RHEL üzerinde VerySecureFtp örnek konfigürasyonu ve Linux üzerinde ilk script denemem: FtpUserOlusturma Scripti

Linux bash Script ile very Secure Ftp kullanicisi oluşturmak.

Linux üzerinde script yazmak biraz zor bir işmiş, gözünü seveyim Visual Studio nun 🙂 Bir çok ftp kullanıcısı açmak için uğraşmak yerine sanırım bu scripti yazmam aynı hesaba geldi 🙂 Elle mi açsam demiştim ilk başlarda.

Web üzerinde çok fazla bash script kaynağı olmasına rağmen ben adam gibi bir site bulamadım. if ile kullanılan operatörleri bulmam epey zaman aldı.

Linux Bash Script Notlar:
if operatorleri
|| OR
&& AND

Renkli bir çıktı verebilmek için echo -e yapmak gerekiyor.

Kaynakça:
1. Very Secure Ftp Konfigürasyonu http://www.noob2geek.com/linux/setup-vsftpd-debian-ubuntu/ ve detaylar için google
2. Bash renkler için https://wiki.archlinux.org/index.php/Color_Bash_Prompt


#!/bin/bash
# Mustafa KULLUKCUOGLU 24.10.2012
# Ftp userlarinin olusturulmasi icin yazilmistir."


textyesil='\e[0;32m' # Yesil Normal yazi
textkirmizi='\e[0;31m' # Kirmizi Normal yazi
textsari='\e[0;33m' # Sari Normal yazi
cizgiyesil='\e[4;32m' # Alti Cizgili Yesil
cizgikirmizi='\e[4;31m' # Alti Cizgili Kirmizi
cizgisari='\e[1;33m' # Alti Cizgili Sari
textnormal='\e[0m' # Normal yazi fontuna donmek icin

if [ $(id -u) -eq 0 ]; then
if [ ${#1} -eq 0 ] || [ ${#2} -eq 0 ] || [ ${#3} -eq 0 ]; then
echo -e "${cizgikirmizi}Parametre sayilarinda eksik var. Lutfen asagidaki bicimde giriniz.${textnormal}"
echo -e "script.sh $FTPUSER $FTPPASSWORD $DIRECTORY"
echo -e "DIRECTORY parametresinin sonuna /pub eklenerek kullanicinin"
echo -e "Home klasoru bu yapilacaktir....${textnormal}"
echo -e "Ornegin: ${textyesil} ./FtpUserCreate mustafa p@ssword /disk1/mustafa ${textnormal}"
else
HOMEFOLDER=$3
USER=$1
PASS=$2
if [ ! -d "$HOMEFOLDER" ]; then
echo -e "${textkirmizi}Kullanicinin home folderi: $HOMEFOLDER dizini bulunmuyor. Olusturulacak.${textnormal}"
mkdir $HOMEFOLDER
echo -e "${textyesil} $HOMEFOLDER klasoru olusturuldu ${textnormal}"
else
echo -e "${textsari} $HOMEFOLDER klasoru mevcut.${textnormal}"
fi

HOMEPUB=$HOMEFOLDER"/pub"
if [ ! -d "$HOMEPUB" ]; then
echo -e "${textkirmizi} Kullanicinin home pub folderi: $HOMEFOLDER bulunmuyor. Dizin olusturulacak.${textnormal}"
mkdir $HOMEPUB
echo -e "${textyesil} $HOMEPUB klasoru olusturuldu.${textnormal}"
else
echo -e "${textsari} kullanicinin "$HOMEPUB" klasoru mevcut.${textnormal}"
fi #home pub

#Kullanici daha once mevcut mu bakalim
egrep "^$USER" /etc/passwd >/dev/null
if [ $? -eq 0 ]; then
read -p "Mevcut kullanici silinsin mi?:(e/h)" cevap
if [ "$cevap" != "e" ]; then
echo -e "${textkirmizi}Kullanici silinme islemi onaylanmadigi icin cikiliyor...${textnormal}"
exit 1
else
userdel $USER
echo -e "${textyesil} $USER kullanicisi silindi...${textnormal}"
fi #Kullanici silmesi onayi
fi #Kullanici mevcutsa bolumu

ENCPASS=$(perl -e 'print crypt($ARGV[0], "password")' $PASS)
#echo -e $ENCPASS
echo -e "${textyesil} $USER kullanicisi eklenip parolasi belirleniyor...${textnormal}"
useradd -d $HOMEPUB -s /usr/sbin/nologin $USER -p $ENCPASS
echo -e "${cizgiyesil}$USER ${textyesil} kullanicisi eklendi.. ${textnormal}"
chown -R $USER $HOMEFOLDER
echo -e "${cizgiyesil} $USER ${textyesil} icin ${cizgiyesil} $HOMEFOLDER ${textyesil} klasoru sahipligi verildi.${textnormal}"
read -p "Kullaniciya yazma yetkisi verilecek mi?:(e/h)" cevap2
if [ "$cevap2" != "h" ]; then
chmod 755 $HOMEFOLDER
chmod 755 $HOMEPUB
echo -e "${cizgiyesil} $HOMEFOLDER ${textyesil} klasorune ${cizgiyesil}$USER ${textyesil}kullanicisi icin yazma yetkisi verildi.${textnormal}"
else
chmod 555 $HOMEFOLDER
chmod 555 $HOMEPUB
echo -e "${cizgiyesil} $HOMEFOLDER ${textyesil} klasorune ${cizgiyesil}$USER ${textyesil}kullanicisi icin sadece okuma yetkisi verildi.${textnormal}"
fi #Kullanici klasor yetkilendirme
echo -e "${cizgiyesil} $HOMEFOLDER ${textyesil}klasoru icin yetkiler ayarlandi.${textnormal}"
usermod -Gftpusers $USER
echo -e "$USER kullanicisi Gftpusers grubuna eklendi."
echo -e $USER >> /etc/vsftpd/vsftpd.userlist
echo -e "$USER kullanicisi Very Secure FTP User listesine (/etc/vsftpd/vsftpd.userlist) eklendi"
echo -e "${cizgiyesil}KULLANICI EKLEME ISLEMI TAMAMLANMISTIR....${textnormal}"
fi #3 adet parametre kontrolu
else
echo -e "${textkirmizi}Bu scripti calistirmak icin root yetkisine sahip olmalisiniz...${textnormal}"
fi #Root Kullanici Kontrolu

exit 0

# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd’s
# capabilities.
#
# Allow anonymous FTP? (Beware – allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd’s)
# umask degerini 000 yaparak tum eklenen dosyalarin
# yetkisinin 666 olmasini sagliyoruz
local_umask=000
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages – messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# The target log file can be vsftpd_log_file or xferlog_file.
# This depends on setting xferlog_std_format parameter
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=NO
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using “root” for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# The name of log file when xferlog_enable=YES and xferlog_std_format=YES
# WARNING – changing this filename affects /etc/logrotate.d/vsftpd.log
#xferlog_file=/var/log/xferlog
#
# Switches between logging into vsftpd_log_file and xferlog_file files.
# NO writes to vsftpd_log_file, YES to xferlog_file
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command “SIZE /big/file” in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=FTP sunucusuna hosgeldiniz. Lutfen giris yapiniz.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the “-R” option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as “ncftp” and “mirror” assume
# the presence of the “-R” option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When “listen” directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd whith two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

#Giris yapmaya yetkili kullanicilar asagidaki listeye eklenmelidir
userlist_file=/etc/vsftpd/vsftpd.userlist

#Kullanici listede ise erisime izin ver
userlist_enable=YES
userlist_deny=NO

#Kullanici kendi klasoru haric ust klasorleri goremesin.
chroot_local_user=YES