opt/vsftpd/vsftpd-config.patch

137 lines
5.3 KiB
Diff

diff -Nru vsftpd-3.0.3.orig/Makefile vsftpd-3.0.3/Makefile
--- vsftpd-3.0.3.orig/Makefile 2015-07-25 10:46:48.976048527 +0200
+++ vsftpd-3.0.3/Makefile 2015-07-25 10:47:10.025301281 +0200
@@ -3,7 +3,7 @@
INSTALL = install
IFLAGS = -idirafter dummyinc
#CFLAGS = -g
-CFLAGS = -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 \
+CFLAGS += -fPIE -fstack-protector --param=ssp-buffer-size=4 \
-Wall -W -Wshadow -Werror -Wformat-security \
-D_FORTIFY_SOURCE=2 \
#-pedantic -Wconversion
@@ -29,21 +29,10 @@
$(CC) -o vsftpd $(OBJS) $(LINK) $(LDFLAGS) $(LIBS)
install:
- if [ -x /usr/local/sbin ]; then \
- $(INSTALL) -m 755 vsftpd /usr/local/sbin/vsftpd; \
- else \
- $(INSTALL) -m 755 vsftpd /usr/sbin/vsftpd; fi
- if [ -x /usr/local/man ]; then \
- $(INSTALL) -m 644 vsftpd.8 /usr/local/man/man8/vsftpd.8; \
- $(INSTALL) -m 644 vsftpd.conf.5 /usr/local/man/man5/vsftpd.conf.5; \
- elif [ -x /usr/share/man ]; then \
- $(INSTALL) -m 644 vsftpd.8 /usr/share/man/man8/vsftpd.8; \
- $(INSTALL) -m 644 vsftpd.conf.5 /usr/share/man/man5/vsftpd.conf.5; \
- else \
- $(INSTALL) -m 644 vsftpd.8 /usr/man/man8/vsftpd.8; \
- $(INSTALL) -m 644 vsftpd.conf.5 /usr/man/man5/vsftpd.conf.5; fi
- if [ -x /etc/xinetd.d ]; then \
- $(INSTALL) -m 644 xinetd.d/vsftpd /etc/xinetd.d/vsftpd; fi
+ $(INSTALL) -D -m 755 vsftpd $(DESTDIR)/usr/sbin/vsftpd
+ $(INSTALL) -D -m 644 vsftpd.8 $(DESTDIR)/usr/man/man8/vsftpd.8
+ $(INSTALL) -D -m 644 vsftpd.conf.5 $(DESTDIR)/usr/man/man5/vsftpd.conf.5
+ $(INSTALL) -D -m 600 vsftpd.conf $(DESTDIR)/etc/vsftpd.conf
clean:
rm -f *.o *.swp vsftpd
diff -Nru vsftpd-3.0.3.orig/builddefs.h vsftpd-3.0.3/builddefs.h
--- vsftpd-3.0.3.orig/builddefs.h 2015-07-25 10:46:48.976048527 +0200
+++ vsftpd-3.0.3/builddefs.h 2015-07-25 10:51:14.686615834 +0200
@@ -2,8 +2,8 @@
#define VSF_BUILDDEFS_H
#undef VSF_BUILD_TCPWRAPPERS
-#define VSF_BUILD_PAM
-#undef VSF_BUILD_SSL
+#undef VSF_BUILD_PAM
+#define VSF_BUILD_SSL
#endif /* VSF_BUILDDEFS_H */
diff -Nru vsftpd-3.0.3.orig/tunables.c vsftpd-3.0.3/tunables.c
--- vsftpd-3.0.3.orig/tunables.c 2015-07-25 10:46:48.976048527 +0200
+++ vsftpd-3.0.3/tunables.c 2015-07-25 10:48:46.175221304 +0200
@@ -254,7 +254,7 @@
/* -rw------- */
tunable_chown_upload_mode = 0600;
- install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir);
+ install_str_setting("/var/empty", &tunable_secure_chroot_dir);
install_str_setting("ftp", &tunable_ftp_username);
install_str_setting("root", &tunable_chown_username);
install_str_setting("/var/log/xferlog", &tunable_xferlog_file);
@@ -281,11 +281,10 @@
install_str_setting(0, &tunable_user_sub_token);
install_str_setting("/etc/vsftpd.email_passwords",
&tunable_email_password_file);
- install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
- &tunable_rsa_cert_file);
+ install_str_setting("/etc/ssl/certs/vsftpd.crt", &tunable_rsa_cert_file);
install_str_setting(0, &tunable_dsa_cert_file);
install_str_setting("ECDHE-RSA-AES256-GCM-SHA384", &tunable_ssl_ciphers);
- install_str_setting(0, &tunable_rsa_private_key_file);
+ install_str_setting("/etc/ssl/keys/vsftpd.key", &tunable_rsa_private_key_file);
install_str_setting(0, &tunable_dsa_private_key_file);
install_str_setting(0, &tunable_ca_certs_file);
}
diff -Nru vsftpd-3.0.3.orig/vsftpd.conf vsftpd-3.0.3/vsftpd.conf
--- vsftpd-3.0.3.orig/vsftpd.conf 2015-07-25 10:46:48.976048527 +0200
+++ vsftpd-3.0.3/vsftpd.conf 2015-07-25 10:50:10.758885261 +0200
@@ -8,11 +8,18 @@
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
+#
+# Enable SSL support
+#ssl_enable=YES
+#ssl_sslv3=YES
+#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
#local_enable=YES
+#force_local_logins_ssl=YES
+#force_local_data_ssl=YES
#
# Uncomment this to enable any form of FTP write command.
#write_enable=YES
@@ -110,6 +117,7 @@
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
+background=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd with two configuration files.
diff -Nru vsftpd-3.0.3.orig/vsftpd.conf.5 vsftpd-3.0.3/vsftpd.conf.5
--- vsftpd-3.0.3.orig/vsftpd.conf.5 2015-07-25 10:46:48.976048527 +0200
+++ vsftpd-3.0.3/vsftpd.conf.5 2015-07-25 10:47:10.025301281 +0200
@@ -955,21 +955,21 @@
This option specifies the location of the RSA certificate to use for SSL
encrypted connections.
-Default: /usr/share/ssl/certs/vsftpd.pem
+Default: /etc/ssl/certs/vsftpd.crt
.TP
.B rsa_private_key_file
This option specifies the location of the RSA private key to use for SSL
encrypted connections. If this option is not set, the private key is expected
to be in the same file as the certificate.
-Default: (none)
+Default: /etc/ssl/keys/vsftpd.key
.TP
.B secure_chroot_dir
This option should be the name of a directory which is empty. Also, the
directory should not be writable by the ftp user. This directory is used
as a secure chroot() jail at times vsftpd does not require filesystem access.
-Default: /usr/share/empty
+Default: /var/empty
.TP
.B ssl_ciphers
This option can be used to select which SSL ciphers vsftpd will allow for