145 lines
3.7 KiB
Plaintext
145 lines
3.7 KiB
Plaintext
#
|
|
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
|
|
# To really apply changes reload proftpd after modifications.
|
|
#
|
|
|
|
# Includes DSO modules
|
|
Include /etc/proftpd/modules.conf
|
|
|
|
UseReverseDNS off
|
|
IdentLookups off
|
|
|
|
# dtbartle - limit resources used by an ftp session
|
|
#RLimitCPU session 10
|
|
#RLimitMemory session 4096K
|
|
|
|
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
|
|
UseIPv6 on
|
|
|
|
ServerName "mirror.csclub"
|
|
ServerType standalone
|
|
DeferWelcome off
|
|
|
|
MultilineRFC2228 on
|
|
DefaultServer on
|
|
ShowSymlinks on
|
|
|
|
TimeoutNoTransfer 600
|
|
TimeoutStalled 600
|
|
TimeoutIdle 1200
|
|
|
|
DisplayLogin /include/motd.msg
|
|
DisplayChdir .message
|
|
ListOptions "-l"
|
|
|
|
DenyFilter \*.*/
|
|
|
|
# Port 21 is the standard FTP port.
|
|
Port 21
|
|
|
|
# In some cases you have to specify passive ports range to by-pass
|
|
# firewall limitations. Ephemeral ports can be used for that, but
|
|
# feel free to use a more narrow range.
|
|
PassivePorts 49152 65534
|
|
|
|
# To prevent DoS attacks, set the maximum number of child processes
|
|
# to 30. If you need to allow more than 30 concurrent connections
|
|
# at once, simply increase this value. Note that this ONLY works
|
|
# in standalone mode, in inetd mode you should use an inetd server
|
|
# that allows you to limit maximum number of processes per service
|
|
# (such as xinetd)
|
|
MaxInstances 500
|
|
|
|
# Set the user and group that the server normally runs at.
|
|
User proftpd
|
|
Group nogroup
|
|
|
|
# Umask 022 is a good standard umask to prevent new files and dirs
|
|
# (second parm) from being group and world writable.
|
|
Umask 022 022
|
|
# Normally, we want files to be overwriteable.
|
|
AllowOverwrite on
|
|
|
|
# Uncomment this if you are using NIS or LDAP to retrieve passwords:
|
|
# PersistentPasswd off
|
|
|
|
# Be warned: use of this directive impacts CPU average load!
|
|
#
|
|
# Uncomment this if you like to see progress and transfer rate with ftpwho
|
|
# in downloads. That is not needed for uploads rates.
|
|
# UseSendFile off
|
|
|
|
TransferLog /var/log/proftpd/xferlog
|
|
SystemLog /var/log/proftpd/proftpd.log
|
|
|
|
<IfModule mod_tls.c>
|
|
TLSEngine off
|
|
</IfModule>
|
|
|
|
<IfModule mod_quota.c>
|
|
QuotaEngine on
|
|
</IfModule>
|
|
|
|
<IfModule mod_ratio.c>
|
|
Ratios on
|
|
</IfModule>
|
|
|
|
|
|
# Delay engine reduces impact of the so-called Timing Attack described in
|
|
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
|
|
# It is on by default.
|
|
<IfModule mod_delay.c>
|
|
DelayEngine on
|
|
</IfModule>
|
|
|
|
<IfModule mod_ctrls.c>
|
|
ControlsEngine on
|
|
ControlsMaxClients 2
|
|
ControlsLog /var/log/proftpd/controls.log
|
|
ControlsInterval 5
|
|
ControlsSocket /var/run/proftpd/proftpd.sock
|
|
</IfModule>
|
|
|
|
<IfModule mod_ctrls_admin.c>
|
|
AdminControlsEngine on
|
|
</IfModule>
|
|
|
|
# A basic anonymous configuration, no upload directories.
|
|
|
|
<Anonymous /mirror/root>
|
|
User ftp
|
|
Group nogroup
|
|
# We want clients to be able to login with "anonymous" as well as "ftp"
|
|
UserAlias anonymous ftp
|
|
# Cosmetic changes, all files belongs to ftp user
|
|
DirFakeUser on ftp
|
|
DirFakeGroup on ftp
|
|
|
|
RequireValidShell off
|
|
|
|
# Limit the maximum number of anonymous logins
|
|
MaxClients 500
|
|
|
|
# Limit WRITE everywhere in the anonymous chroot
|
|
<Directory *>
|
|
<Limit WRITE>
|
|
DenyAll
|
|
</Limit>
|
|
HideFiles "(\\.bak.html|lost\\+found|new-index.html|mirror-rootfs|mirror-highpriority)"
|
|
</Directory>
|
|
|
|
# # Uncomment this if you're brave.
|
|
# # <Directory incoming>
|
|
# # # Umask 022 is a good standard umask to prevent new files and dirs
|
|
# # # (second parm) from being group and world writable.
|
|
# # Umask 022 022
|
|
# # <Limit READ WRITE>
|
|
# # DenyAll
|
|
# # </Limit>
|
|
# # <Limit STOR>
|
|
# # AllowAll
|
|
# # </Limit>
|
|
# # </Directory>
|
|
#
|
|
</Anonymous>
|