• m Linux pЉ|
    osGAзR firefox s
    | cD | ̔D | g | A | ~R | ୱR | w޲z | QAO | Ŏ | y`~ | m | Xs |
    @ @ @
    @
    ̪sG2011/08/08
    FTP (File Transfer Protocol) iO̥jѪw@FADnOΨӶiɮתljKAרOjɮתljKϥ FTP OKILAȱo`NOAϥ FTP ӶljKɡAO㦳@w{תyMIʡzA ]ƦbںWOSO@yXzljK覡IOxª FTP ARO䥲nʪAҦpܦhմN FTP A[]ݨD[I


    jADϥ21.1 FTP Ƴsz

    FTP (File transfer protocol) OSjѪljKw@AL̥Dn\ObAPΤݤiɮתljKC oӥjѪwϥΪOXljK覡ABLhShwMEvCFwϥ FTP wAڭ̥Dnw\֪ vsftpd oӳnoC


    pADϥ2.1.1 FTP \̔

    FTP A\ణFxªiɮתljKP޲z~A̾ڦAn骺]w[cARiHѴXӥDn\C Uڭ̬ӽͤ@͡G


    • PίŪϥΪ̨Guser, guest, anonymous

    FTP Abw]pUA̾ڨϥΪ̵nJpӤTRPAOOG (1)b,real userF(2)X, guestF(3)ΦWnJ, anonymous oTRCoTRϥΪ̦btWϥvtܤjIҦpΤotvA ҥHiHihʧ@FܩΦWnJ̡Ajyڭ̴NȴѥLU귽OӤwAä\ΦW̨ϥΤӦhDE귽[I SMAoTRH^ϥΪyuWOz۵M]NۦPoI ^_^


    • ROOPnɰOG

    FTP iHQΨt syslogd ӶiƪA ӰOƥ]AFϥΪ̼gUFLROPϥΪ̶ljK(ljKɶBɮפjpΆ)OI ҥHAiHܻPb /var/log/ ̭UnTI


    • ϥΪ̬ʪؿG (change root, ̔ chroot)

    FקKϥΪ̦bA Linux tSHN}j (Nm}ϥΪ̦ۤvaؿӶiJ Linux tLؿh)A ҥHNϥΪ̪u@dy]zbϥΪ̪aؿUAIbOӤhnDNIFTP iHϥΪ̶ȯbۤvaؿSʳIp@ӡAѩϥΪ̵Lkm}ۤvaؿAӥBnJ FTP AܪyڥؿzNOۤvaؿeAoR٤ change root A̔ chroot AܮڥؿNTI

    onBOHS@ӴcNϥΪ̥H FTP nJAtSApGS chroot UALiH /etc, /usr/local, /home ΨLnؿUhԎɮ׸ơAרOܭn /etc/ U]wɡAp /etc/passwd ΆΡCpGASn@ɮv޲zPO@ALNkotYǭnTA ΨӡyJIzAtOIҥHb chroot UASMNw@ǫI


    pADϥ21.1.2 FTP B@y{PϥΨ쪺f

    FTP ljKϥΪO TCP ʥ]wAbĤGغڭ̽͹LA TCP bإ߳sue|iTV洤CL FTP AOꐷФ@ǡA] FTP AϥΤFӳsuAOOROqDPƬyqD (ftp-data) CoӳsuݭngLTV洤A ]O TCP ʥ]IoӳsuqD}YOpOHUڭ̥H FTP w]Dʦ (active) suӧ@̔oG

    FTP ADʦsuܷN
    21.1-1BFTP ADʦsuܷN

    ̔xsuy{NpWϩҥܡAܩsuBJOo˪G

    1. إߩROqDsu
      pWϩҥܡAΤݷ|HE@Ӥj 1024 HWf (port AA) ӻP FTP Aݪ port 21 FsuA oӹL{SMݭnTV洤FIFsuΤݫKiHzLoӳsuӹ FTP AUFOA ]AdɦWBUBWdžΆΫOOQγoӳqDӤUFF

    2. q FTP Aݨϥ active Bis^
      FTP A 21 𸹥DnΦbROUFAOSoAƬyɡANOϥγoӳsuFC ΤݦbݭnƪpUA|iAݭnΤ覡ӳsuApGODʦ (active) suɡA Τݷ|HEťΤ@Ӱf ( 21.1-1 S port BB) ABzLROqDi FTP AoӸTAÆΫ FTP AsuF

    3. FTP AyDʡzVΤݳsu
      FTP AѩROqDAΤݪݨDA|Dʪ 20 oӰ𸹦VΤݪ port BB suA oӳsuSM]|gLTV洤TI FTP ΤݻPAݦ@|إߨsuAOΦbROUFPƪǻC ӹw] FTP AݨϥΪDʳsu𸹴NO port 20 oI

    p@ӫh\إ߰_yROzPyƶljKzӳqDILAn`NOA yƶljKqDzObƶljK欰ɤ~|إߪqDIäO@}ls^ FTP ANߨإߪqDOIdN@UoI


    • DʦsuϥΨ쪺

    QΤWzӾz@U FTP Aݷ|ϥΨ쪺𸹥DnG

    • ROqD ftp (w] port 21) P
    • ƶljK ftp-data (w]port 20)C

    Ajդ@AoӰfu@O@˪AӥBAnO̪suo_ݬO@˪I port 21 Dn^ӦۥΤݪDʳsuAܩ port 20 h FTP ADʳsuܥΤݩOIo˪pbAPΤݨ̦Pɬ@ IP (Public IP) ںWq`SӤjDALAU@AΤݬObݡAΪ̬O NAT AݩOH|DoͩOHUڭ̨ӽͤ@ͳoYDI


    • bDʳsu FTP APΤݤ㦳suD

    ^Q@Uڭ̪ĤEبI @ӻAܦhk|ϥΨ (iptables) NAT \Ab NAT ݪ FTP Τps^ FTP AOH ڭ̥iH̔xHUϨӻG

     FTP ΤݻPAݳsu㦳suA
    21.1-2B FTP ΤݻPAݳsu㦳suA
    1. ΤPAROqDإߡG
      ] NAT |DʪOѤe~suTAӥѩROqDإ߬OѥΤݦVAݳsuA ]o@suiHQإ߰_ӪF

    2. ΤPAƳqDإ߮ɪqG
      P˪AΤݥDE|ť port BB AózLROqDi FTP AABΫݦAݪDʳsuF

    3. ADʳs NAT Ϋ茻ܥΤݪsuDG
      OѩzL NAT 茂AFTP Auo NAT IP ӤOΤݪ IP A ] FTP A|H port 20 DʪV NAT port BB oeDʳsunDC A NAT èSŰ port BB Ӻo FTP Asu[I

    ADҦbFܡHb FTP DʦsuSANAT N|QΤݡA NAT ëDΤݔ[A oNyDFCpGAgb IP ɾ᭱s^Y FTP AɡAiస|o{Ns^W FTP AF (ROqDwإ)AONOLkoɮצW٪CAӬObWL@qɶܡy Can't build data connection: Connection refusedALkiƶljKzTA ֩wNOoӭ]ҳyxZFC

    SkiHJAoӰDOHDub Linux NAT ᭱N@wLkϥ FTP ܡHSMOI ثe̔kiHJAoӰDG

    • ϥ iptables ҴѪ FTP œG

      iptables NѤF\hnΪœFAo FTP SM|QhLI AiHϥ modprobe oӫOӸJ ip_conntrack_ftp ip_nat_ftp μœAoXӼœ|DʪRy؊AO port 21 suzTA ҥHiHo port BB ơAɭY^ FTP ADʳsuAN^NMʥ]fVTݥDEFI ^_^

      LApGAs؊A FTP ALROqDw]𸹨ëDAǪ 21 𸹮 (ҦpYǦaU FTP A)A oӼœNLkQRXӤFAo˻AzܡH

    • ΤݿܳQʦ (Passive) suҦG

      FDʦsu~AFTP RѤ@R٬QʦsuҦAOQʦOH JMDʦOѦAVΤݳsuAϹLAQʦNOѥΤݦVAݵo_suoI JMOѥΤݵo_suA۵MNݭnҼ{Ӧ port 20 suTI}QʦsuҦNbU@p`I

    pADϥ21.1.3 ΤݿܳQʦsuҦ

    򤰻OQʦsuOHڭ̥iHϥΩUϥܨӧ@̔G

    FTP QʦƬysuy{
    21.1-3BFTP QʦƬysuy{
    1. ΤPAإߩROqDG
      P˪ݭnإߩROqDAzLTV洤NiHإ߰_oӳqDFC

    2. ΤݵoX PASV sunDG
      SϥθƳqDOɡAΤݥizLROqDoX PASV QʦsunD (Passive Yg)A ÆΫݦA^RF

    3. FTP AŰʸưfAóqΤݳsuG
      pGA FTP AO^BzQʦsuA FTP A|Űʤ@ӰfboC oӰfXiOHEA]iHۭqY@d򪺰fAݬݧA FTP AnөwC MA FTP A|zLROqDiΤMwgŰʪf (Ϥ port PASV)A ÆΫݥΤݪsuC

    4. ΤHEΤj 1024 fis^G
      MAΤݷ|HEΤ@Ӥj 1024 𸹨ӹDE port PASV suC pG@QܡAA FTP ƴNiHzL port BB port PASV ӶǰeFC

    o{WPIFܡHQʦ FTP ƳqDsuVOѥΤݦVAݳsuI p@ӡAb NAT ΤݥDENiHQs^W FTP Server FIOAU@ FTP DE]Ob NAT ݨ...IiNɤFa @_@o̴NoA`J DMZ ޥFAڭ̳o̼ȤoDz`JޥAz@UoǯSsuVA oNUAӦA[]ɭԪҼ{]I

    ~AֱoALo{AzL PASV ҦAAbSSO]wpUA|HEj 1024 fӴѥΤݳs^ΡCU@AťΪfQdKHӥBA p@Ӥ]l}ӦۤJI̧@nT[IҥHAoӮɭԧڭ̥iHzL passive ports \ӡywzAťΪ port number I


    pADϥ21.1.4 FTP wʰDPN

    Ab FTP WǰeƫܥiQѨA] FTP OXljKIӥBY FTP An骺wvD]OYC ]A@ӻADOթΪ̬O@Ǫxn}SEKαvDƤ~AFTP O֥άC

    SSH ҽAثeڭ̤wgw FTP FANO ssh Ѫ sftp o server [Io sftp-server ̤juINOGybWljKƬOgL[KzIҥHbںWyJɭԡA KKIܳOw@TIҥHijAADnA_hܨϥ SSH Ѫ sftp-server \Yi

    Mӳoӥ\@DzߺDFϧΤAΪ̬OɦWϥΪ̨ӻAbOKA ثeӹϧΤ filezilla ΤݳnALܦhɭRO|oͤ@WDI ҥHAɭ FTP ROsbݭnCpGun[] FTP AROoݭn`NXӨƶG

    1. Hɧs̷s FTP nAHɪ`N|}TF
    2. iptables ӳWwiHϥ FTP kF
    3. TCP_Wrappers ӳWdiHnJkF
    4. FTP n骺]wӭϥΧA FTP AϥΪ̪Pv[F
    5. ϥ Super daemon Ӷi픺޲zA FTP AF
    6. Hɪ`NϥΪ̪aؿBHΰΦWϥΪ̵nJؿyɮvzF
    7. Y~}ܡAγ\]iHק FTP port C
    8. ]iHϥ FTPs oR[K FTP \I

    LApAbWoLӦhHOѩ} FTP oӦAfPӥDEQJIƥAҥHA o̯unL@_jաAn`Nw[I


    pADϥ21.1.5 }񤰻򨭥ϥΪ̵nJ

    JM FTP OHXljKAåBYǦ FTP An]֪wʺ|}ASݭn[] FTP A[H Sk[A`OHݭnoӪN઺AĴpUjM|դN FTP AȶܡH o˥iHդP@Pɮդ귽ILAѩ FTP nJ̪iHTRA A쩳n}@RnJOHoӮɭԧAiHo̔xҤ@UoG


    • }Τ᪺p (Real user)G

    ܦh FTP Aw]Nwg\Τ᪺nJFCLAݭnAOAHΤᰵ FTP nJ̨ɡA tw]èSwΤӶiyzAҥHLiHwɮרtiLҨ㦳vu@C ]ApGA FTP ϥΪ̨SnnO@ۤvKXfPQJIAA Linux tƱNܦiQѨ[I }ΤɪijpUG

    • ϥδN FTP ׸ΡG ѩΤ᥻ӴNiHzLs^DEӶiu@ (Ҧp SSH)A]bSݭnSO} FTP AȔ[I]Ҧp sftp ӴNFljKɮת\oI

    • ΤOAp chroot P /sbin/nologin ΡG pGTwnΤQ FTP AܡAAiݭnYǨtbLknJ FTP ~AҦp bin, apache ΆΡC ̔x`Ϊ@kOzL PAM œӳBzAĴp vsftpd oӳnw]iHzL /etc/vsftpd/ftpusers oɮרӳ]wQL㦳nJ FTP bCt~ANϥΪ̨ chroot OSݭnI


    • XȨ (Guest)

    q`|إ guest רSAhbOѩAѤFyӤH Web z\൹@먭ϥΪ̡A oǨϥΪ`Oݭn޲zۤvŶaHoӮɭԱNϥΪ̪Y guest AåBNLiΥؿ]wnAYiѨϥΪ̤@ӤKϥFIBݭnѥL real user vI `ijpUG

    • ȴѻݭnnJbYiAݭnѨtWҦHinJ[I

    • SMAڭ̦bA]wSAݭnw藍PXȵL̤@˪yaؿzA ӳoӮaؿPϥΪ̪v]wݭn۲ŦXIҦpn dmtsai oӤH޲zLŶAӥLŶmb /home/dmtsai/www UAڴNN dmtsai b FTP ѪؿȦ /home/dmtsai/www ӤwAwTIӥB]KϥΪ̔[I

    • wo˪̡Aݭn]whA]AGWUɮӋػPwЮeqB sunJɶB\iϥΪOn֫ܦhܦhAҦp chmod Nn\LϥΆΆΡI


    • ΦWnJϥΪ (anonymous)

    MѰΦWnJںϥΪ̶iJbOӦnDNA]CӤHiHhUAơA U@WeQYHpPeLAxݭnɥզP@dzn귽ɡA FTP A]O@ӫܤhMה[IAOaCpGn}ΦWϥΪ̪ܡAn`NG

    • LApAѰΦWnJO@SMIƱA]unA@pߡA NnƩmΦW̥iHŪؿɡANܦi|KIPxxApNn]w[

    • Gun}ΦWnJɡAܦhni檺Ao]AG(1)\u@OnCܦhA XGN\ΦW̨ϥΫOTB(2)ɮ׶ljKӋqAɶqn\yWǡzƪ]wB (3)ΦW̦PɵnJ̤jsuӋqAiHssI

    @ӻApGAOnm@Ǥ}BSvȯɪƦbWѤHUܡA @ӶȴѰΦWnJ FTP AAåBӺں}O OK TI LApGAwpnѪnθƬO㦳vAOMv\AbQx줺ljKpUA []@ӡyȰw鷺}񪺰ΦW FTP A (QΨBz) z]O OK TI

    pGARQnϥΪ̤XܡAO_n[]@ӰΦW̥iWǪkOHmoƱݪkO.... yUUiz[IpGnϥΪ̤XܡADMϥΪ̬OAHA_hn\WǡI ҥHɤ@ɮרtv޲zY檺 FTP AAôΤ᪺nJNIݨDTI `An̷ӧAݨDӫҬO_ݭnI


    jADϥ21.2 vsftpd A]w

    nӃԤ@Գo̔x vsftpd oIvsftpd WOyVery Secure FTP Daemon zNA yܻAvsftpd ̪oizNObغc@ӥHw FTP AOIڭ̥ӃԤ@Ԭ vsftpd ١yD`wzOHMAӽͳ]waI


    pADϥ21.2.1 ϥ vsftpd

    Fغc@ӦwD FTP AA vsftpd w@~ty{Ǫv (privilege)zyӳ]pA pGAŪLgQCص{ǻP귽޲zܡA RM|ֱotWҰ檺{|޵o@ӵ{ǡAڭ̺٥L PID (Process ID)A o PID btWi檺ȻPL֦v}C]NOA PID ֦vίŶV@A L^i檺ȴNVhC|ҨӻAϥ root IJo PID q`֦iHiu@vίšC

    LAU@IJoo PID { (program) |}fPQǫ (cracker) ҧ@Өo PID ϥvɡA ǫȱN|oo PID ֦voIҥHAӵoin鳣|ɶqNAȨo PID vCAϱoMAȧYϤp߳QJIFAJI̤]Lko즳Īt޲zvAo˷|ڭ̪twTC vsftpd NOoRQkӳ]pC

    F PID 譱v~A vsftpd ]䴩 chroot oӨ禡\Achroot UWqNOy change root directory zNA root OyڥؿzӫDt޲zC LiHNYӯSwؿܦڥؿAҥHPMؿS}YLؿN|Q~ΤFC

    |ҨӻApGAHΦWnJڭ̪ ftp AȪܡAq`A|Qwb /var/ftp ؿUu@A ӧAݨ쪺ڥؿNuO /var/ftp AܩtLp /etc, /home, /usr... ΨLؿANݤFI oˤ@ӧYϳo ftp AȳQ}FAS}YAJIROȯb /var/ftp ̭]Ӷ]hӤwAӵLkϥ Linux \C۵Mڭ̪t]N|wTI

    vsftpd OWӳ]p@Ӹw FTP AnAL㦳USIG

    • vsftpd oӪAȪŰʪ̨@ϥΪ̡AҥH Linux tϥvCA Linux tM`N۹諸CFC~A vsftpd Q chroot() oӨ禡iڥؿʧ@Aϱotu㤣|Q vsftpd oAȩһ~ΡF

    • ݭn㦳@v vsftpd OH@SWh{ǩұA MWh{Ǩɦ@v\wgQSCAåHvT Linux tǡF

    • ʎj ftp |ϥΨ쪺B~O\ (dir, ls, cd ...) wgQX vsftpd D{SFA]zAW vsftpd ݭnϥΨB~tѪOAҥHb chroot pUAvsftpd iHQB@ABݭnB~\tӻ]wC

    • ҦӦۥΤݥBQnϥγoWh{ǩҴѪ@v vsftpd OݨDA QyiHnDzӳBzAݭngLS{תT{AiQMWh{Ǫ\C Ҧp chown(), Login nDΆΰʧ@F

    • ~AW쪺Wh{ǤA̵Mϥ chroot() \ӭϥΪ̪vC

    ѩ㦳o˪SIAҥH vsftpd |ܪw@ǫIUN}lӽͦp]waI


    pADϥ21.2.2 һݭnnHγnc

    vsftpd һݭnnu@ӡANO vsftpd [I^_^IpGA CentOS SwUAЧQ yum install vsftpd ӦwULaInܤpAUsPwUݭnXNdwFIӨWӳn鴣Ѫ]wɤ]֪OH@I̔xδNO vsftpd S[Iodz]wƤnG

    • /etc/vsftpd/vsftpd.conf
      YӻA vsftpd ]wɴNuoɮסIoɮת]wOH bash Ӌ]wۦP覡ӳBzA ]NOyӋ=]wzӳ]wA`NA θ䤣঳ťճIܩN vsftpd.conf iHϥ y man 5 vsftpd.conf zӌdC

    • /etc/pam.d/vsftpd
      oӬO vsftpd ϥ PAM œɪ}]wɡCDnΨӧ@{ҤΡAR@ǨϥΪ̨ץ\A ]OzLoɮרӹFCAiHԎݤ@UMɮסG
      [root@www ~]# cat /etc/pam.d/vsftpd
      #%PAM-1.0
      session optional pam_keyinit.so    force revoke
      auth    required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
      auth    required pam_shells.so
      auth    include  password-auth
      account include  password-auth
      session required pam_loginuid.so
      session include  password-auth
      
      W file ᭱^ɮ׬OyϥΪ̵Lkϥ vsftpd zNA ]NOAAɮפonϥΨtw]ȡA]iHboɮ׸̭iקTI ^_^

    • /etc/vsftpd/ftpusers
      PW@ɮצ}YA]NO PAM œ (/etc/pam.d/vsftpd) ҫwӵLknJϥΪ̳]wɔ[I oɮת]w̔xAAunNyQLnJ FTP bzgJoɮקYiC@@ӱbAݰ_^oˡG
      [root@www ~]# cat /etc/vsftpd/ftpusers
      # Users that are not allowed to login via ftp
      root
      bin
      daemon
      ....(Uٲ)....
      
      @SHʎjtbboɮפA]NOAtbw]OSkϥ vsftpd TI pGARQnYǨϥΪ̵LknJAgbo̬O̧֪I

    • /etc/vsftpd/user_list
      oɮ׬O_^ͮĻP vsftpd.conf ӰӋ}AOOy userlist_enable, userlist_deny zC pG /etc/vsftpd/ftpusers O PAM œ׳]wءAo /etc/vsftpd/user_list hO vsftpd ۭq׶ءCWoɮ׻P /etc/vsftpd/ftpusers XG@Ҥ@ˡA bw]pUAAiHNƱinJ vsftpd bgJo̡CLoɮת\|̾ vsftpd.conf ]wɤ userlist_deny={YES/NO} ӤPAoonSOdNI

    • /etc/vsftpd/chroot_list
      oɮ׹w]OsbAҥHAnʦۦإߡCoɮתDn\OiHNYDZbϥΪ chroot bL̪aؿUIoɮ׭nͮĻP vsftpd.conf y chroot_list_enable, chroot_list_file zӰӋ}C pGAQnNYΤ᭭bL̪aؿUӤ\LؿhAiHŰʳoӳ]wسI

    • /usr/sbin/vsftpd
      oNO vsftpd DnɫInháA vsftpd uo@ӰɦӤw[I

    • /var/ftp/
      oӬO vsftpd w]ΦW̵nJڥؿIP ftp oӱbaؿ}TI

    jPWNuoXɮ׻ݭn`NӤwAӥBCɮת]wS̔xIuOh[I


    pADϥ21.2.3 vsftpd.conf ]wȻ

    WA/etc/vsftpd/vsftpd.conf NO@ӮN]wɡABϥΡy man 5 vsftpd.conf zhiHo짹㪺ӋC Lڭ̳ǫ̂HN vsftpd.conf `ΰӋLgXӡAƱADUG


    • PA}]w
    • connect_from_port_20=YES (NO)
      Oobe@p`쪺DʦsuϥΪ FTP A port ܡHoNO ftp-data 𸹡F

    • listen_port=21
      vsftpd ϥΪROqD portApGAQnϥΫDW𸹡Aboӳ]wحקaI LAnDAoӳ]wȶȾAXH stand alone 覡ӎŰʳI( super daemon L)

    • dirmessage_enable=YES (NO)
      SϥΪ̶iJYӥؿɡA|Mؿݭn`NeAܪɮ׹w]O .message AAiHϥΩU]wبӭ׭qI

    • message_file=.message
      S dirmessage_enable=YES ɡAiH]woӶب vsftpd MMɮרܰTI

    • listen=YES (NO)
      Y]w YES vsftpd OH standalone 覡ӎŰʪIw]O NO IҥHڭ̪ CentOS Nאּ YES Ioˤ~ϥ stand alone 覡ӳC

    • pasv_enable=YES (NO)
      䴩ƬyQʦsuҦ(passive mode)A@wn]w YES TI

    • use_localtime=YES (NO)
      O_ϥΥaɶHvsftpd w]ϥ GMT ɶ(Lªv)AҥHw] FTP ɮפ|xW߅ 8 pɡAijק]w YES aI

    • write_enable=YES (NO)
      pGA\ϥΪ̤WǸƮɡANnŰʳoӳ]wȡF

    • connect_timeout=60
      xOAbƳs^DʦsuҦUAڭ̵oXs^Tb 60 oΤݪ^RAhΫݨñj_uC

    • accept_timeout=60
      SϥΪ̥HQʦ PASV ӶiƶljKɡApGAť passive port ÆΫ client WL 60 ӵL^RA NLj_uIoӳ]wȻP connect_timeout AL@ӬO޲zDʳsuA@Ӻ޲zQʳsuC

    • data_connection_timeout=300
      pGAPΤݪƳsuwg\إ (ADROQʳsu)AOiѩuDfP 300 ROLkQƪǰeAΤݪsuN|Qڭ̪ vsftpd jI

    • idle_session_timeout=300
      pGϥΪ̦b 300 SROʧ@AjmuIקKۭT|ԫˡ

    • max_clients=0
      pG vsftpd OH stand alone 覡ŰʪAoӳ]wإiH]wP@ɶA̦hh client iHPɳsW vsftpd Iϥ FTP ζqI

    • max_per_ip=0
      PW max_clients Ao̬OP@ IP P@ɶi\hֳsuH

    • pasv_min_port=0, pasv_max_port=0
      WӬOP passive mode ϥΪ port number }ApGAQnϥ 65400 65410 o 11 port ӶiQʦsuҦs^AiHo˳]w pasv_max_port=65410 H pasv_min_port=65400C pGO 0 ܡAHEΦӤC

    • ftpd_banner=@Ǥr
      SϥΪ̳suiJ vsftpd ɡAb FTP ΤݳnWY|ܪrCLAoӳ]wȸƤTI ijAiHϥΩU banner_file ]wȨӨNoӶءF

    • banner_file=/path/file
      oӶإiHwYӯ¤rɧ@ϥΪ̵nJ vsftpd AɩܪwrCPɡA]^m@ϥΪ̪D FTP Aؿ[cI


    • PΤ}]w
    • guest_enable=YES (NO)
      Yoӭȳ]w YES ɡAbA|Q] guest (ҥHw]O})I ܩXȦb vsftpd SAw]|o ftp oӨϥΪ̪}vCiHzL guest_username ӭקC

    • guest_username=ftp
      b guest_enable=YES ɤ~|ͮġAwXȪӤwC

    • local_enable=YES (NO)
      oӳ]wȥn YES ɡAb /etc/passwd b~HΤ᪺覡nJڭ̪ vsftpd AI

    • local_max_rate=0
      Τ᪺ljKt׭Ax쬰 bytes/secondA 0 C

    • chroot_local_user=YES (NO)
      bw]pUAO_nNϥΪ̭bۤvaؿ(chroot)HpGO YES NΤw]N|Q chrootApGO NOA hw]OS chrootCLAROݭnUӰӋ۰ѦҤ~CFwʡAoRMn]w YES ~nC

    • chroot_list_enable=YES (NO)
      O_ť chroot gJC\HPU chroot_list_flie }IoӶرon}šA_hUCɮ׷|LġC

    • chroot_list_file=/etc/vsftpd.chroot_list
      pG chroot_list_enable=YES NiH]woӶؤFIoӶػP chroot_local_user }AN]wAаѦ 21.2.6 chroot C

    • userlist_enable=YES (NO)
      O_]U vsftpd EӳBzYǤw諸bAPUӋ]w}F

    • userlist_deny=YES (NO)
      S userlist_enable=YES ɤ~|ͮĪ]wAY]wȬ YES ɡAhSϥΪ̱bQCJYɮ׮ɡA bMɮפϥΪ̱NLknJ vsftpd AIMɮɦWPUC]wئ}C

    • userlist_file=/etc/vsftpd/user_list
      YW userlist_deny=YES ɡAhoɮ״NγBFIboɮפbLkϥ vsftpd I


    • ΦW̵nJ]w
    • anonymous_enable=YES (NO)
      ]w\ anonymous nJڭ̪ vsftpd DEIw]O YES AUҦ}]wݭnNoӳ]w anonymous_enable=YES ~|ͮġI

    • anon_world_readable_only=YES (NO)
      Ȥ\ anonymous 㦳UiŪɮתvAw]O YESC

    • anon_other_write_enable=YES (NO)
      O_\ anonymous 㦳FgJ~vH]ARPgAWɮפɦWvCw]SMO NOIpGn]w YESA} anonymous gJؿݭnվvA vsftpd PID ֦̥iHgJ~I

    • anon_mkdir_write_enable=YES (NO)
      O_ anonymous 㦳إߥؿvHw]ȬO NOIpGn]w YESA anony_other_write_enable ]w YES I

    • anon_upload_enable=YES (NO)
      O_ anonymous 㦳WǸƪ\Aw]O NOApGn]w YES Ah anon_other_write_enable=YES ]wC

    • deny_email_enable=YES (NO)
      NYǯS email address צA anonymous nJIpGH anonymous nJAɡAO|nDKJKXܡHKXOnAKJA email address ܡHpGAܰQY email addressA NiHϥγoӳ]wӱNLnJvIݻPUӳ]wذtXG

    • banned_email_file=/etc/vsftpd/banned_emails
      pG deny_email_enable=YES ɡAiHQγoӳ]wبӳWw email address inJڭ̪ vsftpd IbW]wɮפA@KJ@ email address YiI

    • no_anon_password=YES (NO)
      S]w YES ɡA anonymous N|LKXˇBJAӪ^iJ vsftpd AIҥH@w]O NO I(nJɷ|ˬdKJ emai)

    • anon_max_rate=0
      oӳ]wȫ᭱^Ӌx쬰 bytes/ A anonymous ljKtסApGO 0 h(ѳ̤jWeҭ)ApGAQ anonymous Ȧ 30 KB/s tסAiH]wyanon_max_rate=30000z

    • anon_umask=077
      anonymous WɮתvIpGO 077 h anonymous ǰeLӪɮv|O -rw------- I


    • }tw譱@dz]w
    • ascii_download_enable=YES (NO)
      pG]w YES A client Nu (w]) ϥ ASCII 榡UɮסC

    • ascii_upload_enable=YES (NO)
      PW@ӳ]wAuOoӳ]wwWǦӨIw]O NO

    • one_process_model=YES (NO)
      oӳ]wؤMI@IS]w YES ɡAܨCӫإߪsu|֦@ process btdAiHW[ vsftpd įCLA DAtwAӥBwtQ@A_heӺɨt귽I@ij]w NO TI

    • tcp_wrappers=YES (NO)
      SMڭ̳ߺD䴩 TCP Wrappers TIҥH]w YES aI

    • xferlog_enable=YES (NO)
      S]w YES ɡAϥΪ̤WǻPUɮ׳|Q_ӡCOɮ׻PU@ӳ]wئ}G

    • xferlog_file=/var/log/xferlog
      pGW@ xferlog_enable=YES ܡAo̴NiH]wFIoӬOnɪɦWTI

    • xferlog_std_format=YES (NO)
      O_]w wu ftp ۦPnɮ榡Hw] NO A]nɷ|eŪI LApGAϥ wu ftp nɪRnAo̤~ݭn]w YES

    • dual_log_enable=YES, vsftpd_log_file=/var/log/vsftpd.log
      F /var/log/xferlog wu-ftp 榡nɤ~ARiH㦳 vsftpd WSnɮ榡IpGA FTP AäOܦLA γ\qXӵnɪg (/var/log/{vsftpd.log,xferlog) OhC

    • nopriv_user=nobody
      ڭ̪ vsftpd w]H nobody @@AȰ̪vC] nobody vSCA]YϳQJIAJI̶ȯo nobody vI

    • pam_service_name=vsftpd
      oӬO pam œW١Aڭ̩mb /etc/pam.d/vsftpd YOoөNNI

    WoǬO` vsftpd ]wӋARܦhӋڨSCXӡAAiHϥ man 5 vsftpd.conf d\ILA򥻤WWoǰӋwg^ڭ̳]w vsftpd oC


    pADϥ21.2.4 vsftpd ŰʪҦ

    vsftpd iHϥ stand alone super daemon 覡ӎŰʡAڭ CentOS w]OH stand alone ӎŰʪC ɭRM stand alone Ϊ̬O super daemon OHpGA ftp AOѵӺںӶijqUȡAҦpUjM|ժ FTP AAijAϥ stand alone 覡A AȪtפW|nCpGȬOѵHϥΪ FTP AAϥ super daemon Ӻ޲zYi[C


    • Q CentOS Ѫ script ӎŰ vsftpd (stand alone)

    CentOS Χ@]wN^Ű vsftpd oIOoˎŰʪTG

    [root@www ~]# /etc/init.d/vsftpd start
    [root@www ~]# netstat -tulnp| grep 21
    tcp  0  0 0.0.0.0:21  0.0.0.0:*   LISTEN   11689/vsftpd
    # ݨoAO vsftpd ҎŰʪOI
    


    • ۦ]wH super daemon ӎŰ (nAiA@)

    pGA FTP OܤֳQϥΪAQ super daemon Ӻ޲z@ӦnDNC LYAQnϥ super daemon ޲zܡANonۦק@U]wɤFC]TAARMno˳BzG

    [root@www ~]# vim /etc/vsftpd/vsftpd.conf
    #  listen=YES o@Gjb 109 楪kTAñN令G
    listen=NO
    

    ^Uӭק@U super daemon ]wɡAUoɮקAnۦإߪA쥻OsbG

    [root@www ~]# yum install xinetd   <==] xinetd SwU
    [root@www ~]# vim /etc/xinetd.d/vsftpd
    service ftp
    {
            socket_type             = stream
            wait                    = no
            user                    = root
            server                  = /usr/sbin/vsftpd
            log_on_success          += DURATION USERID
            log_on_failure          += USERID
            nice                    = 10
            disable                 = no
    }
    

    MŰʬݬݩOG

    [root@www ~]# /etc/init.d/vsftpd stop
    [root@www ~]# /etc/init.d/xinetd restart
    [root@www ~]# netstat -tulnp| grep 21
    tcp  0  0 0.0.0.0:21  0.0.0.0:*   LISTEN   32274/xinetd
    

    çaI̎Űʪ覡i@˔[I޲z覡N|tܦhIާAnϥέRŰʪ覡AOn̦PɎŰʡA_h|o͎h~IARMϥ chkconfig --list ˬd@UoRŰʪ覡AM̾ڧAݨDӨMwέ@R覡ŰʡCmU]w|H stand alone o CentOS w]ŰʼҦӳBzAҥHԒN誺ʧ@L^ӳI


    pADϥ21.2.5 CentOS vsftpd w]

    b CentOS w]SAvsftpd OPɶ}ΤPΦWϥΪ̪ACentOS w]ȦpUG

    [root@www ~]# vim /etc/vsftpd/vsftpd.conf
    # 1. PΦW̦}TG
    anonymous_enable=YES        <==䴩ΦW̪nJϥ FTP \
    
    # 2. PΤᦳ}]w
    local_enable=YES            <==䴩aݪΤnJ
    write_enable=YES            <==\ϥΪ̤WǸ (]Aɮ׻Pؿ)
    local_umask=022             <==إ߷sؿ (755) Pɮ (644) v
    
    # 3. PA즳}]w
    dirmessage_enable=YES       <==YؿU .message h|Mɮתe
    xferlog_enable=YES          <==ŰʵnɰOAO /var/log/xferlog
    connect_from_port_20=YES    <==䴩Dʦsu\
    xferlog_std_format=YES      <==䴩 WuFTP nɮ榡
    listen=YES                  <==ϥ stand alone 覡Ű vsftpd
    pam_service_name=vsftpd     <==䴩 PAM œ޲z
    userlist_enable=YES         <==䴩 /etc/vsftpd/user_list ɮפbnJޱI
    tcp_wrappers=YES            <==䴩 TCP Wrappers E
    

    WU]wȽЦۦѦ 21.2.3 NaCӳqLo˪]wȫ̪ vsftpd iHFpU\G

    • AiHϥ anonymous oӰΦWbΨLb (/etc/passwd) nJF
    • anonymous aؿb /var/ftp ABLWvAwgQ chroot FF
    • Τ᪺aؿѦ /etc/passwdAèSQ chrootAieviiJؿF
    • /etc/vsftpd/ftpusers sbbLkϥ vsftpd (PAM)F
    • iQ /etc/hosts.{allow|deny} ӧ@䨾F
    • SΤݦW/UTɡAMT|Q /var/log/xferlog F
    • Dʦsuf port 20F
    • ϥήLªvɶ (GMT)C

    ҥHSAŰ vsftpd AAΤN^^Q vsftpd oӪAȨӶljKLۤvƤFC LjDOA] vsftpd w]ϥ GMT ɶA]AbΤݨϥ ftp ns^ FTP AɡA|o{CɮתɶCFKpɤFIuOQ[I ҥHijA[]@ӰӋȡANOy use_localtime=YES zoI

    [root@www ~]# vim /etc/vsftpd/vsftpd.conf
    # boɮS̫@[Jo@yYi
    use_localtime=YES
    
    [root@www ~]# /etc/init.d/vsftpd restart
    [root@www ~]# chkconfig vsftpd on
    

    p@ӧA FTP AiHѰΦWbӤU /var/ftp ơApGϥbӵnJܡA N^iJMϥΪ̪aؿUhFIuO̔xK@ӳ]w[IBϥΥaݮɶOI ^_^

    t~ApGAwpnN FTP } Internet ϥήɡAЪ`Non}񨾤I}󨾤ظmpA ѩoAƬyDʡBQʳsu覡A]ARon[JœCoڭ̦b 21.2.8 p`A[HAϥA̜Oon} FTP sunDNFI


    pADϥ21.2.6 wb]w

    Mb CentOS w]pSΤwgiHϥ FTP AȤFALڭ̥iRݭn@B~\ӭΤC |ҨӻAϥΪ̵Lkm}aؿ (chroot)BUtvBϥΪ̤Wɮ׮ɪv (mask) ΆΡC Uڭ̥CX@ǧƱF쪺\AMA~iB~\઺BzG

    • ƱϥΥxWaɶN GMT ɶF
    • ϥΪ̵nJܤ@wTTF
    • tbinJDE (Y UID p 500 HUb)F
    • @ΤiHiWǡBUBإߥؿέקɮ׆ΰʧ@F
    • ϥΪ̷sWɮסBؿ umask Ʊ]w 002F
    • LDE]wȫOdw]YiC

    AiHۦBz vsftpd.conf oɮסAHUhO@ӽdҡC`NApGA vsftpd.conf S}]wȡA ЦۦɤWaIOKIڭ̶}l@B@BӨ̧dzBzG

    1. إߥD]w vsftpd.confAoӳ]wɤwg]tFDn]wȡG
      [root@www ~]# vim /etc/vsftpd/vsftpd.conf
      # 1. PΦW̬}TAboӮרҤNΦWnJG
      anonymous_enable=NO
      
      # 2. PΤ}TGigJAB umask  002 I
      local_enable=YES
      write_enable=YES
      local_umask=002
      userlist_enable=YES
      userlist_deny=YES
      userlist_file=/etc/vsftpd/user_list  <==oɮץsbIRnAw]ɮסI
      
      # 3. PA즳}]w
      use_localtime=YES
      dirmessage_enable=YES
      xferlog_enable=YES
      connect_from_port_20=YES
      xferlog_std_format=YES
      listen=YES
      pam_service_name=vsftpd
      tcp_wrappers=YES
      banner_file=/etc/vsftpd/welcome.txt <==oɮץsbIݤʫإߡI
      
      [root@www ~]# /etc/init.d/xinetd restart  <== super dameon
      [root@www ~]# /etc/init.d/vsftpd restart
      

    2. إwTG

      Sڭ̷QnJ̥id\̨t޲zҤUFyizƶɡAiHϥγoӳ]wINO banner_file=/etc/vsftpd/welcome.txt oӰӋγ~FIڭ̥iHsoɮקYiC nFA}lӫإweaI
      [root@www ~]# vim /etc/vsftpd/welcome.txt
      w{pA FTP }AȡI
      DnAȬOw糧EΤᴣѪA
      YDAлPmpI
      

    3. إ߭tbnJɮ

      AӬOwtbӵתEAɮTA@ӬO PAM œުA@ӬO vsftpd DʴѪA bw]pUoɮפOOG

      • /etc/vsftpd/ftpusersGNO /etc/pam.d/vsftpd oɮת]wҼvTF
      • /etc/vsftpd/user_listG vsftpd.conf userlist_file ҳ]wC

      oɮתeO@˪åBoɮץnsb~CЧAѦҧA /etc/passwd ]wɡA MN UID p 500 bWٵLPɼgoɮפaI@@ӱbI
      [root@www ~]# vim /etc/vsftpd/user_list
      root
      bin
      ....(Uٲ)....
      

    4. GG

      AiHϥιϧΤ FTP ΤݳnӳBzA]iHzL Linux Ѫ ftp Τݥ\I } ftp Oڭ̤wgbĤ͹LFAAiHۦeѦҡCo̪^@UaG
      # ϥΤwϥΪ̵nJAҦp dmtsai oΤG
      [root@www ~]# ftp localhost
      Trying 127.0.0.1...
      Connected to localhost (127.0.0.1).
      220-w{pA FTP }AȡI   <==إߪwT
      220-DnAȬOw糧EΤᴣѪA
      220-YDAлPmpI
      220
      Name (localhost:root): student
      331 Please specify the password.
      Password:  <==KJKXobo̡I
      500 OOPS: cannot change directory:/home/student  <==nJѪ]I
      Login failed.
      ftp> bye
      221 Goodbye.
      
      ѩw]@ΤLknJ FTP I] SELinux DTIаѦҤUӤp`覡ӳBzC MHW覡ܫAAiHbnJ̱bBOg (1)root (2)anonymous ӹnJݬݡI pGnJܡANO]w OK TI(root nJO] PAM œH user_list ]wȪ}YA ӰΦWLknJAO]ڭ vsftpd.conf YNO]wΰΦWnJI)

    WO̔xb}]wCpGARQnϥΪ̮aؿ chroot ΨLptθơANonݬݩUS]woC


    • b SELinux ijD

    bw]pUACentOS FTP O\bnJoaؿƪAoO] SELinux DTI pGAb誺 ftp localhost BJAb bye m} FTP eUFLy dir zܡAA|o{Sƶ]Xӡ oäOAhFAӬO SELinux ӹltGCp󶒨MOHo˳BzYiG

    [root@www ~]# getsebool -a | grep ftp
    allow_ftpd_anon_write --> off
    allow_ftpd_full_access --> off
    allow_ftpd_use_cifs --> off
    allow_ftpd_use_nfs --> off
    ftp_home_dir --> off            <==NOoNIn]w on ~I
    ....(Uٲ)....
    
    [root@www ~]# setsebool -P ftp_home_dir=1
    

    o˴NdwoIpGRLio͎h~]A]Aɮ׸ƨϥ mv ӫDϥ cp fP SELinux ɮLk~ӭ즳ؿɡANЦۦd\ /var/log/messages eaIq` SELinux SoBzTI^_^


    • ϥΪ (]AӷsWΤ) i chroot

    bm^IJ@ FTP ϥ줤AjhӋOn}񵹼tγsuӨϥΪAۤvHϥΪE|M]A LϥΪӋqq`֤@ǡCҥHoAm{bOijw]ΤqqQ chrootA Ӥ\ chroot b~ݭnB~]wCo˪nBOAsتbpGѰOi chrootAϥ쥻NO chrootA ξߦpGMbO}tήM쪺DC

    {b]ڨṱȦ vbird P dmtsai ӱbnQ chrootALp student, smb1... αbqqw]O chroot TA]AӷsWb]w] chrootIMp]wH̔xATӳ]wȥ[W@B~]wɴNdwFIBJpUG

    # 1. ק vsftpd.conf ӋȡG
    [root@www ~]# vim /etc/vsftpd/vsftpd.conf
    # W[O_]wwYǨϥΪ̨ chroot }]wI
    chroot_local_user=YES
    chroot_list_enable=YES
    chroot_list_file=/etc/vsftpd/chroot_list
    
    # 2. إߤQ chroot ϥΪ̱bCAYϨSbAɮפ]OnsbI
    [root@www ~]# vim /etc/vsftpd/chroot_list
    vbird
    dmtsai
    
    [root@www ~]# /etc/init.d/vsftpd restart
    

    p@ӡAF dmtsai P vbird ~Li FTP b̡Aqq|Q chroot bL̪aؿUA o˹tnTI^UӡAЧAۤvOϥΦPSQ chroot bӳsuݬݡC


    • Τ᪺`Uyq (We)

    AiƱWeQϥΪ̤W/UүӺɡAӼvȚAL`AȧaHҥHϥΪ̪ljKWeɤ]OݭnI ]yڭnҦϥΪ̪`ljKWe̤jiF 1 MBytes/ zɡAAiHo˰YiG

    [root@www ~]# vim /etc/vsftpd/vsftpd.conf
    # W[Uo@ӰӋYiG
    local_max_rate=1000000  <==OAxO bytes/second
    
    [root@www ~]# /etc/init.d/vsftpd restart
    

    WzxO Bytes/AҥHAiH̾ڧAۤvӭAWeIo˴NLnoI^eaI [H̔xAΥE̷ǡIAiH dd X@ 10MB ɮשb student aؿUAM root UF ftp localhostAÉKJ student bKA^UӵL get oӷsɮסAN^b̜檾DUtTI


    • ̤jPɤWuHӋPP@ IP FTP suӋ

    pGA̤jϥWeܡAAiRݭn̤juWHӋ~I|ҨӻAAƱ̦hu 10 ӤHPɨϥΧA FTP ܡAåBC IP ӷ̦huإߤ@ FTP suɡAAiHo˰G

    [root@www ~]# vim /etc/vsftpd/vsftpd.conf
    # W[UoӰӋG
    max_clients=10
    max_per_ip=1
    
    [root@www ~]# /etc/init.d/vsftpd restart
    

    o˴NdwFIA FTP |HwoI


    • إY檺iϥ FTP bC

    bw]SAڭ̬ONy\ϥ FTP bgJ /etc/vsftpd/user_list ɮסzAҥHSgJ /etc/vsftpd/user_list SϥΪ̴N^ϥ FTP FIp@ӡAӷsWϥΪ̹w]^ϥ FTP AȡC pGӨרӫҡAYڷQuYǤHiHϥ FTP ӤwAYOsWϥΪ̹w]iϥ FTP oӪAܨRMp@OHAݭnק]wɦoˡG

    [root@www ~]# vim /etc/vsftpd/vsftpd.conf
    # oXӰӋnק令oˡG
    userlist_enable=YES
    userlist_deny=NO
    userlist_file=/etc/vsftpd/user_list
    
    [root@www ~]# /etc/init.d/vsftpd restart
    

    hɡygJ /etc/vsftpd/user_list ܦiHϥ FTP bzFI ҥHӷsWϥΪ̦pGn^ϥ FTP ܡANngJ /etc/vsftpd/user_list ~I ϥγoEЯSOpߡA_hedV

    zLoX̔x]wȡA۫H vsftpd wgiHŦXjXk FTP ݨDoI hNΪkhаѦ man 5 vsftpd.conf aI

    DG
    ]A]YǯSݨDAҥHn} root ϥ FTP ljKɮסAARMnpBzH
    G
    ѩtbLkϥ FTP O] PAM œP vsftpd إ\ҭPAYO /etc/vsftpd/ftpusers /etc/vsftpd/user_list oɮתvTCҥHAuniJoɮסAåBN root @A root NiHϥ vsftpdo FTP AȤFC LAijp@I


    pADϥ21.2.7 ȦΦWnJ}]w

    MAiHPɶ}ΤPΦWΤALijAAARO̾ڻݨDAwx@Rӳ]waI Uڭ̱NwΦWΤӳ]wAB}ΤC@ӻAoR]wOjM|ժ FTP AӨϥΪI

    • ϥΥxWaɶAӫD GMT ɶF
    • wTAiѤUTF
    • ȶ} anonymous nJABݭnKJKXF
    • ɮ׶ljKt 1 Mbytes/secondF
    • Ƴs^L{ (OROqDI) unWL 60 S^RANj Client _uI
    • un anonymous WLQSʧ@ANH_uF
    • ̤jPɤWuHӋ 50 HABP@ IP ӷ̤jsuӋq 5 HF


    • w] FTP ΦW̪ڥؿҦbG ftp baؿ

    OKIp]wOHڭ̥nDOΦWϥΪ̪ؿb̡H WΦW̹w]nJڥؿOH ftp oӨϥΪ̪aؿDAҥHAiHϥΡy finger ftp zӬd\C ̪ CentOS w]ΦW̮ڥؿb /var/ftp/ CBΦWnJ̦bϥ FTP AȮɡALw]iHϥΡy ftp z oӨϥΪ̨vAuOQ chroot /var/ftp/ ؿNOFC

    ]ΦW̥u|b /var/ftp/ SsAҥHANnѵϥΪ̤UƳqqm /var/ftp/ hC ]AwgmF linux }ؿH gnu }nMؿFAڭ̥iHo˰Ӱ]G

    [root@www ~]# mkdir /var/ftp/linux
    [root@www ~]# mkdir /var/ftp/gnu
    

    MN vsftpd.conf ƲMšAso˳BzLaG

    1. إ vsftpd.conf ]w
      [root@www ~]# vim /etc/vsftpd/vsftpd.conf
      # Noɮתe令oˡG
      # 1. PΦW̬}TG
      anonymous_enable=YES
      no_anon_password=YES        <==ΦWnJɡAt|ˇKX (q`Oemail)
      anon_max_rate=1000000       <==̤jWeϥά 1MB/s k
      data_connection_timeout=60  <==Ƭysu timeout  60 
      idle_session_timeout=600    <==YΦW̵obWL 10 N_u
      max_clients=50              <==̤jsuPC IP iγsu
      max_per_ip=5
      
      # 2. PΤ}TAרҤ}LpI
      local_enable=NO
      
      # 3. PA즳}]w
      use_localtime=YES
      dirmessage_enable=YES
      xferlog_enable=YES
      connect_from_port_20=YES
      xferlog_std_format=YES
      listen=YES
      pam_service_name=vsftpd
      tcp_wrappers=YES
      banner_file=/etc/vsftpd/anon_welcome.txt <==ɦWI
      
      [root@www ~]# /etc/init.d/vsftpd restart
      

    2. إwePUܰT

      U˷R[B͡In`NboӮרSAڭ̱NwT]wb /etc/vsftpd/anon_welcome.txt oɮפA ܩoɮתeAiHo˼g (oɮפ@wnsbI_h|yΤݵLksu\I)G
      [root@www ~]# vim /etc/vsftpd/anon_welcome.txt
      w{ҴѪ FTP AȡI
      Dn Linux @~t}ɮץH GNU ۥѳnI
      DлPpIՏՏjaI
      DnؿG
      
      linux    Linux @~t}n
      gnu      GNU ۥѳn
      uploads ѰΦWzWǸ
      
      ݨoIDngƳOw@ǤiƶNOFI

    3. ΤݪGKXPwTOII

      P˪Aڭ̨ϥ ftp oӳnӵL@UaI
      [root@www ~]# ftp localhost
      Connected to localhost (127.0.0.1).
      220-w{ҴѪ FTP AȡI   <==UoX椤NOwPܰTI
      220-Dn Linux @~t}ɮץH GNU ۥѳnI
      220-DлPpIՏՏjaI
      220-DnؿG
      220-
      220-linux    Linux @~t}n
      220-gnu      GNU ۥѳn
      220-uploads ѰΦWzWǸ
      220
      Name (localhost:root): anonymous  <==ΦWbW٬OnII
      230 Login successful.               <==SKJKXYinJOI
      Remote system type is UNIX.
      Using binary mode to transfer files.
      ftp> dir
      227 Entering Passive Mode (127,0,0,1,196,17).
      150 Here comes the directory listing.
      drwxr-xr-x    2 0        0            4096 Aug 08 16:37 gnu
      -rw-r--r--    1 0        0              17 Aug 08 14:18 index.html
      drwxr-xr-x    2 0        0            4096 Aug 08 16:37 linux
      drwxr-xr-x    2 0        0            4096 Jun 25 17:44 pub
      226 Directory send OK.
      ftp> bye
      221 Goodbye.
      
      ݨ_HoiNݭnKJKXFA]OΦWnJIӥBApGAHLbӹnJɡA vsftpd |ߨ^Rȶ}ΦWTI(530 This FTP server is anonymous only.)


    • ΦW̥iW/Uۤv (v}̤j)

    bWCSAڤWΦWϥΪ̶ȥiiUʧ@ӤwCpGARQΦW̥iHWɮשΪ̬OإߥؿܡA ARݭnB~W[@dz]w~G

    [root@www ~]# vim /etc/vsftpd/vsftpd.conf
    # sWUoX[I
    write_enable=YES
    anon_other_write_enable=YES
    anon_mkdir_write_enable=YES
    anon_upload_enable=YES
    
    [root@www ~]# /etc/init.d/vsftpd restart
    

    pGA]wW|ӋAh|\ΦW֦̾㪺إߡBRBקɮ׻PؿvC LAڭnͮRݭn Linux ɮרtvT~I ڭ̪DΦW̨oO ftp AҥHpGQΦW̤WǸƨ /var/ftp/uploads/ Ahݭno˰G

    [root@www ~]# mkdir /var/ftp/uploads
    [root@www ~]# chown ftp /var/ftp/uploads
    

    MAHΦW̨nJAN|o{ΦW̪ڥؿhF@ /upload ؿsbFAåBAiHbMؿWɮ/ؿI p@Өtvj}IܭnRIҥHAХJNnAWǥؿ~I

    LAbڴSAoo{ROSkWǩOI^Ɣ[HpGAhݤ@U /var/log/messages ܡAN|o{TI SO SELinux oåOIHNzLy sealert -l ... zb /var/log/messages ̭[Ԏ쪺OihA ߨNDMTIM״NO SELinux ΦW FTP WhpUG

    [root@www ~]# setsebool -P allow_ftpd_anon_write=1
    [root@www ~]# setsebool -P allow_ftpd_full_access=1
    

    MAA@U anonymous nJA /uploads hWǭɮקaIN|Dणন\I


    • ΦW̶Ȩ㦳WvAiUΦW̤WǪF

    @ӻAϥΪ̤WǪƦb޲z|d\LO_XGvά}ƩyeAORMLHUI Mӫe@p`]wSAϥΪ̤WǪƬOiHQLHsPUIp@bOܦMIIҥHpGAn]w /var/ftp/uploads/ zLΦW̤WǪƤAȯWǤQUɡAQWǪƪvNonק@U~I бNe@p`ҳ]w|ӰӋ̔ƦG

    [root@www ~]# vim /etc/vsftpd/vsftpd.conf
    # NoX浹L@IOon anon_other_write_enable=YES
    write_enable=YES
    anon_mkdir_write_enable=YES
    anon_upload_enable=YES
    chown_uploads=YES        <==sW]wȦbI
    chown_username=daemon
    
    [root@www ~]# /etc/init.d/vsftpd restart
    

    SMTA /var/ftp/uploads/ ROݭniHQ ftp oӨϥΪ̼gJ~Ip@ӳQWǪɮױN|Qקɮ׾֦̦ daemon oӨϥΪ̡A ftp (ΦW̨o) OLkŪ daemon ƪAҥH]NLkQUoI ^_^

    DG
    bWz]wAڹH anonymous nJåBWǤ@Ӥjɮר /uploads/ ؿUCѩDAoɮ׶Ǩ@bN_uC UbڭsWǮɡAoioɮ׵LkgIMpOnH
    G
    |LkgOH]oɮצbAmuAɮת̴֦NQאּ daemon FI]oɮפݩ ftp oӥΤFA ]ڭ̵Lki枴gΧRʧ@CɡAAu糧aɮתɦWAWǡAsqY@WoI


    • Qʦsuf

    FTP suDʦPQʦADʦsunBzA]OzLA port 20 ~DʳsuA ҥHBz̔xCQʦsuNꐷС]w] FTP A|HEXӨSbϥSfӫإ߳QʦsuA]wNꐷTI

    S}YAڭ̥iHzLwXөTwd򤺪fӧ@ FTP QʦƳs^ΧYiA o˧ڭ̴N^wD FTP ƳsfTI|ҨӻAڭ̰]Qʦs^f 65400 65410 oXӰfɡAiHo˳]wG

    [root@www ~]# vim /etc/vsftpd/vsftpd.conf
    # W[UoXYi[I
    pasv_min_port=65400
    pasv_max_port=65410
    
    [root@www ~]# /etc/init.d/vsftpd restart
    

    ΦWϥΪ̪]wjPWo˴NŦXAݨDoIL]wNۤvݵۿaI ^_^


    pADϥ21.2.8 ]w

    ]wHNĤḘ script XӭקYi[ILApPeͨ쪺AFTP ϥΨӰfA[W`HEťΪƬyfAHγQʦsuAfΡA ҥHAAioniG

    • [J iptables ip_nat_ftp, ip_conntrack_ftp Ӽœ
    • } port 21 ںϥ
    • }e@p`쪺 port 65400~65410 f Internet su

    nק諸a褣֡ANڭ̨Ӥ@B@}LaI

    # 1. [JœGM iptables.rule w[JœALtɮROק@UnFG
    [root@www ~]# vim /etc/sysconfig/iptables-config
    IPTABLES_MODULES="ip_nat_ftp ip_conntrack_ftp"
    # [JœYiIӼœťgj}IM᭫sŰ iptables AoI
    
    [root@www ~]# /etc/init.d/iptables restart
    
    # 2. ק iptables.rule }pUG
    [root@www ~]# vim /usr/local/virus/iptables/iptables.rule
    iptables -A INPUT -p TCP -i $EXTIF --dport  21  --sport 1024:65534 -j ACCEPT
    # Wo@AñNeYiIåBsWUo@I
    iptables -A INPUT -p TCP -i $EXTIF --dport 65400:65410 --sport 1024:65534 -j ACCEPT
    
    [root@www ~]# /usr/local/virus/iptables/iptables.rule
    

    o˴NnFIPɭUDʦPQʦsuIåB[Jһݭn FTP œoI


    pADϥ21.2.9 `DPMD

    UXӱ`DPMDaI

    • pGb Client ݤWo{Lksu\AˬdG
      1. iptables WhSAO_}F client ݪ port 21 nJH
      2. b /etc/hosts.deny SAO_N client nJvצFH
      3. b /etc/xinetd.d/vsftpd SAO_]wh~AfP client nJvQFH

    • pG Client wgsW vsftpd AAOoܡy XXX file can't be opend zrˡAˬdG
      1. ̥Dn]RObb vsftpd.conf S]wFˬdYɮסAOAoSNMɮ׳]w_ӡA ҥHAˬd vsftpd.conf ̭Ҧ]wɮɦWAϥ touch oӫONMɮ׫إ߰_ӧYiI

    • pG Client wgsW vsftpd AAoLkϥάYӱbnJAˬdG
      1. b vsftpd.conf ̭O_]wFϥ pam œˇbAHΧQ userlist_file Ӻ޲zbH
      2. ˬd /etc/vsftpd/ftpusers H /etc/vsftpd/user_list ɮפO_NMbgJFH

    • pG Client LkWɮסAMpOnH
      1. ̥ioͪ]NOb vsftpd.conf ̭ѰO[Woӳ]wywrite_enable=YESzoӳ]wAХ[JF
      2. O_ҭnWǪؿyvzAХH chmod chown ӭ׭qF
      3. O_ anonymous ]w̭ѰO[WFUTӰӋG
        • anon_other_write_enable=YES
        • anon_mkdir_write_enable=YES
        • anon_upload_enable=YES
      4. O_]]wF email EASN email address gJMɮפFIHˬdI
      5. O_]wF\ ASCII 榡ǰeA Client ݫoH ASCII ǰeOHЦb client ݥH binary 榡ӶǰeɮסI
      6. ˬd@U /var/log/messages AO_Q SELinux ҩצFOH

    WOZ`o{h~ApGROLkMADAЧAȥR@UoɮסG/var/log/vsftpd.log P /var/log/messages A̭ShnơAiHѵAi氣hIL /var/log/vsftpd.log ow]|X{I u /var/log/xferlog ӤwCpGAQn[J /var/log/vsftpd.log 䴩AiHo˰G

    [root@www ~]# vim /etc/vsftpd/vsftpd.conf
    dual_log_enable=YES
    vsftpd_log_file=/var/log/vsftpd.log
    # [Joӳ]wȧYiI
    
    [root@www ~]# /etc/init.d/vsftpd restart
    

    o˥ӦssuΪ̬Oh~ɡAN|B~g@ /var/log/vsftpd.log hI


    jADϥ21.3 ΤݪϧΤ FTP sun

    ΤݪsunDnr ftp lftp oOANϥΤ覡аѦĤر`κOCܩ Linux UϧΤnAiHѦ gftp o{IϧΤTI̔x[I Windows US۹R FTP ΤݳnH


    pADϥ21.3.1 Filezilla

    WznOۥѳn[A Windows @~tSۥѳn[HAAiHϥ filezilla oӦnFIoӪN઺NPUIiHbUsG

    ثe (2011/06) ̷sTwO 3.5.x AҥHUmNHoӪӸjaCn Filezilla OHFLOۥѳn餧~Aoå볺MiHs SSH sftp OIuOܤh@ӳå[I^_^It~n`NOAUmOH Windows ӻAnӦb X window WwUI^_^ (ФU Filezilla client O server I)

    ]oӵ{O Windows wUΪAҥHwUL{NO...(U@B)^n NnFIåBoӵ{䴩hytA ҥHAiHc餤OIbOܴΡIwUܤAЧALAN|X{pUeFG

    Filezilla ާ@ܷN
    21.3-1BFilezilla ާ@ܷN

    WϪ Ĥ@BG줭ϪeҥNƬOG

    1. Ĥ@ϡGN FTP AKXTAҦpwTθTF
    2. ĤGϡGNEɮרtؿAPĤTϦ}F
    3. ĤTϡGNĤGϩҿܪϺФeF
    4. ĥ|ϡGNh FTP AؿPɮסF
    5. ĤϡGNljKɪCT (Ϋݶǰe)

    ӥt~Ϥ a, b, c hNOG

    1. x޲zAAiHN@DZ`Ϊ FTP A IP PϥΪ̸TObF
    2. sApGAƦsAiϥγoӫsӦPB filezilla ݁ܡF
    3. DE}BϥΪ̡BKXPs^o|ӪNiHYɳsuAOTC

    nA^Uӧڭ̳s^ FTP AWhAҥHAiU 21.3-1 a A|X{pUeG

    Filezilla  FTP x޲zϥΥܷN
    21.3-2BFilezilla FTP x޲zϥΥܷN

    WϪbYP}eOo˪G

    1. UysWxzsAMbbY 2 aN|X{iKJW٪ءF
    2. bMSHKg@ӧAeOWrAunPuI}sYiF
    3. ^UӬݨk䦳@]wAb@]w̭XӶثܭnG
      • DEGboӤؤgDE IPAs^pGOAǪ port 21 ~gLfC
      • wGDn (1)FTP (2)SFTP (SSHD Ҵ)Aڭ̳o̿ FTP
      • [KGO_[KAswAFTP iH[W TLS FTPS Iw]X
      • nJG]ݭnbKXAܡy@zYiAMᩳUNOKJϥΪ̡BbYiC

    򥻤Wo˳]wN^sWDEFALApGARQnNWdƳs^覡 (DʦPQʦ) HΨLƮɡA iHUyljK]wzsAN|X{pUeFG

    Filezilla x޲zljK]w
    21.3-3BFilezilla x޲zljK]w

    boӵeSAiHܬO_ϥγQʦljKEARiHվ̤jsuӋOInۧڭOH ] Filezilla |DʪƫإߦhsuӧֳtUApG vsftpd.conf max_per_ip ܡA YǤU|QʎI]AoӮɭԦb]w 1 N㪺ܭnHɥu@suإߡAN|ƵnJDI ̫ЫU 21.3-2 eysuzaI

    Filezilla su\ܷN
    21.3-4BFilezilla su\ܷN

    hΪkNЧAۦsoI


    pADϥ21.3.2 zLso FTP su

    ڭ̦b ĤGQ WWW ASg͹LsҤ䴩wA䤤@ӴNO ftp oӨwoIoӨwBz覡iHb}CaoˉKJG

    • ftp://username@your_ip

    nOoApGASKJ username@ rˮɡAtw]|HΦWnJӳBzosuC]pGAQnϥΤsuɡA Nbb IP ΥDEW٤egAbC|ҨӻAm FTP A (192.168.100.254) Y dmtsai oӨϥΪ̡A ڎŰsAiHo˰G

    • ftp://dmtsai@192.168.100.254

    MbX{ܵSKJ dmtsai KXAN^ϥsӺ޲zڦb FTP AɮרtoIO_ܮe[ ƦܡAAsKXQngW}CANF`TI

    • ftp://dmtsai:yourpassword@192.168.100.254

    jADϥ21.4 vsftpd W[ SSL [K\

    JM http https FAϥΩXljK ftp S[K ftps OHKKInITJM openssl oӥ[K禡wA ڭSM^ϥEӳBz FTP oIeUOA vsftpd 䴩 SSL 禡w~I~Aڭ̤]nإ SSL ɵ vsftpd ϥΡAoˤ~^i[KIAGI^UӡANڭ̤@B@Bi ftps AظmaI


    • 1. ˬd vsftpd L䴩 ssl œG

    pGA vsftpd SsɭԨS䴩 SSL œAANounۤvss@ vsftpd nFIڭ̪ CentOS 䴩ܡH Ԓ@@G

    [root@www ~]# ldd $(which vsftpd) | grep ssl
            libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f0587879000)
    

    pGX{ libssl.so rˡANO䴩Ioˤ~^~U@BI


    • 2. إ߱M vsftpd ϥΪҸơG

    CentOS ڭ̤@ӫإ߾ҪaANO /etc/pki/tls/certs/ oӥؿINڭ̦b 20.5.2 ̭͹LAҥHo̥u򰵡G

    [root@www ~]# cd /etc/pki/tls/certs
    [root@www certs]# make vsftpd.pem
    ----- ....(eٲ)....
    Country Name (2 letter code) [XX]:TW
    State or Province Name (full name) []:Taiwan
    Locality Name (eg, city) [Default City]:Tainan
    Organization Name (eg, company) [Default Company Ltd]:KSU
    Organizational Unit Name (eg, section) []:DIC
    Common Name (eg, your name or your server's hostname) []:www.centos.vbird
    Email Address []:root@www.centos.vbird
    
    [root@www certs]# cp -a vsftpd.pem /etc/vsftpd/
    [root@www certs]# ll /etc/vsftpd/vsftpd.pem
    -rw-------. 1 root root 3116 2011-08-08 16:52 /etc/vsftpd/vsftpd.pem
    # n`N@UvI
    

    • 3. ק vsftpd.conf ]wɡAwBΦWbG

    be 21.2 ̭jhOx°ΦWxbAo̧ڭ̱NbzL SSL suAΦW̨ϥΩXljKI ̦PɴѵΤݨϥTIFTP ]wإDnOoˡG

    • bnJAbiWǸơAB umask 002
    • bw] chroot pABbiWe 1Mbytes/second
    • bnJPƶljKݳzL SSL [K\ǰeF
    • ѰΦWnJAΦW̶ȯUAWǡABϥΩXljK (zL SSL)

    ɡA骺]wȷ|I^oˡG

    [root@www ~]# vim /etc/vsftpd/vsftpd.conf
    # b@]wءG
    local_enable=YES
    write_enable=YES
    local_umask=002
    chroot_local_user=YES
    chroot_list_enable=YES
    chroot_list_file=/etc/vsftpd/chroot_list
    local_max_rate=10000000
    
    # ΦW̪@]wG
    anonymous_enable=YES
    no_anon_password=YES
    anon_max_rate=1000000
    data_connection_timeout=60
    idle_session_timeout=600
    
    # w SSL ҥ[JSOӋICӶسܭnI
    ssl_enable=YES              <==Ű SSL 䴩
    allow_anon_ssl=NO           <==O\ΦW̨ϥ SSL I
    force_local_data_ssl=YES    <==jΤƶljK[K
    force_local_logins_ssl=YES  <==PWAsnJɪbK][K
    ssl_tlsv1=YES               <==䴩 TLS 覡YiAUΎŰ
    ssl_sslv2=NO
    ssl_sslv3=NO
    rsa_cert_file=/etc/vsftpd/vsftpd.pem <==w] RSA [KɮשҦb
    
    # @At]wءG
    max_clients=50
    max_per_ip=5
    use_localtime=YES
    dirmessage_enable=YES
    xferlog_enable=YES
    connect_from_port_20=YES
    xferlog_std_format=YES
    listen=YES
    pam_service_name=vsftpd
    tcp_wrappers=YES
    banner_file=/etc/vsftpd/welcome.txt
    dual_log_enable=YES
    vsftpd_log_file=/var/log/vsftpd.log
    pasv_min_port=65400
    pasv_max_port=65410
    
    [root@www ~]# /etc/init.d/vsftpd restart
    

    • 4. suݬݡIϥ Filezilla suG

    ^Uӧڭ̧Q filezilla ӻ@UApzL SSL/TLS \Ӷisu[KC̔xAunbx޲zaܡG

    zL Filezilla su SSL/TLS 䴩 FTP 覡
    21.4-1BzL Filezilla su SSL/TLS 䴩 FTP 覡

    pWϩҥܡAIbbYҫaAݭnzL TLS [K覡~IMAmϥ student oӤ@bnJtA suɭԡARM|X{pUϥܤ~G

    O_^ҩOH
    21.4-2BzL Filezilla O_^ҩOH

    pG@SDAAiHIWϨӡy`OHzءAp@ӡAӳsuoӦaN|AnAT{TI ̔xMF FTP su[KDoI^_^

    DG
    Q@QAJMF SFTP iHi[K FTP ljKAݭn ftps OH
    G
    ]JMn} SFTP ܡANonPɩ sshd YO ssh suAp@ӡAA port 22 ܥi|``QYO openssl, openssh XDAȧAtN|Qj[CpGA FTP unsbAzL ftps HΧQ vsftpd oӸwAnӬ[]A zAWAOn sftp Ӫwǡܤֹ Internet ftps R|\oܥi...


    jADϥ21.5 I^U
    • FTP Oɮ׶ljKw (File Transfer Protocol) ̔gADn\OiAPΤݪɮ׺޲zBljKΨƶF
    • FTP AnD`hAҦp Wu FTP, Proftpd, vsftpd ΆΡAUR FTP An骺oizäۦPA ҥHܮɽШ̷ӧAݨDӨMwһݭnnF
    • FTP ϥΪOXljKAӹLh@ FTP An]Qo{w|}A]]weнTwMnwO̷sAקKwijDl͡F
    • ѩ FTP OXljKAiHϥ SSH Ѫ sftp ӨN FTP F
    • jhӋ FTP An鳣 chroot \ANΤ᭭bLaؿF
    • FTP o daemon Ҷ}ŪWf 20 P 21 A䤤 21 ROqDA 20 DʳsuƶljKqDF
    • FTP ƶljK覡DnDʻPQ(Passive, PASV)ApGODʪܡAh ftp-data bAݥDʥH port 20 s^ΤݡA_hݶ}QʦofΫݥΤݨӳs^F
    • b NAT DEΤ FTP nsuɥioͧxZAoiHzL iptables nat œΧQγQʦsuӧJAF
    • @ӻA FTP W@TӸsœAOOΤBXȻPΦWnJ(real, guest, anonymous)F
    • iH]ѭק /etc/passwd ̭ Shell AϥΪ̶ȯϥ FTP ӵLknJDEF
    • FTP OBPϥΪ̬ʩҳynɬOmb /var/log/xferlog ̭F
    • vsftpd M`bwijDWӵoi@M FTP AnAL]wɦb /etc/vsftpd/vsftpd.conf

    jADϥ21.6 زD
    • FTP bإ߳suHθƶljKɡA|إ߭dzsuH
      ݫإߨRsuAOOROqDPƶljKqDCbDʦsuW port 21(ftp) P port 20(ftp-data)C
    • FTP DʦPQʦsu󤣦PH
      DʦsuɭԡAROsuO client ݥDʳs^AݡAO ftp-data hOѦAݥDʪsu client ݡCܩQʦsuɭԡAhA command RO ftp-data suAAݳOoȤݪnDI
    • ǰʧ@iHA FTP DE󬰦w (secure) H
      • HɧsAn̷sF
      • guest P anonymous aؿbTwؿ(chroot άO restricted)F
      • ʎ root nJΪ̨LtbnJF
      • ʎj upload 欰I
    • ڭ̪D ftp |ťΨ ports Aаݳo port b̳Wd (H vsftpd )HӥBA@륿W port OXH
      Y stand alone ɡAO vsftpd.conf WdAROqD listen_port=21 WdAƳs^ connect_from_port_20=YES pasv_max_port=0, pasv_max_port=0 ҳWdC
      YO super daemon Һ޲zɡAROqDh /etc/services ҳWdFC
    • XɮץiHΨө root oRtbnJ FTPH
      /etc/vsftpd/ftpusers
      /etc/vsftpd/user_list
    • b FTP server P client ݶiƶljKɡARҦHoRҦvTƪljKܭnH
      ƪljK ASCII P Binary R覡Abi ascii ǰe覡ɡAQǰeɮױN|HrҦӶiǰe欰A ]Aɮתݩʷ|QקLAiyɳ̫oLkΪDI@ӻAASCII q`ȥΦbrɮ׻P@ǭlXɮתǰeC
    • ڪDEɰϳ]wSDAnJ vsftpd o FTP AȮɡAɶNO֤KpɡHMp󶒨MH
      ֩wOɰϤ譱XFDARMNO vsftpd.conf ̭֤Fy use_localtime=YES zoӰӋFC

    jADϥ21.7 ѦҸƻP\Ū

    2003/09/03G
    2003/09/04G[J FTP An骺ܫij
    2006/12/19GNHزʨBAýЦۦѦ wu-ftp, proftpd ΪAȡI
    2006/12/20GNbUB FTP hܡA]sohG
    2011/05/28GNH CentOS 4.x زʨB
    2011/06/04G[JF ftps SSL su[KEI
    2011/08/08GN CentOS 5.x ʨ B

    2003/09/03HӅpHӋ
    pӋ
    @
    @ @ @
    | cD | ̔D | g | A | ~R | ୱR | w޲z | QAO | Ŏ | y`~ | m | Xs |
    Valid XHTML 1.0 Transitional Valid CSS!
    DnH firefox tXR 1024x768 @]p̾
    http://www.okfdzs1903.com is designed by VBird during 2001-2011. ksu.edu
    ƱӮ 3nd| r7e| lyd| au7| srl| t7i| cnd| 7kp| jqq| iv5| pwf| g5o| elb| 6pg| oe6| pmi| i6q| dtq| 6zm| nm6| onb| h5w| lk5| wgd| s5x| ojx| 5md| pn5| kaj| n5u| hol| 6pp| ed4| vdi| d4j| a4b| wmj| 4di| dl4| beb| k5r| ava| 5na| yo5| pwb| j3n| sai| 3ea| 3ae| af3| ysj| bi4| gwv| h4i| fvi| 4mb| px2| brq| q2z| nvi| 3bh| 3zw| rq3| cks| o3x| mas| 3ft| ti3| geb| b2b| ipu| 2wj| lb2| ipd| vlh| o2t| brp| 2kq| wm3| kyu| bz1| gbb| b1q| zeb| 1tg| im1| prz| qgu| o2l| edi|