Monday, 15 January 2007
vsftpd notes
vsFTPd1 is a quick setup. Kudos to the “scary beast.”
I have long been a ProFTP2 fan for its Apache like configuration, but vsFTPd had to be the quickest FTP server I have ever set up.
My notes on getting a vsFTPd set up quickly:
Use yum to get the binary installed.
The yum puts everything in the apropos places for a Fedora Core/Red Hat install:
/etc/vsftpd/usr/sbin/vsftpd/etc/init.d/vsftpd
Authenticated only FTP services was quick by editing /etc/vsftpd/vsftpd.conf
... local_enable=YES guest_enable=NO ...
I liked vsFTPd direct setup of FTP over SSL.
ssl_enable=YES rsa_cert_file=/path/to/certificate.file rsa_private_key_file=/path/to/certificate.key
What’s nice about this is that it will force, by default, users to SSL connections via TLSv1 (the SSLv(1||2||3) options have to be explicitly enabled; the developer of vsFTPd is a bit of a paranoid). This forcing of authenticated users to SSL is configurable, of course, but is the default. It also seems that having this configured, but commented out, will allow you to switch between non-SSL and SSL connections.
Debugging the configuration is easy too.
As root
# /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
This attempts to start the vsFTPd with the configuration file as the argument in standalone mode. Errors in the configuration come to stdout.
I also liked the banner_file option. A few years ago, at a security conference, a lawyer presented several cases where crackers worked the system arguing that “they weren’t told they could not be on the system.” You have to love ’em. So I put a pretty standard banner on my FTP services to just be sure nefarious users know it’s a restricted system, borrowed from a security document, somewhere:
***********************************************
***** THIS IS A PRIVATE COMPUTER SYSTEM *****
***** AND IS FOR AUTHORIZED USE ONLY. *****
***********************************************
Any or all use of this system and
all files on this system may be
intercepted and monitored.
Unauthorized or improper use of
this system may result in
disciplinary and/or legal action.
By continuing to use this system
you indicate your awareness of
and consent to these terms and
conditions of use.
LOG OFF IMMEDIATELY if you are not
an authorized user of this system
or do not agree to the conditions
stated in this warning.
Finally, getting a FTP service like vsFTPd up for web hosting is well documented at YoLinux.com. Much of what I learned in setting this up was found there. The tutorial is a bit dated, like no SSL notes, but it is a great start!
meta-footnote-1=Get source and docs at http://vsftpd.beasts.org/ meta-footnote-2=ProFTP http://www.proftpd.org/
[Trackback URL for this entry]
