DSM-G600, DNS-3xx and NSA-220 Hack Forum

hectorg · 2009-01-26 05:30:12

I set up vsftpd and installed it but I can't figure out how to start it. There really no documentation for it as far as I can tell. If I go to sbin and I try to run it it tells me to run it from inetd but honestly I am not sure how to do that, and my searches on multiple forums lead me back here.

Anyway, In the man pages it says
It is activated by setting listen=YES in /etc/vsftpd.conf.
Direct execution of the vsftpd binary will then launch the FTP service
ready for immediate client connections.

so I did

I went to /ffp/sbin
ran vsftpd

then I get this
"500 OOPS: vsftpd: not configured for standalone, must be started from inetd"

I think I am doing it correctly but obviously I am not.

Ultimately I would like to set it up to run automatically whenever the box is restarted so I guess thats where the initd thing comes in.

Any suggestions?

A Little history
I am not sure if this is the best way to go. I have a DNS-321 with the pureftpd installed on the box from factory, but they don't allow you to change the configs. Every time I reboot the ftp after changing the config for the pure ftp it restores to the original somehow on both shutdown and startup of the ftp server. so this is why I am trying the vsftps. I also have some previous experience with vsftpd on a linux box but there i am able to start it from the /etc/init.d/vsftpd start command the init.d I guess is the same as the initd on ffp...

I want to enable passive mode ftp so that I can access ftp from the web securely "with some sort of ssl or ssh" but lets start unsecurely at first.

Last edited by hectorg (2009-01-26 05:36:17)

fonz · 2009-01-26 10:16:40

Have you tried specifying the config file on the command line? vsftpd /path/to/vsftpd.conf

hectorg · 2009-01-26 14:09:28

ok I tried that and it just hangs which I believe tells me there is a problem with my config so I will look into that when I get home from work today. I have the same example vsftpd.conf that came with the install except I put the listen=yes shouldn't that work and just be open for anonymous connections by default?

fonz · 2009-01-26 14:34:29

hectorg wrote:
ok I tried that and it just hangs

I think you need to send it into the background yourself.

Code:

vsftpd /ffp/etc/vsftpd.conf >/dev/null 2>&1 </dev/null &

Here's a config I tested:

Code:

listen=yes
local_enable=yes
ftp_username=nobody
xferlog_enable=yes
vsftpd_log_file=/ffp/var/log/vsftpd.log
secure_chroot_dir=/ffp/var/empty

Note that you need to create the secure_chroot_dir manually:

Code:

mkdir -p /ffp/var/empty

hectorg · 2009-01-27 02:26:27

ok I got it to work with all your help and it seems I just need to beef up the config to get it to do what I want.

Thanks a million..

By any chance is there a way to make this startup automatically when the box reboots?

I tried making a startup sh script

Code:

#!/ffp/bin/sh

# PROVIDE: vsftpd
# REQUIRE: LOGIN

. /ffp/etc/ffp.subr

name="vsftpd"
command="/ffp/sbin/vsftpd"
vsftpd_flags="/ffp/etc/vsftpd.conf >/dev/null 2>&1 </dev/null &"
required_files="/ffp/etc/vsftpd.conf"

run_rc_command "$1"

but I get

Starting /ffp/sbin/vsftpd /ffp/etc/vsftpd.conf >/dev/null 2>&1 </dev/null &
500 OOPS: vsftpd: too many arguments (I take an optional config file only)

If I remove the >/dev/null 2>&1 </dev/null &
It works but again hangs (it doesnt go to the backgroud)

Last edited by hectorg (2009-01-27 17:39:08)

fonz · 2009-01-27 09:23:01

hectorg wrote:
It works but again hangs (it doesnt go to the backgroud)

Yes, it's a little difficult. Try creating a custom start command like this:

Code:

..
start_cmd="vsftpd_start"

vsftpd_start()
{
  proc_start_bg "$command"
}

...

For more examples, see start/sshd.sh or start/syslogd.sh (they use proc_start, but not proc_start_bg).

hectorg · 2009-01-27 17:37:15

I cant try it now but is this what It is supposed to look like?

Code:

#!/ffp/bin/sh

# PROVIDE: vsftpd
# REQUIRE: LOGIN

. /ffp/etc/ffp.subr

name="vsftpd"
command="/ffp/sbin/vsftpd"
vsftpd_flags="/ffp/etc/vsftpd.conf >/dev/null 2>&1 </dev/null &"
required_files="/ffp/etc/vsftpd.conf"
start_cmd="vsftpd_start"

vsftpd_start()
{
  proc_start_bg "$command"
}

I feel there is something missing here. Isnt the $command just using "/ffp/sbin/vsftpd"

Last edited by hectorg (2009-01-27 17:41:03)

fonz · 2009-01-27 17:46:16

proc_start_bg will find $vsftpd_flags

remove the >/dev/null 2>/dev/null & from the flags, that's what the _bg is for.

but you're missing: run_rc_command "$1"

hectorg · 2009-01-27 18:11:40

ok this is what I have so far

Code:

#!/ffp/bin/sh

# PROVIDE: vsftpd
# REQUIRE: LOGIN

. /ffp/etc/ffp.subr

name="vsftpd"
command="/ffp/sbin/vsftpd"
vsftpd_flags="/ffp/etc/vsftpd.conf"
required_files="/ffp/etc/vsftpd.conf"
start_cmd="vsftpd_start"

vsftpd_start()
{
  proc_start_bg "$command"
}

run_rc_command "$1"

I guess that should work.

Is there any documentation on this ?

fonz · 2009-01-27 18:37:53

hectorg wrote:
Is there any documentation on this ?

Use the source, Luke.

hectorg · 2009-01-27 19:28:27

Hey fonz you are the man! It works like a charm! Thanks a million.

uyuni · 2009-02-03 17:24:14

Great work hectorg!
How about making a wiki page with your install procedure? Things can be pretty hard to find in the forum sometimes...

hectorg · 2009-02-04 06:50:34

No problem here you go hope it helps. I think I got it all but if you have any questions just ask and I will try to help as much as I can.

VSFTPD How TO

Last edited by hectorg (2009-03-16 13:00:07)

uyuni · 2009-02-04 22:48:44

Wow hectorg! What an elaborate page you made! Very impressive.
I actually used your instructions from the forum but this page, I'm sure will be very useful.

BTW, I don't think there is any need to reboot at the end. I didn't anyway.

I took another approach than the userlist that you are using - although I actually started using it - until I realized that I don't exactly know how strong the passwords of the system's users are. Therefore I wanted to only allow a select group of users access to the ftp server.

My scenario is this: A few persons need to share a ftp directory from the Internet.
For security reasons I don't like the userlist as it means that the connection is dropped right after you have provided the username. This can be used (although with a fairly time-comsuming brute force attack) to deduce the available usernames on the system. It is much better that the user (attacker) has to provide both username and password before the connection is cut. This way the attacker won't know whether the username or the password was incorrect and thus it expands the search space immensely.

This is why I have used an approach of a master config file which is very strict (empty local_root dir, no upload, no download, guest account, etc.) and then I have a user_conf dir with a config file per user that relaxes the strict permissions.

I probably should update the wiki page with the details.

hectorg · 2009-02-05 04:06:42

I never thought of that but I guess you are correct. Let me know when you put up the changes on the wiki and I will take a look at how it is implemented. Another thing I do is use a port that noone recognizes as an ftp port. Internally I am using regular port 21 but externally you could use something like 345678 and well that would be another thing an atacker would have to guess.

uyuni · 2009-02-05 12:31:04

I already updated the wiki. And yes, moving services away from the well-known ports tends to make your log files a whole lot shorter!

hectorg · 2009-02-06 00:05:18

great! Thanks!

mastervol · 2009-02-07 15:27:35

hectorg:
it works according to your instructions on the wiki

however i can't start vsftpd via your start script ..

i changed the path to the .conf in the script, but it still does not start
also i am interested in a stop/restart option, but there is not .pid file ;-)

Code:

#!/ffp/bin/sh
 
 # PROVIDE: vsftpd
 # REQUIRE: LOGIN
  
  . /ffp/etc/ffp.subr
   
   name="vsftpd"
#   command="/ffp/sbin/vsftpd"
command="/ffp/sbin/vsftpd"
   vsftpd_flags="/ffp/etc/vsftpd/vsftpd.conf >/dev/null 2>&1 </dev/null"
   required_files="/ffp/etc/vsftpd/vsftpd.conf"
   start_cmd="vsftpd_start"
    
    vsftpd_start()
    {
      proc_start_bg "$command"
      }

this command works:

vsftpd /ffp/etc/vsftpd/vsftpd.conf &

Last edited by mastervol (2009-02-07 15:28:05)

hectorg · 2009-02-07 23:50:08

your flags are incorrect I put up the wrong script.

I already updated the wiki

here is what your startup script vsftpd.sh should look like

Sorry about that. I was tired when I wrote it.

Code:

#!/ffp/bin/sh

# PROVIDE: vsftpd
# REQUIRE: LOGIN

. /ffp/etc/ffp.subr

name="vsftpd"
command="/ffp/sbin/vsftpd"
vsftpd_flags="/ffp/etc/vsftpd.conf"
required_files="/ffp/etc/vsftpd.conf"
start_cmd="vsftpd_start"

vsftpd_start()
{
  proc_start_bg "$command"
  }

  run_rc_command "$1"

Sorry about that. Let me know if that worked out for you.

Last edited by hectorg (2009-02-07 23:50:48)

dilettanti · 2009-03-06 05:34:56

I am having trouble getting vsftpd to run. I am a linux n00b and am sure it's a case of PEBKAC, but I'm still hoping someone here might help me.

I have followed the instructions on the howto to the letter. When I go to run vsftpd, using:

Code:

vsftpd /ffp/etc/vsftpd.conf >/dev/null 2>&1 </dev/null &

I get no errors and it returns to the command line prompt. But after any input at the prompt, I get an exit notice:

Code:

[1]+  Exit 1                  vsftpd /ffp/etc/vsftpd.conf > /dev/null 2>&1 < /dev/null

A check with ps or top shows no daemon running. Attempts to ftp in fail. I have verified that all of the relevant files exist. Anyone have any ideas? Your help is greatly appreciated.

Last edited by dilettanti (2009-03-06 05:36:59)

hectorg · 2009-03-07 05:17:17

you sure your config file is correct?

Post it here

I am not sure why you are getting errors. I have this same exact config to the T and it works. What box are you using? Mine is the DNS-321

That code above you stated just puts the job in the backgroud

Try to run that and then FTP without touching the terminal on the nas and see if you could get in. You wont be able to get in if it exits.

Did you put the job in startup? If is no need to start it manually if you rebooted after installing. otherwise I guess the code above is ok.

Another thing is the More Scure section was not added by me and honestly I havent tried it so I would remove anything that you did in that section and give it another try.

qryptiq · 2009-03-14 21:52:44

Thansk for the write up Hector,

Please help:

i can't install the package - i get error

"FATAL: /ffp not found in package"

what does this mean?

hectorg · 2009-03-15 18:59:27

do you have funplug installed? You need to have that before you can do anything...

qryptiq · 2009-03-16 02:39:51

i do have funplug installed... that is kinda the strange part? I have setup rsync to backup nightly and that seems ok (did a manual run which is still going).

The error states "ffp not found IN package" - i don't get it - unless the package is corrupted. So i went ahead and tried older packages - came up with the same message...

hectorg · 2009-03-16 03:49:30

what step are you by when it gives you that error?

DSM-G600, DNS-3xx and NSA-220 Hack Forum

Announcement

#1 2009-01-26 05:30:12

vsftpd help installed but dont know how to start it

#2 2009-01-26 10:16:40

Re: vsftpd help installed but dont know how to start it

#3 2009-01-26 14:09:28

Re: vsftpd help installed but dont know how to start it

#4 2009-01-26 14:34:29

Re: vsftpd help installed but dont know how to start it

hectorg wrote:

Code:

Code:

Code:

#5 2009-01-27 02:26:27

Re: vsftpd help installed but dont know how to start it

Code:

#6 2009-01-27 09:23:01

Re: vsftpd help installed but dont know how to start it

hectorg wrote:

Code:

#7 2009-01-27 17:37:15

Re: vsftpd help installed but dont know how to start it

Code:

#8 2009-01-27 17:46:16

Re: vsftpd help installed but dont know how to start it

#9 2009-01-27 18:11:40

Re: vsftpd help installed but dont know how to start it

Code:

#10 2009-01-27 18:37:53

Re: vsftpd help installed but dont know how to start it

hectorg wrote:

#11 2009-01-27 19:28:27

Re: vsftpd help installed but dont know how to start it

#12 2009-02-03 17:24:14

Re: vsftpd help installed but dont know how to start it

#13 2009-02-04 06:50:34

Re: vsftpd help installed but dont know how to start it

#14 2009-02-04 22:48:44

Re: vsftpd help installed but dont know how to start it

#15 2009-02-05 04:06:42

Re: vsftpd help installed but dont know how to start it

#16 2009-02-05 12:31:04

Re: vsftpd help installed but dont know how to start it

#17 2009-02-06 00:05:18

Re: vsftpd help installed but dont know how to start it

#18 2009-02-07 15:27:35

Re: vsftpd help installed but dont know how to start it

Code:

#19 2009-02-07 23:50:08

Re: vsftpd help installed but dont know how to start it

Code:

#20 2009-03-06 05:34:56

Re: vsftpd help installed but dont know how to start it

Code:

Code:

#21 2009-03-07 05:17:17

Re: vsftpd help installed but dont know how to start it

#22 2009-03-14 21:52:44

Re: vsftpd help installed but dont know how to start it

#23 2009-03-15 18:59:27

Re: vsftpd help installed but dont know how to start it

#24 2009-03-16 02:39:51

Re: vsftpd help installed but dont know how to start it

#25 2009-03-16 03:49:30

Re: vsftpd help installed but dont know how to start it

Board footer