MOPSNET Project Documentation

FTP Server

A partial fulfillment of requirements for MOPSNET

Submitted by:
Constantino, Michelle Anne
Tagnipez, Joyce Anne

Submitted to:
Ms. Rossana T. Adao
MOPSNET Professor

September 7, 2013

I.

Introduction
A. Project Background
The early internet was used by primarily by individuals like computer scientists,
engineers, physicists and librarians and contrary to how people knew it of today, it was
not as user friendly as it seem, there were no personal computers and commands were
specific to each system. It was clear back then that a set of commands or protocol was
need to be established.

The FTP protocol was first established in April 16, 1971 by Abhay Bhushan as a part of
Request for Comments section, It underwent revisions and more refinements to the
process involved in protocol until it was implemented with RFC 959 in October 1985.
RFC 959 is now the base specification for FTP.

Concepts explained under RFC 959:

FTP may run either in active or passive mode.

FTP login utilizes normal username and password scheme.

There could also be anonymous FTP access if it is configured to do so.

FTP, like HTTP uses a single socket for both signalling and actual file data.
But when used in active mode, FTP is used as out-of-band control.

B. Current State of Technology

FTP is a standard network protocol used to transfer files from host to host on a TCPbased network (internet).

FTP users may use authentication using a clear text sign-in protocol normally using a
username and a password or may be used anonymously when configured to do such. For
secure transmission which hides or encrypts the information and content, FTP is secured
with SSL/FTS or SFTP.

The first FTP client applications were command line applications before operating
systems had their graphical user interfaces. The protocol is shipped in Windows, Unix
and Linux operating systems. There are various FTP clients and automation utilities
developed for desktops, servers and mobile devices. FTP has also been incorporated to
productivity tools like code editors.

FTP was not designed to be a secure protocol. It is not able to encrypt its traffic and data
can easily be read by anyone who are able to perform packet capture (sniffing) on the
network. A common way to deal with this is through the term secure. TLS-protected
versions of insecure protocols or SFTP/SCP tools included within most implementations
of SSH protocols.

Several Methods of Secure FTP:

FTPS
o

FTPS is an extension of the FTP standard that allows clients to request that
the FTP session be encrypted. It is commonly done by sending the AUTH
TLS command.

SFTP
o

SFTP (SSH File Transfer Protocol) transfers files and has a similar command
set for users.

FTP over SSH (not SFTP)

o

FTP over SSH refers to the practice of tunneling a normal FTP session over
an SSH connection.

C. Functions/Uses
1. FTP is used to share files (computer programs/data)
2. FTP is used to encourage indirect or implicit (via programs) remote use of
computers.
3. FTP shields a user from variation in file storage systems among hosts
4. FTP is used to transfer data efficiently.
II.

Project Description

The vsftpd package is a very secure and small FTP daemon. The vstpd package can
either be installed via tinstallation media or via installing the vsftpd package manager
through the yum install command.

There will be no need to install more repositories as vsftpd is found in the default
updates.

VSFTPD FEATURES:

Virtual IP configurations

Virtual users

Standalone or inetd operation

Per-user configurability

Bandwith throttling

Per-source-IP configurability

Per-Source-IP limits

Encryption support through SSL integration

Alternatives to VSFTPD

ProFTPd is a modular FTP which has been around for a long time. There are a lot of
plugins available for it and its configuration architecture is much like Apaches
under GPL for licensing.

PureFTPd is all about Security which is evident in the low number of CVE entries.
Configuration of PureFTPd is simple and can be done with no-configuration file
option. PureFTPd is available on a number of operating systems but not in Windows.

III.

Project Method
A. Installation and Configuration
Install any operating system first, be it Windows or Linux, FTP service can be activated.
For this project, we used CentOS.
How to install CentOS: Installing CentOS
Check if FTP package is installed
[root@michjoys~]# rpm qa vsftpd*
Check and configure the following files:
-

/etc/sysconfig/network-scripts/ifcfg-etho

/etc/sysconfig/network

/etc/hosts

[root@michjoys~]# yum install -y vsftpd

[root@michjoys~]# Start vsftpd service.
[root@michjoys~]# service vsftpd start
Starting vsftpd for vsftpd:
[ OK ]
[root@michjoys~]# chkconfig vsftpd on
[root@michjoys~]# cat /etc/vsftpd/vsftpd.conf
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022

#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# The target log file can be vsftpd_log_file or xferlog_file.
# This depends on setting xferlog_std_format parameter
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# The name of log file when xferlog_enable=YES and xferlog_std_format=YES
# WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log
#xferlog_file=/var/log/xferlog
#
# Switches between logging into vsftpd_log_file and xferlog_file files.
# NO writes to vsftpd_log_file, YES to xferlog_file
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore

# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
ascii_upload_enable=YES
ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Welcome to MOPSNET FTP SERVICE.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd with two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
use_localtime=YES

[root@michjoys~]# service vsftpd restart

Shutting down vsftpd:
Starting vsftpd for vsftpd:

[ OK ]
[ OK ]

[root@michjoys~]# useradd webone

[root@michjoys~]# passwd webone
Changing password for user webone
New password:
BAD PASSWORD: it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.
---- install FTP package --
root@michjoys~]# yum install -y ftp
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package ftp.i686 0:0.17-51.1.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===============================================================
=================
Package
Arch
Version
Repository
Size
===============================================================
=================
Installing:
ftp
i686
0.17-51.1.el6
localrepo
55 k
Transaction Summary
===============================================================
=================
Install
1 Package(s)
Total download size: 55 k
Installed size: 91 k
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
Installing : ftp-0.17-51.1.el6.i686
1/1
Verifying : ftp-0.17-51.1.el6.i686
1/1
Installed:
ftp.i686 0:0.17-51.1.el6
Complete!

- update SE Linux configuration -- >

[root@michjoys~]# setsebool -P ftp_home_dir on
[root@michjoys~]# ftp 202.87.10.4
Connected to 202.87.10.4 (202.87.10.4).
220 Welcome to the FTP service.
Name (202.87.10.4:root): webone
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/home/webone"
ftp>

B. Network Simulation via Packet Tracer

Creating FTP user:

Click FTP server, click config, click FTP (make sure that the service is on), enter the
username and password, as for this figure the username is student and the password is
student, you can click the permissions they would be granted to do with the FTP service.

(Optional): You can already login via the FTPs IP address, for this case it is ftp
202.87.10.4 but if you intend to login using the hostname, you would need to add a
record to the FTP server, for this illustration you can type the name at ftp.feulocal.com

Accessing the FTP Server

Type ftp 202.87.10.4 and fill in the username and password which would allow you to
log-in.

Transferring files from PC to FTP Server

The main goal of this simulation is to show the process done by the FTP service, first is
to transfer the file from PC to server

Via the Client PC: Write a text file using a text editor, this file will be saved with the file
name project.txt and will be stored in the drive C: of the PC

The objective is to transfer the project.txt to the FTP server. Login to the FTP server with
the username cisco and password as configured. Then type put project.txt

Checking the content of the FTP server via dir command

Getting files from the FTP Server:

Doing this the other way around is you would need to get the files back to the PC:

To transfer files to PC, login as FTP user and type get <filename>.

Points to remember when using FTP service:

Username jenna was logged in to the FTP server and typed in the command delete
project.txt, permission was denied because username jenna only had the read, write and
list permission:

When you are unable to write files because you would not have permissions, you would
most likely get this:

IV.

Discussion of Results
A. Actual Setup (1 Server and 1 Client)
The set-up of the server is to install the FTP server on a laptop and a client with a thirdparty FTP software.

Third party FTP software ease problems in placing files over a remote site.
B. Integration with Other Servers within the Network
DNS must also be created a record of the network (if you are to log-in using the host
name). Firewall for this project was disabled and a switch between computers will be
placed.