## ## Config with simple mysql authentication support ## Contributed by 'Stonki' ## Added to www.proftpd.org 18/Oct/2002 ## # This is a basic ProFTPD configuration file. It establishes a single # server and a single anonymous login. It assumes that you have a # user/group "nobody"/"nogroup" for normal operation and anon. # !!! PLEASE read the documentation of proftpd !!! # # You can find the documentation in /usr/doc/packages/proftpd/, # http://www.proftpd.org/ and don't forget to read carefully # and _follow_ hints on http://www.proftpd.net/security.html. # # geaendert: 03.11.2001 für ProFTP 1.2.4 und mod_sql 4.x # # # Basic # ServerName "Stonki" serverType inetd ServerAdmin support@stonki.de # # Debug Level # emerg, alert, crit (empfohlen), error, warn. notice, info, debug # #SyslogLevel emerg #SystemLog /var/log/proftpd.system.log # # uncomment, if you want to hide the servers name: # ServerIdent on "Stonki's Server" DeferWelcome on DefaultServer on # # Display # DisplayLogin /messages/ftp.motd DisplayConnect /net/messages/ftp.pre DisplayFirstChdir index.txt HiddenStor off DirFakeUser on stonki DirFakeGroup on stonki DirFakeMode 0000 # Enable PAM for authentication... # AuthPAM on # Setting this directive to on will cause authentication to fail # if PAM authentication fails. The default setting, off, allows # other modules and directives such as AuthUserFile and friends # to authenticate users. # # AuthPAMAuthoritative on # This directive allows you to specify the PAM service name used # in authentication (default is "proftpd" on SuSE Linux). # You have to setup the service in the /etc/pam.d/. # #AuthPAMConfig # Port 21 is the standard FTP port. Port 21 #------------------------mysql Modul: 4.x # # Zugangskontrolle # SQLAuthTypes Plaintext SQLAuthenticate users* SQLConnectInfo db@localhost username password SQLDefaultGID 65534 SQLDefaultUID 65534 SQLMinUserGID 100 SQLMinUserUID 500 SQLUserInfo ftp username password uid gid homedir shell # # aktive SQL Kommandos, ab hier passiert etwas :-) # SQLLog PASS counter SQLNamedQuery counter UPDATE "letzter_zugriff=now(), count=count+1 WHERE username='%u'" ftp # xfer Log in mysql SQLLog RETR,STOR transfer1 SQLNamedQuery transfer1 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now(), 'c', NULL" xfer_stat SQLLOG ERR_RETR,ERR_STOR transfer2 SQLNamedQuery transfer2 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now(), 'i', NULL" xfer_stat #------------------------mysql # Port 21 is the standard FTP port. Port 21 # disable listen on 0.0.0.0:21 - the port (and IP) should # be specified explicitly in each VirtualHost definition # #Port 0 # listen for each (additional) address explicitly that is # specified (via Bind and Port) in a VirtualHost definition # #SocketBindTight on # # FXP Unterstuetzung # AllowForeignAddress on # Umask 022 is a good standard umask to prevent new dirs # and files from being group and world writable. Umask 022 # Set the user and group that the server normally runs at. User nobody Group nogroup # Maximal Werte setzen MaxClientsPerHost 3 "Nicht mehr als %m Verbindungen" MaxClients 5 "Leider sind schon %m Clients verbunden" # RateReadBPS 5000 # RateReadFreeBytes 5000 # RateReadHardBPS on Classes on Class default limit 5 Class internet limit 2 Class local limit 3 Class internet ip 0.0.0.0/0 Class internet ip 192.168.99.99/24 Class local ip 127.0.0.1/24 Class local ip 192.168.0.0/24 # # Restart erlauben # AllowStoreRestart on AllowRetrieveRestart on # Normally, we want files to be overwriteable. AllowOverwrite off HideNoAccess on AllowAll DenyAll AllowOverwrite on AllowALL DenyALL # It is a very good idea to allow only filenames containing normal # alphanumeric characters for uploads (and not shell code...) #PathAllowFilter "^[a-zA-Z0-9_.-]()'+$" #PathAllowFilter "^[a-zA-Z0-9 _.-]()'+$" # We don't want .ftpaccess or .htaccess files to be uploaded #PathDenyFilter "(\.ftp)|(\.ht)[a-z]+$" #PathDenyFilter "\.ftp[a-z]+$" # Do not allow to pass printf-Formats (security! see documentation!): #AllowFilter "^[a-zA-Z0-9@~ /,_.-]*$" #DenyFilter "%" # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # such as xinetd) MaxInstances 30 # Performance: skip DNS resolution when we process the logs... UseReverseDNS on # Turn off Ident lookups IdentLookups on # Set the maximum number of seconds a data connection is allowed # to "stall" before being aborted. TimeoutStalled 300 # Where do we put the pid files? ScoreboardPath /usr/local/var/proftpd # # Logging options # TransferLog /var/log/proftpd.xferlog # Some logging formats # LogFormat default "%h %l %u %t \"%r\" %s %b" LogFormat auth "%v [%P] %h %t \"%r\" %s" LogFormat write "%h %l %u %t \"%r\" %s %b" # Log file/dir access ExtendedLog /var/log/proftpd.access_log WRITE,READ write # Record all logins ExtendedLog /var/log/proftpd.auth_log AUTH auth # Paranoia logging level.... ExtendedLog /var/log/proftpd.paranoid_log ALL default # # Do a chroot for web-users (i.e. public or www group), but # do not change root if the user is also in the users group... # DefaultRoot ~ !users # # Limit login attempts # MaxLoginAttempts 3 # # Users needs a valid shell # RequireValidShell off