Last active
October 30, 2017 20:36
-
-
Save thiagomgo/9d286c9be22cde43b40cf54c603c1156 to your computer and use it in GitHub Desktop.
Configuration for Proftpd on an EC2 Instance (CentOS 7)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is the ProFTPD configuration file | |
| # | |
| # See: http://www.proftpd.org/docs/directives/linked/by-name.html | |
| ServerName "ProFTPD server" | |
| ServerIdent off | |
| ServerAdmin root@localhost | |
| ServerType standalone | |
| DefaultServer on | |
| AccessGrantMsg "User %u logged in." | |
| DeferWelcome off | |
| ShowSymlinks on | |
| # Cause every FTP user except adm to be chrooted into their home directory | |
| DefaultRoot ~ | |
| # Port 21 is the standard FTP port. | |
| Port 21 | |
| PassivePorts 49152 49352 | |
| MasqueradeAddress 34.233.10.252 | |
| # Virtual Users | |
| RequireValidShell on | |
| #AuthUserFile /etc/proftpd/ftpd.passwd | |
| #AuthGroupFile /etc/proftpd/ftpd.group | |
| # Default to show dot files in directory listings | |
| ListOptions "-a" | |
| # Use pam to authenticate (default) and be authoritative | |
| #AuthPAMConfig proftpd | |
| #AuthOrder mod_auth_file.c mod_auth_pam.c* mod_auth_unix.c | |
| # If you use NIS/YP/LDAP you may need to disable PersistentPasswd | |
| #PersistentPasswd off | |
| MultilineRFC2228 on | |
| RootLogin off | |
| LoginPasswordPrompt on | |
| DefaultTransferMode binary | |
| # Limit login times and timeouts to drop dead clients. | |
| TimeoutLogin 120 | |
| TimeoutIdle 1200 | |
| TimeoutNoTransfer 600 | |
| TimeoutStalled 600 | |
| # Allow to resume not only the downloads but the uploads too | |
| AllowRetrieveRestart off | |
| AllowStoreRestart off | |
| # Don't do reverse DNS lookups (hangs on DNS problems) | |
| UseReverseDNS off | |
| # Do not perform ident | |
| IdentLookups off | |
| # Set the user and group that the server runs as | |
| User nobody | |
| Group nobody | |
| # To prevent DoS attacks, set the maximum number of child processes | |
| # to 20. If you need to allow more than 20 concurrent connections | |
| # at once, simply increase this value. Note that this ONLY works | |
| # in standalone mode; in inetd mode you should use an inetd server | |
| # that allows you to limit maximum number of processes per service | |
| # (such as xinetd) | |
| MaxInstances 30 | |
| # Disable sendfile by default since it breaks displaying the download speeds in | |
| # ftptop and ftpwho | |
| UseSendfile off | |
| # Define the log formats | |
| LogFormat default "%h %l %u %t \"%r\" %s %b" | |
| LogFormat auth "%v [%P] %h %t \"%r\" %s" | |
| # Enable basic controls via ftpdctl | |
| # (http://www.proftpd.org/docs/modules/mod_ctrls.html) | |
| # Delay engine reduces impact of the so-called Timing Attack described in | |
| # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 | |
| # It is on by default. | |
| ControlsEngine off | |
| ControlsMaxClients 2 | |
| ControlsLog /var/log/proftpd/controls.log | |
| ControlsInterval 5 | |
| ControlsSocket /var/run/proftpd/proftpd.sock | |
| TransferLog /var/log/proftpd/xferlog | |
| SystemLog /var/log/proftpd/proftpd.log | |
| # Global Config - config common to Server Config and all virtual hosts | |
| # See: http://www.proftpd.org/docs/howto/Vhost.html | |
| <Global> | |
| # Umask 022 is a good standard umask to prevent new dirs and files | |
| # from being group and world writable | |
| Umask 022 | |
| # Allow users to overwrite files and change permissions | |
| AllowOverwrite yes | |
| <Limit ALL SITE_CHMOD> | |
| AllowAll | |
| </Limit> | |
| </Global> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment