# cat /etc/redhat-release
CentOS Linux release 8.4.2105
============================
安裝、啟用
============================
//-h, --help, --help-cmd
# dnf list -h
列出軟體包中的軟體包或群組
General DNF options:
...
List command-specific options:
--all 顯示所有軟體包(預設值)
--available 只顯示可用的軟體包
--installed 只顯示已安裝的軟體包
--extras 只顯示附加的軟體包
--updates 只顯示要升級的軟體包
--upgrades 只顯示要升級的軟體包
--autoremove 只顯示要被自動移除的軟體包
--recent 只顯示最近變動的軟體包
PACKAGE 軟體包名稱規格
# dnf list | grep vsftpd
vsftpd.x86_64 3.0.3-33.el8 appstream
# dnf -y install vsftpd
...
已安裝:
vsftpd-3.0.3-33.el8.x86_64
# dnf list installed | grep vsftpd
vsftpd.x86_64 3.0.3-33.el8 @appstream
# rpm -qa| grep vsftpd
vsftpd-3.0.3-33.el8.x86_64
# vi /etc/vsftpd/vsftpd.conf
...
chroot_local_user=YES //enable
...
# ls /usr/sbin | grep vsftpd
vsftpd
# ls /usr/lib/systemd/system | grep vsftpd
vsftpd.service
vsftpd@.service
vsftpd.target
# ls /etc/vsftpd
ftpusers user_list vsftpd.conf vsftpd_conf_migrate.sh
# ls /var/ftp
pub
# systemctl start vsftpd.service //restart
# systemctl enable vsftpd.service
Created symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service → /us r/lib/systemd/system/vsftpd.service.
# systemctl status vsftpd
● vsftpd.service - Vsftpd ftp daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; disabled; vendor pre>
Active: active (running) since Mon 2021-10-25 14:40:02 CST; 55s ago
Process: 10077 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exite>
# systemctl | grep vsftpd
vsftpd.service loaded active running Vsftpd ftp daemon
# ps -aux | grep vsftpd
root 10078 0.0 0.0 27056 416 ? Ss 14:40 0:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
root 10144 0.0 0.0 12136 1120 pts/0 S+ 14:45 0:00 grep --color=auto vsftpd
============================
防火牆
============================
# firewall-cmd --state
running
# firewall-cmd --get-zones
block dmz drop external home internal nm-shared public trusted work
# firewall-cmd --get-active-zone
public
interfaces: ens160
# firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
# firewall-cmd --get-services | grep ftp
... freeipa-replication freeipa-trust ftp galera ganglia-client ganglia-master git grafana gre high-availability http https imap imaps ipp ipp-client
...
# firewall-cmd --permanent --zone=public --add-service=ftp
success
# firewall-cmd --reload
success
# firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client ftp ssh
...
============================
安全增強型Linux(Security-Enhanced Linux)簡稱SELinux
============================
此似乎不用!
============================
新增使用者、使用測試
============================
# useradd s317
# passwd s317
更改使用者 s317 的密碼。
新 密碼:1234
...
# cat /etc/group
...
s317:x:1000:
# cat /etc/passwd
...
s317:x:1000:1000::/home/s317:/bin/bash
# cat /etc/shadow
...
s317:$6$tXTfrXFxa8Dh.Vrb$CG80j89DvfZQUtJTIgfEh.50QP8WED1jSKRiQe.tK08Wrgkt.HxYArGcqGuiLkrqUZgbGiXQ8h8GwQvC1Tgsz0:18948:0:99999:7:::
# ls -l /home
drwx------. 2 s317 s317 62 11月 17 11:05 s317
# id s317
uid=1000(s317) gid=1000(s317) groups=1000(s317)
[root@centos ~]# su -l s317
[s317@centos ~]$ mkdir {01..40}
[s317@centos ~]$ ls
01 04 07 10 13 16 19 22 25 28 31 34 37 40
02 05 08 11 14 17 20 23 26 29 32 35 38
03 06 09 12 15 18 21 24 27 30 33 36 39
[s317@centos ~]$ su
密碼:
[root@centos s317]# cd
[root@centos ~]#
# lsattr /home
-------------------- /home/s317
# chattr +a -R /home/s317
# lsattr /home
-----a-------------- /home/s317
檔案總管-->網址列
ftp://s317@172.31.147.99/40
pwd: 1234
登入有錯
500 OOPS: vsftpd: refusing to run with writable root inside chroot()
# vi /etc/vsftpd/vsftpd.conf
...
chroot_local_user=YES //enable
allow_writeable_chroot=YES //新加此行
...
# systemctl restart vsftpd.service
可新增文件,但中文檔名亂碼!
因為 windows10 的檔名中文編碼預設為 gbk,而linux中預設檔名編碼為utf8,由於編碼不一致,所以導致了檔名亂碼的問題
建議使用 FileZilla Client 傳輸檔案
FileZilla_3.56.2_win64_sponsored2-setup 下載安裝
檔案 --> 站台管理員 --> 新增站台 --> 主機:172.31.145.99 --> 使用者:317 --> 密碼:1234 --> 字元集 -->強制使用 UTF-8
# ps aux | grep s317
s317 1838 0.0 0.2 77464 4572 ? S 16:04 0:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
root 1842 0.0 0.0 12136 1040 pts/0 S+ 16:04 0:00 grep --color=auto s317
# kill -9 1838 //送出 kill ,訊號9,強制結束該行程 //??pietty 連線會中斷
# ps aux | grep s317
root 1844 0.0 0.0 12136 1068 pts/0 S+ 16:06 0:00 grep --color=auto s317
# userdel -rf s317
# cat /etc/group
root:x:0:
bin:x:1:
daemon:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mem:x:8:
kmem:x:9:
wheel:x:10:
cdrom:x:11:
mail:x:12:
man:x:15:
dialout:x:18:
floppy:x:19:
games:x:20:
tape:x:33:
video:x:39:
ftp:x:50:
lock:x:54:
audio:x:63:
users:x:100:
nobody:x:65534:
dbus:x:81:
utmp:x:22:
utempter:x:35:
input:x:999:
kvm:x:36:
render:x:998:
systemd-journal:x:190:
systemd-coredump:x:997:
systemd-resolve:x:193:
tss:x:59:
polkitd:x:996:
ssh_keys:x:995:
unbound:x:994:
sssd:x:993:
chrony:x:992:
sshd:x:74:
# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
systemd-coredump:x:999:997:systemd Core Dumper:/:/sbin/nologin
systemd-resolve:x:193:193:systemd Resolver:/:/sbin/nologin
tss:x:59:59:Account used for TPM access:/dev/null:/sbin/nologin
polkitd:x:998:996:User for polkitd:/:/sbin/nologin
unbound:x:997:994:Unbound DNS resolver:/etc/unbound:/sbin/nologin
sssd:x:996:993:User for sssd:/:/sbin/nologin
chrony:x:995:992::/var/lib/chrony:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
# cat /etc/shadow
root:$6$0Krx6tdRpUj4JFE3$FLoaaQX4f30/sad5y7ezYrYQxK5Ubej.voRHptAn53Q42iuvkWH/zpE/RtDsvn4luxiXdnAmNpUGgUuxQoL8S1::0:99999:7:::
bin:*:18397:0:99999:7:::
daemon:*:18397:0:99999:7:::
adm:*:18397:0:99999:7:::
lp:*:18397:0:99999:7:::
sync:*:18397:0:99999:7:::
shutdown:*:18397:0:99999:7:::
halt:*:18397:0:99999:7:::
mail:*:18397:0:99999:7:::
operator:*:18397:0:99999:7:::
games:*:18397:0:99999:7:::
ftp:*:18397:0:99999:7:::
nobody:*:18397:0:99999:7:::
dbus:!!:18915::::::
systemd-coredump:!!:18915::::::
systemd-resolve:!!:18915::::::
tss:!!:18915::::::
polkitd:!!:18915::::::
unbound:!!:18915::::::
sssd:!!:18915::::::
chrony:!!:18915::::::
sshd:!!:18915::::::
# ls -l /home
總計 0
# dnf -y remove vsftpd
# dnf list installed | grep vsftpd
沒有留言:
張貼留言