1、安装FTP
[root@localhost kristain]# rpm –qa | grep vsftpd ##检查是否已安装FTP [root@localhost kristain]# yum install vsftpd Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.163.com * extras: mirrors.163.com * updates: mirrors.163.com Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package vsftpd.i386 0:2.0.5-24.el5 set to be updated base/filelists | 3.0 MB 00:18 extras/filelists_db | 212 kB 00:01 updates/filelists_db | 497 kB 00:02 --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: vsftpd i386 2.0.5-24.el5 base 143 k Transaction Summary ================================================================================ Install 1 Package(s) Upgrade 0 Package(s) Total download size: 143 k Is this ok [y/N]: y Downloading Packages: vsftpd-2.0.5-24.el5.i386.rpm | 143 kB 00:00 warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID e8562897 base/gpgkey | 1.5 kB 00:00 Importing GPG key 0xE8562897 "CentOS-5 Key (CentOS 5 Official Signing Key) <centos-5-key@centos.org>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 Is this ok [y/N]: y Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing : vsftpd 1/1 Installed: vsftpd.i386 0:2.0.5-24.el5 Complete!
2、开启FTP方法:
1)、用ntsysv命令查看vsftp服务是否被选?未选空格选中后确定。
2)、注释掉/etc/vsftpd/ftpusers中的root或删除此行;
3)、注释掉/etc/vsftpd/user_list中的root或删除此行;
4)、执行命令 setsebool ftpd_disable_trans 1
5)、重启FTP服务#service vsftpd restart。
3、安装telnet
1、查看有没有安装telnet服务
rpm –qa|grep telnet #没有则找安装包进行安装
2、通过yum install安装Telnet程序
[root@kristain xinetd.d]# yum list telnet-server Loading "installonlyn" plugin Setting up repositories Reading repository metadata in from local files Available Packages telnet-server.i386 1:0.17-39.el5 base [root@kristain xinetd.d]# yum install telnet-server Loading "installonlyn" plugin Setting up Install Process Setting up repositories Reading repository metadata in from local files Parsing package install arguments Resolving Dependencies --> Populating transaction set with selected packages. Please wait. ---> Downloading header for telnet-server to pack into transaction set. telnet-server-0.17-39.el5 100% |=========================| 8.4 kB 00:01 ---> Package telnet-server.i386 1:0.17-39.el5 set to be updated --> Running transaction check Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: telnet-server i386 1:0.17-39.el5 base 35 k Transaction Summary ============================================================================= Install 1 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 35 k Is this ok [y/N]: y 选程Yes Downloading Packages: (1/1): telnet-server-0.17 100% |=========================| 24 kB 00:31 http://ftp.stu.edu.tw/Linux/CentOS/5.2/os/i386/CentOS/telnet-server-0.17-39.el5.i386.rpm: [Errno 4] Socket Error: timed out Trying other mirror. http://centos.cs.nctu.edu.tw/5.2/os/i386/CentOS/telnet-server-0.17-39.el5.i386.rpm: [Errno 4] IOError: <urlopen error (104, 'Connection reset by peer')>
Trying other mirror. (1/1): telnet-server-0.17 100% |=========================| 35 kB 00:00 Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing: telnet-server ######################### [1/1] Installed: telnet-server.i386 1:0.17-39.el5 Complete!
3、修改配置文件more /etc/xinetd.d/telnet
[root@kristain xinetd.d]# more telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = yes
}
将disable项由yes改成no。
4、重启服务生效
[root@kristain root]# service xinetd restart
或者[root@kristain root]# /etc/rc.d/init.d/xinetd restart #这个是比较正规的方法
Telnet root用户的登入
root 不能直接以 telnet 连接上主机。 telnet 不是很安全,默认的情况之下就是无法允许 root 以 telnet 登入 Linux 主机的 。若要允许root用户登入,可用下列方法
[root@kristain root]# vi /etc/pam.d/login
#auth required pam_securetty.so #将这一行加上注释!
或
# mv /etc/securetty /etc/securetty.bak
这样一来, root 将可以直接进入 Linux 主机。不过,建议不要这样做。还可以在普通用户进入后,切换到root用户,拥有root的权限
CentOS Linux防火墙配置及关闭
查看防火墙信息:
#/etc/init.d/iptables status
关闭防火墙服务:
#/etc/init.d/iptables stop
在开了root用户上传权限,也关了系统的防火墙,但ftp连接的时候依然还会出现 "500 OOPS:cannot change directory:/root" 错误,如何解决呢?
解决:
1、 查看 SELinux 的状态: sestatus -b | grep ftp 确切地说,只是查看了ftp的状态。
2、 在出现的结果中可以看到 ftp_home_dir off
tftpd_disable_trans off
之类。我们现在只要把其中之一设置为on就可以啦。
3、 setsebool -P ftpd_disable_trans on 或者 setsebool -P ftp_home_dir on
4、 重启vsftpd: service vsftpd restart
在/目录下新建一个文件cutemp,作为ftp上传临时文件,没法上传。解决方式如下:
修改:/etc/vsftpd/vsftpd.conf
anonymous_enable=YES local_enable=YES write_enable=YES local_umask=022 anon_upload_enable=YES anon_mkdir_write_enable=YES dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES chown_uploads=YES chown_username=samftp #chroot_list_enable=YES #chroot_list_file=/etc/vsftpd/chroot_list listen=YES pam_service_name=vsftpd userlist_enable=YES userlist_deny=NO userlist_file=/etc/vsftpd/user_list tcp_wrappers=YES
再设置:setsebool allow_ftpd_full_access on
service vsftpd restart
如果出现“550 create directory operation failed”
是SELinux(Security-Enhanced Linux----是美国国家安全局对于强制访问控制的实现, 是Linux 上最杰出的新安全子系统.)安装机制搞的鬼.只要disable SELinux就可以了.
