added ftp settings
-
Yes the reason is security. The default welcome message is better to avoid providing information about the implementation and connections ARE limited by default. What this proposal is doing, is to increase the limit from 50 simultaneous clients (default pure-ftpd limit) to 128. Please note that cPanel has a default limit of 100 clients. The limit of 16 clients per IP is to avoid a DoS attack of the same IP address.
-
I don't think, that it's increase the security if you hide the host and/or ip. Without such informations in your welcome-message you never know if you connected to the right server. You can adjust anything on your own server because most of the files are not changed with the functions used by the installer or updated. Your "personal secure" changes will affected all servers running ispconfig.
-
The SQL modes that are supported by ISPConfig are no mode setting (empty) or the mode 'NO_ENGINE_SUBSTITUTION', that's whet the check "if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') {" is doing.
your code:
if(!strpos($check_sql_mode['@@sql_mode'],'NO_ENGINE_SUBSTITUTION')) {
has a completely different meaning, it will e.g. show the message when no mode is set and also when other modes beside NO_ENGINE_SUBSTITUTION are set.
It might be that we can add additional modes beside the originally supported 2 ones in ispconfig 3.1 due to the use of the new mysql lib, but this must be tested on all supported distributions and versions first. In any case, the message should not be issued when there is no mode setting. There were some issues about the modes lately but I don't remember what it was, maybe Florian remembers?
-
Regarding FTP settings, I have no problem to set some more defaults for pure-ftpd but normally we leave that up to the admin as ispconfig is used from small vm servers up to large clusters with thousands of clients, so any default that you set in the installer is most likely wrong. But we can set these things, just ensure to not be set them on update as admins as this would break many systems. You can ensure that e.g. by wrapping the code that sets the new defaults into:
if($this->is_update != true) {
}
edit: off course != true .
Edited by Till Brehm -
Hi Florian, i agree that to hide the hostname would not increase the security. Please note, that these settings hide other information.
Before: Reply: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- Reply: 220-You are user number 8 of 100 allowed. Reply: 220-Local time is now 12:23. Server port: 21. Reply: 220-This is a private system - No anonymous login Reply: 220 You will be disconnected after 15 minutes of inactivity. After: Reply: 220-Welcome Reply: 220 This is a private system - No anonymous login
Edited by Oliver -
Hi @tbrehm your comments were implemented :D
-
this includes fix like merge request !480 (closed)