https://briansnelson.com/index.php?action=history&feed=atom&title=Setup_vsftp_with_SELinux
Setup vsftp with SELinux - Revision history
2026-06-04T10:53:08Z
Revision history for this page on the wiki
MediaWiki 1.24.1
https://briansnelson.com/index.php?title=Setup_vsftp_with_SELinux&diff=653&oldid=prev
Brian: /* Configure IPTables for ftp */
2014-04-11T20:27:40Z
<p><span dir="auto"><span class="autocomment">Configure IPTables for ftp</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 20:27, 11 April 2014</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 68:</td>
<td colspan="2" class="diff-lineno">Line 68:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /sbin/iptables -A INPUT -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /sbin/iptables -A INPUT -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /sbin/iptables -A OUTPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /sbin/iptables -A OUTPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"> </del></div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>Allow Passive FTP Connections</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>Allow Passive FTP Connections</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /sbin/iptables -A INPUT -p tcp --sport 1024: --dport 1024:  -m state --state ESTABLISHED -j ACCEPT</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /sbin/iptables -A INPUT -p tcp --sport 1024: --dport 1024:  -m state --state ESTABLISHED -j ACCEPT</div></td></tr>
<!-- diff cache key briansne_wiki-wiki_:diff:version:1.11a:oldid:652:newid:653 -->
</table>
Brian
https://briansnelson.com/index.php?title=Setup_vsftp_with_SELinux&diff=652&oldid=prev
Brian: /* Configure IPTables for ftp */
2014-04-11T20:27:29Z
<p><span dir="auto"><span class="autocomment">Configure IPTables for ftp</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 20:27, 11 April 2014</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 64:</td>
<td colspan="2" class="diff-lineno">Line 64:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /sbin/iptables -A INPUT  -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /sbin/iptables -A INPUT  -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /sbin/iptables -A OUTPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /sbin/iptables -A OUTPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"> </del></div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>Allow Active FTP Connections</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>Allow Active FTP Connections</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /sbin/iptables -A INPUT -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /sbin/iptables -A INPUT -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT</div></td></tr>
<!-- diff cache key briansne_wiki-wiki_:diff:version:1.11a:oldid:651:newid:652 -->
</table>
Brian
https://briansnelson.com/index.php?title=Setup_vsftp_with_SELinux&diff=651&oldid=prev
Brian: /* Configure IPTables for ftp */
2014-04-11T20:26:54Z
<p><span dir="auto"><span class="autocomment">Configure IPTables for ftp</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 20:26, 11 April 2014</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 61:</td>
<td colspan="2" class="diff-lineno">Line 61:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>By default iptables only allows connections from port 22.  This means that we will have to open port 21 and 20.</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>By default iptables only allows connections from port 22.  This means that we will have to open port 21 and 20.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>  /sbin/iptables -<del class="diffchange diffchange-inline">I </del>INPUT -p tcp --dport <del class="diffchange diffchange-inline">20 </del>-m state --state NEW,ESTABLISHED -j ACCEPT</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">Allow FTP connections @ port 21</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>  /sbin/iptables -<del class="diffchange diffchange-inline">I </del>INPUT -p tcp --<del class="diffchange diffchange-inline">dport 21 </del>-m state --state <del class="diffchange diffchange-inline">NEW</del>,ESTABLISHED -j ACCEPT</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>  /sbin/iptables -<ins class="diffchange diffchange-inline">A </ins>INPUT <ins class="diffchange diffchange-inline"> -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"> /sbin/iptables -A OUTPUT </ins>-p tcp --dport <ins class="diffchange diffchange-inline">21 </ins>-m state --state NEW,ESTABLISHED -j ACCEPT</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"> </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">Allow Active FTP Connections</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>  /sbin/iptables -<ins class="diffchange diffchange-inline">A </ins>INPUT -p tcp --<ins class="diffchange diffchange-inline">sport 20 </ins>-m state --state <ins class="diffchange diffchange-inline">ESTABLISHED</ins>,<ins class="diffchange diffchange-inline">RELATED -j ACCEPT</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"> /sbin/iptables -A OUTPUT -p tcp --dport 20 -m state --state </ins>ESTABLISHED -j ACCEPT</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"> </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">Allow Passive FTP Connections</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"> /sbin/iptables -A INPUT -p tcp --sport 1024: --dport 1024:  -m state --state ESTABLISHED -j ACCEPT</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"> /sbin/iptables -A OUTPUT -p tcp --sport 1024: --dport 1024:  -m state --state ESTABLISHED,RELATED -j ACCEPT</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">Now save them</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /etc/init.d/iptables save</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /etc/init.d/iptables save</div></td></tr>
<!-- diff cache key briansne_wiki-wiki_:diff:version:1.11a:oldid:650:newid:651 -->
</table>
Brian
https://briansnelson.com/index.php?title=Setup_vsftp_with_SELinux&diff=650&oldid=prev
Brian: /* Configure IPTables for ftp */
2014-04-11T19:55:21Z
<p><span dir="auto"><span class="autocomment">Configure IPTables for ftp</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 19:55, 11 April 2014</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 63:</td>
<td colspan="2" class="diff-lineno">Line 63:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /sbin/iptables -I INPUT -p tcp --dport 20 -m state --state NEW,ESTABLISHED -j ACCEPT</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /sbin/iptables -I INPUT -p tcp --dport 20 -m state --state NEW,ESTABLISHED -j ACCEPT</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /sbin/iptables -I INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /sbin/iptables -I INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>  /etc/init.<del class="diffchange diffchange-inline">diptables </del>save</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>  /etc/init.<ins class="diffchange diffchange-inline">d/iptables </ins>save</div></td></tr>
<!-- diff cache key briansne_wiki-wiki_:diff:version:1.11a:oldid:649:newid:650 -->
</table>
Brian
https://briansnelson.com/index.php?title=Setup_vsftp_with_SELinux&diff=649&oldid=prev
Brian: /* Configure IPTables for ftp */
2014-04-11T19:54:56Z
<p><span dir="auto"><span class="autocomment">Configure IPTables for ftp</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 19:54, 11 April 2014</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 63:</td>
<td colspan="2" class="diff-lineno">Line 63:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /sbin/iptables -I INPUT -p tcp --dport 20 -m state --state NEW,ESTABLISHED -j ACCEPT</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /sbin/iptables -I INPUT -p tcp --dport 20 -m state --state NEW,ESTABLISHED -j ACCEPT</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /sbin/iptables -I INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /sbin/iptables -I INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>  /<del class="diffchange diffchange-inline">sbin</del>/<del class="diffchange diffchange-inline">iptables </del>save</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>  /<ins class="diffchange diffchange-inline">etc</ins>/<ins class="diffchange diffchange-inline">init.diptables </ins>save</div></td></tr>
<!-- diff cache key briansne_wiki-wiki_:diff:version:1.11a:oldid:648:newid:649 -->
</table>
Brian
https://briansnelson.com/index.php?title=Setup_vsftp_with_SELinux&diff=648&oldid=prev
Brian: Created page with "==Howto Setup vsftp with SELinux== Vsftpd is a fast and secure FTP server. Installing an FTP server can assist you with uploading files to your droplet. This tutorial describ..."
2014-04-11T19:51:16Z
<p>Created page with "==Howto Setup vsftp with SELinux== Vsftpd is a fast and secure FTP server. Installing an FTP server can assist you with uploading files to your droplet. This tutorial describ..."</p>
<p><b>New page</b></p><div>==Howto Setup vsftp with SELinux==<br />
<br />
Vsftpd is a fast and secure FTP server. Installing an FTP server can assist you with uploading files to your droplet. This tutorial describes how to install and set up vsftpd on CentOS 6.<br />
<br />
The first two letters of vsftpd stand for "very secure" and the program was built to have strongest protection against possible FTP vulnerabilities. <br />
<br />
===Step One: Install vsftpd with yum===<br />
<br />
Since vsftpd is included in the default yum repo's we will install this with yum.<br />
<br />
yum install vsftpd -y<br />
<br />
Once the files finish downloading, vsftpd will be on your server. Generally speaking, the server is already configured with a reasonable amount of security. However, it does provide access to anonymous users. We will not be needing the anonymous users, so we must disable this feature.<br />
<br />
vim /etc/vsftpd/vsftpd.conf<br />
<br />
To disable anonymous users with vsftpd adjust the following line to say NO.<br />
<br />
anonymous_enable=NO<br />
<br />
To enable local users to use vsftpd, you will need to change the following values.<br />
<br />
chroot_local_user=YES<br />
<br />
Now you will want to start the service and enable to auto start on bootup<br />
<br />
service vsftpd restart<br />
<br />
and <br />
<br />
chkconfig vsftpd on<br />
<br />
===Configure SELinux for FTP===<br />
<br />
Lets first check and see what the SELinux options are and what the default values are.<br />
<br />
getsebool -a | grep ftp<br />
<br />
You should see something like the following<br />
<br />
allow_ftpd_anon_write --> off<br />
allow_ftpd_full_access --> off<br />
allow_ftpd_use_cifs --> off<br />
allow_ftpd_use_nfs --> off<br />
ftp_home_dir --> off<br />
ftpd_connect_db --> off<br />
ftpd_use_fusefs --> off<br />
ftpd_use_passive_mode --> off<br />
httpd_enable_ftp_server --> off<br />
tftp_anon_write --> off<br />
tftp_use_cifs --> off<br />
tftp_use_nfs --> off<br />
<br />
You will need to adjust the ftp_home_dir option and ftpd_use_passive_mode<br />
<br />
setsebool -P ftp_home_dir on<br />
setsebool -P ftpd_use_passive_mode on<br />
<br />
===Configure IPTables for ftp===<br />
<br />
By default iptables only allows connections from port 22. This means that we will have to open port 21 and 20.<br />
<br />
/sbin/iptables -I INPUT -p tcp --dport 20 -m state --state NEW,ESTABLISHED -j ACCEPT<br />
/sbin/iptables -I INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT<br />
/sbin/iptables save</div>
Brian