maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

improve/update proftpd configuration template; fixes #1148

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2023-07-24 10:38:44 +02:00
parent 6616bd9a38
commit 5f05478c76
8 changed files with 241 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/Froxlor/Cli/ConfigServices.php
View File

@@ -42,7 +42,7 @@ final class ConfigServices extends CliCommand
{
private $yes_to_all_supported = [
/* 'bookworm', */
'bookworm',
'bionic',
'bullseye',
'buster',

41
lib/configfiles/bionic.xml
View File

@@ -1529,7 +1529,7 @@ user = <SQL_UNPRIVILEGED_USER>
password = <SQL_UNPRIVILEGED_PASSWORD>
dbname = <SQL_DB>
hosts = <SQL_HOST>
query = SELECT domain FROM panel_domains WHERE domain = '%s' AND isemaildomain = '1'
query = SELECT domain FROM panel_domains WHERE domain = '%s' AND isemaildomain = '1' AND deactivated = 0
]]>
</content>
</file>
@@ -3962,7 +3962,6 @@ ServerName "<SERVERNAME> FTP Server"
ServerType standalone
DeferWelcome off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
@@ -4299,7 +4298,6 @@ SQLNamedQuery get-quota-limit SELECT "ftp_users.username AS name, ftp_quotalimit
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used,bytes_out_used, bytes_xfer_used, files_in_used, files_out_used,files_xfer_used FROM ftp_quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used= files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name= '%{6}' AND quota_type = '%{7}'" ftp_quotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies
</IfModule>
]]>
</content>
@@ -4310,16 +4308,16 @@ SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol TLSv1 TLSv1.1 TLSv1.2
TLSProtocol TLSv1.2 TLSv1.3
TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
TLSECCertificateFile /etc/ssl/certs/proftpd_ec.crt
TLSECCertificateKeyFile /etc/ssl/private/proftpd_ec.key
TLSOptions NoCertRequest NoSessionReuseRequired
TLSOptions NoSessionReuseRequired
TLSVerifyClient off
# Are clients required to use FTP over TLS when talking to this server?
#TLSRequired on
TLSRequired on
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotiations. Some clients do not support
@@ -4329,6 +4327,37 @@ TLSVerifyClient off
#
#TLSRenegotiate required off
</IfModule>
]]>
</content>
</file>
<file name="/etc/proftpd/conf.d/99-froxlor-ratelimit.conf" chown="root:0"
chmod="0644">
<content><![CDATA[
<Class whitelist>
From 127.0.0.1
</Class>
MaxLoginAttempts 3
<IfModule mod_ban.c>
<IfClass whitelist>
BanEngine off
</IfClass>
<IfClass !whitelist>
BanEngine on
</IfClass>
BanLog /var/log/proftpd/ban.log
BanTable /etc/proftpd/ban.tab
BanMessage "User %u was banned."
BanOnEvent ClientConnectRate 5/00:00:02 12:00:00 "Stop connecting frequently"
BanOnEvent MaxLoginAttempts 3/00:30:00 12:00:00
BanOnEvent AnonRejectPasswords 1/01:00:00 99:99:99
BanControlsACLs all allow user root
</IfModule>
<IfClass whitelist>
BanEngine off
DelayEngine off
</IfClass>
]]>
</content>
</file>

37
lib/configfiles/bookworm.xml
View File

@@ -1488,7 +1488,7 @@ user = <SQL_UNPRIVILEGED_USER>
password = <SQL_UNPRIVILEGED_PASSWORD>
dbname = <SQL_DB>
hosts = <SQL_HOST>
query = SELECT domain FROM panel_domains WHERE domain = '%s' AND isemaildomain = '1'
query = SELECT domain FROM panel_domains WHERE domain = '%s' AND isemaildomain = '1' AND deactivated = 0
]]>
</content>
</file>
@@ -2950,7 +2950,7 @@ SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol TLSv1 TLSv1.1 TLSv1.2
TLSProtocol TLSv1.2 TLSv1.3
TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
TLSECCertificateFile /etc/ssl/certs/proftpd_ec.crt
@@ -2959,7 +2959,7 @@ TLSOptions NoSessionReuseRequired
TLSVerifyClient off
# Are clients required to use FTP over TLS when talking to this server?
#TLSRequired on
TLSRequired on
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotiations. Some clients do not support
@@ -2969,6 +2969,37 @@ TLSVerifyClient off
#
#TLSRenegotiate required off
</IfModule>
]]>
</content>
</file>
<file name="/etc/proftpd/conf.d/99-froxlor-ratelimit.conf" chown="root:0"
chmod="0644">
<content><![CDATA[
<Class whitelist>
From 127.0.0.1
</Class>
MaxLoginAttempts 3
<IfModule mod_ban.c>
<IfClass whitelist>
BanEngine off
</IfClass>
<IfClass !whitelist>
BanEngine on
</IfClass>
BanLog /var/log/proftpd/ban.log
BanTable /etc/proftpd/ban.tab
BanMessage "User %u was banned."
BanOnEvent ClientConnectRate 5/00:00:02 12:00:00 "Stop connecting frequently"
BanOnEvent MaxLoginAttempts 3/00:30:00 12:00:00
BanOnEvent AnonRejectPasswords 1/01:00:00 99:99:99
BanControlsACLs all allow user root
</IfModule>
<IfClass whitelist>
BanEngine off
DelayEngine off
</IfClass>
]]>
</content>
</file>

41
lib/configfiles/bullseye.xml
View File

@@ -1488,7 +1488,7 @@ user = <SQL_UNPRIVILEGED_USER>
password = <SQL_UNPRIVILEGED_PASSWORD>
dbname = <SQL_DB>
hosts = <SQL_HOST>
query = SELECT domain FROM panel_domains WHERE domain = '%s' AND isemaildomain = '1'
query = SELECT domain FROM panel_domains WHERE domain = '%s' AND isemaildomain = '1' AND deactivated = 0
]]>
</content>
</file>
@@ -4172,7 +4172,6 @@ ServerName "<SERVERNAME> FTP Server"
ServerType standalone
DeferWelcome off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
@@ -4511,7 +4510,6 @@ SQLNamedQuery get-quota-limit SELECT "ftp_users.username AS name, ftp_quotalimit
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used,bytes_out_used, bytes_xfer_used, files_in_used, files_out_used,files_xfer_used FROM ftp_quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used= files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name= '%{6}' AND quota_type = '%{7}'" ftp_quotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies
</IfModule>
]]>
</content>
@@ -4522,16 +4520,16 @@ SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol TLSv1 TLSv1.1 TLSv1.2
TLSProtocol TLSv1.2 TLSv1.3
TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
TLSECCertificateFile /etc/ssl/certs/proftpd_ec.crt
TLSECCertificateKeyFile /etc/ssl/private/proftpd_ec.key
TLSOptions NoCertRequest NoSessionReuseRequired
TLSOptions NoSessionReuseRequired
TLSVerifyClient off
# Are clients required to use FTP over TLS when talking to this server?
#TLSRequired on
TLSRequired on
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotiations. Some clients do not support
@@ -4541,6 +4539,37 @@ TLSVerifyClient off
#
#TLSRenegotiate required off
</IfModule>
]]>
</content>
</file>
<file name="/etc/proftpd/conf.d/99-froxlor-ratelimit.conf" chown="root:0"
chmod="0644">
<content><![CDATA[
<Class whitelist>
From 127.0.0.1
</Class>
MaxLoginAttempts 3
<IfModule mod_ban.c>
<IfClass whitelist>
BanEngine off
</IfClass>
<IfClass !whitelist>
BanEngine on
</IfClass>
BanLog /var/log/proftpd/ban.log
BanTable /etc/proftpd/ban.tab
BanMessage "User %u was banned."
BanOnEvent ClientConnectRate 5/00:00:02 12:00:00 "Stop connecting frequently"
BanOnEvent MaxLoginAttempts 3/00:30:00 12:00:00
BanOnEvent AnonRejectPasswords 1/01:00:00 99:99:99
BanControlsACLs all allow user root
</IfModule>
<IfClass whitelist>
BanEngine off
DelayEngine off
</IfClass>
]]>
</content>
</file>

41
lib/configfiles/buster.xml
View File

@@ -1488,7 +1488,7 @@ user = <SQL_UNPRIVILEGED_USER>
password = <SQL_UNPRIVILEGED_PASSWORD>
dbname = <SQL_DB>
hosts = <SQL_HOST>
query = SELECT domain FROM panel_domains WHERE domain = '%s' AND isemaildomain = '1'
query = SELECT domain FROM panel_domains WHERE domain = '%s' AND isemaildomain = '1' AND deactivated = 0
]]>
</content>
</file>
@@ -4165,7 +4165,6 @@ ServerName "<SERVERNAME> FTP Server"
ServerType standalone
DeferWelcome off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
@@ -4502,7 +4501,6 @@ SQLNamedQuery get-quota-limit SELECT "ftp_users.username AS name, ftp_quotalimit
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used,bytes_out_used, bytes_xfer_used, files_in_used, files_out_used,files_xfer_used FROM ftp_quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used= files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name= '%{6}' AND quota_type = '%{7}'" ftp_quotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies
</IfModule>
]]>
</content>
@@ -4513,16 +4511,16 @@ SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol TLSv1 TLSv1.1 TLSv1.2
TLSProtocol TLSv1.2 TLSv1.3
TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
TLSECCertificateFile /etc/ssl/certs/proftpd_ec.crt
TLSECCertificateKeyFile /etc/ssl/private/proftpd_ec.key
TLSOptions NoCertRequest NoSessionReuseRequired
TLSOptions NoSessionReuseRequired
TLSVerifyClient off
# Are clients required to use FTP over TLS when talking to this server?
#TLSRequired on
TLSRequired on
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotiations. Some clients do not support
@@ -4532,6 +4530,37 @@ TLSVerifyClient off
#
#TLSRenegotiate required off
</IfModule>
]]>
</content>
</file>
<file name="/etc/proftpd/conf.d/99-froxlor-ratelimit.conf" chown="root:0"
chmod="0644">
<content><![CDATA[
<Class whitelist>
From 127.0.0.1
</Class>
MaxLoginAttempts 3
<IfModule mod_ban.c>
<IfClass whitelist>
BanEngine off
</IfClass>
<IfClass !whitelist>
BanEngine on
</IfClass>
BanLog /var/log/proftpd/ban.log
BanTable /etc/proftpd/ban.tab
BanMessage "User %u was banned."
BanOnEvent ClientConnectRate 5/00:00:02 12:00:00 "Stop connecting frequently"
BanOnEvent MaxLoginAttempts 3/00:30:00 12:00:00
BanOnEvent AnonRejectPasswords 1/01:00:00 99:99:99
BanControlsACLs all allow user root
</IfModule>
<IfClass whitelist>
BanEngine off
DelayEngine off
</IfClass>
]]>
</content>
</file>

41
lib/configfiles/focal.xml
View File

@@ -1517,7 +1517,7 @@ user = <SQL_UNPRIVILEGED_USER>
password = <SQL_UNPRIVILEGED_PASSWORD>
dbname = <SQL_DB>
hosts = <SQL_HOST>
query = SELECT domain FROM panel_domains WHERE domain = '%s' AND isemaildomain = '1'
query = SELECT domain FROM panel_domains WHERE domain = '%s' AND isemaildomain = '1' AND deactivated = 0
]]>
</content>
</file>
@@ -3393,7 +3393,6 @@ ServerName "<SERVERNAME> FTP Server"
ServerType standalone
DeferWelcome off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
@@ -3730,7 +3729,6 @@ SQLNamedQuery get-quota-limit SELECT "ftp_users.username AS name, ftp_quotalimit
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used,bytes_out_used, bytes_xfer_used, files_in_used, files_out_used,files_xfer_used FROM ftp_quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used= files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name= '%{6}' AND quota_type = '%{7}'" ftp_quotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies
</IfModule>
]]>
</content>
@@ -3741,16 +3739,16 @@ SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol TLSv1 TLSv1.1 TLSv1.2
TLSProtocol TLSv1.2 TLSv1.3
TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
TLSECCertificateFile /etc/ssl/certs/proftpd_ec.crt
TLSECCertificateKeyFile /etc/ssl/private/proftpd_ec.key
TLSOptions NoCertRequest NoSessionReuseRequired
TLSOptions NoSessionReuseRequired
TLSVerifyClient off
# Are clients required to use FTP over TLS when talking to this server?
#TLSRequired on
TLSRequired on
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotiations. Some clients do not support
@@ -3760,6 +3758,37 @@ TLSVerifyClient off
#
#TLSRenegotiate required off
</IfModule>
]]>
</content>
</file>
<file name="/etc/proftpd/conf.d/99-froxlor-ratelimit.conf" chown="root:0"
chmod="0644">
<content><![CDATA[
<Class whitelist>
From 127.0.0.1
</Class>
MaxLoginAttempts 3
<IfModule mod_ban.c>
<IfClass whitelist>
BanEngine off
</IfClass>
<IfClass !whitelist>
BanEngine on
</IfClass>
BanLog /var/log/proftpd/ban.log
BanTable /etc/proftpd/ban.tab
BanMessage "User %u was banned."
BanOnEvent ClientConnectRate 5/00:00:02 12:00:00 "Stop connecting frequently"
BanOnEvent MaxLoginAttempts 3/00:30:00 12:00:00
BanOnEvent AnonRejectPasswords 1/01:00:00 99:99:99
BanControlsACLs all allow user root
</IfModule>
<IfClass whitelist>
BanEngine off
DelayEngine off
</IfClass>
]]>
</content>
</file>

37
lib/configfiles/gentoo.xml
View File

@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<froxlor>
<distribution name="Gentoo" version="2.2"
<distribution name="Gentoo" version="3.0"
defaulteditor="/usr/bin/nano">
<!-- OS defaults to be loaded on installation -->
<defaults>
@@ -1473,7 +1473,7 @@ user = <SQL_UNPRIVILEGED_USER>
password = <SQL_UNPRIVILEGED_PASSWORD>
dbname = <SQL_DB>
hosts = <SQL_HOST>
query = SELECT domain FROM panel_domains WHERE domain = '%s' AND isemaildomain = '1'
query = SELECT domain FROM panel_domains WHERE domain = '%s' AND isemaildomain = '1' AND deactivated = 0
]]>
</content>
</file>
@@ -3421,7 +3421,6 @@ MaxInstances 50
# General settings
DeferWelcome on
MultilineRFC2228 on
ShowSymlinks on
AllowOverwrite on
AllowStoreRestart on
@@ -3487,10 +3486,10 @@ SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd-tls.log
TLSProtocol TLSv1 TLSv1.1 TLSv1.2
TLSProtocol TLSv1.2 TLSv1.3
#TLSTimeoutHandshake 120
# Really important for WinClients and some clients
TLSOptions NoCertRequest NoSessionReuseRequired
TLSOptions NoSessionReuseRequired
TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
TLSECCertificateFile /etc/ssl/certs/proftpd_ec.crt
@@ -3499,7 +3498,7 @@ TLSECCertificateKeyFile /etc/ssl/private/proftpd_ec.key
# Authenticate client that want to use FTP over TLS?
TLSVerifyClient off
# Uncomment the following line to force tls login
#TLSRequired on
TLSRequired on
</IfModule>
# LOG settings
@@ -3517,6 +3516,32 @@ ExtendedLog /var/log/proftpd-access.log WRITE,READ write
# make proftpd faster / do not perform ident and reverse dns lookup
UseReverseDNS off
<Class whitelist>
From 127.0.0.1
</Class>
MaxLoginAttempts 3
<IfModule mod_ban.c>
<IfClass whitelist>
BanEngine off
</IfClass>
<IfClass !whitelist>
BanEngine on
</IfClass>
BanLog /var/log/proftpd-ban.log
BanTable /etc/proftpd/ban.tab
BanMessage "User %u was banned."
BanOnEvent ClientConnectRate 5/00:00:02 12:00:00 "Stop connecting frequently"
BanOnEvent MaxLoginAttempts 3/00:30:00 12:00:00
BanOnEvent AnonRejectPasswords 1/01:00:00 99:99:99
BanControlsACLs all allow user root
</IfModule>
<IfClass whitelist>
BanEngine off
DelayEngine off
</IfClass>
]]>
</content>
</file>

41
lib/configfiles/jammy.xml
View File

@@ -1517,7 +1517,7 @@ user = <SQL_UNPRIVILEGED_USER>
password = <SQL_UNPRIVILEGED_PASSWORD>
dbname = <SQL_DB>
hosts = <SQL_HOST>
query = SELECT domain FROM panel_domains WHERE domain = '%s' AND isemaildomain = '1'
query = SELECT domain FROM panel_domains WHERE domain = '%s' AND isemaildomain = '1' AND deactivated = 0
]]>
</content>
</file>
@@ -3385,7 +3385,6 @@ ServerName "<SERVERNAME> FTP Server"
ServerType standalone
DeferWelcome off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
@@ -3722,7 +3721,6 @@ SQLNamedQuery get-quota-limit SELECT "ftp_users.username AS name, ftp_quotalimit
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used,bytes_out_used, bytes_xfer_used, files_in_used, files_out_used,files_xfer_used FROM ftp_quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used= files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name= '%{6}' AND quota_type = '%{7}'" ftp_quotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies
</IfModule>
]]>
</content>
@@ -3733,16 +3731,16 @@ SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol TLSv1 TLSv1.1 TLSv1.2
TLSProtocol TLSv1.2 TLSv1.3
TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
TLSECCertificateFile /etc/ssl/certs/proftpd_ec.crt
TLSECCertificateKeyFile /etc/ssl/private/proftpd_ec.key
TLSOptions NoCertRequest NoSessionReuseRequired
TLSOptions NoSessionReuseRequired
TLSVerifyClient off
# Are clients required to use FTP over TLS when talking to this server?
#TLSRequired on
TLSRequired on
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotiations. Some clients do not support
@@ -3752,6 +3750,37 @@ TLSVerifyClient off
#
#TLSRenegotiate required off
</IfModule>
]]>
</content>
</file>
<file name="/etc/proftpd/conf.d/99-froxlor-ratelimit.conf" chown="root:0"
chmod="0644">
<content><![CDATA[
<Class whitelist>
From 127.0.0.1
</Class>
MaxLoginAttempts 3
<IfModule mod_ban.c>
<IfClass whitelist>
BanEngine off
</IfClass>
<IfClass !whitelist>
BanEngine on
</IfClass>
BanLog /var/log/proftpd/ban.log
BanTable /etc/proftpd/ban.tab
BanMessage "User %u was banned."
BanOnEvent ClientConnectRate 5/00:00:02 12:00:00 "Stop connecting frequently"
BanOnEvent MaxLoginAttempts 3/00:30:00 12:00:00
BanOnEvent AnonRejectPasswords 1/01:00:00 99:99:99
BanControlsACLs all allow user root
</IfModule>
<IfClass whitelist>
BanEngine off
DelayEngine off
</IfClass>
]]>
</content>
</file>