Proftpd + MYSQL 연동

※ 설치 환경 : CentOS 7.5

1. proftpd 란

Proftpd란 보안과 기능에 중심을 둔 ftp데몬으로 vsftpd와 ftp서비스로 많이 사용합니다.

2. 설치

Mysql은 yum으로 설치 진행하였습니다. CentOS 7 의 경우 yum으로 설치시에는 Mariadb가 설치됩니다.
Mariadb의 패키지들을 설치한 뒤에 proftpd를 연동하였습니다.

Mariadb 확인

# rpm -qa | grep mariadb
mariadb-libs-5.5.60-1.el7_5.x86_64
mariadb-5.5.60-1.el7_5.x86_64
mariadb-server-5.5.60-1.el7_5.x86_64
mariadb-devel-5.5.60-1.el7_5.x86_64

Proftpd 다운로드 및 설치

# cd /usr/local/src
# wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.6.tar.gz
# tar xvfz proftpd-1.3.6.tar.gz
# cd proftpd-1.3.6/
# ./configure --prefix=/usr/local/proftpd \
--with-modules=mod_sql:mod_sql_mysql:mod_sql_passwd \
--with-includes=/usr/include/mysql --with-libraries=/usr/lib \
--enable-autoshadow --enable-shadow
# make && make install

설정 변경

# vi /usr/local/proftpd/etc/proftpd.conf

# This is a basic ProFTPD configuration file (rename it to
# ‘proftpd.conf’ for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# “nobody” and “ftp” for normal operation and anon.
ServerName “ProFTPD Default Installation”
ServerType standalone
DefaultServer on
# Port 21 is the standard FTP port.
Port 21
# Don’t use IPv6 support by default.
UseIPv6 off
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30
# Set the user and group under which the server will run.
User nobody
Group nobody // 기본값은 nogroup으로 되어있습니다. nobody로 변경해줍니다.
# To cause every FTP user to be “jailed” (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~
# Normally, we want files to be overwriteable.
AllowOverwrite on
# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
DenyAll
</Limit>
PassivePorts 50001 50005
# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire section.
<Anonymous> section.

User ftp
Group ftp
# We want clients to be able to login with “anonymous” as well as “ftp”
UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
MaxClients 10
# We want ‘welcome.msg’ displayed at login, and ‘.message’ displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayChdir .message
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll</Limit>
PassivePorts 50001 50005
# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire section. <Anonymous> section <Anonymous ~ftp>

User ftp
Group ftp
# We want clients to be able to login with “anonymous” as well as “ftp”
UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
MaxClients 10
# We want ‘welcome.msg’ displayed at login, and ‘.message’ displayed
# in each newly chdired directory. DisplayLogin welcome.msg DisplayChdir .message
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>

// Mysql 연동하는 부분입니다.
SQLAuthenticate on
SQLConnectInfo proftp@localhost root 패스워드 // DB명@host mysqID mysqlPW
SQLAuthTypes Plaintext
SQLLogFile /var/log/proftp-mysql.log
SQLUserInfo ftpusers userid passwd uid gid homedir shell
SQLGroupInfo ftpgroups groupname gid members
SQLDefaultHomedir /home/proftp

설정파일 설명

– ServerType : standalone 방식과 xinetd 방식이 있습니다. standalone은 상시 서비스중으로 연결속도가 빠르지만 자원 사용률이 높습니다.
xinetd방식은 클라이언트가 접속시도 시에만 서비스를 가동하여 연결속도는 느리나 자원을 필요할 때에 사용하기 때문에 효율이 좋습니다.

데이터 베이스 생성

mysql> create database proftp;
Query OK, 1 row affected (0.00 sec)

mysql> use proftp;
Database changed

mysql> CREATE TABLE ftpgroups (
-> groupname varchar(16) NOT NULL default ”,
-> gid int(6) NOT NULL default ‘2001’,
-> members varchar(16) NOT NULL default ”);
Query OK, 0 rows affected (0.02 sec)

mysql> CREATE TABLE ftpusers (
-> userid varchar(32) NOT NULL default ”,
-> passwd varchar(32) NOT NULL default ”,
-> uid int(6) NOT NULL default ‘2001’,
-> gid int(6) NOT NULL default ‘2001’,
-> homedir varchar(255) NOT NULL default ”,
-> shell varchar(16) NOT NULL default ‘/sbin/nologin’,
-> UNIQUE KEY userid (userid)
-> );
Query OK, 0 rows affected (0.03 sec)

접속할 사용자 계정 생성

mysql> INSERT INTO ftpgroupsftpgroups(groupnamegroupname,gidgid,membersmembers) VALUES (‘ftpgroup’,2001,’ftp_test’);
Query OK, 1 row affected (0.01 sec)

mysql> INSERT INTO ftpusersftpusers(useriduserid,passwdpasswd,uiduid,gidgid,homedirhomedir,shellshell) VALUES (‘ftp_test’,’passw0rd’,2001,2001,’/home/test’,’/sbin/nologin’);
Query OK, 1 row affected (0.00 sec)

생성된 계정 확인

proftpd 실행 및 확인

# /usr/local/proftpd/sbin/proftpd
# netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 2287/proftpd: (acce
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 814/sshd tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 24148/mysqld tcp6 0 0 :::111 :::* LISTEN 1/systemd tcp6 0 0 :::22 :::* LISTEN 814/sshd

proftpd 종료

# pkill proftpd

proftpd 디버깅

# /usr/local/proftpd/sbin/proftpd -d 5 -n -c /usr/local/proftpd/etc/proftpd.conf

접속하고 있는 사용자 확인

# /usr/local/proftpd/bin/ftpcount
Master proftpd process 27668:
Service class – 1 user

현재 사용하는 접속자 수 확인 및 클라이언트 정보 확인

# /usr/local/proftpd/bin/ftptop

저작자표시

'LINUX > BASIC' 카테고리의 다른 글

FTP 서버 구축 (0)	2019.06.01
WHOIS 명령어 (0)	2019.06.01
fail2ban 설치 및 설정 (0)	2019.05.29
Parted 사용방법 (0)	2019.05.29
리눅스 시간동기화 (0)	2019.05.29

'LINUX > BASIC' 카테고리의 다른 글

검색 태그

티스토리툴바