init

Author: RootShell-coder

.github/workflows/docker.yml

@@ -0,0 +1,64 @@
+name: Build
+on:
+  push:
+    branches: ["master"]
+    paths:
+      - "docker-compose.yml"
+      - "docker/**"
+      - ".github/workflows/**"
+  pull_request:
+    branches: ["master"]
+    paths:
+      - "docker-compose.yml"
+      - "docker/**"
+      - ".github/workflows/**"
+
+env:
+  REGISTRY: ghcr.io
+  LATEST_TAG: ghcr.io/rootshell-coder/proftpd:latest
+  TRIVY_SECURITY: SECURITY.txt
+
+jobs:
+  build:
+    name: Publish to github registry
+    runs-on: [ubuntu-24.04]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: docker
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            ${{ env.LATEST_TAG }}
+
+  check:
+    needs: [build]
+    name: Check Trivy
+    runs-on: [ubuntu-24.04]
+    steps:
+      - uses: actions/checkout@v4
+      - name: Check Trivy
+        run: |
+          docker pull ${{ env.LATEST_TAG }}
+          docker run --rm ghcr.io/rootshell-coder/trivy-cached:latest image ${{ env.LATEST_TAG }} --skip-db-update > ${{ env.TRIVY_SECURITY }}
+
+      - name: Commit changes
+        uses: EndBug/add-and-commit@v9
+        with:
+          author_name: RootShell-coder
+          author_email: [email protected]
+          message: "trivy"
+          add: "*.txt"

.gitignore

@@ -0,0 +1 @@
+*build

Readme.md

@@ -0,0 +1,40 @@
+# Proftpd
+
+- The `mod_exec` module in ProFTPD allows the execution of external programs or scripts in response to various FTP commands such as STOR, RETR, QUIT, and others. This module is useful for integrating the FTP server with other systems or for performing arbitrary actions in response to user actions, such as uploading or downloading files.
+
+- The `mod_lang` module in ProFTPD allows you to configure support for different languages for messages displayed to the user when interacting with the FTP server. This module is used for localization and translation of standard error messages, warnings, and other text that is output to the client during FTP sessions.
+
+---
+
+## Environments
+
+PROFTPD_USER: "`<user>`:`<password>`:`<uid>`:`<gid>`"
+
+PROFTPD_MASQUERADE_ADDRESS: "`proftpd`" usually only the service name is enough
+
+PROFTPD_PASSIVE_PORTS: "`30000-30100`" FTP passive ports
+
+TZ: "`Europe/London`" Timezone
+
+LANG: "`en_GB.UTF8`" Locale
+
+LC_ALL: "`en_GB.UTF-8`"
+
+## Processing
+
+The `mod_exec` module actively uses the `processing` file. When the STOR event is triggered, it writes a `.mod_exec.test` file in the user's home directory with the following content: `127.0.0.1 user1 /home/user1/new file.txt STOR`. Configured in the `exec.conf` file.
+
+### exec.conf
+
+```conf
+<IfModule mod_exec.c>
+  ExecEngine on
+  ExecLog /var/log/proftpd/exec.log
+  ExecOnCommand STOR /usr/local/bin/processing %a %u %f %m %b
+</IfModule>
+
+```
+
+---
+
+Users are locked into their home directories with `Limit`, but this is not a `chroot` directory.

docker-compose.yml

@@ -0,0 +1,28 @@
+---
+volumes:
+  proftpd-home:
+    name: "proftpd-home"
+
+services:
+  proftpd:
+    image: "ghcr.io/rootshell-coder/proftpd:latest"
+    network_mode: "host"
+    volumes:
+      - "./docker/processing:/usr/local/bin/processing"
+      - "proftpd-home:/home:rw"
+    environment:
+      PROFTPD_USER: "user1:password1:1001:1001, user2:password2:1002:1002"
+      PROFTPD_MASQUERADE_ADDRESS: "proftpd"
+      PROFTPD_PASSIVE_PORTS: "30000-30100"
+      TZ: "Europe/Moscow"
+      LANG: "ru_RU.UTF8"
+      LC_ALL: "ru_RU.UTF-8"
+    restart: "always"
+    deploy:
+      resources:
+        limits:
+          cpus: "1.0"
+          memory: "1024M"
+        reservations:
+          cpus: "0.64"
+          memory: "512M"

docker/Dockerfile

@@ -0,0 +1,36 @@
+FROM alpine:latest
+
+RUN set -eux; \
+    apk add --no-cache \
+    shadow \
+    musl \
+    musl-locales-lang \
+    musl-utils \
+    musl-locales \
+    tzdata \
+    proftpd \
+    proftpd-mod_lang \
+    proftpd-mod_site_misc \
+    proftpd-mod_rewrite \
+    proftpd-mod_exec \
+    proftpd-mod_sftp \
+    proftpd-mod_unique_id \
+    proftpd-mod_readme \
+    proftpd-utils; \
+    mkdir -p /var/run/proftpd/; \
+    sed -i 's/ProFTPD Default Installation/ProFTPD/' /etc/proftpd/proftpd.conf; \
+    sed -i 's/^MultilineRFC2228/#MultilineRFC2228/' /etc/proftpd/proftpd.conf; \
+    sed -i '/^#MultilineRFC2228/a WtmpLog off' /etc/proftpd/proftpd.conf; \
+    sed -i '/^Port/a PassivePorts 30000 30100' /etc/proftpd/proftpd.conf; \
+    sed -i '/^DenyFilter/a MasqueradeAddress 127.0.0.1' /etc/proftpd/proftpd.conf; \
+    sed -i '/^MasqueradeAddress/a SysLogLevel error' /etc/proftpd/proftpd.conf; \
+    sed -i '/^SysLogLevel/a SystemLog /var/log/proftpd/proftpd.log' /etc/proftpd/proftpd.conf; \
+    sed -i '/^SystemLog/a TransferLog /var/log/proftpd/xfer.log' /etc/proftpd/proftpd.conf;
+
+ADD entrypoint /usr/bin/entrypoint
+ADD processing /usr/local/bin/processing
+ADD conf.d /etc/proftpd/conf.d
+RUN chmod +x /usr/bin/entrypoint
+
+EXPOSE 21
+ENTRYPOINT ["entrypoint"]

docker/conf.d/delay.conf

@@ -0,0 +1,3 @@
+<IfModule mod_delay.c>
+  DelayEngine on
+</IfModule>

docker/conf.d/exec.conf

@@ -0,0 +1,5 @@
+<IfModule mod_exec.c>
+  ExecEngine on
+  ExecLog /var/log/proftpd/exec.log
+  ExecOnCommand STOR /usr/local/bin/processing %a %u %f %m %b
+</IfModule>

docker/conf.d/lang.conf

@@ -0,0 +1,14 @@
+<IfModule mod_lang.c>
+  LangEngine on
+  UseEncoding on
+  LangDefault ru_RU
+  LangPath /usr/share/locale
+  UseEncoding utf8 cp1251
+
+<Directory /usr/share/locale/*>
+  <Limit READ>
+    AllowAll
+  </Limit>
+</Directory>
+
+</IfModule>

docker/conf.d/limit.conf

@@ -0,0 +1,11 @@
+<Directory />
+  <Limit ALL>
+    DenyAll
+  </Limit>
+</Directory>
+
+<Directory /home/%u>
+  <Limit ALL>
+      AllowUser %u
+  </Limit>
+</Directory>

docker/conf.d/sftp.conf

@@ -0,0 +1,10 @@
+<IfModule mod_sftp.c>
+  SFTPEngine off
+  # Port 2222
+  # SFTPLog /var/log/proftpd/sftp.log
+  # SFTPHostKey /etc/ssh/ssh_host_rsa_key
+  # SFTPHostKey /etc/ssh/ssh_host_dsa_key
+  # SFTPAuthMethods publickey
+  # SFTPAuthorizedUserKeys file:/etc/proftpd/authorized_keys/%u
+  # SFTPCompression delayed
+</IfModule>

docker/entrypoint

@@ -0,0 +1,39 @@
+#!/bin/sh
+
+if [ -z "${PROFTPD_USER}" ]; then
+    echo "The USER variable is not set or empty."
+    exit 1
+fi
+
+USER=$(echo "$PROFTPD_USER" | sed 's/[[:space:]]//g')
+users=$(echo "$USER" | tr ',' '\n')
+for user in $users; do
+    set -- $(echo "$user" | tr ':' ' ')
+    login=$1; password=$2; uid=$3; gid=$4
+    adduser --disabled-password --gecos "" --uid "$uid" "$login"
+    echo "$login:$password" | chpasswd
+      if [ ! -z "$gid" ]; then
+        addgroup --system "$gid" || true
+        adduser "$login" "$gid"
+      fi
+    usermod -aG proftpd "$login"
+done
+
+if [[ -n "${PROFTPD_PASSIVE_PORTS}" ]]; then
+  set -- $(echo "$PROFTPD_PASSIVE_PORTS" | tr '-' ' ')
+  sed -i "s/^PassivePorts.*$/PassivePorts $1 $2/" /etc/proftpd/proftpd.conf
+fi
+
+if [[ -n "${PROFTPD_MASQUERADE_ADDRESS}" ]]; then
+  sed -i "s/^MasqueradeAddress.*$/MasqueradeAddress ${PROFTPD_MASQUERADE_ADDRESS}/" /etc/proftpd/proftpd.conf
+fi
+
+if [[ -n "${LANG}" ]]; then
+  lang=$(echo "$LANG" | cut -d. -f1)
+  sed -i "s/LangDefault.*$/LangDefault $lang/" /etc/proftpd/conf.d/lang.conf
+fi
+
+chown proftpd:proftpd /usr/local/bin/processing > dev/null 2>&1
+chmod chmod a+x /usr/local/bin/processing > dev/null 2>&1
+
+/usr/sbin/proftpd -n -p /var/run/proftpd.pid -c /etc/proftpd/proftpd.conf

docker/processing

@@ -0,0 +1,3 @@
+#!/bin/sh
+set -eux
+echo "${1} ${2} ${3} ${4}" >> /home/${2}/.mod_exec.test