RoE | Wiki

User Tools

Site Tools

Trace:
servers:vsftpd

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
servers:vsftpd [2023/05/04 04:58] – Ubuntu Server 23.04 Sean Rhoneservers:vsftpd [2024/08/13 16:28] (current) – removed Sean Rhone
Line 1: Line 1:
-====== Information ====== 
- 
-  * vsftpd ((https://security.appspot.com/vsftpd.html)) 
- 
-===== Prerequisites ===== 
- 
-  * [[distros:ubuntu_server|Ubuntu Server]] 
- 
-====== Dependencies ====== 
- 
-**** 
- 
-  sudo apt install 'vsftpd' 
- 
-====== Firewall ====== 
- 
-  * See [[distros:opensuse_tumbleweed_server#firewalld|firewalld]] 
-  * TODO: Update firewall link above to Fedora 
- 
-  sudo firewall-cmd --add-service='ftp' --permanent && sudo firewall-cmd --reload 
- 
-====== Service ====== 
- 
-**** 
- 
-  sudo systemctl enable 'vsftpd' --now 
- 
-====== Settings ====== 
- 
-===== General ===== 
- 
-  sudo -e '/etc/vsftpd.conf' && sudo systemctl restart 'vsftpd' 
- 
-<code> 
-# Custom 
-write_enable=YES 
-utf8_filesystem=YES 
-pasv_enable=YES 
-pasv_max_port=10100 
-pasv_min_port=10090 
-local_root=/srv/ftp 
-force_dot_files=YES</code> 
- 
-===== Encryption Support ===== 
- 
-==== Generate Certs ==== 
- 
-  * Country: US 
-  * State: PA 
-  * Locality: Charleroi 
-  * Org Name: Realm of Espionage 
-  * Org Unit: NAS 
-  * YOUR Name: x 
-  * Email: x 
- 
-  sudo openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout '/etc/ssl/certs/vsftpd.pem' -out '/etc/ssl/certs/vsftpd.pem' && sudo chmod '600' '/etc/ssl/certs/vsftpd.pem' 
- 
-==== Enable Encryption ==== 
- 
-  * :!: ''ssl_ciphers'' can be set to ''HIGH'' or any supported OpenSSL cipher, but the higher the cipher, the higher the performance hit ((specifically on Oak with a Phenom II X4, ''HIGH'' caps around 60-70MB/s, whereas ''AES128-SHA'' is 70-80MB/s, and no encryption is 100-110MB/s)) 
- 
-  sudo -e '/etc/vsftpd.conf' && sudo systemctl restart 'vsftpd' 
- 
-<code> 
-ssl_enable=YES 
-allow_anon_ssl=NO 
-force_local_data_ssl=YES 
-force_local_logins_ssl=YES 
-require_ssl_reuse=YES 
- 
-ssl_ciphers=AES128-SHA 
-ssl_tlsv1=YES 
-ssl_sslv2=NO 
-ssl_sslv3=NO 
- 
-rsa_cert_file=/etc/ssl/certs/vsftpd.pem 
-rsa_private_key_file=/etc/ssl/certs/vsftpd.pem</code> 
- 
-====== fstab ====== 
- 
-===== PARTUUID ===== 
- 
-  * :!: Be sure to get the ''PARTUUID'' towards the end of the line, and not ''UUID'' 
- 
-  sudo blkid 
- 
-===== fstab ===== 
- 
-  * :!: Change the ''x'' in ''PARTLABEL='' 
-  * :!: This expects 1 drive each with a XFS partition 
- 
-  sudo mkdir -p '/srv/ftp/nas1' && sudo -e '/etc/fstab' 
- 
-<code> 
-# NAS 
-PARTUUID=x /srv/ftp/nas1 xfs defaults 0 2</code> 
- 
-  sudo mount --all && sudo systemctl daemon-reload && sync 
- 
-====== Permissions ====== 
- 
-===== chown ===== 
- 
-**** 
- 
-  sudo chown --recursive 'espionage724':'espionage724' '/srv/ftp/nas1' && sync 
- 
-===== chmod ===== 
- 
-  * :!: ''664'' makes sense here, but FileZilla is unable to traverse directories. TODO: Figure this out 
- 
-  sudo chmod --recursive '774' '/srv/ftp/nas1' && sync 
  
/srv/www/wiki/data/attic/servers/vsftpd.1683190726.txt.gz · Last modified: by Sean Rhone