slufoot80 |
01-24-2013 08:49 AM |
Failure to deny ftp access - proftpd
The problem is I can sftp and ftp to the server but if I enter the user name in the "/etc/ftpusers" file it disables both, How can I block ftp and not sftp?, below is the out put to "proftpd -V"
proftpd -V| head
Compile-time Settings:
Version: 1.3.4a (maint)
Platform: LINUX [Linux 2.6.32.54-0.3-default x86_64]
Built: Thu Feb 16 2012 10:23:20 EST
Code:
proftpd -V
Compile-time Settings:
Version: 1.3.4a (maint)
Platform: LINUX [Linux 2.6.32.54-0.3-default x86_64]
Built: Thu Feb 16 2012 10:23:20 EST
Built With:
configure '--prefix=/usr/local' '--enable-openssl' '-with-modules=mod_sftp:mod_tls'
CFLAGS: -O2 -Wall
LDFLAGS: -L$(top_srcdir)/lib
LIBS: -lssl -lcrypto -lssl -lcrypto -L$(top_srcdir)/lib/libcap -lcap -lssl -lcrypto -lsupp -lcrypt -ldl -ldl -lz
Files:
Configuration File:
/usr/local/etc/proftpd.conf
Pid File:
/usr/local/var/proftpd.pid
Scoreboard File:
/usr/local/var/proftpd.scoreboard
Features:
- Autoshadow support
- Controls support
- curses support
- Developer support
- DSO support
+ IPv6 support
+ Largefile support
- Lastlog support
- Memcache support
+ ncurses support
- NLS support
+ OpenSSL support
- PCRE support
- POSIX ACL support
+ Shadow file support
+ Sendfile support
+ Trace support
Tunable Options:
PR_TUNABLE_BUFFER_SIZE = 1024
PR_TUNABLE_DEFAULT_RCVBUFSZ = 8192
PR_TUNABLE_DEFAULT_SNDBUFSZ = 8192
PR_TUNABLE_GLOBBING_MAX_MATCHES = 100000
PR_TUNABLE_GLOBBING_MAX_RECURSION = 8
PR_TUNABLE_HASH_TABLE_SIZE = 40
PR_TUNABLE_NEW_POOL_SIZE = 512
PR_TUNABLE_SCOREBOARD_BUFFER_SIZE = 80
PR_TUNABLE_SCOREBOARD_SCRUB_TIMER = 30
PR_TUNABLE_SELECT_TIMEOUT = 30
PR_TUNABLE_TIMEOUTIDENT = 10
PR_TUNABLE_TIMEOUTIDLE = 600
PR_TUNABLE_TIMEOUTLINGER = 30
PR_TUNABLE_TIMEOUTLOGIN = 300
PR_TUNABLE_TIMEOUTNOXFER = 300
PR_TUNABLE_TIMEOUTSTALLED = 3600
PR_TUNABLE_XFER_SCOREBOARD_UPDATES = 10
Below is the proftpd.conf file
Code:
cat /usr/local/etc/proftpd.conf
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on
ServerIdent on "corp-ftpint01"
UseReverseDNS off
IdentLookups off
DisplayConnect /etc/default/welcome.msg
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 002
#DisplayLogin /etc/default/welcome.msg
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 200
MaxClientsPerUser 20
# Set the user and group under which the server will run.
User nobody
Group nogroup
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~
# Normally, we want files to be overwriteable.
<Directory />
AllowOverwrite on
</Directory>
# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
TimesGMT off
SetEnv TZ :/etc/localtime
TimeoutNoTransfer 1500
TransferLog /var/log/corp-intftp01-trans.log
ExtendedLog /var/log/corp-intftp01.commandlog all
SystemLog /var/log/proftpd.system.log
<Class ethos>
From 10.16.4.228/32
</Class>
<Class ocr>
From 10.110.16.0/24
</Class>
MaxClientsPerClass ethos 20
MaxClientsPerClass ocr 30
MaxConnectionsPerHost 20
DebugLevel 10
<Global>
UseFtpUsers on
</Global>
|