-
-
Save peacengell/944183cc53cf88490719c43c85889d0b to your computer and use it in GitHub Desktop.
Install proftpd, create & delete ftp users (MUST BE RUN AS ROOT)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # MUST BE RUN AS ROOT | |
| usage_message(){ | |
| echo Usage options: | |
| echo "1. Install proftpd: $0 -i <PASVADDR> <MIN_PORT> <MAX_PORT>" | |
| echo "2. Create ftp user: $0 -c <FTPUSER> <FTPPASS>" | |
| echo "3. Delete ftp user: $0 -d <FTPUSER>" | |
| } | |
| install_proftpd(){ | |
| apt-get update && sudo apt-get -y upgrade | |
| apt-get -y install proftpd ftp whois | |
| cat << EOF > /etc/proftpd/conf.d/custom | |
| DefaultRoot ~/ftp/files | |
| PassivePorts $MIN_PORT $MAX_PORT | |
| MasqueradeAddress $PASVADDR | |
| RequireValidShell off | |
| EOF | |
| } | |
| restart_proftpd(){ | |
| systemctl restart proftpd.service | |
| systemctl status proftpd.service | |
| } | |
| firewall_rules(){ | |
| iptables -A INPUT -i lo -j ACCEPT | |
| iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| iptables -A INPUT -p icmp -j REJECT | |
| iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT | |
| iptables -A OUTPUT -p tcp --dport 25 -j REJECT | |
| iptables -A INPUT -p tcp -m tcp --dport 21 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT | |
| iptables -A INPUT -p tcp -m tcp --dport 20 -m conntrack --ctstate ESTABLISHED -j ACCEPT | |
| iptables -A INPUT -p tcp -m tcp --sport $MIN_PORT:$MAX_PORT --dport $MIN_PORT:$MAX_PORT -m conntrack --ctstate RELATED,ESTABLISHED,NEW -j ACCEPT | |
| iptables -A OUTPUT -p tcp -m tcp --sport 21 -m conntrack --ctstate ESTABLISHED -j ACCEPT | |
| iptables -A OUTPUT -p tcp -m tcp --sport 20 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT | |
| iptables -A OUTPUT -p tcp -m tcp --sport $MIN_PORT:$MAX_PORT --dport $MIN_PORT:$MAX_PORT -m conntrack --ctstate ESTABLISHED -j ACCEPT | |
| iptables -P INPUT DROP | |
| iptables -P FORWARD DROP | |
| iptables -P OUTPUT ACCEPT | |
| } | |
| create_user(){ | |
| useradd --create-home --password $(mkpasswd -m sha-512 $FTPPASS) --shell=/bin/false $FTPUSER | |
| mkdir /home/$FTPUSER/ftp | |
| chown nobody:nogroup /home/$FTPUSER/ftp | |
| chmod a-w /home/$FTPUSER/ftp | |
| mkdir /home/$FTPUSER/ftp/files | |
| chown $FTPUSER:$FTPUSER /home/$FTPUSER/ftp/files | |
| } | |
| delete_user(){ | |
| userdel -rf $FTPUSER | |
| } | |
| if [[ $# -eq 0 ]] ; then | |
| usage_message | |
| exit 0 | |
| fi | |
| while getopts c:d:i:R: option | |
| do | |
| case "${option}" | |
| in | |
| c) | |
| echo ">> CREATING FTP USER $2 WITH PASSWORD $3" | |
| echo | |
| FTPUSER=$2 | |
| FTPPASS=$3 | |
| create_user | |
| restart_proftpd | |
| ;; | |
| d) | |
| echo ">> DELETING FTP USER $2" | |
| echo | |
| FTPUSER=$2 | |
| delete_user | |
| restart_proftpd | |
| ;; | |
| i) | |
| echo ">> INSTALLING proftpd IN IP $2 WITH $3 TO $4 PASV PORT RANGE" | |
| echo | |
| PASVADDR=$2 | |
| MIN_PORT=$3 | |
| MAX_PORT=$4 | |
| install_proftpd | |
| # TODO firewall_rules | |
| restart_proftpd | |
| ;; | |
| R) | |
| restart_proftpd | |
| ;; | |
| *) | |
| usage_message | |
| exit 0 | |
| ;; | |
| esac | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment