Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!

CentOS - /etc/vsftpd/vsftpd.conf

By: mutant on Jul 26th, 2012  |  syntax: None  |  size: 4.97 KB  |  views: 81  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. # Example config file /etc/vsftpd/vsftpd.conf
  2. #
  3. # The default compiled in settings are fairly paranoid. This sample file
  4. # loosens things up a bit, to make the ftp daemon more usable.
  5. # Please see vsftpd.conf.5 for all compiled in defaults.
  6. #
  7. # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
  8. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
  9. # capabilities.
  10. #
  11. # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
  12. anonymous_enable=NO
  13. #
  14. # Uncomment this to allow local users to log in.
  15. local_enable=YES
  16. #
  17. # Uncomment this to enable any form of FTP write command.
  18. write_enable=YES
  19. #
  20. # Default umask for local users is 077. You may wish to change this to 022,
  21. # if your users expect that (022 is used by most other ftpd's)
  22. local_umask=022
  23. #
  24. # Uncomment this to allow the anonymous FTP user to upload files. This only
  25. # has an effect if the above global write enable is activated. Also, you will
  26. # obviously need to create a directory writable by the FTP user.
  27. #anon_upload_enable=YES
  28. #
  29. # Uncomment this if you want the anonymous FTP user to be able to create
  30. # new directories.
  31. #anon_mkdir_write_enable=YES
  32. #
  33. # Activate directory messages - messages given to remote users when they
  34. # go into a certain directory.
  35. dirmessage_enable=YES
  36. #
  37. # The target log file can be vsftpd_log_file or xferlog_file.
  38. # This depends on setting xferlog_std_format parameter
  39. xferlog_enable=YES
  40. #
  41. # Make sure PORT transfer connections originate from port 20 (ftp-data).
  42. connect_from_port_20=YES
  43. #
  44. # If you want, you can arrange for uploaded anonymous files to be owned by
  45. # a different user. Note! Using "root" for uploaded files is not
  46. # recommended!
  47. #chown_uploads=YES
  48. #chown_username=whoever
  49. #
  50. # The name of log file when xferlog_enable=YES and xferlog_std_format=YES
  51. # WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log
  52. #xferlog_file=/var/log/xferlog
  53. #
  54. # Switches between logging into vsftpd_log_file and xferlog_file files.
  55. # NO writes to vsftpd_log_file, YES to xferlog_file
  56. xferlog_std_format=YES
  57. #
  58. # You may change the default value for timing out an idle session.
  59. #idle_session_timeout=600
  60. #
  61. # You may change the default value for timing out a data connection.
  62. #data_connection_timeout=120
  63. #
  64. # It is recommended that you define on your system a unique user which the
  65. # ftp server can use as a totally isolated and unprivileged user.
  66. #nopriv_user=ftpsecure
  67. #
  68. # Enable this and the server will recognise asynchronous ABOR requests. Not
  69. # recommended for security (the code is non-trivial). Not enabling it,
  70. # however, may confuse older FTP clients.
  71. #async_abor_enable=YES
  72. #
  73. # By default the server will pretend to allow ASCII mode but in fact ignore
  74. # the request. Turn on the below options to have the server actually do ASCII
  75. # mangling on files when in ASCII mode.
  76. # Beware that on some FTP servers, ASCII support allows a denial of service
  77. # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
  78. # predicted this attack and has always been safe, reporting the size of the
  79. # raw file.
  80. # ASCII mangling is a horrible feature of the protocol.
  81. #ascii_upload_enable=YES
  82. #ascii_download_enable=YES
  83. #
  84. # You may fully customise the login banner string:
  85. ftpd_banner=Welcome to caasig FTP service.
  86. #
  87. # You may specify a file of disallowed anonymous e-mail addresses. Apparently
  88. # useful for combatting certain DoS attacks.
  89. #deny_email_enable=YES
  90. # (default follows)
  91. #banned_email_file=/etc/vsftpd/banned_emails
  92. #
  93. # You may specify an explicit list of local users to chroot() to their home
  94. # directory. If chroot_local_user is YES, then this list becomes a list of
  95. # users to NOT chroot().
  96. chroot_local_user=YES
  97. chroot_list_enable=YES
  98. # (default follows)
  99. chroot_list_file=/etc/vsftpd/chroot_list
  100. #
  101. # You may activate the "-R" option to the builtin ls. This is disabled by
  102. # default to avoid remote users being able to cause excessive I/O on large
  103. # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
  104. # the presence of the "-R" option, so there is a strong case for enabling it.
  105. ls_recurse_enable=YES
  106. #
  107. # When "listen" directive is enabled, vsftpd runs in standalone mode and
  108. # listens on IPv4 sockets. This directive cannot be used in conjunction
  109. # with the listen_ipv6 directive.
  110. listen=YES
  111. #
  112. # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
  113. # sockets, you must run two copies of vsftpd with two configuration files.
  114. # Make sure, that one of the listen options is commented !!
  115. #listen_ipv6=YES
  116.  
  117. pam_service_name=vsftpd
  118. tcp_wrappers=YES
  119.  
  120. #user permissions
  121. userlist_enable=YES
  122. userlist_deny=NO
  123. userlist_file=/etc/vsftpd/user_list
  124.  
  125. #below is for ssl
  126. ssl_enable=YES
  127. allow_anon_ssl=NO
  128. force_local_data_ssl=NO
  129. force_local_logins_ssl=YES
  130. ssl_tlsv1=YES
  131. ssl_sslv2=NO
  132. ssl_sslv3=NO
  133. require_ssl_reuse=NO
  134. rsa_cert_file=/etc/vsftpd/vsftpd.pem
  135. ssl_ciphers=HIGH
  136.  
  137. #enable logging of protocol
  138. log_ftp_protocol=YES
  139. dual_log_enable=YES