1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
|
# This is an example fspd.conf file. Copy it and edit it to suit your tastes.
# Where you see a # in front of a configuration value it indicates that the
# value is commented out, (e.g. # conf .fspd.conf below). The text accompanying
# the entry will indicate what the value defaults to if it is commented out.
# The 'port' command specifies which port the fspd server is to listen too
# This is NOT needed if running under inetd, but otherwise is required.
# Standard port for FSP is 21, other popular ports are 2001 and 2000.
# Please run official FSP sites on port 21.
#
# If you want a random port from 1024 - 65535 range, set port to 65535
#
# ================================================================
# If you want to avoid detection by lamer security scanner nessus
# do not use ports: 21, 2000 and 2221.
# ================================================================
port 21
# Server can listen only on particular network interface
#listenaddress 192.168.1.2
# The 'packetsize' sets maximal data size which will send FSPD in one packet.
# FSP definition allows up to 1024 bytes of data (default value) and it is a
# recommended to use this value unless there is a reason to use a smaller one.
# If your fsp site eats too much bandwidth try smaller value.
#
# You could try larger values. Almost all networks today works with 1300
# and most with 1400. Larger values are possible, but FSP packet will be
# split into 2 or more IP packets which lowers reliability of file
# transfers.
#
# Packets > 1024 bytes are never send out unless client requests them.
#
# !!! If you change this value in 64-1024 range you must delete all
# prebuilded directory listings stored in .FSP_CONTENT files !!!
# packetsize 768
# The 'conf' command allows a global file to read local files so that
# multiple users at a site can use the same central fspd file.
#
# conf .fspd.conf
# The 'homedir' command tells the server where it's ROOT directory is.
# This directory must be given as an absolute path.
#
homedir /home/ftp
# 'homedir_restricted' off can allow symlinks which goes out of home
# directory.
homedir_restricted yes
# 'use_access_files' if server should check for special .FSP files
# in directory and set access rights acording to that.
# In most installation, yes is right. Use `no` if people can upload
# files starting with .FSP into fsp server homedir.
use_access_files yes
# 'permit_passwordless_owners' If server allow directory owners without
# any password only based on request IP. Because IP can be easily spoofed,
# it is recommended to require a password.
permit_passwordless_owners off
# The 'tmpdir' command controls where the server stores temporary files
# during upload or grab. You must have it or server will support
# read operations only. This can be absolute or relative path to home
# dir. Server will try to create it.
#
tmpdir /tmp/fsp
# The 'pidlogname command controls where we write the fspd pid.
pidlogname /var/run/fspd.pid
# The 'grabcommand' can turn grab command on or off.
grabcommand on
# The 'vercommand' can turn fver command on or off. All known FSP scanners
# are using this command for detection of FSP server presence.
# vercommand must be disabled for stealth operation. Yes, lamers sucks.
vercommand on
# The 'readme' commands specifies the name of the local readme file
# for each directory. If no readme command is given, the readme file
# defaults to .README
#
readme .message
# The 'dircache' command controls how much directories listings gets cached.
dircache 100
# 'use_prebuild_dirlists' allows to load/save prebuilded directories
# listing from filesystem. It is a good idea to allow that, because it
# helps server performance. Disable it only if you dislike .FSP_CONTENT
# file in every directory.
# Do not use on Win32 system!
#use_prebuild_dirlists yes
# The 'statcache' command controls how many directories are placed into
# stat cache. Cache contains last modified time and access rights.
statcache 30
# The 'statcache_timeout' command controls how long statcache entries are
# valid before directory gets re-examined by stat()
statcache_timeout 20
# 'use_directory_mtime'. If your filesystem changes mtime when directory
# is updated, set it to YES. If set to NO, directory will be rechecked
# after statcache_timeout and dircache entry invalidated.
# Do not use on Win32 system.
#use_directory_mtime yes
# The 'filecache' command controls maximal number of open files by server.
# After this limit will be reached, server will close last recently used files.
# This do not prevent any number clients from downloading, but file for each
# request must be opened first. Setting this lowers open/close overhead.
filecache 30
# The 'dumpfile' command tells the server where to log stats on SIGUSR1
# signal.
# It can be a relative path from the fspd home directory or an absolute
# path. it must include the filename.
dumpfile /var/log/fspd.stats
# The 'logfile' command tells the server where to log things if
# logging is enabled.
# It can be a relative path from the fspd home directory or an absolute
# path.
# it must include the filename.
#
logfile /var/log/fspd/fspd.log
# The 'log' command specifies the type of logging that should be performed.
# The log command takes the following options
# 'none' or any of 'all', '(!)errors', '(!)version', '(!)getdir',
# '(!)getfile', '(!)upload', '(!)install', '(!)delfile', '(!)deldir',
# '(!)setpro', '(!)getpro', '(!)makedir', '(!)grabfile',(!)readonly,
# '(!)stat', '(!)rename'.
# logging of 'all' will include logging of errors.
# for example:
# log all !errors -- will log all commands sent, but no error messages.
# log all !getdir -- will log all commands except getdir and all errors
# EXCEPT those that occured on a getdir command.
# log install getfile errors -- will log all install and getfile commands
# as well as any errors that occur on ONLY those commands.
# If no log command is given, logging will be turned of (same as 'log none')
#
log all !readonly
#The 'xferlog' command tells server where to use wuftpd compatible
#transfer log file. Loging substem currectly do not support
#recording of partial transfers.
xferlog /var/log/fspd/xferlog
# The 'thruput' command is used to specify the maximum average
# number of bytes per second that the server will transmit. Use
# 'thruput off' to specify no through put control. A negative value or
# zero will also shut off thruput control. If this command is not given,
# it acts like 'thruput off'
#
# thruput off
# The 'setuid' command is used to specify a specific uid under which the
# FSP server will run. Use 'setuid off' or 'setuid 0' in order to not
# attempt to perform a setuid. If this command is not given, it acts like
# 'setuid off'. Using setuid enables you to run the server as a specific
# user rather than as root, you may want to do this for security reasons.
# If you do this then ensure that the user id you assign to fspd has the
# necessary permissions to read and write from the directories you have
# assigned elsewhere in this configuration file.
#
# setuid off
# The 'setguid' command is similar to setuid, but sets a group.
# setguid off
# The 'umask' for uploaded files. Standard octal value.
# umask 0033
# The 'serverumask' is used when creating special access files.
# serverumask 0077
# The 'daemonize' command specifies whether the fspd should fork itself into
# the background when started up. The only acceptable values are 'on' or
# 'off'. If this command isn't given, it acts like 'daemonize on'.
#
# daemonize on
# The 'debug' command specifies whether the server should write debugging
# output to stderr while it is running. The only acceptable values are 'on'
# or 'off'. If this command is never given, it acts like 'debug off'.
#
# debug off
# The 'restricted' command specifies whether the server is run in restricted
# mode. In this case, only hosts enabled via the 'host' command will be
# able to connect. The only acceptable values for this command are 'on' or
# 'off'. If the command isn't given, it acts as 'restricted off'.
#
# restricted off
# The 'reverse_name' command specifies whether the server should refuse
# connections to sites that it cannot reverse lookup, that is it cannot
# turn the dotted decimal address (1.2.3.4) into a name (a.b.com). The
# only acceptable values for this command are 'on' or 'off'. If the
# command is not given, it acts like 'reverse_name off' by default.
#
# reverse_name off
# The 'read_only' command specifies whether the server should ignore any
# commands that would cause a 'write' action on the server. The commands
# that are refused by this are upload, install, mkdir, deldir, delfile,
# and setpro. The only acceptable values for this command are 'on' or 'off'.
# If the command is not given, it acts like 'read_only off'.
#
# read_only off
# The "host" command can be used to grant or restrict access on a per host
# or per group of host basis. You can configure the server to either ignore
# particular clients, treat them as normal, or to always return a particular
# message to those hosts. Each host configuration line looks as follows:
#
# host host_mask [host_type message]
#
# host_mask is either the full numeric or text name of a machine OR
# a wildcarded host mask. Wildcarded hostmasks look as follows:
#
# 128.4.*.*-128.8.*.* -- (* acts as the range 0 - 255)
#
# The above line would affect all hosts of the form 128.4.*.*, 128.5.*.*,
# 128.6.*.*, 128.7.*.* and 128.8.*.*.
#
# Host masking is only available with numeric hosts, not with text names.
#
# host_type is one of D, I, or N :
# I hosts are ignored
# N hosts are treated as normal
# D hosts will receive the error string message given as the third parameter
#
# If host_type isn't specified, the host is treated as ignored or normal
# depending on the value of restricted.
#
# The following line allows all RDG machines (134.225.*.*) access to a site:
#
# host 134.225.*.* N
#
# ... while the following would ignore all hosts from RDG:
#
# host 134.225.*.* I
#
# ... and the following would return an error message to them all:
#
# host 134.225.*.* D Sorry You Cannot Access This Site
# The "retry" command specifies time in sec, how much time must
# pass after new packet with the old KEY from client will be accepted
# FSP protocol definition says that must be at least 3 secs, but you
# can set this to shorter time and allow faster error recovery. It is
# higly recommended to keep it at least 3 seconds.
# retry 3
# The "timeout" command specifies how much time must pass after new
# packet with wrong KEY number is accepted. FSP definition sets this
# to 60 seconds. You can set it to lower value for faster clients
# recovery (about 20 sec is fine).
# timeout 60
|
