From 72695f0356210b5ca68d33d09e91c00ed9d6c2b6 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 12 Feb 2013 04:55:44 -0500
Subject: [PATCH] Merged Revisions 3771-3801 from stable branch.
---
install/lib/installer_base.lib.php | 55 ++++++++++++++++++++++++++++++++++++++++++++-----------
1 files changed, 44 insertions(+), 11 deletions(-)
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index ee45301..97853a0 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -132,7 +132,7 @@
if(is_installed('named') || is_installed('bind') || is_installed('bind9')) $conf['bind']['installed'] = true;
if(is_installed('squid')) $conf['squid']['installed'] = true;
if(is_installed('nginx')) $conf['nginx']['installed'] = true;
- // if(is_installed('iptables') && is_installed('ufw')) $conf['ufw']['installed'] = true;
+ if(is_installed('iptables') && is_installed('ufw')) $conf['ufw']['installed'] = true;
if(is_installed('fail2ban-server')) $conf['fail2ban']['installed'] = true;
if(is_installed('vzctl')) $conf['openvz']['installed'] = true;
if(is_dir("/etc/Bastille")) $conf['bastille']['installed'] = true;
@@ -423,7 +423,7 @@
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
- $query = "GRANT SELECT, UPDATE (`ssl_request`, `ssl_cert`, `ssl_action`) ON ".$value['db'].".`web_domain` TO '".$value['user']."'@'".$host."' ";
+ $query = "GRANT SELECT, UPDATE (`ssl_request`, `ssl_cert`, `ssl_action`, `ssl_key`) ON ".$value['db'].".`web_domain` TO '".$value['user']."'@'".$host."' ";
if ($verbose){
echo $query ."\n";
}
@@ -472,6 +472,14 @@
}
$query = "GRANT SELECT, UPDATE ON ".$value['db'].".`aps_instances` TO '".$value['user']."'@'".$host."' ";
+ if ($verbose){
+ echo $query ."\n";
+ }
+ if(!$this->dbmaster->query($query)) {
+ $this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
+ }
+
+ $query = "GRANT SELECT, INSERT, DELETE ON ".$value['db'].".`web_backup` TO '".$value['user']."'@'".$host."' ";
if ($verbose){
echo $query ."\n";
}
@@ -558,6 +566,23 @@
}
}
}
+
+ $config_dir = $conf['mailman']['config_dir'].'/';
+ $full_file_name = $config_dir.'virtual_to_transport.sh';
+
+ //* Backup exiting virtual_to_transport.sh script
+ if(is_file($full_file_name)) {
+ copy($full_file_name, $config_dir.'virtual_to_transport.sh~');
+ }
+
+ copy('tpl/mailman-virtual_to_transport.sh',$full_file_name);
+ chgrp($full_file_name,'list');
+ chmod($full_file_name,0750);
+
+ if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
+ exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');
+
+ exec('/usr/lib/mailman/bin/genaliases');
$virtual_domains = '';
if($status == 'update')
@@ -673,7 +698,7 @@
'smtpd_tls_security_level = may',
'smtpd_tls_cert_file = '.$config_dir.'/smtpd.cert',
'smtpd_tls_key_file = '.$config_dir.'/smtpd.key',
- 'transport_maps = proxy:mysql:'.$config_dir.'/mysql-virtual_transports.cf',
+ 'transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:'.$config_dir.'/mysql-virtual_transports.cf',
'relay_domains = mysql:'.$config_dir.'/mysql-virtual_relaydomains.cf',
'relay_recipient_maps = mysql:'.$config_dir.'/mysql-virtual_relayrecipientmaps.cf',
'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps',
@@ -724,7 +749,7 @@
if(!stristr($options,'dont-create-certs')) {
//* Create the SSL certificate
$command = 'cd '.$config_dir.'; '
- .'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
+ .'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
exec($command);
$command = 'chmod o= '.$config_dir.'/smtpd.key';
@@ -1341,7 +1366,6 @@
exec('chown root:root '.$conf["squid"]["config_dir"].'/'.$configfile);
}
- /*
public function configure_ufw_firewall()
{
$configfile = 'ufw.conf';
@@ -1351,9 +1375,8 @@
exec('chmod 600 /etc/ufw/ufw.conf');
exec('chown root:root /etc/ufw/ufw.conf');
}
- */
- public function configure_firewall() {
+ public function configure_bastille_firewall() {
global $conf;
$dist_init_scripts = $conf['init_scripts'];
@@ -1808,9 +1831,14 @@
exec("chmod -R 770 $install_dir/server/aps_packages");
//* make sure that the server config file (not the interface one) is only readable by the root user
- chmod($install_dir.'/server/lib/'.$configfile, 0600);
- chown($install_dir.'/server/lib/'.$configfile, 'root');
- chgrp($install_dir.'/server/lib/'.$configfile, 'root');
+ chmod($install_dir.'/server/lib/config.inc.php', 0600);
+ chown($install_dir.'/server/lib/config.inc.php', 'root');
+ chgrp($install_dir.'/server/lib/config.inc.php', 'root');
+
+ //* Make sure thet the interface config file is readable by user ispconfig only
+ chmod($install_dir.'/interface/lib/config.inc.php', 0600);
+ chown($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
+ chgrp($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
chmod($install_dir.'/server/lib/remote_action.inc.php', 0600);
chown($install_dir.'/server/lib/remote_action.inc.php', 'root');
@@ -1871,6 +1899,11 @@
$content = str_replace('{ssl_comment}', '', $content);
} else {
$content = str_replace('{ssl_comment}', '#', $content);
+ }
+ if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key') && is_file($install_dir.'/interface/ssl/ispserver.bundle')) {
+ $content = str_replace('{ssl_bundle_comment}', '', $content);
+ } else {
+ $content = str_replace('{ssl_bundle_comment}', '#', $content);
}
wf($vhost_conf_dir.'/ispconfig.vhost', $content);
@@ -2211,4 +2244,4 @@
}
}
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1