Linux网络办理之六:vsftpd-2.0.5源代码装置和PAM运用51CTO博客 - 威尼斯人

Linux网络办理之六:vsftpd-2.0.5源代码装置和PAM运用51CTO博客

2019年02月20日09时02分55秒 | 作者: 凯时 | 标签: 装置,文件,用户 | 浏览: 294

[root@AS4 ~]# rpm -qa | grep vsftpd vsftpd-2.0.1-5.EL4.3 [root@AS4 ~]# rpm -e vsftpd-2.0.1-5.EL4.3   -先删去本来的版别 -  [root@AS4 src]# pwd /usr/src [root@AS4 src]# ls kernels  redhat  vsftpd-2.0.5.tar.gz  下载的源代码文件= 一、解压:   [root@AS4 src]# tar xvzf vsftpd-2.0.5.tar.gz        -解压下载的源文件 vsftpd-2.0.5/ vsftpd-2.0.5/oneprocess.h vsftpd-2.0.5/ipaddrparse.h …… vsftpd-2.0.5/BENCHMARKS vsftpd-2.0.5/features.h 二、检查装置阐明,作好相应的准备工作:   [root@AS4 src]# cd vsftpd-2.0.5 [root@AS4 vsftpd-2.0.5]# more INSTALL      -检查装置帮助文件 INSTALL =   This file details how to build and install / run vsftpd from the vsftpd distribution .tar.gz file.   Step 1) Build vsftpd.   Switch to the directory created when you unpacked the vsftpd .tar.gz file. e.g.:   cd vsftpd-1.1.2   edit "builddefs.h" to handle compile-time settings (tcp_wrappers build,ssl,etc).   Just type "make" (and mail me to fix it if it doesnt build ;-). This should produce you a vsftpd binary. You can test for this, e.g.:   [chris@localhost vsftpd]$ ls -l vsftpd -rwxrwxr-x  1 chris  chris   61748 Sep 27 00:26 vsftpd  编译后发生的二进制文件   Step 2) Satisfy vsftpd pre-requisites 2a) vsftpd needs the user "nobody" in the default configuration. Add this user in case it does not already exist. e.g.:   [root@localhost root]# useradd nobody useradd: user nobody exists   2b) vsftpd needs the (empty) directory /usr/share/empty in the default configuration. Add this directory in case it does not already exist. e.g.:   [root@localhost root]# mkdir /usr/share/empty/ mkdir: cannot create directory `/usr/share/empty: File exists   2c) For anonymous FTP, you will need the user "ftp" to exist, and have a valid home directory (which is NOT owned or writable by the user "ftp"). The following commands could be used to set up the user "ftp" if you do not have one:   [root@localhost root]# mkdir /var/ftp/ [root@localhost root]# useradd -d /var/ftp ftp   (the next two are useful to run even if the user "ftp" already exists). [root@localhost root]# chown root.root /var/ftp [root@localhost root]# chmod og-w /var/ftp   Step 3) Install vsftpd config file, executable, man page, etc.   Running "make install" will try to copy the binary, man pages, etc. to somewhere sensible. ……略…… You have new mail in /var/spool/mail/root = 创立必要的帐号和目录:   [root@AS4 ~]# useradd nobody useradd: user nobody exists [root@AS4 ~]# mkdir /usr/share/empty mkdir: cannot create directory `/usr/share/empty: File exists [root@AS4 ~]# mkdir /var/ftp mkdir: cannot create directory `/var/ftp: File exists [root@AS4 ~]# useradd -d /var/ftp ftp useradd: user ftp exists [root@AS4 ~]# chown root:root /var/ftp [root@AS4 ~]# chmod og-w /var/ftp   三、编译和装置   1、依据阐明文档,首先要修正一下 builddefs.h 文件。咱们来看看他默许的选项都有什么,然后把需求的功用前面的undef 改成define,然后编译就能够用了。   [root@AS4 vsftpd-2.0.5]# cat builddefs.h #ifndef VSF_BUILDDEFS_H #define VSF_BUILDDEFS_H   #undef VSF_BUILD_TCPWRAPPERS #define VSF_BUILD_PAM #undef VSF_BUILD_SSL   #endif /* VSF_BUILDDEFS_H */   咱们经过上面代码咱们能够看到,ftp验证是经过pam方法来验证的,这是一种虚拟用户登录ftp的验证方法。这是vsftpd的一个安全的手法,经过pam方法,本地用户是没有办法登录到ftp上(但匿名ftp是能登录),这在事实上增强了体系的安全。   2、编译装置:   [root@AS4 vsftpd-2.0.5]# make;make install gcc -c main.c -O2 -Wall -W -Wshadow  -idirafter dummyinc …… gcc -o vsftpd main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o tunables.o ftpdataio.o …… ipaddrparse.o access.o features.o readwrite.o ssl.o sysutil.o sysdeputil.o -Wl,-s `./vsf_findlibs.sh` if [ -x /usr/local/sbin ]; then \         install -m 755 vsftpd /usr/local/sbin/vsftpd; \ else \         install -m 755 vsftpd /usr/sbin/vsftpd; fi …… if [ -x /etc/xinetd.d ]; then \         install -m 644 xinetd.d/vsftpd /etc/xinetd.d/vsftpd; fi   3、验证成果   1)检查一下make installmake编译好的二进制文件装置到了那个目录。 [root@AS4 ~]# which vsftpd   /usr/local/sbin/vsftpd   2)检查一下vsftpd的依靠库(如果您发现vsftpd所依靠的库有libpam的行,这阐明您所编译的仍是经过pam验证登录。) [root@AS4 vsftpd-2.0.5]# ldd vsftpd         libwrap.so.0 => /usr/lib/libwrap.so.0 (0x03db6000)         libnsl.so.1 => /lib/libnsl.so.1 (0x00175000)         libpam.so.0 => /lib/libpam.so.0 (0x00b4b000)   经过PAM进行验证         libdl.so.2 => /lib/libdl.so.2 (0x0088f000)         libresolv.so.2 => /lib/libresolv.so.2 (0x009dd000)         libutil.so.1 => /lib/libutil.so.1 (0x003b9000)         libcap.so.1 => /lib/libcap.so.1 (0x00111000)         libc.so.6 => /lib/tls/libc.so.6 (0x00763000)         libaudit.so.0 => /lib/libaudit.so.0 (0x00b6c000)         /lib/ld-linux.so.2 (0x0074a000)   4、要仿制一些文件曩昔   [root@AS4 vsftpd-2.0.5]# cp vsftpd.conf /etc [root@AS4 vsftpd-2.0.5]# cp vsftpd /usr/sbin [root@AS4 vsftpd-2.0.5]# cp RedHat/vsftpd.pam /etc/pam.d/ftp  用于pam认证的文件   四、制造/etc/vsftpd.conf   [root@AS4 vsftpd-2.0.5]# cp /etc/vsftpd.conf /etc/vsftpd.confBAK 在最终一行增加listen=YES   使效劳器能够独立运转   [root@AS4 vsftpd-2.0.5]# /usr/local/sbin/vsftpd &  -效劳后台运转并将控制台交还咱们 [1] 3170                          可把这一句写到/etc/rc.local文件中。 [root@AS4 vsftpd-2.0.5]# netstat -tnl | grep :21      可见已开端在21端口进行侦听 tcp        0      0 0.0.0.0:21                  0.0.0.0:*                   LISTEN  = 五、测验   [root@AS4 ~]# ftp localhost Connected to AS4.SKY.COM. 220 (vsFTPd 2.0.5) 530 Please login with USER and PASS. 530 Please login with USER and PASS. KERBEROS_V4 rejected as an authentication type Name (localhost:root):anonymous         -匿名登录 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (127,0,0,1,132,192) 150 Here comes the directory listing. drwxr-xr-x    2 0        0            4096 Apr 09 09:15 pub -rw-rr    1 0        0               7 Apr 09 09:15 t1.txt -rw-rr    1 0        0               7 Apr 09 09:15 t2.txt 226 Directory send OK. ftp> bye 221 Goodbye. 六、树立虚拟帐号   因为ftp选用在网上以明文方法传送用户名和口令,这样帐号简单被盗取。为了避免因帐号的原因导致FTP效劳器自身遭到安全要挟,咱们能够树立虚拟用户进行登录拜访。   1、  树立虚拟帐号 [root@AS4 ~]# vi /home/vuser.txt jack 123 bob 123 [root@AS4 ~]# id jack id: jack: No such user     可见体系中无此用户,其为虚拟用户 [root@AS4 ~]# id bob id: bob: No such user   2、  为虚拟用户树立数据库文件 [root@AS4 ~]# db_load -T -t hash -f /home/vuser.txt /etc/vsftpd_login.db [root@AS4 ~]# chmod 600 /etc/vsftpd_login.db   3、  修正/etc/pam.d/ftp文件 禁掉原文件中一切行,增加以下两行: auth        required    pam_userdb.so db=/etc/vsftpd_login account     required    pam_userdb.so db=/etc/vsftpd_login   4、  为虚拟用户创立映射帐号和登录主目录 [root@AS4 ~]# useradd vuser      -创立帐号一起主动在/home下创立vuser目录 [root@AS4 ~]# cp /etc/group /home/vuser     -拷一个文件进入这个目录   5、修正配置文件 [root@AS4 ~]# vi /etc/vsftpd.conf # Example config file /etc/vsftpd.conf …… # Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=NO       制止与匿名相关的一切项 # # Uncomment this to allow local users to log in. local_enable=YES write_enable=NO # # Uncomment this to allow the anonymous FTP user to upload files. This only ……省掉部分悉数默许…… #ls_recurse_enable=YES guest_enable=YES                                             -增加此行 guest_username=vuser                                   -增加此行 listen=YES   6、测验   [root@AS4 ~]# ftp localhost Connected to AS4.SKY.COM. 220 (vsFTPd 2.0.5) 530 Please login with USER and PASS. 530 Please login with USER and PASS. KERBEROS_V4 rejected as an authentication type Name (localhost:root): anonymous 331 Please specify the password. Password: 530 Login incorrect. Login failed.                 -匿名登录失利 ftp> use (username) jack              虚拟用户登录 331 Please specify the password. Password: 230 Login successful.          登录成功 ftp> ls 227 Entering Passive Mode (127,0,0,1,226,167) 150 Here comes the directory listing. 226 Transfer done (but failed to open directory).    看不到文件列表,因虚拟用户进入后并没有vuser的悉数权限,实际上仍是匿名用户权限 ftp> get .bashrc                              测验一下可否下载 local: .bashrc remote: .bashrc 227 Entering Passive Mode (127,0,0,1,60,181) 150 Opening BINARY mode data connection for .bashrc (124 bytes). WARNING! 8 bare linefeeds received in ASCII mode File may not have transferred correctly. 226 File send OK.                              能够下载 124 bytes received in 0.005 seconds (24 Kbytes/s)   7、让虚拟用户能够看到文件列表   [root@AS4 ~]# ls -ld /home/vuser drwx  3 vuser vuser 4096 Apr 10 19:54 /home/vuser   其它用户和组没有权限 [root@AS4 ~]# chmod o+r /home/vuser [root@AS4 ~]# cp /etc/group /home/vuser   8、再进行测验   [root@AS4 ~]# ftp localhost Connected to AS4.SKY.COM. 220 (vsFTPd 2.0.5) 530 Please login with USER and PASS. 530 Please login with USER and PASS. KERBEROS_V4 rejected as an authentication type Name (localhost:root): jack 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (127,0,0,1,122,110) 150 Here comes the directory listing. -rw-rr    1 0        0             710 Apr 10 12:22 group     看到文件列表了 226 Directory send OK. ftp>ftp> quit 221 Goodbye.   9、在Windows客户端进行拜访 1)翻开浏览器,输入[url]ftp://10.0.0.254[/url],并按要求输入用户名和口令。如下图所示:   2)拜访成果如下:  
版权声明
本文来源于网络,版权归原作者所有,其内容与观点不代表威尼斯人立场。转载文章仅为传播更有价值的信息,如采编人员采编有误或者版权原因,请与我们联系,我们核实后立即修改或删除。

猜您喜欢的文章