Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
ftp:quick-secure-ftp-server [2010-09-03 00:13:03] garrett.plasky Approved |
ftp:quick-secure-ftp-server [2011-05-13 23:07:10] garrett.plasky Approved |
||
---|---|---|---|
Line 9: | Line 9: | ||
Installing VSFTP is done by simply grabbing it through yum: | Installing VSFTP is done by simply grabbing it through yum: | ||
- | <code console># yum -y install vsftpd</code> | + | <sxh bash>yum -y install vsftpd</sxh> |
==== Configuration ==== | ==== Configuration ==== | ||
To configure VSFTP for a single user access, follow these steps below; more can be added by repeating steps 2-7: | To configure VSFTP for a single user access, follow these steps below; more can be added by repeating steps 2-7: | ||
- | - Create an FTP user group <code console># groupadd ftp</code> | + | - Create an FTP user group <sxh bash> |
- | - Modify the command below to suit your desires. We used " | + | - Modify the command below to suit your desires. We used " |
- | - Set the user's password <code console># passwd user</code> | + | - Set the user's password <sxh bash>passwd user</sxh> |
- | - Create a fake shell for the ftp service <code console># touch / | + | - Create a fake shell for the ftp service <sxh bash>touch / |
- Edit < | - Edit < | ||
- | - Next edit < | + | - Next edit < |
- Check the user is listed in < | - Check the user is listed in < | ||
- | - In the VSFTP config file < | + | - In the VSFTP config file < |
==== Finalize ==== | ==== Finalize ==== | ||
Start the FTP service: | Start the FTP service: | ||
- | <code console># / | + | <sxh bash>/ |
We also do not recommend running SELinux with VSFTP: | We also do not recommend running SELinux with VSFTP: | ||
- | <code console># echo 0 > / | + | <sxh bash>echo 0 > / |
Also if you are running a firewall via iptables, you will need to poke a hole for the service: | Also if you are running a firewall via iptables, you will need to poke a hole for the service: | ||
- | <code console># iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 --dport 21 -m state --state NEW, | + | <sxh bash> |
# iptables -A OUTPUT -p tcp --sport 21 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT | # iptables -A OUTPUT -p tcp --sport 21 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT | ||
# iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED, | # iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED, | ||
# iptables -A OUTPUT -p tcp --sport 1024:65535 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT | # iptables -A OUTPUT -p tcp --sport 1024:65535 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT | ||
# iptables -A OUTPUT -p tcp --sport 20 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED, | # iptables -A OUTPUT -p tcp --sport 20 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED, | ||
- | # iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 --dport 20 -m state --state ESTABLISHED -j ACCEPT</code> | + | # iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 --dport 20 -m state --state ESTABLISHED -j ACCEPT</sxh> |
That's it! You now have a working and secure FTP server that can be accessed from anywhere! | That's it! You now have a working and secure FTP server that can be accessed from anywhere! | ||
{{tag> | {{tag> |