Lucho00Cuba · March 25, 2023 17:53
diff --git a/ftp.sh b/ftp.sh
 #!/usr/bin/env bash
 # Author: Lucho00Cuba (JustMe)

 # VARS
 FTP_USER="ftpuser"
 CFG="/etc/vsftpd.conf"
 SSL_ENABLED="true"
 SSL_CRT=""
 SSL_KEY=""

 jail-ssl(){
    # install
    install
    # setup config
    declare -A map
    map['listen']="NO"
    map['listen_ipv6']="YES"
    map['anonymous_enable']="NO"
    map['local_enable']="YES"
    map['write_enable']="YES"
    map['chroot_local_user']="NO"
    map['chroot_list_enable']="YES"
    map['chroot_list_file']="/etc/vsftpd.chroot_list"
    map['secure_chroot_dir']="/var/run/vsftpd/empty"
    map['pam_service_name']="vsftpd"
    map['user_sub_token']="$FTP_USER"
    map['local_root']="/var/ftp/$FTP_USER/files"
    map['vsftpd_log_file']="/var/log/vsftpd.log"
    map['log_ftp_protocol']="YES"
    # ssl
    map['ssl_enable']="YES"
    map['ssl_tlsv1']="YES"
    map['ssl_sslv2']="NO"
    map['ssl_sslv3']="NO"
    map['allow_anon_ssl']="NO"
    map['force_local_data_ssl']="YES"
    map['force_local_logins_ssl']="YES"
    map['require_ssl_reuse']="YES"
    map['ssl_ciphers']="HIGH"
    map['rsa_cert_file']="/etc/ssl/certs/ftp.ifp.education.pem"
    map['rsa_private_key_file']="/etc/ssl/private/ftp.ifp.education.key"
    #
    config
    echo "$FTP_USER" > /etc/vsftpd.chroot_list
    # others
    mkdir -p /var/ftp/$FTP_USER/files/carpeta
    chown -R $FTP_USER:$FTP_USER /var/ftp/$FTP_USER
    chmod 550 /var/ftp/$FTP_USER
    chmod 555 /var/ftp/$FTP_USER/files
    chmod 775 /var/ftp/$FTP_USER/files/carpeta
    usermod -d /var/ftp/$FTP_USER $FTP_USER
    usermod -s /sbin/nologin $FTP_USER
    post
 }

 jail(){
    # install
    install
    # setup config
    declare -A map
    map['listen']="NO"
    map['listen_ipv6']="YES"
    map['anonymous_enable']="NO"
    map['local_enable']="YES"
    map['write_enable']="YES"
    map['chroot_local_user']="NO"
    map['chroot_list_enable']="YES"
    map['chroot_list_file']="/etc/vsftpd.chroot_list"
    map['secure_chroot_dir']="/var/run/vsftpd/empty"
    map['pam_service_name']="vsftpd"
    map['user_sub_token']="$FTP_USER"
    map['local_root']="/var/ftp/$FTP_USER/files"
    map['vsftpd_log_file']="/var/log/vsftpd.log"
    map['log_ftp_protocol']="YES"
    config
    echo "$FTP_USER" > /etc/vsftpd.chroot_list
    # others
    mkdir -p /var/ftp/$FTP_USER/files/carpeta
    chown -R $FTP_USER:$FTP_USER /var/ftp/$FTP_USER
    chmod 550 /var/ftp/$FTP_USER
    chmod 555 /var/ftp/$FTP_USER/files
    chmod 775 /var/ftp/$FTP_USER/files/carpeta
    usermod -d /var/ftp/$FTP_USER $FTP_USER
    usermod -s /sbin/nologin $FTP_USER
    post
 }

 vanila(){
    # install
    install
    declare -A map
    map['listen']="NO"
    map['local_enable']="YES"
    map['write_enable']="YES"
    map['chroot_local_user']="YES"
    map['chroot_list_enable']="YES"
    map['chroot_list_file']="/etc/vsftpd.chroot_list"
    map['user_sub_token']="$FTP_USER"
    map['local_root']="/home/$FTP_USER/ftp"
    # setup config
    config
    mkdir -p ${map['local_root']}
    chmod 555 ${map['local_root']}
    echo "$FTP_USER" > /etc/vsftpd.chroot_list
    post
 }

 cmd(){
    if [[ "$($1 &>/dev/null; echo $?)" == "0" ]]; then
        logger "info" "$2"
    else
        logger "error" "$3"
    fi
 }

 purge(){
    cmd "apt remove vsftpd -y --purge --autoremove" "has been removed vsftpd" "could not remove vsftpd"
    cmd "userdel -r $FTP_USER" "has been removed user $FTP_USER" "could not delete user $FTP_USER"
    # clean
    rm -fr /var/ftp/$FTP_USER &>/dev/null; rm -fr /home/$FTP_USER &>/dev/null; rm /var/log/vsftpd.log &>/dev/null
 }

 install(){
    # install
    cmd "apt update" "update system" "could not update system"
    cmd "apt install vsftpd -y" "installing vsftpd" "could not installed vsftpd"
    cmd "useradd -m $FTP_USER" "creating user for ftp" "could not creating user for ftp"
    mkdir -p /home/$FTP_USER/ftp
    chown -R $FTP_USER:$FTP_USER /home/$FTP_USER
    chmod 555 /home/$FTP_USER/ftp
    echo "$FTP_USER" > /etc/vsftpd.chroot_list
 }

 config(){
    #cat $CFG | sort | uniq > $CFG
    for key in "${!map[@]}"; do
        #echo "key  : $key"
        #echo "value: ${map[$key]}"
        if [ -z "$(cat $CFG | grep -v '#' | grep "$key")" ]; then
            logger "info" "set ${key}=${map[$key]}"
            echo "${key}=${map[$key]}" >> $CFG
        else
            value="$(cat $CFG | grep -v '#' | grep "$key=" | cut -d '=' -f2 | tr '\n' ' ')"
            if [[ "$value" == "${map[$key]} " ]]; then
                logger "info" "get $(cat $CFG | grep -v '#' | grep "$key=")"
            else
                logger "info" "update ${key}=${map[$key]}"
                #sed -i "s/$key/$key=${map[$key]}/g" $CFG
                sed -i "s/$(echo ${key}=${value} | sed -e 's/\([[\/.*]\|\]\)/\\&/g')/$(echo $key=${map[$key]} | sed -e 's/[\/&]/\\&/g')/g" $CFG
                cp $CFG "$CFG.tmp"
                cat "$CFG.tmp" | sort | uniq > $CFG
                rm "$CFG.tmp"
            fi
        fi
    done
 }

 post(){
    # tty
    if [[ -z $(cat /etc/shells | grep 'nologin') ]]; then
        echo "/sbin/nologin" >> /etc/shells
    fi
    cmd "systemctl restart vsftpd.service" "restarting service vsftpd" "could not restarting service...probe { journalctl -u vsftpd }"
    logger "info" "set passwd for user $FTP_USER"
    passwd $FTP_USER
 }

 logger(){
    echo -e "[${1^^}] - $(date "+%Y.%m.%d-%H:%M:%S %Z") - $2"
 }

 help(){
    cat << EOF
 $0 [MODE]
 example: $0 jail
 options:
  - vanila
  - jail
  - jail-ssl
  - purge
  - help
 EOF
    exit 1
 }

 if [[ ! -z $1 ]]; then
    if [[ ${1,,} =~ ^(purge|vanila|jail|jail-ssl|help)$ ]]; then
        logger "info" "mode $1"
        $1
    else
        logger "error" "not found mode: $1"
        help
    fi
 else
    logger "error" "not found mode"
    help
 fi
	#!/usr/bin/env bash
	# Author: Lucho00Cuba (JustMe)

	# VARS
	FTP_USER="ftpuser"
	CFG="/etc/vsftpd.conf"
	SSL_ENABLED="true"
	SSL_CRT=""
	SSL_KEY=""

	jail-ssl(){
	# install
	install
	# setup config
	declare -A map
	map['listen']="NO"
	map['listen_ipv6']="YES"
	map['anonymous_enable']="NO"
	map['local_enable']="YES"
	map['write_enable']="YES"
	map['chroot_local_user']="NO"
	map['chroot_list_enable']="YES"
	map['chroot_list_file']="/etc/vsftpd.chroot_list"
	map['secure_chroot_dir']="/var/run/vsftpd/empty"
	map['pam_service_name']="vsftpd"
	map['user_sub_token']="$FTP_USER"
	map['local_root']="/var/ftp/$FTP_USER/files"
	map['vsftpd_log_file']="/var/log/vsftpd.log"
	map['log_ftp_protocol']="YES"
	# ssl
	map['ssl_enable']="YES"
	map['ssl_tlsv1']="YES"
	map['ssl_sslv2']="NO"
	map['ssl_sslv3']="NO"
	map['allow_anon_ssl']="NO"
	map['force_local_data_ssl']="YES"
	map['force_local_logins_ssl']="YES"
	map['require_ssl_reuse']="YES"
	map['ssl_ciphers']="HIGH"
	map['rsa_cert_file']="/etc/ssl/certs/ftp.ifp.education.pem"
	map['rsa_private_key_file']="/etc/ssl/private/ftp.ifp.education.key"
	#
	config
	echo "$FTP_USER" > /etc/vsftpd.chroot_list
	# others
	mkdir -p /var/ftp/$FTP_USER/files/carpeta
	chown -R $FTP_USER:$FTP_USER /var/ftp/$FTP_USER
	chmod 550 /var/ftp/$FTP_USER
	chmod 555 /var/ftp/$FTP_USER/files
	chmod 775 /var/ftp/$FTP_USER/files/carpeta
	usermod -d /var/ftp/$FTP_USER $FTP_USER
	usermod -s /sbin/nologin $FTP_USER
	post
	}

	jail(){
	# install
	install
	# setup config
	declare -A map
	map['listen']="NO"
	map['listen_ipv6']="YES"
	map['anonymous_enable']="NO"
	map['local_enable']="YES"
	map['write_enable']="YES"
	map['chroot_local_user']="NO"
	map['chroot_list_enable']="YES"
	map['chroot_list_file']="/etc/vsftpd.chroot_list"
	map['secure_chroot_dir']="/var/run/vsftpd/empty"
	map['pam_service_name']="vsftpd"
	map['user_sub_token']="$FTP_USER"
	map['local_root']="/var/ftp/$FTP_USER/files"
	map['vsftpd_log_file']="/var/log/vsftpd.log"
	map['log_ftp_protocol']="YES"
	config
	echo "$FTP_USER" > /etc/vsftpd.chroot_list
	# others
	mkdir -p /var/ftp/$FTP_USER/files/carpeta
	chown -R $FTP_USER:$FTP_USER /var/ftp/$FTP_USER
	chmod 550 /var/ftp/$FTP_USER
	chmod 555 /var/ftp/$FTP_USER/files
	chmod 775 /var/ftp/$FTP_USER/files/carpeta
	usermod -d /var/ftp/$FTP_USER $FTP_USER
	usermod -s /sbin/nologin $FTP_USER
	post
	}

	vanila(){
	# install
	install
	declare -A map
	map['listen']="NO"
	map['local_enable']="YES"
	map['write_enable']="YES"
	map['chroot_local_user']="YES"
	map['chroot_list_enable']="YES"
	map['chroot_list_file']="/etc/vsftpd.chroot_list"
	map['user_sub_token']="$FTP_USER"
	map['local_root']="/home/$FTP_USER/ftp"
	# setup config
	config
	mkdir -p ${map['local_root']}
	chmod 555 ${map['local_root']}
	echo "$FTP_USER" > /etc/vsftpd.chroot_list
	post
	}

	cmd(){
	if [[ "$($1 &>/dev/null; echo $?)" == "0" ]]; then
	logger "info" "$2"
	else
	logger "error" "$3"
	fi
	}

	purge(){
	cmd "apt remove vsftpd -y --purge --autoremove" "has been removed vsftpd" "could not remove vsftpd"
	cmd "userdel -r $FTP_USER" "has been removed user $FTP_USER" "could not delete user $FTP_USER"
	# clean
	rm -fr /var/ftp/$FTP_USER &>/dev/null; rm -fr /home/$FTP_USER &>/dev/null; rm /var/log/vsftpd.log &>/dev/null
	}

	install(){
	# install
	cmd "apt update" "update system" "could not update system"
	cmd "apt install vsftpd -y" "installing vsftpd" "could not installed vsftpd"
	cmd "useradd -m $FTP_USER" "creating user for ftp" "could not creating user for ftp"
	mkdir -p /home/$FTP_USER/ftp
	chown -R $FTP_USER:$FTP_USER /home/$FTP_USER
	chmod 555 /home/$FTP_USER/ftp
	echo "$FTP_USER" > /etc/vsftpd.chroot_list
	}

	config(){
	#cat $CFG \| sort \| uniq > $CFG
	for key in "${!map[@]}"; do
	#echo "key : $key"
	#echo "value: ${map[$key]}"
	if [ -z "$(cat $CFG \| grep -v '#' \| grep "$key")" ]; then
	logger "info" "set ${key}=${map[$key]}"
	echo "${key}=${map[$key]}" >> $CFG
	else
	value="$(cat $CFG \| grep -v '#' \| grep "$key=" \| cut -d '=' -f2 \| tr '\n' ' ')"
	if [[ "$value" == "${map[$key]} " ]]; then
	logger "info" "get $(cat $CFG \| grep -v '#' \| grep "$key=")"
	else
	logger "info" "update ${key}=${map[$key]}"
	#sed -i "s/$key/$key=${map[$key]}/g" $CFG
	sed -i "s/$(echo ${key}=${value} \| sed -e 's/\([[\/.*]\\|\]\)/\\&/g')/$(echo $key=${map[$key]} \| sed -e 's/[\/&]/\\&/g')/g" $CFG
	cp $CFG "$CFG.tmp"
	cat "$CFG.tmp" \| sort \| uniq > $CFG
	rm "$CFG.tmp"
	fi
	fi
	done
	}

	post(){
	# tty
	if [[ -z $(cat /etc/shells \| grep 'nologin') ]]; then
	echo "/sbin/nologin" >> /etc/shells
	fi
	cmd "systemctl restart vsftpd.service" "restarting service vsftpd" "could not restarting service...probe { journalctl -u vsftpd }"
	logger "info" "set passwd for user $FTP_USER"
	passwd $FTP_USER
	}

	logger(){
	echo -e "[${1^^}] - $(date "+%Y.%m.%d-%H:%M:%S %Z") - $2"
	}

	help(){
	cat << EOF
	$0 [MODE]
	example: $0 jail
	options:
	- vanila
	- jail
	- jail-ssl
	- purge
	- help
	EOF
	exit 1
	}

	if [[ ! -z $1 ]]; then
	if [[ ${1,,} =~ ^(purge\|vanila\|jail\|jail-ssl\|help)$ ]]; then
	logger "info" "mode $1"
	$1
	else
	logger "error" "not found mode: $1"
	help
	fi
	else
	logger "error" "not found mode"
	help
	fi
No results found