gitlabFork/ISPConfig3.git - Solinfo Gitblit

			@@ -132,7 +132,7 @@
			if(is_installed('named') \|\| is_installed('bind') \|\| is_installed('bind9')) $conf['bind']['installed'] = true;
			if(is_installed('squid')) $conf['squid']['installed'] = true;
			if(is_installed('nginx')) $conf['nginx']['installed'] = true;
			// if(is_installed('iptables') && is_installed('ufw')) $conf['ufw']['installed'] = true;
			if(is_installed('iptables') && is_installed('ufw')) $conf['ufw']['installed'] = true;
			if(is_installed('fail2ban-server')) $conf['fail2ban']['installed'] = true;
			if(is_installed('vzctl')) $conf['openvz']['installed'] = true;
			if(is_dir("/etc/Bastille")) $conf['bastille']['installed'] = true;
			@@ -423,7 +423,7 @@
			$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
			}

			$query = "GRANT SELECT, UPDATE (`ssl_request`, `ssl_cert`, `ssl_action`) ON ".$value['db'].".`web_domain` TO '".$value['user']."'@'".$host."' ";
			$query = "GRANT SELECT, UPDATE (`ssl_request`, `ssl_cert`, `ssl_action`, `ssl_key`) ON ".$value['db'].".`web_domain` TO '".$value['user']."'@'".$host."' ";
			if ($verbose){
			echo $query ."\n";
			}
			@@ -472,6 +472,14 @@
			}

			$query = "GRANT SELECT, UPDATE ON ".$value['db'].".`aps_instances` TO '".$value['user']."'@'".$host."' ";
			if ($verbose){
			echo $query ."\n";
			}
			if(!$this->dbmaster->query($query)) {
			$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
			}

			$query = "GRANT SELECT, INSERT, DELETE ON ".$value['db'].".`web_backup` TO '".$value['user']."'@'".$host."' ";
			if ($verbose){
			echo $query ."\n";
			}
			@@ -558,6 +566,23 @@
			}
			}
			}

			$config_dir = $conf['mailman']['config_dir'].'/';
			$full_file_name = $config_dir.'virtual_to_transport.sh';

			//* Backup exiting virtual_to_transport.sh script
			if(is_file($full_file_name)) {
			copy($full_file_name, $config_dir.'virtual_to_transport.sh~');
			}

			copy('tpl/mailman-virtual_to_transport.sh',$full_file_name);
			chgrp($full_file_name,'list');
			chmod($full_file_name,0750);

			if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
			exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');

			exec('/usr/lib/mailman/bin/genaliases');

			$virtual_domains = '';
			if($status == 'update')
			@@ -673,7 +698,7 @@
			'smtpd_tls_security_level = may',
			'smtpd_tls_cert_file = '.$config_dir.'/smtpd.cert',
			'smtpd_tls_key_file = '.$config_dir.'/smtpd.key',
			'transport_maps = proxy:mysql:'.$config_dir.'/mysql-virtual_transports.cf',
			'transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:'.$config_dir.'/mysql-virtual_transports.cf',
			'relay_domains = mysql:'.$config_dir.'/mysql-virtual_relaydomains.cf',
			'relay_recipient_maps = mysql:'.$config_dir.'/mysql-virtual_relayrecipientmaps.cf',
			'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps',
			@@ -724,7 +749,7 @@
			if(!stristr($options,'dont-create-certs')) {
			//* Create the SSL certificate
			$command = 'cd '.$config_dir.'; '
			.'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
			.'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
			exec($command);

			$command = 'chmod o= '.$config_dir.'/smtpd.key';
			@@ -1341,7 +1366,6 @@
			exec('chown root:root '.$conf["squid"]["config_dir"].'/'.$configfile);
			}

			/*
			public function configure_ufw_firewall()
			{
			$configfile = 'ufw.conf';
			@@ -1351,9 +1375,8 @@
			exec('chmod 600 /etc/ufw/ufw.conf');
			exec('chown root:root /etc/ufw/ufw.conf');
			}
			*/

			public function configure_firewall() {
			public function configure_bastille_firewall() {
			global $conf;

			$dist_init_scripts = $conf['init_scripts'];
			@@ -1808,9 +1831,14 @@
			exec("chmod -R 770 $install_dir/server/aps_packages");

			//* make sure that the server config file (not the interface one) is only readable by the root user
			chmod($install_dir.'/server/lib/'.$configfile, 0600);
			chown($install_dir.'/server/lib/'.$configfile, 'root');
			chgrp($install_dir.'/server/lib/'.$configfile, 'root');
			chmod($install_dir.'/server/lib/config.inc.php', 0600);
			chown($install_dir.'/server/lib/config.inc.php', 'root');
			chgrp($install_dir.'/server/lib/config.inc.php', 'root');

			//* Make sure thet the interface config file is readable by user ispconfig only
			chmod($install_dir.'/interface/lib/config.inc.php', 0600);
			chown($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
			chgrp($install_dir.'/interface/lib/config.inc.php', 'ispconfig');

			chmod($install_dir.'/server/lib/remote_action.inc.php', 0600);
			chown($install_dir.'/server/lib/remote_action.inc.php', 'root');
			@@ -1871,6 +1899,11 @@
			$content = str_replace('{ssl_comment}', '', $content);
			} else {
			$content = str_replace('{ssl_comment}', '#', $content);
			}
			if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key') && is_file($install_dir.'/interface/ssl/ispserver.bundle')) {
			$content = str_replace('{ssl_bundle_comment}', '', $content);
			} else {
			$content = str_replace('{ssl_bundle_comment}', '#', $content);
			}

			wf($vhost_conf_dir.'/ispconfig.vhost', $content);
			@@ -2211,4 +2244,4 @@
			}
			}

			?>
			?>