Notes FTP ProFTPd

Voir aussi :

• Monter un serveur SFTP avec ProFTPd
• https://wiki.evolix.org/HowtoProFTPD
• https://www.alsacreations.com/tuto/lire/617-Serveur-FTP-Proftpd.html

Debian

apt-get install proftpd-basic

RedHat

yum install proftpd proftpd-utils 

RedHat

/etc/sysconfig/proftpd

#PROFTPD_OPTIONS=""
PROFTPD_OPTIONS="-DTLS -DDYNAMIC_BAN_LISTS"

/etc/proftpd/proftpd.conf

UseIPv6                         off
UseReverseDNS                   off
ServerType                      standalone
DefaultRoot                     ~

AuthPAM                         off
#AuthOrder                      mod_auth_pam.c* mod_auth_unix.c
AuthOrder                       mod_auth_file.c

FTPS passif

/etc/proftpd.conf

MasqueradeAddress     55.128.131.215

# ServerName                    "ProFTPD server"
ServerName                    "ftp.acme.fr"

SystemLog /var/log/proftpd/proftpd.log
TransferLog /var/log/proftpd/xferlog

TLSRSACertificateFile               /etc/pki/tls/certs/wildcard.acme.fr.cer
TLSRSACertificateKeyFile            /etc/pki/tls/certs/wildcard.acme.fr.key

#   TLSOptions                  NoCertRequest                                                      
    TLSOptions                  NoCertRequest NoSessionReuseRequired

    PassivePorts 40000 40200

#   BanOnEvent                  MaxLoginAttempts 2/00:10:00 01:00:00                          
    BanOnEvent                  MaxLoginAttempts 5/00:10:00 01:00:00

/etc/shells

/bin/false

ftpasswd --passwd --name=ftpuser --uid=$(id -u linuxuser) --gid=$(id -g linuxuser) --home=/home/ftp --shell=/bin/false --file=/etc/proftpd/ftpd.passwd
ftpasswd --group  --name=ftpuser --gid=$(id -g linuxuser) --file=/etc/proftpd/ftpd.group --member=ftpuser

/etc/proftpd/conf.d/plop.conf

AuthUserFile /etc/proftpd/ftpd.passwd
AuthGroupFile /etc/proftpd/ftpd.group
UseFtpUsers on
 
<Directory />
  HideFiles (lost\+found|welcome\.msg|\.message|^\..*)
  <Limit ALL>
        IgnoreHidden            on
  </Limit>
</Directory>

Validate - check syntax

#proftpd -td10
proftpd -td10 -c /etc/proftpd.conf

Lancer & activer le service

systemctl start proftpd.service
systemctl enable proftpd.service

Autres Liste des modules

proftpd -l

proftpd -V
proftpd -vv
proftpd -nd6

Test TLS/SSL

openssl s_client -connect 192.0.2.10:21 -starttls ftp

journalctl -xe
Aug 10 14:36:11 acme proftpd[1331]: Starting ftp server: proftpd2017-08-10 14:36:11,019 acme proftpd[1338]: warning: unable to determine IP address of 'acme'
Aug 10 14:36:11 acme proftpd[1331]: 2017-08-10 14:36:11,019 acme proftpd[1338]: error: no valid servers configured
Aug 10 14:36:11 acme proftpd[1331]: 2017-08-10 14:36:11,020 acme proftpd[1338]: fatal: error processing configuration file '/etc/proftpd/proftpd.conf'

Cela peut arriver à la suite d'un changement de hostname

hostname -i
hostname: Temporary failure in name resolution

Le hostname doit être résolvable

echo "127.0.1.1       $(hostname -s).localdomain     $(hostname -f)" >> /etc/hosts

/etc/hosts

127.0.0.1       localhost
127.0.1.1       acme.localdomain      acme

Autre solution /etc/proftpd/proftpd.conf

DefaultAddress 127.0.0.1

sed -i -e 's/^LoadModule mod_unique_id.c/#&/' /etc/proftpd/modules.conf