Jason's Home Page - Linux HOWTOs

proftpd - ProFTPD - ftp server ChangeLog

Web site:

http://www.proftpd.org/

HOWTO

# ProFTPD 1.2.10 (+ mod_ldap 2.8.14)
# ==============
# Prerequisites:
# make
# gcc
# binutils
# fileutils or coreutils
# grep
# openldap (for mod_ldap)
# pam (optional)

cd
test -f installed/proftpd-1.2.10.tar.bz2 &&
mv installed/proftpd-1.2.10.tar.bz2 .
test -f installed/proftpd/proftpd-1.2.10.tar.bz2 &&
mv installed/proftpd/proftpd-1.2.10.tar.bz2 .
test ! -f proftpd-1.2.10.tar.bz2 &&
wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.10.tar.bz2

# Verify tarball w/ md5sum:
echo "5feb4a7348e12faefc25e34fd92efdd6" ; md5sum proftpd-1.2.10.tar.bz2

# Verify tarball w/ gpg:
( gpg --list-keys A511976A > /dev/null 2>&1 || gpg --recv-keys A511976A ) &&
wget -nc ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.10.tar.bz2.asc &&
gpg --verify proftpd-1.2.10.tar.bz2.asc && rm proftpd-1.2.10.tar.bz2.asc

# Backup your existing proftpd.conf (if you have one):
test -f /usr/local/etc/proftpd.conf &&
mkdir -p -m 0700 ~/backup &&
cp -f /usr/local/etc/proftpd.conf backup/

mkdir -p /usr/local/src/proftpd
cd /usr/local/src
find -type d -maxdepth 1 -name "proftpd-*" -exec rm -r {} \;
cd /usr/local/src/proftpd
find -type d -maxdepth 1 -name "proftpd-*" -exec rm -r {} \;
tar xjvf ~/proftpd-1.2.10.tar.bz2
chown -R root.root proftpd-1.2.10

# inetd:
# I suggest running proftpd in standalone mode.  If you plan on running
# proftpd from inetd, remove ":mod_wrap" from the configure line below.
# To run proftpd with tcp wrappers support from inetd, add a line like
# this to /etc/inetd.conf
#ftp stream tcp nowait root /usr/sbin/tcpd /usr/local/sbin/proftpd

# PAM:
# If you want to build proftpd with PAM support, but not mod_ldap or
# mod_wrap, just run ./configure by itself (if PAM is installed, it'll
# use it).  See README.PAM and doc/Configuration.html for more setup
# info - ie. a /etc/pam.d/ftp, some PAM-related configuration directives.

# If you want to build proftpd with mod_ldap, replace mod_ldap 2.8.12 from
# the proftpd tarball with 2.8.14 from the mod_ldap site:
find -type d -maxdepth 1 -name "mod_ldap-*" -exec rm -r {} \;
test -f ~/installed/proftpd/mod_ldap-2.8.14.tar.bz2 &&
mv ~/installed/proftpd/mod_ldap-2.8.14.tar.bz2 .
wget -nc http://horde.net/~jwm/software/mod_ldap/mod_ldap-2.8.14.tar.bz2
tar xjvf mod_ldap-2.8.14.tar.bz2
chown -R root.root mod_ldap-2.8.14
cp -f mod_ldap-2.8.14/mod_ldap.c proftpd-1.2.10/contrib/
rm -f ~/installed/proftpd/mod_ldap-*.tar.*
mv mod_ldap-2.8.14.tar.bz2 ~/installed/proftpd/

cd proftpd-1.2.10
LIBS=-lresolv ./configure \
--with-modules=mod_ldap:mod_readme:mod_wrap --disable-auth-pam
make
removepkg proftpd
make install
cd
mkdir -p -m 0700 installed/proftpd
rm -f installed/proftpd-*.tar.*  installed/proftpd/proftpd-*.tar.*
mv proftpd-1.2.10.tar.bz2 installed/proftpd/

# Set ProFTPD to put it's pid here (because it'll be running as user ftp,
# user ftp shouldn't be able to write to /var/run):
mkdir -p /var/run/proftpd
chown ftp.root /var/run/proftpd
chmod 750 /var/run/proftpd

# If you don't already have a proftpd.conf, see the examples in the
# sample-configurations directory, see my example configuration at
# http://englanders.cc/pub/linux/misc/proftpd.conf, and read through
# doc/Configuration.html

# Add these to your proftpd.conf for mod_wrap (tcp_wrappers):
TCPAccessFiles /etc/hosts.allow /etc/hosts.deny
TCPAccessSyslogLevels debug warn

## Strict tcp wrappers (more denied than allowed)
# Add someting like this to /etc/hosts.allow
proftpd: LOCAL, 192.168.1.0/255.255.255.0, 1.2.3.4
# Add someting like this to /etc/hosts.deny
proftpd: ALL

## Mostly open access tcp wrappers
# /etc/hosts.deny
# PARANOID = any host who's fqdn doesn't match it's IP
# 1.2.3.4 = an evil host, 10.1.1.0 = an evil class C
proftpd: PARANOID, 1.2.3.4, 10.1.1.0/255.255.255.0