PROFTPD

From Earlham CS Department
Jump to navigation Jump to search

Install the port from /usr/ports/ftp/proftpd

make; make install.

'I selected all defaults for the install'


===> SECURITY REPORT:

     This port has installed the following files, which may act as network
     servers and may therefore pose a remote security risk to the system.

/usr/local/sbin/proftpd

     This port has installed the following startup scripts, which may cause
     these network services to be started at boot time.

/usr/local/etc/rc.d/proftpd

make sure to edit /usr/local/etc/proftpd.conf

also add proftpd_enable="YES" to /etc/rc.conf


Tips

make sure to touch /var/log/proftpd.log '- for first time install'

also vi /etc/newsyslog.conf and add the following line to rotate the log

/var/log/proftpd.log 600 3 1000 * J


Current proftpd.conf settings

ServerName                      "Earlham CS Cluster Hopperprime ftp server"
ServerType                      standalone
DefaultServer                   on
ScoreboardFile                  /var/run/proftpd.scoreboard
# Logging
SystemLog               /var/log/proftpd.log
DisplayLogin            /etc/motd
Port                            21
MaxLoginAttempts        3
MaxClientsPerHost       3 "Sorry, you may not connect more than three times."
#Ports
PassivePorts            40000 49999

#set some basics on timeouts, etc...
TimeoutStalled       1800
TimeoutLogin         120
TimeoutIdle          600
TimeoutNoTransfer    900

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances                    30
CommandBufferSize               512

# Set the user and group under which the server will run.
User                            nobody
Group                           nogroup

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~

# Normally, we want files to be overwriteable.
AllowOverwrite          on

# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>