Redhat Linux as4 U6 打开FTP与Telnet 通道
(1) 确认已经安装telnet 服务软件
[root@test01 ~]# rpm -qa telnet-server
telnet-server-0.17-31.EL4.5
[root@test01 ~]# rpm -qa telnet
telnet-0.17-31.EL4.5
[root@test01 ~]#
(2) 开始telnet 服务参数 /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}
~
~
~
~
-
去掉kerb5-telnet
#mv /usr/kerberos/bin/telne /usr/kerberos/bin/telnet.bak
[root@test01 xinetd.d]# which telnet.bak
/usr/kerberos/bin/telnet.bak
[root@test01 xinetd.d]# which telnet
/usr/bin/telnet
[root@test01 xinetd.d]#
-
修改telnet 安全参数
/etc/pam.d/login 文件
#%PAM-1.0
#auth required pam_securetty.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_stack.so service=system-auth
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should be the last session rule
session required pam_selinux.so open
~
(5) 修改/etc/securetty
[root@test01 etc]# ls securetty
securetty
[root@test01 etc]# more securetty
console
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
pts/0
pts/1
pts/2
pts/3
pts/4
pts/5
[root@test01 etc]#
添加以上的配置。
(6) 修改服务
开启:telnet 服务。
root@test01 etc]# chkconfig --list |grep telnet
telnet: on
krb5-telnet: on
[root@test01 etc]#
[root@test01 etc]# chkconfig telnet off
[root@test01 etc]# chkconfig --list |grep telnet
telnet: off
krb5-telnet: on
[root@test01 etc]#
[root@test01 etc]# chkconfig telnet on
[root@test01 etc]#
root@test01 etc]# chkconfig --list |grep vsftp
vsftpd 0:off 1:off 2:off 3:off 4:off 5:on 6:off
[root@test01 etc]# chkconfig --list |grep telnet
telnet: on
krb5-telnet: on
[root@test01 etc]# chkconfig --list |grep telnet
telnet: on
krb5-telnet: on
[root@test01 etc]# chkconfig --list |grep vsftp
vsftpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@test01 etc]# chkconfig --list |grep vsftp
#chkconfig vsftpd on
测试是否通过telnet 服务:
telnet 192.168.34.20
test01 (Linux release 2.6.9-78.ELsmp #1 SMP Wed Jul 9 15:39:47 EDT 2008) (1)
login:
test01 (Linux release 2.6.9-78.ELsmp #1 SMP Wed Jul 9 15:39:47 EDT 2008) (1)
login: root
Password:
Last login: Thu Jul 9 19:44:47 from 192.168.34.141
[root@test01 ~]#
测试成功。
启动服务: [root@test xinetd.d]# service xinetd restart
(1) 确认软件包
[root@test01 etc]# ls vsftp*
vsftpd.ftpusers vsftpd.user_list
vsftpd:
vsftpd.conf
[root@test01 etc]#
[root@test01 etc]# rpm -qa vsftpd*
vsftpd-2.0.1-6.el4
确认是否已经安装了FTP服务。
-
确认是否打开服务:
#chkconfig –list |grep vsftp
[root@test01 etc]# chkconfig --list |grep vsftp
vsftpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@test01 e
[root@test01 etc]# chkconfig vsftpd on
[root@test01 etc]#
-
去掉vsftp.ftpusers
[root@test01 etc]# more vsftpd.ftpusers
# Users that are not allowed to login via ftp
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
[root@test01 etc]#
这个文件中的root
-
去掉/etc/vsftpd.user_list
中的 root 项目
[root@test01 etc]# more vsftpd.user_list
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd.ftpusers
# for users that are denied.
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
[root@test01 etc]#
查看服务是否已启动
[root@test xinetd.d]# service xinetd restart
此时,就允许ROOT用户ftp 上来。