Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Cleanup proftpd configuration and fix modules

Browse Source
This commit is contained in:
VirtuBox
2022-10-24 16:00:17 +02:00
parent ff05988a97
commit 508debb930
3 changed files with 9 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -20,6 +20,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- Netdata upgrade failure on old servers - Netdata upgrade failure on old servers
- MariaDB service disabled after upgrade with `wo stack migrate --mariadb` - MariaDB service disabled after upgrade with `wo stack migrate --mariadb`
- Proftpd install on Ubuntu 22.04
### v3.15.2 - 2022-09-23 ### v3.15.2 - 2022-09-23

2
wo/cli/templates/proftpd-tls.mustache
View File

@@ -4,6 +4,8 @@ TLSEngine on
TLSRequired on TLSRequired on
TLSLog /var/log/proftpd/tls.log TLSLog /var/log/proftpd/tls.log
TLSDHParamFile /etc/proftpd/dhparams.pem
# intermediate configuration from ssl-config.mozilla.org # intermediate configuration from ssl-config.mozilla.org
TLSProtocol TLSv1.2 TLSProtocol TLSv1.2
TLSCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 TLSCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

65
wo/cli/templates/proftpd.mustache
View File

@@ -2,7 +2,7 @@
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file. # /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes, reload proftpd after modifications, if # To really apply changes, reload proftpd after modifications, if
# it runs in daemon mode. It is not required in inetd/xinetd mode. # it runs in daemon mode. It is not required in inetd/xinetd mode.
# #
# Includes DSO modules # Includes DSO modules
Include /etc/proftpd/modules.conf Include /etc/proftpd/modules.conf
@@ -10,8 +10,9 @@ Include /etc/proftpd/modules.conf
# Set off to disable IPv6 support which is annoying on IPv4 only boxes. # Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 off UseIPv6 off
# If set on you can experience a longer connection delay in many cases. # If set on you can experience a longer connection delay in many cases.
<IfModule mod_ident.c>
IdentLookups off IdentLookups off
</IfModule>
ServerName "Debian" ServerName "Debian"
# Set to inetd only if you would run proftpd by inetd/xinetd. # Set to inetd only if you would run proftpd by inetd/xinetd.
# Read README.Debian for more information on proper configuration. # Read README.Debian for more information on proper configuration.
@@ -32,7 +33,7 @@ ListOptions "-l"
DenyFilter \*.*/ DenyFilter \*.*/
# Use this to jail all users in their homes # Use this to jail all users in their homes
DefaultRoot ~ DefaultRoot ~
# Users require a valid shell listed in /etc/shells to login. # Users require a valid shell listed in /etc/shells to login.
@@ -98,7 +99,7 @@ SystemLog /var/log/proftpd/proftpd.log
# from /etc/localtime. If this is not set, and proftpd is configured to # from /etc/localtime. If this is not set, and proftpd is configured to
# chroot (e.g. DefaultRoot or <Anonymous>), it will use the non-daylight # chroot (e.g. DefaultRoot or <Anonymous>), it will use the non-daylight
# savings timezone regardless of whether DST is in effect. # savings timezone regardless of whether DST is in effect.
#SetEnv TZ :/etc/localtime SetEnv TZ :/etc/localtime
<IfModule mod_quotatab.c> <IfModule mod_quotatab.c>
QuotaEngine off QuotaEngine off
@@ -111,7 +112,7 @@ Ratios off
# Delay engine reduces impact of the so-called Timing Attack described in # Delay engine reduces impact of the so-called Timing Attack described in
# http://www.securityfocus.com/bid/11430/discuss # http://www.securityfocus.com/bid/11430/discuss
# It is on by default. # It is on by default.
<IfModule mod_delay.c> <IfModule mod_delay.c>
DelayEngine on DelayEngine on
</IfModule> </IfModule>
@@ -128,64 +129,10 @@ ControlsSocket /var/run/proftpd/proftpd.sock
AdminControlsEngine off AdminControlsEngine off
</IfModule> </IfModule>
#
# Alternative authentication frameworks
#
#Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf
#
# This is used for FTPS connections # This is used for FTPS connections
# #
Include /etc/proftpd/tls.conf Include /etc/proftpd/tls.conf
#
# Useful to keep VirtualHost/VirtualRoot directives separated
#
#Include /etc/proftpd/virtuals.conf
# A basic anonymous configuration, no upload directories.
# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>
# Include other custom configuration files # Include other custom configuration files
Include /etc/proftpd/conf.d/ Include /etc/proftpd/conf.d/