forked from saltstack-formulas/proftpd-formula
-
Notifications
You must be signed in to change notification settings - Fork 0
/
pillar.example
95 lines (94 loc) · 3.2 KB
/
pillar.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
proftpd:
ServerName: "My FTP Server"
ServerType: standalone
ServerIdent: '"off"'
DefaultServer: '"on"'
Port: 21
MaxInstances: 50
# General settings
DeferWelcome: '"on"'
MultilineRFC2228: '"on"'
ShowSymlinks: '"on"'
AllowOverwrite: '"on"'
AllowStoreRestart: '"on"'
AllowRetrieveRestart: '"on"'
UseReverseDNS: '"off"'
IdentLookups: '"off"'
ListOptions: "-al"
DisplayChdir: '.message'
# Modules settings
DelayEngine: '"off"'
# Timeout settings
TimeoutLogin: 240
TimeoutNoTransfer: 1200
TimeoutStalled: 1200
TimeoutIdle: 1200
# Security settings
RootLogin: '"off"'
RequireValidShell: '"off"'
User: nobody
Group: nogroup
Umask: '133 022'
DefaultRoot: '~'
DenyFilter: '\*.*/'
DirUmask: '022'
DirAllowOverwrite: '"on"'
DirHideNoAccess: '"on"'
DirLimit: 'READ WRITE STOR CWD MKD RMD DELE XRMD XMKD RNFR POST_CMD'
PathAllowFilter: '"^[a-zA-Z0-9_.-]()''+$"'
PathDenyFilter: "'(\\.ftp)|(\\.ht)[a-z]+$'"
# LOG settings
# Logging Formats
LogFormat:
default: '"%h %1 %u %t \"%r\" %s %b"'
auth: '"%v [%P] %h %t \"%r\" %s"'
write: '"%h %l %u %t \"%r\" %s %b"'
# Activate Logging
SyslogLevel: notice
# all logins
ExtendedLog:
Auth: '/var/log/proftpd/auth.log AUTH auth'
# file/dir access
Access: '/var/log/proftpd/access.log WRITE,READ write'
# everything (be careful, generates_ very_ big logfiles)
# ExtendedLog /var/log/proftpd/proftpd-all.log ALL default
All: '/var/log/proftpd/all.log ALL'
SQL:
# SQL settings
Include: /etc/proftpd/sql.conf
SQLBackend: mysql|postgres
SQLLogFile: '/var/log/proftpd/sql.log'
SQLEngine: 'on'
SQLAuthenticate: 'on'
SQLAuthTypes: Crypt|Plaintext
# SQLAuthenticate users* groups*
AuthOrder: 'mod_sql.c'
SQLConnectInfo: 'username@dbhost username randompassword'
SQLUserInfo: 'users username password uid gid homedir shell'
SQLGroupInfo: 'groups groupname gid members'
SQLUserWhereClause: '"\"login_enabled = ''y''\""'
SQLMinID: 999
SQLMinUserGID: 999
SQLNamedQuery:
# yamllint disable rule:line-length
login: 'login UPDATE "last_login=now(), login_count=login_count+1 WHERE username=''%u''" users'
download: 'download UPDATE "down_count=down_count+1, down_bytes=down_bytes+%b WHERE username=''%u''" users'
upload: 'upload UPDATE "up_count=up_count+1, up_bytes=up_bytes+%b WHERE username=''%u''" users'
# yamllint enable rule:line-length
SQLLog:
PASS: 'PASS login'
RETR: 'RETR download'
STOR: 'STOR upload'
# Enable virus scanning and removal
ClamAV: '"on"'
# Specify the UNIX Local Socket
ClamLocalSocket: /var/run/clamav/clamd.sock
# Any pillar in Modules will cause the formula to manage Proftpd modules.conf
# Modules:
# Enable or disable any module with true or false
# Default list of activated modules is visible in defaults.yaml
# mod_ctrls_admin: true
# mod_radius: false