From f7ec00b2f8ba3efc5bdeacef9c813f8a826ae3be Mon Sep 17 00:00:00 2001
From: Patrick Anders <p.anders@timmehosting.de>
Date: Wed, 10 Dec 2014 08:44:26 -0500
Subject: [PATCH] add Spdy option - http://en.wikipedia.org/wiki/SPDY
---
install/lib/installer_base.lib.php | 179 +++++++++++++++++++++++++++++++++++++++++++++++++++--------
1 files changed, 153 insertions(+), 26 deletions(-)
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index 548cf93..9137a41 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -150,7 +150,7 @@
if(is_installed('named') || is_installed('bind') || is_installed('bind9')) $conf['bind']['installed'] = true;
if(is_installed('squid')) $conf['squid']['installed'] = true;
if(is_installed('nginx')) $conf['nginx']['installed'] = true;
- // if(is_installed('iptables') && is_installed('ufw')) $conf['ufw']['installed'] = true;
+ if(is_installed('iptables') && is_installed('ufw')) $conf['ufw']['installed'] = true;
if(is_installed('fail2ban-server')) $conf['fail2ban']['installed'] = true;
if(is_installed('vzctl')) $conf['openvz']['installed'] = true;
if(is_dir("/etc/Bastille")) $conf['bastille']['installed'] = true;
@@ -516,6 +516,13 @@
$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
}
+ $query = "GRANT SELECT, INSERT, DELETE ON ".$value['db'].".`mail_backup` TO '".$value['user']."'@'".$host."' ";
+ if ($verbose){
+ echo $query ."\n";
+ }
+ if(!$this->dbmaster->query($query)) {
+ $this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
+ }
}
/*
@@ -646,7 +653,7 @@
copy('tpl/mailman-virtual_to_transport.sh', $full_file_name);
}
chgrp($full_file_name, 'list');
- chmod($full_file_name, 0750);
+ chmod($full_file_name, 0755);
}
//* Create aliasaes
@@ -693,6 +700,18 @@
//* mysql-virtual_relayrecipientmaps.cf
$this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');
+
+ //* mysql-virtual_outgoing_bcc.cf
+ $this->process_postfix_config('mysql-virtual_outgoing_bcc.cf');
+
+ //* postfix-dkim
+ $full_file_name=$config_dir.'/tag_as_originating.re';
+ if(is_file($full_file_name)) copy($full_file_name, $full_file_name.'~');
+ wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10026');
+
+ $full_file_name=$config_dir.'/tag_as_foreign.re';
+ if(is_file($full_file_name)) copy($full_file_name, $full_file_name.'~');
+ wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10024');
//* Changing mode and group of the new created config files.
caselog('chmod o= '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
@@ -937,6 +956,19 @@
public function configure_dovecot() {
global $conf;
+
+ $virtual_transport = 'dovecot';
+
+ // check if virtual_transport must be changed
+ if ($this->is_update) {
+ $tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
+ $ini_array = ini_to_array(stripslashes($tmp['config']));
+ // ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
+
+ if(isset($ini_array['mail']['mailbox_virtual_uidgid_maps']) && $ini_array['mail']['mailbox_virtual_uidgid_maps'] == 'y') {
+ $virtual_transport = 'lmtp:unix:private/dovecot-lmtp';
+ }
+ }
$config_dir = $conf['dovecot']['config_dir'];
@@ -961,7 +993,7 @@
// Adding the amavisd commands to the postfix configuration
$postconf_commands = array (
'dovecot_destination_recipient_limit = 1',
- 'virtual_transport = dovecot',
+ 'virtual_transport = '.$virtual_transport,
'smtpd_sasl_type = dovecot',
'smtpd_sasl_path = private/auth'
);
@@ -983,19 +1015,20 @@
//* Get the dovecot version
exec('dovecot --version', $tmp);
- $parts = explode('.', trim($tmp[0]));
- $dovecot_version = $parts[0];
+ $dovecot_version = $tmp[0];
unset($tmp);
- unset($parts);
//* Copy dovecot configuration file
- if($dovecot_version == 2) {
+ if(version_compare($dovecot_version,2) >= 0) {
if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot2.conf.master')) {
copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot2.conf.master', $config_dir.'/'.$configfile);
} else {
copy('tpl/debian_dovecot2.conf.master', $config_dir.'/'.$configfile);
}
replaceLine($config_dir.'/'.$configfile, 'postmaster_address = postmaster@example.com', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
+ if(version_compare($dovecot_version,2.1) < 0) {
+ removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
+ }
} else {
if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot.conf.master')) {
copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot.conf.master', $config_dir.'/'.$configfile);
@@ -1068,9 +1101,21 @@
if(is_file($conf['postfix']['config_dir'].'/master.cf')) copy($conf['postfix']['config_dir'].'/master.cf', $conf['postfix']['config_dir'].'/master.cf~');
$content = rf($conf['postfix']['config_dir'].'/master.cf');
// Only add the content if we had not addded it before
- if(!stristr($content, '127.0.0.1:10025')) {
+ if(!preg_match('/^amavis\s+unix\s+/m', $content)) {
unset($content);
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', 'tpl/master_cf_amavis.master');
+ af($conf['postfix']['config_dir'].'/master.cf', $content);
+ $content = rf($conf['postfix']['config_dir'].'/master.cf');
+ }
+ if(!preg_match('/^127.0.0.1:10025\s+/m', $content)) {
+ unset($content);
+ $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10025.master', 'tpl/master_cf_amavis10025.master');
+ af($conf['postfix']['config_dir'].'/master.cf', $content);
+ $content = rf($conf['postfix']['config_dir'].'/master.cf');
+ }
+ if(!preg_match('/^127.0.0.1:10027\s+/m', $content)) {
+ unset($content);
+ $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10027.master', 'tpl/master_cf_amavis10027.master');
af($conf['postfix']['config_dir'].'/master.cf', $content);
}
unset($content);
@@ -1078,7 +1123,20 @@
// Add the clamav user to the amavis group
exec('adduser clamav amavis');
-
+ // Create the director for DKIM-Keys
+ if(!is_dir('/var/lib/amavis/dkim')) mkdir('/var/lib/amavis/dkim', 0750, true);
+ // get shell-user for amavis
+ $amavis_user=exec('grep -o "^amavis:\|^vscan:" /etc/passwd');
+ if(!empty($amavis_user)) {
+ $amavis_user=rtrim($amavis_user, ":");
+ exec('chown '.$amavis_user.' /var/lib/amavis/dkim');
+ }
+ // get shell-group for amavis
+ $amavis_group=exec('grep -o "^amavis:\|^vscan:" /etc/group');
+ if(!empty($amavis_group)) {
+ $amavis_group=rtrim($amavis_group, ":");
+ exec('chgrp '.$amavis_group.' /var/lib/amavis/dkim');
+ }
}
public function configure_spamassassin() {
@@ -1431,19 +1489,17 @@
exec('chown root:root '.$conf["squid"]["config_dir"].'/'.$configfile);
}
- /*
public function configure_ufw_firewall()
{
$configfile = 'ufw.conf';
- if(is_file('/etc/ufw/ufw.conf')) copy('/etc/ufw/ufw.conf','/etc/ufw/ufw.conf~');
+ if(is_file('/etc/ufw/ufw.conf')) copy('/etc/ufw/ufw.conf', '/etc/ufw/ufw.conf~');
$content = rf("tpl/".$configfile.".master");
- wf('/etc/ufw/ufw.conf',$content);
+ wf('/etc/ufw/ufw.conf', $content);
exec('chmod 600 /etc/ufw/ufw.conf');
exec('chown root:root /etc/ufw/ufw.conf');
}
- */
- public function configure_firewall() {
+ public function configure_bastille_firewall() {
global $conf;
$dist_init_scripts = $conf['init_scripts'];
@@ -1716,6 +1772,8 @@
exec("openssl rsa -passin pass:$ssl_pw -in $ssl_key_file -out $ssl_key_file.insecure");
rename($ssl_key_file, $ssl_key_file.'.secure');
rename($ssl_key_file.'.insecure', $ssl_key_file);
+
+ exec('chown -R root:root /usr/local/ispconfig/interface/ssl');
}
@@ -1744,6 +1802,31 @@
//* copy the ISPConfig server part
$command = 'cp -rf ../server '.$install_dir;
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+
+ //* Make a backup of the security settings
+ if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~');
+
+ //* copy the ISPConfig security part
+ $command = 'cp -rf ../security '.$install_dir;
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+
+ //* Apply changed security_settings.ini values to new security_settings.ini file
+ if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) {
+ $security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~'));
+ $security_settings_new = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini'));
+ if(is_array($security_settings_new) && is_array($security_settings_old)) {
+ foreach($security_settings_new as $section => $sval) {
+ if(is_array($sval)) {
+ foreach($sval as $key => $val) {
+ if(isset($security_settings_old[$section]) && isset($security_settings_old[$section][$key])) {
+ $security_settings_new[$section][$key] = $security_settings_old[$section][$key];
+ }
+ }
+ }
+ }
+ file_put_contents('/usr/local/ispconfig/security/security_settings.ini',array_to_ini($security_settings_new));
+ }
+ }
//* Create a symlink, so ISPConfig is accessible via web
// Replaced by a separate vhost definition for port 8080
@@ -1885,12 +1968,38 @@
}
- //* Chmod the files
- $command = 'chmod -R 750 '.$install_dir;
+ // chown install dir to root and chmod 755
+ $command = 'chown root:root '.$install_dir;
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+ $command = 'chmod 755 '.$install_dir;
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
- //* chown the files to the ispconfig user and group
- $command = 'chown -R ispconfig:ispconfig '.$install_dir;
+ //* Chmod the files and directories in the install dir
+ $command = 'chmod -R 750 '.$install_dir.'/*';
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+
+ //* chown the interface files to the ispconfig user and group
+ $command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface';
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+
+ //* chown the server files to the root user and group
+ $command = 'chown -R root:root '.$install_dir.'/server';
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+
+ //* chown the security files to the root user and group
+ $command = 'chown -R root:root '.$install_dir.'/security';
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+
+ //* chown the security directory and security_settings.ini to root:ispconfig
+ $command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini';
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+ $command = 'chown root:ispconfig '.$install_dir.'/security';
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+ $command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist';
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+ $command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield';
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+ $command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
//* Make the global language file directory group writable
@@ -1943,6 +2052,8 @@
exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
}
+
+ exec('chown -R root:root /usr/local/ispconfig/interface/ssl');
// TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
// and must be fixed as this will allow the apache user to read the ispconfig files.
@@ -2142,7 +2253,7 @@
// Add symlink for patch tool
if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');
-
+
}
public function configure_dbserver() {
@@ -2162,7 +2273,7 @@
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mysql_clientdb.conf.master', 'tpl/mysql_clientdb.conf.master');
$content = str_replace('{hostname}', $conf['mysql']['host'], $content);
$content = str_replace('{username}', $conf['mysql']['admin_user'], $content);
- $content = str_replace('{password}', $conf['mysql']['admin_password'], $content);
+ $content = str_replace('{password}', addslashes($conf['mysql']['admin_password']), $content);
wf($install_dir.'/server/lib/mysql_clientdb.conf', $content);
chmod($install_dir.'/server/lib/mysql_clientdb.conf', 0600);
chown($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
@@ -2185,8 +2296,8 @@
}
$root_cron_jobs = array(
- "* * * * * ".$install_dir."/server/server.sh 2>&1 > /dev/null | while read line; do echo `/bin/date` \"\$line\" >> ".$conf['ispconfig_log_dir']."/cron.log; done",
- "30 00 * * * ".$install_dir."/server/cron_daily.sh 2>&1 > /dev/null | while read line; do echo `/bin/date` \"\$line\" >> ".$conf['ispconfig_log_dir']."/cron.log; done"
+ "* * * * * ".$install_dir."/server/server.sh 2>&1 | while read line; do echo `/bin/date` \"\$line\" >> ".$conf['ispconfig_log_dir']."/cron.log; done",
+ "* * * * * ".$install_dir."/server/cron.sh 2>&1 | while read line; do echo `/bin/date` \"\$line\" >> ".$conf['ispconfig_log_dir']."/cron.log; done"
);
if ($conf['nginx']['installed'] == true) {
@@ -2231,18 +2342,34 @@
chmod($conf['ispconfig_log_dir'].'/cron.log', 0660);
}
+
+ // This function is called at the end of the update process and contains code to clean up parts of old ISPCONfig releases
+ public function cleanup_ispconfig() {
+ global $app,$conf;
+
+ // Remove directories recursively
+ if(is_dir('/usr/local/ispconfig/interface/web/designer')) exec('rm -rf /usr/local/ispconfig/interface/web/designer');
+ if(is_dir('/usr/local/ispconfig/interface/web/themes/default-304')) exec('rm -rf /usr/local/ispconfig/interface/web/themes/default-304');
+
+ // Remove files
+ if(is_file('/usr/local/ispconfig/interface/lib/classes/db_firebird.inc.php')) unlink('/usr/local/ispconfig/interface/lib/classes/db_firebird.inc.php');
+ if(is_file('/usr/local/ispconfig/interface/lib/classes/form.inc.php')) unlink('/usr/local/ispconfig/interface/lib/classes/form.inc.php');
+
+
+
+ }
public function getinitcommand($servicename, $action, $init_script_directory = ''){
global $conf;
- // systemd
- if(is_executable('/bin/systemd')){
- return 'systemctl '.$action.' '.$servicename.'.service';
- }
// upstart
if(is_executable('/sbin/initctl')){
exec('/sbin/initctl version 2>/dev/null | /bin/grep -q upstart', $retval['output'], $retval['retval']);
if(intval($retval['retval']) == 0) return 'service '.$servicename.' '.$action;
}
+ // systemd
+ if(is_executable('/bin/systemd') || is_executable('/usr/bin/systemctl')){
+ return 'systemctl '.$action.' '.$servicename.'.service';
+ }
// sysvinit
if($init_script_directory == '') $init_script_directory = $conf['init_scripts'];
if(substr($init_script_directory, -1) === '/') $init_script_directory = substr($init_script_directory, 0, -1);
--
Gitblit v1.9.1