How to install/configure vsftpd on CentOS 5
This tutorial is going to outline the installation and configuration of vsftpd which is a secure and powerful FTP server for Linux based systems.
You will first want to install vsftpd via yum
1 | yum install vsftpd |
After it’s installed, you’ll want to make some configuration changes
First, you will need to stop vsftpd
1 | service vsftpd stop |
Then edit the configuration file via nano
1 | /etc/vsftpd/vsftpd.conf |
You will want to configure the following settings:
1 2 3 | anonymous_enable=NO local_enable=YES write_enable=YES |
Now you will need a username and login – so lets create it
1 | useradd -d /var/www/dir -s /usr/sbin/nologin ftpusername |
Setup the password for the username you just created
1 | passwd ftpusername |
Remember, this user will be assigned access to directory so be sure to adjust this setting to your liking
1 2 | chown -R ftpusername /path/to/dir chmod 775 /path/to/dir |
Now you will want to create a userlist file via nano and then add the username
1 | nano /etc/vsftpd/vsftpd.user |
And then add the username to the file
1 | ftpusername |
Save and exit
Configure the configuration file
1 2 3 4 5 6 7 8 | # the list of users to give access userlist_file=/etc/vsftpd.user # this list is on userlist_enable=YES # It is not a list of users to deny ftp access userlist_deny=NO |
Then make sure the following file looks like this:
1 | nano /etc/shells |
1 2 3 4 5 6 7 8 9 | /bin/ksh /usr/bin/rc /usr/bin/tcsh /bin/tcsh /usr/bin/esh /bin/dash /bin/bash /bin/rbash /usr/sbin/nologin |
Finally, you’re ready to fire things up and give it a shot
1 | service vsftpd start |
Quickly Install a PPTD VPN on your Xen VPS (CentOS 5 x64 and x86_64)
If you are having issues manually installing and configuring a PPTD VPN from scratch, you can take advantage of this shell script that will install everything for you.
Copy and past the following code and save it as a .sh file. Then simply chmod 755 filename.sh and execute the file using sh filename.sh
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 | yum remove -y pptpd ppp iptables --flush POSTROUTING --table nat iptables --flush FORWARD rm -rf /etc/pptpd.conf rm -rf /etc/ppp wget http://www.diahosting.com/dload/dkms-2.0.17.5-1.noarch.rpm wget http://www.diahosting.com/dload/kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm wget http://www.diahosting.com/dload/pptpd-1.3.4-1.rhel5.1.i386.rpm wget http://www.diahosting.com/dload/ppp-2.4.4-9.0.rhel5.i386.rpm yum -y install make libpcap iptables gcc-c++ logrotate tar cpio perl pam tcp_wrappers rpm -ivh dkms-2.0.17.5-1.noarch.rpm rpm -ivh kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm rpm -qa kernel_ppp_mppe rpm -Uvh ppp-2.4.4-9.0.rhel5.i386.rpm rpm -ivh pptpd-1.3.4-1.rhel5.1.i386.rpm mknod /dev/ppp c 108 0 echo 1 > /proc/sys/net/ipv4/ip_forward echo "mknod /dev/ppp c 108 0" >> /etc/rc.local echo "echo 1 > /proc/sys/net/ipv4/ip_forward" >> /etc/rc.local echo "localip 172.16.36.1" >> /etc/pptpd.conf echo "remoteip 172.16.36.2-254" >> /etc/pptpd.conf echo "ms-dns 8.8.8.8" >> /etc/ppp/options.pptpd echo "ms-dns 8.8.4.4" >> /etc/ppp/options.pptpd pass=`openssl rand 6 -base64` if [ "$1" != "" ] then pass=$1 fi echo "vpn pptpd ${pass} *" >> /etc/ppp/chap-secrets iptables -t nat -A POSTROUTING -s 172.16.36.0/24 -j SNAT --to-source `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR==1 { print $1}'` iptables -A FORWARD -p tcp --syn -s 172.16.36.0/24 -j TCPMSS --set-mss 1356 service iptables save chkconfig iptables on chkconfig pptpd on service iptables start service pptpd start echo "VPN service is installed, your VPN username is vpn, VPN password is ${pass}" |
After the installation is complete, the script will display a randomly generated username and password. You can easily change this by editing the file /etc/ppp/chap-secrets and restarting PPTD:
1 | /etc/init.d/pptpd restart |
Changing the default SSH port on your VPS – CentOS 5
This is not in anyway a game changer when it comes to security buy by simply changing your SSH port you can cut down on over 95% of automated brute force attempts. By default SSH utilizes the port 22; here’s how to change it to something else on CentOS:
Login into SSH and edit the sshd_config file which is located in /etc/ssh/.
1 | nano /etc/ssh/sshd_config |
Scroll down until you see the following line:
1 | #Port 22 |
Delete the # symbol and change the 22 to a different port to your liking. It should look like this:
1 | Port 5757 |
Save the file (CTRL-X), Y, and then enter. Finally, you just need to restart SSH
1 | service sshd reload |
Afterwards, it’s important to make sure you open up a new window and attempt to login to your virtual machine using the new port. If you messed things up, you can always login to SolusVM and update your configuration via console.
Test the Disk I/O on your VPS
There are a few commands that allow you to test the disk I/O speeds on your virtual machine. Please note that scores do vary and are not a completely accurate assessment of disk I/O.
1 | dd if=/dev/zero of=/tmp/test bs=64k count=16k conv=fdatasync |
Example output:
1 2 3 4 5 | [root@server~]# dd if=/dev/zero of=/tmp/test bs=64k count=16k conv=fdatasync 16384+0 records in 16384+0 records out 1073741824 bytes (1.1 GB) copied, 4.89845 seconds, 219 MB/s [root@server~]# |
Or you can try hdparm – if it’s not installed, you will need to install it via yum:
1 | yum install hdparm |
1 | hdparm -t /dev/sda1 |
Example output:
1 2 3 | [root@server~]# hdparm -t /dev/sda1 /dev/sda1: Timing buffered disk reads: 1158 MB in 3.01 seconds = 385.34 MB/sec [root@server~]# |
There is an ongoing thread posted on WebHostingTalk which will allow you to compare your score.
CentOS 5.5 + LAMP + Webmin Installation Tutorial
The goal here is to setup Apache, MySQL and PHP which is commonly referred to as a “LAMP” server. Everyone’s requirements are different but this will give you an easy way to get started. You will need a functional server with a fresh, clean installation of CentOS 5.5 to begin.
Installing Apache
You will want to utilize the yum repository for easy installation:
1 | yum install httpd httpd-devel |
Wait for the installation to complete then start up Apache:
1 | /etc/init.d/httpd start |
The location of the Apache configuration file should be located here: /etc/httpd/conf/httpd.conf
If not you can run the following command and SSH which should output the location:
1 | whereis httpd.conf |
Be sure to add the Apache daemon into start-up so it runs automatically after a reboot:
1 | chkconfig httpd on |
Installing MySQL (latest version)
Utilize the yum repository again for quick and easy installation:
1 | yum install mysql mysql-server mysql-devel |
Then run the MySQL daemon:
1 | /etc/init.d/mysqld start |
Add the MySQL daemon into start-up so it runs automatically after a reboot:
1 | chkconfig mysqld on |
If you want to make sure MySQL is running, run the following command:
1 | ps aux | grep mysql |
This step is of unnecessary but it’s just in case you run into any issues.
For security purposes, you will want to change the MySQL root password through the MySQL console:
1 | mysql |
The console should open, then run the following:
1 2 3 | mysql> USE mysql; mysql> UPDATE user SET Password=PASSWORD('<em>password</em>') WHERE user='root'; mysql> FLUSH PRIVILEGES; |
Note: be sure to change the (‘password’) to your liking.
To login into MySQL as root run:
1 | mysql -u root -p |
Once you are logged in you can create a database. I am going to use “blog” as the database name and add the user “john” with full privileges:
1 2 3 4 | mysql > create database blog mysql > GRANT ALL PRIVILEGES ON blog.* TO 'guest'@'localhost' IDENTIFIED BY 'john' WITH GRANT OPTION; mysql> USE mysql; mysql> UPDATE user SET Password=PASSWORD('password') WHERE user='john'; |
And that’s it for MySQL!
Installing PHP
Install PHP through yum with some required modules. These can be changed to meet your requirements but should be sufficient for most setups:
1 | yum install php php-mysql php-common php-gd php-mbstring php-mcrypt php-devel php-xml |
By restarting Apache, PHP should fire up:
1 | /etc/init.d/httpd restart |
Your “public_html” folder or “www” folder is located in the /var/www/html/ directory. To test and see if PHP is working, you will want to create a PHP file with the following code:
1 | <?php phpinfo(); ?> |
I normally call this file, phpinfo.php. You can then access the file through your IP address (eg. http://IPADDRESS/phpinfo.php)
You will want to install phpMyAdmin for easier MySQL DB management. To install simply run:
1 | yum install phpmyadmin |
Then access phpMyAdmin through the following URL: http://ip-address/phpmyadmin
Installing Webmin (Latest Version)
First download the RPM:
1 | wget http://prdownloads.sourceforge.net/webadmin/webmin-1.580-1.noarch.rpm |
Then run the following command:
1 | rpm -U webmin-1.580-1.noarch.rpm |
(latest RPM can be found here: http://www.webmin.com/rpm.html)
The rest of the install will be done automatically to the directory /usr/libexec/webmin, the administration username set to root and the password to your current root password. You should now be able to login to Webmin at the URL http://localhost:10000/. Or if accessing it remotely, replace localhost with your system’s IP address.