Hat jemand eine gute Config die alles abdeckt, funktioniert und den Server nicht lahm legt?
Code: Select all
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#
# Includes DSO modules
Include /etc/proftpd/modules.conf
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 off
# If set on you can experience a longer connection delay in many cases.
IdentLookups off
UseReverseDNS off
ServerName "ProFTPD"
ServerIdent on "--- FTP from TDS ---"
ServerType standalone
DeferWelcome off
DebugLevel 3
RootLogin off
DefaultTransferMode binary
MultilineRFC2228 on
DefaultServer on
# Timeouts
TimeoutNoTransfer 600
TimeoutStalled 300
TimeoutIdle 600
#DisplayLogin /home/ftp/welcome.msg
#DisplayChdir .message true
ListOptions "-l"
# Session
DenyFilter *.*/
ListOptions "-An +R" strict
UseGlobbing off
ShowSymlinks on
TimesGMT on
TransferRate STOR 128
TransferRate RETR 512
# Log-Formate definieren
SystemLog NONE
WtmpLog off
LogFormat default "%h %l %u %t "%r" %s %b"
LogFormat auth "%v [%P] %h %t "%r" %s"
LogFormat write "%h %l %u %t "%r" %s %b"
AllowRetrieveRestart on
AllowStoreRestart on
DeferWelcome on
# CPU/Mem Limits
RLimitCPU session 10
RLimitMemory session 4096
#RLimitMemory daemon 8192 max
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxClientsPerHost 5
MaxInstances 30
MaxConnectionRate 4
SocketBindTight off
# Use this to jail all users in their homes
# DefaultRoot ~
# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell off
# Port 21 is the standard FTP port.
Port 21
# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 60000 61000
# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress 1.2.3.4
# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
User dtc #proftpd
Group dtcgrp #nogroup
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on
# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd off
# This is required to use both PAM-based authentication and local passwords
# #####AuthOrder mod_auth_pam.c* mod_auth_unix.c
# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile off
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log
<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>
<IfModule mod_ratio.c>
Ratios off
</IfModule>
# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>
<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>
<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>
#
# Alternative authentication frameworks
#
#Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf
#
# This is used for FTPS connections
#
#Include /etc/proftpd/tls.conf
# A basic anonymous configuration, no upload directories.
# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>
# Configured by DTC v0.10 : Please don't touch this line !
AuthOrder mod_sql.c #mod_auth_pam.c* mod_auth_unix.c
IdentLookups off
DefaultRoot ~
SQLAuthenticate on
SQLConnectInfo dtc@localhost dtcdaemons fc612beaf02fcd9b
SQLAuthTypes Plaintext
SQLUserInfo ftp_access login password uid gid homedir shell
# This is the TLS auth support. Thanks to Erwan Gurcuff (gort) for the tip!
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd-tls.log
TLSProtocol TLSv1
TLSRequired off
TLSRSACertificateFile /var/lib/dtc/etc/ssl/proftpd/new.cert.cert
TLSRSACertificateKeyFile /var/lib/dtc/etc/ssl/proftpd/new.cert.key
TLSVerifyClient on
</IfModule>
# // Transfer Log to Proftpd
SQLLog RETR,STOR transfer1
SQLNamedQuery transfer1 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T',now(), 'c', NULL" ftp_logs
# // Count Logins per User
SQLLog PASS logincount
SQLNamedQuery logincount UPDATE "count=count+1 WHERE login='%u'" ftp_access
# // Remember the last login time
SQLLog PASS lastlogin
SQLNamedQuery lastlogin UPDATE "last_login=now() WHERE login='%u'" ftp_access
# // Count the downloaded bytes
SQLLog RETR dlbytescount
SQLNamedQuery dlbytescount UPDATE "dl_bytes=dl_bytes+%b WHERE login='%u'" ftp_access
# // Count the downloaded files
SQLLog RETR dlcount
SQLNamedQuery dlcount UPDATE "dl_count=dl_count+1 WHERE login='%u'" ftp_access
# // Count the uploaded bytes
SQLLog STOR ulbytescount
SQLNamedQuery ulbytescount UPDATE "ul_bytes=ul_bytes+%b WHERE login='%u'" ftp_access
# // Count the uploaded files
SQLLog STOR ulcount
SQLNamedQuery ulcount UPDATE "ul_count=ul_count+1 WHERE login='%u'" ftp_access
# End of DTC configuration v0.10 : please don't touch this line !
Bye, TDS.
