Probleme mit ProFTPD - Printable Version

Code:
#

# ispCP Ï‰ (OMEGA) a Virtual Hosting Control System

#

# @copyright    2001-2006 by moleSoftware GmbH

# @copyright    2006-2008 by ispCP | http://isp-control.net

# @version        SVN: $Id$

# @link            http://isp-control.net

# @author        ispCP Team

#

# @license

#   This program is free software; you can redistribute it and/or modify it under

#   the terms of the MPL General Public License as published by the Free Software

#   Foundation; either version 1.1 of the License, or (at your option) any later

#   version.

#   You should have received a copy of the MPL Mozilla Public License along with

#   this program; if not, write to the Open Source Initiative (OSI)

#   http://opensource.org | osi@opensource.org

#

################################################################################

# Includes DSO modules (this is mandatory in proftpd 1.3)

Include /etc/proftpd/modules.conf



# Set off to disable IPv6 support which is annoying on IPv4 only boxes.

UseIPv6                    off



ServerName                 "s1.server.net"

ServerType                 standalone

DeferWelcome               off



MultilineRFC2228           on

DefaultServer              on

ShowSymlinks               on



AllowOverwrite             on

UseReverseDNS              off

IdentLookups               off

AllowStoreRestart          on

AllowForeignAddress        on



LogFormat                  traff "%b %u"



TimeoutLogin               120

TimeoutNoTransfer          600

TimeoutStalled             600

TimeoutIdle                1200



DisplayLogin               welcome.msg

DisplayFirstChdir          message



ListOptions                "-l"

#LsDefaultOptions           "-l"



DenyFilter                 \*.*/



DefaultRoot                ~



# Uncomment this if you are using NIS or LDAP to retrieve passwords:

# PersistentPasswd         off



# Port 21 is the standard FTP port.

Port                       21



# In some cases you have to specify passive ports range to by-pass

# firewall limitations. Ephemeral ports can be used for that, but

# feel free to use a more narrow range.

#PassivePorts               49152 65534



# To prevent DoS attacks, set the maximum number of child processes

# to 30.  If you need to allow more than 30 concurrent connections

# at once, simply increase this value.  Note that this ONLY works

# in standalone mode, in inetd mode you should use an inetd server

# that allows you to limit maximum number of processes per service

# (such as xinetd)

MaxInstances               30



# Set the user and group that the server normally runs at.

User                       nobody

Group                      nogroup



# Normally, we want files to be overwriteable.

<Directory /*>

  # Umask 022 is a good standard umask to prevent new files and dirs

  # (second parm) from being group and world writable.

  Umask                    022  022

  # Normally, we want files to be overwriteable.

  AllowOverwrite           on

  HideNoAccess             on

</Directory>



<Limit ALL>

  IgnoreHidden             on

</Limit>



# Be warned: use of this directive impacts CPU average load!

#

# Uncomment this if you like to see progress and transfer rate with ftpwho

# in downloads. That is not needed for uploads rates.

# UseSendFile               off



<Global>

  RootLogin                off

  TransferLog              /var/log/proftpd/xferlog

  ExtendedLog              /var/log/proftpd/ftp_traff.log read,write traff

  PathDenyFilter           "\.quota$"

</Global>



#

# SSL via TLS

#

#<IfModule mod_tls.c>

#  TLSEngine                off                           # on for use of TLS

#  TLSLog                   /var/log/proftpd/ftp_ssl.log  # where to log to

#  TLSProtocol              SSLv23                        # SSLv23 or TLSv1

#  TLSOptions               NoCertRequest                 # either to request the certificate or not

#  TLSRSACertificateFile    /etc/proftpd/ssl.crt          # SSL certfile

#  TLSRSACertificateKeyFile /etc/proftpd/ssl.key          # SSL keyfile

#  TLSVerifyClient          off                           # client verification

#</IfModule>



#

# ISPCP Quota management;

#

<IfModule mod_quotatab.c>

  QuotaEngine              on

  QuotaShowQuotas          on

  QuotaDisplayUnits        Mb



  SQLNamedQuery            get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"

  SQLNamedQuery            get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"

  SQLNamedQuery            update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" quotatallies

  SQLNamedQuery            insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies



  QuotaLock                /var/run/proftpd/tally.lock

  QuotaLimitTable          sql:/get-quota-limit

  QuotaTallyTable          sql:/get-quota-tally/update-quota-tally/insert-quota-tally

</IfModule>



<IfModule mod_ratio.c>

  Ratios                   on

</IfModule>



# Delay engine reduces impact of the so-called Timing Attack described in

# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02

# It is on by default.

<IfModule mod_delay.c>

  DelayEngine              on

</IfModule>



<IfModule mod_ctrls.c>

  ControlsEngine           on

  ControlsMaxClients       2

  ControlsLog              /var/log/proftpd/controls.log

  ControlsInterval         5

  ControlsSocket           /var/run/proftpd/proftpd.sock

</IfModule>



<IfModule mod_ctrls_admin.c>

  AdminControlsEngine      on

</IfModule>



# ispCP SQL Managment

SQLBackend                 mysql

SQLAuthTypes               Crypt

SQLAuthenticate            on

SQLConnectInfo             ispcp@localhost vftp password

SQLUserInfo                ftp_users userid passwd uid gid homedir shell

SQLGroupInfo               ftp_group groupname gid members

SQLMinUserUID              2000

SQLMinUserGID              2000



# A basic anonymous configuration, no upload directories.



# <Anonymous ~ftp>

#   User                   ftp

#   Group                  nogroup

#   # We want clients to be able to login with "anonymous" as well as "ftp"

#   UserAlias              anonymous ftp

#   # Cosmetic changes, all files belongs to ftp user

#   DirFakeUser            on ftp

#   DirFakeGroup           on ftp

#

#   RequireValidShell      off

#

#   # Limit the maximum number of anonymous logins

#   MaxClients             10

#

#   # We want 'welcome.msg' displayed at login, and '.message' displayed

#   # in each newly chdired directory.

#   DisplayLogin           welcome.msg

#   DisplayFirstChdir      .message

#

#   # Limit WRITE everywhere in the anonymous chroot

#   <Directory *>

#     <Limit WRITE>

#       DenyAll

#     </Limit>

#   </Directory>

#

#   # Uncomment this if you're brave.

#   # <Directory incoming>

#   #   # Umask 022 is a good standard umask to prevent new files and dirs

#   #   # (second parm) from being group and world writable.

#   #   Umask              022  022

#   #   <Limit READ WRITE>

#   #     DenyAll

#   #   </Limit>

#   #   <Limit STOR>

#   #     AllowAll

#   #   </Limit>

#   # </Directory>

#

# </Anonymous>

Include /etc/proftpd/ispcp/*