mod_tls für proftpd

alex0809

New Member
Hallo,
ich benutze für meinen FTP-Server proftpd und möchte die Verbindung mittels TLS/SSL absichern. Leider bricht die Verbindung zu meinen Server immer beim LIST-Befehl ab, was wohl daran liegt, das das Modul mod_tls auf meinem Server nicht installiert ist. Wie installiere ich dies nachträglich? Wenn ich im Internet danach suche, finde ich lediglich Schritte wie diesen:
./configure --with-modules=mod_tls
- die mir nicht weiterhelfen

Vielen Dank im Voraus für eure Hilfe!
alex0809
 

alex0809

New Member
Noch ein paar zusätzliche Informationen

- die Moduldateien existieren - im proftpd-Modul-Ordner (mod_tls.a, mod_tls.la, mod_tls.so)
- im Internet hab ich ein paar Befehle gefunden:
ftpdctl insmod mod_tls.c gibt aus:
Code:
ftpdctl: error contacting server using '/var/run/proftpd/proftpd.sock': Connection refused
proftpd -n gibt aus:
Code:
vs159009.vserver.de - Failed binding to 0.0.0.0, port 21: Address already in use
vs159009.vserver.de - Check the ServerType directive to ensure you are configured correctly.
- /usr/sbin/proftpd -l gibt aus:
Code:
Compiled-in modules:
  mod_core.c
  mod_xfer.c
  mod_auth_unix.c
  mod_auth_file.c
  mod_auth.c
  mod_ls.c
  mod_log.c
  mod_site.c
  mod_delay.c
  mod_dso.c
  mod_auth_pam.c
  mod_readme.c
  mod_cap.c
  mod_ctrls.c

Vielleicht könnt ihr damit noch was anfangen ;)
 

alex0809

New Member
ich find nur Anleitungen, wie man proftpd anweist, ein Modul zu laden.
Aber das Modul müsste ja eigentlich geladen werden, es steht wie alle anderen auch in der /etc/proftpd/modules.conf mit drin!
Kann es sein, das das Modul irgendwie beschädigt ist? Wo kann ich es noch herunterladen?

PS: Für mod_tls ist die Beschreibung "FIXME FIXME". Sehr hilfreich! ;)
 

Roger Wilco

Blog Benutzer
Aber das Modul müsste ja eigentlich geladen werden, es steht wie alle anderen auch in der /etc/proftpd/modules.conf mit drin!
Dann ist es doch in Ordnung. Vielleicht stimmt einfach deine Konfiguration nicht?

Kann es sein, das das Modul irgendwie beschädigt ist?
Möglich ja, aber dann würde ProFTPd IMHO gar nicht erst starten.

Wo kann ich es noch herunterladen?
Halte dich an die Pakete deiner Distribution. Das Modul ist ja offensichtlich in diesen enthalten.

PS: Für mod_tls ist die Beschreibung "FIXME FIXME". Sehr hilfreich! ;)
Auf der Seite steht noch mehr.
 

SandMan1987

Registered User
bei mir besteht folgendes Problem: mod_tls ist gar nicht erst installiert auf meinem Server, gibt es eine Möglichkeit das einfach hinzuzufügen? Aus den Links oben konnte ich dazu keine direkte Antwort finden.
 

Operaiter

New Member
Hallo,

wenn ich ./configure --with-modules=mod_tls:mod_ldap:mod_sql ausführe werde ich erschlagen mit Meldungen. Zuerst hatte ich keinen gcc den habe ich mir jetzt mal nachinstalliert. Danach noch g++ nachgeholt.

Jetzt bekomme ich aber immernoch ein paar ...no

Die makefiles sind aber am Ende erstellt worden. Darf ich jetzt make / install machen oder nicht?! :D

Hier mal meine Konsolenausgaben wäre klasse wenn mal einer drüberguckt ob alles stimmt, oder mir noch benötigte Pakete fehlen ;) Will mir hier nicht mein System zerschießen unnötig :-/ Ist das erste Programm welches ich selber kompiliere.

Code:
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2010.11.02 14:11:14 =~=~=~=~=~=~=~=~=~=~=~=

checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables... 
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking whether make sets $(MAKE)... no
checking for a BSD-compatible install... /usr/bin/install -c
checking for a sed that does not truncate output... /bin/sed
checking for egrep... grep -E
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for /usr/bin/ld option to reload object files... -r
checking for BSD-compatible nm... /usr/bin/nm -B
checking whether ln -s works... yes
checking how to recognise dependent libraries... pass_all
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking dlfcn.h usability... yes
checking dlfcn.h presence... yes
checking for dlfcn.h... yes
checking for g++... g++
checking whether we are using the GNU C++ compiler... yes
checking whether g++ accepts -g... yes
checking how to run the C++ preprocessor... g++ -E
checking for g77... no
checking for f77... no
checking for xlf... no
checking for frt... no
checking for pgf77... no
checking for fort77... no
checking for fl32... no
checking for af77... no
checking for f90... no
checking for xlf90... no
checking for pgf90... no
checking for epcf90... no
checking for f95... no
checking for fort... no
checking for xlf95... no
checking for ifc... no
checking for efc... no
checking for pgf95... no
checking for lf95... no
checking for gfortran... no
checking whether we are using the GNU Fortran 77 compiler... no
checking whether  accepts -g... no
checking the maximum length of command line arguments... 32768
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for objdir... .libs
checking for ar... ar
checking for ranlib... ranlib
checking for strip... strip
checking if gcc static flag  works... yes
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC
checking if gcc PIC flag -fPIC works... yes
checking if gcc supports -c -o file.o... yes
checking whether the gcc linker (/usr/bin/ld) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking for shl_load... no
checking for shl_load in -ldld... no
checking for dlopen... no
checking for dlopen in -ldl... yes
checking whether a program can dlopen itself... yes
checking whether a statically linked program can dlopen itself... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
configure: creating libtool
appending configuration tag "CXX" to libtool
checking for ld used by g++... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking whether the g++ linker (/usr/bin/ld) supports shared libraries... yes
checking for g++ option to produce PIC... -fPIC
checking if g++ PIC flag -fPIC works... yes
checking if g++ supports -c -o file.o... yes
checking whether the g++ linker (/usr/bin/ld) supports shared libraries... yes
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking for shl_load... (cached) no
checking for shl_load in -ldld... (cached) no
checking for dlopen... (cached) no
checking for dlopen in -ldl... (cached) yes
checking whether a program can dlopen itself... (cached) yes
checking whether a statically linked program can dlopen itself... (cached) yes
appending configuration tag "F77" to libtool
checking for special C compiler options needed for large files... no
checking for _FILE_OFFSET_BITS value needed for large files... 64
checking for _LARGE_FILES value needed for large files... no
checking whether the C compiler accepts -Wall... yes
checking for getopt... yes
checking getopt.h usability... yes
checking getopt.h presence... yes
checking for getopt.h... yes
checking for getopt_long... yes
checking for standalone crypt... no
checking for crypt in -lcrypt... yes
checking for standalone gethostbyname... yes
checking for standalone inet_aton... yes
checking for standalone nsl functions... yes
checking for standalone socket functions... yes
checking for _pw_stayopen variable... no
checking krb.h usability... no
checking krb.h presence... no
checking for krb.h... no
checking prot.h usability... no
checking prot.h presence... no
checking for prot.h... no
checking hpsecurity.h usability... no
checking hpsecurity.h presence... no
checking for hpsecurity.h... no
checking for hpsecurity.h workaround... no
checking for dirent.h that defines DIR... yes
checking for library containing opendir... none required
checking for ANSI C header files... (cached) yes
checking for sys/wait.h that is POSIX.1 compatible... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking sys/ioctl.h usability... yes
checking sys/ioctl.h presence... yes
checking for sys/ioctl.h... yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking junistd.h usability... no
checking junistd.h presence... no
checking for junistd.h... no
checking for memory.h... (cached) yes
checking shadow.h usability... yes
checking shadow.h presence... yes
checking for shadow.h... yes
checking for struct spwd.sp_warn... yes
checking for struct spwd.sp_inact... yes
checking for struct spwd.sp_expire... yes
checking security/pam_appl.h usability... no
checking security/pam_appl.h presence... no
checking for security/pam_appl.h... no
checking security/pam_modules.h usability... no
checking security/pam_modules.h presence... no
checking for security/pam_modules.h... no
checking pam/pam_appl.h usability... no
checking pam/pam_appl.h presence... no
checking for pam/pam_appl.h... no
checking linux/capability.h usability... yes
checking linux/capability.h presence... yes
checking for linux/capability.h... yes
checking whether to enable mod_cap... yes
checking bstring.h usability... no
checking bstring.h presence... no
checking for bstring.h... no
checking crypt.h usability... yes
checking crypt.h presence... yes
checking for crypt.h... yes
checking ctype.h usability... yes
checking ctype.h presence... yes
checking for ctype.h... yes
checking execinfo.h usability... yes
checking execinfo.h presence... yes
checking for execinfo.h... yes
checking iconv.h usability... yes
checking iconv.h presence... yes
checking for iconv.h... yes
checking for inttypes.h... (cached) yes
checking langinfo.h usability... yes
checking langinfo.h presence... yes
checking for langinfo.h... yes
checking limits.h usability... yes
checking limits.h presence... yes
checking for limits.h... yes
checking locale.h usability... yes
checking locale.h presence... yes
checking for locale.h... yes
checking for string.h... (cached) yes
checking for strings.h... (cached) yes
checking stropts.h usability... yes
checking stropts.h presence... yes
checking for stropts.h... yes
checking sys/file.h usability... yes
checking sys/file.h presence... yes
checking for sys/file.h... yes
checking sys/mman.h usability... yes
checking sys/mman.h presence... yes
checking for sys/mman.h... yes
checking for sys/types.h... (cached) yes
checking sys/uio.h usability... yes
checking sys/uio.h presence... yes
checking for sys/uio.h... yes
checking for sys/param.h... yes
checking for sys/mount.h... yes
checking netdb.h usability... yes
checking netdb.h presence... yes
checking for netdb.h... yes
checking netinet/in.h usability... yes
checking netinet/in.h presence... yes
checking for netinet/in.h... yes
checking whether netdb.h requires _USE_IRS... no
checking for netinet/in_systm.h... yes
checking for netinet/ip.h... yes
checking netinet/tcp.h usability... yes
checking netinet/tcp.h presence... yes
checking for netinet/tcp.h... yes
checking arpa/inet.h usability... yes
checking arpa/inet.h presence... yes
checking for arpa/inet.h... yes
checking libintl.h usability... yes
checking libintl.h presence... yes
checking for libintl.h... yes
checking for sys/stat.h... (cached) yes
checking errno.h usability... yes
checking errno.h presence... yes
checking for errno.h... yes
checking sys/socket.h usability... yes
checking sys/socket.h presence... yes
checking for sys/socket.h... yes
checking sys/termios.h usability... yes
checking sys/termios.h presence... yes
checking for sys/termios.h... yes
checking sys/termio.h usability... no
checking sys/termio.h presence... no
checking for sys/termio.h... no
checking sys/statvfs.h usability... yes
checking sys/statvfs.h presence... yes
checking for sys/statvfs.h... yes
checking sys/un.h usability... yes
checking sys/un.h presence... yes
checking for sys/un.h... yes
checking sys/vfs.h usability... yes
checking sys/vfs.h presence... yes
checking for sys/vfs.h... yes
checking sys/select.h usability... yes
checking sys/select.h presence... yes
checking for sys/select.h... yes
checking dirent.h usability... yes
checking dirent.h presence... yes
checking for dirent.h... yes
checking ndir.h usability... no
checking ndir.h presence... no
checking for ndir.h... no
checking sys/ndir.h usability... no
checking sys/ndir.h presence... no
checking for sys/ndir.h... no
checking sys/dir.h usability... yes
checking sys/dir.h presence... yes
checking for sys/dir.h... yes
checking vmsdir.h usability... no
checking vmsdir.h presence... no
checking for vmsdir.h... no
checking ucontext.h usability... yes
checking ucontext.h presence... yes
checking for ucontext.h... yes
checking utime.h usability... yes
checking utime.h presence... yes
checking for utime.h... yes
checking utmpx.h usability... yes
checking utmpx.h presence... yes
checking for utmpx.h... yes
checking regex.h usability... yes
checking regex.h presence... yes
checking for regex.h... yes
checking syslog.h usability... yes
checking syslog.h presence... yes
checking for syslog.h... yes
checking curses.h usability... no
checking curses.h presence... no
checking for curses.h... no
checking ncurses.h usability... no
checking ncurses.h presence... no
checking for ncurses.h... no
checking for tzname global variable... yes
checking for an ANSI C-conforming const... yes
checking for inline... inline
checking for uid_t in sys/types.h... yes
checking for pid_t... yes
checking for size_t... yes
checking for mode_t... yes
checking for off_t... yes
checking type of array argument to getgroups... gid_t
checking for timer_t... yes
checking whether time.h and sys/time.h may both be included... yes
checking whether struct tm is in sys/time.h or time.h... time.h
checking for short... yes
checking size of short... 2
checking for int... yes
checking size of int... 4
checking for long... yes
checking size of long... 4
checking for long long... yes
checking size of long long... 8
checking for off_t... (cached) yes
checking size of off_t... 8
checking for size_t... (cached) yes
checking size of size_t... 4
checking for time_t... yes
checking size of time_t... 4
checking for umode_t... no
checking for ino_t... yes
checking for intptr_t... yes
checking for socklen_t... yes
checking utmp.h usability... yes
checking utmp.h presence... yes
checking for utmp.h... yes
checking whether your struct utmp has ut_user... yes
checking whether your struct utmp has ut_host... yes
checking whether your struct utmp has ut_exit... yes
checking whether your syslog.h defines LOG_CRON... yes
checking whether your syslog.h defines LOG_FTP... yes
checking for d_fd in DIR structure... no
checking for dd_fd in DIR structure... no
checking for __dd_fd in DIR structure... no
checking for working alloca.h... yes
checking for alloca... yes
checking for alloca in -lucb... no
checking whether gcc needs -traditional... no
checking whether setpgrp takes no argument... yes
checking return type of signal handlers... void
checking for vprintf... yes
checking for _doprnt... no
checking for bcopy... yes
checking for crypt... yes
checking for fdatasync... yes
checking for fgetgrent... yes
checking for fgetpwent... yes
checking for flock... yes
checking for freeaddrinfo... yes
checking for iconv... yes
checking for nl_langinfo... yes
checking for gai_strerror... yes
checking for getaddrinfo... yes
checking for getcwd... yes
checking for getenv... yes
checking for gethostbyname2... yes
checking for gethostname... yes
checking for getnameinfo... yes
checking for gettimeofday... yes
checking for hstrerror... yes
checking for inet_aton... yes
checking for inet_ntop... yes
checking for inet_pton... yes
checking for memcpy... yes
checking for mempcpy... yes
checking for mkdir... yes
checking for mkstemp... yes
checking for mlock... yes
checking for mlockall... yes
checking for munlock... yes
checking for munlockall... yes
checking for putenv... yes
checking for rmdir... yes
checking for select... yes
checking for setgroups... yes
checking for socket... yes
checking for statfs... yes
checking for strchr... yes
checking for strcoll... yes
checking for strerror... yes
checking for strsep... yes
checking for strtol... yes
checking for strtoull... yes
checking for setprotoent... yes
checking for setspent... yes
checking for endprotoent... yes
checking for vsnprintf... yes
checking for snprintf... yes
checking for setsid... yes
checking for setgroupent... no
checking for seteuid... yes
checking for setegid... yes
checking for setenv... yes
checking for siginterrupt... yes
checking for setpgid... yes
checking for regcomp... yes
checking for tzset... yes
checking for unsetenv... yes
checking for pathconf... yes
checking for fpathconf... yes
checking for fgetspent... yes
checking for setpassent... no
checking for struct sockaddr_in.sin_len... no
checking whether struct addrinfo is defined... yes
checking whether struct sockaddr_storage is defined... yes
checking whether ss_family is defined... yes
checking whether ss_len is defined... no
checking whether __ss_len is defined... no
checking sys/acl.h usability... no
checking sys/acl.h presence... no
checking for sys/acl.h... no
checking acl/libacl.h usability... no
checking acl/libacl.h presence... no
checking for acl/libacl.h... no
checking which POSIX ACL implementation to use... none
checking which sendfile() implementation to use... Linux
checking sys/sendfile.h usability... yes
checking sys/sendfile.h presence... yes
checking for sys/sendfile.h... yes
checking whether setgrent returns void... yes
checking for setproctitle... no
checking libutil.h usability... no
checking libutil.h presence... no
checking for libutil.h... no
checking for setproctitle in -lutil... no
checking sys/pstat.h usability... no
checking sys/pstat.h presence... no
checking for sys/pstat.h... no
checking whether __progname and __progname_full are available... yes
checking which argv replacement method to use... writeable
checking whether printf supports %llu format... yes
checking for default transfer buffer sizes... 16384
checking checking for duplicate module requests... no
checking whether gcc accepts -Wno-long-double... yes
configure: creating ./config.status
config.status: creating include/Makefile
config.status: creating lib/Makefile
config.status: creating locale/Makefile
config.status: creating modules/Makefile
config.status: creating src/Makefile
config.status: creating src/ftpdctl.8
config.status: creating src/proftpd.8
config.status: creating src/xferlog.5
config.status: creating utils/Makefile
config.status: creating utils/ftpcount.1
config.status: creating utils/ftpshut.8
config.status: creating utils/ftptop.1
config.status: creating utils/ftpwho.1
config.status: creating Makefile
config.status: creating Make.rules
config.status: creating config.h
config.status: executing default commands
]0;root@vs2064092: /home/admin/umbau/proftpd-1.3.1root@vs2064092:/home/admin/umbau/proftpd-1.3.1# [K

Danke !

LG OP
 

danton

Debian User
gibt es nicht. du musst proftpd neu kompilieren

1. proftpd entfernen ("apt-get remove proftpd" bei debian)

Also zumindest für Debian Lenny Blödsinn - da ist mod_tls im Paket mit drin. Ich habe den ProFTPd auf meinem Lenny-System ja mit SSL laufen, ohne neu kompiliert zu haben.
 

Operaiter

New Member
Code:
proftpd -l

spuckte bei mir aber kein mod_tls aus.

Kannst du mal bitte posten was jenes bei dir ausspuckt?

Ich selber verwende auch Lenny. Sollte soweit up to date sein :]
 

danton

Debian User
Jepp, ggfl. mußt du die entsprechende Zeile in der modules.conf noch aktiv schalten - bin mir nicht sicher, ob mod_tls standardmäßig geladen wird, oder nur auskommentiert in der Datei steht.
Aufgelistet wird das Modul nicht, da es wie Roger schon schrieb, nicht einkompiliert ist, sondern dynamisch geladen wird.
 
Top