CentOS 7 FTP 간단 설정

안녕하세요.

JP-Hosting 입니다.

오늘은 CentOS7 에서 쉽고 빠르게 FTP설정하는 법을 설명해드리려고 합니다.

  • 테스트환경은 Centos 7.8 버전입니다.


[root@localhost ~]# rpm -qa *-release 
centos-release-7-8.2003.0.el7.centos.x86_64

  • 설치되었는지 확인


[root@localhost ~]# cd /etc/vsftpd -> ls
-bash: cd: /etc/vsftpd: No such file or directory

  • vsftpd 설치


[root@localhost ~]# yum install vsftpd
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: ty1.mirror.newmediaexpress.com
* extras: ty1.mirror.newmediaexpress.com
* updates: ty1.mirror.newmediaexpress.com
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
updates/7/x86_64/primary_db | 2.1 MB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:3.0.2-27.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

============================================================================================================================================
Package Arch Version Repository Size
============================================================================================================================================
Installing:
vsftpd x86_64 3.0.2-27.el7 base 172 k

Transaction Summary
============================================================================================================================================
Install 1 Package

Total download size: 172 k
Installed size: 353 k
Is this ok [y/d/N]:Y

Downloading packages:
vsftpd-3.0.2-27.el7.x86_64.rpm | 172 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : vsftpd-3.0.2-27.el7.x86_64 1/1
Verifying : vsftpd-3.0.2-27.el7.x86_64 1/1

Installed:
vsftpd.x86_64 0:3.0.2-27.el7

Complete!

  • vsftpd 설치 확인


[root@localhost ~]# cd /etc/vsftpd
[root@localhost vsftpd]# ls
ftpusers user_list vsftpd.conf vsftpd_conf_migrate.sh

  • vsftpd 설정 파일 백업


[root@localhost vsftpd]# cp vsftpd.conf vsftpd.conf.bak
[root@localhost vsftpd]# ls
ftpusers user_list vsftpd.conf vsftpd.conf.bak vsftpd_conf_migrate.sh

  • vsftpd 설정파일 수정
  • 서비스 재시작
  • 재부팅시 자동실행되게 등록


[root@localhost vsftpd]# vi vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/xferlog
xferlog_std_format=YES
chroot_local_user=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

[root@localhost vsftpd]# systemctl restart vsftpd
[root@localhost vsftpd]# chkconfig vsftpd on
Note: Forwarding request to 'systemctl enable vsftpd.service'.
Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.



[root@localhost vsftpd]# vi /etc/sysconfig/iptables
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

[root@localhost vsftpd]# systemctl restart iptables

-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT

위 두줄을 추가하였습니다.

  • selinux 비활성화


[root@localhost vsftpd]# vi /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

  • root 접속가능하게 설정


[root@localhost vsftpd]# vi /etc/vsftpd/user_list
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
#root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody

[root@localhost vsftpd]# vi /etc/vsftpd/ftpusers
# Users that are not allowed to login via ftp
#root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody

  • root 앞에 #으로 주석처리를 해줍니다.
  • 각 파일에 들어가있는 내용으로는 로그인을 할수없게 막아둔거라 보면 됩니다.

  • FTP 접속확인 (cmd로 테스트)

이상으로, 오늘은 CentOS7 에서 간단하게 FTP 설정하는 방법을 소개하였습니다.

유익한 정보가 되었으면 좋겠습니다.