How to Generate Certificate Signing Request (CSR) on Linux

CSR stands for ‘Certificate Signing Request’, that is generated on the server where the certificate will be used on. A CSR contains information about to your organization and domain name, locality, and country and a public key that will be included in your certificate.

This article has 3 methods to create CSR (Certificate Signing Request) on Linux systems. You can choose any one of below methods. All methods will do the same task, only they have a detailed explanation.

Read More

How change user default directory on Linux System

You can use the usermod command to change the default home directory for a user.

usermod -d /path/to/dir username

What this command does is edit the file /etc/passwd. Opening /etc/passwd you will find there is a line for every user, including system users (mysql, posftix, etc), with seven fields per line denoted by colons.

The first field is our user and the last two fields are the starting directory and the shell. For example, the following line will login user mattdamon to /var/www/html/mattdamon.

mattdamon:x:0:0:root:/var/www/html/mattdamon:/bin/bash

How to enable passive FTP connections in ProFTPD

Passive mode can sometimes resolve certain clients ability to connect to the FTP server which may have been blocked by firewalls. If you are having issues connecting remotely,  would like you to try to to enable passive connections in ProFTPD you will need to edit /etc/proftpd.conf.

1. Edit the /etc/proftpd.conf file:

vi /etc/proftpd.conf

And add the following lines with the letter “i” to insert:

PassivePorts 60000 65535
AllowStoreRestart on
 AllowRetrieveRestart on
 TimeoutNoTransfer 65535
 ListOptions "-la"
 TimeoutIdle 65535

2. You will then also need to add the passive range in the firewall.

IPtables:

  • Add the new rule:
iptables -A INPUT -p tcp -m tcp --dport 60000:65535 -j ACCEPT
  • Save the ruleset:
iptables-save > /etc/sysconfig/iptables

Firewalld: 

  • Add the new port range:
firewall-cmd --permanent --add-port=60000-65535/tcp
  • Reload the firewall:
firewall-cmd-reload

3. Testing The FTP Service

You can test the FTP configuration locally first to ensure the daemon is running by using netstat

# netstat -plan|grep :21

You can also connect locally by installing the ftp client

yum install -y ftp

And then making a connection to the localhost or 127.0.0.1

 ftp localhost