Initial Import.

2017-03-07 13:39:16 +01:00
commit a8070cc9da
3 changed files with 524 additions and 0 deletions
--- a/DOC/install_deb.txt
+++ b/DOC/install_deb.txt
@ -0,0 +1,220 @@
+## ------------------------- INSTALLATION -------------------------
+
+## - install pure-ftpd
+## -
+apt-get install pure-ftpd-common pure-ftpd
+
+
+
+## - deamonize (standalone) / inetd
+## -
+## - in file /etc/default/pure-ftpd-common set:
+## -    STANDALONE_OR_INETD=standalone
+## -
+perl -i -n -p -e 's#^([ ]*)(STANDALONE_OR_INETD=.*)#\1\#\# \2\nSTANDALONE_OR_INETD=standalone#g' \
+   /etc/default/pure-ftpd-common
+
+
+## ------------------------- CONFIGURATION -------------------------
+## -
+## - NOTICE:
+## -    see /usr/sbin/pure-ftpd-wrapper for mapping of files in
+## -    /etc/pure-ftpd/conf to commandline options of pure-ftpd
+## -
+
+ipv4="83.223.85.132"
+
+
+## - IP-Adress and Port to bind (option -S [<ip address>,|<hostname>,] [<port>|<service name>])
+## -
+## - 
+echo "${ipv4},21" > /etc/pure-ftpd/conf/Bind
+
+## - Listen on IPv4 and IPv6
+## -
+echo ",21" > /etc/pure-ftpd/conf/Bind
+#echo "::,21" > /etc/pure-ftpd/conf/Bind
+
+
+## - Passive port range (option -p <first port>:<last port>)
+## -
+echo "50000 50400" > /etc/pure-ftpd/conf/PassivePortRange
+
+## - Passive Mode (option -P <ip-address | hostname>)
+## -
+## - Force the specified IP address in reply to
+## - a PASV/EPSV/SPSV command
+## -
+echo "" > /etc/pure-ftpd/conf/ForcePassiveIP
+echo "$ipv4" > /etc/pure-ftpd/conf/ForcePassiveIP
+
+
+## - Min UID (option -u <uid>)
+## -
+## - Don't allow uids below <uid> to log in. '-u 1' denies access
+## - to root (safe), '-u 100' denies access to virtual accounts on 
+## - most Linux distros
+## -
+echo "33" > /etc/pure-ftpd/conf/MinUID
+
+
+## - Max disk usage (option -k <percentage>)
+## -
+## - Don't allow uploads if the partition is more than
+## # <percentage>% full. For instance, "-k 95" will ensure your disks 
+## - will never get filled more than 95% by FTP. No need for the "percent" 
+## - sign after the number
+## -
+echo "80" > /etc/pure-ftpd/conf/MaxDiskUsage
+
+
+## - SSL/TLS SUPPORT (option -Y <0|1|2|3>)
+## -    0:no TLS 
+## -    1:TLS+cleartext 
+## -    2:enforce TLS 
+## -    3:enforce encrypted data channel as well
+## -
+echo "1" > /etc/pure-ftpd/conf/TLS
+
+
+## - only allow autheticated users (optio --E)
+## -
+## - Anonymous logins are NOT permitted
+## -
+echo "yes" > /etc/pure-ftpd/conf/NoAnonymous
+
+
+## - Disallow uploads for annonymous users (option -i)
+## -
+echo "yes" > /etc/pure-ftpd/conf/AnonymousCantUpload
+
+
+## - avoid host name resolution (option -H)
+## -
+## - "213.41.14.252" will be logged instead of "www.toolinux.com"
+## -
+echo "yes" > /etc/pure-ftpd/conf/DontResolve
+
+
+## - LOGGING (option -f <facility> | none')
+## -
+echo "ftp" > /etc/pure-ftpd/conf/SyslogFacility
+
+
+## - alternate logfile (-O <format>:<log file>)
+## -    clf | Stats | W3C | xferlog
+## -
+echo "clf:/var/log/pure-ftpd/transfer.log"  > /etc/pure-ftpd/conf/AltLog
+
+
+## - display dot-files (option -D)
+## -
+## -  List files beginning with a dot ('.') even when the client doesn't
+## - append the '-a' option to the list command. A workaround for badly
+## - configured FTP clients
+## -
+echo "yes" > /etc/pure-ftpd/conf/DisplayDotFiles
+
+
+## - prohibit dot-file read (option -X)
+## -
+## - allow reading dot-files
+## -
+echo "no" > /etc/pure-ftpd/conf/ProhibitDotFilesRead
+## - don't allow reading dot-files
+## -
+echo "yes" > /etc/pure-ftpd/conf/ProhibitDotFilesRead
+
+
+## - prohibit dot-files write (option -x)
+## -
+## - allow writing dot-files
+## -
+echo "no" > /etc/pure-ftpd/conf/ProhibitDotFilesWrite
+## -
+## - don't allow writing dot-files
+## -
+echo "yes" > /etc/pure-ftpd/conf/ProhibitDotFilesWrite
+
+
+
+## - Customer Proof (Option -Z)
+## -
+## - protect customers against common mistakes (Option -Z)
+## -
+## - the '-Z' switch prevents your users against making bad 'chmod' 
+## - commands, that would deny access to files/directories to themselves. 
+## - The switch may turn on other features in the future. If you are a 
+## - hosting provider, turn this on.
+## -
+echo "yes" > /etc/pure-ftpd/conf/CustomerProof
+
+
+## ------------------------ AUTHENTICATION ------------------------
+
+
+
+echo "/etc/pure-ftpd/pureftpd.pdb" > /etc/pure-ftpd/conf/PureDB
+echo "no" > /etc/pure-ftpd/conf/UnixAuthentication
+echo "no" > /etc/pure-ftpd/conf/PAMAuthentication
+
+cd /etc/pure-ftpd/auth/
+rm *
+ln -s ../conf/PureDB 50pure
+
+touch /etc/pure-ftpd/pureftpd.pdb
+touch /etc/pure-ftpd/pureftpd.passwd
+
+## - if moved from and existing server, place files
+## -    pureftpd.passwd
+## -    pureftpd.pdb
+## - in folder /etc/pure-ftpd
+## -
+
+
+
+## - adduser
+## - 
+pure-pw useradd chris -u chris -g chris -d /home/chris
+pure-pw mkdb
+
+
+
+## ------------------------ CERTIFICATES ------------------------
+
+## - place certificate (key+cert) named pure-ftpd.pem in folder 
+## - /etc/ssl/private
+## -
+cat /usr/local/apache2/conf/wilcard.oopen.de-20110122.key /usr/local/apache2/conf/wilcard.oopen.de-20110122.crt > /etc/ssl/private/pure-ftpd.pem
+
+
+## ------------------------ LOGGING ------------------------
+
+## - redirect FTP messages to a file, say /var/log/pure-ftpd/ftp.log
+## - 
+## - add this line to your /etc/syslog.conf (/etc/rsyslog.conf)file:
+## - 
+## -    ftp.*  /var/log/pure-ftpd/ftp.log
+## -
+## - or create file /etc/rsyslog.d/pure-ftpd.conf:
+## -
+## -    ftp.*  -/var/log/pure-ftpd/ftp.log
+## -    & ~
+## -
+## - then user -f option (see obove)
+## -
+## - then restart syslogging:
+## -
+## -    killall -HUP syslogd (killall -HUP rsyslogd)
+## -
+## - finally, if you do so, in file /etc/logrotate.d/pure-ftpd-common add
+## - file
+## -     /var/log/pure-ftpd/ftp.log
+## -
+## - add to options:
+## -        sharedscripts
+## -
+
+## ------------------------ START pure-ftpd ------------------------
+
+/etc/init.d/pure-ftpd start