Jump to content

Proftpd config example


wildweaselmi
 Share

Recommended Posts

Here is an example of a basic proftp configuration file found


/etc/sysconfig/proftpd



# This is the ProFTPD configuration file


ServerName "ProFTPD server"

ServerIdent on "This is a Private FTP Server. Please leave if you are annoymous, or not a member of staff."

ServerAdmin ~snip~@gmail.com

ServerType standalone

#ServerType inetd

DefaultServer on

AccessGrantMsg "User %u logged in."

#DisplayConnect /etc/ftpissue

#DisplayLogin /etc/ftpmotd

#DisplayGoAway /etc/ftpgoaway

DeferWelcome off


# Use this to excude users from the chroot

DefaultRoot /var/www !adm


# Use pam to authenticate (default) and be authoritative

AuthPAMConfig proftpd

AuthOrder mod_auth_pam.c* mod_auth_unix.c


# Do not perform ident nor DNS lookups (hangs when the port is filtered)

IdentLookups off

UseReverseDNS off


# Port 21 is the standard FTP port.

Port 21


# Umask 022 is a good standard umask to prevent new dirs and files

# from being group and world writable.

Umask 022


# Default to show dot files in directory listings

ListOptions "-a"


# See Configuration.html for these (here are the default values)

#MultilineRFC2228 off

#RootLogin off

#LoginPasswordPrompt on

#MaxLoginAttempts 3

#MaxClientsPerHost none

#AllowForeignAddress off # For FXP


# Allow to resume not only the downloads but the uploads too

AllowRetrieveRestart on

AllowStoreRestart on


# To prevent DoS attacks, set the maximum number of child processes

# to 30. If you need to allow more than 30 concurrent connections

# at once, simply increase this value. Note that this ONLY works

# in standalone mode, in inetd mode you should use an inetd server

# that allows you to limit maximum number of processes per service

# (such as xinetd)

MaxInstances 20


# Set the user and group that the server normally runs at.

User ftp

Group ftp


# Disable sendfile by default since it breaks displaying the download speeds in

# ftptop and ftpwho

UseSendfile no


# This is where we want to put the pid file

ScoreboardFile /var/run/proftpd.score


# Normally, we want users to do a few things.



AllowOverwrite on



AllowAll



LoginPasswordPrompt on

AccessDenyMsg "You Fail"

AccessGrantMsg Welcome!

RootLogin off

UseFtpUsers on




# Define the log formats

LogFormat default "%h %l %u %t \"%r\" %s %b"

LogFormat auth "%v %h %t \"%r\" %s"

LoginPasswordPrompt on

AccessDenyMsg "You Fail"



User ftp

UserAlias anonymous ftp

Group ftp



DefaultChdir /var/www

DeleteAbortedStores on

DisplayChdir README true

HiddenStor off

RootLogin off

AnonymousGroup ftp

AuthAliasOnly off

RequireValidShell off

UseFtpUsers on

AllowForeignAddress on


# TLS

# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html

#TLSEngine on

#TLSRequired on

#TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem

#TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem

#TLSCipherSuite ALL:!ADH:!DES

#TLSOptions NoCertRequest

#TLSVerifyClient off

##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300

#TLSLog /var/log/proftpd/tls.log


# SQL authentication Dynamic Shared Object (DSO) loading

# See README.DSO and howto/DSO.html for more details.

#

# LoadModule mod_ban.c

# LoadModule mod_ifsession.c

# LoadModule mod_quotatab.c

# LoadModule mod_quotatab_file.c

# LoadModule mod_sql.c

# LoadModule mod_sql_mysql.c

# LoadModule mod_sql_postgres.c

#


# A basic anonymous configuration, with an upload directory.

#

# User ftp

# Group ftp

# AccessGrantMsg "Anonymous login ok, restrictions apply."

#

# # We want clients to be able to login with "anonymous" as well as "ftp"

# UserAlias anonymous ftp

#

# # Limit the maximum number of anonymous logins

# MaxClients 10 "Sorry, max %m users -- try again later"

#

# # Put the user into /pub right after login

# #DefaultChdir /pub

#

# # We want 'welcome.msg' displayed at login, '.message' displayed in

# # each newly chdired directory and tell users to read README* files.

# DisplayLogin /welcome.msg

# DisplayFirstChdir .message

# DisplayReadme README*

#

# # Some more cosmetic and not vital stuff

# DirFakeUser on ftp

# DirFakeGroup on ftp

#

# # Limit WRITE everywhere in the anonymous chroot

#

# DenyAll

#

#

# # An upload directory that allows storing files but not retrieving

# # or creating directories.

#

# AllowOverwrite no

#

# DenyAll

#

#

#

# AllowAll

#

#

#

# # Don't write anonymous accesses to the system wtmp file (good idea!)

# WtmpLog off

#

# # Logging for the anonymous transfers

# ExtendedLog /var/log/proftpd/access.log WRITE,READ default

# ExtendedLog /var/log/proftpd/auth.log AUTH auth

#

#


# Configuration for mod_ban



BanEngine on

BanLog /var/log/proftpd/ban.log

BanTable /var/run/proftpd/ban.tab


# If the same client reaches the MaxLoginAttempts limit 2 times

# within 10 minutes, automatically add a ban for that client that

# will expire after one hour.

BanOnEvent MaxLoginAttempts 2/00:10:00 01:00:00


# Allow the FTP admin to manually add/remove bans

BanControlsACLs all allow user ftpadm



you may first want to stop proftpd and then start it when you are done editing


/etc/init.d/proftpd stop


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...