Add proftpd as service

2019-03-18 19:02:32 -07:00
parent a435e88b25
commit cde852f0f9
5 changed files with 172 additions and 0 deletions
--- a/setup/start/proftpd.conf
+++ b/setup/start/proftpd.conf
@@ -0,0 +1,129 @@
+# Includes DSO modules
+Include /etc/proftpd/modules.conf
+
+# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
+UseIPv6				off
+# If set on you can experience a longer connection delay in many cases.
+IdentLookups			off
+
+ServerName			"##SERVER_NAME"
+ServerType			standalone
+DeferWelcome			off
+
+MultilineRFC2228		on
+DefaultServer			on
+ShowSymlinks			on
+
+TimeoutNoTransfer		600
+TimeoutStalled			600
+TimeoutIdle			1200
+
+DisplayLogin                    welcome.msg
+DisplayChdir               	.message true
+ListOptions                	"-l"
+
+DenyFilter			\*.*/
+
+# Use this to jail all users in their homes
+# DefaultRoot			~
+
+# Users require a valid shell listed in /etc/shells to login.
+# Use this directive to release that constrain.
+# RequireValidShell		off
+
+# Port 21 is the standard FTP port.
+Port				0
+
+# To prevent DoS attacks, set the maximum number of child processes
+# to 30.  If you need to allow more than 30 concurrent connections
+# at once, simply increase this value.  Note that this ONLY works
+# in standalone mode, in inetd mode you should use an inetd server
+# that allows you to limit maximum number of processes per service
+# (such as xinetd)
+MaxInstances			10
+
+# Set the user and group that the server normally runs at.
+User				www-data
+Group				www-data
+
+# Umask 022 is a good standard umask to prevent new files and dirs
+# (second parm) from being group and world writable.
+Umask				022  022
+# Normally, we want files to be overwriteable.
+AllowOverwrite			on
+
+TransferLog /run/proftpd/xferlog
+SystemLog   /run/proftpd/proftpd.log
+
+# disable ssh login log
+WtmpLog off
+
+<IfModule mod_quotatab.c>
+QuotaEngine off
+</IfModule>
+
+<IfModule mod_ratio.c>
+Ratios off
+</IfModule>
+
+# Delay engine reduces impact of the so-called Timing Attack described in
+# http://www.securityfocus.com/bid/11430/discuss
+# It is on by default.
+<IfModule mod_delay.c>
+DelayEngine on
+</IfModule>
+
+<IfModule mod_ctrls.c>
+ControlsEngine        off
+ControlsMaxClients    2
+ControlsLog           /var/log/proftpd/controls.log
+ControlsInterval      5
+ControlsSocket        /var/run/proftpd/proftpd.sock
+</IfModule>
+
+<IfModule mod_ctrls_admin.c>
+    AdminControlsEngine off
+</IfModule>
+
+LoadModule mod_ldap.c
+<IfModule mod_ldap.c>
+# https://forums.proftpd.org/smf/index.php?topic=6368.0
+LDAPServer "##LDAP_URL/??sub"
+LDAPBindDN "##LDAP_BIND_DN" "##LDAP_BIND_PASSWORD"
+LDAPUsers "##LDAP_USERS_BASE_DN" (username=%u)
+
+LDAPForceDefaultUID on
+LDAPDefaultUID ##LDAP_UID
+LDAPForceDefaultGID on
+LDAPDefaultGID ##LDAP_GID
+
+LDAPForceGeneratedHomedir on
+LDAPGenerateHomedir on
+LDAPGenerateHomedirPrefix /app/data
+LDAPGenerateHomedirPrefixNoUsername on
+
+#LDAPUseTLS off
+#LDAPLog /run/proftpd/ldap.log
+</IfModule>
+
+<IfModule mod_sftp.c>
+SFTPEngine on
+Port ##SFTP_PORT
+SFTPLog /run/proftpd/sftp.log
+
+# Configure both the RSA and DSA host keys, using the same host key
+# files that OpenSSH uses.
+SFTPHostKey /app/data/.sftpd/ssh_host_rsa_key
+SFTPHostKey /app/data/.sftpd/ssh_host_dsa_key
+
+SFTPAuthMethods password
+
+# Enable compression
+SFTPCompression delayed
+
+RequireValidShell off
+</IfModule>
+
+<Directory />
+  HideNoAccess yes
+</Directory>