/usr/local/etc/proftpd.conf
Aus Wiki.hidden.ch
Im folgenden Abschnitt ist der ganze Aufbau der Konfiguration beschrieben.
# # To have more informations about Proftpd configuration # look at : http://www.proftpd.org/ # # This is a basic ProFTPD configuration file (rename it to # 'proftpd.conf' for actual use. It establishes a single server # and a single anonymous login. It assumes that you have a user/group # "nobody" and "ftp" for normal operation and anon. ServerName "test.mrmouse.ch" <- ServerName angeben ServerType standalone <- via inetd wäre hier inetd DefaultServer on ServerIdent on "test.mrmouse.ch" <- wir verschleiern, dass ProFTPD benutzt wird ServerAdmin admin@glogger.ch <- E-Mail Adresse des Admins DeferWelcome on <- Für die Sicherheit UseReverseDNS off <- Löst Reverse DNS nicht auf IdentLookups off <- Macht keine Ident Abfrage # Port 21 is the standard FTP port. Port 21 <- Auf welchem Port soll der Server laufen? (Wird im inetd Modus ignoriert) # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd). Paar Einstellungen, um DoS Attacken zu minimieren MaxInstances 30 MaxClients 10 "Only 10 connections are allowed" MaxClientsPerHost 3 "You are already logged in 3 times" MaxClientsPerUser 3 "You are already logged in 3 times" MaxLoginAttempts 3 TimeoutStalled 10 TimeoutNoTransfer 20 TimeoutLogin 20 # Set the user and group under which the server will run. User nobody Group nogroup Für bisschen mehr logging #Log Options ExtendedLog /var/log/ftp.log auth,read,write TransferLog /var/log/ftp_transfer.log # To cause every FTP user to be "jailed" (chrooted) into their home # directory, uncomment this line. DefaultRoot ~ <- Wir wollen User in ihrem HomeDir behalten # Normally, we want files to be overwriteable. AllowOverwrite on <- Files sollen überschreibar sein # Restart erlauben Wir wollen restarts erlauben AllowStoreRestart on AllowRetrieveRestart on <Directory /*> AllowOverwrite on # hide everything that belongs to the group 'wheel' HideGroup wheel </Directory> <-- Ab hier beginnt der ganze SQL kram... --> # --------------------------------------------- ### SQL Section ### # --------------------------------------------- SQLAuthTypes Backend Plaintext SQLAuthenticate users* SQLConnectInfo server_admin@localhost:3306 <db_user> <db_pass> SQLDefaultHomedir none SQLDefaultGID 65534 SQLDefaultUID 65534 SQLMinUserGID 80 SQLMinUserUID 80 SQLUserInfo ftp_login username password uid gid homedir shell # SQL Debugging # SQLLogFile /var/log/proftpd.sql.log <- Aktivieren wenn probleme mit SQL # We authenticate against MySQL - so not needed RequireValidShell off <- Braucht man nicht, da man via MySQL authentisiert # Additional SQL Statements SQLNamedQuery getcount SELECT "count, username from ftp_login where username='%u'" SQLNamedQuery updatedbinfo UPDATE "count=count+1,last_login=NOW(),last_ip='%a',last_host='%h' WHERE username='%u'" ftp_login SQLShowInfo PASS "230" "Hello %u, you were already %{getcount} times logged in" SQLLog PASS updatedbinfo # limit only to active logins SQLUserWhereClause "active = '1'" <- Zusätzlich zur MySQL Query hinzufügen <-- ... Ende SQL Zeug --> # Bar use of SITE CHMOD by default <Limit SITE_CHMOD> DenyAll </Limit> # A basic anonymous configuration, no upload directories. If you do not # want anonymous users, simply delete this entire <Anonymous> section. ######################################################################### # # # Uncomment lines with only one # to allow basic anonymous access # # # ######################################################################### #<Anonymous ~ftp> # User ftp # Group ftp ### We want clients to be able to login with "anonymous" as well as "ftp" # UserAlias anonymous ftp ### Limit the maximum number of anonymous logins # MaxClients 10 ### We want 'welcome.msg' displayed at login, and '.message' displayed ### in each newly chdired directory. # DisplayLogin welcome.msg # DisplayFirstChdir .message ### Limit WRITE everywhere in the anonymous chroot # <Limit WRITE> # DenyAll # </Limit> #</Anonymous> Ab hier kommen paar spezifische Änderungen für meinen Server # --------------------------------------------- ### Some Crappy Frontpage / Special stuff ### # --------------------------------------------- ## mysql ordner bruacht es nicht anzuzeigen... <Directory ~/mysqldb> <Limit ALL> DenyAll </Limit> </Directory> <Directory ~/mysqlsrc> <Limit ALL> DenyAll </Limit> </Directory> ### HIDET FRONTPAGE STUFF ######## <Directory ~/doc/_vti_bin> <Limit ALL> DenyAll </Limit> </Directory> <Directory ~/doc/_private> <Limit ALL> DenyAll </Limit> </Directory> <Directory ~/doc/_vti_cnf> <Limit ALL> DenyAll </Limit> </Directory> <Directory ~/doc/_vti_pvt> <Limit ALL> DenyAll </Limit> </Directory> <Directory ~/doc/_vti_txt> <Limit ALL> DenyAll </Limit> </Directory> <Directory ~/doc/_vti_log> <Limit ALL> DenyAll </Limit> </Directory> <Directory ~/doc/usage> <Limit ALL> DenyAll </Limit> </Directory> <Directory ~/php> <Limit ALL> DenyAll </Limit> </Directory> ##### /etc verzeichnis wird nichts gel<F6>scht !!!! #### <Directory ~/etc> AllowOverwrite Off <Limit MKD DELE RMD RNFR> DenyAll </Limit> </Directory> ################################################
