Outline of Steps
- Create a new filesystem for the ftp server.
- Set the SELinux context.
- Install the ftp server.
- Configure the server.
- Change the ftp user's home directory to the new filesystem.
- Add iptables rules.
- Start the firewall on boot.
- Restart the firewall.
- Start the FTP server on boot.
- Start the FTP server now.
mkfs.ext4 -m0 -L FTP /dev/mapper/HelpDeskRHEL6-FTP
mkdir /ftp
echo 'LABEL=FTP /ftp ext4 defaults 1 3' >> /etc/fstab
mount /ftp
mkdir /ftp/public
cd /ftp/public
mkdir upload Documentation InstallMedia kickstart
yum install policycoreutils-python
semanage fcontext -a -t public_content_t /ftp
# stepping over the "lost+found" directory at the top of the /ftp filesystem
semanage fcontext -a -t public_content_t '/ftp/pub(/.*)?'
semanage fcontext -a -t public_content_rw_t '/ftp/pub/upload(/.*)?'
restorecon -R -v '/ftp'
ls -alZ /ftp
setsebool -P allow_ftpd_anon_write=1
yum install vsftpd
cp /usr/share/doc/vsftpd-*/EXAMPLE/INTERNET_SITE_NOINETD/vsftpd.conf /etc/vsftpd/vsftpd.conf
Adjust the values if necessary. In my case I changed the following:
max_clients=10
write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_umask=022
anon_max_rate=0
anon_umask=022
usermod -d /ftp/pub ftp
Load the FTP conneciton tracking module for iptables in the file /etc/sysconfig/iptables-config
IPTABLES_MODULES=”ip_conntrack_ftp”Add the firewall rule to allow "active" FTP connecitons in the file /etc/sysconfig/iptables
-A INPUT -m state –state NEW -m tcp -p tcp –dport 21 -j ACCEPT
chkconfig iptables on
service iptables restart
chkconfig vsftpd on
service vsftpd start
No comments:
Post a Comment