You are here: Home / Archives for Devin

Installing ProFTPd on CentOS 6

February 15, 2012 By

ProFTPd is a powerful FTP server. It has a very simple configuration file (/usr/local/etc/proftp.conf) that allows for easy customization. Unfortunately  if you type yum install proftpd, a default CentOS install will return you “No package proftpd available.”  The following is an easy tutorial on how to get ProFTPd on CentOS 6.

  • You will first want to remove any FTP servers currently installed. This will minimize conflicts.
  • Next, you will need to get the ProFTPd tarball. The current version is 1.3.4a

wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4a.tar.gz

  • Move it to /usr/src and untar it.

mv proftpd-1.3.4a.tar.gz /usr/src

cd /usr/src

tar -zxcf proftpd-1.3.4a.tar.gz

  • You will now want to go into the newly created directory and compile ProFTPd.

cd proftpd-1.3.4a

./configure

make

make install

proftpd -v

  • You now have ProFTPd! Since you will most likely use a variation of the basic configuration, copy basic.conf to /etc/proftpd.conf

cp /usr/src/proftpd-1.3.4a/sample-configurations/basic.conf /etc/proftpd.conf

  • You can now configure ProFTPd by editing the proftp.conf file.

nano /etc/proftpd.conf

Filed Under: Knowledge Base

Configuring and L2TP VPN on Ubuntu

February 15, 2012 By

Configure L2TP VPN on Ubuntu

  • Install server with Ubuntu 10.04 LTS and perform update
  • We will need an IPSec daemon to provide encryption and authentication

 sudo aptitude install openswan

  • You will be prompted regarding RSA keys. Since we will be using preshared keys (PSK), say no/skip the RSA prompts
  • Next we will be adjusting /etc/ipsec.conf

 

sudo mv /etc/ipsec.conf /etc/ipsec.conf.old

sudo nano /etc/ipsec.conf

  • Copy and paste the following into /etc/ipsec.conf

version 2.0
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=netkey

conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=[Server IP address]
leftnexthop=[Server Gateway]
leftprotoport=17/1701
right=%any
rightprotoport=17/%any

 

  • Now, we save the preshared key

 sudo mv /etc/ipsec.secrets /etc/ipsec.secrets.old

sudo nano /etc/ipsec.secrets

 

[Server IP address] %any: PSK “[Your preshared key]

  • The preshared key is anything you choose, but be sure to remember it as you will need it for authentication. EG: “testkey”
  • Switch to root and input the following command to make sure that IPSec runs properly

 

sudo su

for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done

su [primary user]

sudo ipsec verify

  • It should say that everything is running properly except for Opportunistic Encryption Support

 

sudo /etc/init.d/ipsec restart

  • Now let’s install and configure L2TP

 

sudo aptitude install xl2tpd

sudo mv /etc/xl2tpd/xl2tpd.conf /etc/xl2tpd/xl2tpd.conf.old

sudo nano /etc/xl2tpd/xl2tpd.conf

  • Paste the following

[global]
ipsec saref = yes

[lns default]
ip range = 10.1.2.2-10.1.2.255
local ip = 10.1.2.1
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

 

  • The ip range is the range of internal ip addresses. The local ip is the internal address of the server itself.
  • Now we acquire and configure PPP

 

sudo aptitude install ppp

sudo nano /etc/ppp/options.xl2tpd

  • Paste the following (don’t worry, the file is supposed to be empty)

require-mschap-v2
ms-dns 8.8.8.8
ms-dns 209.139.209.33
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4

  • Now we will need to create user credentials to be used for the VPN login

 

sudo nano /etc/ppp/chap-secrets

  • In this file, you will see something similar to this. Give it the credentials that you choose and remember them. They will be used every time you access the VPN.

user                      server           password           ip
[username]            [server]        [password]        *

  •  save the file and restart the service

sudo /etc/init.d/xl2tpd restart

If you are using iptables, input the following

 

iptables –table nat –append POSTROUTING – jump MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

  • openswan doesn’t appear to start after rebooting. Add this line to /etc/rc.local

 

sudo nano /etc/rc.local

iptables –table nat –append POSTROUTING –jump MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done

/etc/init.d/ipsec restart

 

*** After creating the VPN, go to the VPN’s properties on the client side. Make sure that your server’s external IP is in the general tab. Next, go to the security tab. Make the “Type of VPN” Layer 2 Tunneling Protocol with IPsec. Then click Advanced settings. Make the preshared key for authentication the same as what you made it on your server. Change data encryption to “optional”. When connecting to the VPN, use the credentials from /etc/ppp/chapsecrets.

You should now be able to connect to the internet through your VPN gateway. If you are able to connect to the VPN, but it is reporting that there is no internet connectivity, rebooting the server will usually fix this.

Filed Under: Knowledge Base

ProFTPd versus vsFTPd

January 21, 2012 By
ProFTPd and vsFTPd are two very popular FTP servers for Unix/Linux systems. Although they are very similar in terms of functionality, there are some notable differences.
The main benefit of ProFTPd is that it has a very easily managed configuration file. The syntax of proftpd.conf is very similar to the Apache configuration file. This makes for a pretty efficient standardization of configuration files. This is easily recognizable because of its modular architechture.
vsFTPd is the default FTP server for Ubuntu, CentOS, Fedora, and Red Hat. This makes it very easy to install in comparison with ProFTPd, but it does not present as easy of a configuration file. vsFTPd is also reported to be more secure.
In my opinion, vsFTPd is the better FTP server. vsFTPd is easier to install and can perform all that you would expect from an FTP daemon while maintaining a solid level of security.
Ultimately, it all comes down to personal preference. Both FTP servers are reliable, powerful, and they support FTP over SSL. When an FTP user is created, their home directory acts as the FTP root directory. When you connect to your server using an FTP client, you will be brought directly to /home/(the ftp user’s directory). This makes for a pretty safe method of operation. Just like with Linux distributions, what is right for one person is not necessarily what is right for someone else. Work with what makes you most comfortable.
Filed Under: Knowledge Base

Worpress Installation and Configuration on CentOS

January 8, 2012 By

Prepare the Prerequisites

  • Install Webmin (instructions: http://www.webmin.com/rpm.html)
  • Configure Linux Firewall to only allow ports 22 (ssh), 10000 (webmin), 21 (ftp) and 80 (web)
  • Install the prerequisites
    yum update
    yum install php mysql-server php-mysql httpd vsftpd ntpdate gd php-gd
  • Install updated version of PHP
    nano /etc/yum.repos.d/CentOS-Testing.repo
    Paste the following (remove any white space at the beginning of each line):

    # CentOS-Testing:
# !!!! CAUTION !!!!
# This repository is a proving grounds for packages on their way to CentOSPlus and CentOS Extras.
# They may or may not replace core CentOS packages, and are not guaranteed to function properly.
# These packages build and install, but are waiting for feedback from testers as to
# functionality and stability. Packages in this repository will come and go during the
# development period, so it should not be left enabled or used on production systems without due
# consideration.
[c5-testing]
name=CentOS-5 Testing
baseurl=http://dev.centos.org/centos/$releasever/testing/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://dev.centos.org/centos/RPM-GPG-KEY-CentOS-testing
includepkgs=php*
  • yum update
  • Lock up MySQL.
    service mysqld start
    /usr/bin/mysql_secure_installation
    (follow the prompts)
  • Create a MySQL database to use with the new wordpress site.  Create a MySQL user/pw to access it.  Localhost access is the only thing you need for a basic install.
  • Create a Linux user for FTP access.  Set yourFTPusername’s  home directory to /home/yoursitename.
  • Set Bootup options to turn off most services.  Make sure httpd (Apache), mysqld, vsftpd and ntpd are all set to start on boot.
  • Turn off SELinux (/etc/selinux/config) or virtual hosting wont work in Apache.  There are workarounds if you want to fight them.  Be careful with CentOS as it has two editable lines lost in a bunch of comments, and it’s easy to edit the wrong one.
  • Point DNS records for yoursitename (A) and www.yoursitename (CNAME) to your server.

Download WordPress

cd /tmp
wget http://wordpress.org/latest.tar.gz
gunzip latest.tar.gz
tar xvf latest.tar
rm -rf latest.tar
mv wordpress /home/yoursitename
chown -R yourFTPusername /home/yoursitename
mv /home/yoursitename/wordpress/wp-config-sample.php /home/yoursitename/wordpress/wp-config.php
mv /home/yoursitename/wordpress/* /home/yoursitename

nano /home/yoursitename/wp-config.php
(and enter your settings from above)

Set up Apache

Create a virtual host for your WordPress site and aim it to /home/yoursitename
Edit /etc/httpd/conf/httpd.conf and add the following directives:

  • ServerAlias (as needed – usually www.yoursitename in addition to ServerName yoursitename)
  • Inside the directory section of your virtual server section, be sure to add AllowOverride All or nothing will work.

Run the WordPress Installer

 

  • Navigate to http://yoursitename in a browser and the installer should load.  It usually runs quickly and with almost no prompts.  Your site should now be live.
  • Test FTP to your site using host: yoursitename and user:yourFTPusername.  Test changing permissions on directories using FTP.  This should work if you’ve done the chown above correctly.

Create a .htaccess File

cd /home/yoursitename
touch .htaccess
chmod 777 .htaccess
nano .htaccess

Paste this:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Remember to change permalink settings in your wp-admin to not just use a number.

For all eSecureData.com dedicated servers which are highly optimized to run WordPress, visit us at www.esecuredata.com.

Filed Under: Knowledge Base