-
Notifications
You must be signed in to change notification settings - Fork 2
/
proftpd.conf
126 lines (98 loc) · 3.01 KB
/
proftpd.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
# Includes DSO modules
Include /etc/proftpd/modules.conf
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 off
# If set on you can experience a longer connection delay in many cases.
IdentLookups off
ServerName "##SERVER_NAME"
ServerType standalone
DeferWelcome off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"
DenyFilter \*.*/
# Use this to jail all users in their homes
# DefaultRoot ~
# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell off
# Port 21 is the standard FTP port.
Port 0
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 10
# Set the user and group that the server normally runs at.
User www-data
Group www-data
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on
TransferLog /run/proftpd/xferlog
SystemLog /run/proftpd/proftpd.log
<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>
<IfModule mod_ratio.c>
Ratios off
</IfModule>
# Delay engine reduces impact of the so-called Timing Attack described in
# http://www.securityfocus.com/bid/11430/discuss
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>
<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>
<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>
LoadModule mod_ldap.c
<IfModule mod_ldap.c>
# https://forums.proftpd.org/smf/index.php?topic=6368.0
LDAPServer "##LDAP_URL/??sub"
LDAPBindDN "##LDAP_BIND_DN" "##LDAP_BIND_PASSWORD"
LDAPUsers "##LDAP_USERS_BASE_DN" (username=%u)
LDAPForceDefaultUID on
LDAPDefaultUID ##LDAP_UID
LDAPForceDefaultGID on
LDAPDefaultGID ##LDAP_GID
LDAPForceGeneratedHomedir on
LDAPGenerateHomedir on
LDAPGenerateHomedirPrefix /app/data
LDAPGenerateHomedirPrefixNoUsername on
#LDAPUseTLS off
#LDAPLog /run/proftpd/ldap.log
</IfModule>
<IfModule mod_sftp.c>
SFTPEngine on
Port ##SFTP_PORT
SFTPLog /run/proftpd/sftp.log
# Configure both the RSA and DSA host keys, using the same host key
# files that OpenSSH uses.
SFTPHostKey /app/data/sftpd/ssh_host_rsa_key
SFTPHostKey /app/data/sftpd/ssh_host_dsa_key
SFTPAuthMethods password
# Enable compression
SFTPCompression delayed
RequireValidShell off
</IfModule>
<Directory />
HideNoAccess yes
</Directory>