Añadida configuración de vsftpd

2025-12-08 22:33:19 +01:00
parent 472e9de5d9
commit e610a0902e
1 changed files with 78 additions and 0 deletions
@@ -0,0 +1,78 @@
+# ================= Core =================
+listen=YES
+listen_ipv6=NO
+anonymous_enable=NO
+local_enable=YES
+write_enable=YES
+use_localtime=YES
+dirmessage_enable=YES
+
+# Lista blanca de usuarios permitidos
+userlist_enable=YES
+userlist_deny=NO
+userlist_file=/etc/vsftpd.userlist
+
+# Ocultar UIDs/GIDs en listados
+hide_ids=YES
+
+
+# ================= Logs =================
+xferlog_enable=YES
+xferlog_file=/var/log/vsftpd.log
+log_ftp_protocol=YES
+dual_log_enable=YES
+
+
+# ================= TLS =================
+ssl_enable=YES
+allow_anon_ssl=NO
+force_local_logins_ssl=YES
+force_local_data_ssl=YES
+
+ssl_sslv2=NO
+ssl_sslv3=NO
+ssl_tlsv1=NO
+# ssl_tlsv1_1=NO
+# ssl_tlsv1_2=YES
+# ssl_tlsv1_3=YES
+
+# Algunos clientes antiguos fallan con reuse
+require_ssl_reuse=NO
+
+# Cifrados fuertes
+ssl_ciphers=HIGH:!aNULL:!MD5:!3DES:@STRENGTH
+# ssl_ciphersuites=TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+
+rsa_cert_file=/etc/ssl/private/cloudflare.pem
+rsa_private_key_file=/etc/ssl/private/cloudflare.pem
+
+
+# ================= Data connections =================
+pasv_enable=YES
+port_enable=NO
+pasv_min_port=40000
+pasv_max_port=45000
+# pasv_address=ftp.midominio.tld
+# pasv_addr_resolve=YES
+
+
+# ================= Límites / timeouts =================
+max_per_ip=10
+max_clients=50
+idle_session_timeout=300
+data_connection_timeout=60
+async_abor_enable=YES
+
+
+# ================= Seguridad de proceso =================
+one_process_model=NO
+# seccomp_sandbox=YES
+
+
+# ================= Compatibilidad =================
+pam_service_name=vsftpd
+utf8_filesystem=YES
+
+
+# ================= Legacy desactivado =================
+connect_from_port_20=NO