To set up your CentOS as a secure FTP server, follow the next couple steps
Install VSFTPD with
yum install vsftpd |
Turn on vsftpd auto start with
(CentOS 6.x)
chkconfig --level 235 vsftpd on |
(CentOS 7.x)
systemctl vsftpd enable |
Open vsftpd.conf
nano /etc/vsftpd/vsftpd.conf |
and edit the next:
1. Change anonymous_enable=YES to anonymous_enable=NO
2. Uncomment chroot_local_user=YES line (In CentOS 5.x you will need to add this line)
3. Change the default port number from 21 to XXXXX (where XXXXX is above 1024) with listen_port=XXXXX
It this line doesn’t exist, paste it to the end of the file. Be sure that port XXXXX is accessible.
4. The vsftpd version that comes with Centos 7 does not permit chrooted local users to write by default. To “fix” this, you’ll need to add the next line:
allow_writeable_chroot=YES
Restart vsftpd with service vsftpd restart. Please keep in mind that changing default port number doesn’t mean that your server is 100% secured. It will help you to avoid random dictionary attacks and your log files will be much smaller. Good password is a MUST.