EX200 Red Hat Certified System Administrator RHCSA – Servers under Red Hat: HTTP, FTP, VNC Part 2

3. How to install and configure an FTP server part 1

Welcome all to this tutorial. Today we’re going to talk about FTP server, setting it up, configuring it and finally connecting to it and trying to actually download something from it. Anyway, first things first, we actually need to go ahead and download it. So we’re going to download the vs ftpd install vs ftpd. It’s already installed here if I’m not mistaken and there you go, it is right there, no big deal. I have it installed if you don’t. This is just going to be a bit of a longer process, that is all. No big deal there but it’s like 5 seconds more. So yeah, as I said, don’t worry about it.

Anyway, what we need to do now is if we want it to work we need to turn off Se Linux. Now Se Linux is something that I shall explain in far greater detail and we will deal with it soon enough. But for the time being I would like you to shut it off as it is a topic of its own and I don’t want to put it in the same tutorial as I put the FTP server in. So we will deal with that separately soon enough. For the time being, let’s just go ahead and disable it. Type in Vimtc Selinuxconfig, press Enter and you see here I have disabled it. So you have enforcing, you have permissive and you have disabled.

Now we will deal with this soon enough but for the time being I just want you to do this to be written like so like it is here it says SC Linux equals disabled. I do believe that by default it shall be enforcing. Doesn’t matter at all, just delete it and type in disabled. I’m going to go ahead and press Q to quit but you will need to type in WQ to write and quit. Anyway, now that that is done, we need to basically start the FTP server. And before we start it, let’s just go ahead and configure it because if we started and then configure it we would need to restart it in order for the new configuration to be applied.

So we’re not going to do that. We’re just going to go ahead and enter the configuration file straight away before it is running. But it might be running in the background now I’m too lazy to check it but then again it is of no consequence to us because as soon as we started or restart the new configuration file will be loaded. So etsy vsftpd Confessenter okay, so we have some interesting things here. Let’s just go to the top of the file and let’s take a look at a few of these parameters that are fully configurable. So here it says anonymous underline enable equals yes, there is an explanation above each and every pretty much more or less should I say above each of these values, but sometimes they don’t explain as much.

It says allows anonymous FTP and then there’s a warning beware allowed by default. If you comment this out, it doesn’t really tell you what it actually is. Well, anonymous underline enable enables anonymous logins enables anonymous logins enables anonymous users to access your FTP server so they can download whatever they wish, whoever they are.

There is no need to register. There is no need to create an account or anything of a kind, so anyone is able to download it anyway. We’re going to set that to yes because that’s what people need for the Red Hat Certified System Administrator exam. You need to be able to change this to yes to this configuration file and apply the changes. Doesn’t necessarily need to be there’s no guarantee that this particular part will be on the exam, but just saying what people have experienced before they had a configuration file and then they needed to enable anonymous logins, which is pretty simple. You just type in instead of no. You just type in yes. And the warning is very logical. So if this was yes, and if I placed a comment in front of it by default, it would still be yes.

So I need to say no if I do not wish to allow such activity. Anyway, let’s go down to this one. So this one sets the permissions for the users as the description above it says the default is zero 77. And you can says that you can change this to 00:22 used by most other Ftpds. So I’m just going to leave it. I’m perfectly content with that as this file has a good degree of paranoia in it. So it is relatively safe. Anyway, if you don’t know what this is, what these numbers represent, I suggest that you go back to some of the previous tutorials where I have talked about ch own and permissions for files and stuff of a kind.

And now we’re going to go down and take a look at this variable. It says an on upload enable equals yes, this is a well, let me put it like this. This is not the brightest of ideas at all. This is something you do not want to do at all. So it is commented out and by default it is off. Yes. So in addition to this, it says that you will need to create a directory writable by the FTP user. But really, this part here completely relevant to us because we are not going to allow anonymous upload. That’s definitely not a bright idea by any measures or by any standards. Okay, so let’s go further down below.

Messages given to remote okay, so messages given to remote users when they go into certain directory enable. Sure, why not? I guess we can leave it. Activate logging of uploads downloads. Definitely. Okay, so data port not too important for us at the moment. Format. There we go. So this is the line that I wanted to address. This is the place where the logs will be stored by default. If you would like to change this, just remove the comment line and then type in the new path. Here the one that is suitable for your needs. Honestly, VAR log seems like a perfect destination for logs going down below. Is there anything else that I find suitable for this stage of learning? Okay, so there’s this. Listen when Listen directive is enabled, runs and standalone, and listens on IPV Four sockets, and on IPV Four sockets alone, this directive cannot be used in conjunction with IPV Six directive.

So down below you have IPV six. But you might say, oh, well, we don’t really use IPV Six, and neither really do you. But you know what? It doesn’t matter. Because if you put yes for IPV Six, it means that it will listen on both IPV Four and IPV Six sockets. That’s why it’s set on yes here. Although not too many people will be able to take an advantage of that, as IPV Six is still very far from being alive in use general, although there are some IPS that are using it for some of their services. And down below, I have added these three lines. You won’t have them by default. I have added them as a part of troubleshooting because I’ve had a lot of problems with FTP, with the firewall.

I don’t know why. For a time it worked, and then the trouble began, but oh well, no big deal. I managed to resolve the issue. And we will I will show you what these are in the followup tutorial and why have I added them there, and they’re completely optional. If you encounter any problems, this will be a solution. If you don’t, fine, who cares? Then you don’t really need it. Another thing, now that we have configured this file, just go ahead. Oh, wait, as I say that I remember, I forgot. Well, a completely irrelevant detail, but a detail nevertheless.

Okay, so you have a login banner. So what would you like to say to your users when they log in? Everybody in their right mind will tell you not to have a banner, but as it can identify the service to an extent. But why not? I mean, this is a test environment. This is for learning purposes.

And in this environment you are free to bake whatever better you would like, more or less. However, in a production environment, sometimes they’re advised, sometimes they’re not. Most of the time they’re not. Anyway, let’s go ahead and type in a banner. Welcome. Guess which you like to know where you are. Good luck with that. And goodbye. And goodbye. Yes, there we go. So that will be our greetings banner for all who log in. So right, quit. Press enter we go. Let’s go ahead and clear the screen system CTL start enter. And there we go.

Even though I get nothing as a result of this command, there’s no output, meaning that all went smoothly. I like to check things myself and to be sure status? Excellent. It is running. Indeed. Let’s go ahead and clear the screen. So, one more thing that I will do here before we wrap this thing up, you will need to configure the firewall. Actually, we’re going to do that in default tutorial because I wanted to configure firewall in a bit of a different way this time. We’re going to impose some permanent changes just to slowly introduce you to that section. Had a really fast change of mind here. Anyway, I bid you farewell and we will continue in the follow-up tutorial with the server.

4. How to install and configure an FTP server part 2

Welcome back everybody to part two. And you can see that we are back in the same machine. So we are back in the Sentos. As we are using Sentos as a server and Red Hat machine as a client. This setup is pretty much the same on both machines. But if you want to do it on Red Hat, you will need to pay a good deal of extra money. So I figured I would encourage you to go onto the Sentiles machine where you can do it pretty much for free and just use the Red Hat as a client.

The setup procedure is exactly the same anyway. We have successfully set up our Vs FTP server and it’s up and running and we haven’t actually tried to connect to it or anything of a kind, we’ve just tampered with the configuration file. But one of the things that we will need to do is punch a hole in our firewall and we can use the following command for that. I do believe I have it here somewhere because I don’t really feel like typing in the longer commands here as they tend to mess things up. I tend to mess things up. This is one of my troubleshooting sessions, but I can type in here port 21.

So this command will permanently change your firewall settings and this will survive a restart. So I’m going to go ahead and say 21 and you can firewall D is not running. Oh, okay. Interesting. An interesting thing about Linux is that you can use your command line to completely turn the firewall off. This is done generally in enclosed environments for troubleshooting.

So if you’ve tried in a lot of options, you still can’t connect. There’s a problem, you turn the firewall off and see whether you can connect without the firewall. And if you can connect without the firewall, you know exactly where the problem is. However, on an exposed network somewhere, this is not exactly a valid option. Maybe if it’s for a very short period of time, or if you have closed external access to the server and then you are just messing around with it in such a way, we need to bring the firewall back up. So systemctart firewall. D there you go. And now let’s open up port 21, which is the port for which is one of the ports for FTP.

So anyway, we’ve punched a hole there. Let’s go ahead and clear the screen now and let’s go into Cdvar FTP public. Unless I have a file there high, I’m just going to go ahead and RMRF high I don’t really need it now. We will make another one. So let’s make another one which will be I kind of lack the imagination. We can make it the same as the old one, but I want to have a different content inside which I’ll be right m. Goodbye. Please keep that in mind. There you go. That is going to be the file on our FTP server containing these words, how much sense they make? Well, that’s questionable, but it is a file and it does contain something in it. If we cat out high, you can see that it actually does contain that file, does contain those letters, and the folder does contain that file.

The reason why I’m showing it to you is because we are about to go to the Red Hat machine, and from this point, we will pull the hi file and pull it into this machine. So how do we do that? Well, we can use Wget. I mean, W get is a perfectly legit way to download things from the net, or for download things via Http or via FTP, just type in Wget space FTP. This is one of the ways in which you can use to test out your FTP server. And not the best one. So, 1921-6812, by the way, this IP address is the IP address of my machine. Over here, the sentos if config. And there you go. You can see that this is its LAN address.

And since we are all in LAN, I’m using that one high. I would like to get this file. I couldn’t connect no route to host. Okay, you see, this is what I was talking about. You can encounter these problems and then you get some crazy port number down here, which makes no sense of whatsoever. And believe me, I have been punching holes in the firewall. I have been reinstalling the server. I’ve been reconfiguring, I’ve been playing around with it for a while. But until I made the proper configuration, and until I made the proper firewall holes, I was unable to do this. However, if it works for you without doing the same things as I did, like this, if the W get passes from the first try, great, you don’t need to bother yourself anymore.

However, if it doesn’t, well, welcome to my world. Let’s go back to the center S machine. Let us reopen the config file for the FTP server. So etc. Vs. Ftpd vs. Ftpd conf. And we got to go to the bottom. Okay, so we will need to insert these lines. I’m just going to remove the comments, but you will need to insert them. So just take a look at them.

They’re not too long. Okay, so what am I saying? I’m saying that I would like the passive mode for FTP to be enabled, and I would like the maximum port to be 40,000 and the minimum port to be 40,000, meaning that it will only use the port 40,000 because FTP always uses two ports. One port is for the actual transfer of your files, and the other one is for communication. So we need two ports and we need to switch the mode. We’re going to right quit this.

And now we need to punch another hole in our firewall, which will not be 21, but it will be 40K. It doesn’t need to be 40K. It can be pretty much whatever you want. But you pick a port really high up so that you make sure that nothing on your system will ever use that port, or that you are not going to block any other services if you use it before they do at a later point of time.

One, two, three, enter. Success. Okay, so let’s see whether it’s successful on the other, whether this is going to work now. No, it will not. Why? Well, we need to rest. Do you remember what I mentioned the previous tutorial? Why? Because this configuration file, even though it’s changed, it’s not actually used by the FTP server yet because it’s using the old one. Has it already loaded the old one into Ram and has already loaded the parameters from the old one into Ram and it is just using them. So let’s go ahead and restart it. So system CTL space restart vs. Ftpd. Press enter. And the restart seems to have ran smoothly.

And it seems to have been a successful one. Let’s see if this is going to work. Wrong one. This is my recording way of recording. And I also have an FTP test running on my main machine here. Let’s just see which one do we need. Red hat. Okay, so let’s give it a shot now. There we go. Guess what? We have successfully retrieved the file and let’s go ahead and do cat high it. Retrieves it to the current folder. Guess what? I am not high. I am goodbye. Please keep that in mind. So we have successfully retrieved it. It’s there. And our FTP server is fully functional. This could have been 50 gigabyte worth of information that we’ve pulled, but we’ve just pulled a small amount. Anyway. If you would like to use a client, an FTP client, to browse the FTP server, which is a better way of pulling things, because I’ll just remove this. Because you will only be able to download something in this fashion if you know exactly where that something is. But if you don’t, well, it’s not going to happen for you.

But if you have a client, you will be able to browse and to look for the file that you need. What do we do now? Well, we go ahead and type in Yum. Install LFTP. This is not service client. I do believe that it’s already installed. Yes, it is, but for you, it probably won’t be to just use the same command that I have and it will install it. LFTP space 1921-6812. Let’s do LS. And there you go. You see the directory. And if we go to CD Pub and if we do LS yes, there we go. Our file is there. So type in get high, 52 bytes transferred. Okay, no big deal. Let’s exit. And we do cat high and says, I’m not hi. I’m goodbye. Please keep that in mind. We have successfully pulled that file as well.

But this is a bit of a user friendly way to do it. I mean, you can actually browse things like this. Also, you can log in with a valid user. I have my user on that machine that I am currently logged in on. Sentos is creator. Here, let me just show you. Sent to us. Who am I? Okay, I’m brute, obviously, but exit. Who am I? Im creator. This is my user name. So let’s go ahead and back to the red hat machine. Type in creator at. And this is who we want to be on that particular machine. Same as with SSH. Press Enter. It will prompt you for a password. Type your password in while you type. You won’t see any characters appear on the screen. This is a security measure, but believe me, you are typing them in. Press Enter and there you go.

We are successfully in the home directory of that particular user. I can see desktop documents, downloads. Okay, so let’s just make a file quickly over on the Sent to US machine, and we’re going to go into Documents. We’re going to do LS. There’s nothing there. Okay, so let’s type in vim space. How shall we name this file? What is on my table? A lot of dust that I need to clean eventually. Okay, give me the insert mode. Please clean me. I am not begging you, but I could really use it. Okay, so let’s go ahead and save this file and go back to the Red Hat machine.

Okay, so let’s navigate over to the Documents folder. By the way, the tab doesn’t work when you are remoting like this, as far as I know. Anyway. Let’s try it. CD. Oh, it does work here, actually. So CD Documents, which is a very nice feature. LS. And guess what? I see dust there. Let’s do cat dust. Please clean me. I am magnificently ridden this. Please clean me. I could really use it. Okay, we need to change this. I mean, seriously, it makes no difference, but I feel like I really need to change this. This really feels embarrassing. I could really use it. Hopefully it’s correct. Now back to the red hat and let’s type in get dust.

40 bytes transferred grade exit cat dust. There you go. You have the dust file there. Let’s just screen and do it one more time. There you go. So we have successfully transferred it to here. Anyway. Anonymous users will always be directed to VAR FTP pub. And if you log in as some other user onto the server, you will be able to actually access their home directory. Just one more thing that I would like to check before I wrap this up. If I do cat, I need to be root here. So that’s right. One grab shy FTP. Okay, so there you have it. We have an FTP user, and it says VAR FTP at the end it says no login, but you can actually change this directory to be something else. So you can change it to any folder that you would like, but the permissions on this default one are very good. So I would recommend that you leave this as it is. So that directory where anonymous users go to, where anybody can just go ahead and access, the one that anybody can just go ahead and access, that folder actually has a user and that is the folder, that is the directory for a particular user. That user is FTP. Strange as it may sound, I’ve talked but I’ve said that we have system users that regular people would never use but they’re created for the system. And this is one of those typical examples, samples of it where you have a single user for that directory in order to tighten down the permissions to control them as best as you can. Anyway, I would like to be doing all fair well now and we shall see each other hopefully in the follow up tutorial.

5. How to install and configure VNC

Welcome all to this tutorial. Today I am going to talk about a remote desktop. So we will create a server to which we are going to connect from a client. Now we will need two machines as before so we’ll have sent to US and Red Hat. Red Hat will be a client, sent to us will be a server and we will be able to connect from one to the other. This example is done with tool and machines but you do not necessarily need to have two Linux machines. You can have a Linux server and then you can have a Windows client so that’s perfectly fine. It’s going to work as long as you have a proper client installed in Windows. You can also use a Mac instead of Windows or whatever. You will be able to remote desktop into the other computer which is Linux without bigger difficulties or problems.

And the VNC configuration is a little bit tricky so not really straightforward I would say however not too difficult. There is a key difference where we actually need to create our own configuration file as opposed to the previous examples where we just modify the existing configuration files. Well not too difficult. We can begin the process by first installing the VNC server so yum install Tiger VNC server and of course install there we go. So it’s already installed here, no big deal. I installed it during one of my test runs. The installation is like 2 seconds so don’t worry about that. Now we need to go ahead and change the directory.

We don’t necessarily strictly need to change directory we can perform a copy with absolute paths but let’s just go and have a look. So Cde Usrlib system D system DoD and this is the file that we are looking for. So this is sort of a template for the configuration file and we’re going to now create our own from that template as we are going to just change a few values and rename it. So how do we go about that? Well all we need to do is type in CP VNC service so we are literally copying it into this. We’re just making a copy of it in this exact same folder in this exact same working directory and we just need to rename it. So let’s go about doing that and we need to do this. I’m going to put number five here so you can put a lot of numbers here, just never put a zero here. I don’t know if you have wanted to create ten sessions so it’s like one and then two and then three and then four. I’m going to go ahead and put five. Why? Well I have no idea I like number five so let’s go ahead and press Enter now that is done. Let’s do a listing one more time and you will see that this has been created. So if you’re wondering why I put a backslash why did I put a backslash here?

It’s because of the colon so that the colon would get recognized. Anyway, now that we have the configuration file, let’s go ahead and start editing it. Vim VNC server at. We need this. Okay, take a look at what happens now. So if I just put in a colon and if I keep pressing tab, I’m not going to get anything. But if I put a backslash and then colon, I press tab and I get the rest. Okay, so you got a bit of a read me up here and all that, but we’re going to scroll down and you see where it says user. So I have highlighted prior to this, I do believe that Vim has remembered my search pattern.

So user here and user here. You need to replace it with your either create a new user or just use your existing user like I will. So I’m just going to use my existing user which is creator. So the only thing I shall do here is basically do this. I’ll type in creator. And down below we also need to delete this and type in so my username once again is creator. Yours will probably be something else. So just put it in here and that’s it. Do not put root in here. So do not put root. Just put some regular user username into this file. Anyway, that’s it. That’s pretty much what we need to do here. So right, quit. Let’s go ahead and clear the screen. Now there are a few things which we will need to do. So first off, we will enable the service to run at boot time. And we’re going to do that with system CTL enable.

And we are going to type in Vncserver. It doesn’t want to give me tab Vncserv. And this is going to be session number 500 stake in service. Excellent. So there we go. We have done that and now we would like to reload the demon. Actually, we don’t need to reload the demon. We can just go ahead and edit the firewall and see if that actually helps us. I mean, we will need to of course edit the firewall in order to make sure that this actually works.

So have a firewall command prepared here for you somewhere. Let me just go ahead and scroll through it and messed around with it for quite a while. Okay. So there we go. This is the firewall command. It will open up this port and enable the usage of the VNC server. Success. There we go. So I do not believe that there is anything else that we need to do with root user. So now we shall exit the root user as we have configured all that was configurable there pretty much if I’m not mistaken. And now we need to actually do VNC start. Oh, sorry. No VNC server.

Come on, anytime. Excellent. So it says creator and then we said VNC server. So we first logged in as a creator and then we’ve started the VNC server. If you don’t know how to change the users, I’ve shown this before, you just type in Su and then the user name here and that will change to some other user. Anyway, I’ve already configured a password but I can configure it again. So we need to configure the VNC password. The user already has a password, but we’re going to configure a password for VNC. So vncass Wdcreator then type in a password here. There you go. So it’s done. Up and running. No need to change anything else here. So now that we have the server up and running, we should go over to our Red Hat machine. Closed by remote Host okay, I’ve already connected once, so no big deal. Let’s go ahead and type in this command.

So VNC Viewer and then you have dash via and then it says creator at 192168 102 localhost five. So this is the remote IP address. This is who you want to be and this is where you want to open the session. So local Host and this is the number five. It needs to be identical to the number over there that we have configured. But before we can actually run this command, there is an interesting bit here. So yum search tiger VNC okay, come on. I’ve been messing around with the repos, it doesn’t really matter. So tiger VNC Remote Desktop System so just install the first one straight off the bat. You do not require the use of the server. So just type in Yum. Install tiger VNC You need to be root of course. Tiger VNC any moment now. The speed of the virtual machines is incredible.

This is not the installation process, this is just the update process. As I’ve been messing around with the repositories a little bit on Red Hat and I didn’t mess anything up. But I did add a few things there which kind of slow me down now, but it should finish relatively fast. In any case, this is the command that you need to run in order to install Tiger VNC. And then you will have the VNC viewer which is basically then you will have the client that you will use in order to connect to your server elsewhere. Come on my good man. Update for primary DB. Come on. There we go.

So installed and latest version. Nothing to do, no big deal there. It will not be installed for you will need to install it yourself. And now first of all, I need to exit root, remember that. And then we are going to attempt a connection from a regular user. So just press enter. And now the connection is going. So let’s see will it pass or not? Just so you know, the remote desktop protocols are not the fastest protocols out there so please keep that in mind. Unable to connect. Connection refused. Now why do you suppose that the connection has been refused? Okay, so let’s go ahead and check that out. SSH connect to host 422. No route host. Okay, no big deal. Let’s start our troubleshooting session. So, first of all, I’m going to go ahead and check the keys just in case. And I am going to reload the daemon sent to us. Okay, so su testest system. CTL time. Damon reload. Okay, so will you be so kind as to work now? Enable connection refused. Okay, no problem. Let’s go ahead and do an N map scan of the system. So nmap 921-6812. Give me the verbose output. Let’s see if it’s functional. Host seams down. Oh, man.

You see, this is the most brilliant mistake I could have made. And I’ll tell you what it is in a moment. It’s not connected to the net, so DH client. It’s not connected at all to the network, not to the general Internet. But I need the connection anyway. I need a connection in LAN, at least, because I’m using the land IP address. Okay, so let’s go back to Red Hat with my forgetting, my brilliant mistake here. Let’s omit that, shall we? Excellent. So the connection is passing through. And now since the connection is going via SSH, it says the authenticity of the host can’t be established. Key fingerprint is blah, blah, blah. You sure you want to continue? So the reason why we’re getting this is because we do not have this key in our known host file from the SSH lectures. And are you sure you want to continue? Well, if you want to import the key okay, yes, permanently add it. And look. Now it is asking us for a password. This is not the user password. This is the password of the VNC.

So in order to type whatever your VNC password was, whatever you set it to be, just type it in here. But please keep in mind, this is not the user password. This is the VNC password that we set with the command VNC password. There we go. My passwords are the same for these virtual machines, so no worries there. And there you go. It’s opening it up. Okay, I admit it’s not the best of things. Just wait until it loads completely, and I’m just going to try to minimize this like this. Okay, so you see that we are, in fact here. This is my Red Hat machine in the background, and this is the window that I have. That is the sendos machine. So let’s go ahead and try to log in. This is where to go.

It doesn’t really matter how fast your connection is or how close you are. These remote desktop protocols will always be slow, especially if you’re running an encrypted version like I am here, which is a very, very, very good thing to do. So, look, we are now logged in as creator on our remote desktop. And look, if we just type in if we open up the terminal. Come on, booting. Go, go, go. Let’s zoom it in. I’m going to go ahead and type in ifconfig you can see that the IP address up there, although I probably should be using ifconfig, but it doesn’t really matter. It’s a little bit simpler for you to see. Instead of using iPadR, it’s 191 6812, so you can see it there. And if I type in clear, who am I? It says creator.

So we are in fact on that machine. I just want to do this as a demonstration to show you that we are indeed using a remote desktop protocol. Anyway, I bid you all farewell and I hope to see you in the follow up tutorials where we will deal with Se, Linux and Firewall, which are pretty much probably two of the most important things in Linux and one of the main reasons why most of the servers use Linux. Aside from Linux being free because of the firewall and because of that internal security, we test the Linux that you get that abnormally increases the security levels of your service. Anyway, we’re going to be dealing with that in the follow up tutorials, but for the time being, as I’ve said, I bet you all farewell and a ton load of luck with this.

• Category: Uncategorized