#!/usr/bin/env bash # ------------- # --- Some functions # ------------- echononl(){ echo X\\c > /tmp/shprompt$$ if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then echo -e -n "$*\\c" 1>&2 else echo -e -n "$*" 1>&2 fi rm /tmp/shprompt$$ } fatal(){ echo "" echo -e "fatal error: $*" echo "" echo -e "\t\033[31m\033[1mInstalllation will be interrupted\033[m\033[m" echo "" exit 1 } error(){ echo "" echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*" echo "" } warn (){ echo "" echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*" echo "" } info (){ echo "" echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*" echo "" } echo_done() { echo -e "\033[80G[ \033[32mdone\033[m ]" } echo_ok() { echo -e "\033[80G[ \033[32mok\033[m ]" } echo_warning() { echo -e "\033[80G[ \033[33m\033[1mwarn\033[m ]" } echo_failed(){ echo -e "\033[80G[ \033[1;31mfailed\033[m ]" } echo_skipped() { echo -e "\033[80G[ \033[33m\033[1mskipped\033[m ]" } tmp_err_msg=$(mktemp) # - Is this a systemd system? # - if [[ "X$(which systemd)" = "X" ]]; then systemd_exists=false else systemd_exists=true fi echo "" # - Install debiab packages for pure-ftp # - _needed_packages="pure-ftpd-common pure-ftpd" echononl " Install Pure-FTPd from debian packages system" for _pkg in $_needed_packages ; do if aptitude search "$_pkg" | grep " $_pkg " | grep -e "^i" > /dev/null 2>&1 ; then continue else needed_packages="$needed_packages $_pkg" fi done if [[ -n "$needed_packages" ]] ; then DEBIAN_FRONTEND=noninteractive apt-get -y install $needed_packages > /dev/null 2> "$tmp_err_msg" if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else echo_skipped fi # - Configure to daemonize (standalone) # - echononl " Configure to daemonize pure-ftpd" perl -i -n -p -e 's#^([ ]*)(STANDALONE_OR_INETD=.*)#\1\#\# \2\nSTANDALONE_OR_INETD=standalone#g' \ /etc/default/pure-ftpd-common > /dev/null 2> "$tmp_err_msg" if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi echononl " Backup existing Configuration Directory" if [[ -d "/etc/pure-ftpd/conf" ]]; then cp -a /etc/pure-ftpd/conf /etc/pure-ftpd/conf.$(date +%Y-%m-%d-%H%M) > /dev/null 2> "$tmp_err_msg" if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else echo_skipped fatal "Configuration directory '/etc/pure-ftpd/conf' not found!" fi echononl " Changes Configuration directory \"/etc/pure-ftpd/conf\"" cd /etc/pure-ftpd/conf > /dev/null 2> "$tmp_err_msg" if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi # - Configure PureFTP # - installation_failed=false echononl " Configure Pure-FTPd" echo ",21" > /etc/pure-ftpd/conf/Bind if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi echo "50000 50400" > /etc/pure-ftpd/conf/PassivePortRange if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi echo "33" > /etc/pure-ftpd/conf/MinUID if [[ "$?" -ne 0 ]] ; then installation_failed=true error "$(cat $tmp_err_msg)" fi echo "UTF-8" > /etc/pure-ftpd/conf/FSCharset if [[ "$?" -ne 0 ]] ; then installation_failed=true fi echo "80" > /etc/pure-ftpd/conf/MaxDiskUsage if [[ "$?" -ne 0 ]] ; then installation_failed=true fi echo 'ALL:!aNULL:!SSLv3' > /etc/pure-ftpd/conf/TLSCipherSuite if [[ "$?" -ne 0 ]] ; then installation_failed=true fi echo "1" > /etc/pure-ftpd/conf/TLS if [[ "$?" -ne 0 ]] ; then installation_failed=true fi echo "yes" > /etc/pure-ftpd/conf/NoAnonymous if [[ "$?" -ne 0 ]] ; then installation_failed=true fi echo "yes" > /etc/pure-ftpd/conf/AnonymousCantUpload if [[ "$?" -ne 0 ]] ; then installation_failed=true fi echo "yes" > /etc/pure-ftpd/conf/DontResolve if [[ "$?" -ne 0 ]] ; then installation_failed=true fi echo "ftp" > /etc/pure-ftpd/conf/SyslogFacility if [[ "$?" -ne 0 ]] ; then installation_failed=true fi echo "clf:/var/log/pure-ftpd/transfer.log" > /etc/pure-ftpd/conf/AltLog if [[ "$?" -ne 0 ]] ; then installation_failed=true fi echo "yes" > /etc/pure-ftpd/conf/DisplayDotFiles if [[ "$?" -ne 0 ]] ; then installation_failed=true fi echo "no" > /etc/pure-ftpd/conf/ProhibitDotFilesWrite if [[ "$?" -ne 0 ]] ; then installation_failed=true fi echo "no" > /etc/pure-ftpd/conf/ProhibitDotFilesRead if [[ "$?" -ne 0 ]] ; then installation_failed=true fi echo "no" > /etc/pure-ftpd/conf/UnixAuthentication if [[ "$?" -ne 0 ]] ; then installation_failed=true fi echo "no" > /etc/pure-ftpd/conf/PAMAuthentication if [[ "$?" -ne 0 ]] ; then installation_failed=true fi echo "/etc/pure-ftpd/pureftpd.pdb" > /etc/pure-ftpd/conf/PureDB if $installation_failed ; then echo_failed else echo_ok fi echononl " Configure authentication method \"PureDB\"" if [[ ! -h /etc/pure-ftpd/auth/50pure ]]; then ln -s ../conf/PureDB /etc/pure-ftpd/auth/50pure > /dev/null 2> "$tmp_err_msg" if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else echo_skipped fi echononl " Create initial passwd file (pureftpd.passwd)" if [[ ! -f /etc/pure-ftpd/pureftpd.passwd ]]; then touch /etc/pure-ftpd/pureftpd.passwd > /dev/null 2> "$tmp_err_msg" if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else echo_skipped fi echononl " Create initial passwd database (pureftpd.pdb)" if [[ ! -f /etc/pure-ftpd/pureftpd.pdb ]]; then touch /etc/pure-ftpd/pureftpd.pdb > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else echo_skipped fi # - Create certificate/key file /etc/ssl/private/pure-ftpd.pem and # - also DH parameters file /etc/ssl/private/pure-ftpd-dhparams.pem # - subj=" C=DE ST=Berlin localityName=Berlin O=O.OPEN organizationalUnitName=Network Services commonName=$(hostname -f) emailAddress=argus@oopen.de " echononl " Create certificate 'pure-ftpd.pem'.." openssl req -batch -x509 -nodes -days 7304 -newkey rsa:2048 \ -subj "$(echo -n "$subj" | tr "\n" "/")" \ -keyout /etc/ssl/private/pure-ftpd.pem \ -out /etc/ssl/private/pure-ftpd.pem > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi echononl " Change permissions (600) on certification file.." chmod 600 /etc/ssl/private/pure-ftpd.pem > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi echononl " DH parameters file 'pure-ftpd-dhparams.pem'" openssl dhparam -dsaparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048 > $tmp_err_msg 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi # - Configure syslogd matching the configuration od amavisd # - echononl " Configure syslogd matching the ftp syslog facility" cat << EOF > /etc/rsyslog.d/pure-ftpd.conf ftp.* /var/log/pure-ftpd/ftp.log & stop EOF if [[ $? -eq 0 ]] ; then echo_ok else echo_failed fi echononl " Renew logrotation file '/etc/logrotate.d/pure-ftpd-common'" if [[ -f "/etc/logrotate.d/pure-ftpd-common" ]] ; then mv "/etc/logrotate.d/pure-ftpd-common" "/root/etc_logrotate.d_pure-ftpd-common.ORIG" pure_ftpd_control="$(which pure-ftpd-control)" if [[ -x "$pure_ftpd_control" ]] ; then cat << EOF > /etc/logrotate.d/pure-ftpd-common # # logrotate configuration file for pure-ftpd debian packages # # Copyright 2003,2004 by Stefan Hornburg (Racke) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public # License along with this program; if not, write to the Free # Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, # MA 02111-1307 USA. /var/log/pure-ftpd/ftp.log /var/log/pure-ftpd/transfer.log { weekly missingok rotate 7 compress delaycompress sharedscripts postrotate /usr/sbin/pure-ftpd-control restart >/dev/null endscript notifempty } EOF if [[ $? -eq 0 ]] ; then echo_ok else echo_failed fi else echo_skipped warn "'pure-ftpd-control' not found" fi else echo_failed error "No logrotation configuration /etc/logrotate.d/pure-ftpd-common found!" fi echononl " Restart syslog daemon (rsyslog)" if $systemd_exists ; then systemctl restart rsyslog > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else /etc/init.d/rsyslog restart > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi fi if [[ ! -f /etc/ssl/private/pure-ftpd.pem ]] && [[ ! -h /etc/ssl/private/pure-ftpd.pem ]]; then warn "No certificate/key for pure-ftpd is present (/etc/ssl/private/pure-ftpd.pem).\n pure.ftpd daemon will not start.\n\n Create Certificate and DH parameters file:\n openssl req -x509 -nodes -days 97300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem\n openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048\n\n Restart pure-ftpd service." else echononl " (Re)start PureFTPd daemon (pure-ftpd)" if $systemd_exists ; then systemctl restart pure-ftpd > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi else /etc/init.d/pure-ftpd restart > /dev/null 2> $tmp_err_msg if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "$(cat $tmp_err_msg)" fi fi fi echo rm -f $tmp_err_msg exit 0