proftpd

*******************************************************************************
Instalar e Configurar o ProFTPD
Criado por: Alessandro C. M. Kuramoto
Data: 30/01/2009
Modificado em: 13/03/2010-20:16
v.20100313-2016
Palavras-chaves: ftp, proftpd
Por favor, matenham o nome do autor deste arquivo.
*******************************************************************************

http://memovirtual.worpress.com

## Atenção no site memovirtual:
## As opções passadas com – - (menos,menos) no site podem ter ficado
## com um — (travessão), assim use o “man” para confirmar a opção utilizada

###############################################################################
# Servidor:                                      #
###############################################################################

SO: Debian 4.0 Etch e 5.0 Lenny
Servidor: FTP
Serviço:  PROFTPD

|##########^ Servidor ########################################################|

###############################################################################
# Conceitos:
###############################################################################

|<<<<<<<<<<<<<< #### Conceitos ####

|##########^ Conceitos #######################################################|

###############################################################################
# Instalar o ProFTPd:                                  #
###############################################################################

## Primeiro
## Atualizar a lista de pacotes
apt-get update

## Instalar o ProFTPD:
apt-get install proftpd

|##########^ Instalar o ProFTPd ##############################################|

###############################################################################
# Arquivos de Configuração:
###############################################################################

### Debian: /etc/proftpd/proftpd.conf

|##########^ Arquivos de Configuração ########################################|

###############################################################################
# Configurando o ProFTPD:
###############################################################################

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Arquivos de Configuração:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

vim /etc/proftpd/proftpd.conf
_______________________________________________________________________________
SO: Debian 5.0 Lenny
Arquivo: /etc/proftpd/proftpd.conf (Permissões: -rwxr–r– 1 root root)
————————————————————————-

.
..
…
## Habilita (on) ou desabilita (off) o suporte ao IPv6
UseIPv6                         off

## Nome que aparecerá logo que o usuário digitar o comando
## ftp <ip_do_servidor>
#
ServerName                      “Sevidor de FTP da empresa XPTO”
# Exemplo da saída do cliente de ftp em modo texto:
# Connected to 192.168.84.130.
# 220 ProFTPD 1.3.0 Server (Sevidor de FTP da empresa XPTO) [192.168.84.130]
#

### Se o servidor irá rodar como um servidor standalone ou será iniciado
### pelo inetd ou xinetd:
ServerType                      standalone

## Para não mostrar as informações do servidor  coloque a TAG ServerIdent
## como off
#
ServerIdent                     off

## Termina a conexão em x segundos se não houver transferência
TimeoutNoTransfer               600

## Porta usada pelo FTP
#
Port                            21

# Use this to jail all users in their homes
## Limita o acesso do usuário que logar ao diretório “home” dele
DefaultRoot ~ # chroot Jail support

## Mostra o log de transferência de arquivos
#
TransferLog /var/log/proftpd/xferlog

|———-^ Arquivo: /etc/proftpd/proftpd.conf ——————————|

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

|##########^ Configurando o ProFTPD ##########################################|

###############################################################################
# Iniciar, Parar e Reiniciar o Serviço de FTP:
###############################################################################

## Para reiniciar o serviço digite
invoke-rc.d proftpd restart
ou
/etc/init.d/proftpd restart

|##########^ Iniciar, Parar e Reiniciar o Serviço de FTP #####################|

###############################################################################
# Comandos do ProFTPD:
###############################################################################

## Mostra a versão do ProFTPD
proftpd -v

|##########^ Comandos do ProFTPD #############################################|

###############################################################################
# Comandos FTP no Cliente: (Cliente de FTP)
###############################################################################
>Cliente de FTP
>FTP Client

===============================================================================
Cliente de FTP no Modo Texto do Linux:
===============================================================================

# Mostra os comandos possíveis:
ftp> ?

# Mostra a ajuda:
ftp> help

# Use o caracter ! (exclamação) para rodar o comando na estação local
# Exemplo para listar o conteúdo de um diretório na máquina onde você está:
!ls

# Altera entre o modo ativo e passivo:
ftp> passive

# Mostra o diretório de trabalho corrente
ftp> pwd

# Muda de diretório
ftp> cd

# Fecha a conexão com o servidor de FTP
ftp> close

# Recebe o arquivo.txt do servidor
ftp> get arquivo.txt

# Lista o conteúdo do diretório
ftp> ls

# Cria um diretório no servidor de FTP:
mkdir

|<<<<<<<<<<<<<< #### Comandos FTP no Cliente: (Cliente de FTP) ####
|<<<<<<<<<<<<<< ==== Cliente de FTP no Modo Texto do Linux ====

# Abre conexão com um servidor
ftp> open

#
ftp> mget

# Para transferir os dados no modo binário:
ftp> binary

# Para apagar um arquivo:
ftp> delete arquivo.txt

# Para apagar um diretório:
rmdir

# Termina a sessão FTP:
ftp> quit
ftp> exit

|==========^ Cliente de FTP no Modo Texto do Linux ===========================|

|##########^ Comandos FTP no Cliente: (Cliente de FTP) #######################|

###############################################################################
# Troubleshooting
###############################################################################
>Troubleshooting

——————————————————————————-
### Erros conhecidos:
## Questão/ Problema: (Question/Issue)

Aparece seguinte mensagem de erro:

500 Illegal PORT command
ftp: bind: Address already in use

## Sintoma: (Symptoms)

O cliente de FTP atrás de um firewall ao executar o comando “ls” em
um servidor de FTP mostra a seguinte mensagem:

500 Illegal PORT command
ftp: bind: Address already in use

## Causa: (Cause)

O cliente de FTP pode estar rodando no modo ativo, o qual o firewall
não deixa passar as conexões.

## Solução: (Solution)

- Habilitar o modo passivo, no cliente de FTP do linux pode-se usar
o comando passive para alternar entre modo ativo e passivo;

|—————————————————————————–|

|<<<<<<<<<<<<<< #### Troubleshooting ####

——————————————————————————-
### Erros conhecidos:
## Questão/ Problema: (Question/Issue)

A estação de trabalho está na mesma rede do servidor de FTP, porém
ao tentar executar algum comando aparece a mensagem:

“200 EPRT command successful”

porém não traz nada.

## Sintoma: (Symptoms)

Após executar o comando:

ftp> ls
200 EPRT command successful

O prompt do cliente fica travado.

Realizando um tcpdump no servidor de FTP aparece a seguinte
captura:

2010-03-13 16:44:44.407857 IP (tos 0×8, ttl 64, id 14438, offset 0, flags [DF], proto TCP (6), length 60) 10.10.10.134.20 > 10.7.3.212.38925: S, cksum 0x49e3 (correct), 4158300597:4158300597(0) win 5840 <mss 1460,sackOK,timestamp 6527443 0,nop,wscale 4>
0×0000:  4508 003c 3866 4000 4006 e6e6 0a07 0386  E..<8f@.@…….
0×0010:  0a07 03d4 0014 980d f7da a1b5 0000 0000  …………….
0×0020:  a002 16d0 49e3 0000 0204 05b4 0402 080a  ….I………..
0×0030:  0063 99d3 0000 0000 0103 0304            .c……….

2010-03-13 16:44:53.411872 IP (tos 0×8, ttl 64, id 14440, offset 0, flags [DF], proto TCP (6), length 60) 10.10.10.134.20 > 10.7.3.212.38925: S, cksum 0×4118 (correct), 4158300597:4158300597(0) win 5840 <mss 1460,sackOK,timestamp 6529694 0,nop,wscale 4>
0×0000:  4508 003c 3868 4000 4006 e6e4 0a07 0386  E..<8h@.@…….
0×0010:  0a07 03d4 0014 980d f7da a1b5 0000 0000  …………….
0×0020:  a002 16d0 4118 0000 0204 05b4 0402 080a  ….A………..
0×0030:  0063 a29e 0000 0000 0103 0304            .c……….

Ou seja, o servidor está tentando mandar um pacote SYN para o cliente.

Ao finalizar a conexão no cliente aparece a mensagem:

421 Service not available, user interrupt. Connection closed.

## Causa: (Cause)

No cliente estava rodando um serviço de Firewall, que não
permite que o servidor abra uma conexão de sua porta 20 (FTP-DATA)
em uma porta alta (>1024) no cliente.

## Solução: (Solution)

Ajustar o firewall do cliente ou desabilitá-lo temporariamente (Não
recomendado)

|—————————————————————————–|

|<<<<<<<<<<<<<< #### Troubleshooting ####

|##########^ Troubleshooting #################################################|

###############################################################################
# Referências:
###############################################################################

CLL – p. 383-384

http://www.dicas-l.com.br/dicas-l/20050219.php

Servidor ProFTPd seguro com TLS,SSL e MySQL:

http://www.dicas-l.com.br/dicas-l/20050912.php

Criptografando autênticação de FTP pelo OpenSSH:

http://www.dicas-l.com.br/dicas-l/20050401.php

http://www.vivaolinux.com.br/artigo/Configuracao-do-ProFTPd/?pagina=3

|##########^ Referências #####################################################|

###############################################################################
# Mais Coisas:                                      #
###############################################################################

## Veja: http://www.debian-administration.org/articles/31
## Uma outra forma de instalar o Apache com SSL
## Instalar o módulo de SSL do Apache
apt-get install libapache-mod-ssl

Dúvidas:

Como limitar os IPs que acessam o FTP?

Definir por usuário a permissão de write/read?

|##########^ Mais Coisas #####################################################|

###############################################################################
# Exemplos de Fluxos de Conexões FTP:
###############################################################################

===============================================================================
Conectando no Modo Passivo e Executando o Comando ls:
===============================================================================
(Fonte: http://www.wireshark.org/docs/dfref/f/ftp.html)
(FOnte: http://www.faqs.org/rfcs/rfc959.html)
Cliente envia:
Request command: PASV

Servidor Responde pela Conexão FTP:
227 Entering Passive Mode (10,7,3,134,194,173).\r\n
Response code: Entering Passive Mode (227) – (Fieldname ftp.response.code)
Response arg: Entering Passive Mode (10,7,3,134,194,173). – (Fieldname ftp.response.arg)
Passive IP address: 10.10.10.134 (10.10.10.134) – (Fieldname ftp.passive.ip)
Passive port: 49837 – (Fieldname ftp.passive.port)

Cliente Envia pela Conexão FTP:
Request command: LIST – (Fieldname ftp.request.command)

Servidor Responde pela Conexão FTP:
150 Opening ASCII mode data connection for file list\r\n – (Fieldname Text item)
Response code: File status okay; about to open data connection (150) – (Fieldname ftp.response.code)
Response arg: Opening ASCII mode data connection for file list – (Fieldname ftp.response.arg)

Servidor Responde pela Conexão FTP-DATA:
FTP Data: drwxr-xr-x   2 alessandro alessandro     4096 Mar 13 15:08 diretorio\r\n-rw-r–r–   1 alessandro alessandro        0 Mar 13 15:08 teste.txt\r\n
(Fieldname Text item)

|<<<<<<<<<<<<<< ==== Conectando no Modo Passivo e Executando o Comando ls ====
Servidor Responde pela Conexão FTP:
*226 Transfer complete\r\n – (Fieldname Text item)
- Response code: Closing data connection (226) – (Fieldname ftp.response.code)
- Response arg: Transfer complete – (Fieldname ftp.response.arg)

|==========^ Conectando no Modo Passivo e Executando o Comando ls ============|

|<<<<<<<<<<<<<< #### Exemplos de Fluxos de Conexões FTP ####

===============================================================================
Conectando no Modo Ativo e Executando o Comando ls:
===============================================================================
### Neste caso o cliente estava atrá de um firewall
## PS o IP “Nateado era outro 10.10.10.213:
Cliente Envia pela Conexão FTP:
*PORT 10,161,1,101,215,239\r\n
- Request command: PORT
- Request arg: 10,161,1,101,215,239
- Active IP address: 10.161.1.101 (10.161.1.101)
- Active port: 55279
- Active IP NAT: True

Servidor Responde pela Conexão FTP:
*500 Illegal PORT command\r\n
- Response code: Syntax error, command unrecognized (500)
- Response arg: Illegal PORT command

|<<<<<<<<<<<<<< ==== Conectando no Modo Ativo e Executando o Comando ls ====

#### Neste caso o cliente estava na mesma rede:
Cliente Envia pela Conexão FTP:
*EPRT |1|10.7.3.212|55126|\r\n
- Request command: EPRT
- Request arg: |1|10.7.3.212|55126|

Servidor Responde pela Conexão FTP:
*200 EPRT command successful\r\n
- Response code: Command okay (200)
- Response arg: EPRT command successful

Cliente Envia pela Conexão FTP:
*LIST\r\n
- Request command: LIST

Servidor Responde pela Conexão FTP:
*150 Opening ASCII mode data connection for file list\r\n
- Response code: File status okay; about to open data connection (150)
- Response arg: Opening ASCII mode data connection for file list

Servidor Responde pela Conexão FTP-DATA:
*FTP Data: drwxr-xr-x   2 alessandro alessandro     4096 Mar 13 15:08 diretorio\r\n-rw-r–r–   1 alessandro alessandro        0 Mar 13 15:08 teste.txt\r\n

Servidor Responde pela Conexão FTP:
*226 Transfer complete\r\n
- Response code: Closing data connection (226)
- Response arg: Transfer complete

|==========^ Conectando no Modo Ativo e Executando o Comando ls ============|

|<<<<<<<<<<<<<< #### Exemplos de Fluxos de Conexões FTP ####

|##########^ Exemplos de Fluxos de Conexões FTP ##############################|