Recently I have deployed a couple of FTP servers both at work and one in home to create a central point for all my data especially in home and also separate for one of our clients at work.
Although creating an FTP server is an easy workaround but just to sum up and provide few details on small security issues and are which can be tuned.
Installs nano (editor) and vsftpd (Very Secure FTP) repo
yum install nano vsftpd -y
This step was required as we were having trouble with client unable to create folders etc on FTP server (Although it was a strange issue but writing it down to make sure that if someone faces "ftp error 550 failed to create directory" then this might work
nano /etc/selinux/config
SELINUX=enforcing ----> SELINUX=permissive
Start vsftpd services
/etc/init.d/vsftpd start
Open the configuration file of vsftpd and then make sure that following lines match
nano /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
ascii_upload_enable=YES
ascii_download_enable=YES
ftpd_banner=Welcome to AMMAR FTP service.
chroot_local_user=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES (if this is enabled then FTP will read (/etc/hosts.allow) to secure server acess
use_localtime=yes
Restart vsftpd services
service vsftpd restart
setsebool -P ftp_home_dir on
Stop iptables as it block ftp port by default although this is not a good practice later on I will update it to allow FTP port in iptables
service iptables stop
Add a user to be used in ftp (we can also include a file create a users list) currently I have worked using this method but there are other ways also
useradd client
Enter Client password
passwd client
User is normally able to access the server via SSH as we want only user to connect via FTP then:
chsh -s /sbin/nologin client (where client is username)
Create Directory for mounting drive locally or via NFS
mkdir /home/client/data
To add Drive via NFS following repo are required
yum install nfs-utils nfs-utils-lib -y
Add below line to add the NFS chunk on to FTP server
nano /etc/fstab
172.19.30.16:/failover/clientdata /home/client/data nfs auto,noatime,nolock,bg,nfsvers=3,intr,tcp,actimeo=1800 0 0
mount -o 172.19.30.16:/failover/clientdata /home/client/data/
Execute this command to see the mounted drive
df -h
Give permission and rights to the user on the folder
chown -R client /home/client/data
usermod -d /home/client/data/ client
Restart vsftpd services
service vsftpd restart
To make sure services stop or start after reboot
chkconfig vsftpd on
chkconfig iptables off
Although creating an FTP server is an easy workaround but just to sum up and provide few details on small security issues and are which can be tuned.
Installs nano (editor) and vsftpd (Very Secure FTP) repo
yum install nano vsftpd -y
This step was required as we were having trouble with client unable to create folders etc on FTP server (Although it was a strange issue but writing it down to make sure that if someone faces "ftp error 550 failed to create directory" then this might work
nano /etc/selinux/config
SELINUX=enforcing ----> SELINUX=permissive
reboot
Start vsftpd services
/etc/init.d/vsftpd start
Open the configuration file of vsftpd and then make sure that following lines match
nano /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
ascii_upload_enable=YES
ascii_download_enable=YES
ftpd_banner=Welcome to AMMAR FTP service.
chroot_local_user=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES (if this is enabled then FTP will read (/etc/hosts.allow) to secure server acess
use_localtime=yes
Restart vsftpd services
service vsftpd restart
setsebool -P ftp_home_dir on
Stop iptables as it block ftp port by default although this is not a good practice later on I will update it to allow FTP port in iptables
service iptables stop
Add a user to be used in ftp (we can also include a file create a users list) currently I have worked using this method but there are other ways also
useradd client
Enter Client password
passwd client
User is normally able to access the server via SSH as we want only user to connect via FTP then:
chsh -s /sbin/nologin client (where client is username)
Create Directory for mounting drive locally or via NFS
mkdir /home/client/data
To add Drive via NFS following repo are required
yum install nfs-utils nfs-utils-lib -y
Add below line to add the NFS chunk on to FTP server
nano /etc/fstab
172.19.30.16:/failover/clientdata /home/client/data nfs auto,noatime,nolock,bg,nfsvers=3,intr,tcp,actimeo=1800 0 0
To mount the NFS following command will be used, if the first command doesn't work then second or third command will work depending upon your configuration
mount 172.19.30.16:/failover/clientdata /home/client/data/mount -o 172.19.30.16:/failover/clientdata /home/client/data/
mount -o nolock 172.19.30.16:/failover/clientdata /home/client/data/
Execute this command to see the mounted drive
df -h
Give permission and rights to the user on the folder
chown -R client /home/client/data
usermod -d /home/client/data/ client
Restart vsftpd services
service vsftpd restart
Stop iptables services or allow port via firewall rules
service iptables stopTo make sure services stop or start after reboot
chkconfig vsftpd on
chkconfig iptables off
No comments:
Post a Comment