Build your own server

Author: Ken Gypen      Editor: Brett Thomas
Published: 5th June 2007
Comments (584) Digg Stumble

FTP Server

Next, we will be adding an FTP server to our build. This is completely optional and therefore not required if you don't need it. It just adds extra functionality to our server. Many people don't see a need for FTP, but there are always the odd times where you wish you had the ability to zip a file over to yourself, or to pull something off of your home computer.

To install this service, I'll only use CLI just to show how easy it is. This is also the way the non-GUI users will install services to their system. Once you've built a few of these, you too may wish to skimp on the extra space and resources that any GUI takes up, at least on your server. So, let's fire up that terminal once again.

Once in the terminal, we have to become root user again, so sudo su. Now it's time for us to install the ftp server. I have chosen Proftpd because of its reliability, security and ease of use. Installing things in the CLI really is as easy as doing it through the GUI. Just type apt-get install proftpd. Apt-get is the command line equivalent of Synaptic - that's all the GUI is really doing!

Build your own server Eff-tee-peeee! Build your own server Eff-tee-peeee!
You'll get lots of information, which you should read, and then you'll be asked if you want to continue. We do, so just hit enter. After a few moments the installer will ask us whether we want the server to run as a standalone server, or through the inetd service. Choose standalone, because of security and manageability reasons.


Build your own server Eff-tee-peeee! Build your own server Eff-tee-peeee!
As with Samba, we need to configure the server. Fire up nano again by issuing nano /etc/proftpd/proftpd.conf. Then just replace the contents with the following:

#
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
# 

ServerName			"FTP Server"
Serverident                     on "FTP"
ServerType			standalone
DeferWelcome			off
TimesGMT                        off


MultilineRFC2228		on
#DefaultServer			on
ShowSymlinks			on

TimeoutNoTransfer		600
TimeoutStalled			600
TimeoutIdle			1200

DisplayLogin                    welcome.msg
DisplayFirstChdir               .message
ListOptions                	"-l"

DenyFilter			\*.*/

AllowForeignAddress             on
AllowRetrieveRestart            on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd		off

# Uncomment this if you would use TLS module:
#TLSEngine 			on

# Uncomment this if you would use quota module:
#Quotas				on

# Uncomment this if you would use ratio module:
#Ratios				on

# Port 21 is the standard FTP port.
Port				21
SocketBindTight                 on

PassivePorts                    11000 20000


# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances			30

# Set the user and group that the server normally runs at.
User				nobody
Group				nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask				022  022
# Normally, we want files to be overwriteable.
AllowOverwrite			on

AllowForeignAddress             on
AllowRetrieveRestart            on
AllowStoreRestart on

# Speed up the server, no DNS lookups, just plain ip's. Turn off when being hax0r3d.
UseReverseDNS off
IdentLookups off

DefaultRoot                     ~
ExtendedLog                     /var/log/proftpd.all ALL


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default. 
DelayEngine 			off

<Anonymous ~ftp>
  User                          ftp
  Group                         nogroup
  UserAlias                     anonymous ftp
  DirFakeUser                   on ftp
  DirFakeGroup                  on ftp
  RequireValidShell             off
  MaxClients                    10
  DisplayLogin                  welcome.msg
  DisplayFirstChdir             .message
  AccessGrantMsg                "Anonymous access granted for user %u connecting."

  MaxClientsPerHost             1

  <Directory>
    #DenyAll
    TransferRate        RETR 50
    <Limit WRITE>
      DenyAll
    </Limit>
  </Directory>

Once you're done, restart the server by typing /etc/init.d/proftpd restart. Proftpd uses the standard password backend, so no extra configuration is required.

Shopping



Dragonage