Bii o ṣe le Fi sii ati Tunto Server FTP ni Ubuntu
FTP (Ilana Gbigbe Faili) jẹ ibatan ti atijọ ati ilana iṣapẹẹrẹ nẹtiwọọki ti o lo julọ ti a lo fun ikojọpọ/gbigba awọn faili laarin awọn kọnputa meji lori nẹtiwọọki kan. Bibẹẹkọ, FTP nipasẹ ailaabo atilẹba rẹ, nitori o n gbe data papọ pẹlu awọn iwe eri olumulo (orukọ olumulo ati ọrọ igbaniwọle) laisi fifi ẹnọ kọ nkan.
Ikilọ: Ti o ba ngbero lati lo FTP, ronu tito leto asopọ FTP pẹlu SSL/TLS (yoo bo ni nkan atẹle). Bibẹkọkọ, o dara nigbagbogbo lati lo FTP to ni aabo gẹgẹbi SFTP.
Ninu ẹkọ yii, a yoo fihan bawo ni a ṣe le fi sori ẹrọ, tunto ati aabo olupin FTP kan (VSFTPD ni kikun\"Fly FTP Daemon Fidaniloju pupọ") ni Ubuntu lati ni aabo to lagbara si awọn ailagbara FTP.
Igbesẹ 1: Fifi olupin VsFTP sii ni Ubuntu
1. Ni akọkọ, a nilo lati ṣe imudojuiwọn atokọ awọn orisun package eto ati lẹhinna fi package binary VSFTPD sori ẹrọ bi atẹle:
$ sudo apt-get update $ sudo apt-get install vsftpd
2. Lọgan ti fifi sori ẹrọ ba pari, iṣẹ naa yoo wa ni alaabo ni ibẹrẹ, nitorinaa, a nilo lati bẹrẹ pẹlu ọwọ fun akoko tumosi ati tun jẹ ki o bẹrẹ laifọwọyi lati bata eto atẹle:
------------- On SystemD ------------- # systemctl start vsftpd # systemctl enable vsftpd ------------- On SysVInit ------------- # service vsftpd start # chkconfig --level 35 vsftpd on
3. Itele, ti o ba ni ogiriina UFW ṣiṣẹ (ko ṣiṣẹ nipasẹ aiyipada) lori olupin, o ni lati ṣii awọn ibudo 21 ati 20 nibiti awọn daemons FTP n tẹtisi, lati gba aaye si awọn iṣẹ FTP lati awọn ẹrọ latọna jijin, lẹhinna ṣafikun ofin ogiriina titun bi atẹle:
$ sudo ufw allow 20/tcp $ sudo ufw allow 21/tcp $ sudo ufw status
Igbesẹ 2: Tito leto ati Ni aabo Server VsFTP ni Ubuntu
4. Jẹ ki a ṣe bayi awọn atunto diẹ si iṣeto ati ni aabo olupin FTP wa, akọkọ a yoo ṣẹda afẹyinti ti faili atunto atilẹba /etc/vsftpd/vsftpd.conf bii bẹẹ:
$ sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig
Nigbamii ti, jẹ ki a ṣii faili atunto vsftpd.
$ sudo vi /etc/vsftpd.conf OR $ sudo nano /etc/vsftpd.conf
Ṣafikun/yipada awọn aṣayan wọnyi pẹlu awọn iye wọnyi:
anonymous_enable=NO # disable anonymous login local_enable=YES # permit local logins write_enable=YES # enable FTP commands which change the filesystem local_umask=022 # value of umask for file creation for local users dirmessage_enable=YES # enable showing of messages when users first enter a new directory xferlog_enable=YES # a log file will be maintained detailing uploads and downloads connect_from_port_20=YES # use port 20 (ftp-data) on the server machine for PORT style connections xferlog_std_format=YES # keep standard log file format listen=NO # prevent vsftpd from running in standalone mode listen_ipv6=YES # vsftpd will listen on an IPv6 socket instead of an IPv4 one pam_service_name=vsftpd # name of the PAM service vsftpd will use userlist_enable=YES # enable vsftpd to load a list of usernames tcp_wrappers=YES # turn on tcp wrappers
5. Bayi, tunto VSFTPD lati gba/sẹ wiwọle FTP si awọn olumulo ti o da lori faili atokọ olumulo /etc/vsftpd.userlist.
Akiyesi pe nipasẹ aiyipada, awọn olumulo ti a ṣe akojọ ninu userlist_file =/ati be be lo/vsftpd.userlist ti kọ wiwọle iwọle pẹlu aṣayan userlist_deny = BẸẸNI aṣayan ti userlist_enable = BẸẸNI .
Ṣugbọn, aṣayan userlist_deny = KO SI> koodu> yiyi itumọ ti eto aiyipada, nitorinaa awọn olumulo nikan ti orukọ olumulo wọn ti wa ni atokọ ni atokọ olumulo_file =/ati be be lo/vsftpd.userlist ni yoo gba laaye lati buwolu wọle si olupin FTP.
userlist_enable=YES # vsftpd will load a list of usernames, from the filename given by userlist_file userlist_file=/etc/vsftpd.userlist # stores usernames. userlist_deny=NO
Pataki: Nigbati awọn olumulo ba buwolu wọle si olupin FTP, wọn fi wọn sinu tubu chrooted, eyi ni itọsọna gbongbo agbegbe ti yoo ṣe bi itọsọna ile wọn fun igba FTP nikan.
Nigbamii ti, a yoo wo awọn oju iṣẹlẹ ti o ṣee ṣe meji ti bi a ṣe le ṣeto itọsọna ẹwọn chrooted (gbongbo agbegbe), bi a ti salaye ni isalẹ.
6. Ni aaye yii, jẹ ki a ṣafikun/yipada/uncomment awọn aṣayan atẹle meji wọnyi lati ni ihamọ awọn olumulo FTP si awọn ilana Ile wọn.
chroot_local_user=YES allow_writeable_chroot=YES
Aṣayan chroot_local_user = BẸẸNI ṣe pataki tumọ si awọn olumulo agbegbe yoo gbe sinu tubu chroot, itọsọna ile wọn nipasẹ aiyipada lẹhin iwọle.
Ati pe a gbọdọ ni oye daradara pe VSFTPD ko fun laaye liana ewon chroot lati jẹ kikọ, nipa aiyipada fun awọn idi aabo, sibẹsibẹ, a le lo aṣayan allow_writeable_chroot = BẸẸNI lati mu eto yii kuro.
Fipamọ faili naa ki o pa. Lẹhinna a ni lati tun bẹrẹ awọn iṣẹ VSFTPD fun awọn ayipada loke lati ni ipa:
------------- On SystemD ------------- # systemctl restart vsftpd ------------- On SysVInit ------------- # service vsftpd restart
Igbesẹ 3: Idanwo Server VsFTP ni Ubuntu
7. Bayi a yoo ṣe idanwo olupin FTP nipa ṣiṣẹda olumulo FTP pẹlu aṣẹ usedd gẹgẹbi atẹle:
$ sudo useradd -m -c "Aaron Kili, Contributor" -s /bin/bash aaronkilik $ sudo passwd aaronkilik
Lẹhinna, a ni lati ṣe atokọ ni akojọ aigbilik olumulo ninu faili /etc/vsftpd.userlist pẹlu aṣẹ iwoyi ati aṣẹ tee bi isalẹ:
$ echo "aaronkilik" | sudo tee -a /etc/vsftpd.userlist $ cat /etc/vsftpd.userlist
8. Bayi o to akoko lati ṣe idanwo awọn atunto wa loke ti n ṣiṣẹ bi o ṣe nilo. A yoo bẹrẹ nipasẹ idanwo awọn iwọle ailorukọ; a le rii kedere lati inu iṣẹjade ni isalẹ pe awọn iwọle alailorukọ ko ba gba laaye lori olupin FTP:
# ftp 192.168.56.102 Connected to 192.168.56.102 (192.168.56.102). 220 Welcome to TecMint.com FTP service. Name (192.168.56.102:aaronkilik) : anonymous 530 Permission denied. Login failed. ftp> bye 221 Goodbye.
9. Itele, jẹ ki a danwo ti olumulo kan ko ba ṣe atokọ ninu faili /etc/vsftpd.userlist yoo gba igbanilaaye lati buwolu wọle, eyiti kii ṣe otitọ lati iṣejade ti o tẹle:
# ftp 192.168.56.102 Connected to 192.168.56.102 (192.168.56.102). 220 Welcome to TecMint.com FTP service. Name (192.168.56.10:root) : user1 530 Permission denied. Login failed. ftp> bye 221 Goodbye.
10. Bayi a yoo ṣe idanwo ikẹhin lati pinnu boya olumulo kan ti a ṣe akojọ ninu faili /etc/vsftpd.userlist, ti wa ni ipo gangan ninu itọsọna ile rẹ lẹhin iwọle. Ati pe eyi jẹ otitọ lati iṣẹjade ni isalẹ:
# ftp 192.168.56.102 Connected to 192.168.56.102 (192.168.56.102). 220 Welcome to TecMint.com FTP service. Name (192.168.56.102:aaronkilik) : aaronkilik 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls
Ikilọ: Ṣiṣeto aṣayan allow_writeable_chroot = BẸẸNI le jẹ ewu pupọ, o ni awọn itumọ aabo ti o ṣeeṣe, paapaa ti awọn olumulo ba gba igbanilaaye, tabi diẹ sii bẹ, iraye si ikarahun. Lo o nikan ti o ba mọ gangan ohun ti o n ṣe.
A yẹ ki o ṣe akiyesi pe awọn idiyele aabo wọnyi ko ṣe pataki si VSFTPD, wọn tun le ni ipa lori gbogbo awọn daemons FTP miiran ti o funni lati fi awọn olumulo agbegbe sinu awọn ile-ẹwọn chroot.
Nitori idi eyi, ni abala ti o wa ni isalẹ, a yoo ṣalaye ọna ti o ni aabo siwaju sii ti siseto ilana oriṣiriṣi root ti agbegbe ti kii ṣe kikọ si fun olumulo kan.
Igbesẹ 4: Tunto Awọn ilana Ile FTP Olumulo ni Ubuntu
11. Bayi, ṣii faili iṣeto VSFTPD lẹẹkan si.
$ sudo vi /etc/vsftpd.conf OR $ sudo nano /etc/vsftpd.conf
ki o sọ asọye aṣayan aibikita nipa lilo ohun kikọ # bi a ṣe han ni isalẹ:
#allow_writeable_chroot=YES
Nigbamii, ṣẹda itọsọna miiran gbongbo agbegbe fun olumulo (aaronkilik, tirẹ ko ṣee ṣe kanna) ati ṣeto awọn igbanilaaye ti o nilo nipa didiṣẹ awọn igbanilaaye kikọ si gbogbo awọn olumulo miiran si itọsọna yii:
$ sudo mkdir /home/aaronkilik/ftp $ sudo chown nobody:nogroup /home/aaronkilik/ftp $ sudo chmod a-w /home/aaronkilik/ftp
12. Lẹhinna, ṣẹda itọsọna labẹ gbongbo agbegbe pẹlu awọn igbanilaaye ti o yẹ nibiti olumulo yoo fi awọn faili rẹ pamọ:
$ sudo mkdir /home/aaronkilik/ftp/files $ sudo chown -R aaronkilk:aaronkilik /home/aaronkilik/ftp/files $ sudo chmod -R 0770 /home/aaronkilik/ftp/files/
Lẹhinna, ṣafikun/yipada awọn aṣayan isalẹ ni faili atunto VSFTPD pẹlu awọn iye to baamu wọn:
user_sub_token=$USER # inserts the username in the local root directory local_root=/home/$USER/ftp # defines any users local root directory
Fipamọ faili naa ki o pa. Ati tun bẹrẹ awọn iṣẹ VSFTPD pẹlu awọn eto aipẹ:
------------- On SystemD ------------- # systemctl restart vsftpd ------------- On SysVInit ------------- # service vsftpd restart
13. Nisisiyi, jẹ ki a ṣe ayẹwo ikẹhin ati rii daju pe itọnisọna root agbegbe ti olumulo ni itọsọna FTP ti a ṣẹda ninu itọsọna Ile rẹ.
# ftp 192.168.56.102 Connected to 192.168.56.102 (192.168.56.102). 220 Welcome to TecMint.com FTP service. Name (192.168.56.10:aaronkilik) : aaronkilik 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls
O n niyen! Ranti lati pin ero rẹ nipa itọsọna yii nipasẹ fọọmu asọye ni isalẹ tabi o ṣee ṣe lati fun wa ni eyikeyi alaye pataki nipa koko naa.
Ni ikẹhin ṣugbọn ko kere ju, maṣe padanu nkan atẹle wa, nibi ti a yoo ṣe apejuwe bi o ṣe le rii aabo olupin FTP nipa lilo awọn isopọ SSL/TLS ni Ubuntu 16.04/16.10, titi di igba naa, nigbagbogbo wa ni aifwy si TecMint.