Want to subscribe to topics you're interested in?
Become a Member

Beta Branch Centmin Mod .08 beta + pure-ftpd virtual FTP user support

Discussion in 'Beta release code' started by eva2000, Jan 19, 2015.

  1. AlekseY

    AlekseY Member

    47
    4
    8
    Feb 18, 2015
    Ratings:
    +7
    Local Time:
    3:57 AM
    In that case, I changed the key and certificate to the address /etc/ssl/private/pure-ftpd.pem
    nothing happens! FTP see the old certificate

    eva2000, you changed WITH_CERTFILE =/path ?

    I will answer himself, yes you have changed
    [ERROR] SSL/TLS [/etc/pki/pure-ftpd/pure-ftpd.pem]
     
    Last edited by a moderator: Apr 25, 2015
  2. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    10:57 AM
    Nginx 1.13.x
    MariaDB 5.5
    no just change /etc/ssl/private/pure-ftpd.pem did you restart pure-ftpd service ?
     
  3. AlekseY

    AlekseY Member

    47
    4
    8
    Feb 18, 2015
    Ratings:
    +7
    Local Time:
    3:57 AM
    yes, I restart pure-ftpd , but this is not the correct path. /etc/ssl/
    pure-ftpd takes the certificate file: /etc/pki/
     
  4. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    10:57 AM
    Nginx 1.13.x
    MariaDB 5.5
    not for CentOS it's configured for /etc/ssl/private/pure-ftpd.pem for Centmin Mod.

    edit: hmmm

    Code:
    ls -lah /etc/pki/pure-ftpd/pure-ftpd.pem
    -rw------- 1 root root 3.2K Apr  3 01:20 /etc/pki/pure-ftpd/pure-ftpd.pem
    
    ls -lah /etc/ssl/private/pure-ftpd.pem
    -rw------- 1 root root 1.9K Apr  3 01:21 /etc/ssl/private/pure-ftpd.pem
    edit2: indeed looks like /etc/pki/pure-ftpd/pure-ftpd.pem is used ! guess need to fix that

    thanks @AlekseY for catching the error - FIXED update inc/pureftpd.inc pure-ftpd.pem location · centminmod/centminmod@636fa07 · GitHub :D
     
    Last edited: Apr 26, 2015
    • Like Like x 2
  5. AlekseY

    AlekseY Member

    47
    4
    8
    Feb 18, 2015
    Ratings:
    +7
    Local Time:
    3:57 AM
    love me :D
     
  6. AlekseY

    AlekseY Member

    47
    4
    8
    Feb 18, 2015
    Ratings:
    +7
    Local Time:
    3:57 AM
    Good mac os client: Transmit
    But first it needs to be configured:
    [​IMG]
    Preferences > Advanced Server settings > check in "Use TLS v.1.2 encryption"

    that worked for the certificate:
    make a unified certificate from your certificate and the CA certificate.
    [​IMG]
    P.S. Just connect the root certificate with the purchased
     
    Last edited: Apr 27, 2015
    • Informative Informative x 1
  7. AlekseY

    AlekseY Member

    47
    4
    8
    Feb 18, 2015
    Ratings:
    +7
    Local Time:
    3:57 AM
    How to add the option ?
    pureftpd.inc -I do not know how to properly edit
    Show me please
     
  8. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    10:57 AM
    Nginx 1.13.x
    MariaDB 5.5
    that's only for source compiling pure-ftpd which is not available for Centmin Mod yum package installed pure-ftpd. I can't find any document reference to setting language in pure-ftpd.conf so far. Probably need to google more ;)

    edit: it might also work in pure-ftpd startup script on CentOS 6.6 that would be /etc/init.d/pure-ftpd but for CentOS 7. it uses systemd so would be at
    /etc/systemd/system/multi-user.target.wants/pure-ftpd.service
    Code:
    [Unit]
    Description=Pure-FTPd FTP server
    After=syslog.target network.target
    
    [Service]
    Type=forking
    PIDFile=/var/run/pure-ftpd.pid
    ExecStart=/usr/sbin/pure-config.pl /etc/pure-ftpd/pure-ftpd.conf --daemonize
    
    [Install]
    WantedBy=multi-user.target
    
    i wonder if this would work by changing this line from
    Code:
    ExecStart=/usr/sbin/pure-config.pl /etc/pure-ftpd/pure-ftpd.conf --daemonize
    to
    Code:
    ExecStart=/usr/sbin/pure-config.pl /etc/pure-ftpd/pure-ftpd.conf --daemonize --with-language=russian
    then restarting pure-ftpd service
     
    Last edited: Apr 27, 2015
  9. Jake

    Jake Member

    76
    10
    8
    Feb 3, 2015
    Ratings:
    +11
    Local Time:
    10:57 AM
    NA
    Maria DB 5.5
    Ive tried the steps to get pure ftpd to work on here but I am getting this error,

    Status: Connecting to 104.238.146.245:21...
    Status: Connection established, waiting for welcome message...
    Status: Initializing TLS...
    Status: Verifying certificate...
    Status: TLS connection established.
    Command: USER jake
    Response: 331 User jake OK. Password required
    Command: PASS ********
    Response: 530 Login authentication failed
    Error: Critical error: Could not connect to server
    Status: Connecting to 104.238.146.245:21...
    Status: Connection established, waiting for welcome message...
    Status: Initializing TLS...
    Status: Verifying certificate...
    Status: TLS connection established.
    Command: USER jake
    Response: 331 User jake OK. Password required
    Command: PASS *********
    Response: 530 Login authentication failed
    Error: Critical error: Could not connect to server
     
  10. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    10:57 AM
    Nginx 1.13.x
    MariaDB 5.5
    • Did you let the script generate a password for you or set your own ?
    • Did you make sure to enable explicit TLS/SSL mode and enable PASV passive mode like in 1st post here.
    • Which FTP client ? As not all FTP clients support FTP explicit TLS/SSL mode only clients listed at bottom of this post.
    From 1st post here, try the pure-pw commands to display pure-ftpd user details and change the user password. Also pure-pw manual is here and http://download.pureftpd.org/pub/pure-ftpd/doc/README.Virtual-Users

    list all pure-ftpd created virtual FTP users
    Code:
    pure-pw list
    Code:
    pure-pw list
    ftpuser             /usr/local/nginx/html/./                         
    ftpuser2            /usr/local/nginx/html/./                         
    ftpuser3            /usr/local/nginx/html/./                         
    ftpuser4            /home/nginx/domains/domain1.com/./               
    ftpuser6            /home/nginx/domains/sub.domain1.com/./             
    ftpuser5            /home/nginx/domains/domain2.com/./
    to delete virtual FTP user
    Code:
    pure-pw userdel FTPUSERNAME
    pure-pw mkdb
    change virtual FTP user's password
    Code:
    pure-pw passwd FTPUSERNAME
    pure-pw mkdb
    show full details for an specific pure-ftpd virtual FTP user
    Code:
    pure-pw show FTPUSERNAME
    password is encrypted

    Code:
    pure-pw show ftpuser5
    
    Login              : ftpuser5
    Password           : $1$msgfvdN0$51dhLdPGiCQpQEwtZ30kF1
    UID                : 500 (nginx)
    GID                : 500 (nginx)
    Directory          : /home/nginx/domains/domain2.com/./
    Full name          :
    Download bandwidth : 0 Kb (unlimited)
    Upload   bandwidth : 0 Kb (unlimited)
    Max files          : 0 (unlimited)
    Max size           : 0 Mb (unlimited)
    Ratio              : 0:0 (unlimited:unlimited)
    Allowed local  IPs :
    Denied  local  IPs :
    Allowed client IPs :
    Denied  client IPs :
    Time restrictions  : 0000-0000 (unlimited)
    Max sim sessions   : 0 (unlimited)
    I think you didn't enable PASV passive mode as i see port 21 actually being connected to, PASV will change that to a port listened to over TLS/SSL if enabled.
     
  11. Jake

    Jake Member

    76
    10
    8
    Feb 3, 2015
    Ratings:
    +11
    Local Time:
    10:57 AM
    NA
    Maria DB 5.5
    Hey there,
    Ya I followed all these, however, I am using filezilla. I selected PASV mode.
     
  12. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    10:57 AM
    Nginx 1.13.x
    MariaDB 5.5
    try changing the password via pure-pw command and see if that works

    and
    • Did you let the script generate a password for you or set your own ?
     
  13. Jake

    Jake Member

    76
    10
    8
    Feb 3, 2015
    Ratings:
    +11
    Local Time:
    10:57 AM
    NA
    Maria DB 5.5
    I try changing the password via pure pw command and I set my own
     
  14. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    10:57 AM
    Nginx 1.13.x
    MariaDB 5.5
    also restart pure-ftpd service

    what do you get for output of these 2 commands
    Code:
    service pure-ftpd status
    service pure-ftpd restart
     
  15. Jake

    Jake Member

    76
    10
    8
    Feb 3, 2015
    Ratings:
    +11
    Local Time:
    10:57 AM
    NA
    Maria DB 5.5
    Thanks for your response! I was able to get it working on file zilla. However, I am trying to get it to work via Jons "Install and Upgrade by Waindigo" addon and I get Sorry, cleartext sessions are not accepted on this server. How can you go around it? I am trying to make my upgrading process easier LOL
     
  16. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    10:57 AM
    Nginx 1.13.x
    MariaDB 5.5
    restarting pure-ftpd got it to work or changing passwords + restart ?

    install and upgrade AFAIK prompts for xenforo forum username/password ? not your own ftp ?

    edit: I see what you mean, I started a dedicated thread in Forums usage forum at Xenforo - Install and Upgrade by Waindigo Xenforo Addon - FTP Login Details | Centmin Mod Community so as to not get too off topic here.
     
    Last edited: May 3, 2015
  17. pamamolf

    pamamolf Well-Known Member

    2,670
    240
    63
    May 31, 2014
    Ratings:
    +425
    Local Time:
    3:57 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    Testing a bit more today the pureftp user i can see that the created user is locked to the folder but he can upload for example a php shell and browse everything in /home directory...

    Ok i know how to not allow php runing for this folder in Nginx but is there any other better way to really lock the user there?

    If not how can i allow only .jpg .png .gif files upload in Pureftpd?

    Thanks
     
    Last edited: Jul 18, 2015
  18. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    10:57 AM
    Nginx 1.13.x
    MariaDB 5.5
    yes that is correct, need to disable some php functions as per Getting Started Guide item 14. FAQ item 2 regarding not for shared hosting still applies.
    only way is full jailed/chroot accounts outlined here. But that isn't on the books until Centmin Mod feature set is properly stabilised as outlined here.
    no native support in Pure-FTPD but you can script something Pure-ftpd, a way to modify ftp configuration to limit file size? | Web Hosting Talk You'd be on your own for that.
     
  19. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    10:57 AM
    Nginx 1.13.x
    MariaDB 5.5

    Malware & Virus Scan FTP Uploaded Files



    One thing that Pure-FTPD users can do is configure automatic malware and virus scans on uploaded files done through Pure-FTPD. Be aware this may potentially increase your cpu and memory usage requirements - especially for large file uploads. To implement automatic malware and virus scanning on uploaded files via Pure-FTPD you need
    1. To install Linux Malware Detect (maldet) and ClamAV scanner via Centmin Mod maldet.sh addon which is available in Centmin Mod .08+ beta03 and higher addons/maldet.sh directory path. Details at Maldet - Linux Malware Detect Addon (discussion) | Centmin Mod Community
    2. Then on Centmin Mod .08+ beta03 and higher you should already have Pure-FTPD support.
    Once maldet.sh addon is installed and with running Pure-FTPD service, you enable pure-ftpd CallUploadScript support and setup the the called shell script clamscan.sh which is invoked each time a file is uploaded via Pure-FTPD virtual FTP user.

    Create a file named setup-callupload.sh and place in file the contents. This script properly sets up what is needed to enable CallUploadScript in pure-ftpd.conf, setup the clamscan.sh shell script which runs each time files are uploaded and runs the pure-uploadscript in background. Any infections are reported in /var/log/clamscan-pureftpd.log and normal uploads are logged in /var/log/pureftpd.log.
    Code:
    #!/bin/bash
    
    sed -i 's|^#CallUploadScript yes|CallUploadScript yes|g' /etc/pure-ftpd/pure-ftpd.conf
    
    cat >/etc/pure-ftpd/clamscan.sh<< EOF
    #!/bin/bash
    /usr/bin/clamdscan --remove --quiet --no-summary "\$1" --log=/var/log/clamscan-pureftpd.log
    EOF
    
    chmod +X /etc/pure-ftpd/clamscan.sh
    
    pure-uploadscript -B -r /etc/pure-ftpd/clamscan.sh
    
    echo "pure-uploadscript -B -r /etc/pure-ftpd/clamscan.sh" >> /etc/rc.local
    
    service pure-ftpd restart
    
    then chmod +x and run script
    Code:
    chmod +x setup-callupload.sh
    ./setup-callupload.sh
     
  20. BobbyWibowo

    BobbyWibowo Active Member

    166
    36
    28
    Jul 30, 2015
    Medan, Indonesia
    Ratings:
    +57
    Local Time:
    7:57 AM
    Hello, is there any way to disable explicit TLS/SSL requirements on the Pure-FTPd?