Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env bash
- # MUST BE RUN AS ROOT
- usage_message(){
- echo Usage options:
- echo "1. Install proftpd: $0 -i <PASVADDR> <MIN_PORT> <MAX_PORT>"
- echo "2. Create ftp user: $0 -c <FTPUSER> <FTPPASS>"
- echo "3. Delete ftp user: $0 -d <FTPUSER>"
- }
- install_proftpd(){
- apt-get update && sudo apt-get -y upgrade
- apt-get -y install proftpd ftp whois
- cat << EOF > /etc/proftpd/conf.d/custom
- DefaultRoot ~/ftp/files
- PassivePorts $MIN_PORT $MAX_PORT
- MasqueradeAddress $PASVADDR
- RequireValidShell off
- EOF
- }
- restart_proftpd(){
- systemctl restart proftpd.service
- systemctl status proftpd.service
- }
- firewall_rules(){
- iptables -A INPUT -i lo -j ACCEPT
- iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- iptables -A INPUT -p icmp -j REJECT
- iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
- iptables -A OUTPUT -p tcp --dport 25 -j REJECT
- iptables -A INPUT -p tcp -m tcp --dport 21 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
- iptables -A INPUT -p tcp -m tcp --dport 20 -m conntrack --ctstate ESTABLISHED -j ACCEPT
- iptables -A INPUT -p tcp -m tcp --sport $MIN_PORT:$MAX_PORT --dport $MIN_PORT:$MAX_PORT -m conntrack --ctstate RELATED,ESTABLISHED,NEW -j ACCEPT
- iptables -A OUTPUT -p tcp -m tcp --sport 21 -m conntrack --ctstate ESTABLISHED -j ACCEPT
- iptables -A OUTPUT -p tcp -m tcp --sport 20 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
- iptables -A OUTPUT -p tcp -m tcp --sport $MIN_PORT:$MAX_PORT --dport $MIN_PORT:$MAX_PORT -m conntrack --ctstate ESTABLISHED -j ACCEPT
- iptables -P INPUT DROP
- iptables -P FORWARD DROP
- iptables -P OUTPUT ACCEPT
- }
- create_user(){
- useradd --create-home --password $(mkpasswd -m sha-512 $FTPPASS) --shell=/bin/false $FTPUSER
- mkdir /home/$FTPUSER/ftp
- chown nobody:nogroup /home/$FTPUSER/ftp
- chmod a-w /home/$FTPUSER/ftp
- mkdir /home/$FTPUSER/ftp/files
- chown $FTPUSER:$FTPUSER /home/$FTPUSER/ftp/files
- }
- delete_user(){
- userdel -rf $FTPUSER
- }
- if [[ $# -eq 0 ]] ; then
- usage_message
- exit 0
- fi
- while getopts c:d:i:R: option
- do
- case "${option}"
- in
- c)
- echo ">> CREATING FTP USER $2 WITH PASSWORD $3"
- echo
- FTPUSER=$2
- FTPPASS=$3
- create_user
- restart_proftpd
- ;;
- d)
- echo ">> DELETING FTP USER $2"
- echo
- FTPUSER=$2
- delete_user
- restart_proftpd
- ;;
- i)
- echo ">> INSTALLING proftpd IN IP $2 WITH $3 TO $4 PASV PORT RANGE"
- echo
- PASVADDR=$2
- MIN_PORT=$3
- MAX_PORT=$4
- install_proftpd
- # TODO firewall_rules
- restart_proftpd
- ;;
- R)
- restart_proftpd
- ;;
- *)
- usage_message
- exit 0
- ;;
- esac
- done
Add Comment
Please, Sign In to add comment