From 4d2cb4427cf615e1e6cf2d8e80f9361c0a143fdf Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Thu, 29 Dec 2011 06:03:01 -0500
Subject: [PATCH] - Changed default security level to high in server.ini.master

---
 install/lib/installer_base.lib.php |   16 ++++++++++++++--
 1 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index a4ec514..4bf7376 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -514,6 +514,10 @@
 			copy('tpl/'.$jk_init.'.master', $config_dir.'/'.$jk_init);
 			copy('tpl/'.$jk_chrootsh.'.master', $config_dir.'/'.$jk_chrootsh);
 		}
+		
+		//* help jailkit fo find its ini files
+		if(!is_link('/usr/jk_socketd.ini')) exec('ln -s /etc/jailkit/jk_socketd.ini /usr/jk_socketd.ini');
+		if(!is_link('/usr/jk_init.ini')) exec('ln -s /etc/jailkit/jk_init.ini /usr/jk_init.ini');
 
 	}
 	
@@ -888,7 +892,7 @@
 		if(is_file($config_dir.'/'.$configfile)) {
 			copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
 		}
-		chmod($config_dir.'/'.$configfile.'~', 0400);
+		if(is_file($config_dir.'/'.$configfile.'~')) chmod($config_dir.'/'.$configfile.'~', 0400);
 		$content = rf('tpl/debian_dovecot-sql.conf.master');
 		$content = str_replace('{mysql_server_ispconfig_user}',$conf['mysql']['ispconfig_user'],$content);
 		$content = str_replace('{mysql_server_ispconfig_password}',$conf['mysql']['ispconfig_password'], $content);
@@ -1485,6 +1489,7 @@
 			if(substr($socket_dir,-1) != '/') $socket_dir .= '/';
 			if(!is_dir($socket_dir)) exec('mkdir -p '.$socket_dir);
 			$fpm_socket = $socket_dir.'apps.sock';
+			$cgi_socket = escapeshellcmd($conf['nginx']['cgi_socket']);
 
 			$content = str_replace('{apps_vhost_ip}', $apps_vhost_ip, $content);
 			$content = str_replace('{apps_vhost_port}', $conf['web']['apps_vhost_port'], $content);
@@ -1492,6 +1497,7 @@
 			$content = str_replace('{apps_vhost_servername}', $apps_vhost_servername, $content);
 			//$content = str_replace('{fpm_port}', ($conf['nginx']['php_fpm_start_port']+1), $content);
 			$content = str_replace('{fpm_socket}', $fpm_socket, $content);
+			$content = str_replace('{cgi_socket}', $cgi_socket, $content);
 
 			wf($vhost_conf_dir.'/apps.vhost', $content);
 			
@@ -1741,6 +1747,12 @@
 			chown($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
 			chgrp($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
 		}
+		
+		if(is_file($install_dir.'/interface/invoices')) {
+			chmod($install_dir.'/interface/invoices', 0770);
+			chown($install_dir.'/interface/invoices', 'ispconfig');
+			chgrp($install_dir.'/interface/invoices', 'ispconfig');
+		}
 
 		// TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
 		// and must be fixed as this will allow the apache user to read the ispconfig files.
@@ -1935,7 +1947,7 @@
 		wf($install_dir.'/server/lib/mysql_clientdb.conf',$content);
 		chmod($install_dir.'/server/lib/mysql_clientdb.conf', 0600);
 		chown($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
-		chgrp($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
+		chgrp($install_dir.'/server/lib/mysql_clientdb.conf', 'root');		
 
 	}
 

--
Gitblit v1.9.1