# Example config file /etc/vsftpd/vsftpd.conf; A9 a* Z) n) w6 S
#6 M9 {1 M8 e2 l+ X5 s4 I9 }
# The default compiled in settings are fairly paranoid. This sample file% h3 V9 t4 x7 ?- M1 p" \' e
# loosens things up a bit, to make the ftp daemon more usable.; F+ `# R) y. q4 R! U. {
# Please see vsftpd.conf.5 for all compiled in defaults.7 r+ h' y' q o! J( P U5 v
#
+ \, i5 ]/ H/ y# READ THIS: This example file is NOT an exhaustive list of vsftpd options.; L: i: E3 S0 M8 y' q
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
* {0 l/ ?5 k6 ^7 _; ~1 A. T- T# capabilities.' G. _2 T/ k" ~( l: [9 K
#
' X/ [/ a/ i3 l% R# Allow anonymous FTP? (Beware - allowed by default if you comment this out).5 u" z* [5 e6 _7 Z" ?
anonymous_enable=NO& S; Q2 m/ i% S- |. i7 f
#8 o6 b2 p1 H: H& W+ j1 v6 R' V
# Uncomment this to allow local users to log in.
% Z2 C* t/ `6 B7 Y; G, @# When SELinux is enforcing check for SE bool ftp_home_dir
( o$ N& [, Y3 ?; K8 Ulocal_enable=YES
- V: D5 j/ c: d#
* _8 ~' Y& v4 q# w4 ]& o- Z9 w! G' p- c# Uncomment this to enable any form of FTP write command.
: {$ O7 L* x# D. R5 o3 I- {write_enable=YES
- n8 J A! N# w8 _$ c7 Z9 P& ]#
2 H5 D) G1 c' H6 F9 V k# Default umask for local users is 077. You may wish to change this to 022,* k% M. Q$ I4 T; ?8 ?! @
# if your users expect that (022 is used by most other ftpd's)# K* x, c, N) V5 h
local_umask=022; a1 C7 U. r5 z4 U6 p+ J
#
0 n" @ e6 o1 r; @# Uncomment this to allow the anonymous FTP user to upload files. This only
9 A( |' l& X8 C0 M# has an effect if the above global write enable is activated. Also, you will
/ z1 ~+ C5 D5 ?0 K8 v! _# obviously need to create a directory writable by the FTP user.) d4 l+ `- Y Y- m0 t& p7 _
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
$ n% {1 ` e T& U& I#anon_upload_enable=YES; C7 C. S8 [1 }# ?+ r0 c6 y
#
4 N1 h" f2 }; `+ z2 f, b1 E# Uncomment this if you want the anonymous FTP user to be able to create
$ y. b- o. M3 h8 M% w3 U( P# new directories.
1 W& d4 E8 }4 }/ w#anon_mkdir_write_enable=YES# w' {. Z3 ~7 M* S! `. }' Y" h9 c- b
#
+ c$ R1 T2 n' c+ W8 f) x# Activate directory messages - messages given to remote users when they0 p: z. @4 _8 X- E" G1 A u8 T- W* q
# go into a certain directory.
! x" y! e% U4 i; S. {% _dirmessage_enable=YES! R! b+ P+ I5 M% Q
#
F) w/ P) F; B5 e" J9 L- [( O) D# Activate logging of uploads/downloads.+ I: K- k( k1 P4 Y- h3 q7 R
xferlog_enable=YES
- J' k; p$ ^/ m- d#: W) c; o0 P" Z- i0 w, R% i* b
# Make sure PORT transfer connections originate from port 20 (ftp-data).% P4 u: }. N2 Z/ i( D# v
connect_from_port_20=YES8 Y& [) d* T& C5 |
#* k( z. h/ ?, c& E! s
# If you want, you can arrange for uploaded anonymous files to be owned by
& d$ C7 u' P U3 U6 r! d+ ^! z# a different user. Note! Using "root" for uploaded files is not# v( J7 N* @7 y" X, [* F |
# recommended!& M4 U- N5 a+ I0 V1 t6 S
#chown_uploads=YES- k* z, l5 ^5 \( p& L
#chown_username=whoever
. E ^ T8 s) A$ m& w, G#
s7 s0 L/ H+ l& }& ?% ^* v# You may override where the log file goes if you like. The default is shown% {& e5 g+ \/ x' h
# below.7 p, J+ I( S8 b" u0 Y
xferlog_file=/var/log/xferlog
W3 v: ^1 z% ~: G* ^; h/ \#
' [+ m5 o6 L9 U6 c: ]7 L# If you want, you can have your log file in standard ftpd xferlog format.$ C& f* [1 r! M2 m; l* C
# Note that the default log file location is /var/log/xferlog in this case.6 c6 v/ N3 R2 a/ q7 g
xferlog_std_format=YES( M6 i6 O4 y+ N2 m
#
& x: ^7 Y5 d8 M9 i0 H' m# You may change the default value for timing out an idle session.
6 Q* y* L: D. U#idle_session_timeout=600
) u% \7 }2 d. L1 p$ P* b#" D. D+ c& H: L' _
# You may change the default value for timing out a data connection.
7 V- t9 a0 [8 p/ L#data_connection_timeout=120
3 p$ _+ k, @5 X#
+ q; |5 J/ j0 @$ M# W# It is recommended that you define on your system a unique user which the6 G: z2 @; I- E* S9 k# E
# ftp server can use as a totally isolated and unprivileged user.8 I" S" Y. ^& J, X
#nopriv_user=ftpsecure
H/ S ]" }0 ]/ T) v#
1 S4 z2 T& k6 z$ I4 P; D7 q! C$ j# Enable this and the server will recognise asynchronous ABOR requests. Not2 _$ E! |2 l' W
# recommended for security (the code is non-trivial). Not enabling it,
" v4 Y1 R7 f- U# however, may confuse older FTP clients.
; l- S' N i# ^#async_abor_enable=YES
* J. V+ o# f, l1 S1 B#* b" ?0 D8 ?7 n4 S! H& P+ s
# By default the server will pretend to allow ASCII mode but in fact ignore% W) P/ j4 S5 P9 D- p3 `- J
# the request. Turn on the below options to have the server actually do ASCII v4 t- e. i8 x* n# o
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains r( W9 S% ~' r0 y) t+ U1 k+ g* g
# the behaviour when these options are disabled.
: j1 H" i- S1 ]& T# k% |! r8 g# Beware that on some FTP servers, ASCII support allows a denial of service8 m; Y+ [7 ]( R- X" R
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd, f. ^, z" }- h! ]. r, U/ t
# predicted this attack and has always been safe, reporting the size of the0 `( b; B3 @3 G' j+ T
# raw file.
( ^# @' v6 q! M* L/ A# ASCII mangling is a horrible feature of the protocol.
4 m3 b6 I! F. ^! ^9 Eascii_upload_enable=YES
/ [: E. n; \% tascii_download_enable=YES
- Y5 k9 j6 z, X) f4 O+ ]$ f## j0 h0 N# Z3 O# Z
# You may fully customise the login banner string:
% s s, ^" e. S#ftpd_banner=Welcome to blah FTP service.
' S% E, c* y+ l5 V$ s. |#
1 K6 d/ u, }/ ]' Y1 Q! V6 Y7 O- W# You may specify a file of disallowed anonymous e-mail addresses. Apparently. y+ l; T- t+ U0 n4 s& `6 T
# useful for combatting certain DoS attacks.4 R+ {8 s% w* E- [& \4 W9 m
#deny_email_enable=YES
. z! j( H9 G4 p6 ]8 r# (default follows)) ~" F0 j' b, l- M8 q m
#banned_email_file=/etc/vsftpd/banned_emails4 r5 T3 |" \! |7 M0 Z1 Q
#
+ R5 f1 g, u; o6 [# You may specify an explicit list of local users to chroot() to their home
2 w! k8 m9 B3 {) Z' P. @# directory. If chroot_local_user is YES, then this list becomes a list of# x l: P a. y8 M8 Y& r- F; `: {
# users to NOT chroot(). ]# s; O/ D* { p f, A7 @* Q9 x
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that+ X1 P0 i. t1 Q, D7 J: f& D* T+ u
# the user does not have write access to the top level directory within the# t7 h5 N) L2 ]
# chroot)/ [& C3 t( g! {: x
chroot_local_user=YES
" K9 J6 L4 {6 q# X6 [# I* m6 C#chroot_list_enable=YES+ E( p) s, e" F+ A
# (default follows)
! R8 X/ ~: r2 {, n#chroot_list_file=/etc/vsftpd/chroot_list- l# m$ P5 h3 i2 K5 i
#
_0 r" N' j/ X- M$ ?# You may activate the "-R" option to the builtin ls. This is disabled by
6 Z1 I8 R" C5 m) u# default to avoid remote users being able to cause excessive I/O on large
/ |9 i5 d6 [1 S1 t% O7 a. |: t# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
2 Z8 {: H" A H( C8 l# the presence of the "-R" option, so there is a strong case for enabling it.5 O) m8 W, u2 j( e
#ls_recurse_enable=YES6 U$ x' _2 a* N# W% k
#. q, H7 X7 @: }+ s
# When "listen" directive is enabled, vsftpd runs in standalone mode and+ ]. l9 l0 C! W T, q8 ]8 u
# listens on IPv4 sockets. This directive cannot be used in conjunction
8 ]2 N" I2 H/ w# with the listen_ipv6 directive.( m$ B1 O& I% `2 u3 p ]# M
listen=YES
7 {3 m7 I( K% H1 [2 dlisten_port=990
8 k2 `9 U b/ t! q8 O; dpasv_address=公网IP
& O y- L: o; r#
5 l2 E% Z* H3 d+ _' V/ k# This directive enables listening on IPv6 sockets. By default, listening: [, x7 Q' Q# e3 M- J7 x
# on the IPv6 "any" address (: will accept connections from both IPv66 s& D' u% a# p$ i, J( s
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv67 b8 j5 Z3 K7 m3 V! _. ~# C
# sockets. If you want that (perhaps because you want to listen on specific* t' S7 y: E2 [2 S
# addresses) then you must run two copies of vsftpd with two configuration- }; y& `5 Q1 v1 d7 M
# files.
6 z o/ I; L( T2 c# Make sure, that one of the listen options is commented !!
2 ~( G# ]+ g8 i5 K2 ylisten_ipv6=NO* [1 w1 S- z; l) J$ d- \
pam_service_name=vsftpd
$ O% k( }1 \4 J4 E" J( Puserlist_enable=NO1 I( t' \- @7 N# |# l0 |8 t3 Q
tcp_wrappers=YES
7 B0 g6 }& B! N. S1 qallow_writeable_chroot=YES5 w% K; a3 C- J! E" P$ r5 _( F1 C
userlist_file=/etc/vsftpd/userlist
e; q; Y; X; y" H5 X8 suserlist_deny=NO9 y* _+ K: i0 C7 O6 R
ssl_enable=YES
+ J- c# {2 w% Z1 c0 m" Wssl_tlsv1_2=YES
- X. X( p0 K' F* D# P$ n n9 v* gssl_sslv2=YES
% M+ B- W j, Z% A/ e2 ^ssl_sslv3=YES- B g2 \% u. Y* v
rsa_cert_file=/etc/ssl/private/vsftpd.pem2 q% F/ a# r# K% `9 P
rsa_private_key_file=/etc/ssl/private/vsftpd.pem) W$ S! R0 C; O3 z, Z: `
allow_anon_ssl=NO
8 h7 |7 \1 m/ g: d% T" t% P7 E: M1 Mforce_local_data_ssl=YES
% L, H* Z6 G( sforce_local_logins_ssl=YES0 p' o Q8 w* o+ C8 _2 g0 W
require_ssl_reuse=NO
7 J; e+ c. o$ o6 p7 Qssl_ciphers=HIGH
2 t; A" T7 s5 E9 O% O% timplicit_ssl=YES
6 U+ }2 s( S5 b- vftp_data_port=500006 R% I6 y: o3 x. u/ U, Y% l. {8 ^
pasv_enable=YES. ]3 @/ }) @0 o3 r* X% a
pasv_min_port=40000$ K0 r: `& Z C ^* M8 l
pasv_max_port=500009 e) T' P _* E* g5 I
port_enable=YES5 M o' ~2 v! N# J- \
debug_ssl=YES& ^1 S5 {' {+ e" h
pasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting
X$ D: G, q m( G: P6 f( @! G. w* r0 X2 t2 H" F& t" f/ W% T
* y5 g d/ S: m
不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完 1 _6 i7 G7 F" z5 w, A) N2 O+ R
|
|手机版|小黑屋|赛格电脑 华强北 电脑城 南山赛格 龙岗电子世界 龙华电脑城 沙井电脑城 松岗电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50