How to install and configure a FTP Server on CentOS

Leave a Comment
FTP or File Transfer Protocol is a mechanism that allows file transfer between a client and a server in a TCP/IP network. It's one of the well known transfer protocols that exists in today's networks so most applications and websites use FTP. When a client connects to a server, it will use port 21 (FTP control command). For each transfer request, a new connection will be created on port 20 (FTP data transfer). The communication can be made in two ways:
  •    Active - the client opens the port and sends the connection parameters. The Server will then try to connect to the client using the specified config.
  •    Passive - the server opens up the port and sends the communication configuration to the client. The client will then establish a connection with the server.
The file transfer is made between two entities:
  • FTP Server - an application which implements FTP and allows controlled access to its file system. The authentication can be done either anonymous or by using a combination of username and password. We will see that there are multiple ways of authenticating to a FTP server.
  • FTP Clients - an application which connects to the FTP Server and executes commands. With a FTP client you can download/upload files and assign/modify permissions on the files. Note that you will need access to a resource before you can interact with it. 
In today's article we'll install and configure Pureftpd, one of the well known FTP servers available on Linux distributions. This application offers several features that can be implemented on your FTP server:
  • supports both SSL and TLS
  • authentication can be done using several back-end technologies - LDAP, MYSQL, local files, etc.
  • supports virtual servers and chroot (place users in their own directory)
  • limit the number of bandwidth for download/upload and limit the number of connections
There may be other features but these came to my mind at this point.
You can download pureftpd from here or you can download it from Fedora repository. Once you've got the packet, you'll need to install postgresql-libs because there is a dependency with one of its libraries:
Linux FTP Server

Execute rpm -ivh pure-ftpd-1.0.30-1.el6.x86_64 within the packet's location to install the FTP server:
FTP Server

Change the working location to your FTP server directory by typing cd /etc/pure-ftpd. Open pure-ftpd.conf using vim (the configuration file for the FTP server) because we'll need to add several options to the configuration file.:

General Options
DontResolve yes - will consume less bandwidth by not resolving host names
VerboseLog yes - detailed logging
Daemonize yes - starts the FTP server in background
CreateHomeDir yes - automatically creates home directories for users if there aren't any
UnixAuthentication yes - allows authentication using local System user accounts
LimitRecursion 5000 10 - maximum files to be displayed and maximum subdirectories depth

Security Options
ProhibitDotFilesWrite yes - clients are not allowed to write dot files
ProhibitDotFilesRead yes - clients are not allowed to read dot files
DisplayDotFiles no - does not display dot files
Umask 133:022 - permission mask for new created files
MaxIdleTime 15 - idle time before a connection is closed
MaxClientsNumber 50 - maximum clients that can access files at the same time
MaxClientsPerIP 8 - maximum clients that can connect from one IP address
MaxDiskUsage 70 - maximum Disk usage of the FTP server
ChrootEveryone - cages users in their home directory
AnonymousOnly no - does not allow authenticated users
NoAnonymous yes - disable anonymous authentication
AnonumousCanCreateDirs no - does not allow folder creation by anonymous users
AnonumousCantUpload yes - anonymous users cannot upload files

Save the configuration file and try adding a local user account using useradd command and then set a custom password for this account using passwd:
FTP user

Start the service by typing /etc/init.d/pure-ftpd start
Linux start FTP service

Now you should be able to connect using a browser to your ftp server with the newly created username. The home directory of the user will be created automatically. I've also added a sample folder just to see if the settings were correctly configured:
FTP Server

That's it for this article folks, we'll discuss more about FTP server in a future article. Hope you've enjoyed it, wish you a great day!
Read More

Powershell script to check out gateway configuration of remote computers

Leave a Comment
Hey guys,
I had a small task today to check out the configured gateway for some servers part of my Active Directory Domain Services. The servers have two network interfaces (frontend/backend). I wanted to see if a specific IP is configured on one of the interfaces from any of the servers included within an OU, so I came out with the following script:

$computers = Get-ADComputer -SearchBase 'OU=Servers,DC=ppscu,DC=com' -Filter '*' | Select -Exp Name

foreach ($comp in $computers)
{

     $result = Invoke-Command -ComputerName $comp -ScriptBlock {
        $interfaces = Get-WmiObject Win32_NetworkAdapterConfiguration | ? { $_.IPEnabled }
        foreach ($int in $interfaces)
        {
            $cmp = ($env:computername)
            $gateway = $int.DefaultIPGateway
            $ipaddress = $int.IPAddress        
            if ($gateway -like "192.168.5.10")
            {
                Write-Host "$cmp has 192.168.5.10 gateway on $ipaddress" -BackgroundColor Red
            }
            else
            {
                Write-Host "$cmp does not have the specified gateway on $ipaddress, gateway is: $gateway " -BackgroundColor white -ForegroundColor Black
            }
   
        }
    } 
}



Read More

Deploying Windows Server 2012 DC using Powershell

Leave a Comment
Hey guys,
In this short article I want to show you how to install Windows Server 2012 Domain Controllers and Forests by using the new Powershell cmdlets provided with this Edition. Server 2012 introduced a lot of new features and it has introduced a new way to install and configure Domain Controllers. Installing a new machine using the interface it's still pretty intuitive so instead, I'll insist in showing you how to achieve this by using Powershell. Before we can use the new cmdlets to configure our DC, execute the following command to install AD Domain Services:
Install-windowsfeature -name AD-Domain-Services –IncludeManagementTools

To explore newly introduced cmdlets, type in the following:
Get-Command -Module ADDSDeployment
Powershell Domain Controller deployment

There are two situations that can occur when deploying a new Domain Controller:
  • Deploying a DC in a new Forest
Before we can go at the installation part, we'll need to make sure our new forest will pass the needed requirements. Use the Test-ADDSForestInstallation cmdlet to test the forest installation:

Test-ADDSForestInstallation -DomainName "ppscu.com" -NoRebootOnCompletion

Powershell create new Active Directory Forest

If the operation is completed successfully you can proceed further with the forest installation.
When adding the first Domain Controller to a new Forest, you will need to execute the following:

Install-ADDSForest
 -CreateDnsDelegation:$false `
 -DatabasePath "C:\Windows\NTDS" `
 -DomainMode "Win2012R2" `
 -DomainName "ppscu.com" `
 -DomainNetbiosName "ppscu.com" `
 -ForestMode "Win2012R2" `
 -InstallDns:$true `
 -LogPath "C:\Windows\NTDS" `
 -NoRebootOnCompletion:$false `
 -SysvolPath "C:\Windows\SYSVOL" `
 -Force:$true

You will be prompted to set a DSRM password for the specified forest. Note that the operation will take some time so be patience. The first Domain Controller within a Forest will also be a Global Catalog server.
  • Deploying a DC in an existing Domain
To test weather your forest supports adding the machine as a Domain Controller for your existing Farm, use the following cmdlet:
Test-ADDSDomainControllerInstallation -InstallDns -Credential (Get-Credential
PPSCU\Administrator) -DomainName "ppscu.com"

Once all tests have been completed successfully, execute the following command to add your new DC. Note that you'll have to change the parameters values according to your needs:

Import-Module ADDSDeployment
Install-ADDSDomainController '
-NoGlobalCatalog:$false '
-CreateDnsDelegation:$false '
-Credential (Get-Credential) '
-CriticalReplicationOnly:$false '
-DatabasePath "C:\Windows\NTDS" '
-DomainName "ppscu.com" '
-InstallDns:$true '
-LogPath "C:\Windows\NTDS" '
-NoRebootOnCompletion:$false '
-SiteName "ppscu.com" '
-SysvolPath "C:\Windows\SYSVOL" '
-Force:$true

To uninstall a DC from a domain, use the Test-ADDSDomainControllerUninstallation and Uninstall-ADDSDomainController cmdlets.
That's about it for this article folks, hope you will enjoy it. Have a great day!
Read More

Configuring NXlog with python

Leave a Comment
Hello folks,
I've finally started working with python for one of our new automatization systems, saltstack. I've been experimenting with saltstack recently so I don't have much experience in this technology. Anyway, I've created a script that allows you to configure a log aggregation server (such as Graylog or Flume) on your NXlog client. The script verifies if a hostname or IP address is already configured using a regex formula and if a configuration is not found, allows you to configure the server:

import re
import logging
import subprocess


logger = logging.getLogger(__name__)

def checkconf():
    k = 0
    file = 'C:\\Program Files (x86)\\nxlog\\conf\\nxlog.conf'
    f=open(file,"r")
    for line in f:
        if re.match("^\s*Host\s*([a-z]|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})", line):
            k = 1
    if k == 1:
        return True
    else:
        return False

def set(flumeip="127.0.0.1"):
    configfile = 'C:\\Program Files (x86)\\nxlog\\conf\\nxlog.conf'
    oldpattern = "Host "
    newpattern = "Host " + flumeip


    if checkconf() == True:
        logger.info("Nxlog configuration already found, skipping")
    else:
        f = open(configfile,'r')
        filedata = f.read()
        f.close()
        newdata = filedata.replace(oldpattern,newpattern)
        f = open(configfile,'w')
        f.write(newdata)
        f.close()
        subprocess.call('net stop "nxlog"')
        logger.info("NXlog service Stopped")
        subprocess.call('net start "nxlog"')
        logger.info("NXlog service Started")
        logger.info("IP configured for the NXlog client")
        return True

checkconf() function verifies if the server is already configured and returns either True or False if a match is found or not.
set() function checks the returned value of checkconf() and then either skips the configuration if a match is found or adds the IP/hostname and then restarts the NXlog service.
That's about all for this article, if you have any misunderstandings don't hesitate to post a comment in my dedicated section. 
Read More

Error when trying to install Windows Server 2012 on VirtualBox

Leave a Comment
I've discovered lately an error on VirtualBox when trying to install Windows Server 2012 on one virtual machine. It seems that VirtualBox encounters an error when trying to boot the OS from the image file. The error reported is "Your PC needs to restart, Please hold down the power button":
VirtualBox error

I've tried restarting both VirtualBox and my PC and the problem still persists. After searching a bit on the internet, I've found the solution by executing VBoxManage setextradata [vmname] VBoxInternal/CPUM/CMPXCHG16B 1 from Powershell. First, you will need to navigate to the location of the VBoxManage tool (C:\Program Files\Oracle\VirtualBox) and then execute the command above. Note that the vmname must be replaced with the actual name of the virtual machine:
Windows Server 2012 error

Now you should be able to successfully install Microsoft Windows Server 2012

Read More