Solved

install and setup a secure ftp server using proftpd

Posted on 2004-10-08
4
2,105 Views
Last Modified: 2013-12-15
Hi I want to setup proftpd server.  Currently I am using Redhat Linux
Advance Server 2.1 installed on IBM 232 server .

1. Where can I find the latest version of proftpd?
2. Should Iinstall the *bz2 or tgz or rpm version?
3. How can I install it?
4. would i have any problems or conflict with an existing version of any ftp?
5. How to configure it?
6. I would have inside the ftp server users directoriers each user can read write
his own directory and  read/view other directories, the usesrs will not have any login
access to ftp server?
7. The server will be accessed throu the insternet how can i make it
as much as i can a secure server? and allow only subnet work to access it ?

Thanks
0
Comment
Question by:madunix
  • 2
  • 2
4 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 50 total points
ID: 12263999
> 1. Where can I find the latest version of proftpd?

http://www.proftpd.org/

> 2. Should Iinstall the *bz2 or tgz or rpm version?

For RHEL 2.1 AS you need to get the source distribution and build your own copy.

> 3. How can I install it?

After the ./configure & make you'll do a 'make install'. See the ProFTP docs in the source tarball.

> 4. would i have any problems or conflict with an existing version of any ftp?

Yes, and you should remove the RHEL FTP server or any other that might have been installed.

> 5. How to configure it?

By editing the proftpd.conf file after installation.

> 6. I would have inside the ftp server users directoriers each user can read write his own directory

The default for ProFTP is to chroot users to their home directory, so access outside of that area isn't allowed.

> 7. The server will be accessed throu the insternet how can i make it as much as i can a secure
> server?

ProFTP canuse its own, private copy, or a password file. When configured in that manner the FTP users don't need Linux accounts and thus don't have login access to the server.
0
 
LVL 25

Author Comment

by:madunix
ID: 12270289
I downloaded and installed the proftpd ....

[root@rhwebapp root]# /usr/local/sbin/proftpd
 - warning: AuthPAMAuthoritative is deprecated
[root@rhwebapp root]# ps -aux | grep ftp
nobody    1346  0.0  0.1  2380 1240 ?        S    13:51   0:00 proftpd: (accepti
root      1348  0.0  0.0  1732  580 pts/0    S    13:51   0:00 grep ftp

it looks okay for me ....   but when I try to ftp to the server it gave
[root@rhwebapp root]# ftp localhost
Connected to localhost (127.0.0.1).
421 Service not available, remote server has closed connection
ftp> quit

What could be the problem?
what about the warning with PAM?
my configuration file (part of it)

# To have more informations about Proftpd configuration
# look at : http://www.proftpd.org/
#
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName                      "THIS FTP SERVER IS RESTRICTED TO AUTHORIZED USERS"
ServerType                      standalone
DefaultServer                   on

# Port 21 is the standard FTP port.
Port                            21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

DebugLevel                     9
SystemLog                      /var/log/proftpdlog
TransferLog                    /var/log/xferlog



# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances                    2

ScoreboardFile                  /var/run/proftpd
RequireValidShell               off

AuthPAMAuthoritative            off

# Set the user and group under which the server will run.
User                            nobody
Group                           nogroup

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~
......
0
 
LVL 25

Author Comment

by:madunix
ID: 12311670
yep it works now added localhost to <LIMIT LOGIN>

I want to enforce my proftpd to listen on another IP A.B.C.D than the primary IP X.Y.Z.W
I mean to listen on another interface with another IP which is not the Primary
can any one help in this issue, where to alocate virtualhost and what should be inside
my config file
----//-------------
ServerName                      "FTP SERVER"
ServerType                      standalone
DefaultServer                   on

# Port 21 is the standard FTP port.
Port                            21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

DebugLevel                     9
SystemLog                      /var/log/proftpdlog
TransferLog                    /var/log/xferlog
MaxInstances                    2

ScoreboardFile                  /var/run/proftpd
RequireValidShell               off

AuthPAMAuthoritative            off

# Set the user and group under which the server will run.
User                            nobody
Group                           nogroup

<Directory />
  AllowOverwrite                on
</Directory>

<Limit LOGIN>
Order allow,deny
Allow from 127.0.0.1,.trusted-domain.org
Deny from all
</Limit>



<Anonymous ~ftp>
   user                  abc
   group                 ftp

   AnonRequirePassword   on
</Anonymous>


<Anonymous ~ftp>
   user                  xyz
   group                 ftp

   AnonRequirePassword   on
</Anonymous>
---------------//-------------------
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12725706
By defualt ProFTP will listen on all IP's. Do you need it not to listen on the primary and only listen on the secondary?
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now