2012-06-27

FTP service rising up by CentOS 6.2

Get the minimal ISO image from
ftp://mirror.xxx.yyy/centos/6.2/isos/x86_64/CentOS-6.2-x86_64-minimal.iso
where mirror.xxx.yyy can be checked from mirror list http://www.centos.org/modules/tinycontent/index.php?id=30

have installed...
yalah...




# yum update
# reboot
# yum remove kernel-2.6.32-220.el6.x86_64
# yum install man
# yum install traceroute

# yum install ntp
# vi /etc/ntp.conf
(edit)> server <X.X.X.X>
(edit)> restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# chkconfig --level 3 ntpd on
# service ntpd start

# vi /etc/rsyslog.conf
(uncoment)> $ModLoad imudp.so
(uncoment)> $UDPServerRun 514
# kill -HUP $(cat /var/run/syslogd.pid)

# yum install cronie
# service crond start

# yum install logwatch

# chkconfig --level 3 iptables off
# service iptables stop
# chkconfig --level 3 ip6tables off
# service ip6tables stop

# service --status-all
# chkconfig --list | grep '3:on'
( # find /etc/rc.d/rc3.d/ -name 'S*' | sort )

# chkconfig --level 3 nfslock off
# service nfslock stop
# chkconfig --level 3 rpcbind off
# service rpcbind stop
# chkconfig --level 3 rpcidmapd off
# service rpcidmapd stop
# chkconfig --level 3 rpcgssd off
# service rpcgssd stop
# chkconfig --level 3 netfs off
# service netfs stop
# chkconfig --level 3 fcoe off
# service fcoe stop
# chkconfig --level 3 lldpad off
# service lldpad stop
# chkconfig --level 3 iscsid off
# service iscsid stop
# chkconfig --level 3 iscsi off
# service iscsi stop

# adduser -c "<User Name>" -m -u 1001 -g users -G wheel <login>
# passwd <login>

# vi /etc/aliases; newaliases

# vi /etc/pam.d/su
(uncoment)> auth required pam_wheel.so use_uid

( if sudo installed
# vi /etc/sudoers
(uncoment)> %wheel ALL=(ALL) ALL
)

# vi /etc/ssh/sshd_config
(edit)> PermitRootLogin no
# kill -HUP `cat /var/run/sshd.pid`

# vi /etc/sysconfig/network
(del)> GATEWAY=<X.X.X.X>
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
(del)> DNS1=<X.X.X.X>
(del)> DOMAIN=x.y
...(less /etc/resolv.conf)
# service network restart

# vi /etc/hosts
(edit)> 127.0.0.1 localhost localhost.yyy.local
(edit)> ::1 localhost localhost.yyy.local
(edit)> 192.168.1.1 xxx xxx.yyy.local

# yum install telnet
# yum install bind-utils
# yum install ftp
# yum install elinks

# yum install vsftpd
# chkconfig --level 3 vsftpd on
# setsebool -P ftp_home_dir 1
(“vsftpd 500 OOPS: cannot change directory: /home/<login>” error for local users with SELinux)
# touch /etc/vsftpd/chroot_list
# chmod og-r /etc/vsftpd/chroot_list
# vi /etc/vsftpd/chroot_list
(edit)> <login>
# vi /etc/vsftpd/vsftpd.conf
(edit)> xferlog_std_format=NO
(edit)> ftpd_banner=Welcome to My Nightmare...
(edit)> chroot_local_user=YES
(edit)> chroot_list_enable=YES
(edit)> session_support=YES
(edit)> local_umask=002
# rm /var/log/xferlog
# mkdir /home/ftp
# chcon -h unconfined_u:object_r:user_home_dir_t:s0 /home/ftp/
# mkdir /home/ftp/pub
# vipw
(edit)> ftp:x:14:50:FTP User:/home/ftp/pub:/sbin/nologin
# vi /home/ftp/pub/robots.txt
(edit)> user-agent: *
(edit)> disallow: /
# service vsftpd start

# groupadd --gid 50000 ftpadmin
# groupadd --gid 50001 ftpusers
# useradd --comment "FTP Admin" --uid 50000 --gid ftpadmin --groups ftpusers -M --home /home/ftp --shell /sbin/nologin admin
# passwd admin
# useradd --comment "FTP User1" --uid 50001 --gid ftpusers -M --home /home/ftp/user1 --shell /sbin/nologin user1
# passwd user1
# mkdir /home/ftp/pub/pub
# chgrp ftpadmin /home/ftp/pub/pub
# chmod g+w /home/ftp/pub/pub
# mkdir /home/ftp/user1
# chown user1 /home/ftp/user1/
# chgrp ftpusers /home/ftp/user1/
# chmod o-rx /home/ftp/user1/
# chmod g+w /home/ftp/user1/

...