Good evening. I have decided to completely remove FTP/FTPS from our servers, as it's too high a security risk these days and instead replacing it with SFTP users and jailkit, for the few that actually needs it. But how would I go about removing the FTP options from the sidepanel in Sites in ispconfig? I mean I could just remove it in /usr/local/ispconfig/interface/web/sites/menu.php but I don't like that type of hack. Any good advice here?
I don't think there's such an option at this time. It would have to be implemented (which is not a bad idea).
Just make sure you're customers can't create FTP users by setting it to 0 in the customer's limits. It won't remove it from the sidepanel but when they try to create a user they'll see they can't (use FTP).
When you set the number of FTP clients to 0, then it is already removed from the menu for this client. The admin will still see it, though. Also, when you enforce TLS for FTP, which means allowing FTPS only, it should be fairly secure. Allowing SSH access for file uploads is probably a higher risk than allowing FTP with FTPS only, as long as you would not have granted SSH access anyway.
Perfect thanks Oh and on a related note, is there a way I can hide the Help menu inside ispconfig from all users? We have our own support system, that we prefer to use but some people still send messages through it....
You can not hide the help module from all users in one step. For existing users, you must disable it under System > CP users for each user. To avoid new clients getting the help module enabled, remove help from the default modules setting in /usr/local/ispconfig/interface/lib/config.inc.php
Hmm I don't see that in my config file. I should probably mention that we run a multiserver setup with fully updated version of ispconfig. And for existing users, ok. I'll deal with it
The variable is named a bit differently, it is: Code: $conf['modules_available'] = 'admin,mail,sites,monitor,client,dns,help';
Hmm wouldnt it be easier to do a search and replace in the database itself for the existing users? This is something that covers everyone, incl admins.
Ah yes. Fixed through a find and replace directly in the DB. A lot easier than messing with it through the CP. Code: mysql -u root -p -D dbispconfig -e "UPDATE sys_user SET modules = TRIM(BOTH ',' FROM REPLACE(CONCAT(',', modules, ','), ',help,', ',')) WHERE modules REGEXP '(^|,)help(,|$)';" We don't need the help module for the admin users either, so this did the job.
