1. 인증서 발생
# openssl req -x509 -days 3650 -newkey rsa:2048 -nodes -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem
3650 = 10년짜리 인증서
Country Name (2 letter code) [AU]:KO # country
State or Province Name (full name) [Some-State]:SEOUL # State
Locality Name (eg, city) []:Kang-Nam # city
Organization Name (eg, company) [Internet Widgits Pty Ltd]:GTS # company
Organizational Unit Name (eg, section) []:Server World # department
Common Name (eg, YOUR name) []:www.srv.world # server's FQDN
Email Address []:root@srv.world # admin's email
2. vsftpd 설정
#vi /etc/vsftpd/vsftpd.conf
listen_port=21
ftp_data_port=20
anonymous_enable=NO
#chroot_local_user=YES << 이거 넣고 2시간 헤맴 :: socket error 10054 에러!!
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/xferlog
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
ssl_enable=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem << 인증서 위치
force_local_logins_ssl=YES
force_local_data_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
allow_anon_ssl=NO
pasv_enable=YES
pasv_min_port=50000
pasv_max_port=54000
3. 방화벽에서 포트 설정
#firewall-cmd --permanent --zone=public --add-port=20/tcp
#firewall-cmd --permanent --zone=public --add-port=50000-54000/tcp
#firewall-cmd --reload
#firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp4s0
sources:
services: ssh http https ftp
ports: 20/tcp 50000-54000/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
'it' 카테고리의 다른 글
| rocky linux 9 npm 설치 가이드 (0) | 2022.11.12 |
|---|---|
| Python 3.8 pyQt5 및 Designer 설치 방법 (0) | 2019.11.12 |
| Mysql DB 백업과 복원 (1) | 2017.12.05 |
| 리눅스 유저 생성할 때 사용자 디렉토리 public_html를 자동 생성하는 방법 (0) | 2017.12.02 |
| tar압축 - 권한까지 포함한 하위디렉토리 압축하기 (0) | 2017.12.02 |
댓글