From 3bb9ef8a12ee71a16887ca73a86b6fc8eaa183fe Mon Sep 17 00:00:00 2001
From: Dominik <info@profi-webdesign.com>
Date: Tue, 14 Apr 2015 18:08:05 -0400
Subject: [PATCH] changed sql-syntax
---
install/lib/installer_base.lib.php | 399 ++++++++++++++++++++++++++++++++++++++++++++++++++------
1 files changed, 353 insertions(+), 46 deletions(-)
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index 0998cf8..cf9b519 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -56,12 +56,21 @@
echo 'WARNING: '.$msg."\n";
}
- public function simple_query($query, $answers, $default) {
+ public function simple_query($query, $answers, $default, $name = '') {
+ global $autoinstall;
$finished = false;
do {
- $answers_str = implode(',', $answers);
- swrite($this->lng($query).' ('.$answers_str.') ['.$default.']: ');
- $input = sread();
+ if($name != '' && $autoinstall[$name] != '') {
+ if($autoinstall[$name] == 'default') {
+ $input = $default;
+ } else {
+ $input = $autoinstall[$name];
+ }
+ } else {
+ $answers_str = implode(',', $answers);
+ swrite($this->lng($query).' ('.$answers_str.') ['.$default.']: ');
+ $input = sread();
+ }
//* Stop the installation
if($input == 'quit') {
@@ -86,9 +95,18 @@
return $answer;
}
- public function free_query($query, $default) {
- swrite($this->lng($query).' ['.$default.']: ');
- $input = sread();
+ public function free_query($query, $default, $name = '') {
+ global $autoinstall;
+ if($name != '' && $autoinstall[$name] != '') {
+ if($autoinstall[$name] == 'default') {
+ $input = $default;
+ } else {
+ $input = $autoinstall[$name];
+ }
+ } else {
+ swrite($this->lng($query).' ['.$default.']: ');
+ $input = sread();
+ }
//* Stop the installation
if($input == 'quit') {
@@ -117,6 +135,7 @@
if(is_installed('mysql') || is_installed('mysqld')) $conf['mysql']['installed'] = true;
if(is_installed('postfix')) $conf['postfix']['installed'] = true;
+ if(is_installed('postgrey')) $conf['postgrey']['installed'] = true;
if(is_installed('mailman')) $conf['mailman']['installed'] = true;
if(is_installed('apache') || is_installed('apache2') || is_installed('httpd') || is_installed('httpd2')) $conf['apache']['installed'] = true;
if(is_installed('getmail')) $conf['getmail']['installed'] = true;
@@ -132,10 +151,11 @@
if(is_installed('named') || is_installed('bind') || is_installed('bind9')) $conf['bind']['installed'] = true;
if(is_installed('squid')) $conf['squid']['installed'] = true;
if(is_installed('nginx')) $conf['nginx']['installed'] = true;
- // if(is_installed('iptables') && is_installed('ufw')) $conf['ufw']['installed'] = true;
+ if(is_installed('iptables') && is_installed('ufw')) $conf['ufw']['installed'] = true;
if(is_installed('fail2ban-server')) $conf['fail2ban']['installed'] = true;
if(is_installed('vzctl')) $conf['openvz']['installed'] = true;
if(is_dir("/etc/Bastille")) $conf['bastille']['installed'] = true;
+ if(is_installed('metronome') && is_installed('metronomectl')) $conf['xmpp']['installed'] = true;
if ($conf['services']['web'] && (($conf['apache']['installed'] && is_file($conf['apache']["vhost_conf_enabled_dir"]."/000-ispconfig.vhost")) || ($conf['nginx']['installed'] && is_file($conf['nginx']["vhost_conf_enabled_dir"]."/000-ispconfig.vhost")))) $this->ispconfig_interface_installed = true;
}
@@ -498,6 +518,13 @@
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
+ $query = "GRANT SELECT, INSERT, DELETE ON ".$value['db'].".`mail_backup` TO '".$value['user']."'@'".$host."' ";
+ if ($verbose){
+ echo $query ."\n";
+ }
+ if(!$this->dbmaster->query($query)) {
+ $this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
+ }
}
/*
@@ -628,16 +655,17 @@
copy('tpl/mailman-virtual_to_transport.sh', $full_file_name);
}
chgrp($full_file_name, 'list');
- chmod($full_file_name, 0750);
+ chmod($full_file_name, 0755);
}
//* Create aliasaes
exec('/usr/lib/mailman/bin/genaliases 2>/dev/null');
+ if(is_file('/var/lib/mailman/data/virtual-mailman')) exec('postmap /var/lib/mailman/data/virtual-mailman');
}
public function configure_postfix($options = '') {
- global $conf;
+ global $conf,$autoinstall;
$cf = $conf['postfix'];
$config_dir = $cf['config_dir'];
@@ -666,6 +694,9 @@
//* mysql-virtual_sender.cf
$this->process_postfix_config('mysql-virtual_sender.cf');
+ //* mysql-virtual_sender_login_maps.cf
+ $this->process_postfix_config('mysql-virtual_sender_login_maps.cf');
+
//* mysql-virtual_client.cf
$this->process_postfix_config('mysql-virtual_client.cf');
@@ -674,6 +705,21 @@
//* mysql-virtual_relayrecipientmaps.cf
$this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');
+
+ //* mysql-virtual_outgoing_bcc.cf
+ $this->process_postfix_config('mysql-virtual_outgoing_bcc.cf');
+
+ //* mysql-virtual_policy_greylist.cf
+ $this->process_postfix_config('mysql-virtual_policy_greylist.cf');
+
+ //* postfix-dkim
+ $full_file_name=$config_dir.'/tag_as_originating.re';
+ if(is_file($full_file_name)) copy($full_file_name, $full_file_name.'~');
+ wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10026');
+
+ $full_file_name=$config_dir.'/tag_as_foreign.re';
+ if(is_file($full_file_name)) copy($full_file_name, $full_file_name.'~');
+ wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10024');
//* Changing mode and group of the new created config files.
caselog('chmod o= '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
@@ -689,7 +735,7 @@
if(!is_user($cf['vmail_username'])) caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
//* These postconf commands will be executed on installation and update
- $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ".$conf['server_id']);
+ $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM `" . $this->db->quote($conf["mysql"]["database"]) . "`.`server` WHERE server_id = ".$conf['server_id']);
$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
unset($server_ini_rec);
@@ -702,13 +748,27 @@
}
}
unset($rbl_hosts);
- unset($server_ini_array);
+ //* If Postgrey is installed, configure it
+ $greylisting = '';
+ if($conf['postgrey']['installed'] == true) {
+ $greylisting = ', check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';
+ }
+
+ $reject_sender_login_mismatch = '';
+ if(isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
+ $reject_sender_login_mismatch = ', reject_authenticated_sender_login_mismatch';
+ }
+ unset($server_ini_array);
+
$postconf_placeholders = array('{config_dir}' => $config_dir,
'{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
'{vmail_userid}' => $cf['vmail_userid'],
'{vmail_groupid}' => $cf['vmail_groupid'],
- '{rbl_list}' => $rbl_list);
+ '{rbl_list}' => $rbl_list,
+ '{greylisting}' => $greylisting,
+ '{reject_slm}' => $reject_sender_login_mismatch,
+ );
$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_postfix.conf.master', 'tpl/debian_postfix.conf.master');
$postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);
@@ -749,8 +809,13 @@
if(!stristr($options, 'dont-create-certs')) {
//* Create the SSL certificate
- $command = 'cd '.$config_dir.'; '
- .'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
+ if(AUTOINSTALL){
+ $command = 'cd '.$config_dir.'; '
+ ."openssl req -new -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509";
+ } else {
+ $command = 'cd '.$config_dir.'; '
+ .'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
+ }
exec($command);
$command = 'chmod o= '.$config_dir.'/smtpd.key';
@@ -798,7 +863,7 @@
caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
}
-
+
public function configure_saslauthd() {
global $conf;
@@ -913,6 +978,19 @@
public function configure_dovecot() {
global $conf;
+
+ $virtual_transport = 'dovecot';
+
+ // check if virtual_transport must be changed
+ if ($this->is_update) {
+ $tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
+ $ini_array = ini_to_array(stripslashes($tmp['config']));
+ // ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
+
+ if(isset($ini_array['mail']['mailbox_virtual_uidgid_maps']) && $ini_array['mail']['mailbox_virtual_uidgid_maps'] == 'y') {
+ $virtual_transport = 'lmtp:unix:private/dovecot-lmtp';
+ }
+ }
$config_dir = $conf['dovecot']['config_dir'];
@@ -937,7 +1015,7 @@
// Adding the amavisd commands to the postfix configuration
$postconf_commands = array (
'dovecot_destination_recipient_limit = 1',
- 'virtual_transport = dovecot',
+ 'virtual_transport = '.$virtual_transport,
'smtpd_sasl_type = dovecot',
'smtpd_sasl_path = private/auth'
);
@@ -959,19 +1037,20 @@
//* Get the dovecot version
exec('dovecot --version', $tmp);
- $parts = explode('.', trim($tmp[0]));
- $dovecot_version = $parts[0];
+ $dovecot_version = $tmp[0];
unset($tmp);
- unset($parts);
//* Copy dovecot configuration file
- if($dovecot_version == 2) {
+ if(version_compare($dovecot_version,2) >= 0) {
if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot2.conf.master')) {
copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot2.conf.master', $config_dir.'/'.$configfile);
} else {
copy('tpl/debian_dovecot2.conf.master', $config_dir.'/'.$configfile);
}
replaceLine($config_dir.'/'.$configfile, 'postmaster_address = postmaster@example.com', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
+ if(version_compare($dovecot_version,2.1) < 0) {
+ removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
+ }
} else {
if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot.conf.master')) {
copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot.conf.master', $config_dir.'/'.$configfile);
@@ -991,6 +1070,7 @@
$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
+ $content = str_replace('{server_id}', $conf['server_id'], $content);
wf($config_dir.'/'.$configfile, $content);
chmod($config_dir.'/'.$configfile, 0600);
@@ -998,7 +1078,7 @@
chgrp($config_dir.'/'.$configfile, 'root');
// Dovecot shall ignore mounts in website directory
- exec("doveadm mount add '/var/www/*' ignore");
+ if(is_installed('doveadm')) exec("doveadm mount add '/var/www/*' ignore > /dev/null 2> /dev/null");
}
@@ -1043,9 +1123,21 @@
if(is_file($conf['postfix']['config_dir'].'/master.cf')) copy($conf['postfix']['config_dir'].'/master.cf', $conf['postfix']['config_dir'].'/master.cf~');
$content = rf($conf['postfix']['config_dir'].'/master.cf');
// Only add the content if we had not addded it before
- if(!stristr($content, '127.0.0.1:10025')) {
+ if(!preg_match('/^amavis\s+unix\s+/m', $content)) {
unset($content);
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', 'tpl/master_cf_amavis.master');
+ af($conf['postfix']['config_dir'].'/master.cf', $content);
+ $content = rf($conf['postfix']['config_dir'].'/master.cf');
+ }
+ if(!preg_match('/^127.0.0.1:10025\s+/m', $content)) {
+ unset($content);
+ $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10025.master', 'tpl/master_cf_amavis10025.master');
+ af($conf['postfix']['config_dir'].'/master.cf', $content);
+ $content = rf($conf['postfix']['config_dir'].'/master.cf');
+ }
+ if(!preg_match('/^127.0.0.1:10027\s+/m', $content)) {
+ unset($content);
+ $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10027.master', 'tpl/master_cf_amavis10027.master');
af($conf['postfix']['config_dir'].'/master.cf', $content);
}
unset($content);
@@ -1053,7 +1145,20 @@
// Add the clamav user to the amavis group
exec('adduser clamav amavis');
-
+ // Create the director for DKIM-Keys
+ if(!is_dir('/var/lib/amavis/dkim')) mkdir('/var/lib/amavis/dkim', 0750, true);
+ // get shell-user for amavis
+ $amavis_user=exec('grep -o "^amavis:\|^vscan:" /etc/passwd');
+ if(!empty($amavis_user)) {
+ $amavis_user=rtrim($amavis_user, ":");
+ exec('chown '.$amavis_user.' /var/lib/amavis/dkim');
+ }
+ // get shell-group for amavis
+ $amavis_group=exec('grep -o "^amavis:\|^vscan:" /etc/group');
+ if(!empty($amavis_group)) {
+ $amavis_group=rtrim($amavis_group, ":");
+ exec('chgrp '.$amavis_group.' /var/lib/amavis/dkim');
+ }
}
public function configure_spamassassin() {
@@ -1212,6 +1317,125 @@
}
+
+ public function configure_xmpp($options = '') {
+ global $conf;
+
+ if($conf['xmpp']['installed'] == false) return;
+ //* Create the logging directory for xmpp server
+ if(!@is_dir('/var/log/metronome')) mkdir('/var/log/metronome', 0755, true);
+ chown('/var/log/metronome', 'metronome');
+ if(!@is_dir('/var/run/metronome')) mkdir('/var/run/metronome', 0755, true);
+ chown('/var/run/metronome', 'metronome');
+ if(!@is_dir('/var/lib/metronome')) mkdir('/var/lib/metronome', 0755, true);
+ chown('/var/lib/metronome', 'metronome');
+ if(!@is_dir('/etc/metronome/hosts')) mkdir('/etc/metronome/hosts', 0755, true);
+ if(!@is_dir('/etc/metronome/status')) mkdir('/etc/metronome/status', 0755, true);
+ unlink('/etc/metronome/metronome.cfg.lua');
+
+ $row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$conf["server_id"]."");
+ $server_name = $row["server_name"];
+
+ $tpl = new tpl('metronome_conf_main.master');
+ wf('/etc/metronome/metronome.cfg.lua', $tpl->grab());
+ unset($tpl);
+
+ $tpl = new tpl('metronome_conf_global.master');
+ $tpl->setVar('xmpp_admins','');
+ wf('/etc/metronome/global.cfg.lua', $tpl->grab());
+ unset($tpl);
+
+ // Copy isp libs
+ if(!@is_dir('/usr/lib/metronome/isp-modules')) mkdir('/usr/lib/metronome/isp-modules', 0755, true);
+ caselog('cp -rf apps/metronome_libs/* /usr/lib/metronome/isp-modules/', __FILE__, __LINE__);
+ // Process db config
+ $full_file_name = '/usr/lib/metronome/isp-modules/mod_auth_external/db_conf.inc.php';
+ $content = rf($full_file_name);
+ $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
+ $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
+ $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
+ $content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
+ $content = str_replace('{server_id}', $conf['server_id'], $content);
+ wf($full_file_name, $content);
+
+ if(!stristr($options, 'dont-create-certs')){
+ // Create SSL Certificate for localhost
+ echo "writing new private key to 'localhost.key'\n-----\n";
+ $ssl_country = $this->free_query('Country Name (2 letter code)', 'AU');
+ $ssl_locality = $this->free_query('Locality Name (eg, city)', '');
+ $ssl_organisation = $this->free_query('Organization Name (eg, company)', 'Internet Widgits Pty Ltd');
+ $ssl_organisation_unit = $this->free_query('Organizational Unit Name (eg, section)', '');
+ $ssl_domain = $this->free_query('Common Name (e.g. server FQDN or YOUR name)', $conf['hostname']);
+ $ssl_email = $this->free_query('Email Address', '');
+
+ $tpl = new tpl('metronome_conf_ssl.master');
+ $tpl->setVar('ssl_country',$ssl_country);
+ $tpl->setVar('ssl_locality',$ssl_locality);
+ $tpl->setVar('ssl_organisation',$ssl_organisation);
+ $tpl->setVar('ssl_organisation_unit',$ssl_organisation_unit);
+ $tpl->setVar('domain',$ssl_domain);
+ $tpl->setVar('ssl_email',$ssl_email);
+ wf('/etc/metronome/certs/localhost.cnf', $tpl->grab());
+ unset($tpl);
+ // Generate new key, csr and cert
+ exec("(cd /etc/metronome/certs && make localhost.key)");
+ exec("(cd /etc/metronome/certs && make localhost.csr)");
+ exec("(cd /etc/metronome/certs && make localhost.cert)");
+ exec('chmod 0400 /etc/metronome/certs/localhost.key');
+ exec('chown metronome /etc/metronome/certs/localhost.key');
+ }else{
+ echo "-----\n";
+ echo "Metronome XMPP SSL server certificate is not renewed. Run the following command manual as root to recreate it:\n";
+ echo "# (cd /etc/metronome/certs && make localhost.key && make localhost.csr && make localhost.cert && chmod 0400 localhost.key && chown metronome localhost.key)\n";
+ echo "-----\n";
+ }
+
+ // Copy init script
+ caselog('cp -f apps/metronome-init /etc/init.d/metronome', __FILE__, __LINE__);
+ caselog('chmod u+x /etc/init.d/metronome', __FILE__, __LINE__);
+ caselog('update-rc.d metronome defaults', __FILE__, __LINE__);
+
+ exec($this->getinitcommand('xmpp', 'restart'));
+
+/*
+writing new private key to 'smtpd.key'
+-----
+You are about to be asked to enter information that will be incorporated
+into your certificate request.
+What you are about to enter is what is called a Distinguished Name or a DN.
+There are quite a few fields but you can leave some blank
+For some fields there will be a default value,
+If you enter '.', the field will be left blank.
+-----
+Country Name (2 letter code) [AU]:
+State or Province Name (full name) [Some-State]:
+Locality Name (eg, city) []:
+Organization Name (eg, company) [Internet Widgits Pty Ltd]:
+Organizational Unit Name (eg, section) []:
+Common Name (e.g. server FQDN or YOUR name) []:
+Email Address []:
+ * */
+
+ /*// Dont just copy over the virtualhost template but add some custom settings
+ $tpl = new tpl('apache_apps.vhost.master');
+
+ $tpl->setVar('apps_vhost_port',$conf['web']['apps_vhost_port']);
+ $tpl->setVar('apps_vhost_dir',$conf['web']['website_basedir'].'/apps');
+ $tpl->setVar('apps_vhost_basedir',$conf['web']['website_basedir']);
+ $tpl->setVar('apps_vhost_servername',$apps_vhost_servername);
+ $tpl->setVar('apache_version',getapacheversion());
+
+
+ // comment out the listen directive if port is 80 or 443
+ if($conf['web']['apps_vhost_ip'] == 80 or $conf['web']['apps_vhost_ip'] == 443) {
+ $tpl->setVar('vhost_port_listen','#');
+ } else {
+ $tpl->setVar('vhost_port_listen','');
+ }
+
+ wf($vhost_conf_dir.'/apps.vhost', $tpl->grab());
+ unset($tpl);*/
+ }
public function configure_apache() {
@@ -1406,19 +1630,17 @@
exec('chown root:root '.$conf["squid"]["config_dir"].'/'.$configfile);
}
- /*
public function configure_ufw_firewall()
{
$configfile = 'ufw.conf';
- if(is_file('/etc/ufw/ufw.conf')) copy('/etc/ufw/ufw.conf','/etc/ufw/ufw.conf~');
+ if(is_file('/etc/ufw/ufw.conf')) copy('/etc/ufw/ufw.conf', '/etc/ufw/ufw.conf~');
$content = rf("tpl/".$configfile.".master");
- wf('/etc/ufw/ufw.conf',$content);
+ wf('/etc/ufw/ufw.conf', $content);
exec('chmod 600 /etc/ufw/ufw.conf');
exec('chown root:root /etc/ufw/ufw.conf');
}
- */
- public function configure_firewall() {
+ public function configure_bastille_firewall() {
global $conf;
$dist_init_scripts = $conf['init_scripts'];
@@ -1597,7 +1819,8 @@
if(!is_user($apps_vhost_user)) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
- $command = 'adduser '.$conf['nginx']['user'].' '.$apps_vhost_group;
+ //$command = 'adduser '.$conf['nginx']['user'].' '.$apps_vhost_group;
+ $command = 'usermod -a -G '.$apps_vhost_group.' '.$conf['nginx']['user'];
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
if(!@is_dir($install_dir)){
@@ -1669,7 +1892,7 @@
}
public function make_ispconfig_ssl_cert() {
- global $conf;
+ global $conf,$autoinstall;
$install_dir = $conf['ispconfig_install_dir'];
@@ -1681,11 +1904,17 @@
$ssl_pw = substr(md5(mt_rand()), 0, 6);
exec("openssl genrsa -des3 -passout pass:$ssl_pw -out $ssl_key_file 4096");
- exec("openssl req -new -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -out $ssl_csr_file");
+ if(AUTOINSTALL){
+ exec("openssl req -new -passin pass:$ssl_pw -passout pass:$ssl_pw -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -key $ssl_key_file -out $ssl_csr_file");
+ } else {
+ exec("openssl req -new -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -out $ssl_csr_file");
+ }
exec("openssl req -x509 -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -in $ssl_csr_file -out $ssl_crt_file -days 3650");
exec("openssl rsa -passin pass:$ssl_pw -in $ssl_key_file -out $ssl_key_file.insecure");
rename($ssl_key_file, $ssl_key_file.'.secure');
rename($ssl_key_file.'.insecure', $ssl_key_file);
+
+ exec('chown -R root:root /usr/local/ispconfig/interface/ssl');
}
@@ -1714,6 +1943,31 @@
//* copy the ISPConfig server part
$command = 'cp -rf ../server '.$install_dir;
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+
+ //* Make a backup of the security settings
+ if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~');
+
+ //* copy the ISPConfig security part
+ $command = 'cp -rf ../security '.$install_dir;
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+
+ //* Apply changed security_settings.ini values to new security_settings.ini file
+ if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) {
+ $security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~'));
+ $security_settings_new = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini'));
+ if(is_array($security_settings_new) && is_array($security_settings_old)) {
+ foreach($security_settings_new as $section => $sval) {
+ if(is_array($sval)) {
+ foreach($sval as $key => $val) {
+ if(isset($security_settings_old[$section]) && isset($security_settings_old[$section][$key])) {
+ $security_settings_new[$section][$key] = $security_settings_old[$section][$key];
+ }
+ }
+ }
+ }
+ file_put_contents('/usr/local/ispconfig/security/security_settings.ini',array_to_ini($security_settings_new));
+ }
+ }
//* Create a symlink, so ISPConfig is accessible via web
// Replaced by a separate vhost definition for port 8080
@@ -1844,8 +2098,9 @@
$vserver_server_enabled = ($conf['openvz']['installed'])?1:0;
$proxy_server_enabled = ($conf['services']['proxy'])?1:0;
$firewall_server_enabled = ($conf['services']['firewall'])?1:0;
+ $xmpp_server_enabled = ($conf['services']['xmpp'])?1:0;
- $sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled', proxy_server = '$proxy_server_enabled', firewall_server = '$firewall_server_enabled' WHERE server_id = ".intval($conf['server_id']);
+ $sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled', proxy_server = '$proxy_server_enabled', firewall_server = '$firewall_server_enabled', xmpp_server = '.$xmpp_server_enabled.' WHERE server_id = ".intval($conf['server_id']);
if($conf['mysql']['master_slave_setup'] == 'y') {
$this->dbmaster->query($sql);
@@ -1855,12 +2110,38 @@
}
- //* Chmod the files
- $command = 'chmod -R 750 '.$install_dir;
+ // chown install dir to root and chmod 755
+ $command = 'chown root:root '.$install_dir;
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+ $command = 'chmod 755 '.$install_dir;
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
- //* chown the files to the ispconfig user and group
- $command = 'chown -R ispconfig:ispconfig '.$install_dir;
+ //* Chmod the files and directories in the install dir
+ $command = 'chmod -R 750 '.$install_dir.'/*';
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+
+ //* chown the interface files to the ispconfig user and group
+ $command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface';
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+
+ //* chown the server files to the root user and group
+ $command = 'chown -R root:root '.$install_dir.'/server';
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+
+ //* chown the security files to the root user and group
+ $command = 'chown -R root:root '.$install_dir.'/security';
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+
+ //* chown the security directory and security_settings.ini to root:ispconfig
+ $command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini';
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+ $command = 'chown root:ispconfig '.$install_dir.'/security';
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+ $command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist';
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+ $command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield';
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+ $command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
//* Make the global language file directory group writable
@@ -1913,6 +2194,8 @@
exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
}
+
+ exec('chown -R root:root /usr/local/ispconfig/interface/ssl');
// TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
// and must be fixed as this will allow the apache user to read the ispconfig files.
@@ -2103,8 +2386,16 @@
//* Remove Domain module as its functions are available in the client module now
if(@is_dir('/usr/local/ispconfig/interface/web/domain')) exec('rm -rf /usr/local/ispconfig/interface/web/domain');
-
-
+
+ //* Disable rkhunter run and update in debian cronjob as ispconfig is running and updating rkhunter
+ if(is_file('/etc/default/rkhunter')) {
+ replaceLine('/etc/default/rkhunter', 'CRON_DAILY_RUN="yes"', 'CRON_DAILY_RUN="no"', 1, 0);
+ replaceLine('/etc/default/rkhunter', 'CRON_DB_UPDATE="yes"', 'CRON_DB_UPDATE="no"', 1, 0);
+ }
+
+ // Add symlink for patch tool
+ if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');
+
}
public function configure_dbserver() {
@@ -2124,7 +2415,7 @@
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mysql_clientdb.conf.master', 'tpl/mysql_clientdb.conf.master');
$content = str_replace('{hostname}', $conf['mysql']['host'], $content);
$content = str_replace('{username}', $conf['mysql']['admin_user'], $content);
- $content = str_replace('{password}', $conf['mysql']['admin_password'], $content);
+ $content = str_replace('{password}', addslashes($conf['mysql']['admin_password']), $content);
wf($install_dir.'/server/lib/mysql_clientdb.conf', $content);
chmod($install_dir.'/server/lib/mysql_clientdb.conf', 0600);
chown($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
@@ -2147,8 +2438,8 @@
}
$root_cron_jobs = array(
- "* * * * * ".$install_dir."/server/server.sh 2>&1 > /dev/null | while read line; do echo `/bin/date` \"\$line\" >> ".$conf['ispconfig_log_dir']."/cron.log; done",
- "30 00 * * * ".$install_dir."/server/cron_daily.sh 2>&1 > /dev/null | while read line; do echo `/bin/date` \"\$line\" >> ".$conf['ispconfig_log_dir']."/cron.log; done"
+ "* * * * * ".$install_dir."/server/server.sh 2>&1 | while read line; do echo `/bin/date` \"\$line\" >> ".$conf['ispconfig_log_dir']."/cron.log; done",
+ "* * * * * ".$install_dir."/server/cron.sh 2>&1 | while read line; do echo `/bin/date` \"\$line\" >> ".$conf['ispconfig_log_dir']."/cron.log; done"
);
if ($conf['nginx']['installed'] == true) {
@@ -2193,18 +2484,34 @@
chmod($conf['ispconfig_log_dir'].'/cron.log', 0660);
}
+
+ // This function is called at the end of the update process and contains code to clean up parts of old ISPCONfig releases
+ public function cleanup_ispconfig() {
+ global $app,$conf;
+
+ // Remove directories recursively
+ if(is_dir('/usr/local/ispconfig/interface/web/designer')) exec('rm -rf /usr/local/ispconfig/interface/web/designer');
+ if(is_dir('/usr/local/ispconfig/interface/web/themes/default-304')) exec('rm -rf /usr/local/ispconfig/interface/web/themes/default-304');
+
+ // Remove files
+ if(is_file('/usr/local/ispconfig/interface/lib/classes/db_firebird.inc.php')) unlink('/usr/local/ispconfig/interface/lib/classes/db_firebird.inc.php');
+ if(is_file('/usr/local/ispconfig/interface/lib/classes/form.inc.php')) unlink('/usr/local/ispconfig/interface/lib/classes/form.inc.php');
+
+
+
+ }
public function getinitcommand($servicename, $action, $init_script_directory = ''){
global $conf;
- // systemd
- if(is_executable('/bin/systemd')){
- return 'systemctl '.$action.' '.$servicename.'.service';
- }
// upstart
if(is_executable('/sbin/initctl')){
exec('/sbin/initctl version 2>/dev/null | /bin/grep -q upstart', $retval['output'], $retval['retval']);
if(intval($retval['retval']) == 0) return 'service '.$servicename.' '.$action;
}
+ // systemd
+ if(is_executable('/bin/systemd') || is_executable('/usr/bin/systemctl')){
+ return 'systemctl '.$action.' '.$servicename.'.service';
+ }
// sysvinit
if($init_script_directory == '') $init_script_directory = $conf['init_scripts'];
if(substr($init_script_directory, -1) === '/') $init_script_directory = substr($init_script_directory, 0, -1);
--
Gitblit v1.9.1