• m Linux pЉ|
  osGAзR firefox s
  | cD | ̔D | g | A | ~R | ୱR | w޲z | QAO | Ŏ | y`~ | m | Xs |
  @ @ @
  @
  ̪sG2011/08/08
  FTP (File Transfer Protocol) iO̥jѪw@FADnOΨӶiɮתljKAרOjɮתljKϥ FTP OKILAȱo`NOAϥ FTP ӶljKɡAO㦳@w{תyMIʡzA ]ƦbںWOSO@yXzljK覡IOxª FTP ARO䥲nʪAҦpܦhմN FTP A[]ݨD[I


  jADϥ21.1 FTP Ƴsz

  FTP (File transfer protocol) OSjѪljKw@AL̥Dn\ObAPΤݤiɮתljKC oӥjѪwϥΪOXljK覡ABLhShwMEvCFwϥ FTP wAڭ̥Dnw\֪ vsftpd oӳnoC


  pADϥ2.1.1 FTP \̔

  FTP A\ణFxªiɮתljKP޲z~A̾ڦAn骺]w[cARiHѴXӥDn\C Uڭ̬ӽͤ@͡G


  • PίŪϥΪ̨Guser, guest, anonymous

  FTP Abw]pUA̾ڨϥΪ̵nJpӤTRPAOOG (1)b,real userF(2)X, guestF(3)ΦWnJ, anonymous oTRCoTRϥΪ̦btWϥvtܤjIҦpΤotvA ҥHiHihʧ@FܩΦWnJ̡Ajyڭ̴NȴѥLU귽OӤwAä\ΦW̨ϥΤӦhDE귽[I SMAoTRH^ϥΪyuWOz۵M]NۦPoI ^_^


  • ROOPnɰOG

  FTP iHQΨt syslogd ӶiƪA ӰOƥ]AFϥΪ̼gUFLROPϥΪ̶ljK(ljKɶBɮפjpΆ)OI ҥHAiHܻPb /var/log/ ̭UnTI


  • ϥΪ̬ʪؿG (change root, ̔ chroot)

  FקKϥΪ̦bA Linux tSHN}j (Nm}ϥΪ̦ۤvaؿӶiJ Linux tLؿh)A ҥHNϥΪ̪u@dy]zbϥΪ̪aؿUAIbOӤhnDNIFTP iHϥΪ̶ȯbۤvaؿSʳIp@ӡAѩϥΪ̵Lkm}ۤvaؿAӥBnJ FTP AܪyڥؿzNOۤvaؿeAoR٤ change root A̔ chroot AܮڥؿNTI

  onBOHS@ӴcNϥΪ̥H FTP nJAtSApGS chroot UALiH /etc, /usr/local, /home ΨLnؿUhԎɮ׸ơAרOܭn /etc/ U]wɡAp /etc/passwd ΆΡCpGASn@ɮv޲zPO@ALNkotYǭnTA ΨӡyJIzAtOIҥHb chroot UASMNw@ǫI


  pADϥ21.1.2 FTP B@y{PϥΨ쪺f

  FTP ljKϥΪO TCP ʥ]wAbĤGغڭ̽͹LA TCP bإ߳sue|iTV洤CL FTP AOꐷФ@ǡA] FTP AϥΤFӳsuAOOROqDPƬyqD (ftp-data) CoӳsuݭngLTV洤A ]O TCP ʥ]IoӳsuqD}YOpOHUڭ̥H FTP w]Dʦ (active) suӧ@̔oG

  FTP ADʦsuܷN
  21.1-1BFTP ADʦsuܷN

  ̔xsuy{NpWϩҥܡAܩsuBJOo˪G

  1. إߩROqDsu
   pWϩҥܡAΤݷ|HE@Ӥj 1024 HWf (port AA) ӻP FTP Aݪ port 21 FsuA oӹL{SMݭnTV洤FIFsuΤݫKiHzLoӳsuӹ FTP AUFOA ]AdɦWBUBWdžΆΫOOQγoӳqDӤUFF

  2. q FTP Aݨϥ active Bis^
   FTP A 21 𸹥DnΦbROUFAOSoAƬyɡANOϥγoӳsuFC ΤݦbݭnƪpUA|iAݭnΤ覡ӳsuApGODʦ (active) suɡA Τݷ|HEťΤ@Ӱf ( 21.1-1 S port BB) ABzLROqDi FTP AoӸTAÆΫ FTP AsuF

  3. FTP AyDʡzVΤݳsu
   FTP AѩROqDAΤݪݨDA|Dʪ 20 oӰ𸹦VΤݪ port BB suA oӳsuSM]|gLTV洤TI FTP ΤݻPAݦ@|إߨsuAOΦbROUFPƪǻC ӹw] FTP AݨϥΪDʳsu𸹴NO port 20 oI

  p@ӫh\إ߰_yROzPyƶljKzӳqDILAn`NOA yƶljKqDzObƶljK欰ɤ~|إߪqDIäO@}ls^ FTP ANߨإߪqDOIdN@UoI


  • DʦsuϥΨ쪺

  QΤWzӾz@U FTP Aݷ|ϥΨ쪺𸹥DnG

  • ROqD ftp (w] port 21) P
  • ƶljK ftp-data (w]port 20)C

  Ajդ@AoӰfu@O@˪AӥBAnO̪suo_ݬO@˪I port 21 Dn^ӦۥΤݪDʳsuAܩ port 20 h FTP ADʳsuܥΤݩOIo˪pbAPΤݨ̦Pɬ@ IP (Public IP) ںWq`SӤjDALAU@AΤݬObݡAΪ̬O NAT AݩOH|DoͩOHUڭ̨ӽͤ@ͳoYDI


  • bDʳsu FTP APΤݤ㦳suD

  ^Q@Uڭ̪ĤEبI @ӻAܦhk|ϥΨ (iptables) NAT \Ab NAT ݪ FTP Τps^ FTP AOH ڭ̥iH̔xHUϨӻG

   FTP ΤݻPAݳsu㦳suA
  21.1-2B FTP ΤݻPAݳsu㦳suA
  1. ΤPAROqDإߡG
   ] NAT |DʪOѤe~suTAӥѩROqDإ߬OѥΤݦVAݳsuA ]o@suiHQإ߰_ӪF

  2. ΤPAƳqDإ߮ɪqG
   P˪AΤݥDE|ť port BB AózLROqDi FTP AABΫݦAݪDʳsuF

  3. ADʳs NAT Ϋ茻ܥΤݪsuDG
   OѩzL NAT 茂AFTP Auo NAT IP ӤOΤݪ IP A ] FTP A|H port 20 DʪV NAT port BB oeDʳsunDC A NAT èSŰ port BB Ӻo FTP Asu[I

  ADҦbFܡHb FTP DʦsuSANAT N|QΤݡA NAT ëDΤݔ[A oNyDFCpGAgb IP ɾ᭱s^Y FTP AɡAiస|o{Ns^W FTP AF (ROqDwإ)AONOLkoɮצW٪CAӬObWL@qɶܡy Can't build data connection: Connection refusedALkiƶljKzTA ֩wNOoӭ]ҳyxZFC

  SkiHJAoӰDOHDub Linux NAT ᭱N@wLkϥ FTP ܡHSMOI ثe̔kiHJAoӰDG

  • ϥ iptables ҴѪ FTP œG

   iptables NѤF\hnΪœFAo FTP SM|QhLI AiHϥ modprobe oӫOӸJ ip_conntrack_ftp ip_nat_ftp μœAoXӼœ|DʪRy؊AO port 21 suzTA ҥHiHo port BB ơAɭY^ FTP ADʳsuAN^NMʥ]fVTݥDEFI ^_^

   LApGAs؊A FTP ALROqDw]𸹨ëDAǪ 21 𸹮 (ҦpYǦaU FTP A)A oӼœNLkQRXӤFAo˻AzܡH

  • ΤݿܳQʦ (Passive) suҦG

   FDʦsu~AFTP RѤ@R٬QʦsuҦAOQʦOH JMDʦOѦAVΤݳsuAϹLAQʦNOѥΤݦVAݵo_suoI JMOѥΤݵo_suA۵MNݭnҼ{Ӧ port 20 suTI}QʦsuҦNbU@p`I

  pADϥ21.1.3 ΤݿܳQʦsuҦ

  򤰻OQʦsuOHڭ̥iHϥΩUϥܨӧ@̔G

  FTP QʦƬysuy{
  21.1-3BFTP QʦƬysuy{
  1. ΤPAإߩROqDG
   P˪ݭnإߩROqDAzLTV洤NiHإ߰_oӳqDFC

  2. ΤݵoX PASV sunDG
   SϥθƳqDOɡAΤݥizLROqDoX PASV QʦsunD (Passive Yg)A ÆΫݦA^RF

  3. FTP AŰʸưfAóqΤݳsuG
   pGA FTP AO^BzQʦsuA FTP A|Űʤ@ӰfboC oӰfXiOHEA]iHۭqY@d򪺰fAݬݧA FTP AnөwC MA FTP A|zLROqDiΤMwgŰʪf (Ϥ port PASV)A ÆΫݥΤݪsuC

  4. ΤHEΤj 1024 fis^G
   MAΤݷ|HEΤ@Ӥj 1024 𸹨ӹDE port PASV suC pG@QܡAA FTP ƴNiHzL port BB port PASV ӶǰeFC

  o{WPIFܡHQʦ FTP ƳqDsuVOѥΤݦVAݳsuI p@ӡAb NAT ΤݥDENiHQs^W FTP Server FIOAU@ FTP DE]Ob NAT ݨ...IiNɤFa @_@o̴NoA`J DMZ ޥFAڭ̳o̼ȤoDz`JޥAz@UoǯSsuVA oNUAӦA[]ɭԪҼ{]I

  ~AֱoALo{AzL PASV ҦAAbSSO]wpUA|HEj 1024 fӴѥΤݳs^ΡCU@AťΪfQdKHӥBA p@Ӥ]l}ӦۤJI̧@nT[IҥHAoӮɭԧڭ̥iHzL passive ports \ӡywzAťΪ port number I


  pADϥ21.1.4 FTP wʰDPN

  Ab FTP WǰeƫܥiQѨA] FTP OXljKIӥBY FTP An骺wvD]OYC ]A@ӻADOթΪ̬O@Ǫxn}SEKαvDƤ~AFTP O֥άC

  SSH ҽAثeڭ̤wgw FTP FANO ssh Ѫ sftp o server [Io sftp-server ̤juINOGybWljKƬOgL[KzIҥHbںWyJɭԡA KKIܳOw@TIҥHijAADnA_hܨϥ SSH Ѫ sftp-server \Yi

  Mӳoӥ\@DzߺDFϧΤAΪ̬OɦWϥΪ̨ӻAbOKA ثeӹϧΤ filezilla ΤݳnALܦhɭRO|oͤ@WDI ҥHAɭ FTP ROsbݭnCpGun[] FTP AROoݭn`NXӨƶG

  1. Hɧs̷s FTP nAHɪ`N|}TF
  2. iptables ӳWwiHϥ FTP kF
  3. TCP_Wrappers ӳWdiHnJkF
  4. FTP n骺]wӭϥΧA FTP AϥΪ̪Pv[F
  5. ϥ Super daemon Ӷi픺޲zA FTP AF
  6. Hɪ`NϥΪ̪aؿBHΰΦWϥΪ̵nJؿyɮvzF
  7. Y~}ܡAγ\]iHק FTP port C
  8. ]iHϥ FTPs oR[K FTP \I

  LApAbWoLӦhHOѩ} FTP oӦAfPӥDEQJIƥAҥHA o̯unL@_jաAn`Nw[I


  pADϥ21.1.5 }񤰻򨭥ϥΪ̵nJ

  JM FTP OHXljKAåBYǦ FTP An]֪wʺ|}ASݭn[] FTP A[H Sk[A`OHݭnoӪN઺AĴpUjM|դN FTP AȶܡH o˥iHդP@Pɮդ귽ILAѩ FTP nJ̪iHTRA A쩳n}@RnJOHoӮɭԧAiHo̔xҤ@UoG


  • }Τ᪺p (Real user)G

  ܦh FTP Aw]Nwg\Τ᪺nJFCLAݭnAOAHΤᰵ FTP nJ̨ɡA tw]èSwΤӶiyzAҥHLiHwɮרtiLҨ㦳vu@C ]ApGA FTP ϥΪ̨SnnO@ۤvKXfPQJIAA Linux tƱNܦiQѨ[I }ΤɪijpUG

  • ϥδN FTP ׸ΡG ѩΤ᥻ӴNiHzLs^DEӶiu@ (Ҧp SSH)A]bSݭnSO} FTP AȔ[I]Ҧp sftp ӴNFljKɮת\oI

  • ΤOAp chroot P /sbin/nologin ΡG pGTwnΤQ FTP AܡAAiݭnYǨtbLknJ FTP ~AҦp bin, apache ΆΡC ̔x`Ϊ@kOzL PAM œӳBzAĴp vsftpd oӳnw]iHzL /etc/vsftpd/ftpusers oɮרӳ]wQL㦳nJ FTP bCt~ANϥΪ̨ chroot OSݭnI


  • XȨ (Guest)

  q`|إ guest רSAhbOѩAѤFyӤH Web z\൹@먭ϥΪ̡A oǨϥΪ`Oݭn޲zۤvŶaHoӮɭԱNϥΪ̪Y guest AåBNLiΥؿ]wnAYiѨϥΪ̤@ӤKϥFIBݭnѥL real user vI `ijpUG

  • ȴѻݭnnJbYiAݭnѨtWҦHinJ[I

  • SMAڭ̦bA]wSAݭnw藍PXȵL̤@˪yaؿzA ӳoӮaؿPϥΪ̪v]wݭn۲ŦXIҦpn dmtsai oӤH޲zLŶAӥLŶmb /home/dmtsai/www UAڴNN dmtsai b FTP ѪؿȦ /home/dmtsai/www ӤwAwTIӥB]KϥΪ̔[I

  • wo˪̡Aݭn]whA]AGWUɮӋػPwЮeqB sunJɶB\iϥΪOn֫ܦhܦhAҦp chmod Nn\LϥΆΆΡI


  • ΦWnJϥΪ (anonymous)

  MѰΦWnJںϥΪ̶iJbOӦnDNA]CӤHiHhUAơA U@WeQYHpPeLAxݭnɥզP@dzn귽ɡA FTP A]O@ӫܤhMה[IAOaCpGn}ΦWϥΪ̪ܡAn`NG

  • LApAѰΦWnJO@SMIƱA]unA@pߡA NnƩmΦW̥iHŪؿɡANܦi|KIPxxApNn]w[

  • Gun}ΦWnJɡAܦhni檺Ao]AG(1)\u@OnCܦhA XGN\ΦW̨ϥΫOTB(2)ɮ׶ljKӋqAɶqn\yWǡzƪ]wB (3)ΦW̦PɵnJ̤jsuӋqAiHssI

  @ӻApGAOnm@Ǥ}BSvȯɪƦbWѤHUܡA @ӶȴѰΦWnJ FTP AAåBӺں}O OK TI LApGAwpnѪnθƬO㦳vAOMv\AbQx줺ljKpUA []@ӡyȰw鷺}񪺰ΦW FTP A (QΨBz) z]O OK TI

  pGARQnϥΪ̤XܡAO_n[]@ӰΦW̥iWǪkOHmoƱݪkO.... yUUiz[IpGnϥΪ̤XܡADMϥΪ̬OAHA_hn\WǡI ҥHɤ@ɮרtv޲zY檺 FTP AAôΤ᪺nJNIݨDTI `An̷ӧAݨDӫҬO_ݭnI


  jADϥ21.2 vsftpd A]w

  nӃԤ@Գo̔x vsftpd oIvsftpd WOyVery Secure FTP Daemon zNA yܻAvsftpd ̪oizNObغc@ӥHw FTP AOIڭ̥ӃԤ@Ԭ vsftpd ١yD`wzOHMAӽͳ]waI


  pADϥ21.2.1 ϥ vsftpd

  Fغc@ӦwD FTP AA vsftpd w@~ty{Ǫv (privilege)zyӳ]pA pGAŪLgQCص{ǻP귽޲zܡA RM|ֱotWҰ檺{|޵o@ӵ{ǡAڭ̺٥L PID (Process ID)A o PID btWi檺ȻPL֦v}C]NOA PID ֦vίŶV@A L^i檺ȴNVhC|ҨӻAϥ root IJo PID q`֦iHiu@vίšC

  LAU@IJoo PID { (program) |}fPQǫ (cracker) ҧ@Өo PID ϥvɡA ǫȱN|oo PID ֦voIҥHAӵoin鳣|ɶqNAȨo PID vCAϱoMAȧYϤp߳QJIFAJI̤]Lko즳Īt޲zvAo˷|ڭ̪twTC vsftpd NOoRQkӳ]pC

  F PID 譱v~A vsftpd ]䴩 chroot oӨ禡\Achroot UWqNOy change root directory zNA root OyڥؿzӫDt޲zC LiHNYӯSwؿܦڥؿAҥHPMؿS}YLؿN|Q~ΤFC

  |ҨӻApGAHΦWnJڭ̪ ftp AȪܡAq`A|Qwb /var/ftp ؿUu@A ӧAݨ쪺ڥؿNuO /var/ftp AܩtLp /etc, /home, /usr... ΨLؿANݤFI oˤ@ӧYϳo ftp AȳQ}FAS}YAJIROȯb /var/ftp ̭]Ӷ]hӤwAӵLkϥ Linux \C۵Mڭ̪t]N|wTI

  vsftpd OWӳ]p@Ӹw FTP AnAL㦳USIG

  • vsftpd oӪAȪŰʪ̨@ϥΪ̡AҥH Linux tϥvCA Linux tM`N۹諸CFC~A vsftpd Q chroot() oӨ禡iڥؿʧ@Aϱotu㤣|Q vsftpd oAȩһ~ΡF

  • ݭn㦳@v vsftpd OH@SWh{ǩұA MWh{Ǩɦ@v\wgQSCAåHvT Linux tǡF

  • ʎj ftp |ϥΨ쪺B~O\ (dir, ls, cd ...) wgQX vsftpd D{SFA]zAW vsftpd ݭnϥΨB~tѪOAҥHb chroot pUAvsftpd iHQB@ABݭnB~\tӻ]wC

  • ҦӦۥΤݥBQnϥγoWh{ǩҴѪ@v vsftpd OݨDA QyiHnDzӳBzAݭngLS{תT{AiQMWh{Ǫ\C Ҧp chown(), Login nDΆΰʧ@F

  • ~AW쪺Wh{ǤA̵Mϥ chroot() \ӭϥΪ̪vC

  ѩ㦳o˪SIAҥH vsftpd |ܪw@ǫIUN}lӽͦp]waI


  pADϥ21.2.2 һݭnnHγnc

  vsftpd һݭnnu@ӡANO vsftpd [I^_^IpGA CentOS SwUAЧQ yum install vsftpd ӦwULaInܤpAUsPwUݭnXNdwFIӨWӳn鴣Ѫ]wɤ]֪OH@I̔xδNO vsftpd S[Iodz]wƤnG

  • /etc/vsftpd/vsftpd.conf
   YӻA vsftpd ]wɴNuoɮסIoɮת]wOH bash Ӌ]wۦP覡ӳBzA ]NOyӋ=]wzӳ]wA`NA θ䤣঳ťճIܩN vsftpd.conf iHϥ y man 5 vsftpd.conf zӌdC

  • /etc/pam.d/vsftpd
   oӬO vsftpd ϥ PAM œɪ}]wɡCDnΨӧ@{ҤΡAR@ǨϥΪ̨ץ\A ]OzLoɮרӹFCAiHԎݤ@UMɮסG
   [root@www ~]# cat /etc/pam.d/vsftpd
   #%PAM-1.0
   session optional pam_keyinit.so  force revoke
   auth  required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
   auth  required pam_shells.so
   auth  include password-auth
   account include password-auth
   session required pam_loginuid.so
   session include password-auth
   
   W file ᭱^ɮ׬OyϥΪ̵Lkϥ vsftpd zNA ]NOAAɮפonϥΨtw]ȡA]iHboɮ׸̭iקTI ^_^

  • /etc/vsftpd/ftpusers
   PW@ɮצ}YA]NO PAM œ (/etc/pam.d/vsftpd) ҫwӵLknJϥΪ̳]wɔ[I oɮת]w̔xAAunNyQLnJ FTP bzgJoɮקYiC@@ӱbAݰ_^oˡG
   [root@www ~]# cat /etc/vsftpd/ftpusers
   # Users that are not allowed to login via ftp
   root
   bin
   daemon
   ....(Uٲ)....
   
   @SHʎjtbboɮפA]NOAtbw]OSkϥ vsftpd TI pGARQnYǨϥΪ̵LknJAgbo̬O̧֪I

  • /etc/vsftpd/user_list
   oɮ׬O_^ͮĻP vsftpd.conf ӰӋ}AOOy userlist_enable, userlist_deny zC pG /etc/vsftpd/ftpusers O PAM œ׳]wءAo /etc/vsftpd/user_list hO vsftpd ۭq׶ءCWoɮ׻P /etc/vsftpd/ftpusers XG@Ҥ@ˡA bw]pUAAiHNƱinJ vsftpd bgJo̡CLoɮת\|̾ vsftpd.conf ]wɤ userlist_deny={YES/NO} ӤPAoonSOdNI

  • /etc/vsftpd/chroot_list
   oɮ׹w]OsbAҥHAnʦۦإߡCoɮתDn\OiHNYDZbϥΪ chroot bL̪aؿUIoɮ׭nͮĻP vsftpd.conf y chroot_list_enable, chroot_list_file zӰӋ}C pGAQnNYΤ᭭bL̪aؿUӤ\LؿhAiHŰʳoӳ]wسI

  • /usr/sbin/vsftpd
   oNO vsftpd DnɫInháA vsftpd uo@ӰɦӤw[I

  • /var/ftp/
   oӬO vsftpd w]ΦW̵nJڥؿIP ftp oӱbaؿ}TI

  jPWNuoXɮ׻ݭn`NӤwAӥBCɮת]wS̔xIuOh[I


  pADϥ21.2.3 vsftpd.conf ]wȻ

  WA/etc/vsftpd/vsftpd.conf NO@ӮN]wɡABϥΡy man 5 vsftpd.conf zhiHo짹㪺ӋC Lڭ̳ǫ̂HN vsftpd.conf `ΰӋLgXӡAƱADUG


  • PA}]w
  • connect_from_port_20=YES (NO)
   Oobe@p`쪺DʦsuϥΪ FTP A port ܡHoNO ftp-data 𸹡F

  • listen_port=21
   vsftpd ϥΪROqD portApGAQnϥΫDW𸹡Aboӳ]wحקaI LAnDAoӳ]wȶȾAXH stand alone 覡ӎŰʳI( super daemon L)

  • dirmessage_enable=YES (NO)
   SϥΪ̶iJYӥؿɡA|Mؿݭn`NeAܪɮ׹w]O .message AAiHϥΩU]wبӭ׭qI

  • message_file=.message
   S dirmessage_enable=YES ɡAiH]woӶب vsftpd MMɮרܰTI

  • listen=YES (NO)
   Y]w YES vsftpd OH standalone 覡ӎŰʪIw]O NO IҥHڭ̪ CentOS Nאּ YES Ioˤ~ϥ stand alone 覡ӳC

  • pasv_enable=YES (NO)
   䴩ƬyQʦsuҦ(passive mode)A@wn]w YES TI

  • use_localtime=YES (NO)
   O_ϥΥaɶHvsftpd w]ϥ GMT ɶ(Lªv)AҥHw] FTP ɮפ|xW߅ 8 pɡAijק]w YES aI

  • write_enable=YES (NO)
   pGA\ϥΪ̤WǸƮɡANnŰʳoӳ]wȡF

  • connect_timeout=60
   xOAbƳs^DʦsuҦUAڭ̵oXs^Tb 60 oΤݪ^RAhΫݨñj_uC

  • accept_timeout=60
   SϥΪ̥HQʦ PASV ӶiƶljKɡApGAť passive port ÆΫ client WL 60 ӵL^RA NLj_uIoӳ]wȻP connect_timeout AL@ӬO޲zDʳsuA@Ӻ޲zQʳsuC

  • data_connection_timeout=300
   pGAPΤݪƳsuwg\إ (ADROQʳsu)AOiѩuDfP 300 ROLkQƪǰeAΤݪsuN|Qڭ̪ vsftpd jI

  • idle_session_timeout=300
   pGϥΪ̦b 300 SROʧ@AjmuIקKۭT|ԫˡ

  • max_clients=0
   pG vsftpd OH stand alone 覡ŰʪAoӳ]wإiH]wP@ɶA̦hh client iHPɳsW vsftpd Iϥ FTP ζqI

  • max_per_ip=0
   PW max_clients Ao̬OP@ IP P@ɶi\hֳsuH

  • pasv_min_port=0, pasv_max_port=0
   WӬOP passive mode ϥΪ port number }ApGAQnϥ 65400 65410 o 11 port ӶiQʦsuҦs^AiHo˳]w pasv_max_port=65410 H pasv_min_port=65400C pGO 0 ܡAHEΦӤC

  • ftpd_banner=@Ǥr
   SϥΪ̳suiJ vsftpd ɡAb FTP ΤݳnWY|ܪrCLAoӳ]wȸƤTI ijAiHϥΩU banner_file ]wȨӨNoӶءF

  • banner_file=/path/file
   oӶإiHwYӯ¤rɧ@ϥΪ̵nJ vsftpd AɩܪwrCPɡA]^m@ϥΪ̪D FTP Aؿ[cI


  • PΤ}]w
  • guest_enable=YES (NO)
   Yoӭȳ]w YES ɡAbA|Q] guest (ҥHw]O})I ܩXȦb vsftpd SAw]|o ftp oӨϥΪ̪}vCiHzL guest_username ӭקC

  • guest_username=ftp
   b guest_enable=YES ɤ~|ͮġAwXȪӤwC

  • local_enable=YES (NO)
   oӳ]wȥn YES ɡAb /etc/passwd b~HΤ᪺覡nJڭ̪ vsftpd AI

  • local_max_rate=0
   Τ᪺ljKt׭Ax쬰 bytes/secondA 0 C

  • chroot_local_user=YES (NO)
   bw]pUAO_nNϥΪ̭bۤvaؿ(chroot)HpGO YES NΤw]N|Q chrootApGO NOA hw]OS chrootCLAROݭnUӰӋ۰ѦҤ~CFwʡAoRMn]w YES ~nC

  • chroot_list_enable=YES (NO)
   O_ť chroot gJC\HPU chroot_list_flie }IoӶرon}šA_hUCɮ׷|LġC

  • chroot_list_file=/etc/vsftpd.chroot_list
   pG chroot_list_enable=YES NiH]woӶؤFIoӶػP chroot_local_user }AN]wAаѦ 21.2.6 chroot C

  • userlist_enable=YES (NO)
   O_]U vsftpd EӳBzYǤw諸bAPUӋ]w}F

  • userlist_deny=YES (NO)
   S userlist_enable=YES ɤ~|ͮĪ]wAY]wȬ YES ɡAhSϥΪ̱bQCJYɮ׮ɡA bMɮפϥΪ̱NLknJ vsftpd AIMɮɦWPUC]wئ}C

  • userlist_file=/etc/vsftpd/user_list
   YW userlist_deny=YES ɡAhoɮ״NγBFIboɮפbLkϥ vsftpd I


  • ΦW̵nJ]w
  • anonymous_enable=YES (NO)
   ]w\ anonymous nJڭ̪ vsftpd DEIw]O YES AUҦ}]wݭnNoӳ]w anonymous_enable=YES ~|ͮġI

  • anon_world_readable_only=YES (NO)
   Ȥ\ anonymous 㦳UiŪɮתvAw]O YESC

  • anon_other_write_enable=YES (NO)
   O_\ anonymous 㦳FgJ~vH]ARPgAWɮפɦWvCw]SMO NOIpGn]w YESA} anonymous gJؿݭnվvA vsftpd PID ֦̥iHgJ~I

  • anon_mkdir_write_enable=YES (NO)
   O_ anonymous 㦳إߥؿvHw]ȬO NOIpGn]w YESA anony_other_write_enable ]w YES I

  • anon_upload_enable=YES (NO)
   O_ anonymous 㦳WǸƪ\Aw]O NOApGn]w YES Ah anon_other_write_enable=YES ]wC

  • deny_email_enable=YES (NO)
   NYǯS email address צA anonymous nJIpGH anonymous nJAɡAO|nDKJKXܡHKXOnAKJA email address ܡHpGAܰQY email addressA NiHϥγoӳ]wӱNLnJvIݻPUӳ]wذtXG

  • banned_email_file=/etc/vsftpd/banned_emails
   pG deny_email_enable=YES ɡAiHQγoӳ]wبӳWw email address inJڭ̪ vsftpd IbW]wɮפA@KJ@ email address YiI

  • no_anon_password=YES (NO)
   S]w YES ɡA anonymous N|LKXˇBJAӪ^iJ vsftpd AIҥH@w]O NO I(nJɷ|ˬdKJ emai)

  • anon_max_rate=0
   oӳ]wȫ᭱^Ӌx쬰 bytes/ A anonymous ljKtסApGO 0 h(ѳ̤jWeҭ)ApGAQ anonymous Ȧ 30 KB/s tסAiH]wyanon_max_rate=30000z

  • anon_umask=077
   anonymous WɮתvIpGO 077 h anonymous ǰeLӪɮv|O -rw------- I


  • }tw譱@dz]w
  • ascii_download_enable=YES (NO)
   pG]w YES A client Nu (w]) ϥ ASCII 榡UɮסC

  • ascii_upload_enable=YES (NO)
   PW@ӳ]wAuOoӳ]wwWǦӨIw]O NO

  • one_process_model=YES (NO)
   oӳ]wؤMI@IS]w YES ɡAܨCӫإߪsu|֦@ process btdAiHW[ vsftpd įCLA DAtwAӥBwtQ@A_heӺɨt귽I@ij]w NO TI

  • tcp_wrappers=YES (NO)
   SMڭ̳ߺD䴩 TCP Wrappers TIҥH]w YES aI

  • xferlog_enable=YES (NO)
   S]w YES ɡAϥΪ̤WǻPUɮ׳|Q_ӡCOɮ׻PU@ӳ]wئ}G

  • xferlog_file=/var/log/xferlog
   pGW@ xferlog_enable=YES ܡAo̴NiH]wFIoӬOnɪɦWTI

  • xferlog_std_format=YES (NO)
   O_]w wu ftp ۦPnɮ榡Hw] NO A]nɷ|eŪI LApGAϥ wu ftp nɪRnAo̤~ݭn]w YES

  • dual_log_enable=YES, vsftpd_log_file=/var/log/vsftpd.log
   F /var/log/xferlog wu-ftp 榡nɤ~ARiH㦳 vsftpd WSnɮ榡IpGA FTP AäOܦLA γ\qXӵnɪg (/var/log/{vsftpd.log,xferlog) OhC

  • nopriv_user=nobody
   ڭ̪ vsftpd w]H nobody @@AȰ̪vC] nobody vSCA]YϳQJIAJI̶ȯo nobody vI

  • pam_service_name=vsftpd
   oӬO pam œW١Aڭ̩mb /etc/pam.d/vsftpd YOoөNNI

  WoǬO` vsftpd ]wӋARܦhӋڨSCXӡAAiHϥ man 5 vsftpd.conf d\ILA򥻤WWoǰӋwg^ڭ̳]w vsftpd oC


  pADϥ21.2.4 vsftpd ŰʪҦ

  vsftpd iHϥ stand alone super daemon 覡ӎŰʡAڭ CentOS w]OH stand alone ӎŰʪC ɭRM stand alone Ϊ̬O super daemon OHpGA ftp AOѵӺںӶijqUȡAҦpUjM|ժ FTP AAijAϥ stand alone 覡A AȪtפW|nCpGȬOѵHϥΪ FTP AAϥ super daemon Ӻ޲zYi[C


  • Q CentOS Ѫ script ӎŰ vsftpd (stand alone)

  CentOS Χ@]wN^Ű vsftpd oIOoˎŰʪTG

  [root@www ~]# /etc/init.d/vsftpd start
  [root@www ~]# netstat -tulnp| grep 21
  tcp 0 0 0.0.0.0:21 0.0.0.0:*  LISTEN  11689/vsftpd
  # ݨoAO vsftpd ҎŰʪOI
  


  • ۦ]wH super daemon ӎŰ (nAiA@)

  pGA FTP OܤֳQϥΪAQ super daemon Ӻ޲z@ӦnDNC LYAQnϥ super daemon ޲zܡANonۦק@U]wɤFC]TAARMno˳BzG

  [root@www ~]# vim /etc/vsftpd/vsftpd.conf
  # listen=YES o@Gjb 109 楪kTAñN令G
  listen=NO
  

  ^Uӭק@U super daemon ]wɡAUoɮקAnۦإߪA쥻OsbG

  [root@www ~]# yum install xinetd  <==] xinetd SwU
  [root@www ~]# vim /etc/xinetd.d/vsftpd
  service ftp
  {
      socket_type       = stream
      wait          = no
      user          = root
      server         = /usr/sbin/vsftpd
      log_on_success     += DURATION USERID
      log_on_failure     += USERID
      nice          = 10
      disable         = no
  }
  

  MŰʬݬݩOG

  [root@www ~]# /etc/init.d/vsftpd stop
  [root@www ~]# /etc/init.d/xinetd restart
  [root@www ~]# netstat -tulnp| grep 21
  tcp 0 0 0.0.0.0:21 0.0.0.0:*  LISTEN  32274/xinetd
  

  çaI̎Űʪ覡i@˔[I޲z覡N|tܦhIާAnϥέRŰʪ覡AOn̦PɎŰʡA_h|o͎h~IARMϥ chkconfig --list ˬd@UoRŰʪ覡AM̾ڧAݨDӨMwέ@R覡ŰʡCmU]w|H stand alone o CentOS w]ŰʼҦӳBzAҥHԒN誺ʧ@L^ӳI


  pADϥ21.2.5 CentOS vsftpd w]

  b CentOS w]SAvsftpd OPɶ}ΤPΦWϥΪ̪ACentOS w]ȦpUG

  [root@www ~]# vim /etc/vsftpd/vsftpd.conf
  # 1. PΦW̦}TG
  anonymous_enable=YES    <==䴩ΦW̪nJϥ FTP \
  
  # 2. PΤᦳ}]w
  local_enable=YES      <==䴩aݪΤnJ
  write_enable=YES      <==\ϥΪ̤WǸ (]Aɮ׻Pؿ)
  local_umask=022       <==إ߷sؿ (755) Pɮ (644) v
  
  # 3. PA즳}]w
  dirmessage_enable=YES    <==YؿU .message h|Mɮתe
  xferlog_enable=YES     <==ŰʵnɰOAO /var/log/xferlog
  connect_from_port_20=YES  <==䴩Dʦsu\
  xferlog_std_format=YES   <==䴩 WuFTP nɮ榡
  listen=YES         <==ϥ stand alone 覡Ű vsftpd
  pam_service_name=vsftpd   <==䴩 PAM œ޲z
  userlist_enable=YES     <==䴩 /etc/vsftpd/user_list ɮפbnJޱI
  tcp_wrappers=YES      <==䴩 TCP Wrappers E
  

  WU]wȽЦۦѦ 21.2.3 NaCӳqLo˪]wȫ̪ vsftpd iHFpU\G

  • AiHϥ anonymous oӰΦWbΨLb (/etc/passwd) nJF
  • anonymous aؿb /var/ftp ABLWvAwgQ chroot FF
  • Τ᪺aؿѦ /etc/passwdAèSQ chrootAieviiJؿF
  • /etc/vsftpd/ftpusers sbbLkϥ vsftpd (PAM)F
  • iQ /etc/hosts.{allow|deny} ӧ@䨾F
  • SΤݦW/UTɡAMT|Q /var/log/xferlog F
  • Dʦsuf port 20F
  • ϥήLªvɶ (GMT)C

  ҥHSAŰ vsftpd AAΤN^^Q vsftpd oӪAȨӶljKLۤvƤFC LjDOA] vsftpd w]ϥ GMT ɶA]AbΤݨϥ ftp ns^ FTP AɡA|o{CɮתɶCFKpɤFIuOQ[I ҥHijA[]@ӰӋȡANOy use_localtime=YES zoI

  [root@www ~]# vim /etc/vsftpd/vsftpd.conf
  # boɮS̫@[Jo@yYi
  use_localtime=YES
  
  [root@www ~]# /etc/init.d/vsftpd restart
  [root@www ~]# chkconfig vsftpd on
  

  p@ӧA FTP AiHѰΦWbӤU /var/ftp ơApGϥbӵnJܡA N^iJMϥΪ̪aؿUhFIuO̔xK@ӳ]w[IBϥΥaݮɶOI ^_^

  t~ApGAwpnN FTP } Internet ϥήɡAЪ`Non}񨾤I}󨾤ظmpA ѩoAƬyDʡBQʳsu覡A]ARon[JœCoڭ̦b 21.2.8 p`A[HAϥA̜Oon} FTP sunDNFI


  pADϥ21.2.6 wb]w

  Mb CentOS w]pSΤwgiHϥ FTP AȤFALڭ̥iRݭn@B~\ӭΤC |ҨӻAϥΪ̵Lkm}aؿ (chroot)BUtvBϥΪ̤Wɮ׮ɪv (mask) ΆΡC Uڭ̥CX@ǧƱF쪺\AMA~iB~\઺BzG

  • ƱϥΥxWaɶN GMT ɶF
  • ϥΪ̵nJܤ@wTTF
  • tbinJDE (Y UID p 500 HUb)F
  • @ΤiHiWǡBUBإߥؿέקɮ׆ΰʧ@F
  • ϥΪ̷sWɮסBؿ umask Ʊ]w 002F
  • LDE]wȫOdw]YiC

  AiHۦBz vsftpd.conf oɮסAHUhO@ӽdҡC`NApGA vsftpd.conf S}]wȡA ЦۦɤWaIOKIڭ̶}l@B@BӨ̧dzBzG

  1. إߥD]w vsftpd.confAoӳ]wɤwg]tFDn]wȡG
   [root@www ~]# vim /etc/vsftpd/vsftpd.conf
   # 1. PΦW̬}TAboӮרҤNΦWnJG
   anonymous_enable=NO
   
   # 2. PΤ}TGigJAB umask 002 I
   local_enable=YES
   write_enable=YES
   local_umask=002
   userlist_enable=YES
   userlist_deny=YES
   userlist_file=/etc/vsftpd/user_list <==oɮץsbIRnAw]ɮסI
   
   # 3. PA즳}]w
   use_localtime=YES
   dirmessage_enable=YES
   xferlog_enable=YES
   connect_from_port_20=YES
   xferlog_std_format=YES
   listen=YES
   pam_service_name=vsftpd
   tcp_wrappers=YES
   banner_file=/etc/vsftpd/welcome.txt <==oɮץsbIݤʫإߡI
   
   [root@www ~]# /etc/init.d/xinetd restart <== super dameon
   [root@www ~]# /etc/init.d/vsftpd restart
   

  2. إwTG

   Sڭ̷QnJ̥id\̨t޲zҤUFyizƶɡAiHϥγoӳ]wINO banner_file=/etc/vsftpd/welcome.txt oӰӋγ~FIڭ̥iHsoɮקYiC nFA}lӫإweaI
   [root@www ~]# vim /etc/vsftpd/welcome.txt
   w{pA FTP }AȡI
   DnAȬOw糧EΤᴣѪA
   YDAлPmpI
   

  3. إ߭tbnJɮ

   AӬOwtbӵתEAɮTA@ӬO PAM œުA@ӬO vsftpd DʴѪA bw]pUoɮפOOG

   • /etc/vsftpd/ftpusersGNO /etc/pam.d/vsftpd oɮת]wҼvTF
   • /etc/vsftpd/user_listG vsftpd.conf userlist_file ҳ]wC

   oɮתeO@˪åBoɮץnsb~CЧAѦҧA /etc/passwd ]wɡA MN UID p 500 bWٵLPɼgoɮפaI@@ӱbI
   [root@www ~]# vim /etc/vsftpd/user_list
   root
   bin
   ....(Uٲ)....
   

  4. GG

   AiHϥιϧΤ FTP ΤݳnӳBzA]iHzL Linux Ѫ ftp Τݥ\I } ftp Oڭ̤wgbĤ͹LFAAiHۦeѦҡCo̪^@UaG
   # ϥΤwϥΪ̵nJAҦp dmtsai oΤG
   [root@www ~]# ftp localhost
   Trying 127.0.0.1...
   Connected to localhost (127.0.0.1).
   220-w{pA FTP }AȡI  <==إߪwT
   220-DnAȬOw糧EΤᴣѪA
   220-YDAлPmpI
   220
   Name (localhost:root): student
   331 Please specify the password.
   Password: <==KJKXobo̡I
   500 OOPS: cannot change directory:/home/student <==nJѪ]I
   Login failed.
   ftp> bye
   221 Goodbye.
   
   ѩw]@ΤLknJ FTP I] SELinux DTIаѦҤUӤp`覡ӳBzC MHW覡ܫAAiHbnJ̱bBOg (1)root (2)anonymous ӹnJݬݡI pGnJܡANO]w OK TI(root nJO] PAM œH user_list ]wȪ}YA ӰΦWLknJAO]ڭ vsftpd.conf YNO]wΰΦWnJI)

  WO̔xb}]wCpGARQnϥΪ̮aؿ chroot ΨLptθơANonݬݩUS]woC


  • b SELinux ijD

  bw]pUACentOS FTP O\bnJoaؿƪAoO] SELinux DTI pGAb誺 ftp localhost BJAb bye m} FTP eUFLy dir zܡAA|o{Sƶ]Xӡ oäOAhFAӬO SELinux ӹltGCp󶒨MOHo˳BzYiG

  [root@www ~]# getsebool -a | grep ftp
  allow_ftpd_anon_write --> off
  allow_ftpd_full_access --> off
  allow_ftpd_use_cifs --> off
  allow_ftpd_use_nfs --> off
  ftp_home_dir --> off      <==NOoNIn]w on ~I
  ....(Uٲ)....
  
  [root@www ~]# setsebool -P ftp_home_dir=1
  

  o˴NdwoIpGRLio͎h~]A]Aɮ׸ƨϥ mv ӫDϥ cp fP SELinux ɮLk~ӭ즳ؿɡANЦۦd\ /var/log/messages eaIq` SELinux SoBzTI^_^


  • ϥΪ (]AӷsWΤ) i chroot

  bm^IJ@ FTP ϥ줤AjhӋOn}񵹼tγsuӨϥΪAۤvHϥΪE|M]A LϥΪӋqq`֤@ǡCҥHoAm{bOijw]ΤqqQ chrootA Ӥ\ chroot b~ݭnB~]wCo˪nBOAsتbpGѰOi chrootAϥ쥻NO chrootA ξߦpGMbO}tήM쪺DC

  {b]ڨṱȦ vbird P dmtsai ӱbnQ chrootALp student, smb1... αbqqw]O chroot TA]AӷsWb]w] chrootIMp]wH̔xATӳ]wȥ[W@B~]wɴNdwFIBJpUG

  # 1. ק vsftpd.conf ӋȡG
  [root@www ~]# vim /etc/vsftpd/vsftpd.conf
  # W[O_]wwYǨϥΪ̨ chroot }]wI
  chroot_local_user=YES
  chroot_list_enable=YES
  chroot_list_file=/etc/vsftpd/chroot_list
  
  # 2. إߤQ chroot ϥΪ̱bCAYϨSbAɮפ]OnsbI
  [root@www ~]# vim /etc/vsftpd/chroot_list
  vbird
  dmtsai
  
  [root@www ~]# /etc/init.d/vsftpd restart
  

  p@ӡAF dmtsai P vbird ~Li FTP b̡Aqq|Q chroot bL̪aؿUA o˹tnTI^UӡAЧAۤvOϥΦPSQ chroot bӳsuݬݡC


  • Τ᪺`Uyq (We)

  AiƱWeQϥΪ̤W/UүӺɡAӼvȚAL`AȧaHҥHϥΪ̪ljKWeɤ]OݭnI ]yڭnҦϥΪ̪`ljKWe̤jiF 1 MBytes/ zɡAAiHo˰YiG

  [root@www ~]# vim /etc/vsftpd/vsftpd.conf
  # W[Uo@ӰӋYiG
  local_max_rate=1000000 <==OAxO bytes/second
  
  [root@www ~]# /etc/init.d/vsftpd restart
  

  WzxO Bytes/AҥHAiH̾ڧAۤvӭAWeIo˴NLnoI^eaI [H̔xAΥE̷ǡIAiH dd X@ 10MB ɮשb student aؿUAM root UF ftp localhostAÉKJ student bKA^UӵL get oӷsɮסAN^b̜檾DUtTI


  • ̤jPɤWuHӋPP@ IP FTP suӋ

  pGA̤jϥWeܡAAiRݭn̤juWHӋ~I|ҨӻAAƱ̦hu 10 ӤHPɨϥΧA FTP ܡAåBC IP ӷ̦huإߤ@ FTP suɡAAiHo˰G

  [root@www ~]# vim /etc/vsftpd/vsftpd.conf
  # W[UoӰӋG
  max_clients=10
  max_per_ip=1
  
  [root@www ~]# /etc/init.d/vsftpd restart
  

  o˴NdwFIA FTP |HwoI


  • إY檺iϥ FTP bC

  bw]SAڭ̬ONy\ϥ FTP bgJ /etc/vsftpd/user_list ɮסzAҥHSgJ /etc/vsftpd/user_list SϥΪ̴N^ϥ FTP FIp@ӡAӷsWϥΪ̹w]^ϥ FTP AȡC pGӨרӫҡAYڷQuYǤHiHϥ FTP ӤwAYOsWϥΪ̹w]iϥ FTP oӪAܨRMp@OHAݭnק]wɦoˡG

  [root@www ~]# vim /etc/vsftpd/vsftpd.conf
  # oXӰӋnק令oˡG
  userlist_enable=YES
  userlist_deny=NO
  userlist_file=/etc/vsftpd/user_list
  
  [root@www ~]# /etc/init.d/vsftpd restart
  

  hɡygJ /etc/vsftpd/user_list ܦiHϥ FTP bzFI ҥHӷsWϥΪ̦pGn^ϥ FTP ܡANngJ /etc/vsftpd/user_list ~I ϥγoEЯSOpߡA_hedV

  zLoX̔x]wȡA۫H vsftpd wgiHŦXjXk FTP ݨDoI hNΪkhаѦ man 5 vsftpd.conf aI

  DG
  ]A]YǯSݨDAҥHn} root ϥ FTP ljKɮסAARMnpBzH
  G
  ѩtbLkϥ FTP O] PAM œP vsftpd إ\ҭPAYO /etc/vsftpd/ftpusers /etc/vsftpd/user_list oɮתvTCҥHAuniJoɮסAåBN root @A root NiHϥ vsftpdo FTP AȤFC LAijp@I


  pADϥ21.2.7 ȦΦWnJ}]w

  MAiHPɶ}ΤPΦWΤALijAAARO̾ڻݨDAwx@Rӳ]waI Uڭ̱NwΦWΤӳ]wAB}ΤC@ӻAoR]wOjM|ժ FTP AӨϥΪI

  • ϥΥxWaɶAӫD GMT ɶF
  • wTAiѤUTF
  • ȶ} anonymous nJABݭnKJKXF
  • ɮ׶ljKt 1 Mbytes/secondF
  • Ƴs^L{ (OROqDI) unWL 60 S^RANj Client _uI
  • un anonymous WLQSʧ@ANH_uF
  • ̤jPɤWuHӋ 50 HABP@ IP ӷ̤jsuӋq 5 HF


  • w] FTP ΦW̪ڥؿҦbG ftp baؿ

  OKIp]wOHڭ̥nDOΦWϥΪ̪ؿb̡H WΦW̹w]nJڥؿOH ftp oӨϥΪ̪aؿDAҥHAiHϥΡy finger ftp zӬd\C ̪ CentOS w]ΦW̮ڥؿb /var/ftp/ CBΦWnJ̦bϥ FTP AȮɡALw]iHϥΡy ftp z oӨϥΪ̨vAuOQ chroot /var/ftp/ ؿNOFC

  ]ΦW̥u|b /var/ftp/ SsAҥHANnѵϥΪ̤UƳqqm /var/ftp/ hC ]AwgmF linux }ؿH gnu }nMؿFAڭ̥iHo˰Ӱ]G

  [root@www ~]# mkdir /var/ftp/linux
  [root@www ~]# mkdir /var/ftp/gnu
  

  MN vsftpd.conf ƲMšAso˳BzLaG

  1. إ vsftpd.conf ]w
   [root@www ~]# vim /etc/vsftpd/vsftpd.conf
   # Noɮתe令oˡG
   # 1. PΦW̬}TG
   anonymous_enable=YES
   no_anon_password=YES    <==ΦWnJɡAt|ˇKX (q`Oemail)
   anon_max_rate=1000000    <==̤jWeϥά 1MB/s k
   data_connection_timeout=60 <==Ƭysu timeout 60 
   idle_session_timeout=600  <==YΦW̵obWL 10 N_u
   max_clients=50       <==̤jsuPC IP iγsu
   max_per_ip=5
   
   # 2. PΤ}TAרҤ}LpI
   local_enable=NO
   
   # 3. PA즳}]w
   use_localtime=YES
   dirmessage_enable=YES
   xferlog_enable=YES
   connect_from_port_20=YES
   xferlog_std_format=YES
   listen=YES
   pam_service_name=vsftpd
   tcp_wrappers=YES
   banner_file=/etc/vsftpd/anon_welcome.txt <==ɦWI
   
   [root@www ~]# /etc/init.d/vsftpd restart
   

  2. إwePUܰT

   U˷R[B͡In`NboӮרSAڭ̱NwT]wb /etc/vsftpd/anon_welcome.txt oɮפA ܩoɮתeAiHo˼g (oɮפ@wnsbI_h|yΤݵLksu\I)G
   [root@www ~]# vim /etc/vsftpd/anon_welcome.txt
   w{ҴѪ FTP AȡI
   Dn Linux @~t}ɮץH GNU ۥѳnI
   DлPpIՏՏjaI
   DnؿG
   
   linux  Linux @~t}n
   gnu   GNU ۥѳn
   uploads ѰΦWzWǸ
   
   ݨoIDngƳOw@ǤiƶNOFI

  3. ΤݪGKXPwTOII

   P˪Aڭ̨ϥ ftp oӳnӵL@UaI
   [root@www ~]# ftp localhost
   Connected to localhost (127.0.0.1).
   220-w{ҴѪ FTP AȡI  <==UoX椤NOwPܰTI
   220-Dn Linux @~t}ɮץH GNU ۥѳnI
   220-DлPpIՏՏjaI
   220-DnؿG
   220-
   220-linux  Linux @~t}n
   220-gnu   GNU ۥѳn
   220-uploads ѰΦWzWǸ
   220
   Name (localhost:root): anonymous <==ΦWbW٬OnII
   230 Login successful.        <==SKJKXYinJOI
   Remote system type is UNIX.
   Using binary mode to transfer files.
   ftp> dir
   227 Entering Passive Mode (127,0,0,1,196,17).
   150 Here comes the directory listing.
   drwxr-xr-x  2 0    0      4096 Aug 08 16:37 gnu
   -rw-r--r--  1 0    0       17 Aug 08 14:18 index.html
   drwxr-xr-x  2 0    0      4096 Aug 08 16:37 linux
   drwxr-xr-x  2 0    0      4096 Jun 25 17:44 pub
   226 Directory send OK.
   ftp> bye
   221 Goodbye.
   
   ݨ_HoiNݭnKJKXFA]OΦWnJIӥBApGAHLbӹnJɡA vsftpd |ߨ^Rȶ}ΦWTI(530 This FTP server is anonymous only.)


  • ΦW̥iW/Uۤv (v}̤j)

  bWCSAڤWΦWϥΪ̶ȥiiUʧ@ӤwCpGARQΦW̥iHWɮשΪ̬OإߥؿܡA ARݭnB~W[@dz]w~G

  [root@www ~]# vim /etc/vsftpd/vsftpd.conf
  # sWUoX[I
  write_enable=YES
  anon_other_write_enable=YES
  anon_mkdir_write_enable=YES
  anon_upload_enable=YES
  
  [root@www ~]# /etc/init.d/vsftpd restart
  

  pGA]wW|ӋAh|\ΦW֦̾㪺إߡBRBקɮ׻PؿvC LAڭnͮRݭn Linux ɮרtvT~I ڭ̪DΦW̨oO ftp AҥHpGQΦW̤WǸƨ /var/ftp/uploads/ Ahݭno˰G

  [root@www ~]# mkdir /var/ftp/uploads
  [root@www ~]# chown ftp /var/ftp/uploads
  

  MAHΦW̨nJAN|o{ΦW̪ڥؿhF@ /upload ؿsbFAåBAiHbMؿWɮ/ؿI p@Өtvj}IܭnRIҥHAХJNnAWǥؿ~I

  LAbڴSAoo{ROSkWǩOI^Ɣ[HpGAhݤ@U /var/log/messages ܡAN|o{TI SO SELinux oåOIHNzLy sealert -l ... zb /var/log/messages ̭[Ԏ쪺OihA ߨNDMTIM״NO SELinux ΦW FTP WhpUG

  [root@www ~]# setsebool -P allow_ftpd_anon_write=1
  [root@www ~]# setsebool -P allow_ftpd_full_access=1
  

  MAA@U anonymous nJA /uploads hWǭɮקaIN|Dणন\I


  • ΦW̶Ȩ㦳WvAiUΦW̤WǪF

  @ӻAϥΪ̤WǪƦb޲z|d\LO_XGvά}ƩyeAORMLHUI Mӫe@p`]wSAϥΪ̤WǪƬOiHQLHsPUIp@bOܦMIIҥHpGAn]w /var/ftp/uploads/ zLΦW̤WǪƤAȯWǤQUɡAQWǪƪvNonק@U~I бNe@p`ҳ]w|ӰӋ̔ƦG

  [root@www ~]# vim /etc/vsftpd/vsftpd.conf
  # NoX浹L@IOon anon_other_write_enable=YES
  write_enable=YES
  anon_mkdir_write_enable=YES
  anon_upload_enable=YES
  chown_uploads=YES    <==sW]wȦbI
  chown_username=daemon
  
  [root@www ~]# /etc/init.d/vsftpd restart
  

  SMTA /var/ftp/uploads/ ROݭniHQ ftp oӨϥΪ̼gJ~Ip@ӳQWǪɮױN|Qקɮ׾֦̦ daemon oӨϥΪ̡A ftp (ΦW̨o) OLkŪ daemon ƪAҥH]NLkQUoI ^_^

  DG
  bWz]wAڹH anonymous nJåBWǤ@Ӥjɮר /uploads/ ؿUCѩDAoɮ׶Ǩ@bN_uC UbڭsWǮɡAoioɮ׵LkgIMpOnH
  G
  |LkgOH]oɮצbAmuAɮת̴֦NQאּ daemon FI]oɮפݩ ftp oӥΤFA ]ڭ̵Lki枴gΧRʧ@CɡAAu糧aɮתɦWAWǡAsqY@WoI


  • Qʦsuf

  FTP suDʦPQʦADʦsunBzA]OzLA port 20 ~DʳsuA ҥHBz̔xCQʦsuNꐷС]w] FTP A|HEXӨSbϥSfӫإ߳QʦsuA]wNꐷTI

  S}YAڭ̥iHzLwXөTwd򤺪fӧ@ FTP QʦƳs^ΧYiA o˧ڭ̴N^wD FTP ƳsfTI|ҨӻAڭ̰]Qʦs^f 65400 65410 oXӰfɡAiHo˳]wG

  [root@www ~]# vim /etc/vsftpd/vsftpd.conf
  # W[UoXYi[I
  pasv_min_port=65400
  pasv_max_port=65410
  
  [root@www ~]# /etc/init.d/vsftpd restart
  

  ΦWϥΪ̪]wjPWo˴NŦXAݨDoIL]wNۤvݵۿaI ^_^


  pADϥ21.2.8 ]w

  ]wHNĤḘ script XӭקYi[ILApPeͨ쪺AFTP ϥΨӰfA[W`HEťΪƬyfAHγQʦsuAfΡA ҥHAAioniG

  • [J iptables ip_nat_ftp, ip_conntrack_ftp Ӽœ
  • } port 21 ںϥ
  • }e@p`쪺 port 65400~65410 f Internet su

  nק諸a褣֡ANڭ̨Ӥ@B@}LaI

  # 1. [JœGM iptables.rule w[JœALtɮROק@UnFG
  [root@www ~]# vim /etc/sysconfig/iptables-config
  IPTABLES_MODULES="ip_nat_ftp ip_conntrack_ftp"
  # [JœYiIӼœťgj}IM᭫sŰ iptables AoI
  
  [root@www ~]# /etc/init.d/iptables restart
  
  # 2. ק iptables.rule }pUG
  [root@www ~]# vim /usr/local/virus/iptables/iptables.rule
  iptables -A INPUT -p TCP -i $EXTIF --dport 21 --sport 1024:65534 -j ACCEPT
  # Wo@AñNeYiIåBsWUo@I
  iptables -A INPUT -p TCP -i $EXTIF --dport 65400:65410 --sport 1024:65534 -j ACCEPT
  
  [root@www ~]# /usr/local/virus/iptables/iptables.rule
  

  o˴NnFIPɭUDʦPQʦsuIåB[Jһݭn FTP œoI


  pADϥ21.2.9 `DPMD

  UXӱ`DPMDaI

  • pGb Client ݤWo{Lksu\AˬdG
   1. iptables WhSAO_}F client ݪ port 21 nJH
   2. b /etc/hosts.deny SAO_N client nJvצFH
   3. b /etc/xinetd.d/vsftpd SAO_]wh~AfP client nJvQFH

  • pG Client wgsW vsftpd AAOoܡy XXX file can't be opend zrˡAˬdG
   1. ̥Dn]RObb vsftpd.conf S]wFˬdYɮסAOAoSNMɮ׳]w_ӡA ҥHAˬd vsftpd.conf ̭Ҧ]wɮɦWAϥ touch oӫONMɮ׫إ߰_ӧYiI

  • pG Client wgsW vsftpd AAoLkϥάYӱbnJAˬdG
   1. b vsftpd.conf ̭O_]wFϥ pam œˇbAHΧQ userlist_file Ӻ޲zbH
   2. ˬd /etc/vsftpd/ftpusers H /etc/vsftpd/user_list ɮפO_NMbgJFH

  • pG Client LkWɮסAMpOnH
   1. ̥ioͪ]NOb vsftpd.conf ̭ѰO[Woӳ]wywrite_enable=YESzoӳ]wAХ[JF
   2. O_ҭnWǪؿyvzAХH chmod chown ӭ׭qF
   3. O_ anonymous ]w̭ѰO[WFUTӰӋG
    • anon_other_write_enable=YES
    • anon_mkdir_write_enable=YES
    • anon_upload_enable=YES
   4. O_]]wF email EASN email address gJMɮפFIHˬdI
   5. O_]wF\ ASCII 榡ǰeA Client ݫoH ASCII ǰeOHЦb client ݥH binary 榡ӶǰeɮסI
   6. ˬd@U /var/log/messages AO_Q SELinux ҩצFOH

  WOZ`o{h~ApGROLkMADAЧAȥR@UoɮסG/var/log/vsftpd.log P /var/log/messages A̭ShnơAiHѵAi氣hIL /var/log/vsftpd.log ow]|X{I u /var/log/xferlog ӤwCpGAQn[J /var/log/vsftpd.log 䴩AiHo˰G

  [root@www ~]# vim /etc/vsftpd/vsftpd.conf
  dual_log_enable=YES
  vsftpd_log_file=/var/log/vsftpd.log
  # [Joӳ]wȧYiI
  
  [root@www ~]# /etc/init.d/vsftpd restart
  

  o˥ӦssuΪ̬Oh~ɡAN|B~g@ /var/log/vsftpd.log hI


  jADϥ21.3 ΤݪϧΤ FTP sun

  ΤݪsunDnr ftp lftp oOANϥΤ覡аѦĤر`κOCܩ Linux UϧΤnAiHѦ gftp o{IϧΤTI̔x[I Windows US۹R FTP ΤݳnH


  pADϥ21.3.1 Filezilla

  WznOۥѳn[A Windows @~tSۥѳn[HAAiHϥ filezilla oӦnFIoӪN઺NPUIiHbUsG

  ثe (2011/06) ̷sTwO 3.5.x AҥHUmNHoӪӸjaCn Filezilla OHFLOۥѳn餧~Aoå볺MiHs SSH sftp OIuOܤh@ӳå[I^_^It~n`NOAUmOH Windows ӻAnӦb X window WwUI^_^ (ФU Filezilla client O server I)

  ]oӵ{O Windows wUΪAҥHwUL{NO...(U@B)^n NnFIåBoӵ{䴩hytA ҥHAiHc餤OIbOܴΡIwUܤAЧALAN|X{pUeFG

  Filezilla ާ@ܷN
  21.3-1BFilezilla ާ@ܷN

  WϪ Ĥ@BG줭ϪeҥNƬOG

  1. Ĥ@ϡGN FTP AKXTAҦpwTθTF
  2. ĤGϡGNEɮרtؿAPĤTϦ}F
  3. ĤTϡGNĤGϩҿܪϺФeF
  4. ĥ|ϡGNh FTP AؿPɮסF
  5. ĤϡGNljKɪCT (Ϋݶǰe)

  ӥt~Ϥ a, b, c hNOG

  1. x޲zAAiHN@DZ`Ϊ FTP A IP PϥΪ̸TObF
  2. sApGAƦsAiϥγoӫsӦPB filezilla ݁ܡF
  3. DE}BϥΪ̡BKXPs^o|ӪNiHYɳsuAOTC

  nA^Uӧڭ̳s^ FTP AWhAҥHAiU 21.3-1 a A|X{pUeG

  Filezilla FTP x޲zϥΥܷN
  21.3-2BFilezilla FTP x޲zϥΥܷN

  WϪbYP}eOo˪G

  1. UysWxzsAMbbY 2 aN|X{iKJW٪ءF
  2. bMSHKg@ӧAeOWrAunPuI}sYiF
  3. ^UӬݨk䦳@]wAb@]w̭XӶثܭnG
   • DEGboӤؤgDE IPAs^pGOAǪ port 21 ~gLfC
   • wGDn (1)FTP (2)SFTP (SSHD Ҵ)Aڭ̳o̿ FTP
   • [KGO_[KAswAFTP iH[W TLS FTPS Iw]X
   • nJG]ݭnbKXAܡy@zYiAMᩳUNOKJϥΪ̡BbYiC

  򥻤Wo˳]wN^sWDEFALApGARQnNWdƳs^覡 (DʦPQʦ) HΨLƮɡA iHUyljK]wzsAN|X{pUeFG

  Filezilla x޲zljK]w
  21.3-3BFilezilla x޲zljK]w

  boӵeSAiHܬO_ϥγQʦljKEARiHվ̤jsuӋOInۧڭOH ] Filezilla |DʪƫإߦhsuӧֳtUApG vsftpd.conf max_per_ip ܡA YǤU|QʎI]AoӮɭԦb]w 1 N㪺ܭnHɥu@suإߡAN|ƵnJDI ̫ЫU 21.3-2 eysuzaI

  Filezilla su\ܷN
  21.3-4BFilezilla su\ܷN

  hΪkNЧAۦsoI


  pADϥ21.3.2 zLso FTP su

  ڭ̦b ĤGQ WWW ASg͹LsҤ䴩wA䤤@ӴNO ftp oӨwoIoӨwBz覡iHb}CaoˉKJG

  • ftp://username@your_ip

  nOoApGASKJ username@ rˮɡAtw]|HΦWnJӳBzosuC]pGAQnϥΤsuɡA Nbb IP ΥDEW٤egAbC|ҨӻAm FTP A (192.168.100.254) Y dmtsai oӨϥΪ̡A ڎŰsAiHo˰G

  • ftp://dmtsai@192.168.100.254

  MbX{ܵSKJ dmtsai KXAN^ϥsӺ޲zڦb FTP AɮרtoIO_ܮe[ ƦܡAAsKXQngW}CANF`TI

  • ftp://dmtsai:yourpassword@192.168.100.254

  jADϥ21.4 vsftpd W[ SSL [K\

  JM http https FAϥΩXljK ftp S[K ftps OHKKInITJM openssl oӥ[K禡wA ڭSM^ϥEӳBz FTP oIeUOA vsftpd 䴩 SSL 禡w~I~Aڭ̤]nإ SSL ɵ vsftpd ϥΡAoˤ~^i[KIAGI^UӡANڭ̤@B@Bi ftps AظmaI


  • 1. ˬd vsftpd L䴩 ssl œG

  pGA vsftpd SsɭԨS䴩 SSL œAANounۤvss@ vsftpd nFIڭ̪ CentOS 䴩ܡH Ԓ@@G

  [root@www ~]# ldd $(which vsftpd) | grep ssl
      libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f0587879000)
  

  pGX{ libssl.so rˡANO䴩Ioˤ~^~U@BI


  • 2. إ߱M vsftpd ϥΪҸơG

  CentOS ڭ̤@ӫإ߾ҪaANO /etc/pki/tls/certs/ oӥؿINڭ̦b 20.5.2 ̭͹LAҥHo̥u򰵡G

  [root@www ~]# cd /etc/pki/tls/certs
  [root@www certs]# make vsftpd.pem
  ----- ....(eٲ)....
  Country Name (2 letter code) [XX]:TW
  State or Province Name (full name) []:Taiwan
  Locality Name (eg, city) [Default City]:Tainan
  Organization Name (eg, company) [Default Company Ltd]:KSU
  Organizational Unit Name (eg, section) []:DIC
  Common Name (eg, your name or your server's hostname) []:www.centos.vbird
  Email Address []:root@www.centos.vbird
  
  [root@www certs]# cp -a vsftpd.pem /etc/vsftpd/
  [root@www certs]# ll /etc/vsftpd/vsftpd.pem
  -rw-------. 1 root root 3116 2011-08-08 16:52 /etc/vsftpd/vsftpd.pem
  # n`N@UvI
  

  • 3. ק vsftpd.conf ]wɡAwBΦWbG

  be 21.2 ̭jhOx°ΦWxbAo̧ڭ̱NbzL SSL suAΦW̨ϥΩXljKI ̦PɴѵΤݨϥTIFTP ]wإDnOoˡG

  • bnJAbiWǸơAB umask 002
  • bw] chroot pABbiWe 1Mbytes/second
  • bnJPƶljKݳzL SSL [K\ǰeF
  • ѰΦWnJAΦW̶ȯUAWǡABϥΩXljK (zL SSL)

  ɡA骺]wȷ|I^oˡG

  [root@www ~]# vim /etc/vsftpd/vsftpd.conf
  # b@]wءG
  local_enable=YES
  write_enable=YES
  local_umask=002
  chroot_local_user=YES
  chroot_list_enable=YES
  chroot_list_file=/etc/vsftpd/chroot_list
  local_max_rate=10000000
  
  # ΦW̪@]wG
  anonymous_enable=YES
  no_anon_password=YES
  anon_max_rate=1000000
  data_connection_timeout=60
  idle_session_timeout=600
  
  # w SSL ҥ[JSOӋICӶسܭnI
  ssl_enable=YES       <==Ű SSL 䴩
  allow_anon_ssl=NO      <==O\ΦW̨ϥ SSL I
  force_local_data_ssl=YES  <==jΤƶljK[K
  force_local_logins_ssl=YES <==PWAsnJɪbK][K
  ssl_tlsv1=YES        <==䴩 TLS 覡YiAUΎŰ
  ssl_sslv2=NO
  ssl_sslv3=NO
  rsa_cert_file=/etc/vsftpd/vsftpd.pem <==w] RSA [KɮשҦb
  
  # @At]wءG
  max_clients=50
  max_per_ip=5
  use_localtime=YES
  dirmessage_enable=YES
  xferlog_enable=YES
  connect_from_port_20=YES
  xferlog_std_format=YES
  listen=YES
  pam_service_name=vsftpd
  tcp_wrappers=YES
  banner_file=/etc/vsftpd/welcome.txt
  dual_log_enable=YES
  vsftpd_log_file=/var/log/vsftpd.log
  pasv_min_port=65400
  pasv_max_port=65410
  
  [root@www ~]# /etc/init.d/vsftpd restart
  

  • 4. suݬݡIϥ Filezilla suG

  ^Uӧڭ̧Q filezilla ӻ@UApzL SSL/TLS \Ӷisu[KC̔xAunbx޲zaܡG

  zL Filezilla su SSL/TLS 䴩 FTP 覡
  21.4-1BzL Filezilla su SSL/TLS 䴩 FTP 覡

  pWϩҥܡAIbbYҫaAݭnzL TLS [K覡~IMAmϥ student oӤ@bnJtA suɭԡARM|X{pUϥܤ~G

  O_^ҩOH
  21.4-2BzL Filezilla O_^ҩOH

  pG@SDAAiHIWϨӡy`OHzءAp@ӡAӳsuoӦaN|AnAT{TI ̔xMF FTP su[KDoI^_^

  DG
  Q@QAJMF SFTP iHi[K FTP ljKAݭn ftps OH
  G
  ]JMn} SFTP ܡANonPɩ sshd YO ssh suAp@ӡAA port 22 ܥi|``QYO openssl, openssh XDAȧAtN|Qj[CpGA FTP unsbAzL ftps HΧQ vsftpd oӸwAnӬ[]A zAWAOn sftp Ӫwǡܤֹ Internet ftps R|\oܥi...


  jADϥ21.5 I^U
  • FTP Oɮ׶ljKw (File Transfer Protocol) ̔gADn\OiAPΤݪɮ׺޲zBljKΨƶF
  • FTP AnD`hAҦp Wu FTP, Proftpd, vsftpd ΆΡAUR FTP An骺oizäۦPA ҥHܮɽШ̷ӧAݨDӨMwһݭnnF
  • FTP ϥΪOXljKAӹLh@ FTP An]Qo{w|}A]]weнTwMnwO̷sAקKwijDl͡F
  • ѩ FTP OXljKAiHϥ SSH Ѫ sftp ӨN FTP F
  • jhӋ FTP An鳣 chroot \ANΤ᭭bLaؿF
  • FTP o daemon Ҷ}ŪWf 20 P 21 A䤤 21 ROqDA 20 DʳsuƶljKqDF
  • FTP ƶljK覡DnDʻPQ(Passive, PASV)ApGODʪܡAh ftp-data bAݥDʥH port 20 s^ΤݡA_hݶ}QʦofΫݥΤݨӳs^F
  • b NAT DEΤ FTP nsuɥioͧxZAoiHzL iptables nat œΧQγQʦsuӧJAF
  • @ӻA FTP W@TӸsœAOOΤBXȻPΦWnJ(real, guest, anonymous)F
  • iH]ѭק /etc/passwd ̭ Shell AϥΪ̶ȯϥ FTP ӵLknJDEF
  • FTP OBPϥΪ̬ʩҳynɬOmb /var/log/xferlog ̭F
  • vsftpd M`bwijDWӵoi@M FTP AnAL]wɦb /etc/vsftpd/vsftpd.conf

  jADϥ21.6 زD
  • FTP bإ߳suHθƶljKɡA|إ߭dzsuH
   ݫإߨRsuAOOROqDPƶljKqDCbDʦsuW port 21(ftp) P port 20(ftp-data)C
  • FTP DʦPQʦsu󤣦PH
   DʦsuɭԡAROsuO client ݥDʳs^AݡAO ftp-data hOѦAݥDʪsu client ݡCܩQʦsuɭԡAhA command RO ftp-data suAAݳOoȤݪnDI
  • ǰʧ@iHA FTP DE󬰦w (secure) H
   • HɧsAn̷sF
   • guest P anonymous aؿbTwؿ(chroot άO restricted)F
   • ʎ root nJΪ̨LtbnJF
   • ʎj upload 欰I
  • ڭ̪D ftp |ťΨ ports Aаݳo port b̳Wd (H vsftpd )HӥBA@륿W port OXH
   Y stand alone ɡAO vsftpd.conf WdAROqD listen_port=21 WdAƳs^ connect_from_port_20=YES pasv_max_port=0, pasv_max_port=0 ҳWdC
   YO super daemon Һ޲zɡAROqDh /etc/services ҳWdFC
  • XɮץiHΨө root oRtbnJ FTPH
   /etc/vsftpd/ftpusers
   /etc/vsftpd/user_list
  • b FTP server P client ݶiƶljKɡARҦHoRҦvTƪljKܭnH
   ƪljK ASCII P Binary R覡Abi ascii ǰe覡ɡAQǰeɮױN|HrҦӶiǰe欰A ]Aɮתݩʷ|QקLAiyɳ̫oLkΪDI@ӻAASCII q`ȥΦbrɮ׻P@ǭlXɮתǰeC
  • ڪDEɰϳ]wSDAnJ vsftpd o FTP AȮɡAɶNO֤KpɡHMp󶒨MH
   ֩wOɰϤ譱XFDARMNO vsftpd.conf ̭֤Fy use_localtime=YES zoӰӋFC

  jADϥ21.7 ѦҸƻP\Ū

  2003/09/03G
  2003/09/04G[J FTP An骺ܫij
  2006/12/19GNHزʨBAýЦۦѦ wu-ftp, proftpd ΪAȡI
  2006/12/20GNbUB FTP hܡA]sohG
  2011/05/28GNH CentOS 4.x زʨB
  2011/06/04G[JF ftps SSL su[KEI
  2011/08/08GN CentOS 5.x ʨ B

  2003/09/03HӅpHӋ
  pӋ
  @
  @ @ @
  | cD | ̔D | g | A | ~R | ୱR | w޲z | QAO | Ŏ | y`~ | m | Xs |
  Valid XHTML 1.0 Transitional Valid CSS!
  DnH firefox tXR 1024x768 @]p̾
  http://www.okfdzs1903.com is designed by VBird during 2001-2011. ksu.edu
  ƱӮ 3nd| r7e| lyd| au7| srl| t7i| cnd| 7kp| jqq| iv5| pwf| g5o| elb| 6pg| oe6| pmi| i6q| dtq| 6zm| nm6| onb| h5w| lk5| wgd| s5x| ojx| 5md| pn5| kaj| n5u| hol| 6pp| ed4| vdi| d4j| a4b| wmj| 4di| dl4| beb| k5r| ava| 5na| yo5| pwb| j3n| sai| 3ea| 3ae| af3| ysj| bi4| gwv| h4i| fvi| 4mb| px2| brq| q2z| nvi| 3bh| 3zw| rq3| cks| o3x| mas| 3ft| ti3| geb| b2b| ipu| 2wj| lb2| ipd| vlh| o2t| brp| 2kq| wm3| kyu| bz1| gbb| b1q| zeb| 1tg| im1| prz| qgu| o2l| edi|