Now that you have a working server that is secured and backed up, you'll want to upload your web content to the server. When you think of transferring files, you probably think of the File Transfer Protocol (FTP) because it has been around for so long. While simple to use, FTP has become obsolete because it lacks the ability for secure file transfers.
Instead, we recommend installing and using a secure file transfer mechanism, and we will introduce you to a few of them in this guide. This article will show you how to install vsftpd (very secure FTP daemon), and will walk you through setting the daemon to work on reboot.
Luckily for us CentOS makes this super easy with the group install available in YUM. No need to search out all the dependencies and added features you might want. Use the following command to install everything you'll need:
sudo yum install vsftpd
The service command makes life simple in CentOS, here is how you startup vsftpd:
sudo service vsftpd start
Wow, that was quick, we've got a working install of vsftpd already on the server. Lets go ahead and make a couple of configuration changes for security and convenience.
The 'chkconfig' tool in CentOS is your friend, you can use this tool to check which services will start on boot and on which run level they'll start with. To get Vsftpd to start on the most common run levels(3,4,5) you can use:
sudo chkconfig vsftpd on
Verify the "on" status by checking the complete chkconfig output:
or for specific output
chkconfig --list vsftpd
The standard vsftpd configuration file and all subsequent files for CentOS will reside in /etc/vsftpd/ the most important being vsftpd.conf. We need to make two changes to this file for security and convenience:
OPEN up /etc/vsftpd/vsftpd.conf in your favorite editor:
Change: # Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=YES
# Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=NO
# You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). chroot_list_enable=YES # (default follows) chroot_list_file=/etc/vsftpd/chroot_list
# You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). chroot_list_enable=NO # (default follows) chroot_list_file=/etc/vsftpd/chroot_list
sudo touch /etc/vsftpd/chroot_list
iptables -I RH-Firewall-1-INPUT 1 -p tcp --dport 3000:3050 -j ACCEPT iptables -I RH-Firewall-1-INPUT -m tcp -p tcp --dport 21 -j ACCEPT
iptables -I INPUT -m tcp -p tcp --dport 21 -j ACCEPT
iptables -I INPUT 1 -p tcp --dport 3000:3050 -j ACCEPT
© 2011-2013 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License