Proftpd for CentOS 6

More of a note to self than anything. As usual, YMMV.

1. Add RPMForge repo.

# rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
# wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el5.rf.x86_64.rpm
# rpm -Uvh rpmforge-release-0.5.3-1.el5.rf.x86_64.rpm
# yum install proftpd -y
# chkconfig --level 345 proftpd on
# /etc/init.d/proftpd restart
# netstat -tnlp|grep proftpd
tcp 0 0 :::21 :::* LISTEN 36615/proftpd

2. Configure iptables.

# iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
# etc/init.d/iptables save; etc/init.d/iptables restart

3. New Linux user.

# useradd foo -p /path/to/home/directory
# passwd foo

4a. Failed login #1; e.g.

Command: USER foo
Response: 331 Password required for foo
Command: PASS ********
Response: 530 Login incorrect.
Error: Critical error: Could not connect to server

4b. Note /var/log/secure erros; e.g.

Oct 29 03:41:07 bar proftpd: PAM unable to dlopen(/lib64/security/pam_stack.so): /lib64/security/pam_stack.so: cannot open shared object file: No such file or directory
Oct 29 03:41:07 bar proftpd: PAM adding faulty module: /lib64/security/pam_stack.so
Oct 29 03:41:07 bar proftpd[36319]: 127.0.0.1 (192.168.128.29[192.168.128.29]) - USER foo (Login failed): Incorrect password.

4c. Fix PAM config for proftpd-1.3.4a-1.el6.rf.x86_64.

# cat /etc/pam.d/proftpd
#%PAM-1.0M-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required pam_shells.so
auth include system-auth
account include system-auth
session include system-auth
session required pam_loginuid.so
# /etc/init.d/proftpd restart

4d. Failed login #2; e.g.

Command: PWD
Response: 257 "/" is the current directory
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode.
Command: MLSD
Error: Connection timed out
Error: Failed to retrieve directory listing

4e. Configure passive FTP.

# iptables -A INPUT -p tcp -m multiport --dports 60000:65535 -j ACCEPT
# etc/init.d/iptables save; etc/init.d/iptables restart
# cat /etc/proftpd.conf|grep PassivePort
PassivePorts 60000 65535
# /etc/init.d/proftpd restart

5. Success!

Command: MLSD
Response: 150 Opening ASCII mode data connection for MLSD
Response: 226 Transfer complete
Status: Directory listing successful

References

http://www.linfo.org/useradd.html
http://pkgs.org/centos-6/repoforge-x86_64/proftpd-1.3.4a-1.el6.rf.x86_64.rpm.html
http://www.proftpd.org/docs/howto/NAT.html
http://blog.redbranch.net/2012/04/17/proftpd-centos-6-pam-unable-to-dlopen-lib64securitypam_stack-so/
http://serverfault.com/questions/594835/what-is-the-correct-way-to-open-a-range-of-ports-in-iptables

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s