We were overwhelmed with the response we’ve received on our last article. Where we’ve presented 10 wonderful question on Very Secure File Transfer Protocol. Continuing VSFTP interview article we are here presenting you yet another 10 Advance Interview Questions which surely will help you.
Please note vsftpd.conf file is used to control various aspects of configuration as specified in this article. By default, the vsftpd searches for the configuration file under /etc/vsftpd/vsftpd.conf. However, the format of file is very simple and it contains comment or directive. Comment lines begins with a ‘#‘ are ignored and a directive line has the following format.
Before we start the Question and their well explained Answer we would like to answer a question “Who is going to attend FTP Interview?”. Well no one. Perhaps no one would be attending FTP interview. But we are presenting subject wise questions to maintain a systematic approach so that in any Interview, you wont get a new question which you wont be knowing on any of the topics/subjects we covered here.
11. How would you block an IP which is acting malicious on your internal private VSFTP network?
Block IP using host.deny file
Open ‘/etc/hosts.deny’ file.
# vi /etc/hosts.deny
Append the following line at the bottom of the file with the IP address that you want to block access to FTP.
# # hosts.deny This file contains access rules which are used to # deny connections to network services that either use # the tcp_wrappers library or that have been # started through a tcp_wrappers-enabled xinetd. # # The rules in this file can also be set up in # /etc/hosts.allow with a 'deny' option instead. # # See 'man 5 hosts_options' and 'man 5 hosts_access' # for information on rule syntax. # See 'man tcpd' for information on tcp_wrappers # vsftpd:172.16.16.1
Block IP using iptables rule
To block FTP access to particular IP address, add the following drop rule to iptables INPUT chain.
iptables -A RH-Firewall-1-INPUT -p tcp -s 172.16.16.1 -m state --state NEW -m tcp --dport 21 -j DROP
12. How to allow secured SSL connections to Anonymous users? How would you do?
# Add this line to enable secured SSL connection to anonymous users. allow_anon_ssl=YES
13. How to allow Anonymous users to create new directory and write to that directory?
# Uncomment this to enable any form of FTP write command. write_enable=YES
# Uncomment this if you want the anonymous FTP user to be able to create # new directories. anon_mkdir_write_enable=YES
14. How to enable Anonymous downloads, but disable permission to write?
# Add this line to enable read only permission to anonymous users. allow_anon_ssl=YES
15. How to CHMOD all Anonymous uploads automatically. How would you do?
# Add this line to chmod all anonymous uploads automatically. chmod_enable=YES
16. How to disable directory listing in a FTP server?
# Add this line to disable directory listing. dirlist_enable=NO
17. How to maintain sessions for logins of VSFTP. How will you do?
# Add this line to maintain session logins. session_support=YES
18. How to display time in local time zone, when listing the contents of directory?
# Add this line to display directory listing in local time zone. usr_localtime=YES
19. How will you limit the maximum transfer rate from VSFTP server?
# Add this line to limit the ftp transfer rate. anon_max_rate=0 # 0 means unlimited
20. How will you timeout the idle session of VSFTP?
# Add this line to set the ftp timeout session. idle_session_timeout=300
That’s all for now. We will be coming up with next article very soon, till then stay tuned and connected and don’t forget to provide us with your valuable feedback in our comment section.