본문 바로가기
해봐야 안다.OTL/Linux

[리눅스] proftpd

조정현 2009. 11. 19. 17:25

<proftpd>

 

Proftpd는 [Sendmail 서버]에 설치

 

#mkdir /usr/local/src/proftp

#cd /usr/local/src/proftp

 

[root@woo:/usr/local/src/proftp/proftpd-1.3.2b]#./configure --prefix=/usr/local/ftp

--with-modules=mod_tls --enable-autoshadow --enable-shadow

[root@woo:/usr/local/src/proftp/proftpd-1.3.2b]# #make && make install

--


 [root@woo:/usr/local/src/proftp/proftpd-1.3.2b]#./proftpd –l    --> 컴파일된 모듈보기

Compiled-in modules:

mod_core.c

mod_xfer.c

mod_auth_unix.c

mod_auth_file.c

mod_auth.c

mod_ls.c

mod_log.c

mod_site.c

mod_delay.c

mod_facts.c

mod_ident.c

mod_auth_pam.c

mod_cap.c




[root@woo:~]#proftpd –vv   --> 로드된 모듈보기

ProFTPD Version: 1.3.2b (maint)

Scoreboard Version: 01040002

Built: Wed Oct 28 11:38:20 KST 2009

Loaded modules:

mod_cap/1.0

mod_auth_pam/1.1

mod_ident/1.0

mod_facts/0.1

mod_delay/0.6

mod_site.c

mod_log.c

mod_ls.c

mod_auth.c

mod_auth_file/0.8.3

mod_auth_unix.c

mod_xfer.c

mod_core.c


--

[root@woo:/usr/local/src/proftp/proftpd-1.3.2b]#./proftpd -v

ProFTPD Version 1.3.2b

 

[root@woo:/]#useradd –M –s /bin/false –c "Ftp Daemon" ftpuser

[root@woo:/]#cat /etc/passwd |grep ftpuser

ftpuser:x:513:513:FTP Deamon:/home/ftpuser:/bin/false

 

[root@woo:/]#cat /etc/shadow |grep ftpuser

ftpuser:!!:14545:0:99999:7:::

[root@woo:/]#cat /etc/group |grep ftpuser

ftpuser:x:513:

 

[root@woo:/]#cd /usr/local/ftp/sbin/

 

[root@woo:/usr/local/ftp/sbin]#ls

ftpshut in.proftpd proftpd

--

[root@woo:/usr/local/ftp/sbin]#cd ../etc

[root@woo:/usr/local/ftp/etc]#ls

proftpd.conf

[root@woo:/usr/local/src/proftp/proftpd-1.3.2b]#./proftpd -td5

Checking syntax of configuration file

- using TCP receive buffer size of 87380 bytes

- using TCP send buffer size of 16384 bytes

- disabling runtime support for IPv6 connections

- Fatal: Group: Unknown group 'nogroup' on line 30 of '/usr/local/ftp/etc/proftpd.conf'

à proftpd.conf 를 수정해준다.

--

[root@woo:/usr/local/ftp/etc]#vi proftpd.conf

6 ServerName "Secure FTPD"

9 RootLogin off

11 <Limit LOGIN>

12 Oreder deny,allow

13 Deny from 192.168.1. 추가 입력

14 Allow from all

15 Allowuser usera

16 Allowuser userb

17 DenyAll

18 </Limit>

19 #Download Limit size

20 MaxretrievefilwSize 10 Mb

21 추가 입력

22 #Upload Limit size

23 MaxstorefileSize 10 Mb

24 #ServerIdent on "My FTP Server!!"

29 #Warning MSG for connect

30 DisplayConnect /etc/warning.txt 추가 입력

32 ExtendedLog /var/log/ftp.log auth,read,write 추가 입력

80 DisplayLogin welcome.msg

81 AccessGrantMsg " Welcome %u sama!!!"

82 AccessDenyMsg "Hey %u Are u kidding me!!" 빨간색 두줄 만 추가

83 DisplayChdir .message

--

[root@woo:/usr/local/ftp/etc]#cd ../sbin/

[root@woo:/usr/local/ftp/sbin]#./proftpd -td5

Checking syntax of configuration file

- using TCP receive buffer size of 87380 bytes

- using TCP send buffer size of 16384 bytes

- disabling runtime support for IPv6 connections

woo.cho.iss -

woo.cho.iss - Config for kkk:

woo.cho.iss - ~ftp/

woo.cho.iss - Limit

woo.cho.iss - DenyAll

woo.cho.iss - UserName

woo.cho.iss - GroupName

woo.cho.iss - UserAlias

woo.cho.iss - MaxClients

woo.cho.iss - DisplayLogin

woo.cho.iss - DisplayChdir

woo.cho.iss - Umask

woo.cho.iss - AllowOverwrite

woo.cho.iss - Limit

woo.cho.iss - DenyAll

woo.cho.iss - DefaultServer

woo.cho.iss - Umask

woo.cho.iss - UserID

woo.cho.iss - UserName

woo.cho.iss - GroupID

woo.cho.iss - GroupName

woo.cho.iss - AllowOverwrite

Syntax check complete.

혹시 에러나면 복사해서 붙여넣라

<proftpd.conf 전체 파일 보기>

--

[root@jh:/etc]#vi warnning.txt

####################################

# S E C U R E F T P D #

####################################

[root@jh:/etc]#vi welcome.msg

#########################################

# welcome to my secure ftp!!!! #

#########################################

--

[root@jh:/etc]#ln -s /usr/local/ftp/sbin/proftpd /usr/sbin/

[root@jh:/etc]#pro à ("탭" "탭")키를 눌러서 PATH가 제대로 된 것을 확인

procmail profiles proftpd protoize prove

[root@jh:/etc]#touch /var/log/ftp.log

[root@jh:/etc]#chown ftpuser.ftpuser /var/log/ftp.log

[root@jh:/etc]#chmod 600 /var/log/ftp.log

[root@jh:/etc]#proftpd &

[3] 6428

[엔터]

[3]+ Done proftpd

--

[root@jh:/etc]#ftp localhost

Connected to jh.sung.iss.

220 127.0.0.1 FTP server ready

500 AUTH not understood

500 AUTH not understood

KERBEROS_V4 rejected as an authentication type

Name (localhost:root): root

331 Password required for root

Password:

530 Login incorrect.

Login failed.

Remote system type is UNIX.

Using binary mode to transfer files.

루트를 막아놔서 로그인이 안돼는 걸 확인할 수 있다.

--

<인증서 생성>

[root@jh:/etc]#cd /usr/local/ftp/

[root@jh:/usr/local/ftp]#mkdir pki

[root@jh:/usr/local/ftp]#cd pki/

[root@jh:/usr/local/ftp/pki]#openssl req -new >proftp.csr

Generating a 1024 bit RSA private key

........................++++++

..................................................................................++++++

writing new private key to 'privkey.pem'

Enter PEM pass phrase: 비밀번호 설정

Verifying - Enter PEM pass phrase: 비밀번호 설정

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [GB]:KR

State or Province Name (full name) [Berkshire]:SEOUL

Locality Name (eg, city) [Newbury]:SEOUL

Organization Name (eg, company) [My Company Ltd]:ITHRD


Organizational Unit Name (eg, section) []:Security

Common Name (eg, your name or your server's hostname) []:ftp.sung.iss

Email Address []:usera@sung.iss

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:






--

[root@jh:/usr/local/ftp/pki]#ls

privkey.pem proftp.csr

[root@jh:/usr/local/ftp/pki]#openssl rsa -in privkey.pem -out proftp.cert.key

Enter pass phrase for privkey.pem: 위에서 설정한 비밀번호 입력

writing RSA key

[root@jh:/usr/local/ftp/pki]#ls

privkey.pem proftp.cert.key proftp.csr

[root@jh:/usr/local/ftp/pki]#openssl x509 -in proftp.csr -out proftp.crt -req -signkey proftp.cert.key -days 365

Signature ok

subject=/C=KR/ST=SEOUL/L=SEOUL/O=ITHRD/OU=Security/CN=ftp.sung.iss/emailAddress=usera

usera@sung.iss

Getting Private key

--

 [root@jh:/usr/local/ftp/pki]#ls

privkey.pem proftp.cert.key proftp.crt proftp.csr

[root@jh:/usr/local/ftp/pki]#cd ..

[root@jh:/usr/local/ftp]#cd etc/

[root@jh:/usr/local/ftp/etc]#vi proftpd.conf

93 <IfModule mod_tls.c>

94 TLSEngine on

95 TLSRequired on

96 TLSLog /var/log/ftp-tls.log 맨밑에 추가 입력

97 TLSProtocol TLSv1

98 TLSRSACertificateFile /usr/local/ftp/pki/proftp.crt

99 TLSRSACertificateKeyFile /usr/local/ftp/pki/proftp.cert.key

100 </IfModule>


[root@jh:/usr/local/ftp/pki]#proftpd &

[27] 7216

[27] Done proftpd

[root@jh:/usr/local/ftp/pki]#ftp localhost

Connected to jh.sung.iss.

220-####################################

#    S E C U R E F T P D #

######################################

220 127.0.0.1 FTP server ready

500 AUTH not understood

500 AUTH not understood

KERBEROS_V4 rejected as an authentication type

Name (localhost:root): usera

550 SSL/TLS required on the control channel

Login failed.

Remote system type is UNIX.

Using binary mode to transfer files.


--

http://filezilla-project.org/download.php?type=client

 

 

 

설치 끝

실행화면

 

 

'해봐야 안다.OTL/Linux' Related Articles

티스토리툴바