The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Pure or Pro FTP, Just the facts please

Discussion in 'General Discussion' started by elor, Aug 4, 2003.

  1. elor

    elor Active Member

    Joined:
    Apr 20, 2003
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    I'm contemplating moving from pro to pureftp for security reasons and I'm looking for suggestions. I haven't seen anything recent in the boards about this except for possible proftp security issues.

    1. Should I switch over?
    2. Any pitfalls making the switch?
    3. Any special settings you use in conf?

    Thanks in advance.

    cPanel.net Support Ticket Number:
     
  2. myusername

    myusername Well-Known Member
    PartnerNOC

    Joined:
    Mar 6, 2003
    Messages:
    691
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    chown -R us.*yourbase*
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    One drawback is you have to resync the ftp passwords. e.g. If you reset the users cpanel pw it doesnt propagate on the fly to ftp, you have to use the resync the passwords link from whm.

    Havent tried it lately though.

    cPanel.net Support Ticket Number:
     
  3. NetX

    NetX Well-Known Member

    Joined:
    Jun 18, 2003
    Messages:
    177
    Likes Received:
    0
    Trophy Points:
    16
    Pureftp is significantly faster and easy to configure.
    You can setup a cron job to resync ftp passwords.
    No problems switching from proftp
    You can disable anonymous access just with this line in conf file:
    NoAnonymous yes

    (All conf options are pretty simple like this)
     
    #3 NetX, Aug 5, 2003
    Last edited: Aug 5, 2003
  4. goodmove

    goodmove Well-Known Member

    Joined:
    May 12, 2003
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    What's the location of the pureftp conf file?
     
  5. NetX

    NetX Well-Known Member

    Joined:
    Jun 18, 2003
    Messages:
    177
    Likes Received:
    0
    Trophy Points:
    16
    The path of is the pureftp conf file is:

    /etc/pure-ftpd.conf

    cPanel.net Support Ticket Number:
     
  6. goodmove

    goodmove Well-Known Member

    Joined:
    May 12, 2003
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    Thanks for that, NetX.

    Here are some simple ways to secure Proftpd (to a certain degree) and speed up the connections. In /etc/proftpd.conf:

    Code:
    # DisplayConnect /etc/issue.net
    ServerName                      "ProFTPD"
    AuthUserFile /etc/proftpd/passwd.vhosts
    LogFormat BytesLog "%b"
    ServerType                      standalone
    DeferWelcome                    on
    DefaultServer                   on
    DefaultRoot ~ !wheel
    MaxInstances                    50
    ServerIdent on "FTP Server ready."
    UseReverseDNS                   off
    IdentLookups                    off
    RequireValidShell               off
    TimeoutLogin                    120
    TimeoutNoTransfer               1800
    TimeoutIdle                     1800
    TimeoutStalled                  1800
    Change the timeouts and the ServerName & ServerIdent messages inside the quote marks to your liking. Just a reminder: The less information in those messages about your server's identity, the better. You may also want to review the /etc/issue.net and modify it as needed. I have it commented out in my example.
     
    #6 goodmove, Aug 5, 2003
    Last edited: Aug 5, 2003
  7. elor

    elor Active Member

    Joined:
    Apr 20, 2003
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    I made the switch and it went just fine. It pretty easy to configure. Only nit is, WHM still lists

    Restart FTP (proFTP)

    , no big deal.

    Thanks.

    cPanel.net Support Ticket Number:
     
  8. tAzMaNiAc

    tAzMaNiAc Well-Known Member

    Joined:
    Feb 16, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sachse, TX
    To truly disable anonymous, u need to edit the pureftpd stuff in /etc/sysconfig. This is for linux servers..

    FYI.

    cPanel.net Support Ticket Number:
     
  9. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    I remember seeing an option in WHM where you change your ftp server. There was an option earlier to disable Anonymous Access.

    cPanel.net Support Ticket Number:
     
  10. ciphervendor

    ciphervendor Well-Known Member

    Joined:
    Aug 26, 2002
    Messages:
    1,052
    Likes Received:
    0
    Trophy Points:
    36
    If you're looking to really speed things up in proftp, increase security & logging--implement the following:
    Code:
    touch /var/log/proftp-access.log
    touch /var/log/proftp-auth.log
    touch /var/log/proftp-paranoid.log
    chmod 0640 /var/log/proftp-*
    chown root.root /var/log/proftp-*
    Code:
    touch /etc/logrotate.d/proftpd
    chown root.root /etc/logrotate.d/proftpd
    chmod 0640 /etc/logrotate.d/proftpd
    The following 'code' should be placed in the newly created /etc/logrotate.d/proftpd
    Code:
    /var/log/proftp-access.log {
        create 0640 root root
        postrotate
        /usr/bin/killall -HUP proftpd
        endscript
    }
    /var/log/proftp-auth.log {
        create 0640 root root
        postrotate
        /usr/bin/killall -HUP proftpd
        endscript
    }
    /var/log/proftp-paranoid.log {
        create 0640 root root
        postrotate
        /usr/bin/killall -HUP proftpd
        endscript
    }
    This code should replace the cPanel proftpd.conf file in /etc. Be sure to only replace the config stuff near the top of the file (top of the file all the way to the bottom of the anonymous ftp config stuff), keeping your virtual ftp entries in place.
    Code:
    ServerName "FTP Service"
    ServerType standalone
    ServerAdmin [email]admin@domain.com[/email]
    
    DeferWelcome            on
    DefaultServer           on
    UseReverseDNS           off
    
    Port                    21
    MaxInstances            30
    Umask                   022
    TimeoutLogin            120
    TimeoutIdle             600
    TimeoutNoTransfer       900
    TimeoutStalled          3600
    
    LogFormat default       "%h %u %t \"%r\" %s %b"
    LogFormat auth          "%h %t \"%r\" %s"
    LogFormat write         "%h %u %t \"%r\" %s %b"
    LogFormat BytesLog      "%b"
    
    MultilineRFC2228        on
    
    DisplayConnect          /etc/issue.net
    
    DefaultRoot             ~ !wheel
    
    User                    nobody
    Group                   proftpd
    
    AuthUserFile            /etc/proftpd/passwd.vhosts
    
    <Global>
     DisplayLogin           welcome.msg
     DisplayFirstChdir      message
     MaxClients             30
     AllowOverwrite         on
     IdentLookups           off
     ExtendedLog            /var/log/proftp-access.log read,write
     ExtendedLog            /var/log/proftp-auth.log auth
     ExtendedLog            /var/log/proftp-paranoid.log all default
    </Global>
    
    <Directory /*>
      AllowOverwrite        on
    </Directory>
    
    <Anonymous ~ftp>
    
    User                    ftp
    Group                   ftp
    UserAlias               anonymous ftp
    UseFtpUsers             on
    RequireValidShell       off
    AnonRequirePassword     on 
    HideUser                root
    HideGroup               root
    
    MaxClients              10  
    DisplayLogin            welcome.msg
    DisplayFirstChdir       .message
    
            <Limit LOGIN>
             AllowAll
            </Limit>
    
     <Directory public_ftp/incoming>
    
            <Limit STOR>
             AllowAll
            </Limit>
    
            <Limit WRITE DIRS READ>
             DenyAll
            </Limit>
    
            <Limit CWD XCWD CDUP>
             AllowAll
            </Limit>
     
     </Directory>
     
     <Directory /*>
     
            <Limit ALL>
             DenyAll
            </Limit>
    
     </Directory>
     
            <Limit WRITE>
             DenyAll
            </Limit>
    
    </Anonymous>
    I haven't really tested the anonymous FTP section of the above config since I don't have that enabled on the machines I admin. However if you have issues, remove:
    Code:
      <Directory /*>
     
            <Limit ALL>
             DenyAll
            </Limit>
    
     </Directory>
    from the above.

    After all of these changes, killall -HUP proftpd as root. Also keep in mind that you can't use the enable/disable anonymous FTP feature in the FTP tweak settings feature in WHM as it will mess up my config. You will have to mod the config file manually.
     
  11. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    The tweaking part is cool, but can't we just choose the anonymous access from WHM ?? it will work right ??

    If your settings are used to tweak proftp, will using the anonymous ftp option in whm break anything after we have tweaked conf file??

    cPanel.net Support Ticket Number:
     
  12. ciphervendor

    ciphervendor Well-Known Member

    Joined:
    Aug 26, 2002
    Messages:
    1,052
    Likes Received:
    0
    Trophy Points:
    36
    Sure. It should work fine with a stock cPanel proftpd.conf
    You obviously didn't read my entire post and therefore shouldn't apply anything I've mentioned in my post.

    cPanel.net Support Ticket Number:
     
  13. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    I use pureftp on all my servers at present. I was curious about proftp so i posted thats all. Anyways i can figure out the tweaks when and if i install proftp on any of my servers. Thx for the answer/

    cPanel.net Support Ticket Number:
     
  14. elor

    elor Active Member

    Joined:
    Apr 20, 2003
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    tAzMaNiAc,

    Isn't the cpanel tweak enough??

    cPanel.net Support Ticket Number:
     
  15. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    Thats wat i also said and asked at the first place.

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page