FTP

From Unix Wiki
Jump to: navigation, search

VSFTPd

Sample configuration.

Append following to /etc/vsftpd/vsftpd.conf

#enable for standalone mode
listen=YES
chroot_local_user=YES
userlist_deny=NO
userlist_file=/etc/vsftpd/users_allow

Only users listed in /etc/vsftpd/users_allow will be allowed. All allowed users will be chrooted.

Verbose logging

# more verbose logging
dual_log_enable=YES
xferlog_enable=YES
log_ftp_protocol=YES
setproctitle_enable=YES
xferlog_std_format=NO

Valid certificates

# cat server.crt intermidiate.crt root-ca.crt vsftpd.pem
# Turn on SSL
ssl_enable=YES

# Allow anonymous users to use secured SSL connections
allow_anon_ssl=YES

# All non-anonymous logins are forced to use a secure SSL connection in order to
# send and receive data on data connections.
force_local_data_ssl=YES

# All non-anonymous logins are forced to use a secure SSL connection in order to send the password.
force_local_logins_ssl=YES

# Permit TLS v1 protocol connections. TLS v1 connections are preferred
ssl_tlsv1=YES

# Permit SSL v2 protocol connections. TLS v1 connections are preferred
ssl_sslv2=NO

# permit SSL v3 protocol connections. TLS v1 connections are preferred
ssl_sslv3=NO

# For handshake issue
ssl_ciphers=HIGH

# Specifies the location of the RSA certificate to use for SSL encrypted connections
rsa_private_key_file=/etc/vsftpd/vsftpd.key
rsa_cert_file=/etc/vsftpd/vsftpd.pem

# Limit pasv ports
pasv_min_port=10000
pasv_max_port=10024

Cpanel

Clean old backups. Reference to Known issue.

One need lftp client to use this script.

#!/bin/bash

ftpSite="192.168.0.1"
ftpUser="ftpuser"
ftpPass="XXXXXXX"
putDir="/backup"

retentionDays="3"

ftpCmd()
{
  local cmd=$1
  local args=$2
  for arg in "${args}";
    do
      local out=`/usr/bin/lftp ${ftpSite} <<EOMYF
user ${ftpUser} ${ftpPass}
cd ${putDir}
${cmd} ${arg}
quit
EOMYF
`
    done
  echo "${out}"
}

ftpList=`ftpCmd ls "."`
dailyBackups=`echo "${ftpList}" | awk '{ print $NF }' | grep -v -e "monthly" \
              | sort -r | tail -n +${retentionDays} | tr '\n' ' '`

if [[ ${dailyBackups} != "" ]] ; then
  ftpPrune=`ftpCmd "rm -rf" "${dailyBackups}"`
fi

exit 0