Here is a guide to compile PROFTP on a EC2 instance running AMI LINUX;
Environment:
- AWS EC2 T2micro (1GB RAM, 1VCPU)
- Operating System:
Amazon Linux 2
CPE OS Name: cpe:2.3:o:amazon:amazon_linux:2
Kernel: Linux 4.14.77-80.57.amzn2.x86_64
Architecture: x86-64
sudo su
mkdir /opt/SOURCES
Now we will download the lastest stable version of PROFTP; you can check the last available versions (we will take the 1.3.6 that is stable at this moment)
cd /opt/SOURCES
wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.6.tar.gz
tar -xvf proftpd-1.3.6.tar.gz
cd proftpd-1.3.6
Now we have the sources readi for compiling. Next we will install GCC for compilation
yum -y install gcc
When copiling sources we have the ability to choose what we want to compile (modules). We have PROFTPD base modules listed here and third party modules here. Each module page describe the options that we need to add at compile time to compile the desired module (most of them are compiled by default, so no configuration required for installing, but we can disable them)
From official available modules page we take look at mod_facts because is very important if we need to use commands as MLSD:
Short for MoDification TiMe, this command is used by the client to request the modification time of a file on the server. This command is defined formally in RFC 3659, and is a commonly implemented FTP command. Note that this command cannot be used to change the modification time of the file on the server; it only reports on the file's modification time. The MFMT command is used to change a file's modification time.
MLSD command allow us to list FTP files with precise informations about file timestamp (note that the LIST command by default omits the SECONDS from file timestamp, so we will have a timestamp of type HH:MM:00 where seconds are ALWAYS 00) This can be very bad when we need to synchronize a FTP and recover files changed after a given time
we can list configure options with:
./configure --help
prepare output directory:
mkdir /opt/proftpd-1.3.6
and start compiling the sources:
./configure --prefix=/opt/proftpd-1.3.6 --enable-openssl --enable-ctrls
make
make install
make take a parameter -j that tell the number of parallels workes to run. This can be nbOfCPUCores x 2.5. This will make the compilation much faster.
now if we check the output directory:
cd /opt/proftpd-1.3.6
ls
we have:
[root@ip-xxx-xxx-xxx-xx proftpd-1.3.6]# ls /opt/proftpd-1.3.6
bin etc include lib libexec sbin share var
to check compiled-in modules:
sbin/proftpd -l
and we will get as output:
Compiled-in modules:
mod_core.c
mod_xfer.c
mod_rlimit.c
mod_auth_unix.c
mod_auth_file.c
mod_auth.c
mod_ls.c
mod_log.c
mod_site.c
mod_delay.c
mod_facts.c
mod_ident.c
mod_cap.c
mod_ctrls.c
As we can see the mod_facts was compiled by default.
We can check the config file by running:
nano etc/proftpd.conf
That will look like below file (proftpd.conf file)
Create user and group and affect user to the group:
useradd proftpu -d / -s /bin/false
groupadd proftpg
usermod proftpu -g proftpg
Update proftpd.conf lines via nano etc/proftpd.conf
:
User proftpu
Group proftpg
If you don't want anonymous FTP logins comment out all <Anonymous ~ftp>
block.
Force users default root to theirs home directory by adding this to global configuration:
DefaultRoot ~
Enable mod_facts by adding this to global configuration:
<IfModule mod_facts.c>
FactsAdvertise on
</IfModule>
Create new user for your ftp server:
useradd vuta
passwd vuta
Create ftpusers file with nano etc/ftpusers
and put new user inside
vuta
nano /etc/init.d/proftpd
Add inside the content of below file (proftpd init.d service) Add permissions to run and reload systemctl:
chmod +x /etc/init.d/proftpd
systemctl daemon-reload
Now you can start your ftp server:
service proftpd start
Check if is running:
[proftpd-1.3.6]# ps aux | grep proftpd
proftpu 9302 0.0 0.2 18156 2356 ? Ss 16:41 0:00 proftpd: (accepting connections)
root 9334 0.0 0.1 119468 1032 pts/0 S+ 16:41 0:00 grep --color=auto proftpd