Differences

This shows you the differences between two versions of the page.

--- servers:vsftpd [2023/09/09 15:28] – [General] Sean Rhone
+++ servers:vsftpd [2024/08/13 16:28] (current) – removed Sean Rhone
@@ Line 1: / Line 1: @@
-====== Information ======
-  * vsftpd ((https://security.appspot.com/vsftpd.html))
-===== Prerequisites =====
-  * [[distros:opensuse_tumbleweed_server|openSUSE Tumbleweed]]
-====== Dependencies ======
-****
-  sudo zypper install 'vsftpd'
-====== Firewall ======
-  * See [[notes:misc_linux#firewalld|firewalld]]
-  * 20/tcp
-  * 21/tcp
-  * PASV: 40000-50000/tcp
-  sudo firewall-cmd --add-port='20/tcp' --permanent && sudo firewall-cmd --add-port='21/tcp' --permanent && sudo firewall-cmd --add-port='40000-50000/tcp' --permanent && sudo firewall-cmd --reload
-  sudo firewall-cmd --add-service='vsftpd' --permanent && sudo firewall-cmd --reload
-====== Service ======
-****
-  sudo systemctl enable 'vsftpd' --now
-====== Settings ======
-===== General =====
-  sudo -e '/etc/vsftpd.conf' && sudo systemctl restart 'vsftpd'
-<code>
-# Custom
-local_root=/srv/ftp
-force_dot_files=YES</code>
-<code>
-# Custom2
-pasv_enable=YES
-pasv_max_port=50000
-pasv_min_port=40000
-local_root=/var/ftp
-force_dot_files=YES</code>
-===== Encryption Support =====
-==== Generate Certs ====
-  * Country: US
-  * State: PA
-  * Locality: Charleroi
-  * Org Name: Realm of Espionage
-  * Org Unit: NAS
-  * YOUR Name: x
-  * Email: x
-  sudo openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout '/etc/ssl/certs/vsftpd.pem' -out '/etc/ssl/certs/vsftpd.pem' && sudo chmod '600' '/etc/ssl/certs/vsftpd.pem'
-==== Enable Encryption ====
-  * :!: ''ssl_ciphers'' can be set to ''HIGH'' or any supported OpenSSL cipher, but the higher the cipher, the higher the performance hit ((specifically on Oak with a Phenom II X4, ''HIGH'' caps around 60-70MB/s, whereas ''AES128-SHA'' is 70-80MB/s, and no encryption is 100-110MB/s))
-  sudo -e '/etc/vsftpd/vsftpd.conf' && sudo systemctl restart 'vsftpd'
-<code>
-ssl_enable=YES
-allow_anon_ssl=NO
-force_local_data_ssl=YES
-force_local_logins_ssl=YES
-require_ssl_reuse=YES
-ssl_ciphers=AES128-SHA
-ssl_tlsv1=YES
-ssl_sslv2=NO
-ssl_sslv3=NO
-rsa_cert_file=/etc/ssl/certs/vsftpd.pem
-rsa_private_key_file=/etc/ssl/certs/vsftpd.pem</code>
-====== fstab ======
-===== PARTUUID =====
-  * :!: Be sure to get the ''PARTUUID'' towards the end of the line, and not ''UUID''
-  sudo blkid
-===== fstab =====
-  * :!: Change the ''x'' in ''PARTLABEL=''
-  * :!: This expects 1 drive each with a XFS partition
-  sudo mkdir -p '/srv/ftp/nas1' '/srv/ftp/nas2' && sudo -e '/etc/fstab'
-<code>
-# NAS
-PARTUUID=x /srv/ftp/nas1 xfs defaults 0 2
-PARTUUID=x /srv/ftp/nas2 xfs defaults 0 2</code>
-  sudo systemctl daemon-reload && sudo mount --all && sync
-===== Safe Unmount Externals =====
-  * :!: TODO: See if there's another command that has less dependencies than ''udisks2'' on openSUSE TW
-  sudo udisksctl unmount --force --block-device='/dev/sdb'
-  sudo udisksctl power-off --block-device='/dev/sdb'
-====== Permissions ======
-===== chown =====
-  sudo chown --recursive 'espionage724':'espionage724' '/srv/ftp/nas1' && sync
-  sudo chown --recursive 'espionage724':'espionage724' '/srv/ftp/nas2' && sync
-  sudo chown --recursive 'espionage724':'espionage724' '/srv/ftp/internal' && sync
-===== chmod =====
-  * :!: ''664'' makes sense here, but FileZilla is unable to traverse directories. TODO: Figure this out
-  sudo chmod --recursive '774' '/srv/ftp/nas1' && sync
-  sudo chmod --recursive '774' '/srv/ftp/nas2' && sync
-  sudo chmod --recursive '774' '/srv/ftp/internal' && sync