Proftpd for CentOS 6

More of a note to self than anything. As usual, YMMV.

1. Add RPMForge repo.

# rpm --import
# wget
# rpm -Uvh rpmforge-release-0.5.3-1.el5.rf.x86_64.rpm
# yum install proftpd -y
# chkconfig --level 345 proftpd on
# /etc/init.d/proftpd restart
# netstat -tnlp|grep proftpd
tcp 0 0 :::21 :::* LISTEN 36615/proftpd

2. Configure iptables.

# iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
# etc/init.d/iptables save; etc/init.d/iptables restart

3. New Linux user.

# useradd foo -p /path/to/home/directory
# passwd foo

4a. Failed login #1; e.g.

Command: USER foo
Response: 331 Password required for foo
Command: PASS ********
Response: 530 Login incorrect.
Error: Critical error: Could not connect to server

4b. Note /var/log/secure erros; e.g.

Oct 29 03:41:07 bar proftpd: PAM unable to dlopen(/lib64/security/ /lib64/security/ cannot open shared object file: No such file or directory
Oct 29 03:41:07 bar proftpd: PAM adding faulty module: /lib64/security/
Oct 29 03:41:07 bar proftpd[36319]: ([]) - USER foo (Login failed): Incorrect password.

4c. Fix PAM config for proftpd-1.3.4a-1.el6.rf.x86_64.

# cat /etc/pam.d/proftpd
auth required item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required
auth include system-auth
account include system-auth
session include system-auth
session required
# /etc/init.d/proftpd restart

4d. Failed login #2; e.g.

Command: PWD
Response: 257 "/" is the current directory
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode.
Command: MLSD
Error: Connection timed out
Error: Failed to retrieve directory listing

4e. Configure passive FTP.

# iptables -A INPUT -p tcp -m multiport --dports 60000:65535 -j ACCEPT
# etc/init.d/iptables save; etc/init.d/iptables restart
# cat /etc/proftpd.conf|grep PassivePort
PassivePorts 60000 65535
# /etc/init.d/proftpd restart

5. Success!

Command: MLSD
Response: 150 Opening ASCII mode data connection for MLSD
Response: 226 Transfer complete
Status: Directory listing successful