• vsftpd ¹⁾

• Ubuntu Server

sudo apt install 'vsftpd'

• ufw Notes
• 990/tcp is for FTPS

sudo ufw allow '20'/'tcp' && sudo ufw allow '21'/'tcp' && sudo ufw allow '40000':'50000'/'tcp'

sudo systemctl enable 'vsftpd' --now

sudo -e '/etc/vsftpd.conf' && sudo systemctl restart 'vsftpd'

# Custom
write_enable=YES
utf8_filesystem=YES
pasv_enable=YES
pasv_max_port=40000
pasv_min_port=50000
local_root=/srv/ftp
force_dot_files=YES

• Country: US
• State: PA
• Locality: Charleroi
• Org Name: Realm of Espionage
• Org Unit: NAS
• YOUR Name: x
• Email: x

sudo openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout '/etc/ssl/certs/vsftpd.pem' -out '/etc/ssl/certs/vsftpd.pem' && sudo chmod '600' '/etc/ssl/certs/vsftpd.pem'

• ssl_ciphers can be set to HIGH or any supported OpenSSL cipher, but the higher the cipher, the higher the performance hit ²⁾

sudo -e '/etc/vsftpd.conf' && sudo systemctl restart 'vsftpd'

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
require_ssl_reuse=YES

ssl_ciphers=AES128-SHA
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

rsa_cert_file=/etc/ssl/certs/vsftpd.pem
rsa_private_key_file=/etc/ssl/certs/vsftpd.pem

• Be sure to get the PARTUUID towards the end of the line, and not UUID

sudo blkid

• Change the x in PARTLABEL=
• This expects 1 drive each with a XFS partition

sudo mkdir -p '/srv/ftp/nas1' && sudo -e '/etc/fstab'

# NAS
PARTUUID=x /srv/ftp/nas1 xfs defaults 0 2

sudo mount --all && sudo systemctl daemon-reload && sync

sudo chown --recursive 'espionage724':'espionage724' '/srv/ftp/nas1' && sync

• 664 makes sense here, but FileZilla is unable to traverse directories. TODO: Figure this out

sudo chmod --recursive '774' '/srv/ftp/nas1' && sync