HOWTO : Pure-ftpd and atftpd on Back|Track 5

You may use FTP and/or atftpd services on Back|Track 5. The following tutorial is showing you how to set it up on Back|Track 5.



PART I - PURE-FTPD



Step 1 :



apt-get install pure-ftpd



Step 2 :



cd /etc/pure-ftpd/conf/



echo ,21 > Bind



Step 3 (Optional) :



If you are behind NAT, you should set the following. The IP of your machine is suppose to be 192.168.1.1 and the passive ports are between 5000 and 5600.



echo 192.168.1.1 > ForcePassiveIP

echo 5000 5600 > PassivePortRange




Step 4 (Optional) :



The following settings are for security only. It is optional :



echo yes > ChrootEveryone

echo yes > ProhibitDotFilesRead

echo yes > ProhibitDotFilesWrite

echo yes > NoChmod

echo yes > BrokenClientsCompatibility




Step 5 :



The following settings are for preventing abuse :



echo 4 > MaxClientsPerIP

echo 20 > MaxClientsNumber




Step 6 :



To use PureDB authentication :



echo no > PAMAuthentication

echo no > UnixAuthentication

echo /etc/pure-ftpd/pureftpd.pdb > PureDB

ln -s /etc/pure-ftpd/conf/PureDB /etc/pure-ftpd/auth/50pure




Step 7 :



groupadd -g 2001 ftpgroup

useradd -u 2001 -s /bin/false -d /bin/null -c "pureftpd user" -g ftpgroup ftpuser




Step 8 :



Create a virtual user - samiux :



pure-pw useradd samiux -u ftpuser -d /ftphome/



pure-pw mkdb



*** "pure-pw mkdb" should be issued when a new user is added.



*** Make sure you have a directory /ftphome.



Step 9 :



Add TLS/SSL support and generate a private certificate :



cd /etc/pure-ftpd/conf/

echo 1 > TLS

openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem



chmod 600 /etc/ssl/private/pure-ftpd.pem




Restart the pure-ftpd (or reboot your system) :



/etc/init.d/pure-ftpd restart



Remarks :



I encounter a problem when login to the pure-ftp as invalid username and password. I reboot the system and the problem gone.



PART II - ATFTPD



Step a :



cp /etc/default/atftpd /etc/default/atftpd-old



nano /etc/default/atftpd




Step b :



Change the content as is :



USE_INETD=false

OPTIONS="--tftpd-timeout 300 --retry-timeout 5 --maxthread 100 --verbose=5 --daemon --port 69 /tftpboot"




Step c :



/etc/init.d/atftpd restart



*** Make sure you have a directory /tftpboot.



That's all! See you.