ProFTPD (Professional FTP Daemon)
* ProFTPD is an Apache inspired open source FTP server. It supports an apache-like single configuration file (proftpd.conf) and supports modular framework using DSO functionality. Base functionality can be enhanced using extra modules, most of which are contributed by third parties. It supports FTPS (FTP over TLS/SSL) and LDAP, SQL and Radius as authentication sources. Logs are compatible with other open source software such as wuFTPD, squid, Apache etc and hence can be analyzed with standard reporting utilities, such as webalizer and AWstats.
* It compiles easily on Linux and similar systems. Configure script supports enabling built-in modules, buffer configurable and other standard options. Installation tasks include creating a PAM authentication file (ftp) in /etc/pam.d, verifying user id and group to run the server and creating server and CA certificates (in case of FTPS support). CA private key, certificate and server private key and CSR (certificate signing request) can be created using standard openssl commands. However server certificates have to be created with a sign.sh script available in standard Apache mod_ssl distribution. New version of openssl requires a mandatory private key passphrase. However for non-interactive service startup, the passphrase can be removed by exporting a clear-text version using the command, 'openssl rsa -in server.key.org -out server.key.new'. There is a configuration bug in proFTPD related to TLSProtocol parameter. It has to be set to SSLv23 instead of TLSv1 in proftpd.conf file, for FTPS to work.
* ProFTPD offers a lot of security options. Denial of service risks are mitigated with limits on max connections, per user and per client limits and failed login attempts limits. It supports chroot and anonymous features out of the box without the need to setup any special directory structure for them. Further restrictions can be defined for individual files and directories. Access control support is provided for users and client source. An apache (.httpaccess) like .ftpaccess file is also supported.
* It compiles easily on Linux and similar systems. Configure script supports enabling built-in modules, buffer configurable and other standard options. Installation tasks include creating a PAM authentication file (ftp) in /etc/pam.d, verifying user id and group to run the server and creating server and CA certificates (in case of FTPS support). CA private key, certificate and server private key and CSR (certificate signing request) can be created using standard openssl commands. However server certificates have to be created with a sign.sh script available in standard Apache mod_ssl distribution. New version of openssl requires a mandatory private key passphrase. However for non-interactive service startup, the passphrase can be removed by exporting a clear-text version using the command, 'openssl rsa -in server.key.org -out server.key.new'. There is a configuration bug in proFTPD related to TLSProtocol parameter. It has to be set to SSLv23 instead of TLSv1 in proftpd.conf file, for FTPS to work.
* ProFTPD offers a lot of security options. Denial of service risks are mitigated with limits on max connections, per user and per client limits and failed login attempts limits. It supports chroot and anonymous features out of the box without the need to setup any special directory structure for them. Further restrictions can be defined for individual files and directories. Access control support is provided for users and client source. An apache (.httpaccess) like .ftpaccess file is also supported.
posted by Usman Wahid at
12:17 PM
0 Comments:
Post a Comment
<< Home