gitlabFork/ISPConfig3.git - Solinfo Gitblit

			@@ -56,12 +56,21 @@
			echo 'WARNING: '.$msg."\n";
			}

			public function simple_query($query, $answers, $default) {
			public function simple_query($query, $answers, $default, $name = '') {
			global $autoinstall;
			$finished = false;
			do {
			$answers_str = implode(',', $answers);
			swrite($this->lng($query).' ('.$answers_str.') ['.$default.']: ');
			$input = sread();
			if($name != '' && $autoinstall[$name] != '') {
			if($autoinstall[$name] == 'default') {
			$input = $default;
			} else {
			$input = $autoinstall[$name];
			}
			} else {
			$answers_str = implode(',', $answers);
			swrite($this->lng($query).' ('.$answers_str.') ['.$default.']: ');
			$input = sread();
			}

			//* Stop the installation
			if($input == 'quit') {
			@@ -86,9 +95,18 @@
			return $answer;
			}

			public function free_query($query, $default) {
			swrite($this->lng($query).' ['.$default.']: ');
			$input = sread();
			public function free_query($query, $default, $name = '') {
			global $autoinstall;
			if($name != '' && $autoinstall[$name] != '') {
			if($autoinstall[$name] == 'default') {
			$input = $default;
			} else {
			$input = $autoinstall[$name];
			}
			} else {
			swrite($this->lng($query).' ['.$default.']: ');
			$input = sread();
			}

			//* Stop the installation
			if($input == 'quit') {
			@@ -117,6 +135,7 @@

			if(is_installed('mysql') \|\| is_installed('mysqld')) $conf['mysql']['installed'] = true;
			if(is_installed('postfix')) $conf['postfix']['installed'] = true;
			if(is_installed('postgrey')) $conf['postgrey']['installed'] = true;
			if(is_installed('mailman')) $conf['mailman']['installed'] = true;
			if(is_installed('apache') \|\| is_installed('apache2') \|\| is_installed('httpd') \|\| is_installed('httpd2')) $conf['apache']['installed'] = true;
			if(is_installed('getmail')) $conf['getmail']['installed'] = true;
			@@ -132,10 +151,11 @@
			if(is_installed('named') \|\| is_installed('bind') \|\| is_installed('bind9')) $conf['bind']['installed'] = true;
			if(is_installed('squid')) $conf['squid']['installed'] = true;
			if(is_installed('nginx')) $conf['nginx']['installed'] = true;
			// if(is_installed('iptables') && is_installed('ufw')) $conf['ufw']['installed'] = true;
			if(is_installed('iptables') && is_installed('ufw')) $conf['ufw']['installed'] = true;
			if(is_installed('fail2ban-server')) $conf['fail2ban']['installed'] = true;
			if(is_installed('vzctl')) $conf['openvz']['installed'] = true;
			if(is_dir("/etc/Bastille")) $conf['bastille']['installed'] = true;
			if(is_installed('metronome') && is_installed('metronomectl')) $conf['xmpp']['installed'] = true;

			if ($conf['services']['web'] && (($conf['apache']['installed'] && is_file($conf['apache']["vhost_conf_enabled_dir"]."/000-ispconfig.vhost")) \|\| ($conf['nginx']['installed'] && is_file($conf['nginx']["vhost_conf_enabled_dir"]."/000-ispconfig.vhost")))) $this->ispconfig_interface_installed = true;
			}
			@@ -498,6 +518,13 @@
			$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
			}

			$query = "GRANT SELECT, INSERT, DELETE ON ".$value['db'].".`mail_backup` TO '".$value['user']."'@'".$host."' ";
			if ($verbose){
			echo $query ."\n";
			}
			if(!$this->dbmaster->query($query)) {
			$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
			}
			}

			/*
			@@ -628,16 +655,17 @@
			copy('tpl/mailman-virtual_to_transport.sh', $full_file_name);
			}
			chgrp($full_file_name, 'list');
			chmod($full_file_name, 0750);
			chmod($full_file_name, 0755);
			}

			//* Create aliasaes
			exec('/usr/lib/mailman/bin/genaliases 2>/dev/null');
			if(is_file('/var/lib/mailman/data/virtual-mailman')) exec('postmap /var/lib/mailman/data/virtual-mailman');

			}

			public function configure_postfix($options = '') {
			global $conf;
			global $conf,$autoinstall;
			$cf = $conf['postfix'];
			$config_dir = $cf['config_dir'];

			@@ -666,6 +694,9 @@
			//* mysql-virtual_sender.cf
			$this->process_postfix_config('mysql-virtual_sender.cf');

			//* mysql-virtual_sender_login_maps.cf
			$this->process_postfix_config('mysql-virtual_sender_login_maps.cf');

			//* mysql-virtual_client.cf
			$this->process_postfix_config('mysql-virtual_client.cf');

			@@ -674,6 +705,21 @@

			//* mysql-virtual_relayrecipientmaps.cf
			$this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');

			//* mysql-virtual_outgoing_bcc.cf
			$this->process_postfix_config('mysql-virtual_outgoing_bcc.cf');

			//* mysql-virtual_policy_greylist.cf
			$this->process_postfix_config('mysql-virtual_policy_greylist.cf');

			//* postfix-dkim
			$full_file_name=$config_dir.'/tag_as_originating.re';
			if(is_file($full_file_name)) copy($full_file_name, $full_file_name.'~');
			wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10026');

			$full_file_name=$config_dir.'/tag_as_foreign.re';
			if(is_file($full_file_name)) copy($full_file_name, $full_file_name.'~');
			wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10024');

			//* Changing mode and group of the new created config files.
			caselog('chmod o= '.$config_dir.'/mysql-virtual_.cf &> /dev/null',
			@@ -689,7 +735,7 @@
			if(!is_user($cf['vmail_username'])) caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

			//* These postconf commands will be executed on installation and update
			$server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ".$conf['server_id']);
			$server_ini_rec = $this->db->queryOneRecord("SELECT config FROM `" . $this->db->quote($conf["mysql"]["database"]) . "`.`server` WHERE server_id = ".$conf['server_id']);
			$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
			unset($server_ini_rec);

			@@ -702,13 +748,27 @@
			}
			}
			unset($rbl_hosts);
			unset($server_ini_array);

			//* If Postgrey is installed, configure it
			$greylisting = '';
			if($conf['postgrey']['installed'] == true) {
			$greylisting = ', check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';
			}

			$reject_sender_login_mismatch = '';
			if(isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
			$reject_sender_login_mismatch = ', reject_authenticated_sender_login_mismatch';
			}
			unset($server_ini_array);

			$postconf_placeholders = array('{config_dir}' => $config_dir,
			'{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
			'{vmail_userid}' => $cf['vmail_userid'],
			'{vmail_groupid}' => $cf['vmail_groupid'],
			'{rbl_list}' => $rbl_list);
			'{rbl_list}' => $rbl_list,
			'{greylisting}' => $greylisting,
			'{reject_slm}' => $reject_sender_login_mismatch,
			);

			$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_postfix.conf.master', 'tpl/debian_postfix.conf.master');
			$postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);
			@@ -749,8 +809,13 @@

			if(!stristr($options, 'dont-create-certs')) {
			//* Create the SSL certificate
			$command = 'cd '.$config_dir.'; '
			.'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
			if(AUTOINSTALL){
			$command = 'cd '.$config_dir.'; '
			."openssl req -new -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509";
			} else {
			$command = 'cd '.$config_dir.'; '
			.'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
			}
			exec($command);

			$command = 'chmod o= '.$config_dir.'/smtpd.key';
			@@ -798,7 +863,7 @@
			caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

			}


			public function configure_saslauthd() {
			global $conf;

			@@ -913,6 +978,19 @@

			public function configure_dovecot() {
			global $conf;

			$virtual_transport = 'dovecot';

			// check if virtual_transport must be changed
			if ($this->is_update) {
			$tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
			$ini_array = ini_to_array(stripslashes($tmp['config']));
			// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()

			if(isset($ini_array['mail']['mailbox_virtual_uidgid_maps']) && $ini_array['mail']['mailbox_virtual_uidgid_maps'] == 'y') {
			$virtual_transport = 'lmtp:unix:private/dovecot-lmtp';
			}
			}

			$config_dir = $conf['dovecot']['config_dir'];

			@@ -937,7 +1015,7 @@
			// Adding the amavisd commands to the postfix configuration
			$postconf_commands = array (
			'dovecot_destination_recipient_limit = 1',
			'virtual_transport = dovecot',
			'virtual_transport = '.$virtual_transport,
			'smtpd_sasl_type = dovecot',
			'smtpd_sasl_path = private/auth'
			);
			@@ -959,19 +1037,20 @@

			//* Get the dovecot version
			exec('dovecot --version', $tmp);
			$parts = explode('.', trim($tmp[0]));
			$dovecot_version = $parts[0];
			$dovecot_version = $tmp[0];
			unset($tmp);
			unset($parts);

			//* Copy dovecot configuration file
			if($dovecot_version == 2) {
			if(version_compare($dovecot_version,2) >= 0) {
			if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot2.conf.master')) {
			copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot2.conf.master', $config_dir.'/'.$configfile);
			} else {
			copy('tpl/debian_dovecot2.conf.master', $config_dir.'/'.$configfile);
			}
			replaceLine($config_dir.'/'.$configfile, 'postmaster_address = postmaster@example.com', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
			if(version_compare($dovecot_version,2.1) < 0) {
			removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
			}
			} else {
			if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot.conf.master')) {
			copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot.conf.master', $config_dir.'/'.$configfile);
			@@ -991,6 +1070,7 @@
			$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
			$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
			$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
			$content = str_replace('{server_id}', $conf['server_id'], $content);
			wf($config_dir.'/'.$configfile, $content);

			chmod($config_dir.'/'.$configfile, 0600);
			@@ -998,7 +1078,7 @@
			chgrp($config_dir.'/'.$configfile, 'root');

			// Dovecot shall ignore mounts in website directory
			exec("doveadm mount add '/var/www/*' ignore");
			if(is_installed('doveadm')) exec("doveadm mount add '/var/www/*' ignore > /dev/null 2> /dev/null");

			}

			@@ -1043,9 +1123,21 @@
			if(is_file($conf['postfix']['config_dir'].'/master.cf')) copy($conf['postfix']['config_dir'].'/master.cf', $conf['postfix']['config_dir'].'/master.cf~');
			$content = rf($conf['postfix']['config_dir'].'/master.cf');
			// Only add the content if we had not addded it before
			if(!stristr($content, '127.0.0.1:10025')) {
			if(!preg_match('/^amavis\s+unix\s+/m', $content)) {
			unset($content);
			$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', 'tpl/master_cf_amavis.master');
			af($conf['postfix']['config_dir'].'/master.cf', $content);
			$content = rf($conf['postfix']['config_dir'].'/master.cf');
			}
			if(!preg_match('/^127.0.0.1:10025\s+/m', $content)) {
			unset($content);
			$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10025.master', 'tpl/master_cf_amavis10025.master');
			af($conf['postfix']['config_dir'].'/master.cf', $content);
			$content = rf($conf['postfix']['config_dir'].'/master.cf');
			}
			if(!preg_match('/^127.0.0.1:10027\s+/m', $content)) {
			unset($content);
			$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10027.master', 'tpl/master_cf_amavis10027.master');
			af($conf['postfix']['config_dir'].'/master.cf', $content);
			}
			unset($content);
			@@ -1053,7 +1145,20 @@
			// Add the clamav user to the amavis group
			exec('adduser clamav amavis');


			// Create the director for DKIM-Keys
			if(!is_dir('/var/lib/amavis/dkim')) mkdir('/var/lib/amavis/dkim', 0750, true);
			// get shell-user for amavis
			$amavis_user=exec('grep -o "^amavis:\\|^vscan:" /etc/passwd');
			if(!empty($amavis_user)) {
			$amavis_user=rtrim($amavis_user, ":");
			exec('chown '.$amavis_user.' /var/lib/amavis/dkim');
			}
			// get shell-group for amavis
			$amavis_group=exec('grep -o "^amavis:\\|^vscan:" /etc/group');
			if(!empty($amavis_group)) {
			$amavis_group=rtrim($amavis_group, ":");
			exec('chgrp '.$amavis_group.' /var/lib/amavis/dkim');
			}
			}

			public function configure_spamassassin() {
			@@ -1212,6 +1317,125 @@

			}


			public function configure_xmpp($options = '') {
			global $conf;

			if($conf['xmpp']['installed'] == false) return;
			//* Create the logging directory for xmpp server
			if(!@is_dir('/var/log/metronome')) mkdir('/var/log/metronome', 0755, true);
			chown('/var/log/metronome', 'metronome');
			if(!@is_dir('/var/run/metronome')) mkdir('/var/run/metronome', 0755, true);
			chown('/var/run/metronome', 'metronome');
			if(!@is_dir('/var/lib/metronome')) mkdir('/var/lib/metronome', 0755, true);
			chown('/var/lib/metronome', 'metronome');
			if(!@is_dir('/etc/metronome/hosts')) mkdir('/etc/metronome/hosts', 0755, true);
			if(!@is_dir('/etc/metronome/status')) mkdir('/etc/metronome/status', 0755, true);
			unlink('/etc/metronome/metronome.cfg.lua');

			$row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$conf["server_id"]."");
			$server_name = $row["server_name"];

			$tpl = new tpl('metronome_conf_main.master');
			wf('/etc/metronome/metronome.cfg.lua', $tpl->grab());
			unset($tpl);

			$tpl = new tpl('metronome_conf_global.master');
			$tpl->setVar('xmpp_admins','');
			wf('/etc/metronome/global.cfg.lua', $tpl->grab());
			unset($tpl);

			// Copy isp libs
			if(!@is_dir('/usr/lib/metronome/isp-modules')) mkdir('/usr/lib/metronome/isp-modules', 0755, true);
			caselog('cp -rf apps/metronome_libs/* /usr/lib/metronome/isp-modules/', __FILE__, __LINE__);
			// Process db config
			$full_file_name = '/usr/lib/metronome/isp-modules/mod_auth_external/db_conf.inc.php';
			$content = rf($full_file_name);
			$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
			$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
			$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
			$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
			$content = str_replace('{server_id}', $conf['server_id'], $content);
			wf($full_file_name, $content);

			if(!stristr($options, 'dont-create-certs')){
			// Create SSL Certificate for localhost
			echo "writing new private key to 'localhost.key'\n-----\n";
			$ssl_country = $this->free_query('Country Name (2 letter code)', 'AU');
			$ssl_locality = $this->free_query('Locality Name (eg, city)', '');
			$ssl_organisation = $this->free_query('Organization Name (eg, company)', 'Internet Widgits Pty Ltd');
			$ssl_organisation_unit = $this->free_query('Organizational Unit Name (eg, section)', '');
			$ssl_domain = $this->free_query('Common Name (e.g. server FQDN or YOUR name)', $conf['hostname']);
			$ssl_email = $this->free_query('Email Address', '');

			$tpl = new tpl('metronome_conf_ssl.master');
			$tpl->setVar('ssl_country',$ssl_country);
			$tpl->setVar('ssl_locality',$ssl_locality);
			$tpl->setVar('ssl_organisation',$ssl_organisation);
			$tpl->setVar('ssl_organisation_unit',$ssl_organisation_unit);
			$tpl->setVar('domain',$ssl_domain);
			$tpl->setVar('ssl_email',$ssl_email);
			wf('/etc/metronome/certs/localhost.cnf', $tpl->grab());
			unset($tpl);
			// Generate new key, csr and cert
			exec("(cd /etc/metronome/certs && make localhost.key)");
			exec("(cd /etc/metronome/certs && make localhost.csr)");
			exec("(cd /etc/metronome/certs && make localhost.cert)");
			exec('chmod 0400 /etc/metronome/certs/localhost.key');
			exec('chown metronome /etc/metronome/certs/localhost.key');
			}else{
			echo "-----\n";
			echo "Metronome XMPP SSL server certificate is not renewed. Run the following command manual as root to recreate it:\n";
			echo "# (cd /etc/metronome/certs && make localhost.key && make localhost.csr && make localhost.cert && chmod 0400 localhost.key && chown metronome localhost.key)\n";
			echo "-----\n";
			}

			// Copy init script
			caselog('cp -f apps/metronome-init /etc/init.d/metronome', __FILE__, __LINE__);
			caselog('chmod u+x /etc/init.d/metronome', __FILE__, __LINE__);
			caselog('update-rc.d metronome defaults', __FILE__, __LINE__);

			exec($this->getinitcommand('xmpp', 'restart'));

			/*
			writing new private key to 'smtpd.key'
			-----
			You are about to be asked to enter information that will be incorporated
			into your certificate request.
			What you are about to enter is what is called a Distinguished Name or a DN.
			There are quite a few fields but you can leave some blank
			For some fields there will be a default value,
			If you enter '.', the field will be left blank.
			-----
			Country Name (2 letter code) [AU]:
			State or Province Name (full name) [Some-State]:
			Locality Name (eg, city) []:
			Organization Name (eg, company) [Internet Widgits Pty Ltd]:
			Organizational Unit Name (eg, section) []:
			Common Name (e.g. server FQDN or YOUR name) []:
			Email Address []:
			* */

			/*// Dont just copy over the virtualhost template but add some custom settings
			$tpl = new tpl('apache_apps.vhost.master');

			$tpl->setVar('apps_vhost_port',$conf['web']['apps_vhost_port']);
			$tpl->setVar('apps_vhost_dir',$conf['web']['website_basedir'].'/apps');
			$tpl->setVar('apps_vhost_basedir',$conf['web']['website_basedir']);
			$tpl->setVar('apps_vhost_servername',$apps_vhost_servername);
			$tpl->setVar('apache_version',getapacheversion());


			// comment out the listen directive if port is 80 or 443
			if($conf['web']['apps_vhost_ip'] == 80 or $conf['web']['apps_vhost_ip'] == 443) {
			$tpl->setVar('vhost_port_listen','#');
			} else {
			$tpl->setVar('vhost_port_listen','');
			}

			wf($vhost_conf_dir.'/apps.vhost', $tpl->grab());
			unset($tpl);*/
			}


			public function configure_apache() {
			@@ -1406,19 +1630,17 @@
			exec('chown root:root '.$conf["squid"]["config_dir"].'/'.$configfile);
			}

			/*
			public function configure_ufw_firewall()
			{
			$configfile = 'ufw.conf';
			if(is_file('/etc/ufw/ufw.conf')) copy('/etc/ufw/ufw.conf','/etc/ufw/ufw.conf~');
			if(is_file('/etc/ufw/ufw.conf')) copy('/etc/ufw/ufw.conf', '/etc/ufw/ufw.conf~');
			$content = rf("tpl/".$configfile.".master");
			wf('/etc/ufw/ufw.conf',$content);
			wf('/etc/ufw/ufw.conf', $content);
			exec('chmod 600 /etc/ufw/ufw.conf');
			exec('chown root:root /etc/ufw/ufw.conf');
			}
			*/

			public function configure_firewall() {
			public function configure_bastille_firewall() {
			global $conf;

			$dist_init_scripts = $conf['init_scripts'];
			@@ -1597,7 +1819,8 @@
			if(!is_user($apps_vhost_user)) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");


			$command = 'adduser '.$conf['nginx']['user'].' '.$apps_vhost_group;
			//$command = 'adduser '.$conf['nginx']['user'].' '.$apps_vhost_group;
			$command = 'usermod -a -G '.$apps_vhost_group.' '.$conf['nginx']['user'];
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

			if(!@is_dir($install_dir)){
			@@ -1669,7 +1892,7 @@
			}

			public function make_ispconfig_ssl_cert() {
			global $conf;
			global $conf,$autoinstall;

			$install_dir = $conf['ispconfig_install_dir'];

			@@ -1681,11 +1904,17 @@

			$ssl_pw = substr(md5(mt_rand()), 0, 6);
			exec("openssl genrsa -des3 -passout pass:$ssl_pw -out $ssl_key_file 4096");
			exec("openssl req -new -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -out $ssl_csr_file");
			if(AUTOINSTALL){
			exec("openssl req -new -passin pass:$ssl_pw -passout pass:$ssl_pw -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -key $ssl_key_file -out $ssl_csr_file");
			} else {
			exec("openssl req -new -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -out $ssl_csr_file");
			}
			exec("openssl req -x509 -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -in $ssl_csr_file -out $ssl_crt_file -days 3650");
			exec("openssl rsa -passin pass:$ssl_pw -in $ssl_key_file -out $ssl_key_file.insecure");
			rename($ssl_key_file, $ssl_key_file.'.secure');
			rename($ssl_key_file.'.insecure', $ssl_key_file);

			exec('chown -R root:root /usr/local/ispconfig/interface/ssl');

			}

			@@ -1714,6 +1943,31 @@
			//* copy the ISPConfig server part
			$command = 'cp -rf ../server '.$install_dir;
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

			//* Make a backup of the security settings
			if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~');

			//* copy the ISPConfig security part
			$command = 'cp -rf ../security '.$install_dir;
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

			//* Apply changed security_settings.ini values to new security_settings.ini file
			if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) {
			$security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~'));
			$security_settings_new = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini'));
			if(is_array($security_settings_new) && is_array($security_settings_old)) {
			foreach($security_settings_new as $section => $sval) {
			if(is_array($sval)) {
			foreach($sval as $key => $val) {
			if(isset($security_settings_old[$section]) && isset($security_settings_old[$section][$key])) {
			$security_settings_new[$section][$key] = $security_settings_old[$section][$key];
			}
			}
			}
			}
			file_put_contents('/usr/local/ispconfig/security/security_settings.ini',array_to_ini($security_settings_new));
			}
			}

			//* Create a symlink, so ISPConfig is accessible via web
			// Replaced by a separate vhost definition for port 8080
			@@ -1844,8 +2098,9 @@
			$vserver_server_enabled = ($conf['openvz']['installed'])?1:0;
			$proxy_server_enabled = ($conf['services']['proxy'])?1:0;
			$firewall_server_enabled = ($conf['services']['firewall'])?1:0;
			$xmpp_server_enabled = ($conf['services']['xmpp'])?1:0;

			$sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled', proxy_server = '$proxy_server_enabled', firewall_server = '$firewall_server_enabled' WHERE server_id = ".intval($conf['server_id']);
			$sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled', proxy_server = '$proxy_server_enabled', firewall_server = '$firewall_server_enabled', xmpp_server = '.$xmpp_server_enabled.' WHERE server_id = ".intval($conf['server_id']);

			if($conf['mysql']['master_slave_setup'] == 'y') {
			$this->dbmaster->query($sql);
			@@ -1855,12 +2110,38 @@
			}


			//* Chmod the files
			$command = 'chmod -R 750 '.$install_dir;
			// chown install dir to root and chmod 755
			$command = 'chown root:root '.$install_dir;
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
			$command = 'chmod 755 '.$install_dir;
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

			//* chown the files to the ispconfig user and group
			$command = 'chown -R ispconfig:ispconfig '.$install_dir;
			//* Chmod the files and directories in the install dir
			$command = 'chmod -R 750 '.$install_dir.'/*';
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

			//* chown the interface files to the ispconfig user and group
			$command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface';
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

			//* chown the server files to the root user and group
			$command = 'chown -R root:root '.$install_dir.'/server';
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

			//* chown the security files to the root user and group
			$command = 'chown -R root:root '.$install_dir.'/security';
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

			//* chown the security directory and security_settings.ini to root:ispconfig
			$command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini';
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
			$command = 'chown root:ispconfig '.$install_dir.'/security';
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
			$command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist';
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
			$command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield';
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
			$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

			//* Make the global language file directory group writable
			@@ -1913,6 +2194,8 @@
			exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
			exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
			}

			exec('chown -R root:root /usr/local/ispconfig/interface/ssl');

			// TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
			// and must be fixed as this will allow the apache user to read the ispconfig files.
			@@ -2103,8 +2386,16 @@

			//* Remove Domain module as its functions are available in the client module now
			if(@is_dir('/usr/local/ispconfig/interface/web/domain')) exec('rm -rf /usr/local/ispconfig/interface/web/domain');



			//* Disable rkhunter run and update in debian cronjob as ispconfig is running and updating rkhunter
			if(is_file('/etc/default/rkhunter')) {
			replaceLine('/etc/default/rkhunter', 'CRON_DAILY_RUN="yes"', 'CRON_DAILY_RUN="no"', 1, 0);
			replaceLine('/etc/default/rkhunter', 'CRON_DB_UPDATE="yes"', 'CRON_DB_UPDATE="no"', 1, 0);
			}

			// Add symlink for patch tool
			if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');

			}

			public function configure_dbserver() {
			@@ -2124,7 +2415,7 @@
			$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mysql_clientdb.conf.master', 'tpl/mysql_clientdb.conf.master');
			$content = str_replace('{hostname}', $conf['mysql']['host'], $content);
			$content = str_replace('{username}', $conf['mysql']['admin_user'], $content);
			$content = str_replace('{password}', $conf['mysql']['admin_password'], $content);
			$content = str_replace('{password}', addslashes($conf['mysql']['admin_password']), $content);
			wf($install_dir.'/server/lib/mysql_clientdb.conf', $content);
			chmod($install_dir.'/server/lib/mysql_clientdb.conf', 0600);
			chown($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
			@@ -2147,8 +2438,8 @@
			}

			$root_cron_jobs = array(
			"* * * * * ".$install_dir."/server/server.sh 2>&1 > /dev/null \| while read line; do echo `/bin/date` \"\$line\" >> ".$conf['ispconfig_log_dir']."/cron.log; done",
			"30 00 * * * ".$install_dir."/server/cron_daily.sh 2>&1 > /dev/null \| while read line; do echo `/bin/date` \"\$line\" >> ".$conf['ispconfig_log_dir']."/cron.log; done"
			"* * * * * ".$install_dir."/server/server.sh 2>&1 \| while read line; do echo `/bin/date` \"\$line\" >> ".$conf['ispconfig_log_dir']."/cron.log; done",
			"* * * * * ".$install_dir."/server/cron.sh 2>&1 \| while read line; do echo `/bin/date` \"\$line\" >> ".$conf['ispconfig_log_dir']."/cron.log; done"
			);

			if ($conf['nginx']['installed'] == true) {
			@@ -2193,18 +2484,34 @@
			chmod($conf['ispconfig_log_dir'].'/cron.log', 0660);

			}

			// This function is called at the end of the update process and contains code to clean up parts of old ISPCONfig releases
			public function cleanup_ispconfig() {
			global $app,$conf;

			// Remove directories recursively
			if(is_dir('/usr/local/ispconfig/interface/web/designer')) exec('rm -rf /usr/local/ispconfig/interface/web/designer');
			if(is_dir('/usr/local/ispconfig/interface/web/themes/default-304')) exec('rm -rf /usr/local/ispconfig/interface/web/themes/default-304');

			// Remove files
			if(is_file('/usr/local/ispconfig/interface/lib/classes/db_firebird.inc.php')) unlink('/usr/local/ispconfig/interface/lib/classes/db_firebird.inc.php');
			if(is_file('/usr/local/ispconfig/interface/lib/classes/form.inc.php')) unlink('/usr/local/ispconfig/interface/lib/classes/form.inc.php');



			}

			public function getinitcommand($servicename, $action, $init_script_directory = ''){
			global $conf;
			// systemd
			if(is_executable('/bin/systemd')){
			return 'systemctl '.$action.' '.$servicename.'.service';
			}
			// upstart
			if(is_executable('/sbin/initctl')){
			exec('/sbin/initctl version 2>/dev/null \| /bin/grep -q upstart', $retval['output'], $retval['retval']);
			if(intval($retval['retval']) == 0) return 'service '.$servicename.' '.$action;
			}
			// systemd
			if(is_executable('/bin/systemd') \|\| is_executable('/usr/bin/systemctl')){
			return 'systemctl '.$action.' '.$servicename.'.service';
			}
			// sysvinit
			if($init_script_directory == '') $init_script_directory = $conf['init_scripts'];
			if(substr($init_script_directory, -1) === '/') $init_script_directory = substr($init_script_directory, 0, -1);