#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#
# Includes DSO modules
Include /etc/proftpd.d/*.conf
# This is the directory where DSO modules resides
ModulePath /usr/lib64/proftpd
# Allow only user root to load and unload modules, but allow everyone
# to see which modules have been loaded
ModuleControlsACLs insmod,rmmod allow user root
ModuleControlsACLs lsmod allow user *
ServerName "Mon Domaine Proftpd FTP server"
ServerIdent on "Bienvenue sur le serveur FTP de mon_domaine"
ServerType standalone
DeferWelcome off
ServerAdmin xuo@mon_domaine.fr
# MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin /etc/proftpd.d/welcome.msg
#DisplayChdir .message
# Modif Xuo : 23/09/21 : a warning was issued in the systemctl log file as this "directive is not supported by mod_sftp, and will be ignored".
# ListOptions "-l"
DenyFilter \*.*/
UseIPv6 Off
# Allow FTP resuming.
# Remember to set to off if you have an incoming ftp for upload.
AllowStoreRestart on
###### Modif Xuo ########
# Port 21 is the standard FTP port.
#Port 21
SFTPEngine on
Port 2122
SFTPLog /var/log/proftpd/sftp.log
# Host Keys
SFTPHostKey /etc/ssh/ssh_host_rsa_key
#SFTPHostKey /etc/ssh/ssh_host_dsa_key
# Auth methods
SFTPAuthMethods password
AuthUserFile /etc/proftpd.d/ftpd.passwd
AuthGroupFile /etc/proftpd.d/ftpd.group
# SFTP specific configuration
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~
###### End Of Modif Xuo ########
# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
PassivePorts 65524 65534
# Disable ident lookups
IdentLookups off
# Disable reverse dns
UseReverseDNS off
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
#MaxInstances 3
MaxInstances 5
#MaxClients 3 "The server is full, hosting %m users"
MaxClients 5 "The server is full, hosting %m users"
MaxLoginAttempts 3
# Set the user and group under which the server will run.
User nobody
Group nogroup
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on
# Uncomment this if you are using NIS or LDAP to retrieve passwords:
PersistentPasswd off
# Be warned: use of this directive impacts CPU average load!
#
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#UseSendFile off
# Xuo : 23/02/13 : Trying to produce english log file for better parsing by fail2ban.
# LangDefault en_US.UTF-8
#
# LangDefault en_US
#
#LangDefault en_US.UTF-8
SetEnv LC_ALL en_US.UTF-8
#
LangEngine off
#
#LangEngine off
# Xuo : The following line does not work.
#export LANG=en_US.UTF-8
TransferLog /var/log/proftpd/proftpd.log
SystemLog /var/log/proftpd/proftpd.log
TLSEngine off
QuotaEngine on
Ratios on
# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
DelayEngine on
ControlsEngine on
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
AdminControlsEngine on
# Bar use of SITE CHMOD by default
DenyAll
AllowUser mon_user
DenyALL