## ------------------------- INSTALLATION ------------------------- ## - install pure-ftpd ## - apt-get install pure-ftpd-common pure-ftpd ## - deamonize (standalone) / inetd ## - ## - in file /etc/default/pure-ftpd-common set: ## - STANDALONE_OR_INETD=standalone ## - perl -i -n -p -e 's#^([ ]*)(STANDALONE_OR_INETD=.*)#\1\#\# \2\nSTANDALONE_OR_INETD=standalone#g' \ /etc/default/pure-ftpd-common ## ------------------------- CONFIGURATION ------------------------- ## - ## - NOTICE: ## - see /usr/sbin/pure-ftpd-wrapper for mapping of files in ## - /etc/pure-ftpd/conf to commandline options of pure-ftpd ## - ipv4="83.223.85.132" ## - IP-Adress and Port to bind (option -S [,|,] [|]) ## - ## - echo "${ipv4},21" > /etc/pure-ftpd/conf/Bind ## - Listen on IPv4 and IPv6 ## - echo ",21" > /etc/pure-ftpd/conf/Bind #echo "::,21" > /etc/pure-ftpd/conf/Bind ## - Passive port range (option -p :) ## - echo "50000 50400" > /etc/pure-ftpd/conf/PassivePortRange ## - Passive Mode (option -P ) ## - ## - Force the specified IP address in reply to ## - a PASV/EPSV/SPSV command ## - echo "" > /etc/pure-ftpd/conf/ForcePassiveIP echo "$ipv4" > /etc/pure-ftpd/conf/ForcePassiveIP ## - Min UID (option -u ) ## - ## - Don't allow uids below to log in. '-u 1' denies access ## - to root (safe), '-u 100' denies access to virtual accounts on ## - most Linux distros ## - echo "33" > /etc/pure-ftpd/conf/MinUID ## - Max disk usage (option -k ) ## - ## - Don't allow uploads if the partition is more than ## # % full. For instance, "-k 95" will ensure your disks ## - will never get filled more than 95% by FTP. No need for the "percent" ## - sign after the number ## - echo "80" > /etc/pure-ftpd/conf/MaxDiskUsage ## - SSL/TLS SUPPORT (option -Y <0|1|2|3>) ## - 0:no TLS ## - 1:TLS+cleartext ## - 2:enforce TLS ## - 3:enforce encrypted data channel as well ## - echo "1" > /etc/pure-ftpd/conf/TLS ## - only allow autheticated users (optio --E) ## - ## - Anonymous logins are NOT permitted ## - echo "yes" > /etc/pure-ftpd/conf/NoAnonymous ## - Disallow uploads for annonymous users (option -i) ## - echo "yes" > /etc/pure-ftpd/conf/AnonymousCantUpload ## - avoid host name resolution (option -H) ## - ## - "213.41.14.252" will be logged instead of "www.toolinux.com" ## - echo "yes" > /etc/pure-ftpd/conf/DontResolve ## - LOGGING (option -f | none') ## - echo "ftp" > /etc/pure-ftpd/conf/SyslogFacility ## - alternate logfile (-O :) ## - clf | Stats | W3C | xferlog ## - echo "clf:/var/log/pure-ftpd/transfer.log" > /etc/pure-ftpd/conf/AltLog ## - display dot-files (option -D) ## - ## - List files beginning with a dot ('.') even when the client doesn't ## - append the '-a' option to the list command. A workaround for badly ## - configured FTP clients ## - echo "yes" > /etc/pure-ftpd/conf/DisplayDotFiles ## - prohibit dot-file read (option -X) ## - ## - allow reading dot-files ## - echo "no" > /etc/pure-ftpd/conf/ProhibitDotFilesRead ## - don't allow reading dot-files ## - echo "yes" > /etc/pure-ftpd/conf/ProhibitDotFilesRead ## - prohibit dot-files write (option -x) ## - ## - allow writing dot-files ## - echo "no" > /etc/pure-ftpd/conf/ProhibitDotFilesWrite ## - ## - don't allow writing dot-files ## - echo "yes" > /etc/pure-ftpd/conf/ProhibitDotFilesWrite ## - Customer Proof (Option -Z) ## - ## - protect customers against common mistakes (Option -Z) ## - ## - the '-Z' switch prevents your users against making bad 'chmod' ## - commands, that would deny access to files/directories to themselves. ## - The switch may turn on other features in the future. If you are a ## - hosting provider, turn this on. ## - echo "yes" > /etc/pure-ftpd/conf/CustomerProof ## ------------------------ AUTHENTICATION ------------------------ echo "/etc/pure-ftpd/pureftpd.pdb" > /etc/pure-ftpd/conf/PureDB echo "no" > /etc/pure-ftpd/conf/UnixAuthentication echo "no" > /etc/pure-ftpd/conf/PAMAuthentication cd /etc/pure-ftpd/auth/ rm * ln -s ../conf/PureDB 50pure touch /etc/pure-ftpd/pureftpd.pdb touch /etc/pure-ftpd/pureftpd.passwd ## - if moved from and existing server, place files ## - pureftpd.passwd ## - pureftpd.pdb ## - in folder /etc/pure-ftpd ## - ## - adduser ## - pure-pw useradd chris -u chris -g chris -d /home/chris pure-pw mkdb ## ------------------------ CERTIFICATES ------------------------ ## - place certificate (key+cert) named pure-ftpd.pem in folder ## - /etc/ssl/private ## - cat /usr/local/apache2/conf/wilcard.oopen.de-20110122.key /usr/local/apache2/conf/wilcard.oopen.de-20110122.crt > /etc/ssl/private/pure-ftpd.pem ## ------------------------ LOGGING ------------------------ ## - redirect FTP messages to a file, say /var/log/pure-ftpd/ftp.log ## - ## - add this line to your /etc/syslog.conf (/etc/rsyslog.conf)file: ## - ## - ftp.* /var/log/pure-ftpd/ftp.log ## - ## - or create file /etc/rsyslog.d/pure-ftpd.conf: ## - ## - ftp.* -/var/log/pure-ftpd/ftp.log ## - & ~ ## - ## - then user -f option (see obove) ## - ## - then restart syslogging: ## - ## - killall -HUP syslogd (killall -HUP rsyslogd) ## - ## - finally, if you do so, in file /etc/logrotate.d/pure-ftpd-common add ## - file ## - /var/log/pure-ftpd/ftp.log ## - ## - add to options: ## - sharedscripts ## - ## ------------------------ START pure-ftpd ------------------------ /etc/init.d/pure-ftpd start