Bug#800711: (Redacted) Config
Julian
julian+ at dfld.de
Fri Oct 2 20:06:04 UTC 2015
This is the config file I ran into issues with and causes no issues with
proftpd 1.3.3x.
-------------- next part --------------
#
# Includes required DSO modules. This is mandatory in proftpd 1.3
#
#Include /etc/proftpd/modules.conf
ServerName "example.com"
ServerIdent on "EXAMPLE FTP Server ready."
ServerAdmin root at example.com
ServerType standalone
CapabilitiesEngine off
DeferWelcome off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
# Use the IANA registered ephemeral port range for passive FTP
PassivePorts 49153 65534
LoadModule mod_vroot.c
VRootEngine on
DefaultRoot ~
VRootAlias etc/security/pam_env.conf /etc/security/pam_env.conf
# Use pam to authenticate (default) and be authoritative
AuthPAMConfig proftpd
AuthOrder mod_auth_unix.c
AuthPAM off
# Disable wtmp logging since it produces a lot of data ~2G/month
WtmpLog off
# Don't do reverse DNS lookups (hangs on DNS problems)
IdentLookups off
UseReverseDNS off
#DefaultTransferMode binary
UseFtpUsers on
# Set the user and group that the server runs as
User proftpd
Group nogroup
MaxInstances 120
# Timeouts
TimeoutLogin 60
TimeoutIdle 900
TimeoutNoTransfer 0
TimeoutStalled 300
# This is where we want to put the pid file
ScoreboardFile /var/run/proftpd.score
UseSendfile yes
# increase tcp buffer sizes
SocketOptions rcvbuf 16384
SocketOptions sndbuf 16384
CommandBufferSize 512
SyslogLevel error
LogFormat xferlog "%t %[%a] tx:%b dly:%T usr:%u cmd:%m >%f %s"
LogFormat auth "[%P] %h %t \"%r\" %s"
ExtendedLog /var/log/proftpd/auth_log AUTH auth,all
# Define log files
TransferLog NONE # our xferlog is below
ExtendedLog /home/user/logs/ftp.xferlog WRITE,READ xferlog
# TLS (http://www.castaglia.org/proftpd/modules/mod_tls.html)
<IfDefine TLS>
TLSEngine on
TLSRequired on
TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem
TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem
TLSCipherSuite ALL:!ADH:!DES
TLSOptions NoCertRequest
TLSVerifyClient off
#TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
TLSLog /var/log/proftpd/tls.log
<IfModule mod_tls_shmcache.c>
TLSSessionCache shm:/file=/var/run/proftpd/sesscache
</IfModule>
</IfDefine>
# Dynamic ban lists (http://www.proftpd.org/docs/contrib/mod_ban.html)
# Enable this with PROFTPD_OPTIONS=-DDYNAMIC_BAN_LISTS in /etc/sysconfig/proftpd
<IfDefine DYNAMIC_BAN_LISTS>
LoadModule mod_ban.c
BanEngine on
BanLog /var/log/proftpd/ban.log
BanTable /var/run/proftpd/ban.tab
# If the same client reaches the MaxLoginAttempts limit 2 times
# within 10 minutes, automatically add a ban for that client that
# will expire after one hour.
MaxLoginAttempts 3
BanOnEvent MaxLoginAttempts 2/00:10:00 01:00:00
# Allow the FTP admin to manually add/remove bans
</IfDefine>
<IfModule mod_cap.c>
CapabilitiesEngine off
</IfModule>
# Global Config - config common to Server Config and all virtual hosts
# See: http://www.proftpd.org/docs/howto/Vhost.html
#<Global>
<Limit LOGIN>
Order allow, deny
Allow from all
</Limit>
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable
# Allow to resume uploads
AllowStoreRestart on
AllowRetrieveRestart on
# Directory listing options: Show dot files by default and use local timestamps
ListOptions -a
TimesGMT off
AllowOverwrite yes
DeleteAbortedStores on
<Directory /*>
UserOwner user
GroupOwner user
AllowOverwrite yes
Umask 013 022
</Directory>
# A basic anonymous configuration, with an upload directory
<IfDefine ANONYMOUS_FTP>
<Anonymous /srv/ftp>
User ftp
Group ftp
AccessGrantMsg "Anonymous login ok, restrictions apply."
RequireValidShell off
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# Cosmetic option to make all files appear to be owned by user "user"
DirFakeUser on user
DirFakeGroup on
DirFakeMode 0640
# Set the ownership of new files / directories
UserOwner user
GroupOwner nogroup
Umask 002
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE SITE_CHMOD>
DenyAll
</Limit>
<Directory /incoming/*>
<Limit READ WRITE DIRS>
DenyAll
</Limit>
<Limit CWD STOR>
AllowAll
</Limit>
AllowOverwrite on
</Directory>
WtmpLog off
</Anonymous>
</IfDefine>
More information about the Pkg-proftpd-maintainers
mailing list