sh 安装proftpd,创建和删除ftp用户(必须以root身份运行)

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了sh 安装proftpd,创建和删除ftp用户(必须以root身份运行)相关的知识,希望对你有一定的参考价值。

improve...

---------

-A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
# -A INPUT -p tcp -m tcp --dport 990 -j ACCEPT
-A INPUT -p tcp -m multiport --dports $MIN_PORT:$MAX_PORT -j ACCEPT

---------

apt-get -y install proftpd openssl

---------

Country_Name=ES
State_Name=Catalunya
Locality=Barcelona
Organization="Example Co"
Common_Name=www.example.com


openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
  -keyout cert.pem -out cert.pem \
  -subj "/C=$Country_Name/ST=$State_Name/L=$Locality/O=$Organization/CN=$Common_Name"

---------

Include /etc/proftpd/tls.conf

---------

<IfModule mod_tls.c>
	TLSEngine                  	on
	TLSLog                    	/var/log/proftpd/tls.log
	TLSProtocol					SSLv23
	TLSCipherSuite				AES128+EECDH:AES128+EDH
	TLSOptions                 	NoCertRequest AllowClientRenegotiations
	TLSRSACertificateFile      	cert.pem
	TLSRSACertificateKeyFile   	cert.pem
	TLSVerifyClient            	off
	TLSRequired                	off
	RequireValidShell          	no
</IfModule>
#!/usr/bin/env bash
# MUST BE RUN AS ROOT

usage_message(){
	echo Usage options:
	echo "1. Install proftpd: $0 -i <PASVADDR> <MIN_PORT> <MAX_PORT>"
	echo "2. Create ftp user: $0 -c <FTPUSER> <FTPPASS>"
	echo "3. Delete ftp user: $0 -d <FTPUSER>"
}

install_proftpd(){
	apt-get update && sudo apt-get -y upgrade
	apt-get -y install proftpd ftp whois

cat << EOF > /etc/proftpd/conf.d/custom
DefaultRoot    ~/ftp/files
PassivePorts    $MIN_PORT $MAX_PORT
MasqueradeAddress    $PASVADDR
RequireValidShell    off
EOF
}

restart_proftpd(){
	systemctl restart proftpd.service
	systemctl status proftpd.service
}

firewall_rules(){
	iptables -A INPUT -i lo -j ACCEPT
	iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
	iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
	iptables -A INPUT -p icmp -j REJECT
	iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
	iptables -A OUTPUT -p tcp --dport 25 -j REJECT
	iptables -A INPUT -p tcp -m tcp --dport 21 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
	iptables -A INPUT -p tcp -m tcp --dport 20 -m conntrack --ctstate ESTABLISHED -j ACCEPT
	iptables -A INPUT -p tcp -m tcp --sport $MIN_PORT:$MAX_PORT --dport $MIN_PORT:$MAX_PORT -m conntrack --ctstate RELATED,ESTABLISHED,NEW -j ACCEPT
	iptables -A OUTPUT -p tcp -m tcp --sport 21 -m conntrack --ctstate ESTABLISHED -j ACCEPT
	iptables -A OUTPUT -p tcp -m tcp --sport 20 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
	iptables -A OUTPUT -p tcp -m tcp --sport $MIN_PORT:$MAX_PORT --dport $MIN_PORT:$MAX_PORT -m conntrack --ctstate ESTABLISHED -j ACCEPT
	iptables -P INPUT DROP
	iptables -P FORWARD DROP
	iptables -P OUTPUT ACCEPT
}

create_user(){
	useradd --create-home --password $(mkpasswd -m sha-512 $FTPPASS) --shell=/bin/false $FTPUSER

	mkdir /home/$FTPUSER/ftp
	chown nobody:nogroup /home/$FTPUSER/ftp
	chmod a-w /home/$FTPUSER/ftp

	mkdir /home/$FTPUSER/ftp/files
	chown $FTPUSER:$FTPUSER /home/$FTPUSER/ftp/files
}

delete_user(){
	userdel -rf $FTPUSER
}


if [[ $# -eq 0 ]] ; then
    usage_message
    exit 0
fi

while getopts c:d:i:R: option
do
case "${option}"
in
c)
	echo ">> CREATING FTP USER $2 WITH PASSWORD $3"
	echo
	FTPUSER=$2
	FTPPASS=$3
	create_user
	restart_proftpd
	;;
d)
	echo ">> DELETING FTP USER $2"
	echo
	FTPUSER=$2
	delete_user
	restart_proftpd
	;;
i) 
	echo ">> INSTALLING proftpd IN IP $2 WITH $3 TO $4 PASV PORT RANGE"
	echo
	PASVADDR=$2
	MIN_PORT=$3
	MAX_PORT=$4
	install_proftpd
	# TODO firewall_rules
	restart_proftpd
	;;
R) 
	restart_proftpd
	;;
*)	
    usage_message
    exit 0
	;;
esac
done

以上是关于sh 安装proftpd,创建和删除ftp用户(必须以root身份运行)的主要内容,如果未能解决你的问题,请参考以下文章

通过LDAP进行FTP认证和权限分配

Proftpd快速搭建FTP服务器

CentOS 7下安装配置proftpd搭建ftp服务器

ftp_rawlist 在 ProFTPd 服务器上返回 false

lnmp 安装FTP服务 并配置FTP用户

PROFTPD