# s% R# L6 K0 O# C6 t/ v# directory. If chroot_local_user is YES, then this list becomes a list of
; F C8 C6 k8 d# users to NOT chroot().
; o% W R; i: U/ d% B# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that! j4 L, R* o5 i# d
# the user does not have write access to the top level directory within the1 m+ m& Z3 \% E; K- U
# chroot)9 g( w1 g! Z% M% w, {: y
chroot_local_user=YES; W$ V6 u U* ~. _
#chroot_list_enable=YES6 b# _9 l* y/ k4 T3 _
# (default follows)& s. i: Z" G% V; g0 V5 i( A
#chroot_list_file=/etc/vsftpd/chroot_list
: V, y9 L$ A5 w; {$ b# ?9 i9 k! Q* F# P8 {! b8 t
# You may activate the "-R" option to the builtin ls. This is disabled by) f6 q% F# a8 a# K5 d# S
# default to avoid remote users being able to cause excessive I/O on large
, x& s1 T8 t7 U1 Q0 I# X, O# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
8 S1 M0 _ t% x1 k4 s# the presence of the "-R" option, so there is a strong case for enabling it., A! T" @- N+ H8 L2 i6 h
#ls_recurse_enable=YES4 q% N4 q# D7 @ @6 X5 }/ S
#
- J+ ?5 J5 @" |# When "listen" directive is enabled, vsftpd runs in standalone mode and' B- c+ v# K4 n, @& j' Z8 p
# listens on IPv4 sockets. This directive cannot be used in conjunction
# w, H, {& |* N& G* j% @' P& l1 f# with the listen_ipv6 directive.0 _" {8 ~) w9 F" n Q6 b
listen=YES3 @4 v: F0 v; ^) s. e, p; I
listen_port=990
; G* s# v) a) m) `+ d xpasv_address=公网IP
# x6 i c9 F- X$ c, T#
% t) V" n# T9 r$ L/ V( j; z# This directive enables listening on IPv6 sockets. By default, listening- v1 S* l4 _' W; x
# on the IPv6 "any" address (: will accept connections from both IPv6, W# u% v+ i( X$ f
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv65 d# E" t6 d8 x% H0 P
# sockets. If you want that (perhaps because you want to listen on specific0 F z' R# |/ i+ _
# addresses) then you must run two copies of vsftpd with two configuration' I+ s# u- `1 W
# files.
2 _* q+ ?' V0 g9 y+ ^# Make sure, that one of the listen options is commented !!
/ ^/ w; L( [5 Blisten_ipv6=NO
& z" |1 D2 U2 ^0 U/ s% F) \. a, Opam_service_name=vsftpd
: f6 x- ?- W6 @/ A$ E9 ]) W% euserlist_enable=NO- J5 y8 _% B0 k7 Z3 v
tcp_wrappers=YES
/ J/ G9 |3 N$ ^allow_writeable_chroot=YES' \8 ^- d0 e9 V* l
userlist_file=/etc/vsftpd/userlist! m5 i, Z4 O- j2 a. H
userlist_deny=NO
& Y/ U* b. V3 M! P, \8 }9 mssl_enable=YES+ Y" F+ F! j+ O5 t9 q
ssl_tlsv1_2=YES
, ^" x3 W1 z% {6 l: ^* Essl_sslv2=YES
* o( R* Z4 |. k0 C3 ?* ?: zssl_sslv3=YES4 ~+ E6 p f* X$ P% a6 B+ L, {4 D
rsa_cert_file=/etc/ssl/private/vsftpd.pem9 ^- b, {; q' j* `9 F+ Z
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
8 t, Q6 Y9 f4 Z# iallow_anon_ssl=NO5 m" Z: W% W, I( ?0 I! y- G' t
force_local_data_ssl=YES
4 S5 K. W, q* B5 v2 {; Qforce_local_logins_ssl=YES, j7 q2 N0 I5 } x. l# n/ K
require_ssl_reuse=NO! j% N2 B! V6 I$ h2 |0 S& f* F) O
ssl_ciphers=HIGH' N+ ^5 h# F$ N5 Z4 Y l" D
implicit_ssl=YES
2 r# R2 C/ }% _1 G2 z& wftp_data_port=50000
K' U8 A, j# rpasv_enable=YES+ b: Y8 @( f h
pasv_min_port=400000 ~8 K* o: R6 Z7 @5 J
pasv_max_port=50000! E3 }5 T0 l3 z) h1 D( H1 b
port_enable=YES
* q. W8 Z+ P" ndebug_ssl=YES
; R5 U w) h2 i/ n5 opasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting
2 D) v3 d. |5 L/ O$ o
. m6 _ c9 [' S, [. y! G1 d0 Y! l3 c& h. m D' O8 v! M1 I
不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完 - V+ m1 ?# v/ ~% R% I& O9 L
|
|华强北 电脑城 龙岗电子世界 龙华电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50