onurguven/vsftpd_virtual_config.sh

## vsftpd_virtual_config.sh
#!/bin/bash

#------------------------------------------------------------------------------------
# Install vsFTPd
#------------------------------------------------------------------------------------

yum install -y vsftpd libdb4-utils
systemctl enable vsftpd.service


#------------------------------------------------------------------------------------
# Initialize some variables
#------------------------------------------------------------------------------------
HOMEDIR=/var/www


#------------------------------------------------------------------------------------
# Add some presentation :)
#------------------------------------------------------------------------------------
clear;
echo '-------------------------------------------------------------------'
echo " vsftpd -> Virtual Users -> Configuration"
echo '-------------------------------------------------------------------'

# Check dependencies
PACKISMISSING=""
PACKDEPENDENCIES="vsftpd libdb4-utils"
for i in `echo $PACKDEPENDENCIES`; do
    /bin/rpm -q $i > /dev/null
    if [ "$?" != "0" ];then
        PACKISMISSING="$PACKISMISSING $i"
    fi
done
if [ "$PACKISMISSING" != "" ];then
    echo " ATTENTION: The following package(s) are needed by this script:"
    for i in `echo $PACKISMISSING`; do
        echo "             - $i"
    done
    echo '-------------------------------------------------------------------'
    exit;
fi

# Move into pki and create vsftpd certificate.
echo '-------------------------------------------------------------------'
echo ' Creating Vsftpd RSA certificate ...'
echo '-------------------------------------------------------------------'

cd /etc/vsftpd/
if [ -f vsftpd.pem ];then
    rm vsftpd.pem
fi
make vsftpd.pem
chmod 600 vsftpd.pem


#------------------------------------------------------------------------------------
# Configure vsFTPd data directory and user
#------------------------------------------------------------------------------------

mkdir -p /var/www
useradd -s /sbin/nologin -d /var/www vsftpd
chown -R vsftpd:vsftpd /var/www

#------------------------------------------------------------------------------------
# Configure vsFTPd (/etc/vsftpd/vsftpd.conf)
#------------------------------------------------------------------------------------

#
# Set up vsftpd configuration
#
echo ''
printf ' Setting up Vsftpd with TLS support ... '

cp /etc/vsftpd/vsftpd.conf{,.original}

sed -i "s/^.*anonymous_enable.*/anonymous_enable=NO/g" /etc/vsftpd/vsftpd.conf
sed -i "/^xferlog_std_format*a*/ s/^/#/" /etc/vsftpd/vsftpd.conf
sed -i "s/#idle_session_timeout=600/idle_session_timeout=900/" /etc/vsftpd/vsftpd.conf
sed -i "s/#nopriv_user=ftpsecure/nopriv_user=vsftpd/" /etc/vsftpd/vsftpd.conf
sed -i "/#chroot_list_enable=YES/i\chroot_local_user=YES" /etc/vsftpd/vsftpd.conf
sed -i 's/listen=NO/listen=YES/' /etc/vsftpd/vsftpd.conf
sed -i 's/listen_ipv6=YES/listen_ipv6=NO/' /etc/vsftpd/vsftpd.conf

echo 'allow_writeable_chroot=YES
guest_enable=YES
guest_username=vsftpd
user_sub_token=$USER
local_root=/var/www/$USER
virtual_use_local_privs=YES
user_config_dir=/etc/vsftpd/user_conf

###############################
# TLS Configuration
###############################
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/etc/vsftpd.pem' >> /etc/vsftpd/vsftpd.conf

systemctl start vsftpd.service

#create some files & directories
mkdir -p /etc/vsftpd/user_conf
cat /etc/passwd | cut -d ":" -f 1 | sort > /etc/vsftpd/denied_users;
chmod 644 /etc/vsftpd/denied_users
printf "Done.\n"


#------------------------------------------------------------------------------------
# Configure pam (/etc/pam.d/vsftpd)
#------------------------------------------------------------------------------------
echo ''
printf ' Setting up PAM ... '

cp /etc/pam.d/vsftpd{,.original}

echo '#%PAM-1.0
auth required pam_userdb.so db=/etc/vsftpd/password crypt=crypt
account required pam_userdb.so db=/etc/vsftpd/password crypt=crypt
session required pam_loginuid.so' > /etc/pam.d/vsftpd

#------------------------------------------------------------------------------------
# Configure firewalld
#------------------------------------------------------------------------------------

#
# Firewall
#
echo ''
echo ' Setting up Firewall ... '

yum install -y firewalld
systemctl start firewalld.service
systemctl enable firewalld.service
firewall-cmd --permanent --add-service=ftp
firewall-cmd --reload

#------------------------------------------------------------------------------------
# Configure selinux
#------------------------------------------------------------------------------------

setsebool -P ftpd_full_access 1

printf "Done.\n"
	#!/bin/bash

	#------------------------------------------------------------------------------------
	# Install vsFTPd
	#------------------------------------------------------------------------------------

	yum install -y vsftpd libdb4-utils
	systemctl enable vsftpd.service


	#------------------------------------------------------------------------------------
	# Initialize some variables
	#------------------------------------------------------------------------------------
	HOMEDIR=/var/www


	#------------------------------------------------------------------------------------
	# Add some presentation :)
	#------------------------------------------------------------------------------------
	clear;
	echo '-------------------------------------------------------------------'
	echo " vsftpd -> Virtual Users -> Configuration"
	echo '-------------------------------------------------------------------'

	# Check dependencies
	PACKISMISSING=""
	PACKDEPENDENCIES="vsftpd libdb4-utils"
	for i in `echo $PACKDEPENDENCIES`; do
	/bin/rpm -q $i > /dev/null
	if [ "$?" != "0" ];then
	PACKISMISSING="$PACKISMISSING $i"
	fi
	done
	if [ "$PACKISMISSING" != "" ];then
	echo " ATTENTION: The following package(s) are needed by this script:"
	for i in `echo $PACKISMISSING`; do
	echo " - $i"
	done
	echo '-------------------------------------------------------------------'
	exit;
	fi

	# Move into pki and create vsftpd certificate.
	echo '-------------------------------------------------------------------'
	echo ' Creating Vsftpd RSA certificate ...'
	echo '-------------------------------------------------------------------'

	cd /etc/vsftpd/
	if [ -f vsftpd.pem ];then
	rm vsftpd.pem
	fi
	make vsftpd.pem
	chmod 600 vsftpd.pem


	#------------------------------------------------------------------------------------
	# Configure vsFTPd data directory and user
	#------------------------------------------------------------------------------------

	mkdir -p /var/www
	useradd -s /sbin/nologin -d /var/www vsftpd
	chown -R vsftpd:vsftpd /var/www

	#------------------------------------------------------------------------------------
	# Configure vsFTPd (/etc/vsftpd/vsftpd.conf)
	#------------------------------------------------------------------------------------

	#
	# Set up vsftpd configuration
	#
	echo ''
	printf ' Setting up Vsftpd with TLS support ... '

	cp /etc/vsftpd/vsftpd.conf{,.original}

	sed -i "s/^.anonymous_enable./anonymous_enable=NO/g" /etc/vsftpd/vsftpd.conf
	sed -i "/^xferlog_std_formata/ s/^/#/" /etc/vsftpd/vsftpd.conf
	sed -i "s/#idle_session_timeout=600/idle_session_timeout=900/" /etc/vsftpd/vsftpd.conf
	sed -i "s/#nopriv_user=ftpsecure/nopriv_user=vsftpd/" /etc/vsftpd/vsftpd.conf
	sed -i "/#chroot_list_enable=YES/i\chroot_local_user=YES" /etc/vsftpd/vsftpd.conf
	sed -i 's/listen=NO/listen=YES/' /etc/vsftpd/vsftpd.conf
	sed -i 's/listen_ipv6=YES/listen_ipv6=NO/' /etc/vsftpd/vsftpd.conf

	echo 'allow_writeable_chroot=YES
	guest_enable=YES
	guest_username=vsftpd
	user_sub_token=$USER
	local_root=/var/www/$USER
	virtual_use_local_privs=YES
	user_config_dir=/etc/vsftpd/user_conf

	###############################
	# TLS Configuration
	###############################
	ssl_enable=YES
	allow_anon_ssl=NO
	force_local_data_ssl=YES
	force_local_logins_ssl=YES
	ssl_tlsv1=YES
	ssl_sslv2=YES
	ssl_sslv3=YES
	rsa_cert_file=/etc/vsftpd.pem' >> /etc/vsftpd/vsftpd.conf

	systemctl start vsftpd.service

	#create some files & directories
	mkdir -p /etc/vsftpd/user_conf
	cat /etc/passwd \| cut -d ":" -f 1 \| sort > /etc/vsftpd/denied_users;
	chmod 644 /etc/vsftpd/denied_users
	printf "Done.\n"


	#------------------------------------------------------------------------------------
	# Configure pam (/etc/pam.d/vsftpd)
	#------------------------------------------------------------------------------------
	echo ''
	printf ' Setting up PAM ... '

	cp /etc/pam.d/vsftpd{,.original}

	echo '#%PAM-1.0
	auth required pam_userdb.so db=/etc/vsftpd/password crypt=crypt
	account required pam_userdb.so db=/etc/vsftpd/password crypt=crypt
	session required pam_loginuid.so' > /etc/pam.d/vsftpd

	#------------------------------------------------------------------------------------
	# Configure firewalld
	#------------------------------------------------------------------------------------

	#
	# Firewall
	#
	echo ''
	echo ' Setting up Firewall ... '

	yum install -y firewalld
	systemctl start firewalld.service
	systemctl enable firewalld.service
	firewall-cmd --permanent --add-service=ftp
	firewall-cmd --reload

	#------------------------------------------------------------------------------------
	# Configure selinux
	#------------------------------------------------------------------------------------

	setsebool -P ftpd_full_access 1

	printf "Done.\n"