ProFTPD Plugin for unRAID v6.8.x


SlrG

Recommended Posts

Sorry :)

 

here goes

 

Nov  4 19:28:23 Tower kernel: mdcmd (355): spindown 1

Nov  4 19:40:20 Tower in.telnetd[14946]: connect from 192.168.0.57 (192.168.0.57)

Nov  4 19:40:22 Tower login[14947]: ROOT LOGIN  on '/dev/pts/1' from '192.168.0.57'

Nov  4 19:41:15 Tower sudo:    root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/local/sbin/proftpd -c /etc/proftpd.conf

Nov  4 19:41:30 Tower sudo:    root : TTY=pts/1 ; PWD=/root ; USER=root ; COMMAND=/usr/local/sbin/proftpd -c /etc/proftpd.conf

Nov  4 20:24:05 Tower kernel: mdcmd (356): spindown 2

Nov  4 21:06:13 Tower in.telnetd[21208]: connect from 192.168.0.52 (192.168.0.52)

Nov  4 21:06:14 Tower login[21209]: invalid password for 'UNKNOWN'  on '/dev/pts/2' from '192.168.0.52'

Nov  4 21:06:16 Tower login[21209]: ROOT LOGIN  on '/dev/pts/2' from '192.168.0.52'

Nov  4 21:07:01 Tower sudo:    root : TTY=pts/2 ; PWD=/root ; USER=root ; COMMAND=/usr/local/sbin/proftpd -c /etc/proftpd.conf

 

 

Link to comment

@spylex:

glftpd looks nice, but I think it will be hard getting it to run on unraid. I'll give it a try and report back. :)

 

edit:

Using the install script in the archive it is possible to install glftpd on unraid. To get the server to work, a ssl certificate hast to be created. For this to work the openssl.cfg has to be symlinked to openssl.cnf. Then use the script provided by glftpd to create the cert. Add glftpd: ALL to hosts.allow.

 

As the created files should be identical to each unraid installation it should be possible to put them in a plugin. I don't have the time to do this however. glftpd is nice, but I found no way to limit users to specific directories. A requirement I just need.

 

Thats great! I understand about directories, however, it does work:

 

http://glftpd.dk/files/docs/glftpd.docs look at 'privpath' is this what you mean? And also you can set a home directory for each user (/mnt/user/) and then privpath some of the directories there.

 

Also you can set home directories and more.

 

I just want to be able to see who is logged in, what speed they are downloading at, etc. All these things that are really hard in proftpd are easy on glftpd especially with the windows app!

Link to comment

@Madhouse:

No need to uninstall unmenu. I use it myself.

 

spylex is right. As you don't have the package installed via unmenu it is part of another plugin. To find the right one, open the .plg files with a text editor of your choice and search for openssl-0.9.8n-i486-1.txz.

 

If you don't need the identified plugin you could disable it. But chances are you don't want to loose it just to get proftpd working. It then may be possible to replace the old openssl from the plugin to use the new one and the problem will be fixed. But it might break the other plugin so it is not an ideal solution.

 

I contacted the user piotrasd who has a slackware 13.1 build environment. Maybe with his help I'll be able to build a proftpd package with linkedin ssl libraries. It then would not be necessary anymore to install the openssl package and the conflicts will be gone. But until now I did not receive an answer from him.

 

@spylex:

I'm still trying out glftpd. If I get it to work with user specific directories I will create a plugin for it. But it will take time. :)

Link to comment

@spylex:

I'm still trying out glftpd. If I get it to work with user specific directories I will create a plugin for it. But it will take time. :)

 

Mate, this is amazing! Just proftpd is not really good at reporting anything at this point... I think we'll be happier with glftpd. Plus it is what the scene uses ;)

Link to comment

@Madhouse:

No reply from piotrasd yet, but I tried to compile with the older ssl package and it seems to work on my system with the newer one installed, so maybe this new build will work on both.

 

Please download it from here:

http://www.sdevel.de/proftpd-1.3.5rc3.tgz

 

Replace the package in /boot/config/plugins/proftpd with this one and either reboot or type installpkg proftpd-1.3.5rc3.tgz.

 

Then try to start the daemon in the plugin settings again.

Link to comment

@Madhouse:

No reply from piotrasd yet, but I tried to compile with the older ssl package and it seems to work on my system with the newer one installed, so maybe this new build will work on both.

 

Please download it from here:

http://www.sdevel.de/proftpd-1.3.5rc3.tgz

 

Replace the package in /boot/config/plugins/proftpd with this one and either reboot or type installpkg proftpd-1.3.5rc3.tgz.

 

Then try to start the daemon in the plugin settings again.

 

BRILLIANT: :) it worked.. sorry for all the trouble, and thanks for you effort. :)

 

 

Should i remove the openssl package in /boot/config/plugins/proftpd?

 

 

 

 

Link to comment

No problem. Glad I could help you. :) If you remove the ssl package it will be redownloaded - so no, that won't help you.

 

I'll update the plugin to use the older version and new compiled packages. You'll see that an update is available then. The update will remove the obsolete new ssl version but instead the old one will then be downloaded to the plugin dir if missing.

Link to comment

@all:

Side effect of downgrading the package is, that the Simplefeatures Webserver I was still using for VirtualBox stops working if the older ssl package is installed. Manually installing the newer one fixed it, but I thought I'll let you know. Hopefully whoever updates the webserver to be standalone downgrades the package, too. Or all plugin developers should decide to use the newer one. :)

Link to comment

Yes, that dependency stuff is annoying as hell. :)

 

If you follow the instructions I posted above, the install should work just fine on unraid. If you have another system in the vm it won't be much harder. The install script provided by glftpd is quite straightforward.

 

Initial release of a glftpd unraid plugin is nearly ready. :) Expect it sometime next week.

Link to comment
  • 2 weeks later...

Sorry for not understanding the openssl package confusion.

 

If I want to remain using the SimpleFeatures Webserver and ProFTPd at the same time, which openssl package should I use?

Is it secure to have an FTP server in unRAID? I have read that the security in unRAID is not good and the system shouldn´t be opened to the internet. If I would restrict access to certain users, would that be fine?! Is it possible to configure ProFTPd to use SFTP, I have read that it is possible, but I am not sure if it is possible with this plugin.

Link to comment

Hi cirkator,

 

it is not so much a problem of SimpleFeatures or ProFTPd but of the other plugins you are running on your system. SF Webserver (and maybe other components) need the newer SSL package openssl-1.0.1c-i486-3.txz. Some plugins (Sickbeard, Couchpotato? - I don't really know as I don't use them.) depend on the older openssl-0.9.8n-i486-1.txz package.

 

The current version of ProFTPd works with both the older and newer package, but it installs the older one by default at the moment. I made this decision because the older one is from the slackware version that by limetechs guidelines is to be used when designing plugins for unRAID 5.0.x.

 

SimpleFeatures was made before this guideline was released and decided to use the newer package resulting in the problems with other plugins.

 

So what should you do. Just go ahead and install the ProFTP plugin. Now test  if all your plugins work without problems. If you are using the SF Webserver this one will not. If you absolutely need it (like I do) you edit the proftp.plg file and search for this:

<FILE Name="&plg;/openssl-0.9.8n-i486-1.txz" Run="upgradepkg --install-new">
<URL>-q --no-check-certificate &dsv;/openssl-0.9.8n-i486-1.txz</URL>
</FILE>

<?ignore
<FILE Name="&plg;/openssl-1.0.1c-i486-3.txz" Run="upgradepkg --install-new">
<URL>-q --no-check-certificate &dsv;/openssl-1.0.1c-i486-3.txz</URL>
</FILE>
?>

Move the ignore <?ignore ?> tags from the new to the older plugin, save and reboot.

The plugin will now install the newer package and SF Webserver will start working again.

It might break other plugins however. (On my system it doesn't, but it might on yours.)

 

It should be possible to use SFTP, but I haven't tried and can't assist you other then giving

you a link to a post where user Necrotic describes how he has done it.

 

Regarding security: I have my ProFTPD plugins FTP-server running unencrypted on my unRAID and until now there were no security anomalies. Remember to use a non standard port in your router that you forward to your unRAID machines FTP-Port and use a secure password. Using SFTP is a good idea, too. You then should be relatively secure. Of course there is no guarantee that you'll never be hacked even if you do all this.

 

SlrG

 

Link to comment

Thank you for the clarification and detailed instructions.

Since I am currently only using the WebServer Plugin for VirtualBox and not going to use any other plugins, I will go with the newer openssl package.

 

If I succeed in going the SFTP route, I will post my findings and instructions.

I guess it is a good idea to install DenyHosts to stop ScriptKiddies from trying to access the open port!

Edit: Not a good idea, since DenyHosts only monitors the ssh-logfile and therefor is of no use for the ProFTPD plugin. I will ask user Overbyrn if there is a possibility to monitor the ftp-logfile aswell...

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.