Skip to content

Instantly share code, notes, and snippets.

@thiagomgo
Last active October 30, 2017 20:36
Show Gist options
  • Save thiagomgo/9d286c9be22cde43b40cf54c603c1156 to your computer and use it in GitHub Desktop.
Save thiagomgo/9d286c9be22cde43b40cf54c603c1156 to your computer and use it in GitHub Desktop.
Configuration for Proftpd on an EC2 Instance (CentOS 7)
# This is the ProFTPD configuration file
#
# See: http://www.proftpd.org/docs/directives/linked/by-name.html
ServerName "ProFTPD server"
ServerIdent off
ServerAdmin root@localhost
ServerType standalone
DefaultServer on
AccessGrantMsg "User %u logged in."
DeferWelcome off
ShowSymlinks on
# Cause every FTP user except adm to be chrooted into their home directory
DefaultRoot ~
# Port 21 is the standard FTP port.
Port 21
PassivePorts 49152 49352
MasqueradeAddress 34.233.10.252
# Virtual Users
RequireValidShell on
#AuthUserFile /etc/proftpd/ftpd.passwd
#AuthGroupFile /etc/proftpd/ftpd.group
# Default to show dot files in directory listings
ListOptions "-a"
# Use pam to authenticate (default) and be authoritative
#AuthPAMConfig proftpd
#AuthOrder mod_auth_file.c mod_auth_pam.c* mod_auth_unix.c
# If you use NIS/YP/LDAP you may need to disable PersistentPasswd
#PersistentPasswd off
MultilineRFC2228 on
RootLogin off
LoginPasswordPrompt on
DefaultTransferMode binary
# Limit login times and timeouts to drop dead clients.
TimeoutLogin 120
TimeoutIdle 1200
TimeoutNoTransfer 600
TimeoutStalled 600
# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart off
AllowStoreRestart off
# Don't do reverse DNS lookups (hangs on DNS problems)
UseReverseDNS off
# Do not perform ident
IdentLookups off
# Set the user and group that the server runs as
User nobody
Group nobody
# To prevent DoS attacks, set the maximum number of child processes
# to 20. If you need to allow more than 20 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode; in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Disable sendfile by default since it breaks displaying the download speeds in
# ftptop and ftpwho
UseSendfile off
# Define the log formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
# Enable basic controls via ftpdctl
# (http://www.proftpd.org/docs/modules/mod_ctrls.html)
# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log
# Global Config - config common to Server Config and all virtual hosts
# See: http://www.proftpd.org/docs/howto/Vhost.html
<Global>
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable
Umask 022
# Allow users to overwrite files and change permissions
AllowOverwrite yes
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
</Global>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment