Proftpd
Version vom 12. September 2021, 05:08 Uhr von Signux (Diskussion | Beiträge)
Gentoo build optionen:
[ebuild R ] net-ftp/proftpd-1.3.7a-r2::gentoo USE="acl authfile caps ipv6 ncurses nls pam pcre rewrite sftp ssl tcpd -ban -case -clamav -copy -ctrls -deflate -diskuse -dso -dynmasq -exec -ident -ifsession -ifversion -kerberos -ldap -log-forensic -memcache -msg -mysql -postgres -qos -radius -ratio -readme (-selinux) -shaper -sitemisc -snmp -sodium -softquota -sqlite -test -unique-id -vroot" 0 KiB
Test config mit tsl / fxp / virtueller Benutzer in /etc/proftpd/ftpd.passwd den man wie folgt anlegen kann...ftpasswd --passwd --name benutzername --uid 1001 --home /pfad/zum/userdir --shell /bin/false
ServerName "FTP Server" ServerType standalone DefaultServer on RequireValidShell off AuthPAM off AuthPAMConfig ftp # Auth file for virtual users AuthUserFile /etc/proftpd/ftpd.passwd # Use only AuthUserFiles when authenticating, and not the system's /etc/passwd AuthOrder mod_auth_file.c # Listen on the standard FTP port 21. Port 21 # enable masquerade MasqueradeAddress ftp.mydomain # passive ports PassivePorts 40000 45000 # fxp support AllowForeignAddress on # logging SyslogLevel debug ServerLog /var/log/proftpd/server.log SystemLog /var/log/proftpd/system.log TransferLog /var/log/proftpd/transfer.log # Disable IPv6 support UseIPv6 off # New directories and files should not be group or world writable. Umask 022 # To prevent DoS attacks set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once simply increase this value. MaxInstances 10 # The server will run under ftp/ftp. User ftp Group ftp # Every FTP sessions is "jailed" into the user's home directory. DefaultRoot /opt/ftp <IfModule mod_dso.c> # If mod_tls was built as a shared/DSO module, load it LoadModule mod_tls.c </IfModule> <IfModule mod_tls.c> TLSEngine on TLSLog /var/log/proftpd/tls.log # Support TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3 TLSProtocol TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 # Are clients required to use FTP over TLS when talking to this server? TLSRequired off # Server's RSA certificate TLSRSACertificateFile /etc/letsencrypt/live/ftp.mydomain/cert.pem TLSRSACertificateKeyFile /etc/letsencrypt/live/ftp.mydomain/privkey.pem # CA the server trusts TLSCACertificateFile /etc/letsencrypt/live/ftp.mydomain/chain.pem # Authenticate clients that want to use FTP over TLS? TLSVerifyClient off # Allow SSL/TLS renegotiations when the client requests them, but # do not force the renegotiations. Some clients do not support # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these # clients will close the data connection, or there will be a timeout # on an idle data connection. TLSRenegotiate none TLSOptions NoSessionReuseRequired </IfModule> # .... DefaultTransferMode binary TimeoutNoTransfer 90 AllowOverwrite on AllowStoreRestart on DeleteAbortedStores on