From fb70bff867dcf7858827b5dbb9ca3cd76003086f Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Thu, 10 Jan 2019 14:28:00 +0000 Subject: [PATCH] - include sample SSL certificates so SSL is working out of the box --- proftpd-mod_tls.conf | 6 +++--- proftpd-server.crt | 17 +++++++++++++++++ proftpd-server.key | 18 ++++++++++++++++++ proftpd.spec | 26 +++++++++++++++++--------- 4 files changed, 55 insertions(+), 12 deletions(-) create mode 100644 proftpd-server.crt create mode 100644 proftpd-server.key diff --git a/proftpd-mod_tls.conf b/proftpd-mod_tls.conf index 99fe1c4..5e7405f 100644 --- a/proftpd-mod_tls.conf +++ b/proftpd-mod_tls.conf @@ -7,13 +7,13 @@ TLSEngine on TLSLog /var/log/proftpd/tls.log # Path to CA chain file -TLSCACertificateFile /etc/ftpd/chain.pem +#TLSCACertificateFile /etc/ftpd/CA.crt # Path to certificate file -TLSRSACertificateFile /etc/ftpd/cert.pem +TLSRSACertificateFile /etc/ftpd/server.crt # Path to certificate key file -TLSRSACertificateKeyFile /etc/ftp/privkey.pem +TLSRSACertificateKeyFile /etc/ftpd/server.key # Define available TLS/SSL ciphers (allow only strong ones by default) TLSCipherSuite HIGH:!kDHd:!aNULL:!aDSS:!eNULL:!DES:!RC4:!RC2:!MD5:!SHA1:!SHA:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1:!EXP:!EXPORT56:!LOW:!MEDIUM:!ADH:!DSS:!NULL diff --git a/proftpd-server.crt b/proftpd-server.crt new file mode 100644 index 0000000..62d81d8 --- /dev/null +++ b/proftpd-server.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICFjCCAX+gAwIBAgIBATANBgkqhkiG9w0BAQQFADBQMRowGAYDVQQKExFEdW1t +eSBjZXJ0aWZpY2F0ZTEbMBkGA1UECxMSSGFzIHRvIGJlIHJlcGxhY2VkMRUwEwYD +VQQDEwx3d3cuYWR2eC5jb20wHhcNMDEwNDA5MDg0NjUyWhcNMDIwNDA5MDg0NjUy +WjBSMSEwHwYDVQQKExhBZHZhbmNlZCBFeHRyYW5ldCBTZXJ2ZXIxGTAXBgNVBAsT +EFRlc3QgQ2VydGlmaWNhdGUxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEAoRtceA5d+grmrN76yHT4TQvbLQqvTsq2fFafNBT/ +DdSh05okHdTldu8kgTvBzpLPuOQvSwy2SzQLwF6nmzWdfY21U33NARp46i/QWD3V +rgIXuhXtToTnkEE6/OGq5KeELgF/EKSXLXkDydyHg9mFlh/J/kKtjv3wtIHceOGn +E18CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCShXMRerTzEJMkIdCDD+ZkOetE65j0 +mkgAGT4etmSiUmNWXy/P26zh1P51YeS4TZFpXxgONVK9PIywhhkVNB8JFdXYKbxW +0h0caVoEHwnfkSERcBVffxaZEDtWa95nxD8pHiZ+++PPOV1P29Ta2j23MWq2JitY +U2Y59HXWwglSaQ== +-----END CERTIFICATE----- + + +#DUMMY \ No newline at end of file diff --git a/proftpd-server.key b/proftpd-server.key new file mode 100644 index 0000000..08c373c --- /dev/null +++ b/proftpd-server.key @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQChG1x4Dl36Cuas3vrIdPhNC9stCq9OyrZ8Vp80FP8N1KHTmiQd +1OV27ySBO8HOks+45C9LDLZLNAvAXqebNZ19jbVTfc0BGnjqL9BYPdWuAhe6Fe1O +hOeQQTr84arkp4QuAX8QpJcteQPJ3IeD2YWWH8n+Qq2O/fC0gdx44acTXwIDAQAB +AoGASjM323OChO8QXv4zsq9szM9xGsWZCEkE0y9yE6K39b7A6ZxMlhC/vo9V2M+U +63dihF1UCtTIAMrvvqHZv/pplfbUJDAeNm38BBlA/ZQL8iV9qxNrBEfBkLi5AtcR +vJq5NitAE+vpcn00QNs7EKflRwi5arQOBGqS9c3uPimtOcECQQDQc9onX9kZuzz6 +69GQYkkj3dkZx6lCtDDexTWkM1yXGVSjvFA7fZOKJRNkGgc6iwbnTsEJfaEC9j7r +AkF7/92dAkEAxdrbwKjx4/OZnve82O4VRGkZFo6c47QDXCKhlRdJzrBSCNOnRaLx +vjtYXbqq8BPgdGO72pj1TaAlp1+kxdYiKwJBALBhtzAl/C+3rUusirCfWcANkgws +U95rVgbJ3C/KfggkmOfLCiCsi1ETOiszkvZIeVjz3IdJVBqLfoWgbQSdZkkCQQDF +WpBWdW6KnSL/0Uda7ujhyx+OQ4S1EItFbPnV+FvTwkahrVUtfeI6iYGURK1bOchq +8EyiOG5/Fp5YfGukNvrvAkBT5AAvfk6nFHshdHDhTZs+5TE24g0aTtMEQc82cobd +JG5vFxybo3z1l1QU4/pG3jP847/6HtZCxZ/J0xLATJml +-----END RSA PRIVATE KEY----- + + +#DUMMY \ No newline at end of file diff --git a/proftpd.spec b/proftpd.spec index 4f4e60b..f331469 100644 --- a/proftpd.spec +++ b/proftpd.spec @@ -24,7 +24,7 @@ Summary(pt_BR.UTF-8): Servidor FTP profissional, com sintaxe de configuração s Summary(zh_CN.UTF-8): 易于管理的,安全的 FTP 服务器 Name: proftpd Version: 1.3.6 -Release: 2.1 +Release: 3 Epoch: 2 License: GPL v2+ Group: Networking/Daemons @@ -45,6 +45,8 @@ Source10: %{name}-mod_tls.conf Source11: %{name}-anonftp.conf Source12: %{name}-mod_clamav.conf Source13: %{name}.logrotate +Source14: %{name}-server.crt +Source15: %{name}-server.key Patch0: %{name}-paths.patch Patch1: %{name}-noautopriv.patch URL: http://www.proftpd.org/ @@ -510,9 +512,8 @@ install -d $RPM_BUILD_ROOT/etc/{logrotate.d,pam.d,security,sysconfig/rc-inetd,rc rm $RPM_BUILD_ROOT%{_sbindir}/in.proftpd -install %{SOURCE13} $RPM_BUILD_ROOT/etc/logrotate.d/proftpd install %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir} -install %{SOURCE9} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/mod_auth_pam.conf +cp -a %{SOURCE9} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/mod_auth_pam.conf MODULES=" mod_auth_file mod_ident @@ -531,13 +532,18 @@ mod_wrap for module in $MODULES; do echo "LoadModule $module.c" > $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/$module.conf done -install %{SOURCE10} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/mod_tls.conf -install %{SOURCE11} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/anonftp.conf -install %{SOURCE12} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/mod_clamav.conf +cp -a %{SOURCE10} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/mod_tls.conf +cp -a %{SOURCE11} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/anonftp.conf +cp -a %{SOURCE12} $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/mod_clamav.conf -%{?with_pam:install %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/ftp} -install %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/rc-inetd/ftpd -install %{SOURCE5} $RPM_BUILD_ROOT/etc/sysconfig/proftpd +cp -a %{SOURCE14} $RPM_BUILD_ROOT%{_sysconfdir}/server.crt +cp -a %{SOURCE15} $RPM_BUILD_ROOT%{_sysconfdir}/server.key + +cp -a %{SOURCE13} $RPM_BUILD_ROOT/etc/logrotate.d/proftpd + +%{?with_pam:cp -a %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/ftp} +cp -a %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/rc-inetd/ftpd +cp -a %{SOURCE5} $RPM_BUILD_ROOT/etc/sysconfig/proftpd install %{SOURCE6} $RPM_BUILD_ROOT/etc/rc.d/init.d/proftpd install contrib/xferstats.holger-preiss $RPM_BUILD_ROOT%{_bindir}/xferstat @@ -781,6 +787,8 @@ fi %files mod_tls %defattr(644,root,root,755) %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/mod_tls.conf +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/server.crt +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/server.key %attr(755,root,root) %{_libexecdir}/mod_tls.so %files mod_wrap -- 2.46.0