View previous topic :: View next topic |
Author |
Message |
HeXiLeD Veteran
Joined: 20 Aug 2005 Posts: 1159 Location: Online
|
Posted: Sun Jul 29, 2007 8:43 pm Post subject: HOW-TO GLFTPD 2.01 - Configurations |
|
|
HOW TO GLFTPD INSTALL , SETUP & UPDATE:
*** Since the almighty godlike #glftpd efnet people are so amazingly helpful i decided to create an how to install glftpd.
*** PLEASE note that you should always read the official docs and have some unix/linux knowledge prior to start the
*** instalation. It does not matter how easy the HOWTO will make things because even if you copy and past everything
*** here and you manage to get glftpd working; you will need to understand how things work to setup your own settings in glftpd
*** I strongly recomend that you do not use any sort of package unix/linux management (apt-get, emerge, yum, pacman,
*** etc) to install glftpd. While there is technicly nothing wrong about doing the install that way you will however
*** be limited in the usage of glftpd regarding its secure versatilities and custom management that will be pre-set
*** by default by your package manager which in some cases (if not all) you canŽt really modify to secure at your own
*** preferences. I also advise to create a unique and restricted user to run ONLY glftpd and that you do a jail
*** install under that user. However creating a user is purely optional and not required.
GENERAL NOTES:
THIS HOWTO is not gentoo specific and can be used with any other unix/linux distro
*** <--- means my comments
$ <--- means unix normal user without root rights
# <--- means root (admin) rights
// <--- commented lines on configuration files which will be ignore by the system
lines with nothing behind mean glftpd install settings
*** If you decide to create a specific user for glftpd do it now. You must be root to create users
*** This is optional and not required. It fits the purpose of securing glftpd shell even more !!!
*** You can skip this step if you want if not; you must be root to create a user. see bellow how.
*** If you created the new user enter his new directory; if not; just ignore this part.
Code: | # cd /home/<username> |
*** Download glftpd binary install package:
Code: | # wget http://www.glftpd.com/files/glftpd-LNX_2.01.tgz |
*** Extract the archive:
*** example :(tar -zxvf glftp-XXX.x.xx.tgz )
Code: | # tar -zxvf glftpd-LNX_2.01.tgz |
*** Enter in the extracted glftpd directory.
Code: | # cd glftpd-LNX_2.01/ |
*** Install the application.
*** You must be root to install glftpd ( ~ # )!
Code: | *** ROOT means ADMIN. You must have administrator rights
*** At this point if you are not root ( # ) you must gain access.
*** Type ¨su¨ or ¨sudo -i¨ to get root rights |
Code: | $ su
Password:******** |
Code: | # ./installgl.sh
### # ##### ##### #### #### ###
# # # # # # # # # # #
# # ### # # # # # #
# ## # # # #### # # #
# # # # # # # # #
### ##### # # # #### #####
--== WE MAKE FILES TRANSFER ==--
-----------------------------------------------------------
GLFTPD INSTALLER v2.0.1 (linux)
Originally done by jehsom and dn.
Made ready for the new era by turranius and psxc.
-----------------------------------------------------------
Before we begin: If this installer fails on your system, please
let the devs know. You find us on irc (efnet) in #glftpd. Thank you.
Also, any bugs found in glftpd itself should be reported either to
the board @ http://www.glftpd.com, in the irc channel, or both.
Press <enter> to continue.
|
1. TCPD SETUP:
--------------
Code: | Do you wish to use tcpd? If you are not sure then you should not
use it. If you decided to change this at a later time, please
search for tcpd in glftpd.docs for the required changes.
Use tcpd? [Y]es [N]o: |
*** If you choose YES and you dont have tcpc installed you will get the following:
*** What is tcpd @ http://en.wikipedia.org/wiki/TCP_Wrapper
Code: | It seems you don't have tcpd installed, install it and try
again, or select not to use it next time. Aborting. |
*** Go back to ./installgl.sh
*** If you choose NO
Code: | Use tcpd? [Y]es [N]o:
Installing glftpd without tcpd. |
2. JAIL SETUP:
--------------
Code: | Do you want to run glftpd in a "Jailed" environment? In this
environment a private directory will be created and glftpd will
be installed inside. Regular shell users will not be able to get
inside this private directory. The glftpd.conf is also moved
inside for added security and a new group will be created so
you and other users you specify can access glftpd through the shell.
Use a jailed environment? [Y]es [N]o: yes |
*** I strongly advise that you use JAIL !!! This is help secure your server
*** Say yes! info @ http://en.wikipedia.org/wiki/FreeBSD_jail
Code: | Creating the jailed environment.
Please enter the private directory to install glftpd inside [/jail]: /home/ftpd |
*** If you get the following output:
Code: | Please enter the private directory to install glftpd inside [/jail]: /home/ftpd
Path already exists. [D]elete it, [A]bort, [T]ry again, [I]gnore? |
*** If you get this output: Path already exists. [D]elete it, [A]bort, [T]ry again, [I]gnore?
*** Ignore it or Delete to continue. If you abort; then go back to ./installgl.sh and restart the install
*** Ignore will continue. Delete will re-create it
Code: | Do you want to create a private group? If you say no then only root will
be able to access glftpd. Otherwise you can add other shell users to the
group so they can access glftpd from the shell.
Use a private group? [Y]es [No]: y |
*** The use of a private group will be of your choice. The more people have access to
*** glftpd box shell group the less secure it will be. Setting to yes will output the following:
Code: | What would you like your private group to be called? [glftpd]: |
*** Press enter for default choice or use your own
*** If you get:
Code: | Warning: Group already exists with the following users: peter, roy, kyle
What would you like to do: [D]elete it, [A]bort, [T]ry again, [I]gnore? |
*** Choose according to your liking.
Code: | Creating private group . . . Done. ( or ) Setting Permissions on /ftpd . . . Done. |
*** If the group did not exist and or had no users before you will be asked the following:
Code: | Who should have access to glftpd? (separate with ,): |
*** Choose which users that have shell access to the box where glftpd runs; to have access
*** and be added to glftpd users group.
*** I added user peter and tester. Peter had a shell account in that box and tester did not.
Code: | Warning: user tester does not exist. Adding anyway.
Setting permissions on /home/ftpd . . . Done. |
3. GLFTPD BASE SETUP:
---------------------
Code: | Please enter the directory inside /home/ftpd to install glftpd to [/glftpd]: |
*** you can choose any name you want. Just press enter if you want /glftpd.
*** The private directory must start with a "/"
Code: | Copying glftpd files to /ftpd/glftpd . . . Done.
Copying required binaries to /ftpd/glftpd/bin:
All binaries successfully copied.
Making glftpd's /dev/null , /dev/zero & /dev/urandom . . . Done. |
4. SERVICE SETUP & MULTI-INSTALL:
---------------------------------
*** THIS IS OPTIONAL. IF YOU ARE UNEXPERIENCED JUST PRESS ENTER TO SKIP THIS
Code: | Enter a service name for glftpd. This name will be used as the
service name mapped to the port in /etc/services, the name
used in your (x)inetd settings, and the name of your config-file.
NOTE: If you (wish to) have multiple instances of glftpd on the
same box, you *must* to change this.
Press <enter> for the default (ftpd)> |
*** If you want to choose your service name other than the default one
*** You will get the following output:
Code: | You did not choose the default servicename for glftpd. If you plan on
having more than one instance of glftpd, you should change the ipc_key.
The ipc_key can be anything you want, but it must be unique. To make
things easy in this installer, you will be provided with 10 choices.
1: 0x0000BABE 2: 0xDEADBABE 3: 0x00C0FFEE 4: 0x12345678
5: 0x87654321 6: 0xBEEFBABE 7: 0xBADCOFEE 8: 0x0000BEEF
9: 0xDEADBEEF 0: 0x0000DEAD (default) |
*** This setting also demands to be specified in glftpd.conf. Check the docs or my
*** glftpd.conf example for this setting.
*** You may choose any of these keys or quit the install and restart ./install.sh
*** once you get to ¨4. SERVICE SETUP & MULTI-INSTALL ¨ go with the default option and
*** press enter or if you choose to use a ipc_key because you might want to run other glftpd
*** servers in the same box later on you can go with choice ¨0¨ (default)
*** This setting is optional !!
*** If the service already existed replace it. (y). If it did not exist you will be sent to step 5.
Code: | The service "glftpd" already exists in /etc/services.
Replace it? (y/n)> y |
5. COMPILING SOURCES & COPYING LIBS:
------------------------------------
Code: | modifying source (bin/sources/glconf.h) ... OK.
Compiling source files in /ftpd/glftpd/bin/sources to /ftpd/glftpd/bin:
ansi2gl .. OK.
dirlogclean .. OK.
dirloglist .. OK.
dirlogscanner .. OK.
dirlogsearch .. OK.
dupeadd .. OK.
dupecheck .. OK.
dupediradd .. OK.
dupelist .. OK.
dupescan .. OK.
flysfv .. OK.
ftpwho .. OK.
glupdate .. OK.
killghost .. OK.
nukelogclean .. OK.
nukelogscanner .. OK.
olddirclean2 .. OK.
undupe .. OK.
userstat .. OK.
weektop .. OK.
All source files successfully compiled.
Copying required shared library files:
ld-linux.so.2: OK
libacl.so.1: OK
libattr.so.1: OK
libncurses.so.5: OK
libselinux.so.1: OK
libsepol.so.1: OK
libcrypt.so.1: OK
libc.so.6: OK
libdl.so.2: OK
libm.so.6: OK
libpthread.so.0: OK
librt.so.1: OK
libcrypto.so.0.9.8: OK
libssl.so.0.9.8: OK
libz.so.1: OK
Copying your system's run-time library linker(s):
(NOTE: Searches can take a couple of minutes, please be patient.)
ld-linux.so.2: OK
Configuring the shared library cache . . . Done.
|
6. PORT AND SYSTEM SETUP:
-------------------------
Code: | Enter the port you would like glftpd to listen on [1337]: |
*** You can just press enter to accecpt this port or simply choose your own port. Lets change it to 2121
*** NOTE: Do not initially put your ftpd on port 21...stick it on a really high port so you know it works
*** You will also have to add this port number to /etc/services or your /etc/xinetd.d/glftpd>
*** Check my xinetd.d-glftpd.txt example !
Code: | Setting userfile permissions . . . Done.
Setting groupfile permissions . . . Done.
Adding glftpd service to /etc/services (as glftpd) . . . Done.
Copying glftpd.conf to /server/glftpd.conf . . . Done.
Do you want to use [I]netd or [X]inetd |
*** The choice is yours. Lets go with with Xinetd. It offers a more secure extension to or version of inetd
*** http://en.wikipedia.org/wiki/Inetd vs http://en.wikipedia.org/wiki/Xinetd
Code: | Do you wish to use European weeks? European weeks starts with a Monday.
This is for glftpd's 'reset' binary (see docs for more info) [Y/N]: |
*** Choose according to your liking.
Code: | Fixing (potential) localtime problems ...
Creating /ftpd/glftpd/etc/localtime
Creating /ftpd/glftpd/usr/lib/zoneinfo
Creating /ftpd/glftpd/usr/share/zoneinfo
Done. |
7. SSL/TLS SETUP:
-----------------
Code: | We will now create a certificate for SSL/TLS support. This step is
required.
Please specify location, inside /home/ftpd/glftpd
to install the cert (ftpd-dsa.pem) [/etc]: |
*** Leave it like this to have the ssl certificates inside glftpd root install
*** If you wish glftpd to use commun ssl certificates also used for other appplications
*** You can specify other ssl certificates in glftpd.conf
Code: | Please specify a generic name for this certificate.
This can be any name but should say something about the ftp server
like the name for it perhaps (press enter for glftpd): |
*** Lets use the name that you used for the server
Code: | Using servbase: glftpd Using openssl: /usr/bin/openssl
Please wait while creating certificate... (will take time!)
1024 semi-random bytes loaded
Generating DSA parameters, 1024 bit long prime
This could take some time
..+.+......+......+....+.+.+...+..+..........+.......+....+..
..+.+.....+....+.......+..................+.............+....
1024 semi-random bytes loaded
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
1024 semi-random bytes loaded
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
.....................................+.......................+
.....................................+.......................+
.....................................+.......................+
Generating DSA key, 1024 bits
Moving ftpd-dsa.pem to /ftpd/glftpd/etc . . . Done
-> IMPORTANT !!!!
-> If you get TLS errors of any kind, read instructions in README.TLS
-> included in this package!
|
8. STARTING GLFTPD:
-------------------
Code: | Copying /etc/resolv.conf to /ftpd/glftpd/etc/resolv.conf . . . Done.
Testing entries in resolv.conf (can take time):
Testing 192.168.2.1 . . . OK.
Configuring xinetd for glftpd . . . Done.
Restarting xinetd . . . Success.
If your system is using RH 7.3, you MUST restart xinetd MANUALLY!
Adding crontab entry to tabulate site stats nightly . . . Done.
chmod'ing the site/ dir . . . Done. |
9. FINISH:
----------
C Code: | ongratulations, glFtpD has been installed. Scroll up and note any errors
that needs fixing. ./installgl.debug contains a log of the installation process.
To get your site running, you must edit /jail/glftpd.conf according to
the instructions in /server/setup/docs/glftpd.docs.
For help, visit #glftpd on EFnet AFTER you've read (not skimmed) the docs/faq.
After configuring glftpd, visit the following websites for additional
scripts to give your site some style!:
Turranius - http://www.grandis.nu/glftpd
Jehsoms - http://runslinux.net/
dn's and ip's - http://www.chimera-coding.com
D-ViBE's collection - http://www.glftpd.at
The official glftpd homepage is located at http://www.glftpd.com
Thanks for your support!
the glFtpD team |
A - CREATING A NEW SSL CERTIFICATE
*** In case you wish to modify anything about your ssl certificate such as RSA vs DSA or it´s amount of bits
*** Inside glftpd install directory you will find a file called ¨create_server_key.sh¨. execute it.
Code: | # ./create_server_key.sh
create_server_key.sh v1.0 by Slask&HoE
Usage: ./create_server_key.sh [rsa] info
info - can be any word, and it should inform the client
about the server he is logging in (for example servername)
rsa - if you dont specify this then DSA key will be created
certificate is for 900 days and is self-signed |
B - UPDATING TO GLFTPD 2.01.1 (psxc-beta)
*** GLFTPd update to non public release of glFTPd 2.01.1 (psxc-beta)
Code: | *** CHANGES:
*** compiled against OpenSSL 0.9.8e (fbsd 6.2) - OpenSSL 0.9.8c (linux)
*** added support for VIA Padlock (only in VIA CPU's)
*** added new option in glftpd.conf - 'denysecurexfers <user/group/flag>' - this will deny crypted transfers |
*** available @ ftp://pzs-ng:pzs-ng@ftp.pzs-ng.com:21021/gl-psxc/
*** Full GLFTPD all versions docs and some scripts mirror @
*** user: glftpd | password: glftpd2.1.1 | host: gnix.myftp.org | port: 65535 | ssl/tls: ON
*** note: max simbultaneos logins: 10 | max same simultaneous ip logins: 2
*** Enter glftpd chroot glftpd install
Code: | # cd /home/ftpd/glftpd |
*** Proceed to download
*** For linux use the following. For OSX & OBSD check: ftp://pzs-ng:pzs-ng@ftp.pzs-ng.com:21021/gl-psxc/
Code: | # wget ftp://pzs-ng:pzs-ng@ftp.pzs-ng.com:21021/gl-psxc/glftpd_v2.01.1-psxc.tgz |
*** Extract the package:
Code: | # tar -zxvf glftpd_v2.01.1-psxc.tgz
glftpd_v2.01.1-psxc
glftpd_v2.01.1-psxc/glftpd-fbsd
glftpd_v2.01.1-psxc/README
glftpd_v2.01.1-psxc/glftpd-lnx
glftpd_v2.01.1-psxc/glftpd_padlock_test.txt |
*** Copy and rename glftpd-lnx to ¨BIN/¨ directory. Note that you will replace the old glftpd 2.01 which
*** is 1.4M size by the new glftpd 2.01.1 (psxc-beta); which is 2M size.
*** Before we replace the old glftpd lets make a backup.
Code: | # mv bin/glftpd bin/glftd-old |
*** Now lets copy the new glftpd 2.01.1 (psxc-beta) to the bin/ directory
Code: | # cp glftpd_v2.01.1-psxc/glftpd-lnx bin/glftpd |
*** Lets also replace glconf.h to the newer glconf.h
Code: | # wget ftp://pzs-ng:pzs-ng@ftp.pzs-ng.com:21021/gl-psxc/glconf.h
# mv glconf.h bin/sources/glconf.h |
C - CRONTAB ENTRY
*** edit crontab and add the following according to your settings and paths !!
Code: | # nano /etc/crontab
// GLFTPD
// 'reset' bin every night at midnight
0 0 * * * /home/ftpd/glftpd/bin/reset -r /home/ftpd/glftpd/glftpd.conf >/home/ftpd/glftpd/ftp-data/logs/reset.log 2>&1 |
D - SETTING XINETD
*** Notes:
Code: | # The following switches can be used in inetd.conf:
# -B This will only allow connections from the port bouncer
# (connecting from localhost [127.0.0.1] will still work)
# -b This allows connections from a port bouncer or direct connections.
# -e This will use european week (Mon-Sun) when modifying stats
# -l Logs new dirs,deleted dirs,nukes,unnukes,logins,logouts to
# /glftpd/ftp-data/logs/glftpd.log and login.log in ascii.
# -L Works just like -l, but it will always log creation and
# deletion of directories to glftpd.log. The -l option only logs
# those if they are in dirlog path (specified in glftpd.conf).
# Most likely, you want to use -l, this is for special cases.
# -i Logs uploads to /glftpd/ftp-data/logs/xferlog.
#
# -I Disables ident lookups. Note that if you use tcpd, it will do
# an ident lookup independently from glftpd.
# -o Logs downloads /glftpd/ftp-data/logs/xferlog.
# -d Logs connections and all user commands to system logs as debug
# (usually /var/log/debug, but refer to your /etc/syslog.conf).
# -r <file> Use alternate glftpd.conf file.
# -t <seconds> Sets the default idle timeout period.
# -T <seconds> Sets the maximum idle timeout period a user may select using
# the 'site idle' command if he/she doesn't have a personal
# idle time set (site change user idle_time xx).
# -n <#> Number of DNS retries, 0 disables DNS resolving.
# -s <path> The full path to the glstrings binary (default is /glftpd/bin/glstrings.bin)
# Example: -s/home/glftpd/bin/myownglstrings.bin
# -x makes glftpd only log ips on errors. (by default everything will be logged)
# -X forces glftpd not to log ips (not even for error messages in login.log) |
*** Add the following line to '/etc/services' or set it like the following example on xinet.d
*** glftpd <Port you want glftpd on>/tcp
Code: | # nano /etc/services |
*** and add a line with
*** NOTE: e.g.: glftpd 8000/tcp # Glftpd
*** NOTE: Do not initially put your ftpd on port 21...stick it on a really high port so you know it works
*** NOTE: DO NOT PUT THE PORT RIGHT NEXT TO ANOTHER PORT, SPACE THEM OUT BY AT LEAST 5-10 PORTS
*** Lets edit/create glftpd xinetd script and you can add the following settings:
Code: | # nano /etc/xinetd.d/glftpd |
Code: | service glftpd
{
// *** The following 5 options are optional
// port = 21 # setting the port here is optional
// log_type = FILE /var/log/glftpd.log # if you want to have xinet to create logs
// bind = <computer-hostame/ip if you want to have glftp on specific ip>
// only_from = <remove to allow all ips to connect or use ip or ip range>
// server = /usr/sbin/tcpd # setting tcpd here is optional
disable = no
flags = REUSE NAMEINARGS
socket_type = stream
protocol = tcp
wait = no
user = root
server_args = /path/to/glftpd/bin/glftpd -X -l -i -o -r /path/to/glftpd.conf -s /path/to/glftpd/bin/glstrings.bin -e
}
|
E - GETTING SCRIPTS/ADDONS
*** http://www.grandis.nu/glftpd & https://glftpd.io/
*** GLFTPD HAS BEEN FULLY INSTALLED AND UPDATED.
*** FOR MORE CHECK THE DOCS AND MY WIKI HERE & HERE FOR GLFTPD CONFIGURATIONS
The latest examples; (if any) can be found here _________________ Do you hear the sound of inevitability?
With age, comes great grumpiness and that, was 20 years ago...
CertFP: becbbd161d5a5c31de3c45171b77bf710911db29 / d985d21f89fe2977b593c4d381a1a86802e62990d9328d893db76d59f9935244
Last edited by HeXiLeD on Tue Sep 17, 2019 2:49 pm; edited 2 times in total |
|
Back to top |
|
|
HeXiLeD Veteran
Joined: 20 Aug 2005 Posts: 1159 Location: Online
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|