Debian11 configs tree

install/debian/11/proftpd/proftpd.conf

@@ -0,0 +1,36 @@
+ServerName                      "FTP"
+ServerIdent                     on "FTP Server ready."
+ServerAdmin                     root@localhost
+DefaultServer                   on
+DefaultRoot                  ~ !adm
+
+Include /etc/proftpd/tls.conf
+
+<IfModule mod_vroot.c>
+    VRootEngine                 on
+    VRootAlias                  /etc/security/pam_env.conf etc/security/pam_env.conf
+</IfModule>
+
+AuthPAMConfig                   proftpd
+AuthOrder                       mod_auth_pam.c* mod_auth_unix.c
+UseReverseDNS                   off
+User                            proftpd
+Group                           nogroup
+MaxInstances                    100
+UseSendfile                     off
+LogFormat                       default "%h %l %u %t \"%r\" %s %b"
+LogFormat                       auth    "%v [%P] %h %t \"%r\" %s"
+ListOptions                     -a
+RequireValidShell               off
+PassivePorts                    12000 12100
+TransferLog                     /var/log/proftpd/xferlog
+SystemLog                       /var/log/proftpd/proftpd.log
+
+<Global>
+  Umask                         002
+  IdentLookups                  off
+  AllowOverwrite                yes
+  <Limit ALL SITE_CHMOD>
+    AllowAll
+  </Limit>
+</Global>

install/debian/11/proftpd/tls.conf

@@ -0,0 +1,63 @@
+#
+# Proftpd sample configuration for FTPS connections.
+#
+# Note that FTPS impose some limitations in NAT traversing.
+# See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html
+# for more information.
+#
+<IfModule mod_dso.c>
+    # If mod_tls was built as a shared/DSO module, load it
+    LoadModule mod_tls.c
+</IfModule>
+<IfModule mod_tls.c>
+TLSEngine                               on
+TLSLog                                  /var/log/proftpd/tls.log
+# this is an example of protocols, proftp works witl all, but use only the most secure ones like TLSv1.1 and TLSv1.2
+TLSProtocol                             TLSv1.1 TLSv1.2
+#
+# Server SSL certificate. You can generate a self-signed certificate using
+# a command like:
+#
+# openssl req -x509 -newkey rsa:1024 \
+#          -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \
+#          -nodes -days 365
+#
+# The proftpd.key file must be readable by root only. The other file can be
+# readable by anyone.
+#
+# chmod 0600 /etc/ssl/private/proftpd.key
+# chmod 0640 /etc/ssl/private/proftpd.key
+#
+TLSRSACertificateFile                   /usr/local/vesta/ssl/certificate.crt
+TLSRSACertificateKeyFile                /usr/local/vesta/ssl/certificate.key
+#
+# CA the server trusts...
+#TLSCACertificateFile                    /etc/ssl/certs/CA.pem
+# ...or avoid CA cert and be verbose
+#TLSOptions                      NoCertRequest EnableDiags
+# ... or the same with relaxed session use for some clients (e.g. FireFtp)
+#TLSOptions                      NoCertRequest EnableDiags NoSessionReuseRequired
+#
+#
+# Per default drop connection if client tries to start a renegotiate
+# This is a fix for CVE-2009-3555 but could break some clients.
+#
+#TLSOptions                                                     AllowClientRenegotiations
+#
+TLSOptions                       NoSessionReuseRequired AllowClientRenegotiations
+# Authenticate clients that want to use FTP over TLS?
+#
+#TLSVerifyClient                         off
+#
+# Are clients required to use FTP over TLS when talking to this server?
+#
+TLSRequired                             off
+#
+# Allow SSL/TLS renegotiations when the client requests them, but
+# do not force the renegotations.  Some clients do not support
+# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
+# clients will close the data connection, or there will be a timeout
+# on an idle data connection.
+#
+TLSRenegotiate                          required off
+</IfModule>