#
# To have more informations about Proftpd configuration
# look at : http://www.proftpd.org/
#
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
#
# ServerType:
# standalone lauft er als daemon
# inetd starte jeweils ne version von proftpd wenn jemand draufconnected..
LoadModule mod_copy.c
LoadModule mod_deflate.c
LoadModule mod_ifsession.c
LoadModule mod_ifversion.c
LoadModule mod_sftp.c
LoadModule mod_sql.c
LoadModule mod_sql_passwd.c
LoadModule mod_sql_mysql.c
LoadModule mod_readme.c
LoadModule mod_tls.c
LoadModule mod_wrap2.c
LoadModule mod_wrap2_file.c
ServerName "hostname.example.com" # ServerName angeben
ServerType standalone # via inetd oder standalone
DefaultServer on
ServerIdent on "hostname.example.com" # wir verschleiern, dass ProFTPD benutzt wird
ServerAdmin hostmaster@hostname.example.com
ScoreboardFile /var/run/proftpd/proftpd.scoreboard
DeferWelcome on # Für die Sicherheit
UseReverseDNS off # Löst Reverse DNS nicht auf
IdentLookups off # Macht keine Ident Abfrage
# Port 21 is the standard FTP port.
Port 990 # Auf welchem Port soll der Server laufen? (Wird im inetd Modus ignoriert)
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
#
# Paar Einstellungen, um DoS Attacken zu minimieren
#
# Anzahl max. gleichzeitiger Verbindungen (nur Standalone-Modus)
MaxInstances 15
MaxClients 10 "Only 10 connections are allowed"
MaxClientsPerHost 6 "You are already logged in 6 times"
MaxClientsPerUser 6 "You are already logged in 6 times"
MaxLoginAttempts 3
# Verbindung trennen nach ... Sekunden, wenn Klient nicht mehr erreichbar,
# Klient nur eingeloggt, aber ohne Aktion, oder
# sich zu lange Zeit lässt beim Einloggen :)
TimeoutStalled 40
TimeoutNoTransfer 450
TimeoutLogin 20
# Set the user and group under which the server will run.
User nobody
Group nogroup
# Fuer bisschen mehr logging
# Log Options
#ExtendedLog /var/log/ftp.log auth,read,write
ExtendedLog /var/log/ftp.log ALL
TransferLog /var/log/ftp_transfer.log
#TraceLog /var/log/ftp_trace.log
#Trace DEFAULT:10
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~ # Wir wollen User in ihrem HomeDir behalten
# Normally, we want files to be overwriteable.
AllowOverwrite on # Files sollen Ueberschreibar sein
# Restart erlauben # Wir wollen restarts erlauben
AllowStoreRestart on
AllowRetrieveRestart on
AllowOverwrite on
# hide everything that belongs to the group 'wheel'
HideGroup wheel
# <-- Ab hier beginnt der ganze SQL kram... -->
# ---------------------------------------------
### SQL Section ###
# ---------------------------------------------
SQLAuthTypes Backend Plaintext
SQLAuthenticate users*
SQLConnectInfo DB_TABLE@DB_HOST:3306
SQLDefaultHomedir none
SQLDefaultGID 65534
SQLDefaultUID 65534
SQLMinUserGID 80
SQLMinUserUID 80
SQLUserInfo ftp_login username password uid gid homedir shell
# SQL Debugging
# SQLLogFile /var/log/proftpd.sql.log # Aktivieren wenn probleme mit SQL
# We authenticate against MySQL - so not needed
RequireValidShell off # Braucht man nicht, da man via MySQL authentisiert
# Additional SQL Statements
SQLNamedQuery getcount SELECT "count, username from ftp_login where username='%u'"
SQLNamedQuery updatedbinfo UPDATE "count=count+1,last_login=NOW(),last_ip='%a',last_host='%h' WHERE username='%u'" ftp_login
SQLShowInfo PASS "230" "Hello %u, you were already %{getcount} times logged in"
SQLLog PASS updatedbinfo
# limit only to active logins
SQLUserWhereClause "active = '1'" # Zusaetzlich zur MySQL Query hinzufuegen
# <-- ... Ende SQL Zeug -->
# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire section.
#########################################################################
# #
# Uncomment lines with only one # to allow basic anonymous access #
# #
#########################################################################
#
# User ftp
# Group ftp
### We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
### Limit the maximum number of anonymous logins
# MaxClients 10
### We want 'welcome.msg' displayed at login, and '.message' displayed
### in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayFirstChdir .message
### Limit WRITE everywhere in the anonymous chroot
#
# DenyAll
#
#
TLSEngine on
TLSLog /var/log/proftpd-tls.log
TLSProtocol TLSv1
TLSOptions NoCertRequest NoSessionReuseRequired
TLSRSACertificateFile /usr/local/etc/proftpd/ssl/proftpd.cert.pem
TLSRSACertificateKeyFile /usr/local/etc/proftpd/ssl/proftpd.key.pem
TLSVerifyClient off
TLSRequired on
AllowForeignAddress on