Day1-Ftp
day1
1. FTP搭建与访问
2. 启用用户禁锢,黑白名单
3. 使用FTP黑白名单
4. FTP并发入带宽限制
1. FTP搭建与访问
-
安装软件包
yum install vsftpd -y
-
启动服务
/etc/init.d/vsftpd start
chkconfig vsftpd on -
测试
[root@localhost ~]# ftp localhost
Trying ::1...
ftp: connect to address ::1拒绝连接
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
220 (vsFTPd 2.2.2)
Name (localhost:root): ftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> dir
227 Entering Passive Mode (127,0,0,1,45,157).
150 Here comes the directory listing.
drwxr-xr-x 2 0 0 4096 Apr 25 07:50 pub
226 Directory send OK.
ftp>
2. 启用用户禁锢,黑白名单
-
启用用户禁锢
-
禁锢前
[root@localhost ~]# ftp localhost
Trying ::1...
ftp: connect to address ::1拒绝连接
Connected to localhost (127.0.0.1).
220 (vsFTPd 2.2.2)
Name (localhost:root): lisi
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (127,0,0,1,204,55).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 16 Apr 25 07:52 lisi.txt
226 Directory send OK.
ftp> ls /etc/passwd
227 Entering Passive Mode (127,0,0,1,84,132).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 1442 Apr 27 03:03 passwd -
修改配置文件
vim /etc/vsftpd/vsftpd.conf
chroot_local_user=YES -
重新加载服务
/etc/init.d/vsftpd reload
-
验证
useradd lisi
echo 1 |passwd --stdin lisiftp 127.0.0.1
Connected to 127.0.0.1 (127.0.0.1).
220 (vsFTPd 2.2.2)
Name (127.0.0.1:root): lisi
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> dir
227 Entering Passive Mode (127,0,0,1,214,189).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 16 Apr 25 07:52 lisi.txt
226 Directory send OK.
ftp> cd /etc/
550 Failed to change directory.
3.使用FTP黑白名单
-
使用黑名单
[root@localhost ~]# echo lisi >>/etc/vsftpd/ftpusers
[root@localhost ~]# tail -1 /etc/vsftpd/ftpusers
lisi
ftp
/etc/init.d/vsftpd reload
[root@localhost ~]# ftp 127.0.0.1
Connected to 127.0.0.1 (127.0.0.1).
220 (vsFTPd 2.2.2)
Name (127.0.0.1:root): lisi
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.
ftp> //在黑名单,所有登陆失败 -
使用白名单
vim /etc/vsftpd/vsftpd.conf
userlist_deny=NO //仅允许列表中的用户
/etc/init.d/vsftpd reload -
清空原有记录,添加用户lisi
vim /etc/vsftpd/user_list
lisi
ftp
anonymous //添加匿名用户 -
删除黑名单的lisi
vim /etc/vsftpd/ftpuser
lisi -
测试
[root@localhost ~]# ftp localhost
Trying ::1...
ftp: connect to address ::1拒绝连接
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
220 (vsFTPd 2.2.2)
Name (localhost:root): ftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> dir
227 Entering Passive Mode (127,0,0,1,54,143).
150 Here comes the directory listing.
drwxr-xr-x 2 0 0 4096 Mar 22 2017 pub
226 Directory send OK.
ftp> exit
221 Goodbye.
4. FTP并发入带宽限制
max_clients:限制并发的客户端个数
max_per_ip:限制每个客户机IP的并发连接数
anon_max_rate:匿名最大速度(字节/秒)
local_max_rate:验证用户最大速率(字节/秒)
-
生成文件
cd /var/ftp/pub
dd if=/dev/zero of=123 bs=1M count=100 -
限制并发连接数
vim /etc/vsftpd/vsftpd.conf
max_clients=100
max_per_ip=2/etc/init.d/vsftpd reload
-
客户端测试
ftp localhost
Trying ::1...
ftp: connect to address ::1Connection refused
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
421 There are too many connections from your internet address. //连接限制超出 -
限制FTP传输速度
vim /etc/vsftpd/vsftpd.conf
anon_max_rate=5000
local_max_rate=500000/etc/init.d/vsftpd reload
-
测试
[root@localhost ~]# wget ftp://127.0.0.1/pub/123
--2018-04-27 14:57:43-- ftp://127.0.0.1/pub/123
=> “123”
正在连接 127.0.0.1:21... 已连接。
正在以 anonymous 登录 ... 登录成功!
==> SYST ... 完成。 ==> PWD ... 完成。
==> TYPE I ... 完成。 ==> CWD (1) /pub ... 完成。
==> SIZE 123 ... 104857600
==> PASV ... 完成。 ==> RETR 123 ... 完成。
长度:104857600 (100M) (非正式数据)100%[==========================================>] 104,857,600 244M/s in 0.4s
2018-04-27 14:57:44 (244 MB/s) - “123” 已保存 [104857600]
浙公网安备 33010602011771号