proftpd.conf

#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6             off
# If set on you can experience a longer connection delay in many cases.
IdentLookups            off

ServerName          "UGOV-FTPS"
DefaultAddress          xxx.xxx.xxx.xxx
SocketBindTight         on
ServerType          inetd
DeferWelcome            off

MultilineRFC2228        on
DefaultServer           on
ShowSymlinks            on

#DisplayLogin                    /univ/ext/ftp/welcome.msg
DisplayChdir                .message true
ListOptions                 "-l"

DenyFilter          \*.*/

# Use this to jail all users in their homes
DefaultRoot             /univ/ext/ftp/
#DefaultRoot            ~
DebugLevel 10

# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
RequireValidShell       off

# Port 21 is the standard FTP port.
Port                21

# Time
TimesGMT                        off

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts                  49152 65534
PassivePorts                  50000 51000

# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
#MasqueradeAddress xxx.xxx.xxx.xxx
#NAT
MasqueradeAddress xxx.xxx.xxx.xxx

# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances            30

# Set the user and group that the server normally runs at.
User                prouniv1
Group               product

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask               022  022
#Umask              000  000

# Normally, we want files to be overwriteable.
AllowOverwrite          on

# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd      off

# This is required to use both PAM-based authentication and local passwords
# AuthOrder         mod_auth_pam.c* mod_auth_unix.c

AuthUserFile /etc/proftpd/univ-ftps-passwd
AuthGroupFile /etc/proftpd//univ-ftps-group
AuthOrder mod_auth_file.c

# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile           off

LogFormat operations "%t %h %l %u \"%r\" %s %b"
SystemLog   /var/log/proftpd/test-ftps-system.log
TransferLog /var/log/proftpd/test-ftps-xfer.log
ExtendedLog /var/log/proftpd/test-ftps-operations.log ALL operations


<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>

<IfModule mod_ratio.c>
Ratios off
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine        off
ControlsMaxClients    2
ControlsLog           /var/log/proftpd/test-controls.log
ControlsInterval      5
ControlsSocket        /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>

# Cineca
<IfModule mod_facts.c>
FactsAdvertise off
</IfModule>

#
# Alternative authentication frameworks
#
#Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf

#
# This is used for FTPS connections
#
#Include /etc/proftpd/tls.conf
TLSEngine                  on
#TLSRequired                on
TLSRequired                on
TLSLog                     /var/log/proftpd/test-ftps-tls.log
TLSProtocol                SSLv23
TLSVerifyClient            off
TLSRenegotiate             none
TLSRSACertificateFile      /etc/ssl/certs/ftps.u-gov.it.crt
TLSRSACertificateKeyFile   /etc/ssl/private/ftps.u-gov.it.key
TLSCertificateChainFile    /etc/ssl/certs/ftps.u-gov.it-chain.pem
TLSOptions                 AllowDotLogin NoCertRequest NoSessionReuseRequired
#TLSOptions                 AllowDotLogin NoSessionReuseRequired

#Custom Options
UseReverseDNS off
UseSendfile off
WtmpLog on

#Permissions
#Include /etc/proftpd/restrictions.conf
#Include /etc/proftpd/user-group-prot.inc
Include /etc/proftpd/test-user-group-prot.inc

<Global>
 ListOptions "" maxdepth 3
 ListOptions "" maxdirs 10
 ListOptions "" maxfiles 1000
 TimeoutLogin                    300
 TimeoutSession                  86400
 TimeoutNoTransfer               3600
 TimeoutStalled                  3600
 TimeoutIdle                     3600

 IdentLookups off
 AllowStoreRestart      on

</Global>