H ow do I configure an NTP (Network Time Protocol) client or server under CentOS / RHEL / Fedora Linux to manage the system clock over a network? The Network Time Protocol (NTP) is used to synchronize a computer’s time with another reference time source. Under CentOS / RHEL you can use NTP or OpenNTPD server software. Install ssh client on CentOS 7/6. On CentOS Desktop or Server, whatever you have, we will install two part of the OpenSSH (an open source SSH tool); one will be OpenSSH client to access other systems using SSH and another one is OpenSSH server to run an SSH server daemon so that you can access your CentOS remotely.
DHCP (Dynamic Host Configuration Protocol) is a network protocol used for assigning IP address to network clients dynamically from a predefined IP pool. It is useful for LAN network, but not generally used for production servers. This article will help you for Configuring DHCP Server on CentOS, Red Hat System. Read more about dhcp here.
Install DHCP Package
First install DHCP packages using yum package manager on CentOS, Red Hat systems. DHCP rpms are available under base repositories, so we don’t need to add an extra repository.
Update /etc/sysconfig/dhcpd File
Firstly we need to set ethernet interface name as DHCPDARGS in /etc/sysconfig/dhcpd file. Edit this configuration file and update the ethernet name.
Configure DHCP Server
DHCP creates an empty configuration file /etc/dhcp/dhcpd.conf. Also it provides a sample configuration file at /usr/share/doc/dhcp*/dhcpd.conf.sample, which is very useful for configuring the DHCP server.
So as a first part, copy the content of sample configuration file to the main configuration file. Sample configuration file may be changed as perversion you have installed on your system.
3.1 – Parameter Configuration
First configure the basic options which is common to all supported networks.
3.2 – IP Subnet Declaration
First, edit DHCP configuration file and update subnet details as per your network. For this example we are configuring DHCP for 192.168.1.0/24 LAN network.
3.3 -Assign Static IP Address to Host
In some cases, we need to assign a fixed IP to an interface each time it requested from dhcp. We can also assign a fixed IP on basis of MAC address (hardware ethernet) of that interface. Setup host-name is optional to set up.
Start DHCP Service
After making all above changes, let’s start dhcp service using following commands as per your operating system version.
Similarly to stop and restart dhcp service use following commands.
Step 5: Setup Client System
At this stage we have a running dhcp server which is ready for accepting requests and assign them a proper ip. but to verify I have another CentOS machine running on same LAN. Now login to that client machine and edit Ethernet configuration file.
Make sure BOOTPROTO is set to dhcp.
Let’s restart network services on the client machine. You will get that dhcp server assigned an ip address from the defined subnet. If you have connected to client pc from remote login, Your session can be disconnected.
FTP (File Transfer Protocol) is a traditional and widely used standard tool for transferring files between a server and clients over a network, especially where no authentication is necessary (permits anonymous users to connect to a server). We must understand that FTP is unsecure by default, because it transmits user credentials and data without encryption.
In this guide, we will describe the steps to install, configure and secure a FTP server (VSFTPD stands for “Very Secure FTP Daemon“) in CentOS/RHEL 7 and Fedora distributions.
Note that all the commands in this guide will be run as root, in case you are not operating the server with the root account, use the sudo command to gain root privileges.
Step 1: Installing FTP Server
1. Installing vsftpd server is straight forward, just run the following command in the terminal.
2. After the installation completes, the service will be disabled at first, so we need to start it manually for the time being and enable it to start automatically from the next system boot as well:
3. Next, in order to allow access to FTP services from external systems, we have to open port 21, where the FTP daemons are listening as follows:
Step 2: Configuring FTP Server
4. Now we will move over to perform a few configurations to setup and secure our FTP server, let us start by making a backup of the original config file /etc/vsftpd/vsftpd.conf:
Next, open the config file above and set the following options with these corresponding values:
5. Now configure FTP to allow/deny FTP access to users based on the user list file
/etc/vsftpd.userlist
.By default, users listed in
userlist_file=/etc/vsftpd.userlist
are denied login access with userlist_deny option set to YES, if userlist_enable=YES.However, userlist_deny=NO alters the setting, meaning that only users explicitly listed in userlist_file=/etc/vsftpd.userlist will be permitted to login.
That’s not all, when users login to the FTP server, they are placed in a chroot’ed jail, this is the local root directory which will act as their home directory for the FTP session only.
Next, we will look at two possible scenarios of how to chroot FTP users to Home directories (local root) directory for FTP users, as explained below.
6. Now add these two following options to restrict FTP users to their Home directories.
chroot_local_user=YES means local users will be placed in a chroot jail, their home directory after login by default settings.
And also by default, vsftpd does not allow the chroot jail directory to be writable for security reasons, however, we can use the option allow_writeable_chroot=YES to override this setting.
Save the file and close it.
Securing FTP Server with SELinux
7. Now, let’s set the SELinux boolean below to allow FTP to read files in a user’s home directory. Note that this was initially done using the the command:
However, the
ftp_home_dir
directive has been disabled by default as explained in this bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1097775.Now we will use semanage command to set SELinux rule to allow FTP to read/write user’s home directory.
At this point, we have to restart vsftpd to effect all the changes we made so far above:
Step 4: Testing FTP Server
8. Now we will test FTP server by creating a FTP user with useradd command.
Afterwards, we have to add the user ravi to the file /etc/vsftpd.userlist using the echo command as follows:
9. Now it’s time to test if our settings above are working correctly. Let’s start by testing anonymous logins, we can see from the screen shot below that anonymous logins are not permitted:
10. Let’s also test if a user not listed in the file /etc/vsftpd.userlist will be granted permission to login, which is not the case as in the screen shot below:
FTP User Login Failed
11. Now do a final check if a user listed in the file /etc/vsftpd.userlist, is actually placed in his/her home directory after login:
Warning: Using allow_writeable_chroot=YES
has certain security implications, especially if the users have upload permission, or shell access.Only activate this option if you exactly know what you are doing. It’s important to note that these security implications arenot vsftpd specific, they apply to all FTP daemons which offer to put local users in chroot jails as well.
Therefore, we will look at a more secure way of setting a different non-writable local root directory in the next section.
Step 5: Configure Different FTP User Home Directories
12. Open the vsftpd configuration file again and start by commenting the unsecure option below:
Then create the alternative local root directory for the user (
ravi
, yours is probably different) and remove write permissions to all users to this directory:13. Next, create a directory under the local root where the user will store his/her files:
Then add/modify the following options in the vsftpd config file with these values:
Save the file and close it. Once again, let’s restart the service with the new settings:
14. Now do a final test again and see that the users local root directory is the FTP directory we created in his home directory.
FTP User Home Directory Login Successful
That’s it! In this article, we described how to install, configure as well as secure a FTP server in CentOS 7, use the comment section below to write back to us concerning this guide/share any useful information about this topic.
Suggested Read:Install ProFTPD Server on RHEL/CentOS 7
In the next article, we will also show you how to secure an FTP server using SSL/TLS connections in CentOS 7, until then, stay connected to TecMint.
Share