Changeset 1060
- Timestamp:
- 03/14/08 22:54:50
(9 months ago)
- Author:
- rats
- Message:
Updated all Distros
ispCP 1.0.0 RC4 ready for release
-
Files:
-
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
| r1007 |
r1060 |
|
| 1 | 1 | # |
|---|
| 2 | | # ispCP OMEGA ProFTPd config file |
|---|
| 3 | | # |
|---|
| 4 | | # |
|---|
| 5 | | # |
|---|
| 6 | | # Includes required DSO modules. This is mandatory in proftpd 1.3 |
|---|
| 7 | | # |
|---|
| | 2 | # ispCP ω (OMEGA) a Virtual Hosting Control System |
|---|
| | 3 | # |
|---|
| | 4 | # @copyright 2001-2006 by moleSoftware GmbH |
|---|
| | 5 | # @copyright 2006-2008 by ispCP | http://isp-control.net |
|---|
| | 6 | # @version SVN: $ID$ |
|---|
| | 7 | # @link http://isp-control.net |
|---|
| | 8 | # @author ispCP Team |
|---|
| | 9 | # |
|---|
| | 10 | # @license |
|---|
| | 11 | # This program is free software; you can redistribute it and/or modify it under |
|---|
| | 12 | # the terms of the MPL General Public License as published by the Free Software |
|---|
| | 13 | # Foundation; either version 1.1 of the License, or (at your option) any later |
|---|
| | 14 | # version. |
|---|
| | 15 | # You should have received a copy of the MPL Mozilla Public License along with |
|---|
| | 16 | # this program; if not, write to the Open Source Initiative (OSI) |
|---|
| | 17 | # http://opensource.org | osi@opensource.org |
|---|
| | 18 | # |
|---|
| | 19 | ################################################################################ |
|---|
| | 20 | # Includes DSO modules (this is mandatory in proftpd 1.3) |
|---|
| 8 | 21 | Include /etc/proftpd/modules.conf |
|---|
| 9 | 22 | |
|---|
| 10 | | ServerName "{HOST_NAME}" |
|---|
| 11 | | ServerType standalone |
|---|
| 12 | | DeferWelcome off |
|---|
| 13 | | |
|---|
| 14 | | ShowSymlinks on |
|---|
| 15 | | MultilineRFC2228 on |
|---|
| 16 | | DefaultServer on |
|---|
| 17 | | ShowSymlinks on |
|---|
| 18 | | AllowOverwrite on |
|---|
| 19 | | UseReverseDNS off |
|---|
| 20 | | IdentLookups off |
|---|
| 21 | | AllowStoreRestart on |
|---|
| 22 | | AllowForeignAddress on |
|---|
| 23 | | |
|---|
| 24 | | LogFormat traff "%b %u" |
|---|
| 25 | | |
|---|
| 26 | | TimeoutNoTransfer 600 |
|---|
| 27 | | TimeoutStalled 600 |
|---|
| 28 | | TimeoutIdle 1200 |
|---|
| 29 | | |
|---|
| 30 | | DisplayLogin welcome.msg |
|---|
| 31 | | DisplayChdir message |
|---|
| 32 | | |
|---|
| 33 | | #LsDefaultOptions "-l" |
|---|
| 34 | | |
|---|
| 35 | | DenyFilter \*.*/ |
|---|
| 36 | | |
|---|
| 37 | | DefaultRoot ~ |
|---|
| | 23 | # Set off to disable IPv6 support which is annoying on IPv4 only boxes. |
|---|
| | 24 | UseIPv6 off |
|---|
| | 25 | |
|---|
| | 26 | ServerName "{HOST_NAME}" |
|---|
| | 27 | ServerType standalone |
|---|
| | 28 | DeferWelcome off |
|---|
| | 29 | |
|---|
| | 30 | MultilineRFC2228 on |
|---|
| | 31 | DefaultServer on |
|---|
| | 32 | ShowSymlinks on |
|---|
| | 33 | |
|---|
| | 34 | AllowOverwrite on |
|---|
| | 35 | UseReverseDNS off |
|---|
| | 36 | IdentLookups off |
|---|
| | 37 | AllowStoreRestart on |
|---|
| | 38 | AllowForeignAddress on |
|---|
| | 39 | |
|---|
| | 40 | LogFormat traff "%b %u" |
|---|
| | 41 | |
|---|
| | 42 | TimeoutLogin 120 |
|---|
| | 43 | TimeoutNoTransfer 600 |
|---|
| | 44 | TimeoutStalled 600 |
|---|
| | 45 | TimeoutIdle 1200 |
|---|
| | 46 | |
|---|
| | 47 | DisplayLogin welcome.msg |
|---|
| | 48 | DisplayFirstChdir message |
|---|
| | 49 | |
|---|
| | 50 | ListOptions "-l" |
|---|
| | 51 | #LsDefaultOptions "-l" |
|---|
| | 52 | |
|---|
| | 53 | DenyFilter \*.*/ |
|---|
| | 54 | |
|---|
| | 55 | DefaultRoot ~ |
|---|
| 38 | 56 | |
|---|
| 39 | 57 | # Uncomment this if you are using NIS or LDAP to retrieve passwords: |
|---|
| 40 | | #PersistentPasswd off |
|---|
| | 58 | # PersistentPasswd off |
|---|
| 41 | 59 | |
|---|
| 42 | 60 | # Port 21 is the standard FTP port. |
|---|
| 43 | | |
|---|
| 44 | | Port 21 |
|---|
| | 61 | Port 21 |
|---|
| | 62 | |
|---|
| | 63 | # In some cases you have to specify passive ports range to by-pass |
|---|
| | 64 | # firewall limitations. Ephemeral ports can be used for that, but |
|---|
| | 65 | # feel free to use a more narrow range. |
|---|
| | 66 | #PassivePorts 49152 65534 |
|---|
| 45 | 67 | |
|---|
| 46 | 68 | # To prevent DoS attacks, set the maximum number of child processes |
|---|
| … | … | |
| 50 | 72 | # that allows you to limit maximum number of processes per service |
|---|
| 51 | 73 | # (such as xinetd) |
|---|
| 52 | | |
|---|
| 53 | | MaxInstances 30 |
|---|
| | 74 | MaxInstances 30 |
|---|
| 54 | 75 | |
|---|
| 55 | 76 | # Set the user and group that the server normally runs at. |
|---|
| 56 | | |
|---|
| 57 | | User nobody |
|---|
| 58 | | Group nogroup |
|---|
| | 77 | User nobody |
|---|
| | 78 | Group nogroup |
|---|
| 59 | 79 | |
|---|
| 60 | 80 | # Normally, we want files to be overwriteable. |
|---|
| … | … | |
| 63 | 83 | # Umask 022 is a good standard umask to prevent new files and dirs |
|---|
| 64 | 84 | # (second parm) from being group and world writable. |
|---|
| 65 | | Umask 022 022 |
|---|
| 66 | | |
|---|
| 67 | | AllowOverwrite on |
|---|
| 68 | | HideNoAccess on |
|---|
| 69 | | |
|---|
| | 85 | Umask 022 022 |
|---|
| | 86 | # Normally, we want files to be overwriteable. |
|---|
| | 87 | AllowOverwrite on |
|---|
| | 88 | HideNoAccess on |
|---|
| 70 | 89 | </Directory> |
|---|
| 71 | 90 | |
|---|
| 72 | 91 | <Limit ALL> |
|---|
| 73 | | IgnoreHidden on |
|---|
| | 92 | IgnoreHidden on |
|---|
| 74 | 93 | </Limit> |
|---|
| 75 | 94 | |
|---|
| | 95 | # Be warned: use of this directive impacts CPU average load! |
|---|
| | 96 | # |
|---|
| | 97 | # Uncomment this if you like to see progress and transfer rate with ftpwho |
|---|
| | 98 | # in downloads. That is not needed for uploads rates. |
|---|
| | 99 | # UseSendFile off |
|---|
| | 100 | |
|---|
| 76 | 101 | <Global> |
|---|
| 77 | | RootLogin off |
|---|
| 78 | | TransferLog /var/log/proftpd/xferlog |
|---|
| 79 | | ExtendedLog /var/log/proftpd/ftp_traff.log read,write traff |
|---|
| 80 | | PathDenyFilter "\.quota$" |
|---|
| | 102 | RootLogin off |
|---|
| | 103 | TransferLog /var/log/proftpd/xferlog |
|---|
| | 104 | ExtendedLog /var/log/proftpd/ftp_traff.log read,write traff |
|---|
| | 105 | PathDenyFilter "\.quota$" |
|---|
| 81 | 106 | </Global> |
|---|
| 82 | 107 | |
|---|
| | 108 | # |
|---|
| | 109 | # SSL via TLS |
|---|
| | 110 | # |
|---|
| | 111 | #<IfModule mod_tls.c> |
|---|
| | 112 | # TLSEngine off # on for use of TLS |
|---|
| | 113 | # TLSLog /var/log/proftpd/ftp_ssl.log # where to log to |
|---|
| | 114 | # TLSProtocol SSLv23 # SSLv23 or TLSv1 |
|---|
| | 115 | # TLSOptions NoCertRequest # either to request the certificate or not |
|---|
| | 116 | # TLSRSACertificateFile /etc/proftpd/ssl.crt # SSL certfile |
|---|
| | 117 | # TLSRSACertificateKeyFile /etc/proftpd/ssl.key # SSL keyfile |
|---|
| | 118 | # TLSVerifyClient off # client verification |
|---|
| | 119 | #</IfModule> |
|---|
| | 120 | |
|---|
| | 121 | # |
|---|
| | 122 | # ISPCP Quota management; |
|---|
| | 123 | # |
|---|
| | 124 | <IfModule mod_quota.c> |
|---|
| | 125 | QuotaEngine on |
|---|
| | 126 | QuotaShowQuotas on |
|---|
| | 127 | QuotaDisplayUnits Mb |
|---|
| | 128 | |
|---|
| | 129 | SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits WHERE name = '%{0}' AND quota_type = '%{1}'" |
|---|
| | 130 | SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'" |
|---|
| | 131 | SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" quotatallies |
|---|
| | 132 | SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies |
|---|
| | 133 | |
|---|
| | 134 | QuotaLock /var/run/proftpd/tally.lock |
|---|
| | 135 | QuotaLimitTable sql:/get-quota-limit |
|---|
| | 136 | QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally |
|---|
| | 137 | </IfModule> |
|---|
| | 138 | |
|---|
| | 139 | <IfModule mod_ratio.c> |
|---|
| | 140 | Ratios on |
|---|
| | 141 | </IfModule> |
|---|
| | 142 | |
|---|
| | 143 | # Delay engine reduces impact of the so-called Timing Attack described in |
|---|
| | 144 | # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 |
|---|
| | 145 | # It is on by default. |
|---|
| 83 | 146 | <IfModule mod_delay.c> |
|---|
| 84 | | DelayEngine off |
|---|
| 85 | | </IfModule> |
|---|
| 86 | | |
|---|
| 87 | | # |
|---|
| 88 | | # ISPCP Managment; |
|---|
| 89 | | # |
|---|
| 90 | | SQLBackend mysql # enable for proFTPd >= 1.3 |
|---|
| 91 | | SQLAuthTypes Crypt |
|---|
| 92 | | SQLAuthenticate on |
|---|
| 93 | | SQLConnectInfo {DATABASE_NAME}@{DATABASE_HOST} {DATABASE_USER} {DATABASE_PASS} |
|---|
| 94 | | SQLUserInfo ftp_users userid passwd uid gid homedir shell |
|---|
| 95 | | SQLGroupInfo ftp_group groupname gid members |
|---|
| 96 | | SQLMinID 2000 |
|---|
| 97 | | |
|---|
| 98 | | # |
|---|
| 99 | | # ISPCP Quota management; |
|---|
| 100 | | # |
|---|
| 101 | | |
|---|
| 102 | | QuotaEngine on |
|---|
| 103 | | QuotaShowQuotas on |
|---|
| 104 | | QuotaDisplayUnits Mb |
|---|
| 105 | | |
|---|
| 106 | | SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits WHERE name = '%{0}' AND quota_type = '%{1}'" |
|---|
| 107 | | SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'" |
|---|
| 108 | | SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" quotatallies |
|---|
| 109 | | SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies |
|---|
| 110 | | |
|---|
| 111 | | QuotaLock /var/run/proftpd/tally.lock |
|---|
| 112 | | QuotaLimitTable sql:/get-quota-limit |
|---|
| 113 | | QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally |
|---|
| 114 | | |
|---|
| 115 | | # |
|---|
| 116 | | # SSL via TLS |
|---|
| 117 | | # |
|---|
| 118 | | #<IfModule mod_tls.c> |
|---|
| 119 | | # TLSEngine off # on for use of TLS |
|---|
| 120 | | # TLSLog /var/log/proftpd/ftp_ssl.log # where to log to |
|---|
| 121 | | # TLSProtocol SSLv23 # SSLv23 or TLSv1 |
|---|
| 122 | | # TLSOptions NoCertRequest # either to request the certificate or not |
|---|
| 123 | | # TLSRSACertificateFile /etc/proftpd/ssl.crt # SSL certfile |
|---|
| 124 | | # TLSRSACertificateKeyFile /etc/proftpd/ssl.key # SSL keyfile |
|---|
| 125 | | # TLSVerifyClient off # client verification |
|---|
| 126 | | #</IfModule> |
|---|
| | 147 | DelayEngine on |
|---|
| | 148 | </IfModule> |
|---|
| | 149 | |
|---|
| | 150 | <IfModule mod_ctrls.c> |
|---|
| | 151 | ControlsEngine on |
|---|
| | 152 | ControlsMaxClients 2 |
|---|
| | 153 | ControlsLog /var/log/proftpd/controls.log |
|---|
| | 154 | ControlsInterval 5 |
|---|
| | 155 | ControlsSocket /var/run/proftpd/proftpd.sock |
|---|
| | 156 | </IfModule> |
|---|
| | 157 | |
|---|
| | 158 | <IfModule mod_ctrls_admin.c> |
|---|
| | 159 | AdminControlsEngine on |
|---|
| | 160 | </IfModule> |
|---|
| | 161 | |
|---|
| | 162 | # ispCP SQL Managment |
|---|
| | 163 | SQLBackend mysql |
|---|
| | 164 | SQLAuthTypes Crypt |
|---|
| | 165 | SQLAuthenticate on |
|---|
| | 166 | SQLConnectInfo {DATABASE_NAME}@{DATABASE_HOST} {DATABASE_USER} {DATABASE_PASS} |
|---|
| | 167 | SQLUserInfo ftp_users userid passwd uid gid homedir shell |
|---|
| | 168 | SQLGroupInfo ftp_group groupname gid members |
|---|
| | 169 | SQLMinID 2000 |
|---|
| | 170 | |
|---|
| | 171 | # A basic anonymous configuration, no upload directories. |
|---|
| | 172 | |
|---|
| | 173 | # <Anonymous ~ftp> |
|---|
| | 174 | # User ftp |
|---|
| | 175 | # Group nogroup |
|---|
| | 176 | # # We want clients to be able to login with "anonymous" as well as "ftp" |
|---|
| | 177 | # UserAlias anonymous ftp |
|---|
| | 178 | # # Cosmetic changes, all files belongs to ftp user |
|---|
| | 179 | # DirFakeUser on ftp |
|---|
| | 180 | # DirFakeGroup on ftp |
|---|
| | 181 | # |
|---|
| | 182 | # RequireValidShell off |
|---|
| | 183 | # |
|---|
| | 184 | # # Limit the maximum number of anonymous logins |
|---|
| | 185 | # MaxClients 10 |
|---|
| | 186 | # |
|---|
| | 187 | # # We want 'welcome.msg' displayed at login, and '.message' displayed |
|---|
| | 188 | # # in each newly chdired directory. |
|---|
| | 189 | # DisplayLogin welcome.msg |
|---|
| | 190 | # DisplayFirstChdir .message |
|---|
| | 191 | # |
|---|
| | 192 | # # Limit WRITE everywhere in the anonymous chroot |
|---|
| | 193 | # <Directory *> |
|---|
| | 194 | # <Limit WRITE> |
|---|
| | 195 | # DenyAll |
|---|
| | 196 | # </Limit> |
|---|
| | 197 | # </Directory> |
|---|
| | 198 | # |
|---|
| | 199 | # # Uncomment this if you're brave. |
|---|
| | 200 | # # <Directory incoming> |
|---|
| | 201 | # # # Umask 022 is a good standard umask to prevent new files and dirs |
|---|
| | 202 | # # # (second parm) from being group and world writable. |
|---|
| | 203 | # # Umask 022 022 |
|---|
| | 204 | # # <Limit READ WRITE> |
|---|
| | 205 | # # DenyAll |
|---|
| | 206 | # # </Limit> |
|---|
| | 207 | # # <Limit STOR> |
|---|
| | 208 | # # AllowAll |
|---|
| | 209 | # # </Limit> |
|---|
| | 210 | # # </Directory> |
|---|
| | 211 | # |
|---|
| | 212 | # </Anonymous> |
|---|
|
