概要†ProFTPDでFTPSサーバーを構築する手順です。 内容†参考URL:http://triplesky.blogspot.jp/2013/02/proftpdsftpftps.html # yum install yum-priorities # cd /usr/local/src/ # wget http://ftp-srv2.kddilabs.jp/Linux/distributions/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm # rpm -ivh epel-release-6-8.noarch.rpm # cat /etc/yum.repos.d/epel.repo [epel] name=Extra Packages for Enterprise Linux 6 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearchmirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearchfailovermethod=priority enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 # yum install proftpd # cd /etc/ # cp -p proftpd.conf proftpd.conf.org # vi proftpd.conf #ServerName "ProFTPD server” ServerName "FTPS server" MaxInstances 20 -> 1 Port 990 -> デフォルトポートの変更 PassivePorts 21000 21499 -> パッシブポートの変更 <IfModule mod_tls.c> TLSEngine on TLSLog /var/log/proftpd/tls.log TLSProtocol SSLv23 TLSCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP TLSRequired on TLSRSACertificateFile /etc/pki/tls/certs/localhost.crt <—中間証明書があれば一つにする。 TLSRSACertificateKeyFile /etc/pki/tls/private/localhost.key TLSVerifyClient off </IfModule> <IfDefine ANONYMOUS_FTP> ->以下を全てアンコメントでanonymousFTPを拒否 # cd /etc/sysconfig # cp -p iptables iptables.`date +%Y%m%d` # vi iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 989:990 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 21000:21499 -j ACCEPT # service iptables restart # chkconfig proftpd on # chkconfig proftpd --list proftpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off |