install/pure-ftpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial Import.

Browse Source
This commit is contained in:
Christoph 2017-03-07 13:39:16 +01:00
commit a8070cc9da
3 changed files with 524 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
/BAK/*
*.log
*.swp

220
DOC/install_deb.txt Normal file
View File

@ -0,0 +1,220 @@
## ------------------------- INSTALLATION -------------------------
## - install pure-ftpd
## -
apt-get install pure-ftpd-common pure-ftpd
## - deamonize (standalone) / inetd
## -
## - in file /etc/default/pure-ftpd-common set:
## - STANDALONE_OR_INETD=standalone
## -
perl -i -n -p -e 's#^([ ]*)(STANDALONE_OR_INETD=.*)#\1\#\# \2\nSTANDALONE_OR_INETD=standalone#g' \
/etc/default/pure-ftpd-common
## ------------------------- CONFIGURATION -------------------------
## -
## - NOTICE:
## - see /usr/sbin/pure-ftpd-wrapper for mapping of files in
## - /etc/pure-ftpd/conf to commandline options of pure-ftpd
## -
ipv4="83.223.85.132"
## - IP-Adress and Port to bind (option -S [<ip address>,|<hostname>,] [<port>|<service name>])
## -
## -
echo "${ipv4},21" > /etc/pure-ftpd/conf/Bind
## - Listen on IPv4 and IPv6
## -
echo ",21" > /etc/pure-ftpd/conf/Bind
#echo "::,21" > /etc/pure-ftpd/conf/Bind
## - Passive port range (option -p <first port>:<last port>)
## -
echo "50000 50400" > /etc/pure-ftpd/conf/PassivePortRange
## - Passive Mode (option -P <ip-address | hostname>)
## -
## - Force the specified IP address in reply to
## - a PASV/EPSV/SPSV command
## -
echo "" > /etc/pure-ftpd/conf/ForcePassiveIP
echo "$ipv4" > /etc/pure-ftpd/conf/ForcePassiveIP
## - Min UID (option -u <uid>)
## -
## - Don't allow uids below <uid> to log in. '-u 1' denies access
## - to root (safe), '-u 100' denies access to virtual accounts on
## - most Linux distros
## -
echo "33" > /etc/pure-ftpd/conf/MinUID
## - Max disk usage (option -k <percentage>)
## -
## - Don't allow uploads if the partition is more than
## # <percentage>% full. For instance, "-k 95" will ensure your disks
## - will never get filled more than 95% by FTP. No need for the "percent"
## - sign after the number
## -
echo "80" > /etc/pure-ftpd/conf/MaxDiskUsage
## - SSL/TLS SUPPORT (option -Y <0|1|2|3>)
## - 0:no TLS
## - 1:TLS+cleartext
## - 2:enforce TLS
## - 3:enforce encrypted data channel as well
## -
echo "1" > /etc/pure-ftpd/conf/TLS
## - only allow autheticated users (optio --E)
## -
## - Anonymous logins are NOT permitted
## -
echo "yes" > /etc/pure-ftpd/conf/NoAnonymous
## - Disallow uploads for annonymous users (option -i)
## -
echo "yes" > /etc/pure-ftpd/conf/AnonymousCantUpload
## - avoid host name resolution (option -H)
## -
## - "213.41.14.252" will be logged instead of "www.toolinux.com"
## -
echo "yes" > /etc/pure-ftpd/conf/DontResolve
## - LOGGING (option -f <facility> | none')
## -
echo "ftp" > /etc/pure-ftpd/conf/SyslogFacility
## - alternate logfile (-O <format>:<log file>)
## - clf | Stats | W3C | xferlog
## -
echo "clf:/var/log/pure-ftpd/transfer.log" > /etc/pure-ftpd/conf/AltLog
## - display dot-files (option -D)
## -
## - List files beginning with a dot ('.') even when the client doesn't
## - append the '-a' option to the list command. A workaround for badly
## - configured FTP clients
## -
echo "yes" > /etc/pure-ftpd/conf/DisplayDotFiles
## - prohibit dot-file read (option -X)
## -
## - allow reading dot-files
## -
echo "no" > /etc/pure-ftpd/conf/ProhibitDotFilesRead
## - don't allow reading dot-files
## -
echo "yes" > /etc/pure-ftpd/conf/ProhibitDotFilesRead
## - prohibit dot-files write (option -x)
## -
## - allow writing dot-files
## -
echo "no" > /etc/pure-ftpd/conf/ProhibitDotFilesWrite
## -
## - don't allow writing dot-files
## -
echo "yes" > /etc/pure-ftpd/conf/ProhibitDotFilesWrite
## - Customer Proof (Option -Z)
## -
## - protect customers against common mistakes (Option -Z)
## -
## - the '-Z' switch prevents your users against making bad 'chmod'
## - commands, that would deny access to files/directories to themselves.
## - The switch may turn on other features in the future. If you are a
## - hosting provider, turn this on.
## -
echo "yes" > /etc/pure-ftpd/conf/CustomerProof
## ------------------------ AUTHENTICATION ------------------------
echo "/etc/pure-ftpd/pureftpd.pdb" > /etc/pure-ftpd/conf/PureDB
echo "no" > /etc/pure-ftpd/conf/UnixAuthentication
echo "no" > /etc/pure-ftpd/conf/PAMAuthentication
cd /etc/pure-ftpd/auth/
rm *
ln -s ../conf/PureDB 50pure
touch /etc/pure-ftpd/pureftpd.pdb
touch /etc/pure-ftpd/pureftpd.passwd
## - if moved from and existing server, place files
## - pureftpd.passwd
## - pureftpd.pdb
## - in folder /etc/pure-ftpd
## -
## - adduser
## -
pure-pw useradd chris -u chris -g chris -d /home/chris
pure-pw mkdb
## ------------------------ CERTIFICATES ------------------------
## - place certificate (key+cert) named pure-ftpd.pem in folder
## - /etc/ssl/private
## -
cat /usr/local/apache2/conf/wilcard.oopen.de-20110122.key /usr/local/apache2/conf/wilcard.oopen.de-20110122.crt > /etc/ssl/private/pure-ftpd.pem
## ------------------------ LOGGING ------------------------
## - redirect FTP messages to a file, say /var/log/pure-ftpd/ftp.log
## -
## - add this line to your /etc/syslog.conf (/etc/rsyslog.conf)file:
## -
## - ftp.* /var/log/pure-ftpd/ftp.log
## -
## - or create file /etc/rsyslog.d/pure-ftpd.conf:
## -
## - ftp.* -/var/log/pure-ftpd/ftp.log
## - & ~
## -
## - then user -f option (see obove)
## -
## - then restart syslogging:
## -
## - killall -HUP syslogd (killall -HUP rsyslogd)
## -
## - finally, if you do so, in file /etc/logrotate.d/pure-ftpd-common add
## - file
## - /var/log/pure-ftpd/ftp.log
## -
## - add to options:
## - sharedscripts
## -
## ------------------------ START pure-ftpd ------------------------
/etc/init.d/pure-ftpd start

301
install_pure-ftpd.sh Executable file
View File

@ -0,0 +1,301 @@
#!/usr/bin/env bash
# -------------
# --- Some functions
# -------------
echononl(){
echo X\\c > /tmp/shprompt$$
if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
echo -e -n "$*\\c" 1>&2
else
echo -e -n "$*" 1>&2
fi
rm /tmp/shprompt$$
}
fatal(){
echo ""
echo -e "fatal error: $*"
echo ""
echo -e "\t\033[31m\033[1mInstalllation will be interrupted\033[m\033[m"
echo ""
exit 1
}
error(){
echo ""
echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
echo ""
}
warn (){
echo ""
echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
echo ""
}
info (){
echo ""
echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
echo ""
}
echo_done() {
echo -e "\033[80G[ \033[32mdone\033[m ]"
}
echo_ok() {
echo -e "\033[80G[ \033[32mok\033[m ]"
}
echo_warning() {
echo -e "\033[80G[ \033[33m\033[1mwarn\033[m ]"
}
echo_failed(){
echo -e "\033[80G[ \033[1;31mfailed\033[m ]"
}
echo_skipped() {
echo -e "\033[80G[ \033[33m\033[1mskipped\033[m ]"
}
tmp_err_msg=$(mktemp)
# - Is this a systemd system?
# -
if [[ "X$(which systemd)" = "X" ]]; then
systemd_exists=false
else
systemd_exists=true
fi
echo ""
# - Install debiab packages for pure-ftp
# -
_needed_packages="pure-ftpd-common pure-ftpd"
echononl " Install Pure-FTPd from debian packages system"
for _pkg in $_needed_packages ; do
if aptitude search "$_pkg" | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then
continue
else
needed_packages="$needed_packages $_pkg"
fi
done
if [[ -n "$needed_packages" ]] ; then
DEBIAN_FRONTEND=noninteractive apt-get -y install $needed_packages > /dev/null 2> "$tmp_err_msg"
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $tmp_err_msg)"
fi
else
echo_skipped
fi
# - Configure to daemonize (standalone)
# -
echononl " Configure to daemonize pure-ftpd"
perl -i -n -p -e 's#^([ ]*)(STANDALONE_OR_INETD=.*)#\1\#\# \2\nSTANDALONE_OR_INETD=standalone#g' \
/etc/default/pure-ftpd-common > /dev/null 2> "$tmp_err_msg"
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $tmp_err_msg)"
fi
echononl " Backup existing Configuration Directory"
if [[ -d "/etc/pure-ftpd/conf" ]]; then
mv /etc/pure-ftpd/conf /etc/pure-ftpd/conf.$(date +%Y-%m-%d-%H%M) > /dev/null 2> "$tmp_err_msg"
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $tmp_err_msg)"
fi
else
echo_skipped
fatal "Configuration directory '/etc/pure-ftpd/conf' not found!"
fi
echononl " Changes Configuration directory \"/etc/pure-ftpd/conf\""
cd /etc/pure-ftpd/conf > /dev/null 2> "$tmp_err_msg"
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $tmp_err_msg)"
fi
# - Configure PureFTP
# -
installation_failed=false
echononl " Configure Pure-FTPd"
echo ",21" > /etc/pure-ftpd/conf/Bind
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
error "$(cat $tmp_err_msg)"
fi
echo "50000 50400" > /etc/pure-ftpd/conf/PassivePortRange
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
error "$(cat $tmp_err_msg)"
fi
echo "1000" > /etc/pure-ftpd/conf/MinUID
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
error "$(cat $tmp_err_msg)"
fi
echo "80" > /etc/pure-ftpd/conf/MaxDiskUsage
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
fi
echo "1" > /etc/pure-ftpd/conf/TLS
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
fi
echo "yes" > /etc/pure-ftpd/conf/NoAnonymous
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
fi
echo "yes" > /etc/pure-ftpd/conf/AnonymousCantUpload
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
fi
echo "yes" > /etc/pure-ftpd/conf/DontResolve
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
fi
echo "ftp" > /etc/pure-ftpd/conf/SyslogFacility
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
fi
echo "clf:/var/log/pure-ftpd/transfer.log" > /etc/pure-ftpd/conf/AltLog
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
fi
echo "yes" > /etc/pure-ftpd/conf/DisplayDotFiles
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
fi
echo "no" > /etc/pure-ftpd/conf/ProhibitDotFilesWrite
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
fi
echo "no" > /etc/pure-ftpd/conf/ProhibitDotFilesRead
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
fi
echo "no" > /etc/pure-ftpd/conf/UnixAuthentication
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
fi
echo "no" > /etc/pure-ftpd/conf/PAMAuthentication
if [[ "$?" -ne 0 ]] ; then
installation_failed=true
fi
if $installation_failed ; then
echo_failed
else
echo_ok
fi
echononl " Configure authentication method \"PureDB\""
if [[ ! -h /etc/pure-ftpd/auth/50pure ]]; then
ln -s ../conf/PureDB /etc/pure-ftpd/auth/50pure > /dev/null 2> "$tmp_err_msg"
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $tmp_err_msg)"
fi
else
echo_skipped
fi
echononl " Create initial passwd file (pureftpd.passwd)"
if [[ ! -f /etc/pure-ftpd/pureftpd.passwd ]]; then
touch /etc/pure-ftpd/pureftpd.passwd > /dev/null 2> "$tmp_err_msg"
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $tmp_err_msg)"
fi
else
echo_skipped
fi
echononl " Create initial passwd database (pureftpd.pdb)"
if [[ ! -f /etc/pure-ftpd/pureftpd.pdb ]]; then
touch /etc/pure-ftpd/pureftpd.pdb
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $tmp_err_msg)"
fi
else
echo_skipped
fi
# - Configure syslogd matching the configuration od amavisd
# -
echononl " Configure syslogd matching the ftp syslog facility"
cat << EOF > /etc/rsyslog.d/pure-ftpd.conf
ftp.* /var/log/pure-ftpd/ftp.log
& ~
EOF
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fi
echononl " Restart syslog daemon (rsyslog)"
if $systemd_exists ; then
systemctl restart rsyslog > /dev/null 2> $tmp_err_msg
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $tmp_err_msg)"
fi
else
/etc/init.d/rsyslog restart > /dev/null 2> $tmp_err_msg
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $tmp_err_msg)"
fi
fi
if [[ ! -f /etc/ssl/private/pure-ftpd.pem ]] && [[ ! -h /etc/ssl/private/pure-ftpd.pem ]]; then
warn "No certificate/key for pure-ftpd is present (/etc/ssl/private/pure-ftpd.pem).\n pure.ftpd daemon will not start"
else
echononl " (Re)start PureFTPd daemon (pure-ftpd)"
if $systemd_exists ; then
systemctl restart pure-ftpd > /dev/null 2> $tmp_err_msg
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $tmp_err_msg)"
fi
else
/etc/init.d/pure-ftpd restart > /dev/null 2> $tmp_err_msg
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $tmp_err_msg)"
fi
fi
fi
echo
rm -f $tmp_err_msg
exit 0