Michael Kolb Fulda» Web Engineering http://www.michael-kolb.co.uk Web Engineering Mon, 01 Mar 2010 05:58:27 +0000 http://wordpress.org/?v=2.9.1 en hourly 1 ProFTPd authentification with MySQL http://www.michael-kolb.co.uk/webhosting/proftpd-authentification-with-mysql/ http://www.michael-kolb.co.uk/webhosting/proftpd-authentification-with-mysql/#comments Sat, 06 Dec 2008 07:06:11 +0000 mk_michael http://www.michael-kolb.co.uk/?p=69 It’s very helpful to use the mysql authentification for proftpd. Especially if you manage a quite number of users. So you’re able to use a central database which manages the accounts.

proftpd with mysql

First thing you need is an appropriate mysql schema that belongs your needs. This is my example:

CREATE TABLE ftp_users (
username varchar(60) binary default NULL,
uid int(11) default NULL,
gid int(11) default NULL,
password varchar(30) default NULL,
homedir varchar(250) default NULL,
count int(11) default NULL,
ui bigint(20) NOT NULL auto_increment,
shell varchar(60) default NULL,
last datetime default NULL,
allow char(1) default NULL,
PRIMARY KEY (ui)
) TYPE=ISAM PACK_KEYS=1;

CREATE TABLE xfer_stat (
username tinytext,
filename text,
size bigint(20) default NULL,
host tinytext,
ip tinytext,
action tinytext,
durability tinytext,
local_time datetime default NULL,
success char(1) default NULL,
ui bigint(20) NOT NULL auto_increment,
PRIMARY KEY (ui)
) TYPE=MyISAM;

Be sure to have installed all required linux packages:

apt-get -y install mysql-client-5.0
apt-get -y install mysql-server-5.0
apt-get -y install mysql-common
apt-get -y install proftpd-mysql

Last thing to do is adapting the /etc/proftpd.conf for acessing mysql tables. You will find the lines at end of the configuration file. Please insert your passwords:


DefaultRoot ~
RequireValidShell off

SQLAuthTypes Plaintext Crypt
SQLAuthenticate users* groups*
SQLConnectInfo mysqluser@127.0.0.1 mysqluser mysqlpassword
SQLUserInfo ftp_users username password uid gid homedir shell
SQLGroupInfo ftp_groups groupname gid members
SQLUserWhereClause "login_enabled = 'Y'"

SQLLogFile /var/log/ftp/proftpd.sql.log

SQLLog PASS login
SQLNamedQuery login UPDATE "last_login=now(), login_count=login_count+1 WHERE username='%u'" ftp_users

SQLLog RETR download
SQLNamedQuery download UPDATE "down_count=down_count+1, down_bytes=down_bytes+%b WHERE username='%u'" ftp_users

SQLLog STOR upload
SQLNamedQuery upload UPDATE "up_count=up_count+1, up_bytes=up_bytes+%b WHERE username='%u'" ftp_users

Helpful link:
http://www.proftpd.de/HowTo-SQL.29.0.html

]]> http://www.michael-kolb.co.uk/webhosting/proftpd-authentification-with-mysql/feed/ 0 Changing ssh port to improve security http://www.michael-kolb.co.uk/linuxdaemons/changing-ssh-port/ http://www.michael-kolb.co.uk/linuxdaemons/changing-ssh-port/#comments Fri, 28 Nov 2008 13:55:44 +0000 mk_michael http://www.michael-kolb.co.uk/?p=327 For security reasons, it’s advisable to change the ssh standard port 22 into something else. So you will get less attacks to sshd. This improves the security for your server. Furthermore, you should block root from connecting via ssh.

Open your /etc/ssh/sshd_config
Changing the port:

# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.

# change the port configuration – for example to 2233
Port 2233
Protocol 2

And blocking user root

#
PermitRootLogin without-password
PermitRootLogin no
#

You need to restart the sshd script with /etc/init.d/sshd restart Please stay logged in as root, before you’ve tested the new ssh – connect with a second console.

Now create an user account with lower permissions than root. Use this account to connect your server via ssh, followed by the “su” command to get root permissions.


useradd -u 999 -g 100 remotessh -d /home/remotessh -s /bin/bash

Connecting your server with the new port:

ssh -P 2233 yourserver.com -l remotessh

Setting up a firewall with iptables to improve systems security will bei shown in this article

Helpful links:

]]> http://www.michael-kolb.co.uk/linuxdaemons/changing-ssh-port/feed/ 2