Last active
December 12, 2015 10:08
-
-
Save fapestniegd/4756336 to your computer and use it in GitHub Desktop.
/etc/proftpd.d
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Anonymous ~ftp> | |
| User ftp | |
| Group ftp | |
| AccessGrantMsg "Anonymous login ok, restrictions apply." | |
| # We want clients to be able to login with "anonymous" as well as "ftp" | |
| UserAlias anonymous ftp | |
| # Limit the maximum number of anonymous logins | |
| MaxClients 10 "Sorry, max %m users -- try again later" | |
| # Put the user into /pub right after login | |
| #DefaultChdir /pub | |
| # We want 'welcome.msg' displayed at login, '.message' displayed in | |
| # each newly chdired directory and tell users to read README* files. | |
| DisplayLogin /welcome.msg | |
| DisplayChdir .message | |
| DisplayReadme README* | |
| # Cosmetic option to make all files appear to be owned by user "ftp" | |
| DirFakeUser on ftp | |
| DirFakeGroup on ftp | |
| # Limit WRITE everywhere in the anonymous chroot | |
| <Limit WRITE SITE_CHMOD> | |
| DenyAll | |
| </Limit> | |
| # An upload directory that allows storing files but not retrieving | |
| # or creating directories. | |
| <Directory uploads/*> | |
| AllowOverwrite no | |
| <Limit READ> | |
| DenyAll | |
| </Limit> | |
| <Limit STOR> | |
| AllowAll | |
| </Limit> | |
| </Directory> | |
| # Don't write anonymous accesses to the system wtmp file (good idea!) | |
| WtmpLog off | |
| # Logging for the anonymous transfers | |
| ExtendedLog /var/log/proftpd/access.log WRITE,READ default | |
| ExtendedLog /var/log/proftpd/auth.log AUTH auth | |
| </Anonymous> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| LoadModule mod_ban.c | |
| BanEngine on | |
| BanLog /var/log/proftpd/ban.log | |
| BanTable /var/run/proftpd/ban.tab | |
| # If the same client reaches the MaxLoginAttempts limit 2 times | |
| # within 10 minutes, automatically add a ban for that client that | |
| # will expire after one hour. | |
| BanOnEvent MaxLoginAttempts 2/00:10:00 01:00:00 | |
| # Allow the FTP admin to manually add/remove bans | |
| BanControlsACLs all allow user ftpadm |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| LDAPUseTLS on | |
| LDAPAuthBinds on | |
| LDAPServer "maxwell.example.net:389 faraday.example.net:389" | |
| LDAPBindDN cn=elm,ou=Hosts,dc=lab,dc=example,dc=net somepassword | |
| LDAPUsers "ou=FTPeople,dc=lab,dc=example,dc=net" (uid=%u) (uidNumber=%u) | |
| LDAPGroups "ou=Group,dc=lab,dc=example,dc=net" | |
| LDAPSearchScope subtree | |
| LDAPDefaultUID 99 | |
| LDAPDefaultGID 65534 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :::::::::::::: | |
| anonymous.conf | |
| :::::::::::::: | |
| <Anonymous ~ftp> | |
| User ftp | |
| Group ftp | |
| AccessGrantMsg "Anonymous login ok, restrictions apply." | |
| # We want clients to be able to login with "anonymous" as well as "ftp" | |
| UserAlias anonymous ftp | |
| # Limit the maximum number of anonymous logins | |
| MaxClients 10 "Sorry, max %m users -- try again later" | |
| # Put the user into /pub right after login | |
| #DefaultChdir /pub | |
| # We want 'welcome.msg' displayed at login, '.message' displayed in | |
| # each newly chdired directory and tell users to read README* files. | |
| DisplayLogin /welcome.msg | |
| DisplayChdir .message | |
| DisplayReadme README* | |
| # Cosmetic option to make all files appear to be owned by user "ftp" | |
| DirFakeUser on ftp | |
| DirFakeGroup on ftp | |
| # Limit WRITE everywhere in the anonymous chroot | |
| <Limit WRITE SITE_CHMOD> | |
| DenyAll | |
| </Limit> | |
| # An upload directory that allows storing files but not retrieving | |
| # or creating directories. | |
| <Directory uploads/*> | |
| AllowOverwrite no | |
| <Limit READ> | |
| DenyAll | |
| </Limit> | |
| <Limit STOR> | |
| AllowAll | |
| </Limit> | |
| </Directory> | |
| # Don't write anonymous accesses to the system wtmp file (good idea!) | |
| WtmpLog off | |
| # Logging for the anonymous transfers | |
| ExtendedLog /var/log/proftpd/access.log WRITE,READ default | |
| ExtendedLog /var/log/proftpd/auth.log AUTH auth | |
| </Anonymous> | |
| :::::::::::::: | |
| blacklist.dat | |
| :::::::::::::: | |
| :::::::::::::: | |
| dynamic-bans.conf | |
| :::::::::::::: | |
| LoadModule mod_ban.c | |
| BanEngine on | |
| BanLog /var/log/proftpd/ban.log | |
| BanTable /var/run/proftpd/ban.tab | |
| # If the same client reaches the MaxLoginAttempts limit 2 times | |
| # within 10 minutes, automatically add a ban for that client that | |
| # will expire after one hour. | |
| BanOnEvent MaxLoginAttempts 2/00:10:00 01:00:00 | |
| # Allow the FTP admin to manually add/remove bans | |
| BanControlsACLs all allow user ftpadm | |
| :::::::::::::: | |
| ldap.conf | |
| :::::::::::::: | |
| LDAPUseTLS on | |
| LDAPAuthBinds on | |
| LDAPServer "maxwell.example.net:389 faraday.example.net:389" | |
| LDAPBindDN cn=elm,ou=Hosts,dc=lab,dc=example,dc=net somepassword | |
| LDAPUsers "ou=FTPeople,dc=lab,dc=example,dc=net" (uid=%u) (uidNumber=%u) | |
| LDAPGroups "ou=Group,dc=lab,dc=example,dc=net" | |
| LDAPSearchScope subtree | |
| LDAPDefaultUID 99 | |
| LDAPDefaultGID 65534 | |
| :::::::::::::: | |
| proftpd_common.conf | |
| :::::::::::::: | |
| # Server Config | |
| PersistentPasswd off | |
| UseReverseDNS off | |
| User nobody | |
| Group nobody | |
| MaxInstances 200 | |
| UseSendfile off | |
| LogFormat default "%h %l %u %t \"%r\" %s %b" | |
| LogFormat auth "%v [%P] %h %t \"%r\" %s" | |
| LoadModule mod_ldap.c | |
| # LoadModule mod_geoip.c | |
| LoadModule mod_rewrite.c | |
| LoadModule mod_sftp.c | |
| LoadModule mod_sftp_pam.c | |
| LoadModule mod_wrap.c | |
| DefaultServer off | |
| # VRootEngine on | |
| # VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf | |
| TLSProtocol SSLv23 | |
| ################################################################################ | |
| <Global> | |
| Umask 022 | |
| AllowOverwrite yes | |
| <Limit ALL SITE_CHMOD> | |
| AllowAll | |
| </Limit> | |
| DefaultRoot ~ !adm | |
| AuthPAMConfig proftpd | |
| AuthOrder mod_ldap.c | |
| Include /etc/proftpd.d/ldap.conf | |
| </Global> | |
| :::::::::::::: | |
| proftpd_explicit.conf | |
| :::::::::::::: | |
| Include /etc/proftpd.d/proftpd_common.conf | |
| #<Virtualhost 10.0.10.7> | |
| Port 21 | |
| ServerName "File Transfer Service" | |
| ServerIdent on "Server ready." | |
| ServerAdmin [email protected] | |
| <IfDefine DYNAMIC_BAN_LISTS> | |
| Include /etc/proftpd.d/dynamic_bans.conf | |
| </IfDefine> | |
| <IfDefine ANONYMOUS_FTP> | |
| Include /etc/proftpd.d/anonymous.conf | |
| </IfDefine> | |
| <IfModule mod_rewrite.c> | |
| Include /etc/proftpd.d/rewrite.conf | |
| </IfModule> | |
| Include /etc/proftpd.d/tls_explicit.conf | |
| #</VirtualHost> | |
| :::::::::::::: | |
| proftpd_implicit.conf | |
| :::::::::::::: | |
| Include /etc/proftpd.d/proftpd_common.conf | |
| #<Virtualhost 10.0.10.7> | |
| Port 990 | |
| ServerName "File Transfer Service" | |
| ServerIdent on "Server ready." | |
| ServerAdmin [email protected] | |
| <IfDefine DYNAMIC_BAN_LISTS> | |
| Include /etc/proftpd.d/dynamic_bans.conf | |
| </IfDefine> | |
| <IfDefine ANONYMOUS_FTP> | |
| Include /etc/proftpd.d/anonymous.conf | |
| </IfDefine> | |
| <IfModule mod_rewrite.c> | |
| Include /etc/proftpd.d/rewrite.conf | |
| </IfModule> | |
| Include /etc/proftpd.d/tls_implicit.conf | |
| #</VirtualHost> | |
| :::::::::::::: | |
| proftpd_sftp.conf | |
| :::::::::::::: | |
| Include /etc/proftpd.d/proftpd_common.conf | |
| #<Virtualhost 10.0.10.7> | |
| Port 22 | |
| ServerName "File Transfer Service" | |
| ServerIdent on "Server ready." | |
| ServerAdmin [email protected] | |
| <IfDefine DYNAMIC_BAN_LISTS> | |
| Include /etc/proftpd.d/dynamic_bans.conf | |
| </IfDefine> | |
| <IfDefine ANONYMOUS_FTP> | |
| Include /etc/proftpd.d/anonymous.conf | |
| </IfDefine> | |
| <IfModule mod_rewrite.c> | |
| Include /etc/proftpd.d/rewrite.conf | |
| </IfModule> | |
| Include /etc/proftpd.d/sftp.conf | |
| #</VirtualHost> | |
| :::::::::::::: | |
| rewrite.conf | |
| :::::::::::::: | |
| RewriteEngine on | |
| RewriteMap lowercase int:tolower | |
| RewriteCondition %m USER | |
| RewriteRule (.*) ${lowercase:$1} | |
| :::::::::::::: | |
| sftp.conf | |
| :::::::::::::: | |
| SFTPEngine on | |
| SFTPHostKey /etc/ssh/ssh_host_rsa_key | |
| SFTPHostKey /etc/ssh/ssh_host_dsa_key | |
| SFTPDHParamFile /etc/proftpd.d/dhparams.pem | |
| SFTPKeyBlacklist /etc/proftpd.d/blacklist.dat | |
| SFTPAuthorizedUserKeys file:~/.sftp/authorized_keys | |
| SFTPLog /var/log/proftpd.sftp.log | |
| # requires 1.3.4rc1 | |
| SFTPOptions PessimisticKexinit | |
| :::::::::::::: | |
| start_proftpd | |
| :::::::::::::: | |
| #!/bin/bash | |
| proftpd --config /etc/proftpd.d/proftpd_implicit.conf | |
| proftpd --config /etc/proftpd.d/proftpd_explicit.conf | |
| proftpd --config /etc/proftpd.d/proftpd_sftp.conf | |
| :::::::::::::: | |
| tls_explicit.conf | |
| :::::::::::::: | |
| TLSEngine on | |
| TLSRequired off | |
| TLSRSACertificateFile /etc/pki/tls/certs/localhost.crt | |
| TLSRSACertificateKeyFile /etc/pki/tls/private/localhost.key | |
| TLSCACertificateFile /etc/pki/tls/certs/domain_trustchain.pem | |
| TLSVerifyClient off | |
| TLSCipherSuite ALL:!ADH:!DES | |
| TLSOptions NoCertRequest NoSessionReuseRequired | |
| #TLSRenegotiate ctrl 3600 data 512000 required off timeout 300 | |
| TLSRenegotiate none | |
| TLSLog /var/log/proftpd/tls.log | |
| <IfModule mod_tls_shmcache.c> | |
| TLSSessionCache shm:/file=/var/run/proftpd/sesscache | |
| </IfModule> | |
| :::::::::::::: | |
| tls_implicit.conf | |
| :::::::::::::: | |
| TLSEngine on | |
| TLSRequired off | |
| TLSRSACertificateFile /etc/pki/tls/certs/localhost.crt | |
| TLSRSACertificateKeyFile /etc/pki/tls/private/localhost.key | |
| TLSCACertificateFile /etc/pki/tls/certs/domain_trustchain.pem | |
| TLSVerifyClient off | |
| TLSCipherSuite ALL:!ADH:!DES | |
| TLSOptions NoCertRequest NoSessionReuseRequired UseImplicitSSL | |
| #TLSRenegotiate ctrl 3600 data 512000 required off timeout 300 | |
| TLSRenegotiate none | |
| TLSLog /var/log/proftpd/tls.log | |
| <IfModule mod_tls_shmcache.c> | |
| TLSSessionCache shm:/file=/var/run/proftpd/sesscache | |
| </IfModule> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Server Config | |
| PersistentPasswd off | |
| UseReverseDNS off | |
| User nobody | |
| Group nobody | |
| MaxInstances 200 | |
| UseSendfile off | |
| LogFormat default "%h %l %u %t \"%r\" %s %b" | |
| LogFormat auth "%v [%P] %h %t \"%r\" %s" | |
| LoadModule mod_ldap.c | |
| # LoadModule mod_geoip.c | |
| LoadModule mod_rewrite.c | |
| LoadModule mod_sftp.c | |
| LoadModule mod_sftp_pam.c | |
| LoadModule mod_wrap.c | |
| DefaultServer off | |
| # VRootEngine on | |
| # VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf | |
| TLSProtocol SSLv23 | |
| ################################################################################ | |
| <Global> | |
| Umask 022 | |
| AllowOverwrite yes | |
| <Limit ALL SITE_CHMOD> | |
| AllowAll | |
| </Limit> | |
| DefaultRoot ~ !adm | |
| AuthPAMConfig proftpd | |
| AuthOrder mod_ldap.c | |
| Include /etc/proftpd.d/ldap.conf | |
| </Global> | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Include /etc/proftpd.d/proftpd_common.conf | |
| #<Virtualhost 10.0.10.7> | |
| Port 21 | |
| ServerName "File Transfer Service" | |
| ServerIdent on "Server ready." | |
| ServerAdmin [email protected] | |
| <IfDefine DYNAMIC_BAN_LISTS> | |
| Include /etc/proftpd.d/dynamic_bans.conf | |
| </IfDefine> | |
| <IfDefine ANONYMOUS_FTP> | |
| Include /etc/proftpd.d/anonymous.conf | |
| </IfDefine> | |
| <IfModule mod_rewrite.c> | |
| Include /etc/proftpd.d/rewrite.conf | |
| </IfModule> | |
| Include /etc/proftpd.d/tls_explicit.conf | |
| #</VirtualHost> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Include /etc/proftpd.d/proftpd_common.conf | |
| #<Virtualhost 10.0.10.7> | |
| Port 990 | |
| ServerName "File Transfer Service" | |
| ServerIdent on "Server ready." | |
| ServerAdmin [email protected] | |
| <IfDefine DYNAMIC_BAN_LISTS> | |
| Include /etc/proftpd.d/dynamic_bans.conf | |
| </IfDefine> | |
| <IfDefine ANONYMOUS_FTP> | |
| Include /etc/proftpd.d/anonymous.conf | |
| </IfDefine> | |
| <IfModule mod_rewrite.c> | |
| Include /etc/proftpd.d/rewrite.conf | |
| </IfModule> | |
| Include /etc/proftpd.d/tls_implicit.conf | |
| #</VirtualHost> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Include /etc/proftpd.d/proftpd_common.conf | |
| #<Virtualhost 10.0.10.7> | |
| Port 22 | |
| ServerName "File Transfer Service" | |
| ServerIdent on "Server ready." | |
| ServerAdmin [email protected] | |
| <IfDefine DYNAMIC_BAN_LISTS> | |
| Include /etc/proftpd.d/dynamic_bans.conf | |
| </IfDefine> | |
| <IfDefine ANONYMOUS_FTP> | |
| Include /etc/proftpd.d/anonymous.conf | |
| </IfDefine> | |
| <IfModule mod_rewrite.c> | |
| Include /etc/proftpd.d/rewrite.conf | |
| </IfModule> | |
| Include /etc/proftpd.d/sftp.conf | |
| #</VirtualHost> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| RewriteEngine on | |
| RewriteMap lowercase int:tolower | |
| RewriteCondition %m USER | |
| RewriteRule (.*) ${lowercase:$1} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SFTPEngine on | |
| SFTPHostKey /etc/ssh/ssh_host_rsa_key | |
| SFTPHostKey /etc/ssh/ssh_host_dsa_key | |
| SFTPDHParamFile /etc/proftpd.d/dhparams.pem | |
| SFTPKeyBlacklist /etc/proftpd.d/blacklist.dat | |
| SFTPAuthorizedUserKeys file:~/.sftp/authorized_keys | |
| SFTPLog /var/log/proftpd.sftp.log | |
| # requires 1.3.4rc1 | |
| SFTPOptions PessimisticKexinit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| proftpd --config /etc/proftpd.d/proftpd_implicit.conf | |
| proftpd --config /etc/proftpd.d/proftpd_explicit.conf | |
| proftpd --config /etc/proftpd.d/proftpd_sftp.conf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| TLSEngine on | |
| TLSRequired off | |
| TLSRSACertificateFile /etc/pki/tls/certs/localhost.crt | |
| TLSRSACertificateKeyFile /etc/pki/tls/private/localhost.key | |
| TLSCACertificateFile /etc/pki/tls/certs/domain_trustchain.pem | |
| TLSVerifyClient off | |
| TLSCipherSuite ALL:!ADH:!DES | |
| TLSOptions NoCertRequest NoSessionReuseRequired | |
| #TLSRenegotiate ctrl 3600 data 512000 required off timeout 300 | |
| TLSRenegotiate none | |
| TLSLog /var/log/proftpd/tls.log | |
| <IfModule mod_tls_shmcache.c> | |
| TLSSessionCache shm:/file=/var/run/proftpd/sesscache | |
| </IfModule> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| TLSEngine on | |
| TLSRequired off | |
| TLSRSACertificateFile /etc/pki/tls/certs/localhost.crt | |
| TLSRSACertificateKeyFile /etc/pki/tls/private/localhost.key | |
| TLSCACertificateFile /etc/pki/tls/certs/domain_trustchain.pem | |
| TLSVerifyClient off | |
| TLSCipherSuite ALL:!ADH:!DES | |
| TLSOptions NoCertRequest NoSessionReuseRequired UseImplicitSSL | |
| #TLSRenegotiate ctrl 3600 data 512000 required off timeout 300 | |
| TLSRenegotiate none | |
| TLSLog /var/log/proftpd/tls.log | |
| <IfModule mod_tls_shmcache.c> | |
| TLSSessionCache shm:/file=/var/run/proftpd/sesscache | |
| </IfModule> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment