Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
FTP server setup
06-19-2018, 12:14 PM (This post was last modified: 06-22-2018 01:20 PM by cchen.)
Post: #1
FTP server setup
Pre-requisite
You should have the root privilege

Installation:
We will choose vsftpd (very secure FTP Daemon) for the FTP server. It is the dominating FTP server nowadays, for its beging secure and convenient as well. It has the following features:
Code:
Virtual IP configurations
Virtual users
Standalone or inetd operation
Powerful per-user configurability
Bandwidth throttling
Per-source-IP configurability
Per-source-IP limits
Encryption support through SSL integration
...
You can refer to https://security.appspot.com/vsftpd.html for more info about vsftpd.

we need to firstly install the vsftpd package and enable vsftpd service. run the following lines:
Code:
sudo yum install vsftpd
sudo systemctl start vsftpd
sudo systemctl enable vsftpd

server setup
run the ftp_setup.sh script. Pseudo-code is shown below:
Code:
install and enable vsftpd
if [firewalld is enabled];then
  allow the service for ftp
fi
conf="/etc/vsftpd/vsftpd.conf"
make a copy of $conf
initiate the settings in $conf
secure FTP Server with SELinux
add an alias "ftpstart" for the command of starting the server

start the server
run "ftpstart". Note that it requires root privilege

add user account
run the add_user.sh script with username supplied as an argument. You will be prompted to enter a password for the username. The pseudo-code is shown below:
Code:
if [#arg == 0];then
  echo "usage: ./add_user.sh <username>" and exit
fi
add the user $1 and set the password
add the user to /etc/vsftpd.userlist
make ftp home directory for user $1: /home/$1/ftp
remove the writing permission of all for this directory
make directory files/ under ftp/
change the ownership and allow all permission of files/ for user $1

test the server
refer to FTP client setup for testing the server

Code Tree
A new CT cod://net_services is created, which contains the 2 scripts mentioned above. Relevant info:
Code:
"net_services": {"proto":"git",
                       "username": "git",
                       "repository": "net_services",
                       "default_branch": "rc",
                       "loc": "trajan.d-thinker.org"}
To get a copy, One can run "cod clone net_services"
Find all posts by this user
Quote this message in a reply
06-19-2018, 12:43 PM
Post: #2
RE: FTP
FTP (File Transfer Protocol) is a traditional and widely used standard tool for transferring files between a server and clients over a network, especially where no authentication is necessary. As it's insecure by default, we need to install, configure as well as secure a FTP server

P1). install and enable ftp server:
Code:
sudo yum install vsftpd
sudo systemctl start vsftpd
sudo systemctl enable vsftpd

P2). in order to allow access to FTP services from external systems, we have to open port 21, where the FTP daemons are listening:
Code:
sudo firewall-cmd --zone=public --permanent --add-port=21/tcp
sudo firewall-cmd --zone=public --permanent --add-service=ftp
sudo firewall-cmd --zone=public --permanent --add-service=ftp

P3). perform a few configurations to setup and secure our FTP server. Firstly, make a copy of original config file:
Code:
sudo cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.orig

Next, open the config file above and set the following options:
Code:
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
chroot_local_user=YES
#allow_writeable_chroot=YES

user_sub_token=$USER
local_root=/home/$USER/ftp

P4). Secure FTP Server with SELinux:
Code:
sudo semanage boolean -m ftpd_full_access --on

to start the server, using the following command:
Code:
sudo /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf

P5). create FTP user account
we need to first create a FTP user account: (use cchen here for an example)
Code:
sudo useradd -m -c “cchen, intern at hututa” -s /bin/bash cchen
sudo passwd cchen

Afterwards, we have to add the user cchen to the file /etc/vsftpd.userlist:
Code:
echo "ravi" | sudo tee -a /etc/vsftpd.userlist
sudo cat /etc/vsftpd.userlist

P6). Configure Different FTP User Home Directories
create the alternative local root directory for the user and remove write permissions to all users to this directory:
Code:
sudo mkdir /home/cchen/ftp
sudo chown nobody:nobody /home/cchen/ftp
sudo chmod a-w /home/cchen/ftp

Next, create a directory under the local root where the user will store his/her files:
Code:
sudo mkdir /home/cchen/ftp/files
sudo chown cchen:cchen  /home/cchen/ftp/files
sudo chmod 0700 /home/cchen/ftp/files/

P7). then we can start testing the server. You can first figure out the ip address by "ifconfig". Use the address found to test the server:
first restart the server:
Code:
sudo /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
then on another host, test the server:
Code:
ftp 192.168.1.203

login with the username and password created, you should be able to login successfully. use "quit" to quit the connection.
Find all posts by this user
Quote this message in a reply
06-19-2018, 04:50 PM (This post was last modified: 06-19-2018 06:34 PM by cchen.)
Post: #3
RE: FTP
To make the process simple, here are two scripts that you can make use of. You can simply run the following code to setup ftp server:
Code:
chmod u+x *.sh
./ftp_setup.sh

to add a user account, run:
Code:
./add_user.sh <username>
You will be prompted to enter the password for the new user. to run the server, simply run "ftpstart"

content of ftp_setup.sh:
Code:
#!/bin/bash

sudo yum install vsftpd
sudo systemctl start vsftpd
sudo systemctl enable vsftpd

sudo systemctl enable firewalld
sudo systemctl start firewalld

sudo firewall-cmd --zone=public --permanent --add-port=21/tcp
sudo firewall-cmd --zone=public --permanent --add-service=ftp
sudo firewall-cmd --zone=public --permanent --add-service=ftp

sudo cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.orig

conf="/etc/vsftpd/vsftpd.conf"

sudo echo "local_enable=YES" > $conf
sudo echo "write_enable=YES" >> $conf
sudo echo "local_umask=022" >> $conf
sudo echo "dirmessage_enable=YES" >> $conf
sudo echo "xferlog_enable=YES" >> $conf
sudo echo "connect_from_port_20=YES" >> $conf
sudo echo "xferlog_std_format=YES" >> $conf
sudo echo "pam_service_name=vsftpd" >> $conf
sudo echo "userlist_enable=YES" >> $conf
sudo echo "tcp_wrappers=YES" >> $conf
sudo echo "userlist_file=/etc/vsftpd.userlist" >> $conf
sudo echo "userlist_deny=NO" >> $conf
sudo echo "chroot_local_user=YES" >> $conf
sudo echo "user_sub_token=$USER" >> $conf
sudo echo "local_root=/home/$USER/ftp" >> $conf

echo "config file ($conf):"
sudo cat $conf

sudo semanage boolean -m ftpd_full_access --on

echo "alias ftpstart='sudo /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf'" >> ~/.bashrc
bash

content of add_user.sh:
Code:
#!/bin/bash

if [ $# -eq 0 ]; then
  echo "usage: ./add_user.sh <username>"
  exit 1
fi

sudo useradd -s /bin/bash $1
sudo passwd $1

echo $1 | sudo tee -a /etc/vsftpd.userlist

sudo mkdir /home/$1/ftp
sudo chown nobody:nobody /home/$1/ftp
sudo chmod a-w /home/$1/ftp

sudo mkdir /home/$1/ftp/files
sudo chown $1:$1  /home/$1/ftp/files
sudo chmod 0700 /home/$1/ftp/files/


Attached File(s)
.sh  ftp_setup.sh (Size: 1.23 KB / Downloads: 0)
.sh  add_user.sh (Size: 372 bytes / Downloads: 0)
Find all posts by this user
Quote this message in a reply
06-20-2018, 11:57 AM
Post: #4
RE: FTP
(06-19-2018 04:50 PM)cchen Wrote:  To make the process simple, here are two scripts that you can make use of. You can simply run the following code to setup ftp server:
Code:
chmod u+x *.sh
./ftp_setup.sh

to add a user account, run:
Code:
./add_user.sh <username>
You will be prompted to enter the password for the new user. to run the server, simply run "ftpstart"

content of ftp_setup.sh:
Code:
#!/bin/bash

sudo yum install vsftpd
sudo systemctl start vsftpd
sudo systemctl enable vsftpd

sudo systemctl enable firewalld
sudo systemctl start firewalld

sudo firewall-cmd --zone=public --permanent --add-port=21/tcp
sudo firewall-cmd --zone=public --permanent --add-service=ftp
sudo firewall-cmd --zone=public --permanent --add-service=ftp

sudo cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.orig

conf="/etc/vsftpd/vsftpd.conf"

sudo echo "local_enable=YES" > $conf
sudo echo "write_enable=YES" >> $conf
sudo echo "local_umask=022" >> $conf
sudo echo "dirmessage_enable=YES" >> $conf
sudo echo "xferlog_enable=YES" >> $conf
sudo echo "connect_from_port_20=YES" >> $conf
sudo echo "xferlog_std_format=YES" >> $conf
sudo echo "pam_service_name=vsftpd" >> $conf
sudo echo "userlist_enable=YES" >> $conf
sudo echo "tcp_wrappers=YES" >> $conf
sudo echo "userlist_file=/etc/vsftpd.userlist" >> $conf
sudo echo "userlist_deny=NO" >> $conf
sudo echo "chroot_local_user=YES" >> $conf
sudo echo "user_sub_token=$USER" >> $conf
sudo echo "local_root=/home/$USER/ftp" >> $conf

echo "config file ($conf):"
sudo cat $conf

sudo semanage boolean -m ftpd_full_access --on

echo "alias ftpstart='sudo /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf'" >> ~/.bashrc
bash

content of add_user.sh:
Code:
#!/bin/bash

if [ $# -eq 0 ]; then
  echo "usage: ./add_user.sh <username>"
  exit 1
fi

sudo useradd -s /bin/bash $1
sudo passwd $1

echo $1 | sudo tee -a /etc/vsftpd.userlist

sudo mkdir /home/$1/ftp
sudo chown nobody:nobody /home/$1/ftp
sudo chmod a-w /home/$1/ftp

sudo mkdir /home/$1/ftp/files
sudo chown $1:$1  /home/$1/ftp/files
sudo chmod 0700 /home/$1/ftp/files/

@cchen,

About work
W1) Please read carefully about our procedures. We don't put source codes on TaB but we will use source code for it.
W2) When you propose something, please ask for someone's review.

About contents
C1) I saw you use firewalld in the script. I am not sure using firewalld is a must. Please investigate further on it.
C2) Please suggest creating a code tree for FTP for holding this two
C3) Please list what needs to be installed for FTP on our system. That can be done by `yun install {what_you_want_to_install}` in limbo1
C4) Seperate the content of server and client. I think they should be in seperated threads.
Find all posts by this user
Quote this message in a reply
06-20-2018, 12:34 PM
Post: #5
RE: FTP
FTP (File Transfer Protocol) is a traditional and widely used standard tool for transferring files between a server and clients over a network, especially where no authentication is necessary. As it's insecure by default, we need to install, configure as well as secure a FTP server

Pre-requisite
please make sure you are logged in as root or a sudoer. If you are logged in as root, all the "sudo" in the front of codes can be ommitted

Installation:
vsftpd is probably the most secure and fastest FTP server for UNIX-like systems (refer to https://security.appspot.com/vsftpd.html for more info about vsftpd).
we need to firstly install the vsftpd package and enable vsftpd service. run the following lines:
Code:
sudo yum install vsftpd
sudo systemctl start vsftpd
sudo systemctl enable vsftpd

server setup
run the ftp_setup.sh script

start the server
run "ftpstart"

add user account
run the add_user.sh script with username supplied as an argument. You will be prompted to enter a password for the username

test the server
log into another host, use "ftp <ip-addr>" command and login with the user account created
Code:
Drive example:
[root@tb257p-2 dstools]# ftp $LOCALHOST
Connected to 192.168.1.203 (192.168.1.203).
220 (vsFTPd 3.0.2)
Name (192.168.1.203:root): cchen
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

suggestion
I suggest adding a code tree for the two scripts so that developers can make use of them more conveniently afterwards

RR rayluk


Attached File(s)
.sh  ftp_setup.sh (Size: 1.74 KB / Downloads: 0)
.sh  add_user.sh (Size: 372 bytes / Downloads: 0)
Find all posts by this user
Quote this message in a reply
06-20-2018, 12:46 PM (This post was last modified: 06-20-2018 12:47 PM by rayluk.)
Post: #6
RE: FTP
(06-20-2018 12:34 PM)cchen Wrote:  Pre-requisite
please make sure you are logged in as root or a sudoer. If you are logged in as root, all the "sudo" in the front of codes can be ommitted
Just state that the installation would need root privilege would be enough. Most of the developer should know about what is root privilege.

Other than root privilege, please help to check whether running FTP server /client requires root.

(06-20-2018 12:34 PM)cchen Wrote:  Installation:
vsftpd is probably the most secure and fastest FTP server for UNIX-like systems (refer to https://security.appspot.com/vsftpd.html for more info about vsftpd).
we need to firstly install the vsftpd package and enable vsftpd service. run the following lines:
Code:
sudo yum install vsftpd
sudo systemctl start vsftpd
sudo systemctl enable vsftpd

Please compare vsftp with other ftp applications if there are any.

Quote:server setup
run the ftp_setup.sh script


start the server
run "ftpstart"

add user account
run the add_user.sh script with username supplied as an argument. You will be prompted to enter a password for the username
State the pseudocode please. I will guide you to transfer the script to be following our regulation after that.


Quote:test the server
log into another host, use "ftp <ip-addr>" command and login with the user account created
Code:
Drive example:
[root@tb257p-2 dstools]# ftp $LOCALHOST
Connected to 192.168.1.203 (192.168.1.203).
220 (vsFTPd 3.0.2)
Name (192.168.1.203:root): cchen
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

I believe this is the client. Please separate the client to another thread as stated above. It should be in another package.

Quote:suggestion
I suggest adding a code tree for the two scripts so that developers can make use of them more conveniently afterwards

For creating a code tree, please send the request to majordomo@d-thinker.org
Find all posts by this user
Quote this message in a reply
06-20-2018, 02:55 PM (This post was last modified: 06-21-2018 12:03 PM by cchen.)
Post: #7
RE: FTP
Pre-requisite
You should have the root privilege

Installation:
We will choose vsftpd (very secure FTP Daemon) for the FTP server. It is the dominating FTP server nowadays, for its beging secure and convenient as well. It has the following features:
Code:
Virtual IP configurations
Virtual users
Standalone or inetd operation
Powerful per-user configurability
Bandwidth throttling
Per-source-IP configurability
Per-source-IP limits
Encryption support through SSL integration
...
You can refer to https://security.appspot.com/vsftpd.html for more info about vsftpd.

we need to firstly install the vsftpd package and enable vsftpd service. run the following lines:
Code:
sudo yum install vsftpd
sudo systemctl start vsftpd
sudo systemctl enable vsftpd

server setup
run the ftp_setup.sh script. Pseudo-code is shown below:
Code:
install and enable vsftpd
if [firewalld is enabled];then
  allow the service for ftp
fi
conf="/etc/vsftpd/vsftpd.conf"
make a copy of $conf
initiate the settings in $conf
secure FTP Server with SELinux
add an alias "ftpstart" for the command of starting the server

start the server
run "ftpstart". Note that it requires root privilege

add user account
run the add_user.sh script with username supplied as an argument. You will be prompted to enter a password for the username. The pseudo-code is shown below:
Code:
if [#arg == 0];then
  echo "usage: ./add_user.sh <username>" and exit
fi
add the user $1 and set the password
add the user to /etc/vsftpd.userlist
make ftp home directory for user $1: /home/$1/ftp
remove the writing permission of all for this directory
make directory files/ under ftp/
change the ownership and allow all permission of files/ for user $1

test the server
refer to FTP client setup for testing the server
Find all posts by this user
Quote this message in a reply
06-20-2018, 06:52 PM
Post: #8
RE: FTP
Created a new CT called "net_services". which currently contains the two scripts about FTP. Information about the CT:
Code:
"net_services": {"proto":"git",
                       "username": "git",
                       "repository": "net_services",
                       "default_branch": "rc",
                       "loc": "trajan.d-thinker.org"}

One can run "cod clone net_services" to get the repo
Find all posts by this user
Quote this message in a reply
06-22-2018, 12:25 PM
Post: #9
RE: FTP
I propose to make the following changes:

P1). in Pre-requisite:
((* -> You should have the root privilege))

P2). in Installation:
((->
We will choose vsftpd (very secure FTP Daemon) for the FTP server. It is the dominating FTP server nowadays, for its beging secure and convenient as well. It has the following features:
Code:
Virtual IP configurations
Virtual users
Standalone or inetd operation
Powerful per-user configurability
Bandwidth throttling
Per-source-IP configurability
Per-source-IP limits
Encryption support through SSL integration
...
))

P3). in server setup
((->Pseudo-code is shown below:
Code:
install and enable vsftpd
if [firewalld is enabled];then
  allow the service for ftp
fi
conf="/etc/vsftpd/vsftpd.conf"
make a copy of $conf
initiate the settings in $conf
secure FTP Server with SELinux
add an alias "ftpstart" for the command of starting the server
))

P4). in add user account
((->The pseudo-code is shown below:
Code:
if [#arg == 0];then
  echo "usage: ./add_user.sh <username>" and exit
fi
add the user $1 and set the password
add the user to /etc/vsftpd.userlist
make ftp home directory for user $1: /home/$1/ftp
remove the writing permission of all for this directory
make directory files/ under ftp/
change the ownership and allow all permission of files/ for user $1
))

P5). in test the server
((*->refer to FTP client setup for testing the server))

P6). ((suggestion
I suggest adding a code tree for the two scripts so that developers can make use of them more conveniently afterwards ->
Code Tree
Created a new CT called "net_services". which currently contains the two scripts about FTP. Information about the CT:
Code:
"net_services": {"proto":"git",
                       "username": "git",
                       "repository": "net_services",
                       "default_branch": "rc",
                       "loc": "trajan.d-thinker.org"}

One can run "cod clone net_services" to get the repo
))

RR rayluk
Find all posts by this user
Quote this message in a reply
06-22-2018, 12:37 PM
Post: #10
RE: FTP
(06-22-2018 12:25 PM)cchen Wrote:  I propose to make the following changes:

P1). in Pre-requisite:
((* -> You should have the root privilege))

P2). in Installation:
((->
We will choose vsftpd (very secure FTP Daemon) for the FTP server. It is the dominating FTP server nowadays, for its beging secure and convenient as well. It has the following features:
Code:
Virtual IP configurations
Virtual users
Standalone or inetd operation
Powerful per-user configurability
Bandwidth throttling
Per-source-IP configurability
Per-source-IP limits
Encryption support through SSL integration
...
))

P3). in server setup
((->Pseudo-code is shown below:
Code:
install and enable vsftpd
if [firewalld is enabled];then
  allow the service for ftp
fi
conf="/etc/vsftpd/vsftpd.conf"
make a copy of $conf
initiate the settings in $conf
secure FTP Server with SELinux
add an alias "ftpstart" for the command of starting the server
))

P4). in add user account
((->The pseudo-code is shown below:
Code:
if [#arg == 0];then
  echo "usage: ./add_user.sh <username>" and exit
fi
add the user $1 and set the password
add the user to /etc/vsftpd.userlist
make ftp home directory for user $1: /home/$1/ftp
remove the writing permission of all for this directory
make directory files/ under ftp/
change the ownership and allow all permission of files/ for user $1
))

P5). in test the server
((*->refer to FTP client setup for testing the server))

P6). ((suggestion
I suggest adding a code tree for the two scripts so that developers can make use of them more conveniently afterwards ->
Code Tree
Created a new CT called "net_services". which currently contains the two scripts about FTP. Information about the CT:
Code:
"net_services": {"proto":"git",
                       "username": "git",
                       "repository": "net_services",
                       "default_branch": "rc",
                       "loc": "trajan.d-thinker.org"}

One can run "cod clone net_services" to get the repo
))

RR rayluk

We don't have a (( * -> <something> )) please specify which part is being removed.
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump: