proftp安装
#安装epel源
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
#安装proftpd
yum install -y proftpd proftpd-utils proftpd-mysql
#设置自动启动:
systemctl enable proftpd
systemctl start proftpd
#查看状态:
systemctl status proftpd
#添加 ftp 用户和组:
groupadd -g 2001 ftpgroup
useradd -u 2001 -g 2001 ftpuser
#重写conf
vim /etc/proftpd.conf
#具体IP信息需要修改,不可直接复制
ServerName "ProFTPD server"
ServerIdent on "FTP Server ready."
ServerAdmin root@localhost
DefaultServer on
RootLogin off
ServerType standalone
RequireValidShell off
DeleteAbortedStores on # 自动删除未完成上传的文件
DefaultRoot ~
UseReverseDNS off
User ftpuser
Group ftpgroup
MaxInstances 2000
UseSendfile off
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LoadModule mod_sql.c
LoadModule mod_sql_mysql.c
LoadModule mod_quotatab.c
LoadModule mod_quotatab_sql.c
LoadModule mod_ctrls_admin.c
LoadModule mod_deflate.c
LoadModule mod_sftp.c
LoadModule mod_sftp_sql.c
LoadModule mod_vroot.c
TraceLog /var/log/proftpd/trace.log
<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
AdminControlsACLs all allow user root
</IfModule>
<IfDefine TLS>
TLSEngine on
TLSRequired on
TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem
TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem
TLSCipherSuite ALL:!ADH:!DES
TLSOptions NoCertRequest
TLSVerifyClient off
#TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
TLSLog /var/log/proftpd/tls.log
<IfModule mod_tls_shmcache.c>
TLSSessionCache shm:/file=/var/run/proftpd/sesscache
</IfModule>
</IfDefine>
<IfDefine DYNAMIC_BAN_LISTS>
LoadModule mod_ban.c
BanEngine on
BanLog /var/log/proftpd/ban.log
BanTable /var/run/proftpd/ban.tab
BanOnEvent MaxLoginAttempts 2/00:10:00 01:00:00
BanMessage "Host %a has been banned"
BanControlsACLs all allow user ftpadm
</IfDefine>
<IfDefine QOS>
LoadModule mod_qos.c
QoSOptions dataqos throughput ctrlqos lowdelay
</IfDefine>
<Global>
Umask 022
AllowOverwrite yes
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
</Global>
# MySQL 相关的配置:
SQLBackend mysql
SQLLogFile /var/log/proftpd/sql.log
SQLAuthTypes Plaintext
SQLAuthenticate users
SQLConnectInfo serverdb@172.16.65.120 root Server@123456
SQLUserInfo ftp_user user_id passwd uid gid homedir shell
CreateHome on 755 dirmode 755
SQLUserWhereClause "'***' = accesshost and is_valid = 1 and (accessed > now() or is_accessed = 0)"
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1 WHERE user_id='%u'" ftp_user
# User quotas
QuotaEngine on
QuotaDirectoryTally on
QuotaDisplayUnits Mb
#允许显示磁盘限额信息,ftp登陆后可执行 quote site quota 命令察看当前磁盘使用情#况
QuotaShowQuotas on
QuotaLog "/var/log/proftpd/quota.log"
SQLNamedQuery get-quota-limit SELECT "b.user_id AS NAME,'user','false' AS per_session,'hard' AS limit_type,a.size AS bytes_in_avail,0 AS bytes_out_avail,0 AS bytes_xfer_avail,0 AS files_in_avail,0 AS files_out_avail,0 AS files_xfer_avail FROM ftp_business_conf a LEFT JOIN ftp_user b ON a.id = b.business_conf_id WHERE b.user_id = '%u' AND a.is_deleted = 0"
SQLNamedQuery get-quota-tally SELECT "b.user_id AS NAME,'user',a.bytes_in_used,0 as bytes_out_used,0 as bytes_xfer_used,0 as files_in_used,0 as files_out_used,0 as files_xfer_used FROM ftp_quotatallies a LEFT JOIN ftp_user b ON a.business_conf_id = b.business_conf_id WHERE b.user_id = '%u' AND quota_type = 'group'"
SQLNamedQuery update-quota-tally select 1 from dual
SQLNamedQuery insert-quota-tally select 1 from dual
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
RootLogin off
平台存储
SET FOREIGN_KEY_CHECKS=0;
-- ----------------------------
-- Table structure for ftp_business
-- ----------------------------
DROP TABLE IF EXISTS `ftp_business`;
CREATE TABLE `ftp_business` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(128) DEFAULT NULL,
`permission` varchar(128) DEFAULT NULL,
`code` varchar(32) DEFAULT NULL,
`per_size` int(11) DEFAULT '30' COMMENT '单位M',
`per_minute` int(11) DEFAULT '60' COMMENT '单位分钟',
`warn` int(11) DEFAULT '80' COMMENT '告警阈值百分比显示整型数字',
`cutover` int(11) DEFAULT '90' COMMENT '切换阈值百分比显示整型数字',
`type` int(11) DEFAULT NULL COMMENT '0应急类型,1LOG类型,2应急类型',
`manager` varchar(32) DEFAULT NULL COMMENT '负责人',
`commit` varchar(128) DEFAULT NULL,
`creator` varchar(32) DEFAULT NULL,
`modified` varchar(32) DEFAULT NULL,
`gmt_create` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
`gmt_modified` timestamp NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`is_deleted` tinyint(1) DEFAULT '0',
`ip_max_connections` int(11) DEFAULT '15' COMMENT '最大连接数',
`deleted_day` int(11) DEFAULT '30' COMMENT '最大保存日期',
PRIMARY KEY (`id`),
UNIQUE KEY `id` (`id`),
UNIQUE KEY `code_uni` (`code`) USING BTREE,
KEY `permission` (`permission`) USING BTREE,
KEY `type` (`type`)
) ENGINE=InnoDB AUTO_INCREMENT=228 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for ftp_business_conf
-- ----------------------------
DROP TABLE IF EXISTS `ftp_business_conf`;
CREATE TABLE `ftp_business_conf` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`business_id` int(11) DEFAULT NULL,
`netdisc_id` int(11) DEFAULT NULL,
`size` bigint(20) DEFAULT NULL COMMENT 'byte',
`commit` varchar(128) DEFAULT NULL,
`creator` varchar(32) DEFAULT NULL,
`modified` varchar(32) DEFAULT NULL,
`gmt_create` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
`gmt_modified` timestamp NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`is_deleted` tinyint(1) DEFAULT '0',
PRIMARY KEY (`id`),
UNIQUE KEY `id` (`id`),
KEY `business_id` (`business_id`) USING BTREE,
KEY `netdisc_id` (`netdisc_id`)
) ENGINE=InnoDB AUTO_INCREMENT=261 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for ftp_delete
-- ----------------------------
DROP TABLE IF EXISTS `ftp_delete`;
CREATE TABLE `ftp_delete` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`ip` varchar(32) DEFAULT NULL,
`permission` varchar(128) DEFAULT NULL COMMENT '业务秘钥',
`sign` varchar(128) DEFAULT NULL COMMENT '异常跳过标识',
`error_sign` varchar(128) DEFAULT NULL,
`url` varchar(512) DEFAULT NULL,
`jenkins_url` varchar(512) DEFAULT NULL,
`commit` varchar(128) DEFAULT NULL,
`creator` varchar(32) DEFAULT NULL,
`modified` varchar(32) DEFAULT NULL,
`gmt_create` datetime DEFAULT CURRENT_TIMESTAMP,
`gmt_modified` datetime DEFAULT CURRENT_TIMESTAMP,
`is_deleted` tinyint(1) DEFAULT '0',
`type` int(11) DEFAULT NULL COMMENT '0白名单,1黑名单,2白名单超时,3黑名单超时,4最大期限',
PRIMARY KEY (`id`),
UNIQUE KEY `id` (`id`) USING HASH,
KEY `permission` (`permission`) USING BTREE,
KEY `sign` (`sign`)
) ENGINE=InnoDB AUTO_INCREMENT=247 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for ftp_file
-- ----------------------------
DROP TABLE IF EXISTS `ftp_file`;
CREATE TABLE `ftp_file` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`business_conf_id` int(11) DEFAULT NULL,
`permission` varchar(128) DEFAULT NULL,
`sign` varchar(128) DEFAULT NULL,
`url` longtext,
`size` bigint(20) DEFAULT NULL,
`name` longtext,
`netdisc_id` int(11) DEFAULT NULL,
`commit` varchar(128) DEFAULT NULL,
`creator` varchar(32) DEFAULT NULL,
`modified` varchar(32) DEFAULT NULL,
`gmt_create` datetime DEFAULT CURRENT_TIMESTAMP,
`gmt_modified` datetime DEFAULT CURRENT_TIMESTAMP,
`is_deleted` tinyint(1) DEFAULT '0',
PRIMARY KEY (`id`),
UNIQUE KEY `id` (`id`) USING BTREE,
KEY `business_conf_id` (`business_conf_id`) USING BTREE,
KEY `gmt_create` (`gmt_create`) USING BTREE,
KEY `sign` (`sign`),
KEY `netdisc_id` (`netdisc_id`),
KEY `gmt_modified` (`gmt_modified`),
KEY `permission` (`permission`)
) ENGINE=InnoDB AUTO_INCREMENT=611057 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for ftp_item
-- ----------------------------
DROP TABLE IF EXISTS `ftp_item`;
CREATE TABLE `ftp_item` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`netdisc_id` int(11) DEFAULT NULL,
`nginx` varchar(128) DEFAULT NULL,
`type` varchar(32) DEFAULT NULL,
`commit` varchar(128) DEFAULT NULL,
`creator` varchar(32) DEFAULT NULL,
`modified` varchar(32) DEFAULT NULL,
`gmt_create` datetime DEFAULT CURRENT_TIMESTAMP,
`gmt_modified` datetime DEFAULT CURRENT_TIMESTAMP,
`is_deleted` tinyint(1) DEFAULT '0',
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for ftp_quotatallies
-- ----------------------------
DROP TABLE IF EXISTS `ftp_quotatallies`;
CREATE TABLE `ftp_quotatallies` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`business_conf_id` int(11) DEFAULT NULL,
`quota_type` varchar(32) DEFAULT NULL,
`bytes_in_used` bigint(20) DEFAULT '0',
`bytes_out_used` bigint(20) DEFAULT '0',
`bytes_xfer_used` bigint(20) DEFAULT '0',
`files_in_used` bigint(20) DEFAULT '0',
`files_out_used` bigint(20) DEFAULT '0',
`files_xfer_used` bigint(20) DEFAULT '0',
`commit` varchar(128) DEFAULT NULL,
`creator` varchar(32) DEFAULT NULL,
`modified` varchar(32) DEFAULT NULL,
`gmt_create` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
`gmt_modified` timestamp NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`is_deleted` tinyint(1) DEFAULT '0',
PRIMARY KEY (`id`),
UNIQUE KEY `id` (`id`),
KEY `business_conf_id` (`business_conf_id`)
) ENGINE=InnoDB AUTO_INCREMENT=260 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for ftp_request
-- ----------------------------
DROP TABLE IF EXISTS `ftp_request`;
CREATE TABLE `ftp_request` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`ip` varchar(32) DEFAULT NULL,
`code` varchar(128) DEFAULT NULL,
`permission` varchar(128) DEFAULT NULL COMMENT '业务秘钥',
`sign` varchar(128) DEFAULT NULL,
`ftp_user_id` int(11) DEFAULT NULL,
`is_valid` tinyint(1) DEFAULT '1' COMMENT '链接是否有效',
`commit` varchar(128) DEFAULT NULL,
`creator` varchar(32) DEFAULT NULL,
`modified` varchar(32) DEFAULT NULL,
`gmt_create` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
`gmt_modified` timestamp NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`is_deleted` tinyint(1) DEFAULT '0',
PRIMARY KEY (`id`),
UNIQUE KEY `id` (`id`),
KEY `idx_ftp_request_sign` (`sign`),
KEY `permission` (`permission`) USING BTREE,
KEY `ftp_user_id` (`ftp_user_id`),
KEY `is_valid` (`is_valid`)
) ENGINE=InnoDB AUTO_INCREMENT=625834 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for ftp_user
-- ----------------------------
DROP TABLE IF EXISTS `ftp_user`;
CREATE TABLE `ftp_user` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`business_conf_id` int(11) DEFAULT NULL,
`user_id` varchar(128) DEFAULT '',
`passwd` varchar(128) DEFAULT '',
`uid` int(6) DEFAULT '2001',
`gid` int(6) DEFAULT '2001',
`homedir` varchar(256) DEFAULT '',
`shell` varchar(128) CHARACTER SET utf8 COLLATE utf8_latvian_ci DEFAULT '',
`count` int(11) DEFAULT '0',
`accesshost` varchar(128) DEFAULT '',
`accessed` datetime DEFAULT NULL,
`is_valid` tinyint(1) DEFAULT '1' COMMENT '是否可用',
`is_accessed` tinyint(1) DEFAULT '1' COMMENT '是否进行时间校验',
`commit` varchar(128) DEFAULT NULL,
`creator` varchar(32) DEFAULT NULL,
`modified` varchar(32) DEFAULT NULL,
`gmt_create` datetime DEFAULT CURRENT_TIMESTAMP,
`gmt_modified` datetime DEFAULT CURRENT_TIMESTAMP,
`is_deleted` tinyint(1) DEFAULT '0',
PRIMARY KEY (`id`),
UNIQUE KEY `id` (`id`),
KEY `business_conf_id` (`business_conf_id`) USING BTREE
) ENGINE=InnoDB AUTO_INCREMENT=625836 DEFAULT CHARSET=utf8;
存储同步
#安装文件监控
yum install inotify-tools -y
#异常
Please increase the amount of inotify watches allowed per user via `/proc/sys/fs/inotify/max_user_watches'.
解决方法:
vim /proc/sys/fs/inotify/max_user_watches
# echo "81920">/proc/sys/fs/inotify/max_user_watches
#文件目录监控
vim /home/ftpuser/inotifywait.sh
#!/bin/bash
inotifywait -rm --format '%eINOTIFY_SPLITS_O_M%w%f' -e CLOSE_WRITE,DELETE "${1}" | while read FILE
do
events=`echo ${FILE%INOTIFY_SPLITS_O_M*}`
path=`echo ${FILE#*INOTIFY_SPLITS_O_M}`
size=0
if [[ "$events" =~ "ISDIR" ]]
then
# 文件目录类型不处理
echo ""
else
url=`echo ${path#*${1}/}`
aa=`echo ${path%/*}`
dateStr=`date "+%Y_%m_%d_%H_%M"`
if [[ ! -e $2$dateStr.log ]]; then
mkdir -p $2
touch $2$dateStr.log
fi
if [ "$events"input != "DELETE"input ];then
size=`stat -c "%s" "$path"`
events="UPDATE"
fi
row=`grep -n "$path" $2$dateStr.log | tail -1 | cut -d ":" -f 1`
if [ $row"input" != "input" ];then
sed -i "$row"d $2$dateStr.log
fi
echo $events"INOTIFY_SPLITS_O_M"$path"INOTIFY_SPLITS_O_M"$size >> $2$dateStr.log
fi
done
#即时联通
#!/bin/bash
inotifywait -rm --format '%eINOTIFY_SPLITS_O_M%w%f' -e CLOSE_WRITE,MOVE,DELETE "${1}" | while read FILE
do
linux_events=`echo ${FILE%INOTIFY_SPLITS_O_M*}`
events="DELETE"
path=`echo ${FILE#*INOTIFY_SPLITS_O_M}`
size=0
if [[ "$linux_events" =~ "ISDIR" ]]
then
# 文件目录类型不处理
echo ""
else
if [ "$linux_events"input != "DELETE"input ] && [ "$linux_events"input != "MOVED_FROM"input ] ;then
size=`stat -c "%s" "$path"`
events="UPDATE"
fi
data="param="$events"INOTIFY_SPLITS_O_M"$path"INOTIFY_SPLITS_O_M"$size
curl -k -X POST -d "$data" http://172.16.162.160:8092/api/ftpHandle/setRecord
fi
done
#运行参数:运行脚本-存储地址-
sh /home/ftpuser/inotifywait.sh /nfs1 /home/ftpuser/log/
#文件目录上报
vim /home/ftpuser/inotifyupdate.sh
#!/bin/sh
for i in $(find log/* -name '*.log' -amin +2); do # Not recommended, will break on whitespace
result=`curl -H "Content-Type:multipart/form-data" -XPOST -F "file=@$i" http://172.25.56.45:8090/api/ftpHandle/upload`
if [ $result"input" = "200input" ]
then
rm -f $i;
fi
if [ $result"input" = "400input" ]
then
data="filePath="$i;
curl -XPOST -d $data http://172.16.162.160:8092/api/ftpHandle/warning
fi
done
#设置定时器
*/1 * * * * /bin/sh /home/ftpuser/inotifyupdate.sh
合并版shell
#!/bin/bash
inotifywait -rm --format '%eINOTIFY_SPLITS_O_M%w%f' -e CLOSE_WRITE,MOVE,DELETE "${1}" | while read FILE
do
linux_events=`echo ${FILE%INOTIFY_SPLITS_O_M*}`
events="DELETE"
path=`echo ${FILE#*INOTIFY_SPLITS_O_M}`
size=0
if [[ "$linux_events" =~ "ISDIR" ]]
then
# 文件目录类型不处理
echo ""
else
if [ "$linux_events"input != "DELETE"input ] && [ "$linux_events"input != "MOVED_FROM"input ] ;then
size=`stat -c "%s" "$path"`
events="UPDATE"
fi
dateStr=`date "+%Y_%m_%d_%H_%M"`
data="param="$events"INOTIFY_SPLITS_O_M"$path"INOTIFY_SPLITS_O_M"$size
result=`curl -k -X POST -d "$data" http://172.16.162.160:8092/api/ftpHandle/setRecord`
if [ "$result"input != "200"input ]
then
row=`grep -n "$path" $2$dateStr.log | tail -1 | cut -d ":" -f 1`
if [ $row"input" != "input" ];
then
sed -i "$row"d $2$dateStr.log
fi
echo $events"INOTIFY_SPLITS_O_M"$path"INOTIFY_SPLITS_O_M"$size >> $2$dateStr.log
fi
fi
done
quote site quota查询配额