#!/usr/bin/env bash# MUST BE RUN AS ROOTusage_message(){ echo Usage options:

1. #!/usr/bin/env bash
2. # MUST BE RUN AS ROOT
3.  
4. usage_message(){
5. echo Usage options:
6. echo "1. Install proftpd: $0 -i <PASVADDR> <MIN_PORT> <MAX_PORT>"
7. echo "2. Create ftp user: $0 -c <FTPUSER> <FTPPASS>"
8. echo "3. Delete ftp user: $0 -d <FTPUSER>"
9. }
10.  
11. install_proftpd(){
12. apt-get update && sudo apt-get -y upgrade
13. apt-get -y install proftpd ftp whois
14.  
15. cat << EOF > /etc/proftpd/conf.d/custom
16. DefaultRoot ~/ftp/files
17. PassivePorts $MIN_PORT $MAX_PORT
18. MasqueradeAddress $PASVADDR
19. RequireValidShell off
20. EOF
21. }
22.  
23. restart_proftpd(){
24. systemctl restart proftpd.service
25. systemctl status proftpd.service
26. }
27.  
28. firewall_rules(){
29. iptables -A INPUT -i lo -j ACCEPT
30. iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
31. iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
32. iptables -A INPUT -p icmp -j REJECT
33. iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
34. iptables -A OUTPUT -p tcp --dport 25 -j REJECT
35. iptables -A INPUT -p tcp -m tcp --dport 21 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
36. iptables -A INPUT -p tcp -m tcp --dport 20 -m conntrack --ctstate ESTABLISHED -j ACCEPT
37. iptables -A INPUT -p tcp -m tcp --sport $MIN_PORT:$MAX_PORT --dport $MIN_PORT:$MAX_PORT -m conntrack --ctstate RELATED,ESTABLISHED,NEW -j ACCEPT
38. iptables -A OUTPUT -p tcp -m tcp --sport 21 -m conntrack --ctstate ESTABLISHED -j ACCEPT
39. iptables -A OUTPUT -p tcp -m tcp --sport 20 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
40. iptables -A OUTPUT -p tcp -m tcp --sport $MIN_PORT:$MAX_PORT --dport $MIN_PORT:$MAX_PORT -m conntrack --ctstate ESTABLISHED -j ACCEPT
41. iptables -P INPUT DROP
42. iptables -P FORWARD DROP
43. iptables -P OUTPUT ACCEPT
44. }
45.  
46. create_user(){
47. useradd --create-home --password $(mkpasswd -m sha-512 $FTPPASS) --shell=/bin/false $FTPUSER
48.  
49. mkdir /home/$FTPUSER/ftp
50. chown nobody:nogroup /home/$FTPUSER/ftp
51. chmod a-w /home/$FTPUSER/ftp
52.  
53. mkdir /home/$FTPUSER/ftp/files
54. chown $FTPUSER:$FTPUSER /home/$FTPUSER/ftp/files
55. }
56.  
57. delete_user(){
58. userdel -rf $FTPUSER
59. }
60.  
61.  
62. if [[ $# -eq 0 ]] ; then
63. usage_message
64. exit 0
65. fi
66.  
67. while getopts c:d:i:R: option
68. do
69. case "${option}"
70. in
71. c)
72. echo ">> CREATING FTP USER $2 WITH PASSWORD $3"
73. echo
74. FTPUSER=$2
75. FTPPASS=$3
76. create_user
77. restart_proftpd
78. ;;
79. d)
80. echo ">> DELETING FTP USER $2"
81. echo
82. FTPUSER=$2
83. delete_user
84. restart_proftpd
85. ;;
86. i)
87. echo ">> INSTALLING proftpd IN IP $2 WITH $3 TO $4 PASV PORT RANGE"
88. echo
89. PASVADDR=$2
90. MIN_PORT=$3
91. MAX_PORT=$4
92. install_proftpd
93. # TODO firewall_rules
94. restart_proftpd
95. ;;
96. R)
97. restart_proftpd
98. ;;
99. *)
100. usage_message
101. exit 0
102. ;;
103. esac
104. done