Last active
August 29, 2015 14:26
-
-
Save Kirens/bfc1b0fcbea8d5c93504 to your computer and use it in GitHub Desktop.
FTPS for debian wheezy on raspberry pi
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
#automation of vsftpd installation as instructed by Justin Ellingwood @ DigitalOcean | |
#https://www.digitalocean.com/community/tutorials/how-to-configure-vsftpd-to-use-ssl-tls-on-an-ubuntu-vps | |
function pwd_prompt { | |
[ -z "$1" ] && return 1 | |
local PWD1="1" | |
local PWD2="2" | |
while([ "$PWD1" != "$PWD2" ]) | |
do | |
read -r -s -p "Enter Password: " PWD1 | |
echo | |
read -r -s -p "Retype Password: " PWD2 | |
echo | |
[ "$PWD1" != "$PWD2" ] && echo "Passwords do not match, plese try again $PWD1 != $PWD2" | |
done | |
declare -g "$1"="$PWD1" | |
} | |
function add_option { | |
local CMD=$1 | |
local VALUE=$2 | |
local FILE=$3 | |
STRING_FOUND=$(grep -m 1 "^#\{0,1\}\s\{0,\}$CMD=" $FILE) | |
EXIT_CODE=$? | |
if [ $EXIT_CODE != 0 ] | |
then | |
printf "\n#Added by init script\n$CMD=$VALUE\n" >> $FILE | |
elif [ "$STRING_FOUND" == "$CMD=$VALUE" ] | |
then | |
return 0 | |
else | |
sed -i "/$STRING_FOUND/c\\$CMD=$VALUE" $FILE | |
fi | |
grep -q "^$CMD=$VALUE" $FILE | |
EXIT_CODE=$? | |
if [ $EXIT_CODE != 0 ] | |
then | |
return 1 | |
else | |
return 0 | |
fi | |
} | |
function add_options { | |
local FILE | |
local i=2 | |
local FAILED=0 | |
local cmd | |
local val | |
while([ ! -z ${@:$i:1} ]) | |
do | |
cmd=${@:$i-1:1} | |
val=${@:$i:1} | |
if [ "$cmd" == "-F" ] | |
then | |
FILE="$val" | |
else | |
add_option "$cmd" "$val" $FILE | |
if [ $? == 0 ] | |
then | |
echo -e "Line written: \e[94m$cmd=$val\e[39m ($FILE)" | |
else | |
echo -e "\e[31mLine not written: \e[94m$cmd=$val\e[39m ($FILE)" | |
FAILED=1 | |
fi | |
fi | |
((i=i+2)) | |
done | |
if [ $FAILED == 1 ] | |
then | |
local VALID=0 | |
while([ $VALID == 0 ]) | |
do | |
read -p "Some options was not changed, proced anyway? [Y/N] " choice | |
case "$choice" in | |
y|Y ) VALID=1;; | |
n|N ) exit 1;; | |
# * ) echo "invalid";; | |
esac | |
done | |
fi | |
return $FAILED | |
} | |
#first parameter overrides default username | |
USER="ftpuser" | |
[ -z "$1" ] || USER="$1" | |
#install packages | |
apt-get install vsftpd | |
STATUS=$? | |
if [ $STATUS != 0 ] | |
then | |
echo -e "\e[31mInstallation error ($STATUS), aborting!" | |
exit 1 | |
fi | |
#stop deamon while changing stuffs | |
/etc/init.d/vsftpd stop | |
STATUS=$? | |
if [ $STATUS != 0 ] | |
then | |
echo -e "\e[31mCould not stop vsftp deamon ($STATUS), aborting!" | |
exit 1 | |
fi | |
#change conf-file | |
CONF_FILE=/etc/vsftpd.conf | |
add_options -F $CONF_FILE anonymous_enable NO local_enable YES write_enable YES chroot_local_user YES | |
#add user | |
useradd "$USER" | |
STATUS=$? | |
if [ $STATUS != 0 ] | |
then | |
echo -e "\e[31mCould not create user ($STATUS), aborting!" | |
exit 1 | |
fi | |
echo "An ftp-user, named $USER, will be created. Please select a password!" | |
pwd_prompt USR_PWD | |
echo "$USER:$USR_PWD" | chpasswd | |
STATUS=$? | |
if [ $STATUS != 0 ] | |
then | |
echo -e "\e[31mCould not set user password ($STATUS), aborting!" | |
exit 1 | |
fi | |
echo -e "\e[92mftp-user created successfully!" | |
#make sure folder was created | |
if [ ! -d "/home/$USER" ] | |
then | |
mkdir "/home/$USER" | |
fi | |
#setup and give access to user folder | |
chown root:root "/home/$USER" | |
mkdir "/home/$USER/uploads" | |
chown "$USER:$USER" "/home/$USER/uploads" | |
#we want it all secure! | |
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem | |
#change more settings | |
add_options -F $CONF_FILE rsa_cert_file /etc/ssl/private/vsftpd.pem rsa_private_key_file /etc/ssl/private/vsftpd.pem \ | |
ssl_enable YES allow_anon_ssl NO allow_anon_ssl YES force_local_logins_ssl YES ssl_tlsv1 YES ssl_sslv2 NO \ | |
ssl_sslv3 NO require_ssl_reuse NO ssl_ciphers HIGH | |
#restart with config and all done (YAY!) | |
service vsftpd restart | |
STATUS=$? | |
if [ $STATUS != 0 ] | |
then | |
echo -e "\e[31mCould not restart vsftp deamon ($STATUS), aborting!" | |
exit 1 | |
fi | |
echo -e "\e[92mInstallation done!" | |
netstat -npl | grep :21 | |
ifconfig eth0| grep 'inet addr:' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment