Initial commit.

vsftpd/ftpusers

@@ -0,0 +1,15 @@
+# Users that are not allowed to login via ftp
+root
+bin
+daemon
+adm
+lp
+sync
+shutdown
+halt
+mail
+news
+uucp
+operator
+games
+nobody

vsftpd/user_list

@@ -0,0 +1,20 @@
+# vsftpd userlist
+# If userlist_deny=NO, only allow users in this file
+# If userlist_deny=YES (default), never allow users in this file, and
+# do not even prompt for a password.
+# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
+# for users that are denied.
+root
+bin
+daemon
+adm
+lp
+sync
+shutdown
+halt
+mail
+news
+uucp
+operator
+games
+nobody

vsftpd/vsftpd.conf

@@ -0,0 +1,90 @@
+# Example config file /etc/vsftpd/vsftpd.conf
+#
+seccomp_sandbox=NO
+anonymous_enable=NO
+local_enable=YES
+write_enable=YES
+local_umask=022
+
+anon_upload_enable=NO
+anon_mkdir_write_enable=NO
+
+dirmessage_enable=YES
+xferlog_enable=YES
+connect_from_port_20=YES
+setproctitle_enable=YES
+
+#chown_uploads=YES
+#chown_username=whoever
+
+xferlog_enable=YES
+xferlog_std_format=NO
+xferlog_file=/var/log/vsftpd.log
+log_ftp_protocol=NO
+
+# You may change the default value for timing out an idle session.
+idle_session_timeout=600
+data_connection_timeout=120
+
+# It is recommended that you define on your system a unique user which the
+# ftp server can use as a totally isolated and unprivileged user.
+#nopriv_user=ftpsecure
+#async_abor_enable=YES
+#ascii_upload_enable=YES
+#ascii_download_enable=YES
+
+# You may fully customise the login banner string:
+ftpd_banner=Welcome to FTP service.
+
+#deny_email_enable=YES
+#banned_email_file=/etc/vsftpd/banned_emails
+
+# You may specify an explicit list of local users to chroot() to their home
+# directory. If chroot_local_user is YES, then this list becomes a list of
+# users to NOT chroot().
+#chroot_local_user=YES
+#chroot_list_enable=YES
+#chroot_list_file=/etc/vsftpd/chroot_list
+
+# You may activate the "-R" option to the builtin ls. This is disabled by
+# default to avoid remote users being able to cause excessive I/O on large
+# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
+# the presence of the "-R" option, so there is a strong case for enabling it.
+#ls_recurse_enable=YES
+
+# listen
+listen=YES
+listen_port=21
+listen_ipv6=NO
+
+# enable passive connections
+pasv_address=192.168.1.2
+pasv_enable=Yes
+pasv_enable=Yes
+pasv_min_port=44000
+pasv_max_port=44100
+port_enable=YES
+pasv_addr_resolve=NO
+
+guest_enable=NO
+hide_ids=YES
+pam_service_name=vsftpd
+userlist_enable=YES
+tcp_wrappers=NO
+
+# SSL
+#
+#
+ssl_enable=YES
+allow_anon_ssl=NO
+force_local_data_ssl=NO
+force_local_logins_ssl=NO
+ssl_tlsv1_1=YES
+ssl_tlsv1_2=YES
+ssl_tlsv1=NO
+ssl_sslv2=NO
+ssl_sslv3=NO
+require_ssl_reuse=YES
+ssl_ciphers=HIGH
+rsa_cert_file=/etc/letsencrypt/live/club3d.ro-0001/fullchain.pem
+rsa_private_key_file=/etc/letsencrypt/live/club3d.ro-0001/privkey.pem

vsftpd/vsftpd_conf_migrate.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+#move old config files and symlink them
+#shipped with vsftpd-2.0.1-6
+shopt -s nullglob
+PREFIX="vsftpd"
+for file in /etc/${PREFIX}.*; do
+    if [ ! -L $file ]; then
+        new=`echo $file | sed s/${PREFIX}\./${PREFIX}\\\\//g | sed s/\.rpmsave//g`
+        mv -f ${file} ${new}
+	ln -s ${new} ${file}
+	echo $file moved to $new
+    fi
+done