ProFTP auf Centos 7 - 200 Schutz auf Privat eingestellt tritt auf

tag-icon tag-icon ftp tls proftpd
ProFTP auf Centos 7 - 200 Schutz auf Privat eingestellt tritt auf

ProFTP auf Centos 7. Ich habe 2 virtuelle Virtualmin-Server mit derselben Servervorlage erstellt. Nehmen wir an, A.com und B.com. Ihre Benutzer können sich mit TLS mit ihren FTP-Konten verbinden

Hier meine globale Konfiguration

ServerName          "ProFTPD server"
ServerIdent         on "FTP Server ready."
ServerAdmin         root@localhost
DefaultServer           on

# Cause every FTP user except adm to be chrooted into their home directory
DefaultRoot         ~ !adm

# Use pam to authenticate (default) and be authoritative
AuthPAMConfig           proftpd
AuthOrder           mod_auth_pam.c* mod_auth_unix.c

# Don't do reverse DNS lookups (hangs on DNS problems)
UseReverseDNS off

# Set the user and group that the server runs as
User                nobody
Group               nobody

MaxInstances 50

# Disable sendfile by default since it breaks displaying the download speeds in
# ftptop and ftpwho
UseSendfile         off

# Force to use Ascii transfer
DefaultTransferMode ascii

# Define the log formats
LogFormat           default "%h %l %u %t \"%r\" %s %b"
LogFormat           auth    "%v [%P] %h %t \"%r\" %s"

LoadModule mod_ctrls_admin.c
LoadModule mod_deflate.c
LoadModule mod_sftp.c
LoadModule mod_sftp_pam.c
LoadModule mod_vroot.c


# Allow only user root to load and unload modules, but allow everyone
# to see which modules have been loaded
# (http://www.proftpd.org/docs/modules/mod_dso.html#ModuleControlsACLs)
ModuleControlsACLs      insmod,rmmod allow user root
ModuleControlsACLs      lsmod allow user *

# Enable basic controls via ftpdctl
# (http://www.proftpd.org/docs/modules/mod_ctrls.html)
ControlsEngine          on
ControlsACLs            all allow user root
ControlsSocketACL       allow user *
ControlsLog         /var/log/proftpd/controls.log

# Enable admin controls via ftpdctl
# (http://www.proftpd.org/docs/contrib/mod_ctrls_admin.html)
<IfModule mod_ctrls_admin.c>
  AdminControlsEngine       on
  AdminControlsACLs     all allow user root
</IfModule>

# Enable mod_vroot by default for better compatibility with PAM
# (http://bugzilla.redhat.com/506735)
<IfModule mod_vroot.c>
  VRootEngine           on
</IfModule>

# Dynamic ban lists (http://www.proftpd.org/docs/contrib/mod_ban.html)
# Enable this with PROFTPD_OPTIONS=-DDYNAMIC_BAN_LISTS in /etc/sysconfig/proftpd
<IfDefine DYNAMIC_BAN_LISTS>
  LoadModule            mod_ban.c
  BanEngine         on
  BanLog            /var/log/proftpd/ban.log
  BanTable          /var/run/proftpd/ban.tab

  # If the same client reaches the MaxLoginAttempts limit 2 times
  # within 10 minutes, automatically add a ban for that client that
  # will expire after one hour.
  BanOnEvent            MaxLoginAttempts 2/00:10:00 01:00:00

  # Inform the user that it's not worth persisting
  BanMessage            "Host %a has been banned"

  # Allow the FTP admin to manually add/remove bans
  BanControlsACLs       all allow user ftpadm
</IfDefine>

# Set networking-specific "Quality of Service" (QoS) bits on the packets used
# by the server (contrib/mod_qos.html)
<IfDefine QOS>
  LoadModule            mod_qos.c
  # RFC791 TOS parameter compatibility
  QoSOptions            dataqos throughput ctrlqos lowdelay
  # For a DSCP environment (may require tweaking)
  #QoSOptions           dataqos CS2 ctrlqos AF41
</IfDefine>

# Global Config - config common to Server Config and all virtual hosts
# See: http://www.proftpd.org/docs/howto/Vhost.html
<Global>

  # Umask 022 is a good standard umask to prevent new dirs and files
  # from being group and world writable
  Umask             022

  # Allow users to overwrite files and change permissions
  AllowOverwrite        yes

  <IfModule mod_tls.c>
    TLSEngine                               on
    TLSLog                                  /var/log/proftpd/tls.log
    TLSProtocol                             SSLv23

    TLSRSACertificateFile                   /etc/ssl/let_proFTPD.crt
    TLSRSACertificateKeyFile                /etc/ssl/let_proFTPD.key

    #TLSCACertificateFile                   /etc/ssl/certs/CA.pem
    TLSOptions                              NoCertRequest EnableDiags NoSessionReuseRequired
    TLSVerifyClient                         off
    TLSRequired                             off
    TLSRenegotiate                          required on
  </IfModule>

  <Limit ALL SITE_CHMOD>
        AllowAll 
  </Limit>
    
  RootLogin off
  PassivePorts 20000 20100

</Global>

Was nun passiert, ist, dass der A.com-Benutzer jedes Mal, wenn ich versuche, per FTP zu kommunizieren, problemlos eine Verbindung herstellen kann, aber der B.com-Benutzer kann manchmal eine Verbindung herstellen, manchmal aber auch über den PWD-Befehl

Command: PWD
Response: 200 Protection set to Private
Error:  Failed to parse returned path.
Error:  Failed to retrieve directory listing

dann stoppt es. Ich frage mich, ob es am TransferMode lag. Ich habe erfolglos versucht, den DefaultTransferMode auf ASCII oder Binär zu erzwingen. Irgendeine Idee dazu?

verwandte Informationen