The candidate should be able to configure an anonymous download FTP server. This objective includes configuring an FTP server to allow anonymous uploads, listing additional precautions to be taken if anonymous uploads are permitted, configuring guest users and groups with chroot jail, and configuring ftpaccess to deny access to named users or groups.
Key files, terms and utilities include:
vsftpd.conf |
FTP is a serveice that uses two ports for communication. It uses a data port and a command port (also known as control port). Port 21 is used for the command port an dport 20 for the data port. FTP has two modes, active and passive FTP. These modes differ in the way connections are initiated, in active mode the server initiates the data connection, in passive mode the client initiates the data connection.
In active mode the client starts a FTP session. This is done by opening a control connection originating on an unprivileged port (>1023) to port 21 on the server. The server sends an ACK to the clients command port and actively opens a data connection originating on port 20 to the next port above the contol connections port on the client. The client sends back an ACK on the data connection.
In passive mode the client starts a FTP session. This is done by opening a control connection originating on an unprivileged port (>1023) to port 21 on the server. The server replies with PORT XXXX where XXX is the port the server listens for the data connection and passively waits for the data connection. The client opens the data connection on the next port above the control connections port to the port specified in the PORT reply on the server. The server sends back an ACK to the client on the data connection.
vsftpd (very secure FTP daemon) is a very popular, versatile, fast and secure FTP server.
vsftpd has packages in the standard repositories for debian and RedHat based distributions and can also be built from source.
Pure-FTPd is a highly fleixble, secure and fast FTP server.
Pure-FTPd has packages in the standard repositories for debian and RedHat based distributions and can also be built from source on BSD(liske) systems and others.