commit a8070cc9dabd40c17ee6d89be9564ed7d69ed3ee Author: Christoph Date: Tue Mar 7 13:39:16 2017 +0100 Initial Import. diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..28a99d7 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +/BAK/* +*.log +*.swp diff --git a/DOC/install_deb.txt b/DOC/install_deb.txt new file mode 100644 index 0000000..71d93d1 --- /dev/null +++ b/DOC/install_deb.txt @@ -0,0 +1,220 @@ +## ------------------------- INSTALLATION ------------------------- + +## - install pure-ftpd +## - +apt-get install pure-ftpd-common pure-ftpd + + + +## - deamonize (standalone) / inetd +## - +## - in file /etc/default/pure-ftpd-common set: +## - STANDALONE_OR_INETD=standalone +## - +perl -i -n -p -e 's#^([ ]*)(STANDALONE_OR_INETD=.*)#\1\#\# \2\nSTANDALONE_OR_INETD=standalone#g' \ + /etc/default/pure-ftpd-common + + +## ------------------------- CONFIGURATION ------------------------- +## - +## - NOTICE: +## - see /usr/sbin/pure-ftpd-wrapper for mapping of files in +## - /etc/pure-ftpd/conf to commandline options of pure-ftpd +## - + +ipv4="83.223.85.132" + + +## - IP-Adress and Port to bind (option -S [,|,] [|]) +## - +## - +echo "${ipv4},21" > /etc/pure-ftpd/conf/Bind + +## - Listen on IPv4 and IPv6 +## - +echo ",21" > /etc/pure-ftpd/conf/Bind +#echo "::,21" > /etc/pure-ftpd/conf/Bind + + +## - Passive port range (option -p :) +## - +echo "50000 50400" > /etc/pure-ftpd/conf/PassivePortRange + +## - Passive Mode (option -P ) +## - +## - Force the specified IP address in reply to +## - a PASV/EPSV/SPSV command +## - +echo "" > /etc/pure-ftpd/conf/ForcePassiveIP +echo "$ipv4" > /etc/pure-ftpd/conf/ForcePassiveIP + + +## - Min UID (option -u ) +## - +## - Don't allow uids below to log in. '-u 1' denies access +## - to root (safe), '-u 100' denies access to virtual accounts on +## - most Linux distros +## - +echo "33" > /etc/pure-ftpd/conf/MinUID + + +## - Max disk usage (option -k ) +## - +## - Don't allow uploads if the partition is more than +## # % full. For instance, "-k 95" will ensure your disks +## - will never get filled more than 95% by FTP. No need for the "percent" +## - sign after the number +## - +echo "80" > /etc/pure-ftpd/conf/MaxDiskUsage + + +## - SSL/TLS SUPPORT (option -Y <0|1|2|3>) +## - 0:no TLS +## - 1:TLS+cleartext +## - 2:enforce TLS +## - 3:enforce encrypted data channel as well +## - +echo "1" > /etc/pure-ftpd/conf/TLS + + +## - only allow autheticated users (optio --E) +## - +## - Anonymous logins are NOT permitted +## - +echo "yes" > /etc/pure-ftpd/conf/NoAnonymous + + +## - Disallow uploads for annonymous users (option -i) +## - +echo "yes" > /etc/pure-ftpd/conf/AnonymousCantUpload + + +## - avoid host name resolution (option -H) +## - +## - "213.41.14.252" will be logged instead of "www.toolinux.com" +## - +echo "yes" > /etc/pure-ftpd/conf/DontResolve + + +## - LOGGING (option -f | none') +## - +echo "ftp" > /etc/pure-ftpd/conf/SyslogFacility + + +## - alternate logfile (-O :) +## - clf | Stats | W3C | xferlog +## - +echo "clf:/var/log/pure-ftpd/transfer.log" > /etc/pure-ftpd/conf/AltLog + + +## - display dot-files (option -D) +## - +## - List files beginning with a dot ('.') even when the client doesn't +## - append the '-a' option to the list command. A workaround for badly +## - configured FTP clients +## - +echo "yes" > /etc/pure-ftpd/conf/DisplayDotFiles + + +## - prohibit dot-file read (option -X) +## - +## - allow reading dot-files +## - +echo "no" > /etc/pure-ftpd/conf/ProhibitDotFilesRead +## - don't allow reading dot-files +## - +echo "yes" > /etc/pure-ftpd/conf/ProhibitDotFilesRead + + +## - prohibit dot-files write (option -x) +## - +## - allow writing dot-files +## - +echo "no" > /etc/pure-ftpd/conf/ProhibitDotFilesWrite +## - +## - don't allow writing dot-files +## - +echo "yes" > /etc/pure-ftpd/conf/ProhibitDotFilesWrite + + + +## - Customer Proof (Option -Z) +## - +## - protect customers against common mistakes (Option -Z) +## - +## - the '-Z' switch prevents your users against making bad 'chmod' +## - commands, that would deny access to files/directories to themselves. +## - The switch may turn on other features in the future. If you are a +## - hosting provider, turn this on. +## - +echo "yes" > /etc/pure-ftpd/conf/CustomerProof + + +## ------------------------ AUTHENTICATION ------------------------ + + + +echo "/etc/pure-ftpd/pureftpd.pdb" > /etc/pure-ftpd/conf/PureDB +echo "no" > /etc/pure-ftpd/conf/UnixAuthentication +echo "no" > /etc/pure-ftpd/conf/PAMAuthentication + +cd /etc/pure-ftpd/auth/ +rm * +ln -s ../conf/PureDB 50pure + +touch /etc/pure-ftpd/pureftpd.pdb +touch /etc/pure-ftpd/pureftpd.passwd + +## - if moved from and existing server, place files +## - pureftpd.passwd +## - pureftpd.pdb +## - in folder /etc/pure-ftpd +## - + + + +## - adduser +## - +pure-pw useradd chris -u chris -g chris -d /home/chris +pure-pw mkdb + + + +## ------------------------ CERTIFICATES ------------------------ + +## - place certificate (key+cert) named pure-ftpd.pem in folder +## - /etc/ssl/private +## - +cat /usr/local/apache2/conf/wilcard.oopen.de-20110122.key /usr/local/apache2/conf/wilcard.oopen.de-20110122.crt > /etc/ssl/private/pure-ftpd.pem + + +## ------------------------ LOGGING ------------------------ + +## - redirect FTP messages to a file, say /var/log/pure-ftpd/ftp.log +## - +## - add this line to your /etc/syslog.conf (/etc/rsyslog.conf)file: +## - +## - ftp.* /var/log/pure-ftpd/ftp.log +## - +## - or create file /etc/rsyslog.d/pure-ftpd.conf: +## - +## - ftp.* -/var/log/pure-ftpd/ftp.log +## - & ~ +## - +## - then user -f option (see obove) +## - +## - then restart syslogging: +## - +## - killall -HUP syslogd (killall -HUP rsyslogd) +## - +## - finally, if you do so, in file /etc/logrotate.d/pure-ftpd-common add +## - file +## - /var/log/pure-ftpd/ftp.log +## - +## - add to options: +## - sharedscripts +## - + +## ------------------------ START pure-ftpd ------------------------ + +/etc/init.d/pure-ftpd start diff --git a/install_pure-ftpd.sh b/install_pure-ftpd.sh new file mode 100755 index 0000000..8f7d986 --- /dev/null +++ b/install_pure-ftpd.sh @@ -0,0 +1,301 @@ +#!/usr/bin/env bash + +# ------------- +# --- Some functions +# ------------- +echononl(){ + echo X\\c > /tmp/shprompt$$ + if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then + echo -e -n "$*\\c" 1>&2 + else + echo -e -n "$*" 1>&2 + fi + rm /tmp/shprompt$$ +} + +fatal(){ + echo "" + echo -e "fatal error: $*" + echo "" + echo -e "\t\033[31m\033[1mInstalllation will be interrupted\033[m\033[m" + echo "" + exit 1 +} + +error(){ + echo "" + echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*" + echo "" +} + +warn (){ + echo "" + echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*" + echo "" +} + +info (){ + echo "" + echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*" + echo "" +} + +echo_done() { + echo -e "\033[80G[ \033[32mdone\033[m ]" +} +echo_ok() { + echo -e "\033[80G[ \033[32mok\033[m ]" +} +echo_warning() { + echo -e "\033[80G[ \033[33m\033[1mwarn\033[m ]" +} +echo_failed(){ + echo -e "\033[80G[ \033[1;31mfailed\033[m ]" +} +echo_skipped() { + echo -e "\033[80G[ \033[33m\033[1mskipped\033[m ]" +} + +tmp_err_msg=$(mktemp) + +# - Is this a systemd system? +# - +if [[ "X$(which systemd)" = "X" ]]; then + systemd_exists=false +else + systemd_exists=true +fi + +echo "" + + +# - Install debiab packages for pure-ftp +# - +_needed_packages="pure-ftpd-common pure-ftpd" +echononl " Install Pure-FTPd from debian packages system" +for _pkg in $_needed_packages ; do + if aptitude search "$_pkg" | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then + continue + else + needed_packages="$needed_packages $_pkg" + fi +done +if [[ -n "$needed_packages" ]] ; then + DEBIAN_FRONTEND=noninteractive apt-get -y install $needed_packages > /dev/null 2> "$tmp_err_msg" + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + echo_skipped +fi + +# - Configure to daemonize (standalone) +# - +echononl " Configure to daemonize pure-ftpd" +perl -i -n -p -e 's#^([ ]*)(STANDALONE_OR_INETD=.*)#\1\#\# \2\nSTANDALONE_OR_INETD=standalone#g' \ + /etc/default/pure-ftpd-common > /dev/null 2> "$tmp_err_msg" +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $tmp_err_msg)" +fi + +echononl " Backup existing Configuration Directory" +if [[ -d "/etc/pure-ftpd/conf" ]]; then + mv /etc/pure-ftpd/conf /etc/pure-ftpd/conf.$(date +%Y-%m-%d-%H%M) > /dev/null 2> "$tmp_err_msg" + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + echo_skipped + fatal "Configuration directory '/etc/pure-ftpd/conf' not found!" +fi + + +echononl " Changes Configuration directory \"/etc/pure-ftpd/conf\"" +cd /etc/pure-ftpd/conf > /dev/null 2> "$tmp_err_msg" +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + error "$(cat $tmp_err_msg)" +fi + +# - Configure PureFTP +# - +installation_failed=false +echononl " Configure Pure-FTPd" +echo ",21" > /etc/pure-ftpd/conf/Bind +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +echo "50000 50400" > /etc/pure-ftpd/conf/PassivePortRange +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +echo "1000" > /etc/pure-ftpd/conf/MinUID +if [[ "$?" -ne 0 ]] ; then + installation_failed=true + error "$(cat $tmp_err_msg)" +fi +echo "80" > /etc/pure-ftpd/conf/MaxDiskUsage +if [[ "$?" -ne 0 ]] ; then + installation_failed=true +fi +echo "1" > /etc/pure-ftpd/conf/TLS +if [[ "$?" -ne 0 ]] ; then + installation_failed=true +fi +echo "yes" > /etc/pure-ftpd/conf/NoAnonymous +if [[ "$?" -ne 0 ]] ; then + installation_failed=true +fi +echo "yes" > /etc/pure-ftpd/conf/AnonymousCantUpload +if [[ "$?" -ne 0 ]] ; then + installation_failed=true +fi +echo "yes" > /etc/pure-ftpd/conf/DontResolve +if [[ "$?" -ne 0 ]] ; then + installation_failed=true +fi +echo "ftp" > /etc/pure-ftpd/conf/SyslogFacility +if [[ "$?" -ne 0 ]] ; then + installation_failed=true +fi +echo "clf:/var/log/pure-ftpd/transfer.log" > /etc/pure-ftpd/conf/AltLog +if [[ "$?" -ne 0 ]] ; then + installation_failed=true +fi +echo "yes" > /etc/pure-ftpd/conf/DisplayDotFiles +if [[ "$?" -ne 0 ]] ; then + installation_failed=true +fi +echo "no" > /etc/pure-ftpd/conf/ProhibitDotFilesWrite +if [[ "$?" -ne 0 ]] ; then + installation_failed=true +fi +echo "no" > /etc/pure-ftpd/conf/ProhibitDotFilesRead +if [[ "$?" -ne 0 ]] ; then + installation_failed=true +fi +echo "no" > /etc/pure-ftpd/conf/UnixAuthentication +if [[ "$?" -ne 0 ]] ; then + installation_failed=true +fi +echo "no" > /etc/pure-ftpd/conf/PAMAuthentication +if [[ "$?" -ne 0 ]] ; then + installation_failed=true +fi +if $installation_failed ; then + echo_failed +else + echo_ok +fi + + +echononl " Configure authentication method \"PureDB\"" +if [[ ! -h /etc/pure-ftpd/auth/50pure ]]; then + ln -s ../conf/PureDB /etc/pure-ftpd/auth/50pure > /dev/null 2> "$tmp_err_msg" + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + echo_skipped +fi + +echononl " Create initial passwd file (pureftpd.passwd)" +if [[ ! -f /etc/pure-ftpd/pureftpd.passwd ]]; then + touch /etc/pure-ftpd/pureftpd.passwd > /dev/null 2> "$tmp_err_msg" + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + echo_skipped +fi + +echononl " Create initial passwd database (pureftpd.pdb)" +if [[ ! -f /etc/pure-ftpd/pureftpd.pdb ]]; then + touch /etc/pure-ftpd/pureftpd.pdb + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + echo_skipped +fi + +# - Configure syslogd matching the configuration od amavisd +# - +echononl " Configure syslogd matching the ftp syslog facility" +cat << EOF > /etc/rsyslog.d/pure-ftpd.conf +ftp.* /var/log/pure-ftpd/ftp.log +& ~ +EOF +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed +fi + +echononl " Restart syslog daemon (rsyslog)" +if $systemd_exists ; then + systemctl restart rsyslog > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +else + /etc/init.d/rsyslog restart > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi +fi + +if [[ ! -f /etc/ssl/private/pure-ftpd.pem ]] && [[ ! -h /etc/ssl/private/pure-ftpd.pem ]]; then + warn "No certificate/key for pure-ftpd is present (/etc/ssl/private/pure-ftpd.pem).\n pure.ftpd daemon will not start" +else + echononl " (Re)start PureFTPd daemon (pure-ftpd)" + if $systemd_exists ; then + systemctl restart pure-ftpd > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi + else + /etc/init.d/pure-ftpd restart > /dev/null 2> $tmp_err_msg + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $tmp_err_msg)" + fi + fi +fi + +echo +rm -f $tmp_err_msg +exit 0