servers:linux:vsftpd
Table of Contents
Information
- vsftpd 1)
Prerequisites
Dependencies
sudo dnf install 'vsftpd'
Firewall
- 20/tcp
- 21/tcp
- PASV: 40000-50000/tcp
sudo firewall-cmd --add-port='20/tcp' --permanent && sudo firewall-cmd --add-port='21/tcp' --permanent && sudo firewall-cmd --add-port='40000-50000/tcp' --permanent && sudo firewall-cmd --reload
SELinux
sudo setsebool -P 'ftpd_full_access' 'on'
sudo setsebool -P 'ftpd_use_passive_mode' 'on'
sudo grep "SELinux is preventing" /var/log/messages > k.txt
Verify
getsebool -a | grep 'ftp'
Service
sudo systemctl enable 'vsftpd' --now
Settings
General
sudo -e '/etc/vsftpd/vsftpd.conf' && sudo systemctl restart 'vsftpd'
# Custom pasv_enable=YES pasv_max_port=50000 pasv_min_port=40000 local_root=/var/ftp force_dot_files=YES
Encryption Support
Generate Certs
- Country: US
- State: PA
- Locality: Charleroi
- Org Name: Realm of Espionage
- Org Unit: NAS
- YOUR Name: x
- Email: x
sudo openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout '/etc/ssl/certs/vsftpd.pem' -out '/etc/ssl/certs/vsftpd.pem' && sudo chmod '600' '/etc/ssl/certs/vsftpd.pem'
Enable Encryption
ssl_ciphers
can be set toHIGH
or any supported OpenSSL cipher, but the higher the cipher, the higher the performance hit 2)
sudo -e '/etc/vsftpd/vsftpd.conf' && sudo systemctl restart 'vsftpd'
ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES require_ssl_reuse=YES ssl_ciphers=AES128-SHA ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO rsa_cert_file=/etc/ssl/certs/vsftpd.pem rsa_private_key_file=/etc/ssl/certs/vsftpd.pem
fstab
UUID
- Use either
PARTUUID
(GPT) orUUID
sudo blkid
fstab
sudo mkdir -p '/var/ftp/nas1' && sudo -e '/etc/fstab'
sudo mkdir -p '/var/ftp/nas1' '/var/ftp/nas2' && sudo -e '/etc/fstab'
# NAS PARTUUID=x /var/ftp/nas1 ext4 defaults,nofail 0 2 UUID=x /var/ftp/nas2 ntfs defaults,prealloc,windows_names,nofail 0 2
sudo systemctl daemon-reload && sudo mount --all && sync
Safe Unmount Externals
sudo udisksctl unmount --force --block-device='/dev/sdb'
sudo udisksctl power-off --block-device='/dev/sdb'
Permissions
chown
sudo chown --recursive 'espionage724':'espionage724' '/var/ftp/nas1' && sync
sudo chown --recursive 'espionage724':'espionage724' '/var/ftp/nas2' && sync
chmod
sudo chmod --recursive '774' '/var/ftp/nas1' && sync
sudo chmod --recursive '774' '/var/ftp/nas2' && sync
SELinux
sudo restorecon -F -I -R '/var/ftp/nas1' && sync
sudo restorecon -F -I -R '/var/ftp/nas2' && sync
/usr/local/www/wiki/data/pages/servers/linux/vsftpd.txt · Last modified: by Sean Rhone