This is the first in a series of documents I'm writing on utilizing EnGarde Secure Linux. In this document I show all of the necessary steps to enable the ftp daemon. Since it does not come enabled by default . . .
This is the first in a series of documents I'm writing on utilizing EnGarde Secure Linux. In this document I show all of the necessary steps to enable the ftp daemon. Since it does not come enabled by default it is highly recommended that anybody running EnGarde Secure Linux read this. 
 Introduction ------------   This document provides the steps a user can perform to enable and configure   the ftp daemon (ftpd) for EnGarde Secure Linux 1.0.1 (Finestra).  It is   assumed that the reader is familiar operating as the root user and knows how   to use a text editor such as vi(1) or pico(1).    The proper forum to ask questions is one of the "EnGarde Mailing Lists" (see   "Resources" below).  If you have a problem configuring the ftpd, please send   an email to that list so one of the EnGarde developers can help.   Procedure ---------   Below are the steps you must perform to get the ftpd working.  It is highly   recommended that you follow all of these steps, in order, even though some   of these steps are optional.     Step 1:  Access Control   -----------------------     Before anybody can connect to the ftpd you must first give them access by     editing the file '/etc/hosts.allow'.  You must add a line "vsftpd:" followed     by a list of IP addresses you wish to grant access to.  Some examples:        To allow access from localhost:         vsftpd:  127.0.0.1        To allow access from everybody on the 192.168.1.0/24 subnet:         vsftpd:  192.168.1.        To allow access from two specific addresses:         vsftpd:  192.168.1.100 192.168.5.53        To allow access to everybody:         vsftpd:  ALL     Step 2:  vsftpd Configuration   -----------------------------     vsftpd has three configuration files:        /etc/vsftpd.banned_emails  -- List of anonymous email addresses to deny.       /etc/vsftpd.chroot_list    -- List of local users to chroot.       /etc/vsftpd.conf           -- General configuration options.      To ban a certain anonymous email address such as "mozilla@", simply put it     in this file.  One address per line.      To chroot a local user to their home directory, put their username in this     file.  One username per line.  Please note this only matter is you:        a) are allowing local users to login.       b) have "chroot_local_user=NO" in /etc/vsftpd.conf      The configuration options in the vsftpd.conf are commented quite good, so I     will not go into much detail here.  I will just note a few defauls:        a) anonymous logins are enabled by default       b) anonymous users are chrooted to '/home/ftpsecure'       c) the daemon runs as the user 'ftpsecure'     Step 3:  Enable and Restart xinetd   ----------------------------------     The first step is to make it so xinetd will be enabled "by default".  This     means xinetd will start up whenever the machine is restarted.  To do this,     execute the command:        # chkconfig --add xinetd      The next step is to start up xinetd right now.  To do this, execute the     command:        # /etc/init.d/xinetd start      The ftpd is now running as will accept connections from any of the     addresses you defined in "Step 1".  The ftpd will also start up whenever     the machine is booted.     Step 4:  Populate the Tree   --------------------------     As said in "Step 2", all anonymous users as chrooted to "/home/ftpsecure".     This means they will not be able to access any files outside of that     directory.  You should put all the files you want anonymous ftp users to     see in this directory.      Although not necessary, it is recommended that you set up two files:        /home/ftpsecure/etc/passwd       /home/ftpsecure/etc/group      When an anonymous user issues the command "ls", the ftpd will search these     files to get the userid to username mappings.  If you do not have these     files the user will see something like this (note the '0's):          ftp> ls -la         227 Passive mode engaged (127,0,0,1,30,4)         150 Here comes the directory listing.         -rw-r--r--    1 0        0               0 Apr 13 20:03 that         -rw-r--r--    1 0        0               0 Apr 13 20:03 this         226 Directory send OK.      As a starting point, you can copy the system /etc/passwd to     /home/ftpsecure/etc/passwd and the system /etc/group to     /home/ftpsecure/etc/group.  After this is done you should remove any     users and groups that will not be used in /home/ftpsecure.  For example,     you will probably want to remove the users 'webd', 'halt', 'sync', etc.      A sample /home/ftpsecure/etc/passwd would be:        root::0:0:root:/root:/dev/null       nobody:*:99:99:Nobody:/:       rwm:x:501:502:Ryan W. Maple:/home/rwm:/dev/null       ben:x:500:502:Ben Thomas:/home/ben:/dev/null       dave:x:502:502:Dave Wreski:/home/dave:/dev/null       nick:x:503:502:Nick DeClario:/home/nick:/dev/null       pete:x:504:502:Pete O'Hara:/home/pete:/dev/null       A sample /home/ftpsecure/etc/group would be:        root::0:root       nobody::99:       gdftp::502:dave,nick,pete,ben,rwm       Now when a user executes the command "ls", they will see something like     this (note was was '0' is now 'root'):        ftp> ls -la       227 Passive mode engaged (127,0,0,1,109,222)       150 Here comes the directory listing.       drwxr-xr-x    2 root     root         4096 Apr 13 20:07 etc       -rw-r--r--    1 root     root            0 Apr 13 20:03 that       -rw-r--r--    1 root     root            0 Apr 13 20:03 this       226 Directory send OK.   Resources ---------    EnGarde Mailing Lists:     Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....