First batch of config files for pangolin
This commit is contained in:
Nicolas Berens
@@ -0,0 +1,11 @@
|
||||
<IfModule mod_fastcgi.c>
|
||||
FastCgiWrapper /usr/lib/apache2/suexec
|
||||
FastCgiIpcDir /var/run/apache2/
|
||||
|
||||
<Location "/fastcgiphp">
|
||||
Order Deny,Allow
|
||||
Deny from All
|
||||
# Prevent accessing this path directly
|
||||
Allow from env=REDIRECT_STATUS
|
||||
</Location>
|
||||
</IfModule>
|
||||
@@ -0,0 +1,8 @@
|
||||
#
|
||||
# Set PATH, otherwise restart-scripts won't find start-stop-daemon
|
||||
#
|
||||
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||
#
|
||||
# Regular cron jobs for the froxlor package
|
||||
#
|
||||
*/5 * * * * root /usr/bin/php5 -q <BASE_PATH>scripts/froxlor_master_cronjob.php
|
||||
@@ -0,0 +1,2 @@
|
||||
username <SQL_UNPRIVILEGED_USER>
|
||||
password <SQL_UNPRIVILEGED_PASSWORD>
|
||||
@@ -0,0 +1,41 @@
|
||||
getpwnam SELECT username,'x',uid,gid,'MySQL User',homedir,shell \
|
||||
FROM ftp_users \
|
||||
WHERE username='%1$s' \
|
||||
AND login_enabled = 'Y' \
|
||||
LIMIT 1
|
||||
getpwuid SELECT username,'x',uid,gid,'MySQL User',homedir,shell \
|
||||
FROM ftp_users \
|
||||
WHERE uid='%1$u' \
|
||||
AND login_enabled = 'Y' \
|
||||
LIMIT 1
|
||||
getspnam SELECT username,password,FLOOR(UNIX_TIMESTAMP()/86400-1),'1','99999','7','-1','-1','0' \
|
||||
FROM ftp_users \
|
||||
WHERE username='%1$s' \
|
||||
AND login_enabled = 'Y' \
|
||||
LIMIT 1
|
||||
getpwent SELECT username,'x',uid,gid,'MySQL User',homedir,shell \
|
||||
FROM ftp_users
|
||||
getspent SELECT username,password,FLOOR(UNIX_TIMESTAMP()/86400-1),'1','99999','7','-1','-1','0' \
|
||||
FROM ftp_users
|
||||
getgrnam SELECT groupname,'x',gid \
|
||||
FROM ftp_groups \
|
||||
WHERE groupname='%1$s' \
|
||||
LIMIT 1
|
||||
getgrgid SELECT groupname,'x',gid \
|
||||
FROM ftp_groups \
|
||||
WHERE gid='%1$u' \
|
||||
LIMIT 1
|
||||
getgrent SELECT groupname,'x',gid \
|
||||
FROM ftp_groups
|
||||
memsbygid SELECT username \
|
||||
FROM ftp_users \
|
||||
WHERE gid='%1$u'
|
||||
gidsbymem SELECT gid \
|
||||
FROM ftp_users \
|
||||
WHERE username='%1$s'
|
||||
|
||||
host <SQL_HOST>
|
||||
database <SQL_DB>
|
||||
username <SQL_UNPRIVILEGED_USER>
|
||||
password <SQL_UNPRIVILEGED_PASSWORD>
|
||||
socket /var/run/mysqld/mysqld.sock
|
||||
@@ -0,0 +1,20 @@
|
||||
# Make sure that `passwd`, `group` and `shadow` have mysql in their lines
|
||||
# You should place mysql at the end, so that it is queried after the other mechanisams
|
||||
#
|
||||
passwd: compat mysql
|
||||
group: compat mysql
|
||||
shadow: compat mysql
|
||||
|
||||
hosts: files dns
|
||||
networks: files dns
|
||||
|
||||
services: db files
|
||||
protocols: db files
|
||||
rpc: db files
|
||||
ethers: db files
|
||||
netmasks: files
|
||||
netgroup: files
|
||||
bootparams: files
|
||||
|
||||
automount: files
|
||||
aliases: files
|
||||
@@ -0,0 +1,58 @@
|
||||
#
|
||||
# This file is used to manage DSO modules and features.
|
||||
#
|
||||
|
||||
# This is the directory where DSO modules reside
|
||||
|
||||
ModulePath /usr/lib/proftpd
|
||||
|
||||
# Allow only user root to load and unload modules, but allow everyone
|
||||
# to see which modules have been loaded
|
||||
|
||||
ModuleControlsACLs insmod,rmmod allow user root
|
||||
ModuleControlsACLs lsmod allow user *
|
||||
|
||||
LoadModule mod_ctrls_admin.c
|
||||
LoadModule mod_tls.c
|
||||
|
||||
# Install proftpd-mod-mysql or proftpd-mod-pgsql to use this
|
||||
LoadModule mod_sql.c
|
||||
|
||||
# Install proftpd-mod-ldap to use this
|
||||
#LoadModule mod_ldap.c
|
||||
|
||||
#
|
||||
# 'SQLBackend mysql' or 'SQLBackend postgres' directives are required
|
||||
# to have SQL authorization working. You can also comment out the
|
||||
# unused module here, in alternative.
|
||||
#
|
||||
|
||||
# Install proftpd-mod-mysql to use this
|
||||
LoadModule mod_sql_mysql.c
|
||||
|
||||
# Install proftpd-mod-pgsql to use this
|
||||
#LoadModule mod_sql_postgres.c
|
||||
|
||||
#LoadModule mod_radius.c
|
||||
LoadModule mod_quotatab.c
|
||||
LoadModule mod_quotatab_file.c
|
||||
|
||||
# Install proftpd-mod-ldap to use this
|
||||
#LoadModule mod_quotatab_ldap.c
|
||||
|
||||
# Install proftpd-mod-pgsql or proftpd-mod-mysql to use this
|
||||
LoadModule mod_quotatab_sql.c
|
||||
LoadModule mod_quotatab_radius.c
|
||||
LoadModule mod_wrap.c
|
||||
LoadModule mod_rewrite.c
|
||||
LoadModule mod_load.c
|
||||
LoadModule mod_ban.c
|
||||
LoadModule mod_wrap2.c
|
||||
LoadModule mod_wrap2_file.c
|
||||
# Install proftpd-mod-pgsql or proftpd-mod-mysql to use this
|
||||
#LoadModule mod_wrap2_sql.c
|
||||
LoadModule mod_dynmasq.c
|
||||
|
||||
|
||||
# keep this module the last one
|
||||
LoadModule mod_ifsession.c
|
||||
@@ -0,0 +1,131 @@
|
||||
#
|
||||
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
|
||||
# To really apply changes reload proftpd after modifications.
|
||||
#
|
||||
|
||||
# Includes DSO modules
|
||||
Include /etc/proftpd/modules.conf
|
||||
|
||||
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
|
||||
UseIPv6 on
|
||||
|
||||
ServerName "<SERVERNAME> FTP Server"
|
||||
ServerType standalone
|
||||
DeferWelcome off
|
||||
|
||||
MultilineRFC2228 on
|
||||
DefaultServer on
|
||||
ShowSymlinks on
|
||||
|
||||
TimeoutNoTransfer 600
|
||||
TimeoutStalled 600
|
||||
TimeoutIdle 1200
|
||||
|
||||
DisplayLogin welcome.msg
|
||||
DisplayChdir .message true
|
||||
ListOptions "-l"
|
||||
|
||||
DenyFilter \*.*/
|
||||
|
||||
# Use this to jail all users in their homes
|
||||
# DefaultRoot ~
|
||||
|
||||
# Users require a valid shell listed in /etc/shells to login.
|
||||
# Use this directive to release that constrain.
|
||||
# RequireValidShell off
|
||||
|
||||
# Port 21 is the standard FTP port.
|
||||
Port 21
|
||||
|
||||
# In some cases you have to specify passive ports range to by-pass
|
||||
# firewall limitations. Ephemeral ports can be used for that, but
|
||||
# feel free to use a more narrow range.
|
||||
# PassivePorts 49152 65534
|
||||
|
||||
# If your host was NATted, this option is useful in order to
|
||||
# allow passive tranfers to work. You have to use your public
|
||||
# address and opening the passive ports used on your firewall as well.
|
||||
# MasqueradeAddress 1.2.3.4
|
||||
|
||||
# This is useful for masquerading address with dynamic IPs:
|
||||
# refresh any configured MasqueradeAddress directives every 8 hours
|
||||
<IfModule mod_dynmasq.c>
|
||||
# DynMasqRefresh 28800
|
||||
</IfModule>
|
||||
|
||||
# To prevent DoS attacks, set the maximum number of child processes
|
||||
# to 30. If you need to allow more than 30 concurrent connections
|
||||
# at once, simply increase this value. Note that this ONLY works
|
||||
# in standalone mode, in inetd mode you should use an inetd server
|
||||
# that allows you to limit maximum number of processes per service
|
||||
# (such as xinetd)
|
||||
MaxInstances 30
|
||||
|
||||
# Set the user and group that the server normally runs at.
|
||||
User proftpd
|
||||
Group nogroup
|
||||
|
||||
# Umask 022 is a good standard umask to prevent new files and dirs
|
||||
# (second parm) from being group and world writable.
|
||||
Umask 022 022
|
||||
# Normally, we want files to be overwriteable.
|
||||
AllowOverwrite on
|
||||
|
||||
# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
|
||||
# PersistentPasswd off
|
||||
|
||||
# This is required to use both PAM-based authentication and local passwords
|
||||
# AuthOrder mod_auth_pam.c* mod_auth_unix.c
|
||||
|
||||
# Be warned: use of this directive impacts CPU average load!
|
||||
# Uncomment this if you like to see progress and transfer rate with ftpwho
|
||||
# in downloads. That is not needed for uploads rates.
|
||||
#
|
||||
# UseSendFile off
|
||||
|
||||
TransferLog /var/log/proftpd/xferlog
|
||||
SystemLog /var/log/proftpd/proftpd.log
|
||||
|
||||
# Allow up- and downloads to be continued
|
||||
AllowRetrieveRestart On
|
||||
AllowStoreRestart On
|
||||
|
||||
<IfModule mod_quotatab.c>
|
||||
QuotaEngine on
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_ratio.c>
|
||||
Ratios off
|
||||
</IfModule>
|
||||
|
||||
|
||||
# Delay engine reduces impact of the so-called Timing Attack described in
|
||||
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
|
||||
# It is on by default.
|
||||
<IfModule mod_delay.c>
|
||||
DelayEngine off
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_ctrls.c>
|
||||
ControlsEngine off
|
||||
ControlsMaxClients 2
|
||||
ControlsLog /var/log/proftpd/controls.log
|
||||
ControlsInterval 5
|
||||
ControlsSocket /var/run/proftpd/proftpd.sock
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_ctrls_admin.c>
|
||||
AdminControlsEngine off
|
||||
</IfModule>
|
||||
|
||||
#
|
||||
# Alternative authentication frameworks
|
||||
#
|
||||
#Include /etc/proftpd/ldap.conf
|
||||
Include /etc/proftpd/sql.conf
|
||||
|
||||
#
|
||||
# This is used for FTPS connections
|
||||
#
|
||||
#Include /etc/proftpd/tls.conf
|
||||
|
||||
@@ -0,0 +1,37 @@
|
||||
<IfModule mod_sql.c>
|
||||
DefaultRoot ~
|
||||
RequireValidShell off
|
||||
AuthOrder mod_sql.c
|
||||
|
||||
SQLBackend mysql
|
||||
SQLEngine on
|
||||
SQLAuthenticate on
|
||||
|
||||
SQLAuthTypes Crypt
|
||||
SQLAuthenticate users* groups*
|
||||
SQLConnectInfo <SQL_DB>@<SQL_HOST> <SQL_UNPRIVILEGED_USER> <SQL_UNPRIVILEGED_PASSWORD>
|
||||
SQLUserInfo ftp_users username password uid gid homedir shell
|
||||
SQLGroupInfo ftp_groups groupname gid members
|
||||
SQLUserWhereClause "login_enabled = 'y'"
|
||||
|
||||
SQLLog PASS login
|
||||
SQLNamedQuery login UPDATE "last_login=now(), login_count=login_count+1 WHERE username='%u'" ftp_users
|
||||
|
||||
SQLLog RETR download
|
||||
SQLNamedQuery download UPDATE "down_count=down_count+1, down_bytes=down_bytes+%b WHERE username='%u'" ftp_users
|
||||
|
||||
SQLLog STOR upload
|
||||
SQLNamedQuery upload UPDATE "up_count=up_count+1, up_bytes=up_bytes+%b WHERE username='%u'" ftp_users
|
||||
|
||||
QuotaEngine on
|
||||
QuotaShowQuotas on
|
||||
QuotaDisplayUnits Mb
|
||||
QuotaLock /var/lock/ftpd.quotatab.lock
|
||||
QuotaLimitTable sql:/get-quota-limit
|
||||
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
|
||||
SQLNamedQuery get-quota-limit SELECT "ftp_users.username AS name, ftp_quotalimits.quota_type, ftp_quotalimits.per_session, ftp_quotalimits.limit_type, panel_customers.diskspace*1024 AS bytes_in_avail, ftp_quotalimits.bytes_out_avail, ftp_quotalimits.bytes_xfer_avail, ftp_quotalimits.files_in_avail, ftp_quotalimits.files_out_avail, ftp_quotalimits.files_xfer_avail FROM ftp_users, ftp_quotalimits, panel_customers WHERE ftp_users.username = '%{0}' AND panel_customers.loginname = SUBSTRING_INDEX('%{0}', 'ftp', 1) AND quota_type ='%{1}'"
|
||||
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used,bytes_out_used, bytes_xfer_used, files_in_used, files_out_used,files_xfer_used FROM ftp_quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
|
||||
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used= files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name= '%{6}' AND quota_type = '%{7}'" ftp_quotatallies
|
||||
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies
|
||||
|
||||
</IfModule>
|
||||
@@ -0,0 +1,5 @@
|
||||
STANDALONE_OR_INETD=standalone
|
||||
VIRTUALCHROOT=false
|
||||
UPLOADSCRIPT=
|
||||
UPLOADUID=
|
||||
UPLOADGID=
|
||||
@@ -0,0 +1 @@
|
||||
21
|
||||
@@ -0,0 +1 @@
|
||||
yes
|
||||
@@ -0,0 +1 @@
|
||||
1
|
||||
@@ -0,0 +1 @@
|
||||
15
|
||||
@@ -0,0 +1 @@
|
||||
1000
|
||||
@@ -0,0 +1 @@
|
||||
/etc/pure-ftpd/db/mysql.conf
|
||||
@@ -0,0 +1 @@
|
||||
yes
|
||||
@@ -0,0 +1 @@
|
||||
no
|
||||
@@ -0,0 +1,11 @@
|
||||
MYSQLServer <SQL_HOST>
|
||||
MYSQLUser <SQL_UNPRIVILEGED_USER>
|
||||
MYSQLPassword <SQL_UNPRIVILEGED_PASSWORD>
|
||||
MYSQLDatabase <SQL_DB>
|
||||
MYSQLCrypt any
|
||||
|
||||
MYSQLGetPW SELECT password FROM ftp_users WHERE username="\L" AND login_enabled="y"
|
||||
MYSQLGetUID SELECT uid FROM ftp_users WHERE username="\L" AND login_enabled="y"
|
||||
MYSQLGetGID SELECT gid FROM ftp_users WHERE username="\L" AND login_enabled="y"
|
||||
MYSQLGetDir SELECT homedir FROM ftp_users WHERE username="\L" AND login_enabled="y"
|
||||
MySQLGetQTASZ SELECT panel_customers.diskspace/1024 AS QuotaSize FROM panel_customers, ftp_users WHERE username = "\L" AND panel_customers.loginname = SUBSTRING_INDEX('\L', 'ftp', 1)
|
||||
Reference in New Issue
Block a user