VsFtpd is a highly secure, efficient and fast anonymous ftp server. It offers:

• Security
• Performance
• Stability

Despite being small for purposes of speed and security, many more complicated FTP setups are achievable with vsftpd. By no means an exclusive list, vsftpd will handle:

• Virtual IP configurations
• Virtual users
• Standalone or inetd operation
• Powerful per-user configuration
• Bandwidth throttling
• Per-source-IP configuration
• Per-source-IP limits
• IPv6
• Encryption support through SSL integration

The only reason you might prefer a different FTP server to vsftpd is if you really need the configurability of one of the more bloated FTP servers. In this regard, vsftpd is a small modular component in the proper spirit of UNIX. Consider moving to vsftpd even if it means sacrificing some obscure feature of your current FTP server. The security, performance and stability gains are worth it.

To setup a stand alone ftp daemon listening on port 21. It will only allow anonymous read only access to the /ftp tree. The clients are going to be limited to the amount of total connects made, the amount of connects per client and the number of clients per ip address. The server is going to run with minimal privileges of the user “nobody” and full logging will be enabled. Finally, we are going to limit clients to specific connection timeouts and limit the commands we will accept from all ftp clients.

/etc/vsftpd/vsftpd.conf

# manpage: http://vsftpd.beasts.org/vsftpd_conf.html
# Setup specially for an OpenBSD install
#
# Run in daemon mode
background=YES
listen=YES
listen_address=120.111.222.111
#pasv_address=127.0.0.1
#
# The new highly restrictive seccomp filter sandbox
# If you see "OOPS: priv_sock_get_cmd" then disable seccomp
seccomp_sandbox=NO
#
# User to run daemon as
nopriv_user=_vsftpd
ftp_username=_ftp
#
# Ftp ports
connect_from_port_20=NO
ftp_data_port=20
listen_port=21
pasv_min_port=49152
pasv_max_port=65535
pasv_promiscuous=NO
port_enable=NO
port_promiscuous=NO
#
# SSL (force options for a SSL only server)
#ssl_enable=YES
#ssl_tlsv1=YES
#ssl_sslv2=NO
#ssl_sslv3=NO
#rsa_cert_file=/etc/ssl/private/vsftpd.pem
#allow_anon_ssl=YES
#force_anon_data_ssl=YES
#force_anon_logins_ssl=YES
#force_local_data_ssl=YES
#force_local_logins_ssl=YES
#
# Timeouts
connect_timeout=60
data_connection_timeout=120
idle_session_timeout=120
#
# Information messages
setproctitle_enable=YES
banner_file=/etc/banner
dirmessage_enable=YES
ftpd_banner=Calomel.org ftp server
#
# Access limits and controls
async_abor_enable=NO
cmds_allowed=ABOR,APPE,CWD,DELE,HELP,LIST,MDTM,MKD,NLST,PASS,PASV,PWD,QUIT,RETR,RMD,RNFR,RNTO,SIZE,STOR,TYPE,USER
#cmds_allowed=ABOR,CWD,DELE,LIST,MDTM,MKD,NLST,PASS,PASV,PWD,QUIT,RETR,RMD,RNFR,RNTO,SIZE,STOR,TYPE,USER,ACCT,APPE,CDUP,HELP,MODE,NOOP,REIN,STAT,STOU,STRU,SYST
delay_successful_login=1
delete_failed_uploads=yes
guest_enable=NO
write_enable=YES
max_clients=100
max_login_fails=1
max_per_ip=2
pam_service_name=vsftpd
tcp_wrappers=NO
hide_file={.*,*.mp3}
deny_file={*.mp3}
#
# Preferences
ascii_upload_enable=NO
ascii_download_enable=NO
hide_ids=YES
ls_recurse_enable=NO
use_localtime=NO
#
# Allow anonymous FTP?
anonymous_enable=YES
anon_max_rate=0
anon_mkdir_write_enable=NO
anon_root=/disk01/ftp/
anon_world_readable_only=YES
anon_umask=0022
anon_upload_enable=NO
anon_other_write_enable=NO
no_anon_password=NO
#
# Allow local user access?
local_enable=YES
local_max_rate=0
local_umask=0022
chroot_local_user=YES
check_shell=NO
chmod_enable=NO
secure_chroot_dir=/var/empty
userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd_users
#
# Logging
dual_log_enable=NO
log_ftp_protocol=NO
vsftpd_log_file=/var/log/vsftpd.log
xferlog_enable=YES
xferlog_std_format=NO
xferlog_file=/var/log/xferlog
#