ekodo | 17 Feb 14:06 2015
Picon

[Proftpd-user] How to add a user to mysql with SQLPasswordPBKDF2

Hello,

is there a script or something to add new users with PBKDF2 Support?

If have the following settings in my config (example):

   SQLAuthTypes pbkdf2
   SQLPasswordPBKDF2 sha512 5000 32
   SQLPasswordSaltFile /etc/proftpd/proftpd.salt

And now i don`t know how i add a user with the correct data into my 
mysql table ...

Is there any documentation on this part? Or a tutorial/example?

thank you! :)

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Stefano Radaelli | 17 Feb 10:19 2015
Picon

[Proftpd-user] Usage of mod_exec with <IfUser> statement

Is there a way to enable the module 'mod_exec' only with a certain user?

I've compiled proftp with --with-modules=mod_exec:mod_ifsession and
then configured in this way...

<IfModule mod_exec.c>
    <IfUser stefano>
        ExecEngine on
        ExecLog /opt/proftpd-master/logs/proftpd_mod_exec.log
        ExecOptions logStderr logStdout
        ExecBeforeCommand STOR,RETR /path/to/script.sh
EVENT=BeforeCommand FILE='%f'
        ExecOnCommand STOR,RETR /path/to/script.sh EVENT=OnCommand FILE='%f'
    </IfUser>
</IfModule>

or this:

<IfUser stefano>
    <IfModule mod_exec.c>
        ExecEngine on
        ExecLog /opt/proftpd-master/logs/proftpd_mod_exec.log
        ExecOptions logStderr logStdout
        ExecBeforeCommand STOR,RETR /path/to/handler.sh
EVENT=BeforeCommand FILE='%f'
        ExecOnCommand STOR,RETR /path/to/handler.sh EVENT=OnCommand FILE='%f'
    </IfModule>
</IfUser>

without success. Seems that mod_exec works only if configured outside
(Continue reading)

gpeel | 15 Feb 15:15 2015

[Proftpd-user] sftp - anonymous connections

Hi all,

Does anyone have a later version of proftpd with a working anonymous setup WITH mod_sftp compiled in?

-G

Sent from Windows Mail

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Dieter Bloms | 11 Feb 16:58 2015
Picon

[Proftpd-user] use homedir in SQLNamedQuery for SQLLog EXIT ?

Hello,

I use proftpd-1.3.4e with a backend mysql server.
It works good for authentication.
The homedir variable is assigned dynamicly during the login, so it is
different for each login of the same user.

Now I want to execute a SQL statement with the homedir of the user, when
the user does a logout.
This is needed to trigger some further processing of the uploaded files.

Is this possible ?

I can't find any complete list of variablenames like %U and %d for the
SQLNamedQuery.

-- 
Gruß

  Dieter

--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Oli Kessler | 4 Feb 15:47 2015
Picon

[Proftpd-user] Fatal: unable to open incoming connection: Transport endpoint is not connected

Hi all,

We are seeing strange log entries recently:

  proftpd[31071]: 192.168.22.104 - Fatal: unable to open incoming connection: Transport endpoint is not connected

This happens when we scan the server with "nmap -sT SERVER" from a fast client, it does however not happen
when being scanned from a slow client or a virtual machine.

Other software (i.e. https://zeromq.jira.com/browse/LIBZMQ-585 or
https://code.google.com/p/pyftpdlib/issues/detail?id=100) say that this is a kind of race
condition  "since the connection is closing before we can get the peername with getpeername()" and only
nmap or similar software is able to close the TCP connection so fast.

The customer thinks that the performance of the server is affected (i.e. normal clients fail to establish a
session) when being scanned

1: As this is a fatal error, our logs are filled with it - we seem to be scanned very often recently. 
   Is there a way to prevent this from being logged at all?

2: Does it affect client limits by IP? I assume this in a very early stage of the protocol handshake
   and thus no client address is even present to work on with mod_limit/mod_ban/..

Cheers,
-ok

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

angeldead95 . | 2 Feb 15:48 2015
Picon

[Proftpd-user] admin global password

Hi, Everyone

I have 3 dedicated servers and lot of clients on them. 
I want to know is there a way to put an admin global password. So every user can have own password (that only my clients see for your own user, which is stored in /etc/passwd and /etc/shadow) and another password "admin global password" that my support will see. 
So when client request something from support, client don't have to tell support own password. And I don't have to change all users password when I fired someone from support team.

Sorry for bad english.
Thanks in advance.
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
gpeel | 2 Feb 15:34 2015

[Proftpd-user] Anonymouse broken +sftp

I sent this earlier this week, appears it did not send…

Hi all,

We have been using proftpd for many years and has served us well. Recently, we decided to start making the move to sftp.
Near the end of December, I recompiled our proftpd daemon enabling the sftp module.
We run FreeBSD 8.0 , 9.1 and 9.3, and have compiled proftpd from ports.
Enabling the sftp module was not available through ‘make config’ so I simply added the module to the Makefile.

example in port Makefile

# Always built modules
MODULES+=       mod_ban \
                              …
                             mod_sftp \
                             …

Everything compiled and installed and worked, no issues.

However, I found that even with everything to do with sftp commented out in the config file, the new daemon has a broken anonymous functionality. I will include a full config below.

What happens now, is that when a VirtualHost / Anonymous container exists, even an authenticated user (for that virtual host) logs in, it treat them as anonymous. I have seen some info in this mail list from back in 2009/10 so I figured the bugfix would be included on the version we are using. Or am I missing something?
When I remark out the <VirtualHost>, the user will then be treated correctly and will have all access to his filesspace back.

Again, this issue happens even with sftp turned off, it only started when we compiled in the sftp module.

Any thoughts / hints would be appreciated.

Here is our proftpd.conf:

ServerName                      "ProFTPD mydomain Daemon"
# LoadModule                    mod_sftp.c
ServerType                      standalone
DefaultServer                   on
ScoreboardFile                  /var/run/proftpd/proftpd.scoreboard
ServerAdmin                     me <at> mydomain.com
PidFile                         /var/run/proftpd.pid
Port                            21
MaxInstances                    30
UseReverseDNS                   off
IdentLookups                    off
UseIPv6                         off

<Global>
User                            nobody
Group                           nogroup
DefaultChdir                    ~
DefaultRoot                     ~
Umask                           022
TimesGMT                        off
PassivePorts                    1025 2048
AllowOverwrite                  off
ExtendedLog /var/log/proftpd.log
RequireValidShell               off
RootLogin                       off
AllowStoreRestart               off
SyslogLevel debug
AllowRetrieveRestart            off
AllowOverride                   off
RootRevoke                      on
</Global>

<Directory /*>
  AllowOverwrite                on
</Directory>

#<IfModule mod_sftp.c>
# SFTPEngine on
# SFTPLog /var/log/secureftp.log
# SFTPAuthMethods password
# SFTPMaxChannels 3
# SFTPClientAlive 4 15
# SFTPDisplayBanner /usr/local/etc/proftp-sftp-banner.txt
# SFTPOptions IgnoreSCPUploadPerms IgnoreSFTPSetPerms
# SFTPTrafficPolicy high
# Port 2222
# SFTPHostKey /etc/ssl/private/wildcard.mydomain.com.key
#</IfModule>

#########################################################################
# Uncomment lines with only one # to allow basic anonymous access       #
# IP address inside container will need to be updated as well.          #
#########################################################################

 <VirtualHost nnn.nnn.nnn.nnn>
  <Anonymous ~/ftp>
    User unixuser
    Group unixgroup
    AllowOverwrite on
    UserAlias anonymous unixuser
    AuthAliasOnly on
    AnonRequirePassword off
    RequireValidShell off
    <Directory *>
      <Limit WRITE>
        DenyAll
      </Limit>
    </Directory>
   <Directory incoming/*>
      <Limit STOR>
        AllowAll
      </Limit>
      <Limit WRITE DIRS READ>
        DenyAll
      </Limit>
      <Limit CWD XCWD CDUP>
        AllowAll
      </Limit>
    </Directory>
  </Anonymous>
 </VirtualHost>

-G


------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Robin Kearney | 2 Feb 11:07 2015

[Proftpd-user] New release schedule

Hi,

I’ve noticed a couple of things which have been fixed in master which I’d like to push into our
production environment. Is there a new release of ProFTPd scheduled for some point or should I go with master?

r.

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
gpeel | 31 Jan 16:45 2015

[Proftpd-user] proFTPd 1.3.4d Anon + sftpand

Hi all,

We have been using proftpd for many years and has served us well. Recently, we decided to start making the move to sftp.
Near the end of December, I recompiled our proftpd daemon enabling the sftp module.
We run FreeBSD 8.0 , 9.1 and 9.3, and have compiled proftpd from ports.
Enabling the sftp module was not available through ‘make config’ so I simply added the module to the Makefile.

example in port Makefile

# Always built modules
MODULES+=       mod_ban \
                              …
                             mod_sftp \
                             …

Everything compiled and installed and worked, no issues.

However, I found that even with everything to do with sftp commented out in the config file, the new daemon has a broken anonymous functionality. I will include a full config below.

What happens now, is that when a VirtualHost / Anonymous container exists, even an authenticated user (for that virtual host) logs in, it treat them as anonymous. I have seen some info in this mail list from back in 2009/10 so I figured the bugfix would be included on the version we are using. Or am I missing something?
When I remark out the <VirtualHost>, the user will then be treated correctly and will have all access to his filesspace back.

Again, this issue happens even with sftp turned off, it only started when we compiled in the sftp module.

Any thoughts / hints would be appreciated.

Here is our proftpd.conf:

ServerName                      "ProFTPD mydomain Daemon"
# LoadModule                    mod_sftp.c
ServerType                      standalone
DefaultServer                   on
ScoreboardFile                  /var/run/proftpd/proftpd.scoreboard
ServerAdmin                     me <at> mydomain.com
PidFile                         /var/run/proftpd.pid
Port                            21
MaxInstances                    30
UseReverseDNS                   off
IdentLookups                    off
UseIPv6                         off

<Global>
User                            nobody
Group                           nogroup
DefaultChdir                    ~
DefaultRoot                     ~
Umask                           022
TimesGMT                        off
PassivePorts                    1025 2048
AllowOverwrite                  off
ExtendedLog /var/log/proftpd.log
RequireValidShell               off
RootLogin                       off
AllowStoreRestart               off
SyslogLevel debug
AllowRetrieveRestart            off
AllowOverride                   off
RootRevoke                      on
</Global>

<Directory /*>
  AllowOverwrite                on
</Directory>

#<IfModule mod_sftp.c>
# SFTPEngine on
# SFTPLog /var/log/secureftp.log
# SFTPAuthMethods password
# SFTPMaxChannels 3
# SFTPClientAlive 4 15
# SFTPDisplayBanner /usr/local/etc/proftp-sftp-banner.txt
# SFTPOptions IgnoreSCPUploadPerms IgnoreSFTPSetPerms
# SFTPTrafficPolicy high
# Port 2222
# SFTPHostKey /etc/ssl/private/wildcard.mydomain.com.key
#</IfModule>

#########################################################################
# Uncomment lines with only one # to allow basic anonymous access       #
# IP address inside container will need to be updated as well.          #
#########################################################################

 <VirtualHost nnn.nnn.nnn.nnn>
  <Anonymous ~/ftp>
    User unixuser
    Group unixgroup
    AllowOverwrite on
    UserAlias anonymous unixuser
    AuthAliasOnly on
    AnonRequirePassword off
    RequireValidShell off
    <Directory *>
      <Limit WRITE>
        DenyAll
      </Limit>
    </Directory>
   <Directory incoming/*>
      <Limit STOR>
        AllowAll
      </Limit>
      <Limit WRITE DIRS READ>
        DenyAll
      </Limit>
      <Limit CWD XCWD CDUP>
        AllowAll
      </Limit>
    </Directory>
  </Anonymous>
 </VirtualHost>

-G
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Baird, Josh | 21 Jan 16:19 2015

[Proftpd-user] Disable normal FTP per user

Hi,

My configuration currently supports FTP/FTPS (implicit)/SFTP using mod_sql.  I'm looking for a clever
way to selectively disable normal FTP for certain users and only allow them to use FTPS/SFTP.  In the past, I
had [hackishly] used user groups to handle this.  Is there a trick I can use with mod_sql to achieve this?

Thanks,

Josh

------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Ezsra McDonald | 16 Jan 18:09 2015
Picon

[Proftpd-user] TLSProtocol Allow only TLSv1.2

We recently disabled SSLv3 in our FTPS server. Soon after recommendations were sent that we should also disable TLSv1.1.

I have ProFTPD Version 1.3.5. and changed TLSProtocol to include only  TLSv1.2. After restarting the server I ran a scan against the server. No TLS protocols are being accepted. But, when I change it to TLSv1 I get the following results:

    Accepted  TLSv1  256 bits  DHE-RSA-AES256-SHA
    Accepted  TLSv1  256 bits  AES256-SHA
    Accepted  TLSv1  128 bits  DHE-RSA-AES128-SHA
    Accepted  TLSv1  128 bits  AES128-SHA
    Accepted  TLSv1  168 bits  EDH-RSA-DES-CBC3-SHA
    Accepted  TLSv1  168 bits  DES-CBC3-SHA
    Accepted  TLSv1  128 bits  RC4-SHA
    Accepted  TLSv1  128 bits  RC4-MD5

From reading the documentation

Module: mod_tls
Compatibility: 1.2.7rc1 and later
TLSv1.1 Allow only TLSv1.1
TLSv1.2 Allow only TLSv1.2

Am I missing something?
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Gmane