# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on
Include /etc/proftpd/modules.conf
# Choose here the user alias you want
UserAlias test xxx1
ServerName "Test FTP"
ServerType standalone
DisplayLogin welcome.msg
DeferWelcome on
UseIPv6 off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks off
TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200
DisplayChdir .message
ListOptions "-l"
RequireValidShell off
TimeoutLogin 20
RootLogin off
# It's better for debug to create log files
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log
#DenyFilter \*.*/
# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off
# Allow to restart a download
AllowStoreRestart on
# Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)
Port 21
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
PersistentPasswd off
MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 5
MaxHostsPerUser 8
# Display a message after a successful login
AccessGrantMsg "xxx"
# This message is displayed for each access good or not
ServerIdent on "xxx"
# Lock all the users in home directory, ***** really important *****
DefaultRoot ~
MaxLoginAttempts 5
# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
DenyAll
</Limit>
# Delay engine reduces impact of the so-called Timing Attack described in
#
http://security.lss.hr/index.php?pag...LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>
# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
UseSendFile on
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/tls.log
TLSProtocol SSLv23 TLSv1
# Are clients required to use FTP over TLS when talking to this server?
TLSRequired on
# Server's certificate
TLSRSACertificateFile /etc/ftpcert/server.csr
TLSRSACertificateKeyFile /etc/ftpcert/server.key
# CA the server trusts
TLSCACertificateFile /etc/ftpcert/ca.crt
# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
TLSRenegotiate none
</IfModule>
#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
AllowUser xxx1
DenyALL
</Limit>
#
<Directory /home/FTP-xxx/xxx1/>
Umask 022 022
AllowOverwrite on
<Limit ALL>
Order Allow,Deny
AllowUser xxx1
Deny ALL
</Limit>
</Directory>
#<Directory /home/FTP-xxx>
#Umask 022 022
#AllowOverwrite off
# <Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
# DenyAll
# </Limit>
#</Directory>
Bookmarks