The guide bellow instruct how to install, configure and secure FTP server called VSFTP, based on RHEL 5.4, enabling only SFTP access to the server.
Installation phase
Login to the server using Root account.
Install from the RHEL 5.4 DVD the following RPM:
rpm -ivh vsftpd-2.0.5-16.el5.i386.rpmCreate a group for FTP users:
groupadd ftp-usersCreate folder for the FTP:
mkdir -p /ftpChange ownership and permissions on the FTP folder:
chown root:ftp-users /ftp chmod 777 -R /ftpExample of user creation:
useradd -g ftp-users -d /ftp user1 passwd user1Edit using VI, the file /etc/vsftpd/vsftpd.conf Change from:
anonymous_enable=YESTo:anonymous_enable=NOChange from:
xferlog_std_format=YESTo:xferlog_std_format=NOChange from:
#tftpd_banner=Welcome to blah FTP service.To:tftpd_banner=Secure FTP serverAdd the lines bellow:
local_root=/ftp userlist_file=/etc/vsftpd/user_list userlist_deny=NO vsftpd_log_file=/var/log/vsftpd.log ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO ssl_ciphers=ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP rsa_cert_file=/etc/vsftpd/vsftpd.pemRun the command bellow to create VSFTP SSL key:
openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pemNote: The command above should written as one line.Edit using VI, the file /etc/vsftpd/user_list and add members of the FTP-Users group to this list.
Run the command bellow to manually start the VSFTP service:
/etc/init.d/vsftpd startRun the command bellow to configure the VSFTP to start at server startup:
chkconfig vsftpd on