[Linxu]CentOS6.3にProFTPDを設定する
■インストールする
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
#yum install proftpd ======================================================================================= Package Arch Version Repository Size ======================================================================================= Installing: proftpd x86_64 1.3.4a-1.el6.rf rpmforge 2.0 M Installing for dependencies: perl-Mail-Sendmail noarch 0.79-12.el6 epel 28 k perl-Time-HiRes x86_64 4:1.9721-130.el6_4 updates 47 k Transaction Summary ======================================================================================= Install 3 Package(s) Total download size: 2.1 M Installed size: 6.8 M Is this ok [y/N]: y Downloading Packages: (1/3): perl-Mail-Sendmail-0.79-12.el6.noarch.rpm | 28 kB 00:00 (2/3): perl-Time-HiRes-1.9721-130.el6_4.x86_64.rpm | 47 kB 00:00 (3/3): proftpd-1.3.4a-1.el6.rf.x86_64.rpm | 2.0 MB 00:03 ---------------------------------------------------------------------------------------- Total 668 kB/s | 2.1 MB 00:03 warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 Importing GPG key 0x0608B895: Userid : EPEL (6) <epel@fedoraproject.org> Package: epel-release-6-8.noarch (@epel/6.4) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 Is this ok [y/N]: y Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : 4:perl-Time-HiRes-1.9721-130.el6_4.x86_64 1/3 Installing : perl-Mail-Sendmail-0.79-12.el6.noarch 2/3 Installing : proftpd-1.3.4a-1.el6.rf.x86_64 3/3 Verifying : proftpd-1.3.4a-1.el6.rf.x86_64 1/3 Verifying : perl-Mail-Sendmail-0.79-12.el6.noarch 2/3 Verifying : 4:perl-Time-HiRes-1.9721-130.el6_4.x86_64 3/3 Installed: proftpd.x86_64 0:1.3.4a-1.el6.rf Dependency Installed: perl-Mail-Sendmail.noarch 0:0.79-12.el6 perl-Time-HiRes.x86_64 4:1.9721-130.el6_4 Complete! |
■設定ファイル(/etc/proftpd.conf)の編集
・起動方法
#ServerType standalone
ServerType inetd
・デフォルトルート
DefaultRoot ~/public_html !adm
ユーザディレクトリ配下のpublic_htmlに設定した
・Logの設定
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
LogFormat default "%h %l %u %t \"%r\" %s %b" LogFormat auth "%v [%P] %h %t \"%r\" %s" LogFormat allinfo "%t: %u(%a[%h]):[%s],%T,%m(%f)" LogFormat write "%t: %u: %F(%a)" LogFormat read "%t: %u: %F(%a)" ExtendedLog /var/log/proftpd/all.log ALL allinfo ExtendedLog /var/log/proftpd/write.log WRITE write ExtendedLog /var/log/proftpd/read.log READ read ExtendedLog /var/log/proftpd/auth.log AUTH auth |
■PAM設定(/etc/pam.d/proftpd)の編集
/var/log/secureに下記のようなメッセージが表示されていた
|
1 2 3 4 5 |
proftpd: PAM unable to dlopen(/lib64/security/pam_stack.so): /lib64/security/pam_stack.so: cannot open shared object file: No such file or directory proftpd: PAM adding faulty module: /lib64/security/pam_stack.so proftpd[2341]: 133.242.151.125 (153.131.182.25[153.131.182.25]) - USER wdp (Login failed): Incorrect password. |
PAMのアップデートでpam_stack.soがなくなったみたい。。
下記のように編集した。
|
1 2 3 4 5 6 7 |
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth required pam_shells.so auth include system-auth account include system-auth session required pam_loginuid.so |
参考:http://blog.redbranch.net/2012/04/17/proftpd-centos-6-pam-unable-to-dlopen-lib64securitypam_stack-so/
