Created by GEORGE LIU last modified 2015-03-31
      #!/bin/bash
###################################
# fix pure-ftpd bug in centmin mod
# missing pureftpd.passwd file
# 
###################################
CNIP=$(ip route get 8.8.8.8 | awk 'NR==1 {print $NF}')

service pure-ftpd start
echo    
echo "ensure TLS Cipher preference protects against poodle attacks"

sed -i 's/# TLSCipherSuite           HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3/TLSCipherSuite           HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3/' /etc/pure-ftpd/pure-ftpd.conf

if [[ ! "$(grep 'TLSCipherSuite' /etc/pure-ftpd/pure-ftpd.conf)" ]]; then
    echo 'TLSCipherSuite           HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3' >> /etc/pure-ftpd/pure-ftpd.conf
fi

# fix default file/directory permissions
sed -i 's/Umask                       133:022/Umask                       137:027/' /etc/pure-ftpd/pure-ftpd.conf

# check if /etc/pure-ftpd/pureftpd.passwd exists
if [[ ! -f /etc/pure-ftpd/pureftpd.passwd || "$(stat --printf='%s' /etc/pure-ftpd/pureftpd.passwd)" = '0' ]]; then
    MISSINGPASSWD=y
    echo
    echo "create /etc/pure-ftpd/pureftpd.passwd"
    touch /etc/pure-ftpd/pureftpd.passwd
    chmod 0600 /etc/pure-ftpd/pureftpd.passwd
    pure-pw mkdb
fi

# generate /etc/pure-ftpd/pureftpd.pdb
if [ ! -f /etc/pure-ftpd/pureftpd.pdb ]; then
    MISSINGPDB=y
    echo
    echo "generate /etc/pure-ftpd/pureftpd.pdb"
    pure-pw mkdb
fi

# check tweaks were made
echo
echo "check tweaks in /etc/pure-ftpd/pure-ftpd.conf"
        cat /etc/pure-ftpd/pure-ftpd.conf | egrep 'UnixAuthentication|VerboseLog|CreateHomeDir|TLS|PassivePortRange|TLSCipherSuite'
echo

if [ ! -f /etc/ssl/private/pure-ftpd.pem ]; then
    echo
    echo "generating self-signed ssl certificate..."
    echo "FTP client needs to use FTP (explicit SSL) mode"
    echo "to connect to server's main ip address on port 21"
    sleep 2
    # echo "just hit enter at each prompt until complete"
    # setup self-signed ssl certs
    mkdir -p /etc/ssl/private
    openssl req -x509 -days 7300 -sha256 -nodes -subj "/C=US/ST=California/L=Los Angeles/O=Default Company Ltd/CN==$CNIP" -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
    chmod 600 /etc/ssl/private/*.pem
    openssl x509 -in /etc/ssl/private/pure-ftpd.pem -text -noout
    echo 
    ls -lah /etc/ssl/private/
    echo
    echo "self-signed ssl cert generated"
fi

echo            
echo "pure-ftpd installed"
service pure-ftpd restart
#csf -r

echo
echo "check /etc/pure-ftpd/pureftpd.passwd"
ls -lah /etc/pure-ftpd/pureftpd.passwd

echo
echo "check /etc/pure-ftpd/pureftpd.pdb"
ls -lah /etc/pure-ftpd/pureftpd.pdb

echo 
echo "#########################################################################"
echo "# Fix completed"
echo "#########################################################################"
if [[ "$MISSINGPASSWD" = 'y' || "$MISSINGPDB" = 'y' ]]; then
    echo "because /etc/pure-ftpd/pureftpd.passwd was missing, you will need to"
    echo "manually re-create your pure-ftpd virtual FTP user accounts for existing"
    echo "nginx vhost accounts using below 3 commands:"
    echo
    echo "where YOURUSERNAME = your FTP username"
    echo "where YOURDOMAINNAME.com = your existing domain name Nginx vhost"

    echo "#########################################################################"
    echo "# 3 commands to manually re-create virtual FTP users"    
    echo "#########################################################################"
    echo "
    pure-pw useradd YOURUSERNAME -u nginx -g nginx -d /home/nginx/domains/YOURDOMAINNAME.com
    pure-pw mkdb
    service pure-ftpd restart"
fi

echo

    
Comments (0)

HTTPS
SSH
You can clone a snippet to your computer for local editing. Learn more.
Snippets

GEORGE LIU pure-ftpd vritual user fix for centminmod.com April 1, 2015

Comments (0)
