From 5211b057aa977b35fced23722c821145b7aeb9ae Mon Sep 17 00:00:00 2001 From: Ryan Haggerty Date: Wed, 9 Nov 2005 21:36:09 +0000 Subject: [PATCH] Added configurations for testing tcpd. --- testing/tcpd/README | 9 +++ testing/tcpd/proftpd.conf | 139 ++++++++++++++++++++++++++++++++++++++ testing/tcpd/xproftpd | 16 +++++ 3 files changed, 164 insertions(+) create mode 100644 testing/tcpd/README create mode 100644 testing/tcpd/proftpd.conf create mode 100644 testing/tcpd/xproftpd diff --git a/testing/tcpd/README b/testing/tcpd/README new file mode 100644 index 000000000..b268c9657 --- /dev/null +++ b/testing/tcpd/README @@ -0,0 +1,9 @@ +put xproftpd in /etc/xinetd.d/ +and put proftpd.conf in /etc/ + +install proftpd + +reload xinetd + /etc/init.d/xinetd reload + +connect to localhost for ftp service diff --git a/testing/tcpd/proftpd.conf b/testing/tcpd/proftpd.conf new file mode 100644 index 000000000..37ffbc3ce --- /dev/null +++ b/testing/tcpd/proftpd.conf @@ -0,0 +1,139 @@ +# This is the ProFTPD configuration file +# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $ + +ServerName "ProFTPD server" +ServerIdent on "FTP Server ready." +ServerAdmin root@localhost +#ServerType standalone +ServerType inetd +DefaultServer on +AccessGrantMsg "User %u logged in." +#DisplayConnect /etc/ftpissue +#DisplayLogin /etc/ftpmotd +#DisplayGoAway /etc/ftpgoaway +DeferWelcome off + +# Use this to excude users from the chroot +DefaultRoot ~ !adm + +# Use pam to authenticate (default) and be authoritative +AuthPAMConfig proftpd +AuthOrder mod_auth_pam.c* mod_auth_unix.c + +# Do not perform ident nor DNS lookups (hangs when the port is filtered) +IdentLookups off +UseReverseDNS off + +# Port 21 is the standard FTP port. +Port 21 + +# Umask 022 is a good standard umask to prevent new dirs and files +# from being group and world writable. +Umask 022 + +# Default to show dot files in directory listings +ListOptions "-a" + +# See Configuration.html for these (here are the default values) +#MultilineRFC2228 off +#RootLogin off +#LoginPasswordPrompt on +#MaxLoginAttempts 3 +#MaxClientsPerHost none +#AllowForeignAddress off # For FXP + +# Allow to resume not only the downloads but the uploads too +AllowRetrieveRestart on +AllowStoreRestart on + +# To prevent DoS attacks, set the maximum number of child processes +# to 30. If you need to allow more than 30 concurrent connections +# at once, simply increase this value. Note that this ONLY works +# in standalone mode, in inetd mode you should use an inetd server +# that allows you to limit maximum number of processes per service +# (such as xinetd) +MaxInstances 20 + +# Set the user and group that the server normally runs at. +User nobody +Group nobody + +# This is where we want to put the pid file +ScoreboardFile /var/run/proftpd.score + +# Normally, we want users to do a few things. + + AllowOverwrite yes + + AllowAll + + + +# Define the log formats +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" + +# TLS +# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html +#TLSEngine on +#TLSRequired on +#TLSRSACertificateFile /usr/share/ssl/certs/proftpd.pem +#TLSRSACertificateKeyFile /usr/share/ssl/certs/proftpd.pem +#TLSCipherSuite ALL:!ADH:!DES +#TLSOptions NoCertRequest +#TLSVerifyClient off +##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300 +#TLSLog /var/log/proftpd/tls.log + +# A basic anonymous configuration, with an upload directory. + + User ftp + Group ftp + AccessGrantMsg "Anonymous login ok, restrictions apply." + + # We want clients to be able to login with "anonymous" as well as "ftp" + UserAlias anonymous ftp + + # Limit the maximum number of anonymous logins + MaxClients 10 "Sorry, max %m users -- try again later" + + # Put the user into /pub right after login + DefaultChdir /pub + + # We want 'welcome.msg' displayed at login, '.message' displayed in + # each newly chdired directory and tell users to read README* files. + DisplayLogin /welcome.msg + DisplayFirstChdir .message + DisplayReadme README* + + # Some more cosmetic and not vital stuff + DirFakeUser on ftp + DirFakeGroup on ftp + + # Limit WRITE everywhere in the anonymous chroot + + DenyAll + + + # An upload directory that allows storing files but not retrieving + # or creating directories. + + AllowOverwrite no + + DenyAll + + + + AllowAll + + + + # Don't write anonymous accesses to the system wtmp file (good idea!) + WtmpLog off + + # Logging for the anonymous transfers + ExtendedLog /var/log/proftpd/access.log WRITE,READ default + ExtendedLog /var/log/proftpd/auth.log AUTH auth + + + diff --git a/testing/tcpd/xproftpd b/testing/tcpd/xproftpd new file mode 100644 index 000000000..2248e6ecb --- /dev/null +++ b/testing/tcpd/xproftpd @@ -0,0 +1,16 @@ +# default: off +# $Id: proftpd-xinetd,v 1.2 2002/06/10 15:35:47 dude Exp $ +# description: The ProFTPD FTP server serves FTP connections. It uses \ +# normal, unencrypted usernames and passwords for authentication. +service ftp +{ + socket_type = stream + wait = no + user = root + server = /usr/sbin/in.proftpd + server = /usr/sbin/tcpd + log_on_success += DURATION USERID + log_on_failure += USERID + nice = 10 + disable = no +}