2015/03/17

vsftp install on CentOS 7

# install on CentOS 7 without iptables and seLinux 

# install something we need
 
yum install vsftpd gcc pam-devel unzip php -y 
 
# Setup for virtual user 
 
curl 'https://codeload.github.com/tiwe-de/libpam-pwdfile/zip/master' > master.zip 
unzip master.zip 
cd libpam-pwdfile-master/ 
make 
cp pam_pwdfile.so /lib64/security/
mv /etc/pam.d/vsftpd /etc/pam.d/vsftpd.org
echo "auth required /lib64/security/pam_pwdfile.so pwdfile  /etc/vsftpd/users" "" >> /etc/pam.d/vsftpd 
echo  "account required /lib64/security/pam_permit.so" "" >>  /etc/pam.d/vsftpd 

# backup config mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.org

# Setup vsftpd main config
echo "local_umask=022" >> /etc/vsftpd/vsftpd.conf
echo "anonymous_enable=NO" >> /etc/vsftpd/vsftpd.conf
echo "local_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "virtual_use_local_privs=YES" >> /etc/vsftpd/vsftpd.conf
echo "write_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "connect_from_port_20=YES" >> /etc/vsftpd/vsftpd.conf
echo "secure_chroot_dir=/var/run/vsftpd" >> /etc/vsftpd/vsftpd.conf
echo "pam_service_name=vsftpd" >> /etc/vsftpd/vsftpd.conf
echo "guest_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "user_sub_token=$USER" >> /etc/vsftpd/vsftpd.conf
echo "local_root=/data/ftp/$USER" >> /etc/vsftpd/vsftpd.conf
echo "chroot_local_user=YES" >> /etc/vsftpd/vsftpd.conf
echo "hide_ids=YES" >> /etc/vsftpd/vsftpd.conf
echo "user_config_dir=/etc/vsftpd/user_config" >> /etc/vsftpd/vsftpd.conf
echo "allow_writeable_chroot=YES" >> /etc/vsftpd/vsftpd.conf

# Setup up for vsftpd running folder

mkdir -p /var/run/vsftpd
mkdir -p /etc/vsftpd/user_config

# Setup up for ftp user

mkdir -p /ftp/users
chown -Rf ftp:ftp /ftp/users

# Note: this command must turn on "short tag"
sed -i "s/short_open_tag = .*/short_open_tag = On/" /etc/php.ini
# ftp user config
mkdir -p  /etc/vsftpd/user_config/

# ftp user account add
echo "<?php echo 'username:' . crypt('passwd'); ?>"| php >> /etc/vsftpd/users
echo "" >> /etc/vsftpd/users
echo "local_root=/ftp/users/username_home""" >> /etc/vsftpd/user_config/username

# Create ftp user home
mkdir -p /ftp/users/username_home
chown -Rf ftp:ftp /ftp/users/username_home

# setup 
systemctl enable vsftpd.service
systemctl start vsftpd.service

#BTW...... add ftp user shell

echo "<?php echo '$1:' . crypt('$2'); ?>"| php >> /etc/vsftpd/users
echo "" >> /etc/vsftpd/users
#mkdir -p  /etc/vsftpd/user_config/
echo "local_root=/ftp/users/$1" "" >> /etc/vsftpd/user_config/$1
mkdir -p /ftp/users/$1

chown -Rf ftp:ftp /ftp/users/$1

##
firewall-cmd --permanent --add-port=21/tcp 
firewall-cmd --permanent --add-service=ftp
Restart firewall:firewall-cmd --reload

2015/03/13

CentOS 7 Samba 4 Clamav

# install Centos 7
# update os

yum -y update
yum install samba samba-common

mv /etc/samba/smb.conf /etc/samba/smb.conf.org
cat /etc/samba/smb.conf.org |grep -v '#' | grep -v ';'|grep -v '^$' > /etc/samba/smb.conf

vi /etc/samba/smb.conf

[global]
        workgroup = MYGROUP
        server string = Samba Server Version %v
        log file = /var/log/samba/log.%m
        max log size = 50
        security = user
        map to guest = Bad User
        load printers = no

[ftp_upload]
        comment    = FTP upload
        path       = /ftp
        browseable = yes
        writable   = yes
        public     = yes
        readonly   = no


systemctl enable smb.service
systemctl enable nmb.service
systemctl restart smb.service
systemctl restart nmb.service
firewall-cmd --permanent --zone=public --add-service=samba
firewall-cmd --reload

--

# install clamav

vi /etc/yum.repos.d/dag.repo


[dag]

name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag/
gpgcheck=1
gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
enabled=1



yum install clamd
# Update virus database
freshclam
systemctl enable clamd.service