Preparing the Build enviroment
Install the CentOS development toolchain.
yum -y groupinstall 'Development Tools'
Install the MariaDB development files.
yum -y install mariadb-devel
Download the pure-ftpd source files and unpack the archive.
cd /usr/local/src
wget http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.36.tar.bz2
tar xvjpf pure-ftpd-1*.tar.bz2
cd pure-ftpd-1*
Run the configure command to prepare the build. To get a overview of all compile ptions, run ./configure --help.
./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/usr/libexec --datadir=/usr/share --sysconfdir=/etc --sharedstatedir=/usr/com --localstatedir=/var --libdir=/usr/lib64 --includedir=/usr/include --infodir=/usr/share/info --mandir=/usr/share/man --with-mysql --with-virtualchroot --with-everything
and compile the pure-ftpd binary:
make
make install
Create config files and startscripts
First we create the start script. For this build I will use the start script from CentOS 6.5 which still works fine on CentOS 7.
nano /etc/init.d/pure-ftpd
#!/bin/bash
#
# Startup script for the pure-ftpd FTP Server $Revision: 1.1 $
#
# chkconfig: - 85 15
# description: Pure-FTPd is an FTP server daemon based upon Troll-FTPd
# processname: pure-ftpd
# pidfile: /var/run/pure-ftpd.pid
# config: /etc/pure-ftpd/pure-ftpd.conf
# Source function library.
. /etc/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is configured.
# [ ${NETWORKING} = "no" ] && exit 0
RETVAL=0
prog="pure-ftpd"
# Path to the pure-ftp binaries.
fullpath=/usr/sbin/pure-ftpd
pureftpwho=/usr/sbin/pure-ftpwho
pure_config=/etc/pure-ftpd/pure-ftpd.conf
pure_launch_script=/usr/sbin/pure-config.pl
start() {
echo -n $"Starting $prog: "
daemon "$pure_launch_script $pure_config --daemonize > /dev/null"
RETVAL=$?
[ $RETVAL = 0 ] && touch /var/lock/subsys/pure-ftpd
echo
}
stop() {
echo -n $"Stopping $prog: "
killproc pure-ftpd
RETVAL=$?
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/pure-ftpd
echo
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
reload)
echo -n $"Reloading $prog: "
killproc pure-ftpd -HUP
RETVAL=$?
echo
;;
condrestart)
if [ -f /var/lock/subsys/pure-ftpd ] ; then
stop
# avoid race
sleep 3
start
fi
;;
status)
status pure-ftpd
RETVAL=$?
if [ -f $pureftpwho ] && [ $RETVAL -eq 0 ] ; then
$pureftpwho
fi
;;
*)
echo $"Usage: pure-ftpd {start|stop|restart|reload|condrestart|status}"
RETVAL=1
esac
exit $RETVAL
chmod +x /etc/init.d/pure-ftpd
mkdir /etc/pure-ftpd/
cp configuration-file/pure-ftpd.conf /etc/pure-ftpd/pure-ftpd.conf
cp configuration-file/pure-config.pl /usr/sbin/pure-config.pl
chmod 744 /etc/pure-ftpd/pure-ftpd.conf
chmod 755 /usr/sbin/pure-config.pl
Then create the system startup links and start PureFTPd:
chkconfig --levels 235 pure-ftpd on
systemctl start pure-ftpd.service
Now we configure PureFTPd to allow FTP and TLS sessions. FTP without TLS is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure.
OpenSSL is needed by TLS; to install OpenSSL, we simply run:
yum -y install openssl
Open /etc/pure-ftpd/pure-ftpd.conf...
vi /etc/pure-ftpd/pure-ftpd.conf
If you want to allow FTP and TLS sessions, set TLS to 1:
[...] # This option can accept three values : # 0 : disable SSL/TLS encryption layer (default). # 1 : accept both traditional and encrypted sessions. # 2 : refuse connections that don't use SSL/TLS security mechanisms, # including anonymous sessions. # Do _not_ uncomment this blindly. Be sure that : # 1) Your server has been compiled with SSL/TLS support (--with-tls), # 2) A valid certificate is in place, # 3) Only compatible clients will log in. TLS 1 [...]
In order to use TLS, we must create an SSL certificate. I create it in /etc/ssl/private/, therefore I create that directory first:
mkdir -p /etc/ssl/private/
Afterwards, we can generate the SSL certificate as follows:
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Country Name (2 letter code) [XX]: <-- Enter your Country Name (e.g., "DE").
State or Province Name (full name) []: <-- Enter your State or Province Name.
Locality Name (eg, city) [Default City]: <-- Enter your City.
Organization Name (eg, company) [Default Company Ltd]: <-- Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []: <-- Enter your Organizational Unit Name (e.g. "IT Department").
Common Name (eg, your name or your server's hostname) []: <-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
Email Address []: <-- Enter your Email Address.
Change the permissions of the SSL certificate:
chmod 600 /etc/ssl/private/pure-ftpd.pem
Finally restart PureFTPd:
systemctl stop pure-ftpd.service
systemctl start pure-ftpd.service
That's it. You can now try to connect using your FTP client; however, you should configure your FTP client to use TLS.
