In this post i will show how to install Very Secure FTP (Vsftpd) and how to configure ftp server in linux Red Hat Enterprise Linux 6 (RHEL 6). Vsftpd is a GPL licensed FTP server for UNIX systems, including Linux. It is secure and extremely fast and it is stable.
As an example I will install and configure the vsftpd server and will also transfer files from the clients running on the Windows XP command prompt.
-A linux server with ip address 192.168.1.43 running on RHEL 6 Operating system -A window client with ip address 192.168.1.52 running on Windows XP Pro -RHEL 6 server Running portmap/rpcbind and xinetd services -Firewall and SElinux should be off on server
How to Install FTP Server in Linux ?
1. Install vsftpd, rpcbind and xinetd service using the following command :
# yum install vsftpd rpcbind xinetd -y
2. Check vsftpd, xinetd and rpcbind/portmap exist and installed on the server :
# chkconfig vsftpd on
# chkconfig xinetd on
# chkconfig rpcbind on
4. Check the xinetd and rpcbind status :
# service xinetd status
xinetd (pid 1326) is running...
# service rpcbind status
rpcbind (pid 1178) is running...
5. Create the a new user named ftpuser and set password :
# useradd ftpuser
# passwd ftpuser
Changing password for user ftpuser.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
6. Login as ftpuser on other terminal and create a new files named “files”.
# su - ftpuser
[ftpuser@rhel6 ~]$ cat > files
This is file created on RHEL 6 ftp server
7. Start the vsftpd service :
# service vsftpd start
Starting vsftpd for vsftpd: [ OK ]
8. Stop the iptables linux firewall and disabled selinux :
# service ip6tables stop
ip6tables: Flushing firewall rules: [ OK ]
ip6tables: Setting chains to policy ACCEPT: filter [ OK ]
ip6tables: Unloading modules: [ OK ]
# service iptables stop
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
# setenforce 0
setenforce: SELinux is disabled
How to Configure FTP Server in Linux ?
9. It’s good to make backup of your original configuration file.
10. login from user account and download the files :
D:\>ftp 192.168.1.43
Connected to 192.168.1.43.
220 (vsFTPd 2.2.2)
User (192.168.1.43:(none)): ftpuser
331 Please specify the password.
Password:
230 Login successful.
ftp> get files
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for files (42 bytes).
226 Transfer complete.
ftp: 42 bytes received in 0.00Seconds 42000.00Kbytes/sec.
ftp> quit
221 Goodbye.
11. Check the contain of downloaded files :
D:\>type files
This is file created on RHEL 6 ftp server
12. By default root account is not allowed to login the vsftpd server as it’s exist in /etc/vsftpd/ftpusers.
D:\>ftp 192.168.1.43
Connected to 192.168.1.43.
220 (vsFTPd 2.2.2)
User (192.168.1.43:(none)): root
530 Permission denied.
Login failed.
ftp>
13. Open /etc/vsftpd/ftpusers file. Remove or comment out the line for user “root” and add “ftpuser” instead. Users whose name are set in this file will not allowed to login from ftp.
[root@rhel6 ~]# vi /etc/vsftpd/ftpusers
# Users that are not allowed to login via ftp
#root
ftpuser
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
14. Open /etc/vsftpd/user_list file. Remove or comment out entry in /etc/vsftpd/user_list files. Remove or comment out the line for user “root” and add “ftpuser” instead. Users whose names are set in this file are also not allowed to login from ftp even they are not prompt for password.
# vi /etc/vsftpd/user_list
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
#root
ftpuser
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
15. Root now allowed to access ftp server :
D:\>ftp 192.168.1.43
Connected to 192.168.1.43.
220 (vsFTPd 2.2.2)
User (192.168.1.43:(none)): root
331 Please specify the password.
Password:
230 Login successful.
ftp> quit
221 Goodbye.
16. ftpuser now not allowed to access ftp server :
D:\>ftp 192.168.1.43
Connected to 192.168.1.43.
220 (vsFTPd 2.2.2)
User (192.168.1.43:(none)): ftpuser
530 Permission denied.
Login failed.
ftp>
17. How to set login banner for ftp server : Open /etc/vsftpd/vsftpd.conf look for “ftpd_banner” :
# vi /etc/vsftpd/vsftpd.conf
Uncomment ftpd_banner and customize the login banner string as below :
# You may fully customise the login banner string:
ftpd_banner=Welcome to eHowStuff.com RHEL6 FTP server
#
18 Restart the ftp service :
# service vsftpd restart
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]
19. Try login to ftp server. Check the banner, it will appear before user login as below :
D:\>ftp 192.168.1.43
Connected to 192.168.1.43.
220 Welcome to eHowStuff.com RHEL6 FTP server
User (192.168.1.43:(none)):
If you encounter any issues on how to configure ftp server in linux, you can put a few questions in the comments below.
Vsftpd stands for Very Secure FTP Daemon. Vsftpd is not just another popular Unix / Linux FTP Server, but vsftpd delivering outstanding performance by taking less memory. It is running under xinetd and allows you run one process less because xinetd is shared among various other small services. For those webmasters or blogger who intend to run web server on Virtual Private Server (VPS) or Dedicated Server, Vsftpd would be the best choice. It is easy to install and can perform all that we expect from an FTP daemon while maintaining a higher level of security if configured properly. This article focuses on and covers the installation and configuration of the FTP server Vsftpd on CentOS Linux VPS.
1. Installing Linux FTP Server, vsftpd using yum command :
# yum install vsftpd -y
2. Makesure that xinetd has been installed :
# rpm -qa xinetd
If not installed, execute the following command :
# yum install xinetd -y
3. Make xinetd and Vsftpd daemon start at boot :
# chkconfig vsftpd on
# chkconfig xinetd on
4. It is recommended to do backup of your original configuration file, before do changes :
a) Uncomment ftpd_banner and customize the login banner string as below :
# You may fully customise the login banner string:
ftpd_banner=Welcome to Linux FTP service.
#
b) This step is to configure not allowed users. By default root account is not allowed to login the vsftpd server as it’s existed on /etc/vsftpd/ftpusers. To allow it, open /etc/vsftpd/ftpusers files and remove or comment on the line of a user “root”. Users whose name are set in this file will not allow to login from ftp.
# cat /etc/vsftpd/ftpusers
# Users that are not allowed to login via ftp
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
6. Test root login from windows command prompt at client PC using user, ehowstuff :
C:\>ftp 192.168.2.54
Connected to 192.168.2.54.
220 Welcome to Linux CentOS FTP service.
User (192.168.2.54:(none)): ehowstuff
331 Please specify the password.
Password:
230 Login successful.
ftp>
If you encounter any issues when setting up linux ftp server, you can put a few questions in the comments below.
Red Hat Enterprise Linux 7 (RHEL 7) and CentOS 7 come with the new naming scheme for the network devices.
These features change the name of network interfaces on a system in order to make the network interfaces fully predictable, fully automatic, easier to differentiate and that broken hardware can be replaced seamlessly.
This affects both network adapters embedded on the motherboard (Lan-on-Motherboard, or additional adapters such as PCI network card and etc.
Traditionally, network interfaces in Linux used eth[0123…]. In RHEL7/CentOS7, the default network interface name is based on firmware, topology, and location information.
The following different naming schemes for network interfaces are now supported by udev natively:
Names incorporating Firmware or BIOS provided index numbers for on-board devices (example: eno1)
Names incorporating Firmware or BIOS provided PCI Express hotplug slot index numbers (example: ens1)
Names incorporating physical location of the connector of the hardware (example: enp2s0)
Names incorporating the interface’s MAC address (example:enx78e7d1ea46da)
The traditional unpredictable kernel-native ethX naming (example: eth0)
The names have two character prefixes based on the type of interface:
ifconfig utility is not installed by default in minimal installation. You can use “ip link show“, “ip addr” or “ip address” to display the auto assigned devices name :
[root@centos7 ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:ba:3e:fe brd ff:ff:ff:ff:ff:ff
[root@centos7 ~]# ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:0c:29:ba:3e:fe brd ff:ff:ff:ff:ff:ff
inet 192.168.0.18/24 brd 192.168.0.255 scope global dynamic ens160
valid_lft 604707sec preferred_lft 604707sec
inet6 fe80::20c:29ff:feba:3efe/64 scope link
valid_lft forever preferred_lft forever
NetHogs is a opensource tools to monitor network bandwidth that was used by the process and program in linux operating system. NetHogs does not rely on a special kernel module to be loaded. When you hit the high network traffic issue on your linux server, you can immediately find which PID is causing the issue. NetHogs will give you real time statistics of your network bandwidth of per process usage. Follow this steps to install NetHogs on linux CentOS 6.5 and the sample nethogs usage.
4. NetHogs command option : There are a few commad options when using nethogs. Using ‘-d‘ to add a refresh rate. As an example, to set 5 seconds as your refresh rate, then type the command as.
[root@oss ~]# nethogs -d 5
Other options :
-d delay for refresh rate.
-h display available commands usage.
-p sniff in promiscious mode (not recommended).
-t tracemode.
-V prints Version info.
5. Monitor specific device (eth0 or eth1) network bandwidth only :
It is very important to know what are the activities for applications and users in linux operating system. This will very useful in later time or in case of problems. For this purpose, i would recommend psacct or acct tools to be install. psacct or acct is a free monitoring program to monitor users and applications activity on linux server. This program will display how long user accessing the server, what command are they issuing, how many processes and display logs for commands. psacct and acct are similar tool, psacct is for RPM based linux but acct is for Debian based.
1. If you are runninng Linux CentOS or Redhat, you should use the following command to install pssacct :
[root@oss ~]# yum install psacct -y
But if you are running debian such as Ubuntu, you should install acct package instead of psacct :
[root@oss ~]# sudo apt-get install acct
2. By default psacct is disabled on Linux. We should manually start it :
[root@oss ~]# /etc/init.d/psacct status
Process accounting is disabled.
[root@oss ~]# /etc/init.d/psacct start
Starting process accounting: [ OK ]
Start acct on Debian :
[root@oss ~]# sudo service acct start
3. The psacct or acct package provides several features for monitoring process activities.
Other usage from that come in psacct or acct package :
ac command prints the statistics of user logins/logouts (connect time) in hours. lastcomm command prints the information of previously executed commands of user. accton commands is used to turn on/off process for accounting. sa command summarizes information of previously executed commands. last and lastb commands show listing of last logged in users.
4. Total Connect Time :
[root@oss ~]# ac
total 103.61
5. Display the statistics for total login time :
[root@oss ~]# ac -d
Dec 7 total 4.15
Dec 8 total 0.01
Jul 18 total 0.01
Aug 5 total 13.19
Aug 7 total 39.29
Aug 10 total 3.33
Aug 11 total 6.41
Aug 12 total 1.84
Aug 13 total 0.22
Aug 16 total 3.30
Aug 17 total 16.56
Aug 18 total 1.99
Aug 19 total 2.77
Today total 10.55
6. Total login statistics of each user :
[root@oss ~]# ac -p
ehowstuff 0.76
root 103.00
total 103.76
7. Print the summary of commands that were executed by users :
9. Use command sa -u to display individual users activity :
[root@oss ~]# sa -u
root 0.00 cpu 981k mem accton
root 0.00 cpu 26288k mem touch
root 0.01 cpu 26576k mem psacct
root 0.00 cpu 1018k mem ac
root 0.00 cpu 1018k mem ac
root 0.00 cpu 1018k mem ac
root 0.00 cpu 1018k mem ac
root 0.00 cpu 1018k mem ac
root 0.00 cpu 1018k mem ac
root 0.00 cpu 1018k mem ac
root 0.00 cpu 1018k mem ac
root 0.00 cpu 1018k mem ac
sshd 0.00 cpu 16992k mem sshd *
root 0.00 cpu 2604k mem id
root 0.00 cpu 2826k mem bash *
root 0.00 cpu 2076k mem hostname
root 0.00 cpu 2826k mem bash *
root 0.00 cpu 1017k mem tty
root 0.00 cpu 1561k mem tput
root 0.00 cpu 2826k mem bash *
root 0.00 cpu 1020k mem dircolors
root 0.00 cpu 2826k mem bash *
root 0.00 cpu 1595k mem grep
root 0.00 cpu 981k mem consoletype
root 0.00 cpu 27040k mem bash *
root 0.00 cpu 26288k mem id
root 0.00 cpu 27040k mem bash *
ehowstuf 0.00 cpu 2604k mem id
ehowstuf 0.00 cpu 2826k mem bash *
ehowstuf 0.00 cpu 2076k mem hostname
ehowstuf 0.00 cpu 2826k mem bash *
ehowstuf 0.00 cpu 2604k mem id
ehowstuf 0.00 cpu 2826k mem bash *
ehowstuf 0.00 cpu 2604k mem id
10. Printing sort by percentage
The command sa -c will show you the highest percentage of users:
Nmon (Nigel’s Monitor) is a great performance monitoring tool for Linux operating system.
It was written initially for AIX to monitor system performance. nmon for Linux can be used to collect informations on CPU, memory, network, disk I/O, top processes etc.
System administrator can use nmon as a tuner or benchmark tool that will provide performance information in one go.
It can output the data on the screen or can be save the data into a comma separated file for analysis and longer term data capture.
q – To stop and exit nmon. h – To see quick help (hint) screen and press h again to remove the hints. Use the following command to turn on or off stats: c – See cpu stats. m – See memory stats. d – See disk stats. k – See kernel stats. n – See network stats. N – See NFS stats. j – See file system stats. t – See top process. V – See virtual memory stats. . – See only busy disks/procs. v – Verbose mode (display as Ok/warning/danger on screen).
Sample outputs :
4. If you prefer to run nmon as a daemon in the background, run the below command, nmon will complete the data file collection and it will save in a file *.nmon file such as oss_140817_2359.nmon with the details of the command as below :
# nmon -f -s2 -c 30
-f : Start data collect mode and output in spreadsheet format.
-s 2 : Wait between 2 seconds or capture data every 2 seconds.
-c30 : Total number of refreshes (30).
Question : How to check when was my linux system last rebooted and how long was the system running ?
Answer : The are several command to check last system rebooted.
1. Check last rebooted using “who -b” command :
[root@server ~]# who -b
system boot 2014-08-16 09:34
2. Check last rebooted using “last reboot” command :
[root@server ~]# last reboot
reboot system boot 2.6.32-431.el6.x Sat Aug 16 09:34 - 01:11 (15:36)
reboot system boot 2.6.32-431.el6.x Tue Aug 12 19:39 - 00:13 (04:33)
reboot system boot 2.6.32-431.el6.x Mon Aug 11 23:08 - 23:59 (00:50)
reboot system boot 2.6.32-431.el6.x Tue Aug 5 11:47 - 05:41 (5+17:54)
reboot system boot 2.6.32-431.el6.x Tue Aug 5 09:03 - 11:18 (02:15)
reboot system boot 2.6.32-431.el6.x Tue Aug 5 08:58 - 09:03 (00:04)
reboot system boot 2.6.32-431.el6.x Fri Jul 18 00:47 - 00:51 (00:04)
reboot system boot 2.6.32-431.el6.x Sun Dec 8 11:22 - 11:23 (00:01)
reboot system boot 2.6.32-431.el6.x Sun Dec 8 10:28 - 10:30 (00:01)
reboot system boot 2.6.32-431.el6.x Sat Dec 7 21:54 - 22:40 (00:46)
reboot system boot 2.6.32-431.el6.x Sat Dec 7 19:46 - 21:54 (02:08)
wtmp begins Sat Dec 7 19:46:12 2013
3. Check how long was the system running using “uptime” command :
AppArmor is a Mandatory Access Control (MAC) and security extension that provides a variety of security policies for Linux kernel. It is an alternative application to SELinux and included with Ubuntu. Most of the time you don’t need it to configure a secure system, and it usually causes more problems because some service wasn’t working as expected. Below steps will show you how to disable and remove AppArmor on Ubuntu 14.04.
Steps to Disable and Remove AppArmor on Ubuntu
1. How to check AppArmor status :
ehowstuff@ubuntu14:~$ sudo apparmor_status
apparmor module is loaded.
4 profiles are loaded.
4 profiles are in enforce mode.
/sbin/dhclient
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/connman/scripts/dhclient-script
/usr/sbin/tcpdump
0 profiles are in complain mode.
1 processes have profiles defined.
1 processes are in enforce mode.
/sbin/dhclient (669)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
2. Disable AppArmor and unload the kernel module by entering the following:
ehowstuff@ubuntu14:~$ sudo apt-get remove apparmor apparmor-utils -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
apparmor apparmor-utils
0 upgraded, 0 newly installed, 2 to remove and 119 not upgraded.
After this operation, 1,467 kB disk space will be freed.
(Reading database ... 93228 files and directories currently installed.)
Removing apparmor-utils (2.8.95~2430-0ubuntu5) ...
Removing apparmor (2.8.95~2430-0ubuntu5) ...
* Clearing AppArmor profiles cache [ OK ]
All profile caches have been cleared, but no profiles have been unloaded.
Unloading profiles will leave already running processes permanently
unconfined, which can lead to unexpected situations.
To set a process to complain mode, use the command line tool
'aa-complain'. To really tear down all profiles, run the init script
with the 'teardown' option."
Processing triggers for man-db (2.6.7.1-1) ...
Note : this steps works on ubuntu 14.04 minimal installation without GUI.
Hdparm is a free tool for linux to measure sequential disk performance which is primarily used to tune and optimize disk parameters or to set and view hard disk drive hardware parameters. It is working on SATA/ATA/IDE/SAS disk. The command below has been tested on CentOS 6.5 and running on VMware ESXi 4.1 virtual machine.
Install the hdparm :
[root@server ~]# yum install hdparm -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* Webmin: download.webmin.com
* base: mirror.upsi.edu.my
* epel: ftp.cuhk.edu.hk
* extras: mirror.upsi.edu.my
* updates: centos.mirror.secureax.com
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package hdparm.x86_64 0:9.43-4.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================
Package Arch Version Repository Size
====================================================================================================
Installing:
hdparm x86_64 9.43-4.el6 base 81 k
Transaction Summary
====================================================================================================
Install 1 Package(s)
Total download size: 81 k
Installed size: 150 k
Downloading Packages:
hdparm-9.43-4.el6.x86_64.rpm | 81 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : hdparm-9.43-4.el6.x86_64 1/1
Verifying : hdparm-9.43-4.el6.x86_64 1/1
Installed:
hdparm.x86_64 0:9.43-4.el6
Complete!
This post will show you the list of ldapsearch examples for 389 Directory. This ldapsearch examples assumes the following:
a)This ldapsearch is search for uid in the directory. b)The 389 directory is configured to not support anonymous access, then the user “Directory Manager” and the password is required c)This ldapsearch command has been run on the 389 server itself, so “localhost” for host is enough. d)The server uses port number 389. Since this is the default port, the port number does not have to be sent in the search request.
-D binddn bind DN
-b basedn base dn for search
-h host LDAP server
-w passwd bind password (for simple authentication)
-W prompt for bind password (Recommended to use this to hide password)
Subversion is a open source version control system that will manages files and will keep the changes made to the files. With Subversion, it can help you to recovers the older files and directories and also to examine the history of your files and directories how they are changed all over time. This post will discuss how you can install and configure Subversion 1.8 on CentOS 6.5
AppArmor is a Mandatory Access Control (MAC) and security extension that provides a variety of security policies for Linux kernel. It is an alternative application to SELinux and included with Ubuntu. Most of the time you don’t need it to configure a secure system, and it usually causes more problems because some service wasn’t working as expected. Below steps will show you how to disable and remove AppArmor on Ubuntu 14.04.