-
Notifications
You must be signed in to change notification settings - Fork 7
/
vsftpd.conf Anonymous Uploads
155 lines (143 loc) · 6.14 KB
/
vsftpd.conf Anonymous Uploads
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
#========================================================================================
# CONFIG FOR VSFTPD SERVER THAT SECURELY ALLOWS ANONYMOUS UPLOADS AND LOCAL USER SIGN IN
#========================================================================================
# VSFTPD is a pain in the butt with anonymous uploads. You need the below configured before connecting to the FTP server.
# Once all the below is configured connect to the FTP server
# Then you need too change the permissions on /var/ftp/public by doing ```sudo chmod a+w /var/ftp/public```
# You can now upload files. If you disconnect or restart vsftpd.service and try to reconnect vsftpd will not let you
#
# INSTALL COMMAND:
# sudo apt update && apt install -y vsftpd
#
# GENERATE CERTIFICATES IF YOU WISH TO USE SSL
# sudo openssl req -x509 -nodes -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/certs/vsftpd.crt -days 365 -newkey rsa:2048
# NOTE: If you do not want to use SSL be sure to comment out the SSL values in the CONFIGURED SETTINGS section below and set ssl_enable=NO
#
# CREATE DIRECTORY FOR ANONYMOUS USER TO DOWNLOAD FROM
# sudo mkdir -p /var/ftp/public/files
# sudo chown nobody:nogroup /var/ftp/public
# sudo chmod 664 /var/ftp/public
# sudo chmod a+w /var/ftp/public/files
# sudo useradd ftpsecure
# DEBIAN: sudo touch /etc/vsftpd.email_passwords
# DEBIAN: sudo vim /etc/vsftpd.email_passwords # PLACE EMAIL ADDRESSES IN THIS FILE THAT CAN BE USED AS PASSWORDS TO SIGN IN WITH ANONYMOUS ACCESS
# DEBINA: sudo chmod 640 /etc/vsftpd.email_passwords
# RHEL: sudo touch /etc/vsftpd/email_passwords
# RHEL: sudo vim /etc/vsftpd/email_passwords # PLACE EMAIL ADDRESSES IN THIS FILE THAT CAN BE USED AS PASSWORDS TO SIGN IN WITH ANONYMOUS ACCESS
# RHEL: sudo chmod 640 /etc/vsftpd/email_passwords
#
# DOWNLOAD AND USE THIS CONFIGURATION FILE
# DEBIAN: sudo mv /etc/vsftpd.conf /etc/vsftpd.conf.orig && echo "[*] Created backup of original /etc/vsftpd.conf file at /etc/vsftpd.conf.orig"
# DEBIAN: sudo wget https://raw.githubusercontent.com/OsbornePro/ConfigTemplates/main/vsftpd.conf%20Anonymous%20Uploads -O /etc/vsftpd.conf
# DEBIAN: sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.bak && echo "[*] Create backup of active /etc/vsftpd.conf file at /etc/vsftpd.conf.bak"
# RHEL: sudo mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.orig && echo "[*] Created backup of original /etc/vsftpd/vsftpd.conf file at /etc/vsftpd/vsftpd.conf.orig"
# RHEL: sudo wget https://raw.githubusercontent.com/OsbornePro/ConfigTemplates/main/vsftpd.conf%20Anonymous%20Uploads -O /etc/vsftpd/vsftpd.conf
# RHEL: sudo cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.bak && echo "[*] Create backup of active /etc/vsftpd/vsftpd.conf file at /etc/vsftpd/vsftpd.conf.bak"
#
# CONFIGURE FIREWALL RULES TO ALLOW FTP USING WHATEVER FIREWALL YOu USe
# FIREWALL-CMD
# sudo firewall-cmd --zone=public --add-port=21/tcp --permanent
# sudo firewall-cmd --zone=public --add-port=20/tcp --permanent
# sudo firewall-cmd --zone=public --add-port=40000-41000/tcp
# sudo firewall-cmd --reload
# IPTABLES
# iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
# iptables -A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
# iptables -A OUTPUT -p tcp -m tcp --sport 21 -j ACCEPT
# iptables -A OUTPUT -p tcp -m tcp --sport 20 -j ACCEPT
# iptables -A INPUT -p tcp -m tcp --dport 40000:41000 -j ACCEPT
# iptables -A OUTPUT -p tcp -m tcp --sport 40000:41000 -j ACCEPT
# sudo service iptables restart
# UFW
# sudo ufw allow 20:21/tcp
# sudo ufw allow 40000:41000/tcp
# sudo ufw reload
# OR
# sudo ufw allow ftp-data
# sudo ufw allow ftp
# sudo ufw reload
#
#------------------------------------------------------------------------------
# CONFIGURED SETTINGS
#------------------------------------------------------------------------------
anonymous_enable=YES
anon_root=/var/ftp/public/
local_enable=NO
tcp_wrappers=YES
allow_writeable_chroot=YES
guest_enable=YES
guest_username=ftp
chown_uploads=YES
chown_username=ftp
# ANONYMOUS USER PASSWORD SETTINGS
no_anon_password=NO
secure_email_list_enable=YES
# FOR secure_email_list_enable YOU NEED TO ADD EMAIL ADDRESSES/PASSWORDS ONE PER LINE TO THE FILE /etc/vsftpd.email_passwords
# LIMIT COMMANDS THAT CAN BE EXECUTED. SEPARATE MULTIPLE VALUES WITH A COMMA
#cmds_allowed=ABOR,ACCT,ALLO,APPE,BINARY,CDUP,CWD,DELE,EPRT,EPSV,FEAT,HELP,LIST,MDTM,MODE,NLST,NOOP,OPTS,PASS,PASV,PORT,PWD,QUIT,REIN,REST,RETR,RMD,RNFR,RNTO,SITE,SIZE,SMNT,STAT,STOR,STOU,STRU,SYST,TYPE,USER,XCUP,XCWD,XPWD,XRMD
#cmds_denied=GET,MGET,RM,RMD,RMDIR,XRMD,MKD,MKDIR,XMKD
# PREVENT DOWNLOAD
download_enable=NO
# ALLOW UPLOADS
write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
# PERMISSIONS
local_umask=022
anon_umask=077
ascii_upload_enable=NO
ascii_download_enable=NO
async_abor_enable=YES
ls_recurse_enable=NO
hide_ids=YES
nopriv_user=ftpsecure
secure_chroot_dir=/var/run/vsftpd/empty
# LISTENER
listen=YES
listen_ipv6=NO
connect_from_port_20=YES
pasv_min_port=40000
pasv_max_port=41000
# LOG SETTINGS
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
log_ftp_protocol=YES
vsftpd_log_file=/var/log/vsftpd.log
dual_log_enable=YES
syslog_enable=NO
# SESSION SETTINGS
session_support=YES
idle_session_timeout=60
data_connection_timeout=120
accept_timeout=60
connect_timeout=60
anon_max_rate=30000
# BANNER CAN BE
ftpd_banner=FTP Anonymous Upload Server
# OR
#banner_file=/etc/vsftpd.welcome_banner
# OTHER SETTINGS
utf8_filesystem=YES
one_process_model=YES
pam_service_name=ftp
# --------------------------------------------------------------------
# UNCOMMENT BELOW SETTINGS TO USE FTP OVER SSL
#---------------------------------------------------------------------
# CHANGE BELOW TO ssl_enable=YES to use FTP over SSL
ssl_enable=YES
debug_ssl=YES
rsa_cert_file=/etc/ssl/certs/vsftpd.crt
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_ciphers=HIGH
allow_anon_ssl=YES
implicit_ssl=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO