1. Langkah pertama Instalasi Paket
vsftpd
[root@voip-client ~]# yum install vsftpd
2. Lalu Konfigurasi
[root@voip-client ~]# vim /etc/vsftpd/vsftpd.conf
Yang perlu dirubah adalah:
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
ascii_upload_enable=YES
ascii_download_enable=YES
ftpd_banner=Welcome to FTP Server K-Place.
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
[root@voip-client ~]# yum install vsftpd
2. Lalu Konfigurasi
[root@voip-client ~]# vim /etc/vsftpd/vsftpd.conf
Yang perlu dirubah adalah:
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
ascii_upload_enable=YES
ascii_download_enable=YES
ftpd_banner=Welcome to FTP Server K-Place.
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
3. Kemudian buat user lokal dengan nama noc
[root@voip-client ~]# adduser noc
[root@voip-client ~]# passwd noc
Changing password for user noc.
New UNIX password:
BAD PASSWORD: it is too simplistic/systematic
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
4. Membuat file chroot_list
File ini berisi daftar user yang bisa mengakses FTP server.
[root@voip-client ~]# vim /etc/vsftpd/chroot_list
Isinya adalah :
noc
5. Restart Service FTP
[root@voip-client ~]# service vsftpd restart
[root@voip-client ~]# chkconfig vsftpd on
6. Cek konfigurasi FTP
[root@voip-client ~]# getsebool -a | grep ftp
nah dibagian ini gw mendapatkan status : getsebool: SELinux is disabled
maka untuk mengatasi hal tersebut aku edit file :
[root@voip-client ~]# vi /etc/selinux/config
dimana sebelumnya filenya :
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – SELinux is fully disabled.
SELINUX=disable
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted – Only targeted network daemons are protected.
# strict – Full SELinux protection.
SELINUXTYPE=targeted
aku edit menjadi :
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – SELinux is fully disabled.
SELINUX=permisive
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted – Only targeted network daemons are protected.
# strict – Full SELinux protection.
SELINUXTYPE=targeted
lalu aku reboot komputernya. Setelah komputer di reboot aku jalan kembali command :
[root@voip-client ~]# getsebool -a | grep ftp
allow_ftpd_anon_write –> off
allow_ftpd_full_access –> off
allow_ftpd_use_cifs –> off
allow_ftpd_use_nfs –> off
allow_tftp_anon_write –> off
ftp_home_dir –> on
ftpd_disable_trans –> off
ftpd_is_daemon –> on
httpd_enable_ftp_server –> off
tftpd_disable_trans –> off
apabila ftp_home_dir masih berstatus off, maka jalankan perintah :
[root@localhost]# setsebool -P ftp_home_dir on
[root@localhost]# iptables -F
No comments :
Post a Comment