Preparing the Build enviroment

Install the CentOS development toolchain.

yum -y groupinstall 'Development Tools'

Install the MariaDB development files.

yum -y install mariadb-devel

Download the pure-ftpd source files and unpack the archive.

cd /usr/local/src
wget http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.36.tar.bz2
tar xvjpf pure-ftpd-1*.tar.bz2
cd pure-ftpd-1*

Run the configure command to prepare the build. To get a overview of all compile ptions, run 

./configure --help.
./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/usr/libexec --datadir=/usr/share --sysconfdir=/etc --sharedstatedir=/usr/com --localstatedir=/var --libdir=/usr/lib64 --includedir=/usr/include --infodir=/usr/share/info --mandir=/usr/share/man --with-mysql --with-virtualchroot --with-everything

and compile the pure-ftpd binary:

make
make install


Create config files and startscripts

First we create the start script. For this build I will use the start script from CentOS 6.5 which still works fine on CentOS 7.

nano /etc/init.d/pure-ftpd

#!/bin/bash
#
# Startup script for the pure-ftpd FTP Server  $Revision: 1.1 $
#
# chkconfig: - 85 15
# description: Pure-FTPd is an FTP server daemon based upon Troll-FTPd
# processname: pure-ftpd
# pidfile: /var/run/pure-ftpd.pid
# config: /etc/pure-ftpd/pure-ftpd.conf

# Source function library.
. /etc/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is configured.
# [ ${NETWORKING} = "no" ] && exit 0

RETVAL=0

prog="pure-ftpd"

# Path to the pure-ftp binaries.
fullpath=/usr/sbin/pure-ftpd
pureftpwho=/usr/sbin/pure-ftpwho
pure_config=/etc/pure-ftpd/pure-ftpd.conf
pure_launch_script=/usr/sbin/pure-config.pl


start() {
        echo -n $"Starting $prog: "
        daemon "$pure_launch_script $pure_config --daemonize > /dev/null"
        RETVAL=$?
        [ $RETVAL = 0 ] && touch /var/lock/subsys/pure-ftpd
        echo
}

stop() {
        echo -n $"Stopping $prog: "
        killproc pure-ftpd
        RETVAL=$?
        [ $RETVAL = 0 ] && rm -f /var/lock/subsys/pure-ftpd
        echo
}

# See how we were called.
case "$1" in
        start)
                start
                ;;
        stop)
                stop
                ;;
        restart)
                stop
                start
                ;;
        reload)
        echo -n $"Reloading $prog: "
                killproc pure-ftpd -HUP
                RETVAL=$?
                echo
                ;;
        condrestart)
                if [ -f /var/lock/subsys/pure-ftpd ] ; then
                        stop
                        # avoid race
                        sleep 3
                        start
                fi
                ;;
        status)
                status pure-ftpd
                RETVAL=$?
                if [ -f $pureftpwho ] && [ $RETVAL -eq 0 ] ; then
                        $pureftpwho
                fi
                ;;
        *)
                echo $"Usage: pure-ftpd {start|stop|restart|reload|condrestart|status}"
                RETVAL=1
esac
exit $RETVAL


chmod +x /etc/init.d/pure-ftpd
mkdir /etc/pure-ftpd/
cp configuration-file/pure-ftpd.conf /etc/pure-ftpd/pure-ftpd.conf 
cp configuration-file/pure-config.pl /usr/sbin/pure-config.pl
chmod 744 /etc/pure-ftpd/pure-ftpd.conf
chmod 755 /usr/sbin/pure-config.pl

Then create the system startup links and start PureFTPd:

chkconfig --levels 235 pure-ftpd on
systemctl start pure-ftpd.service

Now we configure PureFTPd to allow FTP and TLS sessions. FTP without TLS is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure.

OpenSSL is needed by TLS; to install OpenSSL, we simply run:

yum -y install openssl

Open /etc/pure-ftpd/pure-ftpd.conf...

vi /etc/pure-ftpd/pure-ftpd.conf

If you want to allow FTP and TLS sessions, set TLS to 1:

[...]
# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don't use SSL/TLS security mechanisms,
#     including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (--with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.

TLS                      1
[...]

In order to use TLS, we must create an SSL certificate. I create it in /etc/ssl/private/, therefore I create that directory first:

mkdir -p /etc/ssl/private/

Afterwards, we can generate the SSL certificate as follows:

openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

Country Name (2 letter code) [XX]: <-- Enter your Country Name (e.g., "DE").
State or Province Name (full name) []: 
<-- Enter your State or Province Name.
Locality Name (eg, city) [Default City]: 
<-- Enter your City.
Organization Name (eg, company) [Default Company Ltd]: 
<-- Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []: 
<-- Enter your Organizational Unit Name (e.g. "IT Department").
Common Name (eg, your name or your server's hostname) []: 
<-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
Email Address []: 
<-- Enter your Email Address.

Change the permissions of the SSL certificate:

chmod 600 /etc/ssl/private/pure-ftpd.pem

Finally restart PureFTPd:

systemctl stop pure-ftpd.service 
systemctl start pure-ftpd.service

That's it.

Was this answer helpful? 0 Users Found This Useful (0 Votes)