Category: Linux

FTP server on Debian

In this page, I will show you how to setup a basic FTP server in Debian. We will be using Pure-FTPd.

Before install, check for existing FTP services.

ps aux | grep ftp

Check if you have an existing FTP server already installed (and not running?). Look for those lines that begins with “i”; that means the package is already installed. The “p” flag means it is a package that you can install.


root@ftp-server:~# aptitude search pure-ftp
p   mysqmail-pure-ftpd-logger                                                                  - real-time logging system in MySQL - Pure-FTPd traffic-logger
p   pure-ftpd                                                                                  - Secure and efficient FTP server
p   pure-ftpd-common                                                                           - Pure-FTPd FTP server (Common Files)
p   pure-ftpd-ldap                                                                             - Secure and efficient FTP server with LDAP user authentication
p   pure-ftpd-mysql                                                                            - Secure and efficient FTP server with MySQL user authentication
p   pure-ftpd-postgresql                                                                       - Secure and efficient FTP server with PostgreSQL user authentication

Install Pure-FTPd server with aptitude install pure-ftpd. The install looks like this.


root@ftp-server:~# aptitude install pure-ftpd
The following NEW packages will be installed:
  openbsd-inetd{a} pure-ftpd pure-ftpd-common{a}
0 packages upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 432 kB of archives. After unpacking 999 kB will be used.
Do you want to continue? [Y/n/?] Y
Get: 1 http://ftp.us.debian.org/debian/ wheezy/main openbsd-inetd amd64 0.20091229-2 [38.1 kB]
Get: 2 http://ftp.us.debian.org/debian/ wheezy/main pure-ftpd-common all 1.0.36-1.1 [185 kB]
Get: 3 http://ftp.us.debian.org/debian/ wheezy/main pure-ftpd amd64 1.0.36-1.1 [209 kB]
Fetched 432 kB in 0s (472 kB/s)
Preconfiguring packages ...
Selecting previously unselected package openbsd-inetd.
(Reading database ... 38866 files and directories currently installed.)
Unpacking openbsd-inetd (from .../openbsd-inetd_0.20091229-2_amd64.deb) ...
Selecting previously unselected package pure-ftpd-common.
Unpacking pure-ftpd-common (from .../pure-ftpd-common_1.0.36-1.1_all.deb) ...
Selecting previously unselected package pure-ftpd.
Unpacking pure-ftpd (from .../pure-ftpd_1.0.36-1.1_amd64.deb) ...
Processing triggers for man-db ...
Setting up openbsd-inetd (0.20091229-2) ...
[ ok ] Stopping internet superserver: inetd.
[info] Not starting internet superserver: no services enabled.
Setting up pure-ftpd-common (1.0.36-1.1) ...
Setting up pure-ftpd (1.0.36-1.1) ...
Starting ftp server: Running: /usr/sbin/pure-ftpd -l pam -O clf:/var/log/pure-ftpd/transfer.log -u 1000 -E -8 UTF-8 -B

You will need to create a new system group for pure-ftpd but before doing that check if there are existing groups. Check /etc/groups if the name of the group you are planning to add already exist.

Create a new system group for pure-ftpd.

groupadd ftpgroup

Create a default FTP user that has no access to home directories and cannot drop into a shell. You will not be prompted to create a password for this user.

useradd -g ftpgroup -d /dev/null -s /etc ftpuser

Create FTP users. You will prompted to create a new password for this user as well. The following example is an existing user and having it point to his existing home directory.

pure-pw useradd elton -u ftpuser -g ftpgroup -d /home/elton

You can create FTP users with storage limits. For more options check out the pure-pw man page, command is man pure-pw.

pure-pw useradd bill -u ftpuser -g ftpgroup -d /home/pubftp/remo -N 10

If you’re like me, you can sometimes create passwords on the fly and right away forget. I mean, it is faster for me to randomly come up with complex passwords and not have to use a password generator. Anyway, If you need to change it-

pure-pw passwd [username]

A reminder that pure-pw passwd is only for changing the FTP password. You still need to use passwd [username] to change users password.

To apply adds and changes with pure-ftpd, don’t forget to issue the command pure-pw mkdb. The version of pure-ftpd that I have, version 1.0.36-1.1 does not need pure-pw mkdb after adding a new user.

User info are stored in the /etc/pure-ftpd/pureftpd.passwd database file. Instead of checking that file, you can also list users with

pure-pw list

If you are looking for info on one specific user, pure-pw show [username]

Here’s an example.


root@ftp-server:~# pure-pw show elton

Login              : elton
Password           : $1$pVSkjNe0$OVr6W4ArAcFTxsXWa8OGR1
UID                : 1001 (ftpuser)
GID                : 1001 (ftpgroup)
Directory          : /home/elton/./
Full name          :
Download bandwidth : 0 Kb (unlimited)
Upload   bandwidth : 0 Kb (unlimited)
Max files          : 0 (unlimited)
Max size           : 0 Mb (unlimited)
Ratio              : 0:0 (unlimited:unlimited)
Allowed local  IPs :
Denied  local  IPs :
Allowed client IPs :
Denied  client IPs :
Time restrictions  : 0000-0000 (unlimited)
Max sim sessions   : 0 (unlimited)

Notice /home/elton/./ in the Directory value. The ./ after the directory path means that chroot will prevent this user from going above or outside that directory. This will make sense when you test FTP login using a FTP client.

To save time, you can test your FTP login and server with

ftp 127.0.0.1

Better still, get FileZilla FTP Client.

To start, stop, restart, force-reload, and view status of pure-ftpd, begin your command with /etc/init.d/pure-ftpd


root@ftp-server:~# /etc/init.d/pure-ftpd
Usage: /etc/init.d/pure-ftpd {start|stop|restart|force-reload|status}

Remember that SFTP and FTPS are not the same. SFTP basically is FTP using SSH while FTPS uses TLS. This means that if you’ve enabled SSH on the server (and for the user), then SFTP (port 22) will work as well.

Filed under: Debian, Linux

Cleaning your Apt

My 16 GB Ubuntu partition has ran of out space. Disk usage analyzer claims that /var/cache/apt is using 669 MB. Time to clean it up my apt with apt-get clean! Basically, apt-get clean removes .deb packages that apt caches when you install or update programs.

elton@laptop:/var/cache$ du -hs
 du: cannot read directory `./ldconfig': Permission denied
 du: cannot read directory `./lightdm/dmrc': Permission denied
 743M .
 elton@laptop:/var/cache$ sudo !!
 sudo du -hs
 743M .
 elton@laptop:/var/cache$ sudo apt-get clean
 elton@laptop:/var/cache$ sudo du -hs
 105M

A few other options:

apt-get autoclean
to remove partial packages from the system
apt-get autoremove to remove packages installed as dependencies after the original package is removed

Filed under: Debian, Linux, Ubuntu

SNMPd in Ubuntu/Debian

Install the SNMP daemon.

aptitude install snmpd

To check which version of SNMP daemon that was installed, run the following

aptitude show snmpd

Make a backup of the original SNMP daemon configuration file.

cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf_ORIGINAL

Modify the SNMP daemon configuration file

vim /etc/snmp/snmpd.conf

The above command should also create the same file, if the configuration file does not exist. Append the following lines. Adjust the values to the SNMP community string that you use. This assumes SNMP version 2


rocommunity public
syslocation "Your Location"
syscontact admin@domain.com

Modify the /etc/default/snmpd file. Duplicate the the following line then uncomment it (the original line). You always want to make a copy of the original line.

SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid'

Append the following to the duplicate line. Basically, point to the SNMP configuration file.

-c /etc/snmp/snmpd.conf'

It should look like the following:

SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf'

Two ways to restart the snmpd service

service restart snmpd

or

/etc/init.d/snmpd restart

While you poll the machine, run this on the server to check the status

tcpdump -i eth0 "src or dst [ip address of SNMP polling server]"

Filed under: Debian, Linux, Ubuntu

TFTP server on Debian

Setting up a TFTP server in Linux is easy. In this case example, I am using Debian. We’re going to install HPA’s TFTP server.

Before installing anything, you should always check if there are existing packages installed. The example below uses aptitude to find out if packages have been installed and it looks like I have tftpd installed with the “i” indicator.


root@tftp-server:~# aptitude search tftpd
p   atftpd                                                                      - advanced TFTP server
p   libnet-tftpd-perl                                                           - Perl extension for Trivial File Transfer Protocol Server
p   tftpd                                                                       - Trivial file transfer protocol server
i   tftpd-hpa                                                                   - HPA's tftp server

Another way is checking the /etc and /etc/default directory if there is anything related to TFTP. Next, check if you have a service related to tftp that is running. If you do, stop the service so you can uninstall it.


root@tftp-server:~# ps aux | grep tftp
root 4390 0.0 0.3 7832 884 pts/0 S+ 20:39 0:00 grep tftp

Tftpd did not work for me so I’m going to remove it.


root@tftp-server:~# aptitude remove tftpd
The following packages will be REMOVED:
libfile-copy-recursive-perl{u} openbsd-inetd{u} tftpd update-inetd{u}
0 packages upgraded, 0 newly installed, 4 to remove and 30 not upgraded.
Need to get 0 B of archives. After unpacking 302 kB will be freed.
Do you want to continue? [Y/n/?] Y
(Reading database ... 38720 files and directories currently installed.)
Removing tftpd ...
Removing openbsd-inetd ...
[ ok ] Stopping internet superserver: inetd.
Removing update-inetd ...
Removing libfile-copy-recursive-perl ...
Processing triggers for man-db ...

Let’s proceed with the install.


root@tftp-server:~# apt-get install tftpd-hpa
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
  pxelinux
The following NEW packages will be installed:
  tftpd-hpa
0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
Need to get 50.7 kB of archives.
After this operation, 145 kB of additional disk space will be used.
Get:1 http://ftp.us.debian.org/debian/ jessie/main tftpd-hpa amd64 5.2+20140608-3                                                                                        [50.7 kB]
Fetched 50.7 kB in 0s (403 kB/s)
Preconfiguring packages ...
Selecting previously unselected package tftpd-hpa.
(Reading database ... 31430 files and directories currently installed.)
Preparing to unpack .../tftpd-hpa_5.2+20140608-3_amd64.deb ...
Unpacking tftpd-hpa (5.2+20140608-3) ...
Processing triggers for man-db (2.7.0.2-5) ...
Processing triggers for systemd (215-17+deb8u5) ...
Setting up tftpd-hpa (5.2+20140608-3) ...
Processing triggers for systemd (215-17+deb8u5) ...
root@tftp-server:~# 

Check if the directory /srv/tftp is created. It should look like this:


root@tftp-server:~# ls -al /srv/
total 12
drwxr-xr-x  3 root root    4096 Nov 11 12:04 .
drwxr-xr-x 22 root root    4096 Nov  9 13:03 ..
drwxr-xr-x  2 root nogroup 4096 Nov 11 12:04 tftp
root@tftp-server:~#

If /srv/tftp directory does not exist or if it does but not does not have the right permissions, you can follow these steps

If /srv/tftp does not exist, create the TFTP root directory for your TFTP server


root@tftp-server:~# cd /srv
root@tftp-server:~# mkdir tftp

Adjust the permissions for the new directory. Open it for everyone.

root@tftp-server:~# chmod 777 /srv/tftp

I’m logged in as root when I created the directory or when I installed the package. This makes the owner root by default. Change the owner of the directory to nobody.


root@tftp-server:/srv# chown nobody:nogroup tftp
root@tftp-server:/srv# ls -al
total 12
drwxr-xr-x  3 root   root    4096 Nov 11 12:04 .
drwxr-xr-x 22 root   root    4096 Nov  9 13:03 ..
drwxrwxrwx  2 nobody nogroup 4096 Nov 11 12:28 tftp

Verify if the TFTP service is running.


root@tftp-server:~# ps aux | grep tftp
root 5847 0.0 0.0 14860 148 ? Ss 20:39 0:00 /usr/sbin/in.tftpd --listen --user tftp --address 0.0.0.0:69 --secure /var/lib/tftpboot
root 5877 0.0 0.3 7832 880 pts/0 S+ 20:41 0:00 grep tftp
root@tftp-server:/etc/default# service tftpd-hpa
Usage: /etc/init.d/tftpd-hpa {start|stop|restart|force-reload|status}
root@tftp-server:~t# service tftpd-hpa status
[ ok ] in.tftpd is running.

The installation of tftpd-hpa created a configuration file located in /etc/default.

To allow upload of new files to the tftp-server, adjust the configuration file /etc/default/tftpd-hpa. Basically, insert -c into TFTP_OPTIONS and set the TFTP_DIRECTORY to point to the directory you created earlier. The configuration should look more like:


# /etc/default/tftpd-hpa
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/srv/tftp"
TFTP_ADDRESS="0.0.0.0:69"
TFTP_OPTIONS="--secure -c"

Restarting is done with service tftpd-hpa restart.


root@tftp-server:~# service tftpd-hpa restart
[ ok ] Restarting HPA's tftpd: in.tftpd.

Check the status again


root@tftp-server:/etc/default# service tftpd-hpa status
● tftpd-hpa.service - LSB: HPA's tftp server
   Loaded: loaded (/etc/init.d/tftpd-hpa)
   Active: active (running) since Fri 2016-11-11 12:14:57 CST; 28s ago
  Process: 3466 ExecStop=/etc/init.d/tftpd-hpa stop (code=exited, status=0/SUCCESS)
  Process: 3471 ExecStart=/etc/init.d/tftpd-hpa start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/tftpd-hpa.service
           └─3477 /usr/sbin/in.tftpd --listen --user tftp --address 0.0.0.0:69 --secure -c /srv/tftp

Nov 11 12:14:57 tftp-server tftpd-hpa[3471]: Starting HPA's tftpd: in.tftpd.
Nov 11 12:14:57 tftp-server systemd[1]: Started LSB: HPA's tftp server.
root@tftp-server:/etc/default#

Most of your questions can be answered by checking the manual

root@tftpd-server:~# man tftpd

If you are using iptables for your firewall, you will need to add support for TFTP. Following is a simple example


IPTABLES=/sbin/iptables

#Load the modules that support TFTP
modprobe ip_conntrack_tftp
modprobe  ip_conntrack_ftp

#Allow TFTP requests from 192.168.1.0/24 network
$IPTABLES -A INPUT -s 192.168.1.0/24 -m tcp -p tcp --dport 69 -j ACCEPT
$IPTABLES -A INPUT -s 192.168.1.0/24 -m tcp -p udp --dport 69 -j ACCEPT

Try testing by creating a test.txt file and see if you can download that from your Cisco router and upload its IOS image, for example.

Filed under: Debian, Linux, Ubuntu

Check Debian version

There are a few ways to check what version of Debian or Debian-based Linux (Ubuntu, etc) that you are using.

cat /etc/debian_version

cat /etc/issue

lsb_release -a

This file may not be available.
cat /etc/lsb-release

Output will look like this

root@unknown_server:~# cat /etc/debian_version
7.5

root@unknown_server:~# cat /etc/issue
Debian GNU/Linux 7 \n \l

root@unknown_server:~# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 7.5 (wheezy)
Release:        7.5
Codename:       wheezy

Filed under: Debian, Linux

Requirements for installing VMware Tools on Linux guests

If you’re running a Linux guest OS with a desktop environment (X-Windows) in ESXi or Workstation, it is beneficial that you install VMware Tools.

A minimal Linux installation with no desktop environment does not enjoy all the benefits of having VMware Tools; simply because there is no X Window System installed. Most of the time, you just SSH into the Linux guest and your client or terminal such as PuTTY, has the features that you need.

However, If you need to, you need the following installed before running vmware-install.pl

gcc
make
linux-headers-$(uname -r)

Installation: VMware Tools for Linux Guests

Filed under: Linux, Virtualization, VMware

DHCP log “not authoritative for subnet…”

Running ISC DHCP server in Debian, I stumbled upon the following log messages while looking for something entirely different:


Jan 18 13:13:45 eltonoverip dhcpd: DHCPRELEASE of 10.19.1.60 from f0:bf:97:dd:6a:a6 via eth1 (not found)
Jan 18 13:13:59 eltonoverip dhcpd: DHCPDISCOVER from f0:bf:97:dd:6a:a6 via eth1
Jan 18 13:13:59 eltonoverip dhcpd: DHCPOFFER on 10.19.1.60 to f0:bf:97:dd:6a:a6 via eth1
Jan 18 13:13:59 eltonoverip dhcpd: DHCPREQUEST for 10.19.1.60 (10.19.1.1) from f0:bf:97:dd:6a:a6 via eth1
Jan 18 13:13:59 eltonoverip dhcpd: DHCPACK on 10.19.1.60 to f0:bf:97:dd:6a:a6 via eth1
Jan 18 13:14:03 eltonoverip dhcpd: DHCPINFORM from 10.19.1.60 via eth1: not authoritative for subnet 10.19.1.0
Jan 18 13:14:06 eltonoverip dhcpd: DHCPINFORM from 10.19.1.60 via eth1: not authoritative for subnet 10.19.1.0

The Fix: I added authoritative; to the DHCP config file /etc/dhcp/dhcpd.conf

Basically, the configuration looks like the following:


subnet 10.19.1.0 netmask 255.255.255.0 {
  option domain-name-servers 10.19.1.1;
  #option routers 10.19.1.1; #temporary network, no routing needed
  range 10.19.1.101 10.19.1.149;
  default-lease-time 1800;
  max-lease-time 1800;
  authoritative;

  host laptop_name {
    hardware ethernet f0:bf:97:ee:8a:b9;
    fixed-address 10.19.1.60;
  }

}

Note that, this has no effect on devices with a statically configured IP address (rogue or not), since they do not make a DHCP request. Now that we have the server set as the authoritative server for that subnet, the server will respond a DHCP NACK message and prompt clients who request an IP address outside of the scope or range to do a DHCP discover.

The example configuration above includes a DHCP reservation, in case you need your DHCP server assign an IP address for a specific client.

Filed under: Debian, Linux

IPTables on the fly

Have you seen the Harrison Ford movie, Firewall? There is a scene when one of the bank’s IT dude is looking at traffic showing a hacker is performing a brute force login. Good ol’ Hollywood tricked non-computer savvy Foxfire-users by simply showing an active Wireshark session. Harrison Ford then shows up and issued a few commands to stall the hacker. Do you know what the command was? He typed ip access-group 0… Whoa! Here it is.

Anyway, I was troubleshooting an email issue and I stumbled upon the following pattern heavily populating /var/log/mail.log

Apr 6 16:06:06 mail pop3d: Disconnected, ip=[::ffff:187.17.80.67]
Apr 6 16:06:06 mail pop3d: Disconnected, ip=[::ffff:187.17.80.67]
Apr 6 16:06:06 mail pop3d: Connection, ip=[::ffff:187.17.80.67]
Apr 6 16:06:06 mail pop3d: LOGIN FAILED, user=root, ip=[::ffff:187.17.80.67]
Apr 6 16:06:06 mail pop3d: LOGIN FAILED, user=root, ip=[::ffff:187.17.80.67]
Apr 6 16:06:06 mail pop3d: LOGIN FAILED, user=root, ip=[::ffff:187.17.80.67]
Apr 6 16:06:06 mail pop3d: Connection, ip=[::ffff:187.17.80.67]
Apr 6 16:06:06 mail pop3d: Disconnected, ip=[::ffff:187.17.80.67]
Apr 6 16:06:06 mail pop3d: Connection, ip=[::ffff:187.17.80.67]

I used the following command to view the log in real-time.
tail -f /var/log/mail.log

To stall it, one of our network ninjas appended the following to our firewall script
iptables -t filter -I INPUT 1 -s 187.17.80.67 -j DROP

Keep in mind that the statement above is not persistent after a reboot. You’ll have to include it into your main (firewall) script that runs automagically on boot.

So who owns 187.17.80.67? You can do a whois 187.17.80.67 and dig 187.17.80.67.

It does seem that the IP address we blocked is possibly another company’s server that might have been compromised.

To learn more about iptables, check this out.
Mastering IPTables Part 1
Mastering IPTables Part 2
Mastering IPTables Final

Filed under: Linux

Change Debian server hostname

Executing the command hostname newHostName alone, apparently, is not enough.

To change the hostname:

1.  Edit /etc/hostname using your favorite text editor. Mine is vi improved vim.

2.  Change the old host name into the new host name in /etc/hosts.  Usually the second line that states 127.0.0.1 oldHostName

3. Issue the command hostname newHostname

4. Log out and then log back in.  No need to restart.

This also works on Debian-based distributions like Ubuntu and Linux Mint.

Filed under: Debian, Linux