Advertisement
capriott

proftpd.conf

Jan 22nd, 2014
2,828
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #
  2. # /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
  3. # To really apply changes reload proftpd after modifications.
  4. #
  5.  
  6. # Includes DSO modules
  7. Include /etc/proftpd/modules.conf
  8.  
  9. # Set off to disable IPv6 support which is annoying on IPv4 only boxes.
  10. UseIPv6             off
  11. # If set on you can experience a longer connection delay in many cases.
  12. IdentLookups            off
  13.  
  14. ServerName          "UGOV-FTPS"
  15. DefaultAddress          xxx.xxx.xxx.xxx
  16. SocketBindTight         on
  17. ServerType          inetd
  18. DeferWelcome            off
  19.  
  20. MultilineRFC2228        on
  21. DefaultServer           on
  22. ShowSymlinks            on
  23.  
  24. #DisplayLogin                    /univ/ext/ftp/welcome.msg
  25. DisplayChdir                .message true
  26. ListOptions                 "-l"
  27.  
  28. DenyFilter          \*.*/
  29.  
  30. # Use this to jail all users in their homes
  31. DefaultRoot             /univ/ext/ftp/
  32. #DefaultRoot            ~  
  33. DebugLevel 10
  34.  
  35. # Users require a valid shell listed in /etc/shells to login.
  36. # Use this directive to release that constrain.
  37. RequireValidShell       off
  38.  
  39. # Port 21 is the standard FTP port.
  40. Port                21
  41.  
  42. # Time
  43. TimesGMT                        off
  44.  
  45. # In some cases you have to specify passive ports range to by-pass
  46. # firewall limitations. Ephemeral ports can be used for that, but
  47. # feel free to use a more narrow range.
  48. # PassivePorts                  49152 65534
  49. PassivePorts                  50000 51000
  50.  
  51. # If your host was NATted, this option is useful in order to
  52. # allow passive tranfers to work. You have to use your public
  53. # address and opening the passive ports used on your firewall as well.
  54. #MasqueradeAddress xxx.xxx.xxx.xxx
  55. #NAT
  56. MasqueradeAddress xxx.xxx.xxx.xxx
  57.  
  58. # This is useful for masquerading address with dynamic IPs:
  59. # refresh any configured MasqueradeAddress directives every 8 hours
  60. <IfModule mod_dynmasq.c>
  61. # DynMasqRefresh 28800
  62. </IfModule>
  63.  
  64. # To prevent DoS attacks, set the maximum number of child processes
  65. # to 30.  If you need to allow more than 30 concurrent connections
  66. # at once, simply increase this value.  Note that this ONLY works
  67. # in standalone mode, in inetd mode you should use an inetd server
  68. # that allows you to limit maximum number of processes per service
  69. # (such as xinetd)
  70. MaxInstances            30
  71.  
  72. # Set the user and group that the server normally runs at.
  73. User                prouniv1
  74. Group               product
  75.  
  76. # Umask 022 is a good standard umask to prevent new files and dirs
  77. # (second parm) from being group and world writable.
  78. Umask               022  022
  79. #Umask              000  000
  80.  
  81. # Normally, we want files to be overwriteable.
  82. AllowOverwrite          on
  83.  
  84. # Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
  85. # PersistentPasswd      off
  86.  
  87. # This is required to use both PAM-based authentication and local passwords
  88. # AuthOrder         mod_auth_pam.c* mod_auth_unix.c
  89.  
  90. AuthUserFile /etc/proftpd/univ-ftps-passwd
  91. AuthGroupFile /etc/proftpd//univ-ftps-group
  92. AuthOrder mod_auth_file.c
  93.  
  94. # Be warned: use of this directive impacts CPU average load!
  95. # Uncomment this if you like to see progress and transfer rate with ftpwho
  96. # in downloads. That is not needed for uploads rates.
  97. #
  98. # UseSendFile           off
  99.  
  100. LogFormat operations "%t %h %l %u \"%r\" %s %b"
  101. SystemLog   /var/log/proftpd/test-ftps-system.log
  102. TransferLog /var/log/proftpd/test-ftps-xfer.log
  103. ExtendedLog /var/log/proftpd/test-ftps-operations.log ALL operations
  104.  
  105.  
  106. <IfModule mod_quotatab.c>
  107. QuotaEngine off
  108. </IfModule>
  109.  
  110. <IfModule mod_ratio.c>
  111. Ratios off
  112. </IfModule>
  113.  
  114.  
  115. # Delay engine reduces impact of the so-called Timing Attack described in
  116. # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
  117. # It is on by default.
  118. <IfModule mod_delay.c>
  119. DelayEngine on
  120. </IfModule>
  121.  
  122. <IfModule mod_ctrls.c>
  123. ControlsEngine        off
  124. ControlsMaxClients    2
  125. ControlsLog           /var/log/proftpd/test-controls.log
  126. ControlsInterval      5
  127. ControlsSocket        /var/run/proftpd/proftpd.sock
  128. </IfModule>
  129.  
  130. <IfModule mod_ctrls_admin.c>
  131. AdminControlsEngine off
  132. </IfModule>
  133.  
  134. # Cineca
  135. <IfModule mod_facts.c>
  136. FactsAdvertise off
  137. </IfModule>
  138.  
  139. #
  140. # Alternative authentication frameworks
  141. #
  142. #Include /etc/proftpd/ldap.conf
  143. #Include /etc/proftpd/sql.conf
  144.  
  145. #
  146. # This is used for FTPS connections
  147. #
  148. #Include /etc/proftpd/tls.conf
  149. TLSEngine                  on
  150. #TLSRequired                on
  151. TLSRequired                on
  152. TLSLog                     /var/log/proftpd/test-ftps-tls.log
  153. TLSProtocol                SSLv23
  154. TLSVerifyClient            off
  155. TLSRenegotiate             none
  156. TLSRSACertificateFile      /etc/ssl/certs/ftps.u-gov.it.crt
  157. TLSRSACertificateKeyFile   /etc/ssl/private/ftps.u-gov.it.key
  158. TLSCertificateChainFile    /etc/ssl/certs/ftps.u-gov.it-chain.pem
  159. TLSOptions                 AllowDotLogin NoCertRequest NoSessionReuseRequired
  160. #TLSOptions                 AllowDotLogin NoSessionReuseRequired
  161.  
  162. #Custom Options
  163. UseReverseDNS off
  164. UseSendfile off
  165. WtmpLog on
  166.  
  167. #Permissions
  168. #Include /etc/proftpd/restrictions.conf
  169. #Include /etc/proftpd/user-group-prot.inc
  170. Include /etc/proftpd/test-user-group-prot.inc
  171.  
  172. <Global>
  173.  ListOptions "" maxdepth 3
  174.  ListOptions "" maxdirs 10
  175.  ListOptions "" maxfiles 1000
  176.  TimeoutLogin                    300
  177.  TimeoutSession                  86400
  178.  TimeoutNoTransfer               3600
  179.  TimeoutStalled                  3600
  180.  TimeoutIdle                     3600
  181.  
  182.  IdentLookups off
  183.  AllowStoreRestart      on
  184.  
  185. </Global>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement