Installing the secure FTP server
by Uday R. Sawant, William Leemans, Jonathan Hobson, Oliver Pelz
Linux: Powerful Server Administration
- Linux: Powerful Server Administration
- Table of Contents
- Linux: Powerful Server Administration
- Linux: Powerful Server Administration
- Credits
- Preface
- 1. Module 1
- 1. Managing Users and Groups
- 2. Networking
- Introduction
- Connecting to a network with a static IP
- Installing the DHCP server
- Installing the DNS server
- Hiding behind the proxy with squid
- Being on time with NTP
- Discussing load balancing with HAProxy
- Tuning the TCP stack
- Troubleshooting network connectivity
- Securing remote access with OpenVPN
- Securing a network with uncomplicated firewall
- Securing against brute force attacks
- Discussing Ubuntu security best practices
- 3. Working with Web Servers
- Introduction
- Installing and configuring the Apache web server
- Serving dynamic contents with PHP
- Hosting multiple websites with a virtual domain
- Securing web traffic with HTTPS
- Installing Nginx with PHP_FPM
- Setting Nginx as a reverse proxy
- Load balancing with Nginx
- Setting HTTPs on Nginx
- Benchmarking and performance tuning of Apache
- Securing the web server
- Troubleshooting the web server
- 4. Working with Mail Servers
- 5. Handling Databases
- Introduction
- Installing relational databases with MySQL
- Storing and retrieving data with MySQL
- Importing and exporting bulk data
- Adding users and assigning access rights
- Installing web access for MySQL
- Setting backups
- Optimizing MySQL performance – queries
- Optimizing MySQL performance – configuration
- Creating MySQL replicas for scaling and high availability
- Troubleshooting MySQL
- Installing MongoDB
- Storing and retrieving data with MongoDB
- 6. Network Storage
- 7. Cloud Computing
- 8. Working with Containers
- Introduction
- Installing LXD, the Linux container daemon
- Deploying your first container with LXD
- Managing LXD containers
- Managing LXD containers – advanced options
- Setting resource limits on LXD containers
- Networking with LXD
- Installing Docker
- Starting and managing Docker containers
- Creating images with a Dockerfile
- Understanding Docker volumes
- Deploying WordPress using a Docker network
- Monitoring Docker containers
- Securing Docker containers
- 9. Streaming with Ampache
- 10. Communication Server with XMPP
- 11. Git Hosting
- Introduction
- Installing Git
- Creating a local repository with Git CLI
- Storing file revisions with Git commit
- Synchronizing the repository with a remote server
- Receiving updates with Git pull
- Creating repository clones
- Installing GitLab, your own Git hosting
- Adding users to the GitLab server
- Creating a repository with GitLab
- Automating common tasks with Git hooks
- 12. Collaboration Tools
- 13. Performance Monitoring
- 14. Centralized Authentication Service
- 2. Module 2
- 1. Installing CentOS
- Introduction
- Downloading CentOS and confirming the checksum on Windows or OS X
- Creating USB installation media on Windows or OS X
- Performing an installation of CentOS using the graphical installer
- Running a netinstall over HTTP
- Installing CentOS 7 using a kickstart file
- Getting started and customising the boot loader
- Troubleshooting the system in rescue mode
- Updating the installation and enhancing the minimal install with additional administration and development tools
- 2. Configuring the System
- Introduction
- Navigating text files with less
- Introduction to Vim
- Speaking the right language
- Synchronizing the system clock with NTP and the chrony suite
- Setting your hostname and resolving the network
- Building a static network connection
- Becoming a superuser
- Customizing your system banners and messages
- Priming the kernel
- 3. Managing the System
- Introduction
- Knowing and managing your background services
- Troubleshooting background services
- Tracking system resources with journald
- Configuring journald to make it persistent
- Managing users and their groups
- Scheduling tasks with cron
- Synchronizing files and doing more with rsync
- Maintaining backups and taking snapshots
- Monitoring important server infrastructure
- Taking control with GIT and Subversion
- 4. Managing Packages with YUM
- 5. Administering the Filesystem
- 6. Providing Security
- 7. Building a Network
- 8. Working with FTP
- 9. Working with Domains
- 10. Working with Databases
- 11. Providing Mail Services
- 12. Providing Web Services
- 13. Operating System-Level Virtualization
- 14. Working with SELinux
- 15. Monitoring IT Infrastructure
- 1. Installing CentOS
- 3. Module 3
- 1. Working with KVM Guests
- 2. Deploying RHEL "En Masse"
- 3. Configuring Your Network
- 4. Configuring Your New System
- 5. Using SELinux
- 6. Orchestrating with Ansible
- 7. Puppet Configuration Management
- 8. Yum and Repositories
- 9. Securing RHEL 7
- 10. Monitoring and Performance Tuning
- Bibliography
- Index
In this recipe, we will learn how to install the File Transfer Protocol (FTP) server and configure it to use SSL encryption.
Follow these steps to install the secure FTP server:
- Install
vsftpdwith the following command:$ sudo apt-get update $ sudo apt-get install vsftpd
- After installation, we can configure
vsftpdby editing/etc/vsftpd.conf. - First create the SSL certificate for the FTP server:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem - Next, configure Vsftpd. Add or edit the following lines in
vsftpd.conf:anonymous_enable=no local_enable=yes write_enable=yes chroot_local_user=yes Add the SSL certificate created in the previous step: rsa_cert_file=/etc/ssl/private/vsftpd.pem rsa_private_key_file=/etc/ssl/private/vsftpd.pem ssl_enable=yes ssl_ciphers=high force_local_data_ssl=yes force_local_logins_ssl=yes
- Save and exit the configuration file.
- Restart the Vsftpd server:
$ sudo service vsftpd restart - Now you can use any FTP client that supports the SFTP protocol to connect to your FTP server. The following is the configuration screen for SFTP client FileZilla:
FTP is an insecure protocol and you should avoid using it, especially in a production environment. Limit use of FTP to downloads only and use more secure methods, such as SCP, to upload and transfer files on servers. If you have to use FTP, make sure that you have disabled anonymous access and enable SFTP to secure your data and login credentials.
In this recipe, we have installed Vsftpd, which is a default FTP package in the Ubuntu repository. Vsftpd stands for very secure FTP daemon, and it is designed to protect against possible FTP vulnerabilities. It supports both FTP and SFTP protocols.
As Vsftpd is available in the Ubuntu package repository, installation is very simple, using only a single command. After Vsftpd installed, we created an SSL certificate to be used with an FTP server. With this configuration, we will be using the SFTP protocol, which is more secure than FTP. You can find more details about SSL certificates in Chapter 3, Working with Web Servers.
Under the Vsftpd configuration, we have modified some settings to disable anonymous logins, allowed local users to use FTP, enabled write access, and used chroot for local users. Next, we have set a path for previously generated SSL certificates and enabled the use of SSL. Additionally, you can force the use of TLS over SSL by adding the following lines to the configuration file:
ssl_tlsv1=yes ssl_sslv2=no ssl_sslv3=no
This recipe covers FTP as a simple and easy-to-use tool for network storage. FTP is inherently insecure and you must avoid its use in a production environment. Server deployments can easily be automated with simple Git hooks or the sophisticated integration of continuous deployment tools such Chef, Puppet, or Ansible.
- Ubuntu server FTP guide at https://help.ubuntu.com/lts/serverguide/ftp-server.html
-
No Comment