-
Notifications
You must be signed in to change notification settings - Fork 7
/
vsftpd.conf Anonymous Downloads
140 lines (128 loc) · 5.45 KB
/
vsftpd.conf Anonymous Downloads
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
#============================================================================
# CONFIG FOR VSFTPD SERVER THAT SECURELY ALLOWS ANONYMOUS DOWNLOADS
#============================================================================
# INSTALL COMMAND:
# sudo apt update && apt install -y vsftpd
#
# GENERATE CERTIFICATES IF YOU WISH TO USE SSL
# DEBIAN: sudo openssl req -x509 -nodes -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/certs/vsftpd.crt -days 365 -newkey rsa:2048
# REHL: sudo openssl req -x509 -nodes -keyout /etc/pki/tls/private/vsftpd.pem -out /etc/pki/tls/certs/vsftpd.crt -days 365 -newkey rsa:2048
# NOTE: If you do want to use SSL be sure to comment out the SSL values at the end of CONFIGURED SETTINGS section below and make ssl_enable=NO
#
# CREATE DIRECTORY FOR ANONYMOUS USER TO DOWNLOAD FROM
# sudo mkdir -p /var/ftp/public
# sudo chown nobody:nogroup /var/ftp/public
# sudo useradd ftpsecure
# sudo touch /etc/vsftpd/email_passwords
# sudo vi /etc/vsftpd/email_passwords # PLACE EMAIL ADDRESSES IN THIS FILE THAT CAN BE USED AS PASSWORDS TO SIGN IN WITH ANONYMOUS ACCESS
# sudo chmod 640 /etc/vsftpd/email_passwords
#
# DOWNLOAD AND USE THIS CONFIGURATION FILE
# DEBIAN: sudo mv /etc/vsftpd.conf /etc/vsftpd.conf.orig && echo "[*] Created backup of original /etc/vsftpd.conf file at /etc/vsftpd.conf.orig"
# RHEL: sudo mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.orig && echo "[*] Created backup of original /etc/vsftpd/vsftpd.conf file at /etc/vsftpd/vsftpd.conf.orig"
# DEBINA: sudo wget https://raw.githubusercontent.com/OsbornePro/ConfigTemplates/main/vsftpd.conf%20Anonymous%20Downloads -O /etc/vsftpd.conf
# RHEL: sudo wget https://raw.githubusercontent.com/OsbornePro/ConfigTemplates/main/vsftpd.conf%20Anonymous%20Downloads -O /etc/vsftpd/vsftpd.conf
# DEBINA: sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.bak && echo "[*] Create backup of active /etc/vsftpd.conf file at /etc/vsftpd.conf.bak"
# RHEL: sudo cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.bak && echo "[*] Create backup of active /etc/vsftpd/vsftpd.conf file at /etc/vsftpd/vsftpd.conf.bak"
#
# CONFIGURE FIREWALL RULES TO ALLOW FTP USING WHATEVER FIREWALL YOu USe
# FIREWALL-CMD
# sudo firewall-cmd --zone=public --add-port=21/tcp --permanent
# sudo firewall-cmd --zone=public --add-port=20/tcp --permanent
# sudo firewall-cmd --zone=public --add-port=40000-41000/tcp
# sudo firewall-cmd --reload
# IPTABLES
# iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
# iptables -A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
# iptables -A OUTPUT -p tcp -m tcp --sport 21 -j ACCEPT
# iptables -A OUTPUT -p tcp -m tcp --sport 20 -j ACCEPT
# iptables -A INPUT -p tcp -m tcp --dport 40000:41000 -j ACCEPT
# iptables -A OUTPUT -p tcp -m tcp --sport 40000:41000 -j ACCEPT
# sudo service iptables restart
# UFW
# sudo ufw allow 20:21/tcp
# sudo ufw allow 40000:41000/tcp
# sudo ufw reload
# OR
# sudo ufw allow ftp-data
# sudo ufw allow ftp
# sudo ufw reload
#
#------------------------------------------------------------------------------
# CONFIGURED SETTINGS
#------------------------------------------------------------------------------
anonymous_enable=YES
anon_root=/var/ftp/public/
local_enable=NO
# ANON USER PASSWORD SETTINGS
no_anon_password=NO
secure_email_list_enable=YES
# FOR secure_email_list_enable YOU NEED TO ADD EMAIL ADDRESSES/PASSWORDS ONE PER LINE TO THE FILE /etc/vsftpd.email_passwords
# ANONYMOUS USER CAN ONLY DOWNLOAD WORLD READABLE FILES
anon_world_readable_only=YES
# RESTRICT COMMANDS THAT CAN BE EXECUTED
#cmds_allowed=ABOR,ACCT,ALLO,APPE,BINARY,CDUP,CWD,DELE,EPRT,EPSV,FEAT,HELP,LIST,MDTM,MODE,NLST,NOOP,OPTS,PASS,PASV,PORT,PWD,QUIT,REIN,REST,RETR,RMD,RNFR,RNTO,SITE,SIZE,SMNT,STAT,STOR,STOU,STRU,SYST,TYPE,USER,XCUP,XCWD,XPWD,XRMD
cmds_denied=PUT,MPUT,RM,RMD,RMDIR,XRMD,MKD,MKDIR,XMKD
# PREVENT UPLOADS
write_enable=NO
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
# PERMISSIONS
local_umask=022
ascii_upload_enable=NO
ascii_download_enable=NO
async_abor_enable=YES
ls_recurse_enable=NO
hide_ids=YES
nopriv_user=ftpsecure
secure_chroot_dir=/var/run/vsftpd/empty
# LISTENER
listen=YES
listen_port=21
listen_ipv6=NO
connect_from_port_20=YES
pasv_min_port=40000
pasv_max_port=41000
# LOG SETTINGS
log_ftp_protocol=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=NO
syslog_enable=NO
dual_log_enable=YES
vsftpd_log_file=/var/log/vsftpd.log
# BANNER
ftpd_banner=FTP Anonymous Download Server
# OR
#banner_file=/etc/vsftpd.welcome_message
# SESSION SETTINGS
idle_session_timeout=60
data_connection_timeout=120
accept_timeout=60
connect_timeout=60
anon_max_rate=30000
# OTHER SETTINGS
utf8_filesystem=YES
one_process_model=YES
pam_service_name=ftp
# --------------------------------------------------------------------
# UNCOMMENT BELOW SETTINGS TO USE FTP OVER SSL
#---------------------------------------------------------------------
# CHANGE BELOW TO ssl_enable=NO if you do not want to use FTP over SSL
ssl_enable=YES
# COMMENT OUT ALL THE BELOW IF YOU DONT WANT TO USE FTP over SSL
debug_ssl=YES
rsa_cert_file=/etc/ssl/certs/vsftpd.crt
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_ciphers=HIGH
allow_anon_ssl=YES
implicit_ssl=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO