pureftp源碼編譯及設定

時間 2019-11-11

標籤 pureftp 源碼編譯設定简体版

原文原文鏈接

--- use for RHEL 567 and Ubuntu 1604node

1. download pureftpd
wget http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.47.tar.bz2
bash

2. install gcc
#apt-get install -y libssl-dev gcc make bzip2
yum install -y openssl-devel.x86_64 gcc bzip2cookie

3. 編譯安裝
tar jxf pure-ftpd-1.0.47.tar.bz2
cd pure-ftpd-1.0.47tcp

./configure \
--prefix=/usr/local/pureftpd \
--mandir=/usr/share/man \
--with-puredb \
--with-quotas \
--with-virtualchroot \
--with-virtualhosts \
--with-diraliases \
--with-altlog \
--with-rfc2640 \
--with-tls \
--with-ftpwho \
--without-inetd \
--without-usernames ui

make && make installrest

# other option:
--with-uploadscript \
--with-peruserlimits \
--with-paranoidmsg \
--with-cookie \
--with-welcomemsg \
--with-language=english \
--with-throttling \code

4. 修改配置文件pure-ftpd.conf
ln -s -f /usr/local/pureftpd/etc/pure-ftpd.conf /etc/pure-ftpd.conf
export PURE_CONFIG=/usr/local/pureftpd/etc/pure-ftpd.confserver

sed -i '65c\DisplayDotFiles no' $PURE_CONFIG
sed -i '77c\NoAnonymous yes' $PURE_CONFIG
sed -i '103c\MaxIdleTime 5' $PURE_CONFIG
sed -i '336c\CreateHomeDir yes' $PURE_CONFIG
sed -i '419c\TLS 2' $PURE_CONFIG
sed -i '442c\IPV4Only yes' $PURE_CONFIG
sed -i '304c\AltLog clf:/var/log/pureftpd.log' $PURE_CONFIG
sed -i '125c\PureDB /usr/local/pureftpd/etc/pureftpd.pdb' $PURE_CONFIG
sed -i '179c\PassivePortRange 52100 53000' $PURE_CONFIGip

#sed -i '429c\TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3' $PURE_CONFIGssl

5. iptables開啓相關端口：
iptables -I INPUT -p tcp --dport 21 -j ACCEPT
iptables -I INPUT -p tcp --dport 52100:53000 -j ACCEPT
/etc/rc.d/init.d/iptables save

6. create a self-signed certificate. example config in README.TLS file
mkdir -p /etc/ssl/private
openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048
openssl req -x509 -nodes -newkey rsa:2048 -sha256 -days 1024 \
-subj "/C=CN/ST=UBUNTU/L=ShenZhen/O=www2 CO.,LTD/OU=New PCEBG/CN=elite.com/emailAddress=macj@ispc.com" \
-keyout /etc/ssl/private/pure-ftpd.pem \
-out /etc/ssl/private/pure-ftpd.pem
chmod 600 /etc/ssl/private/*.pem

7. 配置虛擬用戶登陸環境
groupadd -g 911 ftpgroup_p
useradd -g ftpgroup_p -d /dev/null -M -s /sbin/nologin -u 911 ftpuser_p
mkdir /data
ln -s -f /usr/local/pureftpd/bin/pure-pw /usr/local/bin/pure-pw

8. 添加一個ftp賬號mac1, 指定目錄爲/data/mac1
(echo luckyn123; echo luckyn123) | pure-pw useradd mac1 -d /data/mac1 -u ftpuser_p -m

9. 系統服務模式，啓動pure-ftpd, for RHEL7
cat <<EOF> /lib/systemd/system/pure-ftpd.service
[Unit]
Description=Pure-FTPd FTP server
After=syslog.target network.target

[Service]
Type=forking
PIDFile=/var/run/pure-ftpd.pid
ExecStart=/usr/local/pureftpd/sbin/pure-ftpd /usr/local/pureftpd/etc/pure-ftpd.conf

[Install]
WantedBy=multi-user.target
EOF

systemctl enable pure-ftpd
systemctl start pure-ftpd
systemctl status pure-ftpd

-------------------
###service starter for RHEL6
cp /root/pure-ftpd-1.0.42/contrib/redhat.init /etc/init.d/pureftpd
chmod 755 /etc/init.d/pureftpd
chkconfig --add pureftpd
chkconfig pureftpd on
sed -i '17c\prog=pure-ftpd' /etc/init.d/pureftpd
sed -i '18c\fullpath=/usr/local/pureftpd/sbin/$prog' /etc/init.d/pureftpd
sed -i '19c\pureftpwho=/usr/local/pureftpd/sbin/pure-ftpwho' /etc/init.d/pureftpd
sed -i '24c\$fullpath /usr/local/pureftpd/etc/pure-ftpd.conf' /etc/init.d/pureftpd

-------------------此文件，存在1.0.42版本中；後續更新版已刪除

#!/bin/bash
#
# Startup script for the pure-ftpd FTP Server  $Revision: 1.3 $
#
# chkconfig: 2345 85 15
# description: Pure-FTPd is an FTP server daemon based upon Troll-FTPd
# processname: pure-ftpd
# pidfile: /var/run/pure-ftpd.pid
# config:  /usr/local/pureftpd/etc/pure-ftpd.conf

# Source function library.
. /etc/rc.d/init.d/functions

RETVAL=0

# Path to the pure-ftp binaries.
prog=pure-ftpd
fullpath=/usr/local/pureftpd/sbin/$prog
pureftpwho=/usr/local/pureftpd/sbin/pure-ftpwho


start() {
    echo -n $"Starting $prog: "
$fullpath /usr/local/pureftpd/etc/pure-ftpd.conf
    RETVAL=$?
    [ $RETVAL = 0 ] && touch /var/lock/subsys/$prog
    echo
}
stop() {
    echo -n $"Stopping $prog: "
    kill $(cat /var/run/pure-ftpd.pid)
    RETVAL=$?
    [ $RETVAL = 0 ] && rm -f /var/lock/subsys/$prog
    echo
}

# See how we were called.
case "$1" in
    start)
        start
        ;;
    stop)
        stop
        ;;
    restart)
        stop
        start
        ;;
    condrestart)
        if [ -f /var/lock/subsys/$prog ] ; then
            stop
            # avoid race
            sleep 3
            start
        fi
        ;;
    status)
        status $prog
        RETVAL=$?
        if [ -f $pureftpwho ] && [ $RETVAL -eq 0 ] ; then
            $pureftpwho
        fi
        ;;
    *)
        echo $"Usage: $prog {start|stop|restart|condrestart|status}"
        RETVAL=1
esac
exit $RETVAL

-------------------------

TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3
TLSCipherSuite ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:!SEED-SHA:!DHE-RSA-SEED-SHA:+HIGH+MEDIUM

openssl s_client -connect 10.247.19.87:21 -starttls ftp

openssl s_client -connect localhost:21 -starttls ftp
openssl s_client -connect localhost:21 -ssl3
openssl s_client -connect localhost:21 -tls1

nmap --script ssl-cert,ssl-enum-ciphers -p 21 10.247.15.91