2.7.3 -> 2.8.0 (ap) 2017-03-04 ------------------------------ - Status stable 2.7.2 -> 2.7.3 (ap) 2017-02-09 ------------------------------ - Status still testing - Changed software version pure-ftpd from version 1.0.44 to 1.0.45 - Changed requirements base 2.7.9 is required libmysql 2.10.2 is required libssl 2.6.14 is required 2.7.1 -> 2.7.2 (ap) 2017-01-31 ------------------------------ - Status still testing - Changed software version pure-ftpd from version 1.0.43 to 1.0.44 - Changed requirements base 2.7.8 is required libmysql 2.10.1 is required - The default certificate pure-ftpd.pem will no longer be included in the package. You have to create your own certificate using the certs package. - Empty directory /etc/pure-ftpd will now be deleted on uninstall. 2.7.0 -> 2.7.1 (ap) 2016-09-30 ------------------------------ - Status still testing - Changed certs path to /var/certs/ssl/certs. Now package certs can be installed without problems even if package pure-ftpd is already installed. Messages like Saving erroneous directory to /usr/local/ssl.YYYY-MM-DD-HH:MM:SS ... Please check its content and remove it afterwards! should no longer appear because of package pure-ftpd. - Changed requirements base 2.7.5 is required libssl 2.6.11 is required 2.6.0 -> 2.7.0 (ap) 2016-08-22 ------------------------------ - Status testing - Changed software version pure-ftpd from version 1.0.42 to 1.0.43 - added lost support for .expert file See xinetd documentation for use of .expert files 2.5.0 -> 2.6.0 (ap) 2016-06-03 ------------------------------ - Status stable 2.4.0 -> 2.5.0 (ap) 2016-04-16 ------------------------------ - Status testing - Changed LOCALSTATEDIR from /var/run to /run in /usr/sbin/pure-ftpd /usr/sbin/pure-ftpwho /usr/sbin/pure-uploadscript Changed location of PID files from /var/run to /run in /etc/init.d/pure-ftpd Because of the existing link /var/run -> ../run this change is upward compatible - Optmized handling of links using readlink in /var/install/config.d/pure-ftpd-update.sh and /var/install/config.d/pure-ftpd.sh - Changed /var/install/config.d/pure-ftpd-update.sh to use backup_config instead of backup-file to keep user files like /etc/config.d/pure-ftpd.OPT_CONFIG - Changed /etc/init.d/xinetd restart to /etc/init.d/xinetd reload in /etc/init.d/pure-ftpd This is sufficient to take effect of configuration changes if PURE_FTPD_START_METHOD='xi' is used. - Configuration changes including reload of configuration will only be done if /etc/init.d/pure-ftpd is called, NOT if running as /etc/rc?.d/???pure-ftpd - No modification of /etc/xinetd.d/ftp when stopping pure-ftpd. - Change of /var/install/config.d/pure-ftpd.sh When setting PURE_FTPD_START_METHOD='xi' a check is performed, if START_XINETD is set to 'yes' and /usr/sbin/xinetd is really running. - Modified /etc/init.d/pure-ftpd to make shure pure-ftpd is stopped, when a stale pid file is found. 2.3.1 -> 2.4.0 (ap) 2016-03-02 ------------------------------ - Status stable - Modified /etc/init.d/pure-ftpd to detect stale pid files. - Enhanced / corrected documentation 2.3.0 -> 2.3.1 (ap) 2016-02-22 ------------------------------ - Status testing - If PURE_FTPD_TLS is not set to '0' the .pem file will be checked. It has to exists and it has to contain a DH PARAMETERS section. If the file does not exists or the file does not contain a DH PARAMETERS section the PURE_FTPD_TLS setting will be ignored. - New configuration variable PURE_FTPD_FSCHARSET. Using PURE_FTPD_FSCHARSET you can select the character set of the filesystem. PURE_FTPD_FSCHARSET='auto' selects it automatically. The server filesystem can use a different charset than the charset assumed by clients, and pure-ftpd translates file names through the iconv library. Filezilla and lftp support this feature, in contrast the standard ftp client program does not. (Notice of Detlef Paschke) - Start and stop of pure-uploadscript was enhanced. Unnecessary stops are avoided. (Notice of Marcus Roeckrath) 2.2.0 -> 2.3.0 (ap) 2016-02-12 ------------------------------ - Status testing - Changed software version pure-ftpd from version 1.0.36 to 1.0.42 - Menu item "Create new certificate for Pure-FTPd" removed from menue "Pure-FTPd tools". Please use the standard delivered with the Certs package to create a server certificate. - New configuration variable PURE_FTPD_CERTIFICATE. - The pure-ftpd package contains a default certificate pure-ftpd.pem. Using the new configuration variable PURE_FTPD_CERTIFICATE you can select an other certificate. If a certificate with a name not equal to pure-ftpd.pem is selected, a link called pure-ftpd.pem pointing to the selected certificate will be created. The certificate has to contain a DH PARAMETERS section. 2.0.2 -> 2.2.0 (hbfl) 2014-06-09 -------------------------------- - New compiled with GLibC-2.11.3 2.0.1 -> 2.0.2 (ap) 2014-06-04 ------------------------------ - changed variable PURE_FTPD_LIMIT to PURE_FTPD_PARTITION_FILL_LIMIT (Stefan Welte) 2.0.0 -> 2.0.1 (hbfl) 2013-05-27 -------------------------------- - Errors in install.sh and pure-ftpd.ext corrected. (Ansgar Puester) 1.18.0 -> 2.0.0 (hbfl) 2013-03-11 --------------------------------- - added utf8 support 1.17.0 -> 1.18.0 (hbfl) 2012-10-21 ---------------------------------- - status stable 1.16.2 -> 1.17.0 (hbfl) 2012-10-07 ---------------------------------- - status testing - update Pure-FTPd to version 1.0.36 - sysconfdir now /etc/pure-ftpd - Pure-FTPd supports PostgreSQL (--with-pqsql) - Added function to list Pure-FTPd User 1.16.1 -> 1.16.2 (ap) 2012-07-16 -------------------------------- - modification / correction on documentation - corrected PURE_FTPD_VIRTUAL_USERS_#_HOME - corrected generation of /etc/check.d/pure-ftpd - changed author - added missing elements to help file 1.16.0 -> 1.16.1 (hbfl) 2012-07-03 ---------------------------------- - Corrected typo in generation of pure-ftpd.ext (Heiko Siek) 1.15.7 -> 1.16.0 (hbfl) 2012-06-30 ---------------------------------- - Separation from the inet package Complete revised version To use the setup of pureftpd from the inet package update inet to version 1.16.0 bevor installing Pure-FTPd 1.16.0 - added to configuration PURE_FTPD_VIRTUAL_SERVER_%_NAME Name of virtual server. Only for documentation purpose. PURE_FTPD_VIRTUAL_SERVER_%_ACTIVE Activate virtual server 'yes' or 'no' 1.15.6 -> 1.15.7 ---------------- - global modifications -------------------- - changed software versions openssh from version 5.9p1 to 6.0p1 telnet from version 1.8 to 1.9.1 (inetutils_1.9.1) telnetd from version 1.8 to 1.9.1 (inetutils_1.9.1) tftpd from version 0.51 to 0.52 1.15.5 -> 1.15.6 ---------------- - global modifications -------------------- - changed software versions pureftpd from version 1.0.34 to 1.0.35 - modifications for pure-ftpd --------------------------- If necessary the following libraries will be installed usr/lib/libssp.so.0.0.0 usr/lib/libssp_nonshared.a and the following links will be created usr/lib/libssp.so usr/lib/libssp.so.0 1.15.4 -> 1.15.5 ---------------- - global modifications -------------------- - changed software versions openssh from version 5.8p2 to 5.9p1 pureftpd from version 1.0.32 to 1.0.34 - modifications for sshd ---------------------- sftp-server moved from /sbin to /usr/local/libexec - modifications for pure-ftpd --------------------------- A bug that occurs when changing FTP VIRTUAL SERVER was corrected. 1.15.3 -> 1.15.4 ---------------- - global modifications -------------------- - changed software versions pureftpd from version 1.0.30 to 1.0.32 tftpd from version 0.50 to 0.51 telnet from version 1.4.2 to 1.8 (inetutils_1.8) telnetd from Version 0.17 to 1.8 (inetutils_1.8) - telnet and telnetd now from inetutils_1.8 File /etc/xinetd.d/telnet modified - /usr/lib/telnetlogin will be deleted 1.15.2 -> 1.15.3 ---------------- - global modifications -------------------- - changed software versions openssh from version 5.8p1 to 5.8p2 1.15.1 -> 1.15.2 ---------------- - global modifications -------------------- - changed software versions pureftpd from version 1.0.29 to 1.0.30 - modifications for pure-ftpd --------------------------- FTP_TLS allowes value 3. FTP_TLS '3' cleartext sessions are refused and only SSL/TLS compatible clients are accepted. Clear data connections are also refused, so private data connections are enforced. 1.15.0 -> 1.15.1 ---------------- - global modifications -------------------- - changed software versions openssh from version 5.6p1 to 5.8p1 - Support for ECE (Eisfair-Configuration-Editor) was advanced. - The documentation was revised, an invalid URL was removed. - modifications for sshd ---------------------- SSH_ALLOW_GROUP_% and SSH_DENY_GROUP_% can now be entered via ECE in a correct way. Keyfiles /etc/ssh_host_ecdsa_key /etc/ssh_host_ecdsa_key.pub for key exchange via Elliptic Curve Diffie-Hellman (ECDH) and the Elliptic Curve Digital Signature Algorithm (ECDSA) to sign a key will by created, if not already existing. Files /usr/local/libexec/ssh-keysign /usr/local/libexec/ssh-pkcs11-helper are added. - modifications for pure-ftpd --------------------------- FTP_VIRTUAL_SERVER_%_IP must not be empty. This will now be checked and can now correctly be selected using ECE. 1.14.0 -> 1.15.0 ---------------- - global modifications -------------------- - Extended support for ECE (Eisfair-Configuration-Editor). A number of variables can now be set by using list boxes. - Because of a incompatibility between ECE and webconf some help texts have to be generated twice. - modifications for xinetd ------------------------ The option -reuse was removed. The REUSE flag is deprecated. All services now implicitly use the REUSE flag. The -reuse option and the REUSE flag are now silently ignored. - modifications for sshd ---------------------- - The OpenSSH configuration variable UsePAM will be set to no if SSH_PASSWDAUTH was set to 'no'. This is a correction for a modification done in version 1.11.3. - modifications for pure-ftpd --------------------------- - configuration variable FTP_NONANONYMOUS_IP added FTP_NONANONYMOUS_IP Allow non-anonymous FTP access only on this specific local IP address. All other IP addresses are only anonymous. - added configuration variables for Virtual servers Using Virtual servers is a convenient way of hosting several FTP sites on the same computer. Using Virtual servers you are able to configure different directories for user anonymous for the different IP addresses. Without this confuguration all users anonymous from all IP addresses use /home/ftp. FTP_ENABLE_VIRTUAL_SERVER Enable Virtual servers 'yes' or 'no'. Default FTP_ENABLE_VIRTUAL_SERVER='no'. FTP_VIRTUAL_SERVER_N Number of Virtual servers. FTP_VIRTUAL_SERVER_%_IP IP-Address of the Virtual server. FTP_VIRTUAL_SERVER_%_DIR Directory for user anonymous for this IP-Address 1.13.0 -> 1.14.0 ---------------- - global modifications -------------------- - changed version from 1.13.0 to 1.14.0 - changed status from testing to stable - corrected typos in releasenotes 1.12.0 -> 1.13.0 ---------------- - global modifications -------------------- - changed version from 1.12.0 to 1.13.1 - changed status from stable to testing - changed software versions openssh from version 5.5p1 to 5.6p1 - add_user for User sshd is called without option -l [Request of Holger Bruenjes] 1.11.4 -> 1.12.0 ---------------- - global modifications -------------------- - changed version from 1.11.4 to 1.12.0 - changed status from testing to stable - corrected typos in releasenotes 1.11.3 -> 1.11.4 ---------------- - global modifications -------------------- - changed version from 1.11.3 to 1.11.4 - inet 1.11.4 requires base version 1.6.7 - changed software versions openssh from version 5.4p1 to 5.5p1 pureftpd from version 1.0.27 to 1.0.29 - modifications for pure-ftpd --------------------------- - obsolete configure option --with-largefile removed - pure-ftpd is configured with option --with-cookie - configuration variable FTP_WELCOMEFILE added FTP_WELCOMEFILE Filename that contains Welcome Message. The contents of this file will be displayed instead of ---------- Welcome to Pure-FTPd ---------- The file has to exist and has to have access rights 644. If the content of the file will be changed while Pure-FTPd is running the new contents will be displayed. If the file will be deleted the standard message will be displayed. 1.11.2 -> 1.11.3 ---------------- - global modifications -------------------- - changed version from 1.11.2 to 1.11.3 - inet 1.11.3 requires base version 1.6.6 - because library libwrap is contained in base version 1.6.6 the dependency to library libwrap was removed - replaced /etc/pam.d/sshd according the guidelines of Holger Bruenjes - modifications for sshd ---------------------- - configuration variable SSH_USEPAM was removed SSH_USEPAM will implicit set to 'yes'. This is required because only PAM supports long passwords. The long password functionality was introduces with base version 1.6.6 The dependency SSH_USEPAM to SSH_PASSWDAUTH is no longer required. - modifications for pure-ftpd --------------------------- - configuration variable FTP_USE_PAM was removed FTP_USE_PAM will implicit set to 'yes'. This is required because only PAM supports long passwords. The long password functionality was introduces with base version 1.6.6 - replaced /etc/pam.d/pure-ftpd according the guidelines of Holger Bruenjes 1.11.1 -> 1.11.2 ---------------- - global modifications -------------------- - changed version from 1.11.1 to 1.11.2 - changed software versions openssh from version 5.3p1 to 5.4p1 - insert eisfair-1 in /var/install/packages/inet 1.11.0 -> 1.11.1 ---------------- - global modifications -------------------- - changed version from 1.11.0 to 1.11.1 - modifications for pure-ftpd --------------------------- - Check if kernel supports IPv6 was dropped. Parameter '-6' will not more be added to the parameterlist of pure-ftpd. Adding '-6' lead to a problem when using eisfair1 under eisXen. If you need IPv6 support set FTP_ADD_ARGS='-6'. [Thanks to Torsten K�stel] - modifications for sshd ---------------------- - New configuration variable SSHD_MAN_CONFIG If SSHD_MAN_CONFIG='yes' is set no automatic modifications will be done to file /etc/sshd_config. The user is responsible to create a valid config file /etc/sshd_config. [Request of H.D.Oezbilen] This facility was already implemented but was not available using the eisfair configuration layer. 1.10.1 -> 1.11.0 ---------------- - global modifications -------------------- - changed version from 1.10.1 to 1.11.0 - changed software versions pureftpd from version 1.0.21 to 1.0.27 openssh from version 4.7p1 to 5.3p1 tftpd from version 0.48 to 0.50 1.10.0 -> 1.10.1 ---------------- - global modifications -------------------- - changed version from 1.10.0 to 1.10.1 - changed software versions openssh from version 4.6p1 to 4.7p1 1.9.0 -> 1.10.0 --------------- - global modifications -------------------- - changed version from 1.9.0 to 1.10.0 - changed status from testing to stable - corrected typos in releasenotes 1.8.3 -> 1.9.0 -------------- - global modifications -------------------- - changed version from 1.8.3 to 1.9.0 - changed status from stable to testing - required eisfair base version changed to 1.3.2 - required libssl version changed to 1.2.5 (OpenSSL 0.9.8e) - changed software versions openssh from version 4.5p1 to 4.6p1 - modifications for sshd ---------------------- - enhanced configuration checking If SSH_PASSWDAUTH is set to 'no' SSH_USEPAM had to be set to 'no' too. If this was not done login with password was still possible. A new check was included, showing the message "SSH_PASSWDAUTH='no' requires SSH_USEPAM='no'" if required. - security enhancement If the use of Subsystem sftp was prohibited by setting SSH_ENABLE_SFTP='no', tools like FileZilla and WinSCP could bypass this by starting /sbin/sftp-server directly. Now sftp is delivered as /sbin/sftp-server.subsystem and only if SSH_ENABLE_SFTP='yes' is set an appropriate link /sbin/sftp-server -> /sbin/sftp-server.subsystem will be created. Attention: If you choose protocols like 'SFTP (allow SCP fallback)' or 'SCP' when using WinSCP, this simulates the existence of sftp and will (unfortunately?) still work. Tools that meet standards, like the Linux command line sftp had no impact on this, but reported an error like "Request for subsystem 'sftp' failed on channel 0" if SSH_ENABLE_SFTP was set to 'no'. - modifications for pure-ftpd --------------------------- - The documentation for the options FTP_USER_BANDWIDTH and FTP_ANONYMOUS_BANDWIDTH was wrong and both options could be set at the same time. FTP_USER_BANDWIDTH (option -T of pure-ftpd) and FTP_ANONYMOUS_BANDWIDTH (option -t of pure-ftpd) can't be used simultaneously because pure-ftpd stores the values in one set of variables. Witch option is used depends upon the order of the appearance of the two options on the command line. The values of the last option overwrites the values of the preceding option. Rules : FTP_USER_BANDWIDTH enables bandwidth throttling for Unix users, user anonymous and virtual users (if there are no special settings using pure-pw usermod). FTP_ANONYMOUS_BANDWIDTH enables bandwidth throttling only for user anonymous. It is no longer possible to set FTP_USER_BANDWIDTH and FTP_ANONYMOUS_BANDWIDTH. The documentation in /inet/etc/config.d and the package documentation have been changed. 1.8.2 -> 1.8.3 -------------- - global modifications -------------------- - changed version from 1.8.2 to 1.8.3 - changed software versions tftpd from version 0.43 to 0.48 - modifications for xinetd ------------------------ Service files in directory /etc/xinetd.d will be generated only if they contain elements of .expert files or if a .expert file for this service exists. Up to version 1.8.2 the service files were unnecessarily generated every time xinetd was started. 1.8.1 -> 1.8.2 -------------- - global modifications -------------------- - changed version from 1.8.1 to 1.8.2 - changed software versions tftpd from version 0.42 to 0.43 - enhanced documentation of SSH_PUBLIC_KEY_N Thanks to Jean Wolter. 1.8.0 -> 1.8.1 -------------- - global modifications -------------------- - changed version from 1.8.0 to 1.8.1 - changed software versions openssh from Version 4.4p1 to 4.5p1 1.7.3 -> 1.8.0 -------------- - global modifications -------------------- - changed version from 1.7.3 to 1.8.0 - changed status from testing to stable - corrected typos in releasenotes 1.7.2 -> 1.7.3 -------------- - global modifications -------------------- - A stupid error (wrong sequence removing/creating group and user) when changing UID/GUID of User/Group sshd was corrected. - When processing .expert files a message like "processing .expert" is displayed. 1.7.1 -> 1.7.2 -------------- - global modifications -------------------- - changed software versions openssh from Version 4.3p2 to 4.4p1 Because openssh Version 4.4p1 always checks if user sshd exists, user sshd and group sshd will be created during installation of package inet. Before inet version 1.7.2 this was only done if UsePrivilegeSeparation was set to yes (SSH_ENABLE_PRIV_SEPARATION). Up to inet version 1.7.2 UID and GID 27 was used. This does not conform to eisfair standard. Now UID 65 and GID 71 will be used. Existing user and group with wrong ID will be deleted an recreated with correct IDs. 1.7.0 -> 1.7.1 ------------- - global modifications -------------------- - recompiled pure-ftpd and openssh because of change to OpenSSL 0.9.8c 1.6.3 -> 1.7.0 -------------- - global modifications -------------------- - changed software versions tftpd from version 0.41 to 0.42 openssh 4.3p2 recompiled and relinked with OpenSSL 0.9.8b - corrected typo in /etc/init.d/inet_shlib - modifications for pure-ftpd --------------------------- - pure-ftpd is configured with --with-mysql - new default for START_FTP is 'no' - Check if kernel supports IPv6 is done and, if required, parameter '-6' is added to the parameterlist of pure-ftpd (See: http://linuxreviews.org/howtos/networking/IPv6-LinuxHowto/en/c719.html#AEN728) - modifications for sshd ---------------------- - corrected awful bug in /etc/init.d/sshd Procedure validate_sshd_config scrambled /etc/sshd_config when checking SSH_LISTEN_ADDR_N and SSH_LISTEN_ADDR_#. Thanks to Christian Treczoks. - changed creation of file /root/.ssh/authorized_keys If a newline is missing at the end of a key file (SSH_PUBLIC_KEY_#) the missing newline will be added. - modifications for xinetd ------------------------ - Implemented handling of .expert files. If a file named .expert (e.g. ftp.expert) exists in directory /etc/xinetd.d, this file is included into the original service file . The following example shows what happens. Original file /etc/xinetd.d/ftp service ftp { server = /usr/sbin/pure-ftpd server_args = -l unix -A -E -k 95% -I 15 -c 20 -S 21 socket_type = stream protocol = tcp wait = no user = root disable = no } Expert file /etc/xinetd.d/ftp.expert per_source = 2 only_from = 192.168.1.11 Resulting file /etc/xinetd.d/ftp service ftp { #B Expert per_source = 2 only_from = 192.168.1.11 #E Expert server = /usr/sbin/pure-ftpd server_args = -l unix -A -E -k 95% -I 15 -c 20 -S 21 socket_type = stream protocol = tcp wait = no user = root disable = no } File /etc/xinetd.d/ftp.expert is included into /etc/xinetd.d/ftp after the opening brace but before the original contents of /etc/xinetd.d/ftp. Two special comment lines are added #B Expert #E Expert See: http://www.die.net/doc/linux/man/man5/xinetd.conf.5.html for a description of xinetd configuration files. The above example limits ftp access to only one IP-Address (only_from = 192.168.1.11) and in addition limits the number of connections per source to 2 (per_source = 2). Attention: Be careful with this expert option, because you may create erroneous configuration files. Have a look to /var/log/messages whether xinetd starts up with success. Dont modify the two special comment lines. They are important to remove/change the expert options if you remove/change the .expert file. Handling of .expert files is done every time xinetd is started (e.g. /etc/init.d/xinetd start). .expert files follow an idea from Tobias Becker. 1.6.2 -> 1.6.3 -------------- - global modifications -------------------- - changed software versions pureftpd from version 1.0.20 to 1.0.21 1.6.1 -> 1.6.2 -------------- - global modifications -------------------- - changed software versions openssh from version 4.3p1 to 4.3p2 1.6.0 -> 1.6.1 -------------- - global modifications -------------------- - changed software versions openssh from version 4.2p1 to 4.3p1 - fixed typo in /var/install/config.d/inet_update.sh 1.5.5 -> 1.6.0 -------------- - global modifications -------------------- - changed version from 1.5.5 to 1.6.0 - changed status from testing to stable 1.5.4 -> 1.5.5 -------------- - global modifications -------------------- - Package inet now requires at least base version 1.1.5. - changed software versions zlib from version 1.2.2 to 1.2.3 openssh from version 4.1p1 to 4.2p1 openssl from version 0.9.7g to 0.9.8a xinetd from version 2.3.13 to 2.3.14 tftpd from version 0.40 to 0.41 - removed use of obsolete variable ECHO_MODE from /etc/init.d/inet_shlib /etc/init.d/pure-ftpd /etc/init.d/sshd /etc/init.d/xinetd - removed bad line from /var/install/menu/setup.services.inet.menu - corrected error in /var/install/deinstall/inet menu entry was not removed on deinstall - fixed problem with ACLs in /tmp/install.sh procedure verify_host_keys - changed /var/install/packages/inet libwrap as not as - The following configuration was not handled correctly START_SSH='no' but SSHD_START_METHOD='xi' and START_FTP='no' but FTP_START_METHOD='xi' sshd and pure-ftpd where available through xinetd This bug has been corrected. - modifications for sshd ---------------------- - All programs coming from OpenSSH are now using the shared library libcrypto.so.0.9.8 instead of the static library libcrypto.a. This saves a lot of space (about 3 MB on disk and about 1 MB for inet.tar.gz). 1.5.3 -> 1.5.4 -------------- - global modifications -------------------- - Package inet now requires at least base version 1.1.1. Package inet now requires libwrap7-6 - menu format was changed to the new XML format obsolte shell scripts removed - changed software versions zlib from version 1.2.1 to 1.2.2 openssh from version 3.9p1 to 4.1p1 openssl from version 0.9.7e to 0.9.7g - the following libraries are no more part of the inet package libcrypto.so.0.9.7 and its links libcrypto.so libcrypto.so.0 libcrypto.so.0.9.6 libssl.so.0.9.7 and its links libssl.so libssl.so.0 libssl.so.0.9.6 libz.so.1.2.1 and its links libz.so libz.so.1 - the following files are not more part of the inet package /usr/bin/openssl /usr/bin/ssl/c_hash /usr/bin/ssl/c_info /usr/bin/ssl/c_issuer /usr/bin/ssl/c_name /usr/bin/ssl/c_rehash /usr/bin/ssl/c89.sh install package CERT, if the files are required - modifications for sshd ---------------------- - Default for SSH_LISTEN_ADDR_N is set to '0' Deamon sshd will listen on all local addresses when using this default. Attention: this default will only be used if no old configuration file was found. - If you define listen addresses using a value different from '0' for SSH_LISTEN_ADDR_N one additional entry will be added by default. ListenAddress 127.0.0.1 allows you to do a "ssh localhost". - File /etc/pam.d/sshd was added - /etc/init.d/sshd was modified The change takes effect if SSH_LISTEN_ADDR_N is not '0'. Before the sshd daemon is started, the script tries to find out if all ListenAddress(es) in /etc/sshd_config are valid. In the past this was done using the variables IP_ETH_N, IP_ETH_#_IPADDR from /etc/config.d/base. The check is now enhanced using functions from /var/install/include/inetlib. These functions get the actual IP address of an interfaces using ifconfig. This should make sshd work better with dynamic configurations e.g. using package dhcpc. - modifications for pure-ftpd --------------------------- - the bad file /usr/local/ssl/certs/pure-ftpd.pem from version 1.5.2 or 1.5.3 is replaced by a better one if there is no self generated file. - corrected generation of certfile cert configuration file was not used failure in creating temporary configuration file cerficates are now valid for 365 days added new default cerficate for pure-ftpd 1.5.2 -> 1.5.3 -------------- - global modifications -------------------- Hotfix for base update 1.1.0 / 1.1.1 The following libraries in /lib libcrypto.so.0.9.7 and its links libcrypto.so libcrypto.so.0 libcrypto.so.0.9.6 libssl.so.0.9.7 and its links libssl.so libssl.so.0 libssl.so.0.9.6 libz.so.1.2.1 and its links libz.so libz.so.1 are no longer restored if missing. The libraries are now located in /usr/lib and are contained in package base. 1.5.1 -> 1.5.2 -------------- - global modifications -------------------- - This is the first version that was compiled and generated on eisfair using the eisfair development environment. - Package inet now requires at least base version 1.0.8. - Shell scripts are using EISLIB (/var/install/include/eislib) Package inet no more requires /local/bin/html_colecho. changed /init.d/inet_shlib removed function multi_echo - changed software versions openssl from version 0.9.7d to 0.9.7e - changed software source tftpd source is now http://www.kernel.org/pub/software/network/tftp/ version 0.40 This version supports the "tsize" TFTP option and works with PXELINUX. The option -s (-s /tftpboot) is used by default to obtain compatibility with the former tftpd. Thanks to Nico Wallmeier and Thilo Gass. - modified /var/install/config.d/inet.sh There was a bug handling the home directory of virtual users, because of an incorrect grep statement. - corrected /var/install/config.d/inet.sh Use of variable TFTPD_ADD_ARGS went wrong. Thanks to Torsten Hoellermann. - corrected /etc/check.d/inet.exp INET_PERCENTAGE used for FTP_LIMIT had a fault Thanks to Thomas Unger. - modifications for pure-ftpd --------------------------- - pure-ftpd is configured with --with-tls This enables an experimental support for encryption of the control channel using SSL/TLS security mechanisms. Please read http://www.pureftpd.org/README.TLS for further information. - added the following option to /etc/config.d/inet FTP_TLS='0' '0' support for SSL/TLS is disabled '1' clients can connect either the traditional way or through an SSL/TLS layer '2' cleartext sessions are refused and only SSL/TLS compatible clients are accepted Unfortunately pure-ftpd and FileZilla 2.2.10 are not compatible. Core FTP Lite works fine. - added "Create new certificate for pure-ftpd" to the "pure-ftpd administration" menue and the webconf menue. - pure-ftpd is configured with --with-virtualhosts The configuration of Virtual Hosts has to be done manually. - pure-ftpd is configured with --with-sysquotas I never checked if this works, for I did not install the "Quota Tools". - modifications for sshd ---------------------- ssh is configured with the following options --with-pam This enables PAM support. --with-tcp-wrappers This enables TCP Wrappers (/etc/hosts.allow|deny) support. - changed the implementation of SSH_ALLOW_USER_N and SSH_ALLOW_USER_# SSH_ALLOW_USER_N='0' Number of user name patterns. Login is allowed only for user names that match one of the pattern. '*' and '?' can be used as wildcards in the patterns. Default: 0 - login is allowed for all users. SSH_ALLOW_USER_1='root' Example: First user name pattern. - added the following option to /etc/config.d/inet SSH_DENY_USER_N='0' Number of user name patterns. Login is disallowed only for user names that match one of the pattern. '*' and '?' can be used as wildcards in the patterns. Default: 0 - login is allowed for all users. SSH_DENY_USER_1='batch' Example: First user name pattern. SSH_ALLOW_GROUP_N='0' Number of group name patterns. Login is allowed only for users whose primary group or supplemantary group matches one of the pattern. '*' and '?' can be used as wildcards in the patterns. Default: 0 - login is allowed for all groups SSH_ALLOW_GROUP_1='root' Example: First group name pattern. SSH_DENY_GROUP_N='0' Number of group name patterns. Login is disallowed only for users whose primary group or supplemantary group matches one of the pattern. '*' and '?' can be used as wildcards in the patterns. Default: 0 - login is allowed for all groups SSH_DENY_GROUP_1='batch' Example: First group name pattern. See also the old option SSH_ALLOW_USER. Please use this settings with care. All four lists are checked when a login is done. So wrong settings could exclude an important user (e.g. root or eis) from login. SSH_PERMITROOTLOGIN='yes' Secifies whether root can login using ssh. 'yes' User root can login. 'no' User root can't login. 'without-password' Password authentication for user root is disabled. Note that other authentications (e.g. keyboard-interactive/ PAM) may still allow root to login using a password. 'forced-commands-only' root login with public key authentication will be allowed, but only if the command option has been specified. See command="command" option for Authorized_Keys File Format in SSHD(8). SSH_USEPAM='no' Enable Pluggable Authentication Module interface (PAM) 'yes' or 'no'. This is a preparation for LDAP Authentication. SSH_CH_RESPONSEAUTH='yes' Allow challenge response authentication 'yes' or 'no'. SSH_CLIENTALIVEINTERVAL='0' Timeout interval in seconds for client alive message. Default: 0 - no message SSH_CLIENTALIVECOUNTMAX='3' Number of client alive messages until disconnection. Default: 3 SSH_LOGLEVEL='INFO' Verbosity level that is used when logging messages from sshd. Values QUIET FATAL ERROR INFO VERBOSE DEBUG DEBUG1 DEBUG2 DEBUG3 are allowed. Default: INFO Logging with a DEBUG level violates the privacy of users and is not recommended. Some of this options are for expert users only. Please use options that are unfamilar to you with special care. SSHD_CONFIG(8) is a good place to retrieve information about all options. - change menues "(Re)-Create SSH Server Keys" You are no longer asked for a passphrase. An empty passphrase is used for all keys. You are no longer asked to allow deletion of key files. Key file are deleted before they are recreated. 1.5.0 -> 1.5.1 -------------- - global modifications -------------------- - changed software versions pureftpd from version 1.0.18 to 1.0.19 (1.0.20) openssh from version 3.8p1 to 3.9p1 - corrected two bugs in /etc/init.d/inet_shlib verify_pidfile and check_start did not work well when checking processes with a name longer than 15 characters - removed all links from the distribution file links are created in /tmp/install.sh - changed deinstallation of package inet to strict mode. This means that the following files are removed: /etc/ftpusers /etc/pureftpd.pdb /etc/pureftpd.passwd /etc/config.d/inet FTP-Log identified by FTP_LOG_PATH If this directories are empty, they will be removed. /tftpboot /etc/xinetd.d /home/ftp /home/vftp If this users do not own any files or directories they will be deleted ftp vftp User sshd and group sshd will be removed. The SSH Server Keys (Host Keys) are not deleted. - minimized number of messages during start and stop of services - minimized number of messages during configuration processes - modifications for pure-ftpd --------------------------- - when using pure-uploadscript start and stop of pure-ftpd does no longer show invalid error messages Thanks to Thomas Unger for his advice. - modifications for webconf ------------------------- - changed call of add_advancedconfigmenu and del_advancedconfigmenu - removed bug in webconf function Show pure-ftpd virtual user if pure-ftpd virtual users are not enabled or file /etc/pureftpd.passwd is not readable 1.4.1 -> 1.5.0 -------------- - global modifications -------------------- - corrected two error messages in /check.d/inet.ext FTP_START_METHOD='xi' requires START_XINETD='yes' SSHD_START_METHOD='xi' requires START_XINETD='yes' - If advanced configuration file handling is available (will be released with eisfair 1.0.5) it will be included into the inet menu structure - the following libraries are no longer removed when package inet is removed libcrypto.so.0.9.7 and its links libcrypto.so libcrypto.so.0 libcrypto.so.0.9.6 libssl.so.0.9.7 and its links libssl.so libssl.so.0 libssl.so.0.9.6 libz.so.1.2.1 and its links libz.so libz.so.1 Version 1.5.0 still contains these libraries in directory /tmp/lib. If the libraries are not existent in /lib they will be copied from /tmp/lib to /lib. Future relaeses of this package will not contain the libraries. They will be loaded to your server using the upcoming new eisfair library concept. - added option forcestart to /etc/init.d/pure-ftpd /etc/init.d/sshd /etc/init.d/xinetd By running /etc/init.d/pure-ftpd forcestart you are able start the pure-ftpd daemon even START_FTP was set to 'no'. Similar handling f�r /etc/init.d/sshd to follow START_SSH and /etc/init.d/xinetd to follow START_XINETD. - modifications for webconf ------------------------- - changed design of tables in List pure-ftpd virtual users Check pure-ftpd virtual users /var/install/prep/inet.pureftpd.checkvusers.sh /var/install/prep/inet.pureftpd.listvusers.sh - added form "Report current FTP sessions / kill session" to menue pure-ftpd administration /var/install/form/inet.pureftpd.admin /var/install/form/inet.pureftpd.pure-ftpwho /var/install/prep/inet.pureftpd.pure-ftpwho.sh /var/install/servadm/inet.pureftpd.clean.sh /var/install/servadm/inet.pureftpd.pure-ftpwho.sh - added form "View FTP transfer log" to menue pure-ftpd administration /var/install/form/inet.pureftpd.viewlog /var/install/prep/inet.pureftpd.viewlog.sh - modifications for sshd ---------------------- - added variable SSH_PASSWDAUTH to /etc/config.d/inet Default SSH_PASSWDAUTH='yes' Allow password authentication 'yes' or 'no'. If password authentication is not allowed you have to use key authentication. Check that this works before you change SSH_PASSWDAUTH to 'no'. 1.4.0 -> 1.4.1 -------------- - global modifications -------------------- Hotfix for base update 1.1.0 / 1.1.1 All Libraries where removed /lib/libcrypto.so /lib/libcrypto.so.0 /lib/libcrypto.so.0.9.6 /lib/libcrypto.so.0.9.7 /lib/libssl.so /lib/libssl.so.0 /lib/libssl.so.0.9.6 /lib/libssl.so.0.9.7 /lib/libz.so /lib/libz.so.1 /lib/libz.so.1.2.1 Statement rm -f /usr/lib/libz.so.1 invalidated in /tmp/preinstall.sh 1.3.2 -> 1.4.0 -------------- - global modifications -------------------- - changed version from 1.3.2 to 1.4.0 - changed status from testing to stable 1.3.1 -> 1.3.2 -------------- - global modifications -------------------- - changed software versions openssl from version 0.9.7c to 0.9.7d 1.3.0 -> 1.3.1 -------------- - global modifications -------------------- - changed software versions zlib from version 1.1.4 to 1.2.1 xinetd from version 2.3.12 to 2.3.13 pureftpd from version 1.0.17a to 1.0.18 openssh from version 3.7.1p2 to 3.8p1 - included check of base package version into /tmp/preinstall.sh - default configuration file changed old /etc/config.d/inet.default new /etc/default.d/inet - corrected some regexps in /var/install/form/inet - corrected bug in /etc/check.d/inet.ext - corrected bug in /etc/check.d/inet SSH_PUBLIC_KEY_% may contain blanks (NOBLANK changed to NONE) Thanks to Armin Behrendt for his advice. - changed order of configuration parameters in /etc/config.d/inet parameters for ssh appear first parameters for pure-ftpd come next - modified experimental support for webconf files: /local/bin/html_colecho /var/install/form /var/install/form/inet.docu /var/install/form/inet.main /var/install/form/inet.create.sshkeys /var/install/form/inet.pureftpd.admin /var/install/form/inet.pureftpd.checkvusers /var/install/form/inet.pureftpd.listvusers /var/install/form/inet.pureftpd.showvuser /var/install/help/inet /var/install/prep /var/install/prep/inet.pureftpd.checkvusers.sh /var/install/prep/inet.pureftpd.listvusers.sh /var/install/prep/inet.pureftpd.showvuser.sh /var/install/servadm /var/install/servadm/inet.create.sshkeys.sh /var/install/servadm/inet.pureftpd.clean.sh /var/install/servadm/inet.pureftpd.showvuser.sh webconf 0.40.4 or higher is required - modifications for pure-ftpd --------------------------- - changed ./configure options for pure-ftpd added --with-largefile Support downloading of files larger than 2 gigabytes on 32-bit architectures. - added option to FTP_LOG_FORMAT FTP_LOG_FORMAT now allows format xferlog. Xferlog is the traditional format created by wu-ftpd FTP_LOG_FORMAT='CLF' Format of alternative log file. The values 'CLF', 'Stats', 'W3C' and 'xferlog' are allowed. - modifications for sshd ---------------------- - The sshd ListenAddress(es) are checked at every startup of the sshd daemon. The message: Checking sshd ListenAddress(es) ... is displayed. If an invalid ListenAddress is found in /etc/shhd_config a new file is created using the actual settings from both configuration files /etc/config.d/inet and /etc/config.d/base. This modification tries to gurantee that a sshd session is possible even if IP-Address(es) where changed in /etc/config.d/base and the configuration of sshd was not updated using the eis menue "Service administration". This does not garantee that all other services using IP-Addrsses are also available. But a sshd session allows you to check and reconfigure the system. - generation of /etc/sshd_config was changed line AuthorizedKeysFile /root/.ssh/authorized_keys is now generated as a comment #AuthorizedKeysFile /root/.ssh/authorized_keys so the new default is AuthorizedKeysFile %h/.ssh/authorized_keys This allows every user to have an authorized_keys file in subdirectory .ssh of the home directory. - changed default of SSH_USE_SSH1 New installation default is 'no'. Your configuration will not be changed when doing an update. A user trying to use the SSH1 protocol will get the error message 'Protocol major versions differ: 1 vs. 2' if SSH1 protocol is not allowd. To allow connections to your server using the SSH1 protocol you explicitly have to change the value to 'yes'. Thanks to Frank Hemmerling for this security consideration. - added script ssh-copy-id - change to SSH_PUBLIC_KEY_# If the first character of SSH_PUBLIC_KEY_# is a slash (/) the value is interpreted as an absolut pathname of a file. The content of this file is added to the file /root/.ssh/authorized_keys 1.2.0 -> 1.3.0 -------------- - global modifications -------------------- - changed software versions pureftpd from version 1.0.14 to 1.0.17a xinetd from version 2.3.11 to 2.3.12 openssh from version 3.6.1p1 to 3.7.1p2 openssl from version 0.9.7b to 0.9.7c - removed all man pages from the package because of a decision made by the Eisfair Developer Team September, 14th 2003 - using /var/install/bin/doc to show all documents and files - added eischk to check the configuration file files: /etc/check.d/inet /etc/check.d/inet.exp /etc/check.d/inet.ext - added experimental support for webconf files: /local/bin/html_colecho /var/install/form/inet /var/install/form/inet.change /var/install/form/inet.main /var/install/form/inet.status /var/install/help/ /var/install/help/inet /var/install/prep/ /var/install/prep/prep_change_inet_status.sh /var/install/prep/prep_inet_status.sh /var/install/servadm/ /var/install/servadm/change_pureftpd_status.sh /var/install/servadm/change_sshd_status.sh /var/install/servadm/change_xinetd_status.sh /var/install/servadm/clean_inet_status.sh - adjusted file access permissions for file /var/install/menu/setup.services.inet.menu - added menues Inet documentation Show inet package documentation Show inet package changes pure-ftpd administration List pure-ftpd virtual users Show info about a pure-ftpd virtual user Check pure-ftpd virtual users - modified /etc/init.d/sshd /etc/init.d/pure-ftpd /etc/init.d/xinetd /tmp/preinstall.sh /tmp/install.sh /var/install/bin/inet-edit /var/install/bin/sshd-create_keys /var/install/config.d/inet.sh /var/install/deinstall/inet - added /init.d/inet_shlib added function multi_echo function kill_and_wait function check_start modified function verify_pidfile - modifications for pure-ftpd --------------------------- - changed documentation for FTP_HANGUP_TIME hangup time is in minutes not in seconds - added FTP_HARDKILL='no' kill all pure-ftpd processes, when stopping the main pure-ftpd daemon 'yes' or 'no'. 'yes' all pure-ftpd processes are killed 'no' only main pure-ftpd is killed Requires FTP_START_METHOD='st'. - changed start command from /usr/sbin/pure-ftpd $ARGS to nohup /usr/sbin/pure-ftpd $ARGS >/tmp/pure-ftpd.$$ 2>&1 & to avoid hanging of mini_httpd when using webconf (I don't understand what's going on) - the code to handle virtual users was rewritten Now a virtual user is only modified if the password or the home directory has changed. You will receive a message like Modifying virtual user (directory password) if both has changed. - added the following option to /etc/config.d/inet FTP_VIRTUAL_USERS_DELETE='no' Delete virtual users that are no more listed in a FTP_VIRTUAL_USERS_#_USERNAME variable If you set FTP_VIRTUAL_USERS_DELETE to 'yes' only those virtual users listed in the actual configuration file will be available. Other virtual users will be deleted, but their home directories will still be there. For compatiblity to older versions this variable defaults to 'no'. - modifications for sshd ---------------------- - file /etc/sshd_config option RhostsAuthentication=no deleted because sshd 3.7.1p2 deprecates it - added the following option to /etc/config.d/inet SSHD_START_METHOD='st' Start method for sshd. 'st' start sshd as standalone server. 'xi' start sshd via xinetd. 'xi' requires START_XINETD='yes'. Have a look at /etc/xinitd.d/sshd to see some security attributes that are available when starting sshd via xinetd. Look at the xinetd.conf man page to find out more about this attributes. (Thanks to Tobias Becker for his proposal) - time service ------------ added time service ENABLE_TIME_SERVICE='no' enable time service UPD and TCP on port 37: 'yes' or 'no' 'yes' requires START_XINETD='yes' 1.2.2 -> 1.2.3 -------------- security update all changes of this update are contained in 1.3.0 1.2.1 -> 1.2.2 -------------- security update all changes of this update are contained in 1.3.0 1.2.0 -> 1.2.1 -------------- security update all changes of this update are contained in 1.30 1.1.1 -> 1.2.0 -------------- - global modifications -------------------- - changed SSH Server Key generation during installation. Existing SSH Server Keys are not (!) deleted. SSH Server Keys (Host Keys) stored in /etc/ssh_host_key /etc/ssh_host_rsa_key /etc/ssh_host_dsa_key are checked. If the keys are invalid, they are deleted. New keys are generated without asking for a passphrase. An empty passphrase is used (-N ""). - SSH-Keys are no more deleted when inet is deinstalled - modifications for pure-ftpd --------------------------- - converted /usr/share/doc/inet/examples/create_dot_ftpquota.sh from DOS file to Unix file 1.1.0 -> 1.1.1 -------------- - global modifications -------------------- - changed software versions openssh from version 3.5p1 to 3.6.1p1 openssl from version 0.9.7a to 0.9.7b xinetd from version 2.3.10 to 2.3.11 - Configuration file /etc/config.d/inet will be saved when installing a new version of the inet package. The "old" configuration parameters will be retained unchanged and are transferred into the "new" configuration. - Configuration file /etc/config.d/inet will not be removed when uninstalling the inet package If you wish to remove the file, please do it by yourself. - modifications for xinetd ------------------------ - added man pages for xinetd xinetd.8 xinetd.conf.5 xinetd.log.5 - modifications for pure-ftpd --------------------------- - modified /etc/init.d/pure-ftpd FTP_DONT_CHROOT_GROUP didn't work (Thanks to Peter Schmitz for this correction) Using the -B argument to start pure-ftpd to have the standalone server start in background (daemonization) (Thanks to Mathias Gumz for his proposal) - modified /var/install/bin/ftpd-start no background handling of /etc/init.d/pure-ftpd - added pure-quotacheck and it's man page pure-quotacheck.8 added /usr/share/doc/inet/examples/create_dot_ftpquota.sh This script can be used to create .ftpquota files for all non-system users found in /etc/passwd and all virtual users found in /etc/pureftpd.passwd. - added pure-uploadscript and it's man page pure-uploadscript.8 - added pure-statsdecode and it's man page pure-statsdecode.8 - added /etc/pureftpd.pdb.empty This will be installed as /etc/pureftpd.pdb if no /etc/pureftpd.pdb exists. - removed faulty "rmdir /home/ftp" command from /tmp/preinstall /home/ftp is used for anonymous ftp users. /home/ftp will be created when it is missing. - changed ./configure options for pure-ftpd old options: --with-ftpwho --with-puredb --with-virtualchroot --with-language=english --with-throttling --with-altlog --with-quotas added options are: --with-uploadscript --with-peruserlimits --with-ratios --with-pam - added the following option to /etc/config.d/inet FTP_SHOW_ARGS='no' Show all arguments for pure-ftpd on startup. 'yes' enables this debugging option. FTP_START_METHOD='st' Start method for pure-ftpd. 'st' start pure-ftpd as standalone server. 'xi' start pure-ftpd via xinetd. 'xi' requires START_XINETD='yes'. FTP_USE_PAM='no' Use PAM authentication instead of Unix authentication (the traditional /etc/passwd file). If set to 'yes' the file /etc/ftpusers is verified. This file contains the list of users that aren't allowed to use the PureFTPd. Example: the lines bill paul in /etc/ftpusers disallows bill and paul to log in. FTP_UPLOADSCRIPT_ARGS='' Arguments for pure-uploadscript. When set, pure-ftpd will be startet with argument -o and pure-uploadscript with argument $FTP_UPLOADSCRIPT_ARGS will be startet in the background. Example '-r /tmp/scanner.sh'. See /usr/share/doc/inet/pure-uploadscript.8 for a documentation of pure-uploadscript. /usr/share/doc/inet/examples contains the dummy example script scanner.sh. pure-uploadscript can not be used, when FTP_START_METHOD is set to 'xi'. Visit www.pureftpd.org for a detailed description. FTP_MAXCON_PER_IP='' Maximum number of connections per IP. Limit the number of simultanous connections coming from the same IP address to n. Requires FTP_START_METHOD='st'. FTP_LIST_DOT_FILES='no' List files beginning with a dot ('.') even when the client doesn't append the '-a' option to the list command. This is a workaround for badly configured FTP clients. FTP_ONLY_ANONYMOUS='no' Only allow anonymous users. FTP_DISALLOW_RENAMING='no' Disallow renaming of files. FTP_DISALLOW_ANONYMOUS_UPLOAD='no' Disallow upload for anonymous users. FTP_MAX_CPU_LOAD='' Don't allow anonymous download if the load is above . Upload is still allowed, though. FTP_UMASKS='' Format :. Change the file creation mask. The default is 133:022. FTP_MAX_LOGINS='' Format :. It restricts the number of concurrent sessions the same user can have. A null value ('0') means 'unlimited'. FTP_FILE_QUOTA='' PureFTPd's virtual quota mechanism. Format :. is in Megabytes. Quotas are enabled for all users, except for users of trusted groups. See FTP_DONT_CHROOT_GROUP. To create the required .ftpquota files see pure-quotacheck. FTP_USER_BANDWIDTH='' Enable bandwidth limitation for normal user. Format []:[]. Bandwidth is specified in kilobytes/seconds. Examples: 256:64 256 KB/s for uploads, 64 KB/s for downloads 256: 256 KB/s for uploads, no limit for downloads :64 no limit for uploads, 64 KB/s for downloads FTP_ANONYMOUS_BANDWIDTH='' Enable bandwidth limitation for virtual user. See FTP_USER_BANDWIDTH. FTP_ANONYMOUS_RATIO='' Enable ratios for anonymous users. Format :. Ratio is specified in Mbyte. For example 2:5 means that an anonymousi user has to upload at least 2 Mb of goodies to be able to download 5 Mb. FTP_ALL_USER_RATIO='' Enable ratios for everybody (anonymous and non-anonymous). See FTP_ANONYMOUS_RATIO. 1.0.6 -> 1.1.0 -------------- - added /usr/share/doc/inet/changes.txt (this file) - changed software versions pureftpd from version 1.0.11 to 1.0.14 openssl from version 0.9.6e to 0.9.7a openssh from version 3.4p1 to 3.5p1 xinetd from version 2.3.4 to 2.3.10 - changed ./configure options for pure-ftpd new options are: --with-ftpwho --with-puredb --with-virtualchroot --with-language=english --with-throttling --with-altlog --with-quotas - changed SSH Server Key generation during installation. Existing SSH Server Keys are deleted. SSH Server Keys (Host Keys) stored in /etc/ssh_host_key /etc/ssh_host_rsa_key /etc/ssh_host_dsa_key are generated without asking for a passphrase. An empty passphrase is used (-N ""). If you know what you are doing, you might generate Host Keys with a passphrase using "(Re)-Create SSH Server Keys". - SSH-Keys are deleted when inet is deinstalled - modified /tmp/preinstall.sh /tmp/install.sh delete all obsolete files from version 1.0.6 changed dynamic chown / chmod to correct files delivered inside the tar file - modified /var/install/deinstall/inet added some files - added /var/empty used by sshd during privilege separation in the pre-authentication phase - modified /etc/config.d/inet and /install/config.d/inet.sh using a lot of proposals from J�rgen Edner. Gathered some ideas from Florian Zierers opt_pftpd for fli4l. A lot of coding in /install/config.d/inet.sh was done by J�rgen Edner. Many thanks to both. - added options to configure pure-ftpd FTP_LIMIT='95' Don't allow uploads if the partition is more than % full. Using pure-ftpd's -k switch. FTP_LOG='no' Enable ('yes') or disable ('no') recording of all file transfers into a specific log file, in an alternative format. FTP_LOG_FORMAT='CLF' Format of alternative log file. The values 'CLF', 'Stats' and 'W3C' are allowed. FTP_LOG_PATH='/var/log/pure-ftpd.log' Log file name for alternative log file. FTP_ADD_ARGS='' Additional arguments / switches for pure-ftpd. See pure-ftpd documentation. Please use this option only if you know what you are doing. FTP_PORT='21' Listen for an incoming connection on port FTP_PORT. FTP_VIRTUAL_USERS_x_PASSWD='' Password for virtual user x. If you set a password to '', you will be asked to enter the password when the user is created. If you define a password, the virtual user will be created without asking. To keep security the password will be changed to '******' after creating the user. At this time no password changing can be done using the config file. If you want to use the Webconf Package, you'll have to define passwords for all virtual users. Modified checking of virtual users to avoid some errors. E.g. mismatch between FTP_VIRTUAL_USERS_N and really defined users. Stronger checking of /etc/pureftpd.passwd to see if user already exist. Corrected error when trying to create user ftp. User ftp is used for anonymous ftp. - added in.tftpd START_TFTPD='no' Valid values are 'yes' and 'no'. tftpd requires xinetd. tftpd is invoked with argument /tftpboot so tfptd is restricted to this directory. Thanks to Christoph Peus for preparing this section. Read http://fli4l.de/german/howtos/howto-netzboot-fli4l.htm to boot your fli4l-Router using your eisfair server. TFTPD_ADD_ARGS='' Additional arguments / switches for tftpd. See tftpd documentation. Please use this option only if you know what you are doing. - added many options to configure sshd SSH_PORT='22' ssh port, see also FIREWALL_DENY_PORT_x SSH_USE_SSH1='yes' use ssh1 protocol - default: yes SSH_USE_SSH2='yes' use ssh2 protocol - default: yes SSH_SVR_KEYBITS='1536' server keybits - default: 1536 value 512, 768 or 1536 SSH_LISTEN_ADDR_N='1' number of addresses sshd should listen to. 0 - listen on all local ports. SSH_LISTEN_ADDR_1='1' first ip address, sshd should listen to. use n'th ethernet card configured in /etc/config.d/base SSH_ALLOW_USER_N='0' number of users sshd login has been granted to default: 0 - login is allowed for all users SSH_ALLOW_USER_1='root' first user, sshd access has been granted remember that users must exist in /etc/passwd SSH_PUBLIC_KEY_N='0' number of public keys to add to /.ssh/authorized_keys SSH_PUBLIC_KEY_1='' public key (identity.pub) generated by ssh-keygen SSH_MAX_STARTUPS='10' maximum number of concurrent unauthenticated connections. default: 10 SSH_ENABLE_PRIV_SEPARATION='no' enable user privilege separation: yes or no If you set SSH_ENABLE_PRIV_SEPARATION to 'yes' you probably have to set SSH_COMPRESSION tp 'no' See http://www.afp548.com/Articles/security/ssh34p1.html SSH_COMPRESSION='yes' allow compression: yes or no SSH_STRICTMODES='yes' Use Strictmodes: yes or no SSH_ENABLE_SFTP='yes' activate sftp: yes or no - file /var/log/lastlog will be created when installing inet This will result in messages like Last login: Sun Jan 26 13:00:58 2003 from speedy.ap.de when you log in. - file /usr/bin/ssl/c_rehash contains #!/usr/bin/perl instead of #!/usr/bin/perl5 to run perl