-
Notifications
You must be signed in to change notification settings - Fork 119
/
10_proftpd_tuning.pl
80 lines (64 loc) · 2.3 KB
/
10_proftpd_tuning.pl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# i-MSCP Listener::ProFTP::Tuning listener file
# Copyright (C) 2015-2016 Rene Schuster <mail@reneschuster.de>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
#
## Listener file that removes the ServerIdent information, allows to change the
## passive ports and forces a TLS connection for non local networks.
#
package Listener::ProFTP::Tuning;
use strict;
use warnings;
use iMSCP::EventManager;
# Specify the passive ports for proftpd
my $passivePorts = "60000 65535";
# Configure the list of local networks to allow non TLS connection
# my @localNetworks = ( '127.0.0.1', '192.168.1.1', '172.16.12.0/24' );
my @localNetworks = ('127.0.0.1');
#
## Please, don't edit anything below this line
#
iMSCP::EventManager->getInstance()->register('afterFtpdBuildConf', sub {
my ($tplContent, $tplName) = @_;
my $cfgSnippet = <<EOF;
# Don't require FTPS from local clients
<IfClass local>
TLSRequired off
</IfClass>
# Require FTPS from remote/non-local clients
<IfClass !local>
TLSRequired on
</IfClass>
EOF
my $cfgNetworks;
for my $networks(@localNetworks) {
$cfgNetworks .= "\n From $networks";
}
if ($tplName eq 'proftpd.conf') {
# disable the message displayed on connect
$$tplContent =~ s/^(ServerType.*)/$1\nServerIdent off/m;
# insert passive ports
$$tplContent =~ s/^#(PassivePorts).*$/$1 $passivePorts/m;
# remove TLSRequired
$$tplContent =~ s/^\s+TLSRequired.*\n//m;
# insert $cfgSnippet
$$tplContent =~ s/^(<IfModule mod_tls\.c>$)/$1\n$cfgSnippet/m;
# insert class local
$$tplContent .= "\n<Class local>$cfgNetworks\n</Class>";
}
0;
});
1;
__END__