Install Vsftpd with SElinux

Install vsftpd
Before installing new software, it’s always best practice to run updates:
yum -y update
Then install vsftpd and any required packages:
yum -y install vsftpd

Configure vsftpd
Now let’s edit the configuration file for vsftpd. Open the file with the following command:
vim /etc/vsftpd/vsftpd.conf

Edit the values to below:

anonymous_enable=NO
local_enable=YES
write_enable=YES
chroot_local_user=YES
ftpd_banner=Not Showing You
allow_writeable_chroot=YES

Then set the vsftpd service to start at boot, Restart and Enable the vsftpd service:

systemctl enable vsftpd
systemctl restart vsftpd

Allow vsftpd Through the Firewall
Firewalld:
Allow the default FTP port, port 20, 21:

firewall-cmd --permanent --add-port=21/tcp
firewall-cmd --permanent --add-port=20/tcp
firewall-cmd --reload

Iptables:
Enable Modules:

vi /etc/sysconfig/iptables-config
IPTABLES_MODULES="ip_conntrack_ftp"

iptables -I INPUT -p tcp --dport 21 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --sport 20 -j ACCEPT
systemctl restart iptables

SELinux:
setsebool -P ftp_home_dir on
setsebool -P allow_ftpd_full_access on

Create FTP User:

group add ftpuser
useradd -g ftpuser ftpjohn
passwd ftpjohn
usermod -s /sbin/nologin ftpjohn
chmod 744 /home/ftpjohn

FTP Access Test:
ftp username@hostname/ipaddress

Problem:

Firewall

Error:229 Entering Extended Passive Mode (|||62716|). 
ftp: Can't connect to `ipaddress': Connection refused 
500 Illegal PORT command. 
This is most probably an firewall issue. Refer to IPtables section above.

SElinux

Error: 500 OOPS: cannot change directory:/home/user

check selinux ftp settings:

getsebool -a | grep ftp

Enable for FTP:

setsebool -P allow_ftpd_full_access on
setsebool -P ftpd_use_passive_mode on
setsebool -P ftp_home_dir on

 

Be the first to comment

Leave a Reply

Your email address will not be published.


*