000026845 - How to Install vsftpd as an FTP server on an RSA Security Analytics Log Collector

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000026845
Applies ToRSA Security Analytics
RSA Security Analytics 10.3.2 and above
RSA Security Analytics Log Collector
IssueHow to Install vsftpd as an FTP server on an RSA Security Analytics Log Collector.
Resolution

To install vsftpd for FTP:


1. SSH to appliance running Log Collector service


2. Install vsftpd using instructions on Appendix F (page 19) of RSA Security Analytics v10.3 SP2 Upgrade Instructions


3. Update vsftpd config using the following commands:



cd /etc/vsftpd


vi vsftpd.conf



If the following entries exist change their values from YES to NO, otherwise add the following 2 lines:



force_local_logins_ssl=NO


force_local_data_ssl=NO



 Save the file


 


4. Restart the vsftpd service using the following command:



service vsftpd restart



 


You should be able to ftp to this host now.


Note: There is no ftp client by default installed on SA appliances.


 


 


 


Configuring FTP Home Directory:


1. SSH to appliance running vsftpd service


2. Update vsftpd config using the following commands:



cd /etc/vsftpd


vi vsftpd.conf



3. Add the following line



user_config_dir=/var/netwitness/logcollector/upload_chroot/home/upload/eventsources



Save the file


 


4. Restart the vsftpd service using the following command:



service vsftpd restart



 


 


Troubleshooting FTP connection issues:


1. Check service is running



service vsftpd status



 


2. Check service is listening on ftp port



netstat -lnp | grep 21



 


3. Check iptables allows ftp


3a. Confirm iptables is running



service iptables status



3b.  Check for a rule to allow FTP



iptables -L -n | grep :21


Notes

Note: To successfully upload files to the destination directory, make sure the 'upload' user account has the appropriate permissions to that directory.


Warning: FTP traffic is not encrypted and so traffic collected via this method is not protected in transit.

Legacy Article IDa65912

Attachments

    Outcomes