Created by
GEORGE LIU
last modified
| #!/bin/bash
###################################
# fix pure-ftpd bug in centmin mod
# missing pureftpd.passwd file
#
###################################
CNIP=$(ip route get 8.8.8.8 | awk 'NR==1 {print $NF}')
service pure-ftpd start
echo
echo "ensure TLS Cipher preference protects against poodle attacks"
sed -i 's/# TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3/TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3/' /etc/pure-ftpd/pure-ftpd.conf
if [[ ! "$(grep 'TLSCipherSuite' /etc/pure-ftpd/pure-ftpd.conf)" ]]; then
echo 'TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3' >> /etc/pure-ftpd/pure-ftpd.conf
fi
# fix default file/directory permissions
sed -i 's/Umask 133:022/Umask 137:027/' /etc/pure-ftpd/pure-ftpd.conf
# check if /etc/pure-ftpd/pureftpd.passwd exists
if [[ ! -f /etc/pure-ftpd/pureftpd.passwd || "$(stat --printf='%s' /etc/pure-ftpd/pureftpd.passwd)" = '0' ]]; then
MISSINGPASSWD=y
echo
echo "create /etc/pure-ftpd/pureftpd.passwd"
touch /etc/pure-ftpd/pureftpd.passwd
chmod 0600 /etc/pure-ftpd/pureftpd.passwd
pure-pw mkdb
fi
# generate /etc/pure-ftpd/pureftpd.pdb
if [ ! -f /etc/pure-ftpd/pureftpd.pdb ]; then
MISSINGPDB=y
echo
echo "generate /etc/pure-ftpd/pureftpd.pdb"
pure-pw mkdb
fi
# check tweaks were made
echo
echo "check tweaks in /etc/pure-ftpd/pure-ftpd.conf"
cat /etc/pure-ftpd/pure-ftpd.conf | egrep 'UnixAuthentication|VerboseLog|CreateHomeDir|TLS|PassivePortRange|TLSCipherSuite'
echo
if [ ! -f /etc/ssl/private/pure-ftpd.pem ]; then
echo
echo "generating self-signed ssl certificate..."
echo "FTP client needs to use FTP (explicit SSL) mode"
echo "to connect to server's main ip address on port 21"
sleep 2
# echo "just hit enter at each prompt until complete"
# setup self-signed ssl certs
mkdir -p /etc/ssl/private
openssl req -x509 -days 7300 -sha256 -nodes -subj "/C=US/ST=California/L=Los Angeles/O=Default Company Ltd/CN==$CNIP" -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
chmod 600 /etc/ssl/private/*.pem
openssl x509 -in /etc/ssl/private/pure-ftpd.pem -text -noout
echo
ls -lah /etc/ssl/private/
echo
echo "self-signed ssl cert generated"
fi
echo
echo "pure-ftpd installed"
service pure-ftpd restart
#csf -r
echo
echo "check /etc/pure-ftpd/pureftpd.passwd"
ls -lah /etc/pure-ftpd/pureftpd.passwd
echo
echo "check /etc/pure-ftpd/pureftpd.pdb"
ls -lah /etc/pure-ftpd/pureftpd.pdb
echo
echo "#########################################################################"
echo "# Fix completed"
echo "#########################################################################"
if [[ "$MISSINGPASSWD" = 'y' || "$MISSINGPDB" = 'y' ]]; then
echo "because /etc/pure-ftpd/pureftpd.passwd was missing, you will need to"
echo "manually re-create your pure-ftpd virtual FTP user accounts for existing"
echo "nginx vhost accounts using below 3 commands:"
echo
echo "where YOURUSERNAME = your FTP username"
echo "where YOURDOMAINNAME.com = your existing domain name Nginx vhost"
echo "#########################################################################"
echo "# 3 commands to manually re-create virtual FTP users"
echo "#########################################################################"
echo "
pure-pw useradd YOURUSERNAME -u nginx -g nginx -d /home/nginx/domains/YOURDOMAINNAME.com
pure-pw mkdb
service pure-ftpd restart"
fi
echo
|