We were overwhelmed with the response we’ve received on our last article. Where we’ve presented10 wonderful question on Very Secure File Transfer Protocol. Continuing VSFTP interview article we are here presenting you yet another 10 Advance Interview Questions which surely will help you.
- 10 Basic Vsftp Interview Question/Answers – Part I
VsFTP Intervew Questions – Part II
Please note vsftpd.conf file is used to control various aspects of configuration as specified in this article. By default, the vsftpd searches for the configuration file under /etc/vsftpd/vsftpd.conf. However, the format of file is very simple and it contains comment or directive. Comment lines begins with a ‘#‘ are ignored and a directive line has the following format.
option=value
Before we start the Question and their well explained Answer we would like to answer a question “Who is going to attend FTP Interview?”. Well no one. Perhaps no one would be attending FTP interview. But we are presenting subject wise questions to maintain a systematic approach so that in any Interview, you wont get a new question which you wont be knowing on any of the topics/subjects we covered here.
11. How would you block an IP which is acting malicious on your internal private VSFTP network?
Answer : We can Block IP either by adding the suspicious IP to ‘/etc/hosts.deny’ file or alternatively adding a DROP rule for the suspicious IP to iptables INPUT chain.
Block IP using host.deny file
Open ‘/etc/hosts.deny’ file.
# vi /etc/hosts.deny
Append the following line at the bottom of the file with the IP address that you want to block access to FTP.
#
# hosts.deny This file contains access rules which are used to
# deny connections to network services that either use
# the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# The rules in this file can also be set up in
# /etc/hosts.allow with a 'deny' option instead.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
vsftpd:172.16.16.1
Block IP using iptables rule
To block FTP access to particular IP address, add the following drop rule to iptables INPUT chain.
iptables -A RH-Firewall-1-INPUT -p tcp -s 172.16.16.1 -m state --state NEW -m tcp --dport 21 -j DROP
12. How to allow secured SSL connections to Anonymous users? How would you do?
Answer : Yes! It is possible to allow anonymous users to use secured SSL connections. The value of parameter ‘allow_anon_ssl’ should be ‘YES’ in the vsftpd.conf file. If it, set to NO it wont allow anonymous users to use SSL connections. The default value is NO.
# Add this line to enable secured SSL connection to anonymous users.
allow_anon_ssl=YES
13. How to allow Anonymous users to create new directory and write to that directory?
Answer : We need to edit the parameter ‘anon_mkdir_write_enable’ and set it’s value to ‘YES’. But in order to make the parameter working, ‘write_enable’ must be activated. The default is NO.
# Uncomment this to enable any form of FTP write command.
write_enable=YES
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=YES
14. How to enable Anonymous downloads, but disable permission to write?
Answer : In the above said scenario, we need to edit the parameter ‘anon_world_readable_only’. The parameter should be enabled and set to ‘YES’. The default value is YES.
# Add this line to enable read only permission to anonymous users.
allow_anon_ssl=YES
15. How to CHMOD all Anonymous uploads automatically. How would you do?
Answer : To chmod all anonymous uploads automatically, we need to edit the parameter ‘chmod_enable’ and set it to ‘YES’. Anonymous users never get to use SITE CHMOD. The default value is YES.
# Add this line to chmod all anonymous uploads automatically.
chmod_enable=YES
16. How to disable directory listing in a FTP server?
Answer : The parameter ‘dirlist_enable’ comes to rescue at this point. The value of ‘dirlist_enable’ should be set to NO. The default value is YES.
# Add this line to disable directory listing.
dirlist_enable=NO
17. How to maintain sessions for logins of VSFTP. How will you do?
Answer : The parameter ‘session_support’ needs to be modified. This parameter controls and manages vsftp attempts to maintain session for logins. The default value is NO.
# Add this line to maintain session logins.
session_support=YES
18. How to display time in local time zone, when listing the contents of directory?
Answer : The parameter ‘usr_localtime’ needs to be modified. If enabled, vsftpd will list directory files in local time zone format. The default is to display GMT. The default value is NO.
# Add this line to display directory listing in local time zone.
usr_localtime=YES
19. How will you limit the maximum transfer rate from VSFTP server?
Answer : To limit the maximum transfer rate of VSFTP server we need the parameter ‘anon_max_rate’ in bytes per second, for anonymous client. The default value is 0 which means unlimited.
# Add this line to limit the ftp transfer rate.
anon_max_rate=0 # 0 means unlimited
20. How will you timeout the idle session of VSFTP?
Answer : The parameter ‘idle_session_timeout’ needs to be modified here. The timeout in second, which is the maximum time an anonymous user can spend in a session between his client machine and VSFTP server. As soon as the the timeout triggers, the client is logged out. The default time is 300.
# Add this line to set the ftp timeout session.
idle_session_timeout=300
That’s all for now. We will be coming up with next article very soon, till then stay tuned and connected and don’t forget to provide us with your valuable feedback in our comment section.
0 Comments