Loading

[NEW SOLN] WEB375 LAB 4 CONFIGURE A VSFTP SERVER IN LINUX

[SOLVED] WEB375 LAB 4 CONFIGURE A VSFTP SERVER IN LINUX: The purpose of this Lab is to configure the vsftp server in Linux. Use the IP addresses that exist when you start Linux.
Virtual Machine Login Information for PLABFED01 and PLABFED02
Username: Student
Password: Password
Username: root
Password: Password

Lab Diagram
During your session you will have access to the following lab configuration.
WINCONSOLE PLABFED01 PLABFED02
The Linux servers also connect to a private network. The IP address of PLABFED01 is 192.168.240.11 and the IP address of PLABFED01 is 192.168.240.12.

Connecting to Your Lab
In this module you will be working on the following equipment to carry out the steps defined in each exercise.

  • WINCONSOLE (Management Server)
  • PLABFED01 (Linux Server)
  • PLABFED02 (Linux Server)

Each exercise will detail which console you are required to work on to carry out the steps.
To start, simply click on the named server from the device list (located on the left hand side of the screen) and click the Power on from the Tools bar. In some cases, the devices may power on automatically.
During the boot up process, an activity indicator will be displayed in the Name tab:

  • Black – Powered Off
  • Orange – Working on your request
  • Green – Ready to access

If the remote console is not displayed automatically in the main window (or popup) click the Connect icon located in the tools bar to start your session.
If the remote console does not appear, please try the following option:

  • Switch between the HTML 5 and Java client versions in the Tools bar.

In the event this does not resolve your connectivity problems, please visit our Help / Support pages for additional resolution options.

[SOLVED] WEB375 LAB 4 CONFIGURE A VSFTP SERVER IN LINUX: TASK A – Read General Background Information on vsftp server:
This is the background information to help you do your Lab. Read this to get a general understanding of how to configure a vsftp server.

  • File Transfer Protocol (FTP) is a client/server protocol for sharing files between machines over a TCP/IP network. This Lab covers the popular vsftp program that comes standard with Fedora 20.
  • There are two kinds of FTP logins that vsftp provides:
    – anonymous FTP – login with the username ‘anonymous’
    – real FTP – login with a real username and password.

Become Familiar with vsftp Files
Setting up the server will be done in two steps: Setting up the configuration files for vsftp, and then starting the vsftp services.

  1. Setting Up the Configuration Files
    There are three main configuration files you will need to edit to set up a vsftpd server:
    • /etc/vsftpd/vsftpd.conf
    • /etc/hosts.allow
    • /etc/hosts.deny
    1. /etc/vsftpd/vsftpd.conf file: This file contains a list of directives that control the behaviors of each user. Below are directives summary tables.
      Real Users vsftp Control Settings
      local_enable=YES Allow any real user FTP access
      userlist_enable=YES Enable the denied access list
      write_enable=YES Enable any form of FTP write command
      local_umask=022 Unmask for local users
      Anonymous Users vsftp Control Settings
      anonymous_enable=YES Allow anonymous FTP
      anon_upload_enable=YES Allow the anonymous FTP user to upload files
      anon_unmask=022 Control the permissions of upload files
      anon_other_write_enable=YES Allow anonymous users to rename or delete any files
      anon_mkdir_write_enable=YES Allow anonymous users to create their own directories
      ASCII Enable Settings
      ascii_download_enable=YES Allow download in ASCII mode
      ascii_upload_enable=YES Allow upload in ASCII mode
      Logging vsftpd Activities
      xferlog_enable=YES Activate logging of uploads/downloads
      xferlog_file=/var/log/vsftpd.log You may override where the log file goes if you like
    2. /etc/hosts.allow and /etc/hosts.deny
      These two files specify which computers on the network can use services on your machine. Each line of the file contains a single entry listing a service and a set of machines.
      When the server gets a request from a machine, it first checks hosts.allow, then checks hosts.deny. It denies access to the matched entries in hosts.deny except the matched entries listed in hosts.allow.
    • /etc/hosts.deny
    To denying everybody:
    vsftpd:ALL
    • /etc/hosts.allow
    To allow access from local host:
    vsftpd: 127.0.0.1
    To allow access from everybody on the 192.168.1.0/24 subnet:
    vsftpd: 192.168.1.
    To allow access from two specific addresses:
    vsftpd: 192.168.1.100 192.168.5.53
    To allow access to everybody:
    vsftpd: ALL
  2. Starting the vsftp Services
    #systemctl start svsftpd
    Note: How to stop, start, and restart vsftpd:
    Command Description
    #systemctl stop vsftpd stop vsftpd
    #systemctl start vsftpd start vsftpd
    #systemctl restart vsftpd restart
    #systemctl status vsftpd Show status

[SOLVED] WEB375 LAB 4 CONFIGURE A VSFTP SERVER IN LINUX: TASK B – Configure Basic Settings for vsftpd Step-By-Step
We start setting up a basic vsftp server. As always when doing any type of system administration, we need to perform them using root account. Use Putty to logon plabfed01 as root.

Step 1: To stop all firewalls or security features, type the following commands:
#systemctl stop firewalld
#systemctl stop iptables
#setsebool -P ftp_home_dir=1

Step 2: Make sure the vsftpd packages are installed. You should be able to discover this with the following command:
#rpm -q vsftpd
If it tells you that vsftpd is not installed, to install it type:
#yum –y install vsftpd

Step 3: The file /etc/vsftpd/vsftpd.conf controls the configuration of vsftp. Use the nano or vi editor to remove the # symbol before each directive (if they are not already done) and set it to YES or NO. We only go over some directives below so you understand how to customize it, and leave the others at the default setup.
#nano /etc/vsftpd/vsftpd.conf

  • To disable access to your vsftpd server for anonymous users, change the directive as seen below:
    Note: To enable the above feature, set anonymous_enable=YES.
  • To allow any user with real user accounts on your system to access the vsftp server, change the directive as seen below:
  • To allow real user write access, so that they can upload material and modify content:
  • All user accounts listed in the file /etc/vsftpd/user_list are denied access. The following line
    in the /etc/vsftpd/vsftpd.conf activates that list.

Check the /etc/vsftpd/user_list file to see which users are denied access to the vsftpd server.
Below is a partial list of the /etc/vsftpd/vsftpd.conf file.
Note: Lines preceded by the # symbol are comments.

Step 4: After modifying the /etc/vsftpd/vsftpd.conf file, start the vsftpd service.
#systemctl start vsftpd
Note: If the file /etc/vsftpd/vsftpd.conf is modified, in order to make it effective, you need to restart the vsftpd.

Step 5: To check vsftpd status type:
#systemctl status vsftpd
An active vsftpd status looks like this:
Note: If vsftpd fails to start, check for errors using command journalctl –xn, fix any typo in the /etc/vsftpd/vsftpd.conf file, and restart the service with command #systemctl restart vsftpd until vsftpd starts successfully.
Below is a sample of journalctl –xn command output without any error.

Step 6: To enable the vsftp server during boot, type the following command:
#systemctl enable vsftpd.service

[SOLVED] WEB375 LAB 4 CONFIGURE A VSFTP SERVER IN LINUX: TASK C –Validation and Testing
Now we need to have two Putty sessions, one logon plabfed01 and the other on plabfed02

  • Use Putty to logon plabfed01 as root.
  • Use Putty to logon plabfed02 as root.

Arrange the terminal so we can switch back and forth easily. See the screenshot below:

Step 1: Create a user account on plabfed01 (vsftp server) using these commands with the password Password:
#useradd usera
#passwd usera

Step 2: Create a user account on plabfed02 (ftp client) using these commands with the password Password:
#useradd userb
#passwd userb

[SOLVED] WEB375 LAB 4 CONFIGURE A VSFTP SERVER IN LINUX: Step 3: Create a test file on plabfed01: Logon to usera on plabfed01 by using su – usera and create a file called hello (use nano hello) with the message “This message is from userA” and save it.

Step 4: Create a test file on plabfed02: Logon to userb on plabfed02 by using su – userb and create a file called hello (use nano hi) with the message “This message is from userB” and save it.
See the screenshot below:

Step 5: We are going to use vsftp to upload the file “hi” from the userb account on plabfed02 (ftp client) to usera account plabfed01 (vsftp server). The resulting screenshot should look like this:

Step 6: We are going to use vsftp to download the file “hello” from the usera account on plabfed01 (vsftp server) to userb account plabfed02 (ftp client). The resulting screenshot should look like this:

Step 7: We are going to test if the anonymous FTP logon worked. It should fail since we disabled anonymous logon. We do this from the userb account on plabfed02. The resulting screenshot should look like this:

[SOLVED] WEB375 LAB 4 CONFIGURE A VSFTP SERVER IN LINUX: TASK D – Lab Report Preparation
Step 1: Be sure in root account on plabfed01. Clear the screen and use the command #tail -4 /etc/passwd file to display its last four lines and capture the Linux desktop. Save this image to your Lab Report document in the space allocated for the #tail -4 /etc/passwd command.

[SOLVED] WEB375 LAB 4 CONFIGURE A VSFTP SERVER IN LINUX: Step 2: Be sure in userb account on plabfed02. Clear the screen, type the command #cat hi to display its contents and capture the Linux desktop. Save this image to your Lab Report document in the space allocated for the hi file.

Step 3: Be sure in root account on plabfed01. Clear the screen and type the command #systemctl status vsftpd to display the vsftpd daemon status and capture the Linux desktop. Save this image to your Lab Report document in the space allocated for the #systemctl status vsftpd command.

Step 4: Be sure in userb account on plabfed02. Clear the screen, then FTP to 192.168.240.11 and logon as usera. Capture the Linux desktop and save this image to your Lab Report document in the space allocated for FTP and logon as usera.

[SOLVED] WEB375 LAB 4 CONFIGURE A VSFTP SERVER IN LINUX: Step 5: Be sure in userb account on plabfed02. Clear the screen, then FTP to 192.168.240.11 and logon as anonymous. Capture the Linux desktop and save this image to your Lab Report document in the space allocated for FTP and logon as anonymous.

Step 6: Configure vsftp allowing anonymous login and test it.

  • Be sure in root account on plabfed01. Configure the vsftp to allow anonymous login.
  • Be sure in userb account on plabfed02. Clear the screen, then FTP to 192.168.240.11 and logon as anonymous. Capture the Linux desktop and save this image to your Lab Report document in the space allocated for FTP and logon as anonymous.

[SOLVED] WEB375 LAB 4 CONFIGURE A VSFTP SERVER IN LINUX: Step 7: Configure vsftp to only disallow usera login and test it.

  • Be sure in root account on plabfed01. Configure the vsftp to only disallow usera login.
  • Be sure in userb account on plabfed02. Clear the screen then FTP to 192.168.240.11 and logon as usera. Capture the Linux desktop and save this image to your Lab Report document in the space allocated for FTP and logon as usera.
Support