Advertisement
mdelatorre

Pure-FTPD + pureadmin (Ftp server with gui)

Sep 12th, 2017
759
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.41 KB | None | 0 0
  1. Pure-FTPD + pureadmin (Ftp server with gui)
  2.  
  3. Install ''Pure-FTPD'' with GUI
  4.  
  5. Install the pure-ftpd package and the pureadmin package from the Universe Repository.
  6.  
  7. sudo apt-get install pure-ftpd pureadmin
  8.  
  9. Then create the user group.
  10.  
  11. sudo groupadd ftpgroup
  12.  
  13. and
  14.  
  15. sudo useradd -g ftpgroup -d /dev/null -s /etc ftpuser
  16.  
  17. in the terminal.
  18.  
  19. Next create your ftpuser directory
  20.  
  21. sudo mkdir /home/ftpusers
  22.  
  23. Then to create a user directory for joe
  24.  
  25. sudo mkdir /home/ftpusers/joe
  26.  
  27. (you can create a directory for each ftp user)
  28.  
  29. Then to add user joe
  30.  
  31. sudo pure-pw useradd joe -u ftpuser -d /home/ftpusers/joe
  32.  
  33. Then to create you user database
  34.  
  35. sudo pure-pw mkdb
  36.  
  37. Then
  38.  
  39. sudo ln -s /etc/pure-ftpd/pureftpd.passwd /etc/pureftpd.passwd
  40.  
  41. and
  42.  
  43. sudo ln -s /etc/pure-ftpd/pureftpd.pdb /etc/pureftpd.pdb
  44.  
  45. and
  46.  
  47. sudo ln -s /etc/pure-ftpd/conf/PureDB /etc/pure-ftpd/auth/PureDB
  48.  
  49. which will create symbolic links between the respective files.
  50.  
  51. Next you need to modify the permissions of /home/ftpusers directory and of any other subdirectories. The owner must be ftpuser while Group must be ftpgroup
  52.  
  53. sudo chown -hR ftpuser:ftpgroup /home/ftpusers/
  54.  
  55. After doing that open up pureadmin in the terminal.
  56.  
  57. gksudo pureadmin
  58.  
  59. and stop firestarter if it is installed.
  60.  
  61. NOTES
  62.  
  63. The user joe is used as an example, you can change user joe and/or add or remove other users through pureadmin.
  64.  
  65. You may need to restart PureFTPD before changes take effect.
  66.  
  67. sudo /etc/init.d/pure-ftpd restart
  68.  
  69.  
  70. SECURITY
  71.  
  72. FTP is by nature a rather unsecure protocol. Add TLS support to prevent your sessions from being vulnerable to man-in-the-middle-attacks
  73.  
  74. sudo apt-get install openssl
  75.  
  76. Enable TLS only mode in Pure-FTPd
  77.  
  78. sudo echo 2 > /etc/pure-ftpd/conf/TLS
  79.  
  80. or for a less secure version that also accepts insecure FTP connections
  81.  
  82. sudo echo 1 > /etc/pure-ftpd/conf/TLS
  83.  
  84. Make a private SSL key
  85.  
  86. sudo mkdir -p /etc/ssl/private/
  87.  
  88. Create your key
  89.  
  90. sudo openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
  91.  
  92. SSL certificates are inherently insecure if other users can read them. You must secure the certificate before it can be used by changing file permissions.
  93.  
  94. sudo chmod 600 /etc/ssl/private/pure-ftpd.pem
  95.  
  96. And now you need to restart Pure-FTPd
  97.  
  98. /etc/init.d/pure-ftpd restart
  99.  
  100. AMAZON AWS SETTINGS
  101.  
  102. If installing on an AWS server, you will need to configure IP address routing information specific to your server. If using the default UBUNTU server, use the following. Note that echo will not properly be able to edit a file unless you are in a sudo shell, which is why we use "sudo bash -c".
  103.  
  104. cd /etc/pure-ftpd/conf
  105. sudo bash -c 'echo "35000 36000" > PassivePortRange'
  106. sudo bash -c 'echo "YOURIPHERE" > ForcePassiveIP'
  107. sudo bash -c 'echo "yes" > DontResolve'
  108.  
  109. These commands will allow most programs, like FileZilla, to connect via FTP passive mode to the server. Amazon AWS servers use internal IP addresses starting with "10." for most things, and you will need to explicitly define this IP address for your FTP software to be able to communicate.
  110.  
  111. Update your Amazon AWS Firewall settings.
  112.  
  113. "Custom TCP Range" 35000 36000
  114. "Custom TCP Range" 21
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement