1
|
#
|
2
|
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
|
3
|
# To really apply changes, reload proftpd after modifications, if
|
4
|
# it runs in daemon mode. It is not required in inetd/xinetd mode.
|
5
|
#
|
6
|
|
7
|
# Includes DSO modules
|
8
|
Include /etc/proftpd/modules.conf
|
9
|
|
10
|
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
|
11
|
UseIPv6 on
|
12
|
# If set on you can experience a longer connection delay in many cases.
|
13
|
IdentLookups off
|
14
|
|
15
|
ServerName "Debian"
|
16
|
ServerType standalone
|
17
|
DeferWelcome off
|
18
|
|
19
|
MultilineRFC2228 on
|
20
|
DefaultServer on
|
21
|
ShowSymlinks on
|
22
|
|
23
|
TimeoutNoTransfer 600
|
24
|
TimeoutStalled 600
|
25
|
TimeoutIdle 1200
|
26
|
|
27
|
DisplayLogin welcome.msg
|
28
|
DisplayChdir .message true
|
29
|
ListOptions "-l"
|
30
|
|
31
|
DenyFilter \*.*/
|
32
|
|
33
|
# Use this to jail all users in their homes
|
34
|
# DefaultRoot ~
|
35
|
|
36
|
# Users require a valid shell listed in /etc/shells to login.
|
37
|
# Use this directive to release that constrain.
|
38
|
# RequireValidShell off
|
39
|
|
40
|
# Port 21 is the standard FTP port.
|
41
|
Port 21
|
42
|
|
43
|
# In some cases you have to specify passive ports range to by-pass
|
44
|
# firewall limitations. Ephemeral ports can be used for that, but
|
45
|
# feel free to use a more narrow range.
|
46
|
# PassivePorts 49152 65534
|
47
|
|
48
|
# If your host was NATted, this option is useful in order to
|
49
|
# allow passive tranfers to work. You have to use your public
|
50
|
# address and opening the passive ports used on your firewall as well.
|
51
|
# MasqueradeAddress 1.2.3.4
|
52
|
|
53
|
# This is useful for masquerading address with dynamic IPs:
|
54
|
# refresh any configured MasqueradeAddress directives every 8 hours
|
55
|
<IfModule mod_dynmasq.c>
|
56
|
# DynMasqRefresh 28800
|
57
|
</IfModule>
|
58
|
|
59
|
# To prevent DoS attacks, set the maximum number of child processes
|
60
|
# to 30. If you need to allow more than 30 concurrent connections
|
61
|
# at once, simply increase this value. Note that this ONLY works
|
62
|
# in standalone mode, in inetd mode you should use an inetd server
|
63
|
# that allows you to limit maximum number of processes per service
|
64
|
# (such as xinetd)
|
65
|
MaxInstances 30
|
66
|
|
67
|
# Set the user and group that the server normally runs at.
|
68
|
User proftpd
|
69
|
Group nogroup
|
70
|
|
71
|
# Umask 022 is a good standard umask to prevent new files and dirs
|
72
|
# (second parm) from being group and world writable.
|
73
|
Umask 022 022
|
74
|
# Normally, we want files to be overwriteable.
|
75
|
AllowOverwrite on
|
76
|
|
77
|
# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
|
78
|
# PersistentPasswd off
|
79
|
|
80
|
# This is required to use both PAM-based authentication and local passwords
|
81
|
# AuthOrder mod_auth_pam.c* mod_auth_unix.c
|
82
|
|
83
|
# Be warned: use of this directive impacts CPU average load!
|
84
|
# Uncomment this if you like to see progress and transfer rate with ftpwho
|
85
|
# in downloads. That is not needed for uploads rates.
|
86
|
#
|
87
|
# UseSendFile off
|
88
|
|
89
|
TransferLog /var/log/proftpd/xferlog
|
90
|
SystemLog /var/log/proftpd/proftpd.log
|
91
|
|
92
|
# Logging onto /var/log/lastlog is enabled but set to off by default
|
93
|
#UseLastlog on
|
94
|
|
95
|
# In order to keep log file dates consistent after chroot, use timezone info
|
96
|
# from /etc/localtime. If this is not set, and proftpd is configured to
|
97
|
# chroot (e.g. DefaultRoot or <Anonymous>), it will use the non-daylight
|
98
|
# savings timezone regardless of whether DST is in effect.
|
99
|
#SetEnv TZ :/etc/localtime
|
100
|
|
101
|
<IfModule mod_quotatab.c>
|
102
|
QuotaEngine off
|
103
|
</IfModule>
|
104
|
|
105
|
<IfModule mod_ratio.c>
|
106
|
Ratios off
|
107
|
</IfModule>
|
108
|
|
109
|
|
110
|
# Delay engine reduces impact of the so-called Timing Attack described in
|
111
|
# http://www.securityfocus.com/bid/11430/discuss
|
112
|
# It is on by default.
|
113
|
<IfModule mod_delay.c>
|
114
|
DelayEngine on
|
115
|
</IfModule>
|
116
|
|
117
|
<IfModule mod_ctrls.c>
|
118
|
ControlsEngine off
|
119
|
ControlsMaxClients 2
|
120
|
ControlsLog /var/log/proftpd/controls.log
|
121
|
ControlsInterval 5
|
122
|
ControlsSocket /var/run/proftpd/proftpd.sock
|
123
|
</IfModule>
|
124
|
|
125
|
<IfModule mod_ctrls_admin.c>
|
126
|
AdminControlsEngine off
|
127
|
</IfModule>
|
128
|
|
129
|
#
|
130
|
# Alternative authentication frameworks
|
131
|
#
|
132
|
#Include /etc/proftpd/ldap.conf
|
133
|
#Include /etc/proftpd/sql.conf
|
134
|
|
135
|
#
|
136
|
# This is used for FTPS connections
|
137
|
#
|
138
|
#Include /etc/proftpd/tls.conf
|
139
|
|
140
|
#
|
141
|
# Useful to keep VirtualHost/VirtualRoot directives separated
|
142
|
#
|
143
|
#Include /etc/proftpd/virtuals.con
|
144
|
|
145
|
# A basic anonymous configuration, no upload directories.
|
146
|
|
147
|
# <Anonymous ~ftp>
|
148
|
# User ftp
|
149
|
# Group nogroup
|
150
|
# # We want clients to be able to login with "anonymous" as well as "ftp"
|
151
|
# UserAlias anonymous ftp
|
152
|
# # Cosmetic changes, all files belongs to ftp user
|
153
|
# DirFakeUser on ftp
|
154
|
# DirFakeGroup on ftp
|
155
|
#
|
156
|
# RequireValidShell off
|
157
|
#
|
158
|
# # Limit the maximum number of anonymous logins
|
159
|
# MaxClients 10
|
160
|
#
|
161
|
# # We want 'welcome.msg' displayed at login, and '.message' displayed
|
162
|
# # in each newly chdired directory.
|
163
|
# DisplayLogin welcome.msg
|
164
|
# DisplayChdir .message
|
165
|
#
|
166
|
# # Limit WRITE everywhere in the anonymous chroot
|
167
|
# <Directory *>
|
168
|
# <Limit WRITE>
|
169
|
# DenyAll
|
170
|
# </Limit>
|
171
|
# </Directory>
|
172
|
#
|
173
|
# # Uncomment this if you're brave.
|
174
|
# # <Directory incoming>
|
175
|
# # # Umask 022 is a good standard umask to prevent new files and dirs
|
176
|
# # # (second parm) from being group and world writable.
|
177
|
# # Umask 022 022
|
178
|
# # <Limit READ WRITE>
|
179
|
# # DenyAll
|
180
|
# # </Limit>
|
181
|
# # <Limit STOR>
|
182
|
# # AllowAll
|
183
|
# # </Limit>
|
184
|
# # </Directory>
|
185
|
#
|
186
|
# </Anonymous>
|
187
|
|
188
|
# Include other custom configuration files
|
189
|
Include /etc/proftpd/conf.d/
|