FTP server is used to exchange files between computers over network . This guide helps you to setup ftp server on centos 7 . This guide contains configuration steps for both FTP and SFTP as well as user creation . Here i’ve used VSFTP package which is secure and less vulnerable .
1. FTP Server
2. SFTP Server
3. User creation
Step 2 : After installation you can find /etc/vsftpd/vsftpd.conf file which is the main configuration file for VSFTP.
Take a backup copy before making changes .
Now open the file and make changes as below
Find this line anonymous_enable=YES ( Line no : 12 ) and change value to NO to disable anonymous FTP access.
Uncomment the below line ( Line no : 100 ) to restrict users to their home directory.
and add the below lines at the end of the file to enable passive mode and allow chroot writable.
Step 3 : Now restart vsftpd service and make it start automatically after reboot.
Step 4 : Add FTP service in firewall to allow ftp ports .
Step 5 : Setup SEinux to allow ftp access to the users home directories .
Step 6 : Now create an User for ftp access. Here /sbin/nologin shell is used to prevent shell access to the server .
Now user dave can able to login ftp on port 21 .
Step 7 : Create a separate group for FTP access.
Step 8 : Now open /etc/ssh/sshd_config file and make changes as below.
Find and comment the below line ( Line no : 147 ).
and add these lines below.
Step 9 : Now restart sshd service.
Now assign root ownership for the home directory for chroot access and modify permission.
Create a directory www inside home directory for writing and modify ownership .
Now jack can use both ftp and sftp services . He can upload files in www directory .
1. FTP Server
2. SFTP Server
3. User creation
Setup FTP server on centos 7
Step 1 : Update your repository and install VSFTPD package .
[root@hackthesec ~]# yum check-update
[root@hackthesec ~]# yum -y install vsftpdStep 2 : After installation you can find /etc/vsftpd/vsftpd.conf file which is the main configuration file for VSFTP.
Take a backup copy before making changes .
[root@hackthesec ~]# mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.org[root@hackthesec ~]# nano /etc/vsftpd/vsftpd.confanonymous_enable=NOchroot_local_user=YESallow_writeable_chroot=YES
pasv_enable=Yes
pasv_min_port=40000
pasv_max_port=40100Step 3 : Now restart vsftpd service and make it start automatically after reboot.
[root@hackthesec ~]# systemctl restart vsftpd.service
[root@hackthesec ~]# systemctl enable vsftpd.serviceStep 4 : Add FTP service in firewall to allow ftp ports .
[root@hackthesec ~]# firewall-cmd --permanent --add-service=ftp
[root@hackthesec ~]# firewall-cmd --reloadStep 5 : Setup SEinux to allow ftp access to the users home directories .
[root@hackthesec ~]# setsebool -P ftp_home_dir onStep 6 : Now create an User for ftp access. Here /sbin/nologin shell is used to prevent shell access to the server .
[root@hackthesec ~]# useradd -m dave -s /sbin/nologin
[root@hackthesec ~]# passwd daveSFTP server
SFTP ( Secure File Transfer Protocol ) is used to encrypt connections between clients and the FTP server. It is highly recommended to use SFTP because data is transferred over encrypted connection using SSH-tunnel on port 22 .
Basically we need openssh-server package to enable SFTP .
Install openssh-server package, if its not already installed.
Basically we need openssh-server package to enable SFTP .
Install openssh-server package, if its not already installed.
[root@hackthesec ~]# yum -y install openssh-serverStep 7 : Create a separate group for FTP access.
[root@hackthesec ~]# groupadd ftpaccessStep 8 : Now open /etc/ssh/sshd_config file and make changes as below.
Find and comment the below line ( Line no : 147 ).
#Subsystem sftp /usr/libexec/openssh/sftp-serverSubsystem sftp internal-sftp
Match group ftpaccessChrootDirectory %h
X11Forwarding no
AllowTcpForwarding noForceCommand internal-sftpStep 9 : Now restart sshd service.
[root@hackthesec ~]# systemctl restart sshdNow your SFTP server is configured and ready .User creation
Step 10 : Create user jack with /sbin/nologin shell and ftpaccess group
[root@hackthesec ~]# useradd -m jack -s /sbin/nologin -g ftpaccess
[root@hackthesec ~]# passwd jack[root@hackthesec ~]# chown root /home/jack
[root@hackthesec ~]# chmod 750 /home/jack[root@hackthesec ~]# mkdir /home/jack/www
[root@hackthesec ~]# chown jack:ftpaccess /home/jack/wwwNow jack can use both ftp and sftp services . He can upload files in www directory .
If you are going to use FTP and SFTP together in the same server, you should follow above steps while creating users . For existing users add them to ftpaccess and make below changes.
[root@hackthesec ~]# usermod dave -g ftpaccess
[root@hackthesec ~]# chown root /home/dave
[root@hackthesec ~]# chmod 750 /home/dave
[root@hackthesec ~]# mkdir /home/dave/www
[root@hackthesec ~]# chown dave:ftpaccess /home/dave/www
Hack The Security
Hack The Security Twitter
Hack The Security Facebook
0 comments:
Post a Comment