Ubuntu 24.04.1 LTS & 22.04 LTS
Update packages and install vsftpd
1
2
3
|
$ sudo apt update && sudo apt upgrade
$ sudo apt install vsftpd
$ vsftpd -version
|
Add FTP user
1
2
|
$ sudo adduser username -m
$ sudo passwd username
|
OR
1
|
$ sudo vim /etc/vsftpd.user
|
1
2
3
4
|
username
username1
username2
...
|
1
|
$ sudo vim /etc/vsftpd.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
listen=NO
listen_ipv6=YES
connect_from_port_20=YES
ftpd_banner=Welcome to blah FTP service.
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
file_open_mode=0755
pasv_enable=YES
pasv_min_port=10190
pasv_max_port=10200
ascii_upload_enable=YES
ascii_download_enable=YES
userlist_enable=YES
userlist_file=/etc/vsftpd.user
userlist_deny=NO
chroot_local_user=YES
allow_writeable_chroot=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
|
Restart vsftpd Service
1
2
|
$ sudo systemctl enable/disable vsftpd
$ sudo systemctl start/stop/restart/statussud vsftpd
|
CentOs 7
1
2
3
4
|
$ wget https://security.appspot.com/downloads/vsftpd-3.0.3.tar.gz
$ tar -zxvf vsftpd-3.0.3.tar.gz
$ ./configure
$ make && make install
|
1
|
$ sudo rpm -ivh vsftpd-3.0.2-28.el7.x86_64.rpm
|
1
2
|
$ sudo yum install -y vsftpd
$ sudo systemctl start/stop/restart/status/enable/disable vsftpd
|
1
2
|
$ sudo firewall-cmd --zone=public --add-service=ftp --permanent
$ sudo firewall-cmd --reload
|
SELinux
1
2
3
|
$ sudo sestatus
$ sudo setenforce 0
$ sudo vim /etc/sysconfig/selinux
|
1
|
Change the SELINUX=enforcing directive to SELINUX=disabled
|
PAM in Linux
1
|
$ sudo vim /etc/pam.d/vsftpd
|
1
|
#auth required pam_shells.so
|
standalone
1
|
$ sudo vim /etc/vsftpd/vsftpd.conf
|
1
2
3
4
|
listen=YES
#listen_ipv6=YES
listen_port=21
#listen_address=
|
xinetd
1
2
|
$ sudo yum install xinetd
$ sudo vim /etc/vsftpd/vsftpd.conf
|
1
|
$ sudo vim /etc/xinetd.d/vsftpd
|
1
2
3
4
5
6
7
8
9
10
|
service ftp
{
socket_type = stream
wait = no
user = root
server = /usr/sbin/vsftpd
log_on_success += HOST DURATION
log_on_failure += HOST
disable = no
}
|
1
2
|
$ sudo systemctl start xinetd
$ sudo systemctl enable xinetd
|
vsftpd.conf
1
2
|
$ sudo cp /etc/vsftpd/vsftpd.conf{,.bak}
$ sudo vim /etc/vsftpd/vsftpd.conf
|
1
2
3
4
5
6
7
8
9
|
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=002
file_open_mode=0755
ascii_upload_enable=YES
ascii_download_enable=YES
|
Firewall
UFW
1
2
3
4
5
|
$ sudo ufw allow 20/tcp
$ sudo ufw allow 21/tcp
$ sudo ufw allow 990/tcp
$ sudo ufw allow 10190:10200/tcp
|
IPTables
1
2
3
|
iptables -A INPUT -m tcp -p tcp -m multiport --dports 20,21 -m state --state NEW -j ACCEPT -m comment --comment " FTP Server "
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
modprobe nf_conntrack_ftp
|
Notes
Error message “500 OOPS: vsftpd: refusing to run with writable root inside chroot()” - keep user jailed
Go to /etc/vsftpd.conf and add this:
1
|
allow_writeable_chroot=YES
|
Allow “ls -R” recursive directory list. Default is disabled.
Go to /etc/vsftpd.conf and add this:
Enabling TLS encryption
1
|
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
|
Go to /etc/vsftpd.conf and add this:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
ssl_enable=YES
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
|