Chapter 9. Class #9 - HTTP & FTP

Table of Contents

Intro to FTP
Installing FTP
FTP Configuration
FTP as a Service
Securing FTP
Additional Notes & Considerations for FTP
Intro to HTTP
Installing HTTP
HTTP Configuration
HTTP as a Service
Commands to Manipulate HTTP
Securing HTTP
Additional Notes & Considerations for HTTP
Reference Material for this Chapter

FTP & HTTP - two of the oldest and most popular protocols in use on the Internet today. This material could well be considered the heart of the course. The two modules below will draw upon several aspects of the course we have covered previously, namely user configuration and file system configuration and manipulation.

Intro to FTP

vsftpd, which stands for Very Secure File Transfer Protocol Daemon, is Red Hat's preferred FTP daemon. The "Very Secure" descriptor refers to the daemon, not to the protocol. When FTP is operated in non-secure mode, it sends user names and passwords in clear text. This fact has given "out of the box" FTP a "use at your own risk" reputation. We will cover a simple installation with a default configuration, as well as securely configuring anonymous access.

Installing FTP

There is only one package required to install FTP, vsftpd. It can be installed with the command `yum -y install vsftpd`.

FTP Configuration

The main configuration files for vsftpd are contained in '/etc/vsftpd'. In that directory, the file vsftpd.conf controls which features of the daemon are enabled over and above the compiled-in defaults. In the default configuration, anonymous downloads are allowed from the directory '/pub', as shown to the client. This directory is found at '/var/ftp/pub' in the file system. System users are able to login by username and password and access their home directories with read/write permissions. No anonymous uploads are permitted by default.

FTP as a Service

The FTP service, vsftpd, is manipulated with the typical "right hand - left hand" approach that we've used throughout the course for other services: `service vsftpd start` & `chkconfig vsftpd on`.

Securing FTP

Find SELinux Filesystem contexts that might affect FTP with the command `semanage fcontext -l | grep "ftp"`. Find SELinux port contexts that might affect FTP with the command `semanage port -l | grep "ftp"`. Find SELinux booleans that might affect FTP with the command `semanage boolean -l | grep ftp`. By default, FTP runs on port 21. That port will need to be opened in the firewall in order for FTP to pass traffic properly. Additional modules may need to be loaded into the firewall. See the section called "Create a Secure "Drop-box" for Anonymous FTP Upload" for details. Depending on how FTP is configured to operate, there may be additional directives in '/etc/vsftpd/vsftpd.conf' that need to be altered.

Additional Notes & Considerations for FTP

Refer to the appropriate man pages with the following commands: `man vsftpd.conf` & `man vsftpd_selinux`. In order to understand how FTP works with the filesystem, see the section called "Create a Secure "Drop-box" for Anonymous FTP Upload" exercise.