ProFTPD (proftpd.conf)

ProFTPD para internet

Categoria: Ftp

Software: ProFTPD

[ Hits: 22.844 ]

Por: Lucas Pereira

Como minha primeira contribuição para o VOL, este é um arquivo de configuração para um servidor FTP mais seguro utilizando ProFTPD para Internet, permitindo login anônimo e modo passivo.

ServerName         "Servidor FTP para Internet"
ServerType         standalone
ServerIdent         off #esconde informações sobre o servidor (versão, etc...)
DeferWelcome         off

MultilineRFC2228      on
DefaultServer         on
ShowSymlinks         on

TimeoutNoTransfer      600
TimeoutStalled         600
TimeoutIdle         1200

DisplayLogin                    welcome.msg
DisplayChdir                  .message true
ListOptions                   "-l"

DenyFilter         \*.*/

# Use this to jail all users in their homes 
 DefaultRoot         ~ # chroot do usuário na pasta home correspondente

# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell      off

# Port 21 is the standard FTP port.
Port            2121 # coloquei essa porta, pois a maioria dos provedores de internet bloqueiam a porta 21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
 PassivePorts                  49152 49153 # modo passivo, pois a porta 20 também é geralmente bloqueada pelo provedor

# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress

# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances         30

# Set the user and group that the server normally runs at.
User            proftpd
Group            nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask            022  022
# Normally, we want files to be overwriteable.
AllowOverwrite         on

# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd      off

# This is required to use both PAM-based authentication and local passwords
# AuthOrder         mod_auth_pam.c* mod_auth_unix.c

# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
# UseSendFile         off

TransferLog /var/log/proftpd/xferlog
SystemLog   /var/log/proftpd/proftpd.log

<IfModule mod_quotatab.c>
QuotaEngine off

<IfModule mod_ratio.c>
Ratios off

# Delay engine reduces impact of the so-called Timing Attack described in
# It is on by default. 
<IfModule mod_delay.c>
DelayEngine on

<IfModule mod_ctrls.c>
ControlsEngine        off
ControlsMaxClients    30
ControlsLog           /var/log/proftpd/controls.log
ControlsInterval      5
ControlsSocket        /var/run/proftpd/proftpd.sock

<IfModule mod_ctrls_admin.c>
AdminControlsEngine off

# Alternative authentication frameworks
#Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf

# This is used for FTPS connections
#Include /etc/proftpd/tls.conf

# A basic anonymous configuration, no upload directories.

 <Anonymous ~ftp> #tudo o que está dentro desta tag serve para habilitar login anônimo sem precisar digitar senha
   User            ftp
   Group            nogroup
   # We want clients to be able to login with "anonymous" as well as "ftp"
   UserAlias         anonymous ftp
   # Cosmetic changes, all files belongs to ftp user
   DirFakeUser   on ftp
   DirFakeGroup on ftp
   RequireValidShell      off
   # Limit the maximum number of anonymous logins
   MaxClients         10
   # We want 'welcome.msg' displayed at login, and '.message' displayed
   # in each newly chdired directory.
   DisplayLogin         welcome.msg
   DisplayChdir      .message
   # Limit WRITE everywhere in the anonymous chroot
   <Directory *>
     <Limit WRITE>
   # Uncomment this if you're brave.
   #    Habilita upload para usuário anônimo (não recomendado)
   #   <Directory incoming>
   #   # Umask 022 is a good standard umask to prevent new files and dirs
   #   # (second parm) from being group and world writable.
   #   Umask            022  022
   #            <Limit READ WRITE>
   #            DenyAll
   #            </Limit>
   #            <Limit STOR>
   #            AllowAll
   #            </Limit>
   # </Directory>

[1] Comentário enviado por kmmx em 16/12/2012 - 10:39h

# Port 21 is the standard FTP port.
Port 2121 # coloquei essa porta, pois a maioria dos provedores de internet bloqueiam a porta 21

Obrigdo, você tinha razão!
Penei para descobrir porque não funcionava o acesso externo!

Contribuir com comentário



Site hospedado pelo provedor RedeHost.
Linux banner
Linux banner





Top 10 do mês