Before delving into installing FTP on CentOS, we need to learn a little about its use and security. FTP is a really efficient and well-refined protocol for transferring files between the computer systems. FTP has been used and refined for a few decades now. For transferring files efficiently over a network with latency or for sheer speed, FTP is a great choice. More so than either SAMBA or SMB.
However, FTP does possess some security issues. Actually, some serious security issues. FTP uses a really weak plain-text authentication method. It is for this reason authenticated sessions should rely on sFTP or FTPS, where TLS is used for end-to-end encryption of the login and transfer sessions.
With the above caveats, plain old FTP still has its use in the business environment today. The main use is, anonymous FTP file repositories. This is a situation where no authentication is warranted to download or upload files. Some examples of anonymous FTP use are
Large software companies still use anonymous ftp repositories allowing Internet users to download shareware and patches.
Allowing internet users to upload and download public documents.
Some applications will automatically send encrypted, archived logs for or configuration files to a repository via FTP.
Hence, as a CentOS Administrator, being able to install and configure FTP is still a designed skill.
We will be using an FTP daemon called vsFTP, or Very Secure FTP Daemon. vsFTP has been used in development for a while. It has a reputation for being secure, easy to install and configure, and is reliable.
Step 1 − Install vsFTPd with the YUM Package Manager.
[root@centos]# yum -y install vsftpd.x86_64
Step 2 − Configure vsFTP to Start on Boot with systemctl.
[root@centos]# systemctl start vsftpd [root@centos]# systemctl enable vsftpd Created symlink from /etc/systemd/system/multi- user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.
Step 3 − Configure FirewallD to allow FTP control and transfer sessions.
[root@centos]# firewall-cmd --add-service=ftp --permanent success [root@centos]#
Assure our FTP daemon is running.
[root@centos]# netstat -antup | grep vsftp tcp6 0 0 :::21 :::* LISTEN 13906/vsftpd [root@centos]#
Step 4 − Configure vsFTPD For Anonymous Access.
Create a root FTP directory
[root@centos]# mkdir /ftp
Change owner and group of FTP root to ftp
[root@centos]# chown ftp:ftp /ftp Set minimal permissions for FTP root: [root@centos]# chmod -R 666 /ftp/ [root@centos]# ls -ld /ftp/ drw-rw-rw-. 2 ftp ftp 6 Feb 27 02:01 /ftp/ [root@centos]#
In this case, we gave users read/write access to the entire root FTP tree.
Configure /etc/vsftpd/vsftpd.conf"
[root@centos]# vim /etc/vsftpd/vsftpd.conf # Example config file /etc/vsftpd/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities.
We will want to change the following directives in the vsftp.conf file.
Enable Anonymous uploading by uncommenting anon_mkdir_write_enable=YES
chown uploaded files to owned by the system ftp user
chown_uploads = YES
chown_username = ftp
Change system user used by vsftp to the ftp user: nopriv_user = ftp
Set the custom banner for the user to read before signing in.
ftpd_banner = Welcome to our Anonymous FTP Repo. All connections are monitored and logged.
Let's set IPv4 connections only −
listen = YES
listen_ipv6 = NO
Now, we need to restart or HUP the vsftp service to apply our changes.
[root@centos]# systemctl restart vsftpd
Let's connect to our FTP host and make sure our FTP daemon is responding.
[root@centos rdc]# ftp 10.0.4.34 Connected to localhost (10.0.4.34). 220 Welcome to our Anonymous FTP Repo. All connections are monitored and logged. Name (localhost:root): anonymous 331 Please specify the password. Password: '230 Login successful. Remote system type is UNIX. Using binary mode to transfer files.
ftp>−
No comments:
Post a Comment