Friday, September 27, 2024

Linux Admin - Install Anonymous FTP

 Before delving into installing FTP on CentOS, we need to learn a little about its use and security. FTP is a really efficient and well-refined protocol for transferring files between the computer systems. FTP has been used and refined for a few decades now. For transferring files efficiently over a network with latency or for sheer speed, FTP is a great choice. More so than either SAMBA or SMB.


However, FTP does possess some security issues. Actually, some serious security issues. FTP uses a really weak plain-text authentication method. It is for this reason authenticated sessions should rely on sFTP or FTPS, where TLS is used for end-to-end encryption of the login and transfer sessions.

With the above caveats, plain old FTP still has its use in the business environment today. The main use is, anonymous FTP file repositories. This is a situation where no authentication is warranted to download or upload files. Some examples of anonymous FTP use are 

  • Large software companies still use anonymous ftp repositories allowing Internet users to download shareware and patches.

  • Allowing internet users to upload and download public documents.

  • Some applications will automatically send encrypted, archived logs for or configuration files to a repository via FTP.

Hence, as a CentOS Administrator, being able to install and configure FTP is still a designed skill.

We will be using an FTP daemon called vsFTP, or Very Secure FTP Daemon. vsFTP has been used in development for a while. It has a reputation for being secure, easy to install and configure, and is reliable.

Step 1 − Install vsFTPd with the YUM Package Manager.

[root@centos]# yum -y install vsftpd.x86_64

Step 2 − Configure vsFTP to Start on Boot with systemctl.

[root@centos]# systemctl start vsftpd 
[root@centos]# systemctl enable vsftpd 
Created symlink from /etc/systemd/system/multi-
user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.

Step 3 − Configure FirewallD to allow FTP control and transfer sessions.

[root@centos]# firewall-cmd --add-service=ftp --permanent 
success 
[root@centos]#

Assure our FTP daemon is running.

[root@centos]# netstat -antup | grep vsftp 
tcp6       0       0 :::21       :::*       LISTEN       13906/vsftpd         
[root@centos]#

Step 4 − Configure vsFTPD For Anonymous Access.

Create a root FTP directory

[root@centos]# mkdir /ftp

Change owner and group of FTP root to ftp

[root@centos]# chown ftp:ftp /ftp
Set minimal permissions for FTP root:

[root@centos]# chmod -R 666 /ftp/

[root@centos]# ls -ld /ftp/
drw-rw-rw-. 2 ftp ftp 6 Feb 27 02:01 /ftp/

[root@centos]#

In this case, we gave users read/write access to the entire root FTP tree.

Configure /etc/vsftpd/vsftpd.conf"

[root@centos]# vim /etc/vsftpd/vsftpd.conf
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.

We will want to change the following directives in the vsftp.conf file.

  • Enable Anonymous uploading by uncommenting anon_mkdir_write_enable=YES

  • chown uploaded files to owned by the system ftp user

    chown_uploads = YES

    chown_username = ftp

  • Change system user used by vsftp to the ftp user: nopriv_user = ftp

  • Set the custom banner for the user to read before signing in.

    ftpd_banner = Welcome to our Anonymous FTP Repo. All connections are monitored and logged.

  • Let's set IPv4 connections only −

    listen = YES

    listen_ipv6 = NO

Now, we need to restart or HUP the vsftp service to apply our changes.

[root@centos]# systemctl restart vsftpd

Let's connect to our FTP host and make sure our FTP daemon is responding.

[root@centos rdc]# ftp 10.0.4.34 
Connected to localhost (10.0.4.34). 
220 Welcome to our Anonymous FTP Repo. All connections are monitored and logged. 
Name (localhost:root): anonymous 
331 Please specify the password. 
Password: 
'230 Login successful. 
Remote system type is UNIX. 
Using binary mode to transfer files.  

ftp>

No comments:

Post a Comment