Differences

This shows you the differences between two versions of the page.

--- servers:vsftpd [2023/06/15 15:56] – old revision restored (2022/12/18 10:21) Sean Rhone
+++ servers:vsftpd [2024/08/13 16:28] (current) – removed Sean Rhone
@@ Line 1: / Line 1: @@
-====== Information ======
-  * vsftpd ((https://security.appspot.com/vsftpd.html))
-===== Prerequisites =====
-  * [[distros:fedora_workstation_gnome|Fedora]] ((notes link to Workstation, but this can be done on Server))
-====== Dependencies ======
-****
-  sudo dnf install 'vsftpd'
-====== Firewall ======
-  * See [[distros:opensuse_tumbleweed_server#firewalld|firewalld]]
-  * TODO: Update firewall link above to Fedora
-  sudo firewall-cmd --add-service='ftp' --permanent && sudo firewall-cmd --reload
-====== SELinux ======
-  * https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-managing_confined_services-file_transfer_protocol-booleans
-  * https://hostodo.com/portal/knowledgebase/25/Setup-vsftp-with-SELinux.html
-  sudo setsebool -P 'ftpd_full_access' 'on'
-  sudo setsebool -P 'ftpd_use_passive_mode' 'on'
-  mkdir -p ~/'policies' && cd ~/'policies' && sudo grep 'vsftp' '/var/log/audit/audit.log' | sudo audit2allow -M 'vsftp' && sudo semodule -i 'vsftp.pp' && cd ~
-===== Verify =====
-****
-  getsebool -a | grep 'ftp'
-====== Service ======
-****
-  sudo systemctl enable 'vsftpd' --now
-====== Settings ======
-===== General =====
-  * For ''local_root'', even though ''nas1'' is used more frequently, Kodi clients are configured to start from the actual ftp root in order to go into the ''nas2'' folder for media
-  * To make ''nas1'' convenient, set the root folder from FileZilla
-  sudo -e '/etc/vsftpd/vsftpd.conf' && sudo systemctl restart 'vsftpd'
-<code>
-# Custom
-local_root=/var/ftp
-force_dot_files=YES</code>
-===== Encryption Support =====
-==== Generate Certs ====
-  * Country: US
-  * State: PA
-  * Locality: Charleroi
-  * Org Name: Realm of Espionage
-  * Org Unit: NAS
-  * YOUR Name: x
-  * Email: x
-  sudo openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout '/etc/ssl/certs/vsftpd.pem' -out '/etc/ssl/certs/vsftpd.pem' && sudo chmod '600' '/etc/ssl/certs/vsftpd.pem'
-==== Enable Encryption ====
-  * :!: ''ssl_ciphers'' can be set to ''HIGH'' or any supported OpenSSL cipher, but the higher the cipher, the higher the performance hit ((specifically on Oak with a Phenom II X4, ''HIGH'' caps around 60-70MB/s, whereas ''AES128-SHA'' is 70-80MB/s, and no encryption is 100-110MB/s))
-  sudo -e '/etc/vsftpd/vsftpd.conf' && sudo systemctl restart 'vsftpd'
-<code>
-ssl_enable=YES
-allow_anon_ssl=NO
-force_local_data_ssl=YES
-force_local_logins_ssl=YES
-require_ssl_reuse=YES
-ssl_ciphers=AES128-SHA
-ssl_tlsv1=YES
-ssl_sslv2=NO
-ssl_sslv3=NO
-rsa_cert_file=/etc/ssl/certs/vsftpd.pem
-rsa_private_key_file=/etc/ssl/certs/vsftpd.pem</code>
-====== fstab ======
-===== PARTUUID =====
-  * :!: Be sure to get the ''PARTUUID'' towards the end of the line, and not ''UUID''
-  sudo blkid
-===== fstab =====
-  * :!: Change the ''x'' in ''PARTLABEL=''
-  * :!: This expects 1 drive each with a XFS partition
-  sudo mkdir -p '/var/ftp/nas1' '/var/ftp/nas2' && sudo -e '/etc/fstab'
-<code>
-# NAS
-PARTUUID=x /var/ftp/nas1 xfs defaults 0 2
-PARTUUID=x /var/ftp/nas2 xfs defaults 0 2</code>
-  sudo mount --all
-====== Permissions ======
-===== chown =====
-  sudo chown --recursive 'espionage724':'espionage724' '/var/ftp/nas1' && sync
-  sudo chown --recursive 'espionage724':'espionage724' '/var/ftp/nas2' && sync
-===== chmod =====
-  * :!: ''664'' makes sense here, but FileZilla is unable to traverse directories. TODO: Figure this out
-  sudo chmod --recursive '774' '/var/ftp/nas1' && sync
-  sudo chmod --recursive '774' '/var/ftp/nas2' && sync
-===== SELinux =====
-  sudo restorecon -F -I -R '/var/ftp/nas1' && sync
-  sudo restorecon -F -I -R '/var/ftp/nas2' && sync