Tag Archives: linux

Running vsftpd on Docker

Happy 2019!!

Lately I’ve been playing around with docker and decided to create a dockerfile to have vsftpd running on CentOS. Below is my dockerfile:

# Dockerfile for vsftpd on CentOS
FROM centos:7

MAINTAINER xavi@xavignu.com

RUN yum -y update; yum -y install which vsftpd net-tools vsftpd-sysvinit; yum clean all

COPY vusers.txt /etc/vsftpd/
RUN db_load -T -t hash -f /etc/vsftpd/vusers.txt /etc/vsftpd/vsftpd-virtual-user.db; rm -v /etc/vsftpd/vusers.txt; \ 
	chmod 600 /etc/vsftpd/vsftpd-virtual-user.db
COPY vsftpd.conf /etc/vsftpd/
COPY vsftpd.virtual /etc/pam.d/
RUN mkdir -p /home/vftp/ftpuser; chown -R ftp:ftp /home/vftp

EXPOSE 20 21

CMD ["/usr/sbin/vsftpd","-obackground=NO"]

We need to create three files before building the image, one for vsftpd virtual users PAM, another vsftpd.conf file and another with the virtual users. vsftpd.conf below:

anonymous_enable=NO
local_enable=YES
virtual_use_local_privs=YES
write_enable=YES
local_umask=022
pam_service_name=vsftpd.virtual
guest_enable=YES
user_sub_token=$USER
local_root=/home/vftp/$USER
chroot_local_user=YES
allow_writeable_chroot=YES
hide_ids=YES
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log

Pam file, store as vsftpd.virtual

#%PAM-1.0
auth       required     pam_userdb.so db=/etc/vsftpd/vsftpd-virtual-user
account    required     pam_userdb.so db=/etc/vsftpd/vsftpd-virtual-user
session    required     pam_loginuid.so

And at last a file with user and password, which we will store as vusers.txt

ftpuser
letmein

All these files shall be stored into the same directory in order for build to be successful. We proceed building.

user@computer:$ docker build -t centos-vsftpd -f centos-vsftpd .
Sending build context to Docker daemon 10.24kB
Step 1/10 : FROM centos:7
---> 1e1148e4cc2c
Step 2/10 : MAINTAINER xavi@xavignu.com
---> Using cache
---> cb00764989e4
Step 3/10 : RUN yum -y update; yum -y install which vsftpd net-tools vsftpd-sysvinit; yum clean all
---> Using cache
---> 84bc55dc256f
Step 4/10 : COPY vusers.txt /etc/vsftpd/
---> Using cache
---> 922453bc2ba3
Step 5/10 : RUN db_load -T -t hash -f /etc/vsftpd/vusers.txt /etc/vsftpd/vsftpd-virtual-user.db; rm -v /etc/vsftpd/vusers.txt; chmod 600 /etc/vsftpd/vsftpd-virtual-user.db
---> Using cache
---> 3f0f5a3743af
Step 6/10 : COPY vsftpd.conf /etc/vsftpd/
---> Using cache
---> f6241c5dc497
Step 7/10 : COPY vsftpd.virtual /etc/pam.d/
---> b768b27a3496
Removing intermediate container 45326ecc02a0
Step 8/10 : RUN mkdir -p /home/vftp/ftpuser; chown -R ftp:ftp /home/vftp
---> Running in fb940a0b999f
---> 8afff06f270a
Removing intermediate container fb940a0b999f
Step 9/10 : EXPOSE 20 21
---> Running in 0a9bd172c74e
---> d07e65112275
Removing intermediate container 0a9bd172c74e
Step 10/10 : CMD /usr/sbin/vsftpd -obackground=NO
---> Running in 50f124e366ee
---> 0a571ecf1fed
Removing intermediate container 50f124e366ee
Successfully built 0a571ecf1fed
Successfully tagged centos-vsftpd:latest

We now start the vsftpd container and check its running.

user@computer:$ docker run -d --name myftp centos-vsftpd:latest; docker ps
1034cc745e43f67ae3a432ce8ebe37755b36eca2dc04f21102da2eaafe9dd832
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1034cc745e43 centos-vsftpd:latest "/usr/sbin/vsftpd ..." Less than a second ago Up Less than a second 20-21/tcp myftp

We connect to newly created ftp server and upload a test file.

user@computer:$ ftp 172.17.0.2
Connected to 172.17.0.2.
220 (vsFTPd 3.0.2)
Name (172.17.0.2:xavi): ftpuser
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> mput test.txt
mput test.txt? y
200 PORT command successful. Consider using PASV.
150 Ok to send data.
226 Transfer complete.
10 bytes sent in 0.00 secs (187.8005 kB/s)
ftp>

And we check the creation and content of the uploaded file.

user@computer:$ docker exec myftp cat /home/vftp/ftpuser/test.txt
Test File

References:

OpenDKIM in Debian

Lately I’ve been playing with postfix and ways to validate my mail. That’s how I reached DKIM records. Something like ssh keys (a public and private key) but for mail. Installation in Debian GNU/Linux is pretty simple via apt-get as usual, we need to install opendkim and opendkim-tools.

user@computer:$ dpkg -l | grep dkim
ii libmail-dkim-perl 0.40-1 all cryptographically identify the sender of email - perl library
ii libopendkim9 2.9.2-2+deb8u1 amd64 Library for signing and verifying DomainKeys Identified Mail signatures
ii opendkim 2.9.2-2+deb8u1 amd64 Milter implementation of DomainKeys Identified Mail
ii opendkim-tools 2.9.2-2+deb8u1 amd64 Set of command line tools for OpenDKIM

We need to open a port for opendkim (8891 in my case), we need to edit /etc/default/opendkim in order to do this as below.

user@computer:$ grep -v "^#" /etc/default/opendkim
SOCKET="inet:8891@localhost" # listen on loopback on port 8891

Continue reading

Spamassassin logs to a different file

Lately I’ve been looking at my mail logs and noticed that on them it gets written spam, postfix and dovecot messages among other, which is a little uncomfortable. We can use grep to filter, but perhaps a better approach is to send spamassassin logs to a different file.

user@computer:$ tail /var/log/mail.log
Oct 16 17:13:11 myserver postfix/smtpd[29869]: connect from unknown[185.234.219.254]
Oct 16 17:13:11 myserver postfix/smtpd[29869]: warning: unknown[185.234.219.254]: SASL LOGIN authentication failed: Invalid authentication mechanism
Oct 16 17:13:11 myserver postfix/smtpd[29869]: lost connection after AUTH from unknown[185.234.219.254]
Oct 16 17:13:11 myserver postfix/smtpd[29869]: disconnect from unknown[185.234.219.254]
Oct 16 17:15:53 myserver postfix/smtpd[29896]: warning: hostname 204.152.209.101.static.quadranet.com does not resolve to address 204.152.209.101
Oct 16 17:15:53 myserver postfix/smtpd[29896]: connect from unknown[204.152.209.101]
Oct 16 17:15:53 myserver postfix/smtpd[29896]: warning: unknown[204.152.209.101]: SASL LOGIN authentication failed: Invalid authentication mechanism
Oct 16 17:15:54 myserver postfix/smtpd[29896]: disconnect from unknown[204.152.209.101]
Oct 16 17:16:41 myserver postfix/smtpd[29896]: warning: hostname unassigned.quadranet.com does not resolve to address 192.161.170.229
Oct 16 17:16:41 myserver postfix/smtpd[29896]: connect from unknown[192.161.170.229]
Oct 16 17:16:42 myserver postfix/smtpd[29896]: Anonymous TLS connection established from unknown[192.161.170.229]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Oct 16 17:17:03 myserver postfix/smtpd[29896]: warning: eotzqh.kylieslowcase.fun.blackhole.securitysage.com: RBL lookup error: Host or domain name not found. Name service error for name=eotzqh.kylieslowcase.fun.blackhole.securitysage.com type=A: Host not found, try again
Oct 16 17:17:05 myserver postfix/smtpd[29896]: DA88C2607C5: client=unknown[192.161.170.229]
Oct 16 17:17:06 myserver postfix/cleanup[29903]: DA88C2607C5: message-id=
Oct 16 17:17:06 myserver postfix/qmgr[1238]: DA88C2607C5: from=, size=32258, nrcpt=1 (queue active)
Oct 16 17:17:06 myserver postfix/smtpd[29896]: disconnect from unknown[192.161.170.229]
Oct 16 17:17:08 myserver postfix/pickup[29368]: 3D6B4260878: uid=5001 from=

Oct 16 17:17:08 myserver postfix/pipe[29904]: DA88C2607C5: to=, relay=spamassassin, delay=26, delays=24/0.01/0/1.9, dsn=2.0.0, status=sent (delivered via spamassassin service)
Oct 16 17:17:08 myserver postfix/qmgr[1238]: DA88C2607C5: removed
Oct 16 17:17:08 myserver postfix/cleanup[29903]: 3D6B4260878: message-id=
Oct 16 17:17:08 myserver postfix/qmgr[1238]: 3D6B4260878: from=, size=32672, nrcpt=1 (queue active)
Oct 16 17:17:08 myserver postfix/pipe[29908]: 3D6B4260878: to=, relay=dovecot, delay=0.22, delays=0.07/0.01/0/0.14, dsn=2.0.0, status=sent (delivered via dovecot service)
Oct 16 17:17:08 myserver postfix/qmgr[1238]: 3D6B4260878: removed
Oct 16 17:17:51 myserver postfix/smtpd[29896]: connect from unknown[185.36.81.87]
Oct 16 17:17:51 myserver postfix/smtpd[29896]: warning: unknown[185.36.81.87]: SASL LOGIN authentication failed: Invalid authentication mechanism
Oct 16 17:17:51 myserver postfix/smtpd[29896]: lost connection after AUTH from unknown[185.36.81.87]
Oct 16 17:17:51 myserver postfix/smtpd[29896]: disconnect from unknown[185.36.81.87]
Oct 16 17:18:49 myserver postfix/smtpd[29896]: connect from unknown[187.55.179.130]
Oct 16 17:18:50 myserver postfix/smtpd[29896]: warning: unknown[187.55.179.130]: SASL LOGIN authentication failed: Invalid authentication mechanism
Oct 16 17:18:50 myserver postfix/smtpd[29896]: lost connection after AUTH from unknown[187.55.179.130]
Oct 16 17:18:50 myserver postfix/smtpd[29896]: disconnect from unknown[187.55.179.130]
Oct 16 17:19:50 myserver postfix/smtpd[29896]: warning: hostname 204.152.209.101.static.quadranet.com does not resolve to address 204.152.209.101
Oct 16 17:19:50 myserver postfix/smtpd[29896]: connect from unknown[204.152.209.101]
Oct 16 17:19:51 myserver postfix/smtpd[29896]: warning: unknown[204.152.209.101]: SASL LOGIN authentication failed: Invalid authentication mechanism
Oct 16 17:19:51 myserver postfix/smtpd[29896]: disconnect from unknown[204.152.209.101]
Oct 16 17:21:21 myserver postfix/anvil[29719]: statistics: max connection rate 1/60s for (smtp:177.143.199.94) at Oct 16 17:12:24

Continue reading

Primitive way with Folium

So I discovered Folium about two months ago and decided to map the primitive way with it. Coordinates data is retrieved from Strava gpx files and cleaned up leaving only latitude and longitude as below.

user@computer:$ head Camin_prim_stage1.csv
lat,lon
43.3111770,-5.6941620
43.3113360,-5.6943420
43.3114370,-5.6944600
43.3115000,-5.6945420
43.3116970,-5.6948090
43.3119110,-5.6950900
43.3122360,-5.6956830
43.3123220,-5.6958090
43.3126840,-5.6963740

Below is the python file we will use to retrieve data and create the map with the routes.

import folium
from pyspark.sql import SparkSession
from pyspark.sql.functions import col
spark = SparkSession.builder.master("local").getOrCreate()

# Change Spark loglevel
spark.sparkContext.setLogLevel('FATAL')

# Load the rides and ride_routes data from local instead of HDFS
position1 = spark.read.load("/home/user/Camin_prim_stage1.csv", format="csv", sep=",", inferSchema="true", header="true")
position2 = spark.read.load("/home/user/Camin_prim_stage2.csv", format="csv", sep=",", inferSchema="true", header="true")
position3 = spark.read.load("/home/user/Camin_prim_stage3.csv", format="csv", sep=",", inferSchema="true", header="true")

position = [position1, position2, position3]

m = folium.Map()
col=0
colArray=['red','blue','green']

# Check file was correctly loaded
for x in position:
# x.printSchema()
# x.show(2)

# Map position
coordinates = [[float(i.lat), float(i.lon)] for i in x.collect()]

# Make a Folium map
#m = folium.Map()
m.fit_bounds(coordinates, padding=(25, 25))
folium.PolyLine(locations=coordinates, weight=5, color=colArray[col]).add_to(m)
folium.Marker(coordinates[1], popup="Origin").add_to(m)
folium.Marker(coordinates[-1], popup="Destination").add_to(m)
col = col + 1
# Save to an html file
m.save('chamin_prim.html')

# Cleanup
spark.stop()

Continue reading

Docker in DietPi

So I was trying to install docker in my raspberry pi with DietPi and initially installed it via repo/aptitude, but that version is pretty old and not supported anymore.

user@computer:$ dpkg -l | grep dock
ii docker.io 1.3.3~dfsg1-2 armhf Linux container runtime

user@computer:$ sudo docker version
Client version: 1.3.3
Client API version: 1.15
Go version (client): go1.3.2
Git commit (client): d344625
OS/Arch (client): linux/arm
Server version: 1.3.3
Server API version: 1.15
Go version (server): go1.3.2
Git commit (server): d344625

Continue reading