Bug#800711: (Redacted) Config

Julian julian+ at dfld.de
Fri Oct 2 20:06:04 UTC 2015


This is the config file I ran into issues with and causes no issues with
proftpd 1.3.3x.
-------------- next part --------------
#
# Includes required DSO modules. This is mandatory in proftpd 1.3
#
#Include /etc/proftpd/modules.conf

ServerName			"example.com"
ServerIdent			on "EXAMPLE FTP Server ready."
ServerAdmin			root at example.com
ServerType			standalone
CapabilitiesEngine		off
DeferWelcome            off

MultilineRFC2228        on
DefaultServer           on
ShowSymlinks            on

# Use the IANA registered ephemeral port range for passive FTP
PassivePorts 49153 65534

LoadModule mod_vroot.c

VRootEngine			on
DefaultRoot			~
VRootAlias			etc/security/pam_env.conf /etc/security/pam_env.conf

# Use pam to authenticate (default) and be authoritative
AuthPAMConfig			proftpd
AuthOrder				mod_auth_unix.c
AuthPAM off

# Disable wtmp logging since it produces a lot of data ~2G/month
WtmpLog off

# Don't do reverse DNS lookups (hangs on DNS problems)
IdentLookups			off
UseReverseDNS			off

#DefaultTransferMode     binary
UseFtpUsers             on

# Set the user and group that the server runs as
User				proftpd
Group				nogroup

MaxInstances			120

# Timeouts
TimeoutLogin 60
TimeoutIdle 900
TimeoutNoTransfer 0
TimeoutStalled 300

# This is where we want to put the pid file
ScoreboardFile			/var/run/proftpd.score

UseSendfile			yes

# increase tcp buffer sizes
SocketOptions rcvbuf            16384
SocketOptions sndbuf            16384
CommandBufferSize               512

SyslogLevel 		error
LogFormat xferlog "%t %[%a] tx:%b dly:%T usr:%u cmd:%m >%f %s"
LogFormat auth "[%P] %h %t \"%r\" %s"

ExtendedLog /var/log/proftpd/auth_log AUTH auth,all

# Define log files
TransferLog NONE	# our xferlog is below
ExtendedLog /home/user/logs/ftp.xferlog WRITE,READ xferlog

# TLS (http://www.castaglia.org/proftpd/modules/mod_tls.html)
<IfDefine TLS>
  TLSEngine			on
  TLSRequired			on
  TLSRSACertificateFile		/etc/pki/tls/certs/proftpd.pem
  TLSRSACertificateKeyFile	/etc/pki/tls/certs/proftpd.pem
  TLSCipherSuite		ALL:!ADH:!DES
  TLSOptions			NoCertRequest
  TLSVerifyClient		off
  #TLSRenegotiate		ctrl 3600 data 512000 required off timeout 300
  TLSLog			/var/log/proftpd/tls.log
  <IfModule mod_tls_shmcache.c>
    TLSSessionCache		shm:/file=/var/run/proftpd/sesscache
  </IfModule>
</IfDefine>

# Dynamic ban lists (http://www.proftpd.org/docs/contrib/mod_ban.html)
# Enable this with PROFTPD_OPTIONS=-DDYNAMIC_BAN_LISTS in /etc/sysconfig/proftpd
<IfDefine DYNAMIC_BAN_LISTS>
  LoadModule			mod_ban.c
  BanEngine			on
  BanLog			/var/log/proftpd/ban.log
  BanTable			/var/run/proftpd/ban.tab

  # If the same client reaches the MaxLoginAttempts limit 2 times
  # within 10 minutes, automatically add a ban for that client that
  # will expire after one hour.
  MaxLoginAttempts 3
  BanOnEvent			MaxLoginAttempts 2/00:10:00 01:00:00

  # Allow the FTP admin to manually add/remove bans
</IfDefine>


<IfModule mod_cap.c>
	CapabilitiesEngine off
</IfModule>

# Global Config - config common to Server Config and all virtual hosts
# See: http://www.proftpd.org/docs/howto/Vhost.html
#<Global>

<Limit LOGIN>
        Order allow, deny
	Allow from all
</Limit>

  # Umask 022 is a good standard umask to prevent new dirs and files
  # from being group and world writable

  # Allow to resume uploads
  AllowStoreRestart on
  AllowRetrieveRestart		on

  # Directory listing options: Show dot files by default and use local timestamps
  ListOptions			-a
  TimesGMT off

  AllowOverwrite		yes

  DeleteAbortedStores on
<Directory /*>
  UserOwner user
  GroupOwner user
  AllowOverwrite yes
  Umask 013 022
</Directory>

# A basic anonymous configuration, with an upload directory
<IfDefine ANONYMOUS_FTP>
  <Anonymous /srv/ftp>
    User			ftp
    Group			ftp
    AccessGrantMsg		"Anonymous login ok, restrictions apply."

    RequireValidShell off

    # We want clients to be able to login with "anonymous" as well as "ftp"
    UserAlias			anonymous ftp

    # Cosmetic option to make all files appear to be owned by user "user"
    DirFakeUser			on user
    DirFakeGroup		on
    DirFakeMode			0640

    # Set the ownership of new files / directories
    UserOwner user
    GroupOwner nogroup

    Umask 002

    # Limit WRITE everywhere in the anonymous chroot
    <Limit WRITE SITE_CHMOD>
      DenyAll
    </Limit>

    <Directory /incoming/*>
      <Limit READ WRITE DIRS>
        DenyAll
      </Limit>
      <Limit CWD STOR>
        AllowAll
      </Limit>
      AllowOverwrite            on
    </Directory>

    WtmpLog			off
  </Anonymous>
</IfDefine>


More information about the Pkg-proftpd-maintainers mailing list