Monday, August 19

FTP Server Configuration on Linux (Redhat or CentOS 5&6)


                FTP (FILE TRANSFER PROTOCOL)

Service profile:
 
Type:System V-managed service 
Package:vsftpd 
Daemon:/usr/sbin/vsftpd
Script:/etc/init.d/vsftpd
Ports:21(ftp),20(ftp-data)
Configuration files:/etc/vsftpd/vsftpd.conf,/etc/vsftpd/ftpusers,/etc/pam.d/vsftpd
Log:/var/log/xferlog
Related:tcp_wrappers,ip_conntrack_ftp,ip_nat_ftp
default selinux daemon= /var/ftp

vsftpd--the default redhat enterprise linux ftp server
(very secure ftp daemon)

this is designed to be a secure,stabled,fast & scalable ftp daemon.
it provides two types of access

1)ANONYMOUS ACCESS:User can login as anonymous user (without having any account in server) to get access to ftp site. By default anonymous users are chrooted in /var/ftp for security.

2)LOCAL USERS:Users with accounts on the target system can connect via ftp and login using their username and password. They can download any file they can read and upload to any directory which they have write access.

STEPS TO CONFIGURE FTP SERVER:

#yum install vsftpd-* -y
#service vsftpd start
#chkconfig vsftpd on
#service vsftpd restart
(try to login from a client as anonymous user)
By default anonymous user can login and he can download 


1)To restrict anonymous user login:
#vi /etc/vsftpd/vsftpd.conf

(line no.12) anonymous_enable=YES(make this one as NO)
save&quit
#service vsftpd restart

2)To restrict local user login:
(line no. ) #local_enable=YES(remove #)

3)To allow local users to access their home directories:
#setsebool -P ftp_home_dir 1

4)To restrict local user to change root:
By default a local user can enter into "/" it will effect security of ftp server so we restrict local user to enter into /
(line no.94) #chroot_list_enable=YES(remove #)
(line no. 96) #chroot_list_file=/etc/vsftpd/chroot_list(remove #)
save&quit
#vi /etc/vsftpd/chroot_list
type username
save&quit
#service vsftpd restart


5)To restrict a single users login to ftp server:
#vi /etc/vsftpd/ftpusers
type username
save&quit
(it will ask password and deny)

SECOND METHOD:

#vi /etc/vsftpd/user_list
type username
save&quit
(without asking password it will deny access)


To give upload permissions for anonymous user:
create a directory under /var/ftp
change that directories groupownership to ftp
make /var/ftp/<directory name> as public 
Steps:
mkdir -p /var/www/cyber
chgrp ftp /var/www/cyber
chmod g+W /var/www/cyber
#chcon -R -t public_content_t /var/ftp
#chcon -t public_content_rw_t /var/ftp/cyber
#setsebool -P allow_ftpd_anon_write=1
#vi /etc/vsftpd/vsftpd.conf
(line no.27)#anon_upload_enable=YES(remove #)
save&quit
#!ser

To give permissions for an anonymous user to create directories:
(line no.31)#anon_mkdir_enable=YES(remove #)


To provide banner:
#vi /etc/vsftpd/vsftpd.conf
(line no.83)#ftpd_banner=welcome to blah ftpservice(remove # and matter type your own matter)
save&quit
#!ser




CLIENT SIDE:
#ftp <server IP> 
(it will prompt you for user name and password if you are login as an anonymous user type ftp at username and nopassword is required. If you are login as a local user name and password)
commands used at ftp

get:to download from server
syn:get <file name>
put:to upload to server
syn:put <file name>
!:to close ftp session temporarly 
exit:to return to ftp
bye:to close session permanently
?:to view all commands

############# END FTP SERVER CONFIGURATION  ########################

1 comment:

:: Linux - Legends ::