|
|
|
01-30-2021 https://youtu.be/cEL7MmeOSic 02-13-2021 https://youtu.be/4LTNixANuoU |
|
VSFTP – Very Secure File
Tranfer Protocol |
|
|
|
Directory: Config file: /etc/vsftpd/user_list, /etc/vsftpd/vsdtpd.conf,
Port #: 20, 21, 30000- 31000, Package: vsftpd, openssl Services: vsftpd, firewalld Protocol: tcp, udp Command: yum, systemctl, lvm, openssl, firewall-cmd,
selinux, URL: |
|
Rhel 8 |
|
|
|
Installed the package |
|
[root@vsftp01 ~]# yum install vsftpd |
|
Start vsftpd |
|
[root@rhel08 ~]# systemctl start vsftpd [root@rhel08 ~]# systemctl enable vsftpd Created symlink
/etc/systemd/system/multi-user.target.wants/vsftpd.service →
/usr/lib/systemd/system/vsftpd.service. |
|
[root@rhel08 ~]# systemctl status vsftpd ● vsftpd.service - Vsftpd ftp daemon Loaded:
loaded (/usr/lib/systemd/system/vsftpd.se> Active: active (running) since
Sat 2021-02-13 14:> Main PID:
25275 (vsftpd) Tasks: 1
(limit: 11251) Memory:
576.0K CGroup:
/system.slice/vsftpd.service
└─25275 /usr/sbin/vsftpd /etc/vsftpd/vsft> Feb 13 14:33:07 rhel08.zmpt.com systemd[1]:
Starting> Feb 13 14:33:07 rhel08.zmpt.com systemd[1]: Started
> |
|
Create the user for FTP |
|
[root@rhel08 ~]# id zafar uid=1000(zafar) gid=1000(zafar) groups=1000(zafar) |
|
Create LVM for ftp users |
|
[root@rhel08 ~]# pvcreate /dev/sdb Physical
volume "/dev/sdb" successfully created. [root@rhel08 ~]# vgcreate FTP_Volume /dev/sdb Volume group
"FTP_Volume" successfully created [root@rhel08 ~]# lvcreate -n FTP-DATA -L 10G
FTP_Volume Logical
volume "FTP-DATA" created. [root@rhel08 ~]# mkdir /FTP-USER-DATA [root@rhel08 ~]# mkfs.xfs /dev/FTP_Volume/FTP-DATA [root@rhel08 ~]# mount /dev/FTP_Volume/FTP-DATA
/FTP-USER-DATA [root@rhel08 ~]# df –h /dev/mapper/FTP_Volume-FTP--DATA 10G
104M 9.9G 2% /FTP-USER-DATA [root@rhel08 ~]# vi /etc/fstab [root@rhel08 ~]#
/dev/mapper/FTP_Volume-FTP--DATA /FTP-USER-DATA xfs
defaults 0 0 |
|
Set the permissions and ownership |
|
[root@rhel08 ~]# ls -ld /FTP-USER-DATA/ drwxr-xr-x. 2 root root 6 Feb 13 14:42
/FTP-USER-DATA/ [root@rhel08 ~]# chmod -R 750 /FTP-USER-DATA/ [root@rhel08 ~]# ls -ld /FTP-USER-DATA/ drwxr-x---. 2 root root 6 Feb 13 14:42
/FTP-USER-DATA/ [root@rhel08 ~]# chown -R zafar: /FTP-USER-DATA [root@rhel08 ~]# ls -ld /FTP-USER-DATA drwxr-x---. 2 zafar zafar 6 Feb 13 14:42
/FTP-USER-DATA |
|
Change FTP user default directory |
|
[root@rhel08 ~]# vi /etc/passwd zafar:x:1000:1000:zafar:/FTP-USER-DATA:/bin/bash [zafar@rhel08
~]$ pwd /FTP-USER-DATA |
|
Add user to allow list |
|
[root@rhel08 ~]# vi /etc/vsftpd/user_list # vsftpd userlist # If userlist_deny=NO, only allow users in this file # If userlist_deny=YES (default), never allow users
in this file, and # do not even prompt for a password. # Note that the default vsftpd pam config also
checks /etc/vsftpd/ftpusers # for users that are denied. root bin daemon adm lp sync shutdown halt mail news uucp operator games nobody zafar |
|
Create the .pem key – encryption keys |
|
[root@rhel08 ~]# openssl req -x509 -nodes -days
99999 -newkey rsa:2048 -keyout /etc/vsftpd.pem -out /etc/vsftpd/vsftpd.pem Generating a RSA private key ..........................................................................+++++ ........................+++++ writing new private key to '/etc/vsftpd.pem' ----- You are about to be asked to enter information that
will be incorporated into your certificate request. What you are about to enter is what is called a
Distinguished Name or a DN. There are quite a few fields but you can leave some
blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:US State or Province Name (full name) []:IL Locality Name (eg, city) [Default City]:SKOKIE Organization Name (eg, company) [Default Company
Ltd]:ZMPT Organizational Unit Name (eg, section) []:IT Common Name (eg, your name or your server's
hostname) []:FTP-SERVER Email Address []:linux@zmprotech.com |
|
Open firewall for the ports |
|
Port 20 – to allow FTP traffic Port 21 – to allow DATA transfer Port 30000 – 31000 – vairable port that is used
ramdomly each time |
|
[root@rhel08 ~]# firewall-cmd --permanent
--add-port=20-21/tcp success [root@rhel08 ~]# firewall-cmd --permanent
--add-port=30000-31000/tcp success [root@rhel08 ~]# firewall-cmd --reload success [root@rhel08 ~]# firewall-cmd --list-port 20-21/tcp 30000-31000/tcp |
|
Enable through SELinux |
|
[root@FTP-SERVER ~]# setsebool -P
allow_ftpd_full_access on |
|
Configure VSFTPD config file – add or edit as needed - /etc/vsftpd/vsdtpd.conf |
|
anonymous_enable=NO local_enable=YES write_enable=YES chroot_local_user=YES listen_ipv6=YES pam_service_name=vsftpd userlist_enable=YES userlist_file=/etc/vsftpd/user_list userlist_deny=NO allow_writeable_chroot=YES pasv_min_port=30000 pasv_max_port=31000 rsa_cert_file=/etc/vsftpd/vsftpd.pem rsa_private_key_file=/etc/vsftpd.pem ssl_enable=YES |
|
[root@rhel08 ~]# systemctl status vsftpd ● vsftpd.service - Vsftpd ftp daemon Loaded:
loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor > Active:
active (running) since Sat 2021-02-13 15:26:39 EST; 13s ago Process:
32347 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=e> Main PID:
32348 (vsftpd) Tasks: 1
(limit: 11251) Memory:
780.0K CGroup:
/system.slice/vsftpd.service
└─32348 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf Feb 13 15:26:39 rhel08.zmpt.com systemd[1]: Starting
Vsftpd ftp daemon... Feb 13 15:26:39 rhel08.zmpt.com systemd[1]: Started
Vsftpd ftp daemon. |
|
Connect using File-Zilla |
|
|
|
|
|
[root@FTP-SERVER FTP-USER-DATA]# pwd /FTP-USER-DATA [root@FTP-SERVER FTP-USER-DATA]# ls 'New Microsoft Access Database.accdb' 'New Microsoft Excel Worksheet (2).xlsx' 'New Microsoft Excel Worksheet.xlsx' 'New Microsoft Word Document.docx' |
