Probleme proftpd <Ifmodule>

Support Debian
#1

Bonjour,

j’ai installé un serveur proftpd avec authentification par certificat SSL
j’avais auparavant installer ce serveur sur une machine ubuntu 8.10 Desktop et cela fonctionnais.
J’ai souhaité migrer vers debian et lors du demarrage du serveur j’ai ce message d’erreur :
"Starting ftp server: proftpd - Fatal: : unclosed context on line 208 of ‘/etc/proftpd/proftpd.conf’"
la ligne 208 est la derniere de mon fichier de conf et ne correspond pas au problème.Au niveau des logs il n’y a tout simplement aucune erreur

comment puis-je corriger ce problème ?

voici mon fichier de configuration

[quote]#

/etc/proftpd/proftpd.conf – This is a basic ProFTPD configuration file.

To really apply changes reload proftpd after modifications.

Includes DSO modules

Include /etc/proftpd/modules.conf

Set off to disable IPv6 support which is annoying on IPv4 only boxes.

UseIPv6 off

ServerName “Mon serveur FTP”

ServerType standalone

ServerIdent on “Bienvenue sur mon ftp. Veuillez-vous identifiez”

DeferWelcome on

MultilineRFC2228 on

DefaultServer on

ShowSymlinks on

TimeoutNoTransfer 600

TimeoutStalled 600

TimeoutIdle 1200

DisplayLogin welcome.msg

#DisplayChdir .message

ListOptions “-l”

DenyFilter *.*/

Use this to jail all users in their homes

DefaultRoot ~

Users require a valid shell listed in /etc/shells to login.

Use this directive to release that constrain.

RequireValidShell off

Port 21 is the standard FTP port.

Port 21

In some cases you have to specify passive ports range to by-pass

firewall limitations. Ephemeral ports can be used for that, but

feel free to use a more narrow range.

PassivePorts 49152 65534

If your host was NATted, this option is useful in order to

allow passive tranfers to work. You have to use your public

address and opening the passive ports used on your firewall as well.

MasqueradeAddress 1.2.3.4

To prevent DoS attacks, set the maximum number of child processes

to 30. If you need to allow more than 30 concurrent connections

at once, simply increase this value. Note that this ONLY works

in standalone mode, in inetd mode you should use an inetd server

that allows you to limit maximum number of processes per service

(such as xinetd)

MaxInstances 30

Set the user and group that the server normally runs at.

User proftpd

Group nogroup

Umask 022 is a good standard umask to prevent new files and dirs

(second parm) from being group and world writable.

#Umask 002 002

Normally, we want files to be overwriteable.

AllowOverwrite on

Uncomment this if you are using NIS or LDAP to retrieve passwords:

PersistentPasswd off

Be warned: use of this directive impacts CPU average load!

Uncomment this if you like to see progress and transfer rate with ftpwho

in downloads. That is not needed for uploads rates.

UseSendFile off

Choose a SQL backend among MySQL or PostgreSQL.

Both modules are loaded in default configuration, so you have to specify the backend

or comment out the unused module in /etc/proftpd/modules.conf.

Use ‘mysql’ or ‘postgres’ as possible values.

SQLBackend mysql

TransferLog /var/log/proftpd/xferlog

SystemLog /var/log/proftpd/proftpd.log

TLSEngine on

TLSLog /var/log/proftpd/tls.log

TLSProtocol SSLv23

TLSOptions NoCertRequest

TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem

TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem

TLSVerifyClient off

TLSRequired off

#MasqueradeAddress rt74.eu

#PassivePorts 19200 19250

QuotaDirectoryTally on

QuotaDisplayUnits Mb

QuotaShowQuotas on

Definit les requetes SQL pour que ProFTPd recupere les infos sur les quotas

SQLNamedQuery get-quota-limit SELECT “name, quota_type, par_session, limit_type, bytes_up_limit, bytes_down_limit, bytes_transfer_limit, files_up_limit, files_down_limit, files_transfer_limit FROM ftpquotalimits WHERE name = ‘%{0}’ AND quota_type = ‘%{1}’”

SQLNamedQuery get-quota-tally SELECT “name, quota_type, bytes_up_total, bytes_down_total, bytes_transfer_total, files_up_total, files_down_total, files_transfer_total FROM ftpquotatotal WHERE name = ‘%{0}’ AND quota_type = ‘%{1}’”

SQLNamedQuery update-quota-tally UPDATE "bytes_up_total = bytes_up_total + %{0}, bytes_down_total = bytes_down_total + %{1},
bytes_transfer_total = bytes_transfer_total + %{2}, files_up_total = files_up_total + %{3}, files_down_total = files_down_total + %{4}, files_transfer_total = files_transfer_total + %{5} WHERE name = ‘%{6}’ AND quota_type = ‘%{7}’"
ftpquotatotal

SQLNamedQuery insert-quota-tally INSERT “%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}” ftpquotatotal

QuotaLimitTable sql:/get-quota-limit

QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally

#

#Ratios on

#

Delay engine reduces impact of the so-called Timing Attack described in

security.lss.hr/index.php?page=d … 2004-10-02

It is on by default.

#

#DelayEngine on

#

ControlsEngine on

ControlsMaxClients 2

ControlsLog /var/log/proftpd/controls.log

ControlsInterval 5

ControlsSocket /var/run/proftpd/proftpd.sock

AdminControlsEngine on

Mod MySQL

=========

Les mots de passe sont cryptds la base avec la fct ENCRYPT (MySQL)

SQLAuthTypes Crypt

SQLAuthenticate users* groups*

Modifiez cette ligne selon l’utilisateur et le mot de passe dinit plut

SQLConnectInfo proftpd@localhost proftpd password

On donne ProFTPD le nom des colonnes de la table usertable

SQLUserInfo ftpuser userid passwd uid gid homedir shell

SQLUserWhereClause “LoginAllowed = ‘true’”

On donne ProFTPD le nom des colonnes de la table “grouptable”

SQLGroupInfo ftpgroup groupname gid members

Creer le repertoire home de l’utilisateur si il n’existe pas

CreateHome on

Met jour les compteurs chaque connection d’un utilisateur

SQLLog PASS updatecount

SQLNamedQuery updatecount UPDATE “count=count+1, accessed=now() WHERE userid=’%u’” ftpuser

#Met jour les compteurs chaque upload ou download d’un utilisateur

SQLLog STOR,DELE modified

SQLNamedQuery modified UPDATE “modified=now() WHERE userid=’%u’” ftpuser

SQLLog RETR dlbytescount

SQLNamedQuery dlbytescount UPDATE “dl_bytes=dl_bytes+%b WHERE userid=’%u’” ftpuser

SQLLog RETR dlcount

SQLNamedQuery dlcount UPDATE “dl_count=dl_count+1 WHERE userid=’%u’” ftpuser

SQLLog STOR ulbytescount

SQLNamedQuery ulbytescount UPDATE “ul_bytes=ul_bytes+%b WHERE userid=’%u’” ftpuser

SQLLog STOR ulcount

SQLNamedQuery ulcount UPDATE “ul_count=ul_count+1 WHERE userid=’%u’” ftpuser

RootLogin off

Gestion des logs

================

Enregistre les reques SQL dans /var/log/proftpd/mysql.log

SQLLogFile /var/log/proftpd/mysql.log

Enregistre les authentifications

LogFormat auth “%v [%P] %h %t “%r” %s”

ExtendedLog /var/log/proftpd/auth.log AUTH auth

Enregistre les acc aux fichiers

LogFormat write “%h %l %u %t “%r” %s %b”

ExtendedLog /var/log/proftpd/access.log WRITE,READ write

Recupe le nom partir de l’ip de la machine de l’utilisateur ( resolution DNS )

IdentLookups on[/quote]

Les utilisateurs du serveur ftp sont gerer dans une base de donnée mysql

Sur le net j’ai rencontrer des personnes ayant le même problème et le faite de réinstaller le serveur a corriger le problème, malheureusement pas pour moi

J’ai cherché un peu plus en detail le probleme viendrais de 2 modules a savoir IfModule mod_quota.c et le module IfModule mod_ratio.c (en commentant c’est lignes le serveur demmarre)

Merci de votre aide

#2

En reecrivant EXACTEMENT la meme chose le serveur a reussi a demarrer je ne comprend plus :open_mouth:
en esperant que cela servent a d’autre.

En revanche je cherche a forcer l’authentification tls et refuser les connections par ftp et forcer la connection par ftps

quels sont les paramètres a rajouter pour forcer cela ?

Merci