#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
# 

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6				on

ServerName "Mon serveur FTP"
ServerType standalone
ServerIdent on "Bienvenue sur mon ftp. Veuillez-vous identifiez"
DeferWelcome on

MultilineRFC2228		on
DefaultServer			on
ShowSymlinks			on

TimeoutNoTransfer		600
TimeoutStalled		600
TimeoutIdle			1200

DisplayLogin                    welcome.msg
DisplayChdir               .message
ListOptions                	"-l"

DenyFilter			\*.*/

# Use this to jail all users in their homes 
 DefaultRoot			~

# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
 RequireValidShell		off

# Port 21 is the standard FTP port.
Port				21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts                  49152 65534

# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress		1.2.3.4

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances			30

# Set the user and group that the server normally runs at.
User				proftpd
Group				nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask				022  022
# Normally, we want files to be overwriteable.
AllowOverwrite			on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd		off

# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile			off

# Choose a SQL backend among MySQL or PostgreSQL.
# Both modules are loaded in default configuration, so you have to specify the backend 
# or comment out the unused module in /etc/proftpd/modules.conf.
# Use 'mysql' or 'postgres' as possible values.
#
<IfModule mod_sql.c>
 SQLBackend			mysql
</IfModule>

TransferLog /var/log/proftpd/xferlog
SystemLog   /var/log/proftpd/proftpd.log

<IfModule mod_tls.c>
TLSEngine                  on
TLSLog                     /var/log/proftpd/tls.log
TLSProtocol                SSLv23
TLSOptions                 NoCertRequest
TLSRSACertificateFile      /etc/proftpd/ssl/proftpd.cert.pem
TLSRSACertificateKeyFile   /etc/proftpd/ssl/proftpd.key.pem
TLSVerifyClient            off
TLSRequired                off
</IfModule>

MasqueradeAddress domaine.tld
PassivePorts 19200 19250


<IfModule mod_quota.c>
	QuotaDirectoryTally on
	QuotaDisplayUnits Mb
	QuotaShowQuotas on

	# Definit les requetes SQL pour que ProFTPd recupere les infos sur les quotas
	SQLNamedQuery get-quota-limit SELECT "name, quota_type, par_session, limit_type, bytes_up_limit, bytes_down_limit, bytes_transfer_limit, files_up_limit, files_down_limit, files_transfer_limit FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
	SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_up_total, bytes_down_total, bytes_transfer_total, files_up_total, files_down_total, files_transfer_total FROM ftpquotatotal WHERE name = '%{0}' AND quota_type = '%{1}'"
	SQLNamedQuery update-quota-tally UPDATE "bytes_up_total = bytes_up_total + %{0}, bytes_down_total = bytes_down_total + %{1}, bytes_transfer_total = bytes_transfer_total + %{2}, files_up_total = files_up_total + %{3}, files_down_total = files_down_total + %{4}, files_transfer_total = files_transfer_total + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatotal
	SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatotal

	QuotaLimitTable sql:/get-quota-limit
	QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default. 
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine        on
ControlsMaxClients    2
ControlsLog           /var/log/proftpd/controls.log
ControlsInterval      5
ControlsSocket        /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>



# Mod MySQL
# =========
# Les mots de passe sont cryptds la base avec la fct ENCRYPT (MySQL)
SQLAuthTypes Crypt
SQLAuthenticate users* groups*

# Modifiez cette ligne selon l'utilisateur et le mot de passe dinit plut
SQLConnectInfo nomdelabase@localhost utilistaeur motdepasse

# On donne ProFTPD le nom des colonnes de la table usertable
SQLUserInfo ftpuser userid passwd uid gid homedir shell
SQLUserWhereClause "LoginAllowed = 'true'"

# On donne ProFTPD le nom des colonnes de la table "grouptable"
SQLGroupInfo ftpgroup groupname gid members

# Crr le repertoire home de l'utilisateur si il n'existe pas
CreateHome on

# Met jour les compteurs chaque connection d'un utilisateur
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser

#Met jour les compteurs chaque upload ou download d'un utilisateur
SQLLog STOR,DELE modified
SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser


SQLLog RETR                     dlbytescount
SQLNamedQuery                   dlbytescount UPDATE "dl_bytes=dl_bytes+%b WHERE userid='%u'" ftpuser
SQLLog RETR                     dlcount
SQLNamedQuery                   dlcount UPDATE "dl_count=dl_count+1 WHERE userid='%u'" ftpuser
SQLLog STOR                     ulbytescount
SQLNamedQuery                   ulbytescount UPDATE "ul_bytes=ul_bytes+%b WHERE userid='%u'" ftpuser
SQLLog STOR                     ulcount
SQLNamedQuery                   ulcount UPDATE "ul_count=ul_count+1 WHERE userid='%u'" ftpuser


RootLogin off


# Gestion des logs
# ================
# Enregistre les reques SQL dans /var/log/proftpd/mysql.log
SQLLogFile /var/log/proftpd/mysql.log
# Enregistre les authentifications
LogFormat auth "%v [%P] %h %t \"%r\" %s"
ExtendedLog /var/log/proftpd/auth.log AUTH auth
# Enregistre les acc aux fichiers
LogFormat write "%h %l %u %t \"%r\" %s %b"
ExtendedLog /var/log/proftpd/access.log WRITE,READ write

# Recupe le nom partir de l'ip de la machine de l'utilisateur ( resolution DNS )
IdentLookups on