Implemented: FS#973 - Gentoo support for installer. Fixed FS#974 - Directory...

Implemented: FS#973 - Gentoo support for installer. Fixed FS#974 - Directory mode for firewall configuration

install/dist/conf/gentoo.conf.php

@@ -31,85 +31,162 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 //*** Gentoo default settings
 
 //* Main
-$dist['init_scripts'] = '/etc/init.d';
-$dist['runlevel'] = '/etc';
-$dist['shells'] = '/etc/shells';
-$dist['cron_tab'] = '/var/spool/cron/crontabs/root';
-$dist['pam'] = '/etc/pam.d';
+$conf['language'] = 'en';
+$conf['distname'] = 'gentoo-1.12.11.1';
+$conf['hostname'] = 'server1.domain.tld'; // Full hostname
+$conf['ispconfig_install_dir'] = '/usr/local/ispconfig';
+$conf['ispconfig_config_dir'] = '/usr/local/ispconfig';
+$conf['ispconfig_log_priority'] = 2;  // 0 = Debug, 1 = Warning, 2 = Error
+$conf['server_id'] = 1;
+$conf['init_scripts'] = '/etc/init.d';
+$conf['runlevel'] = '/etc';
+$conf['shells'] = '/etc/shells';
+$conf['cron_tab'] = '/var/spool/cron/crontabs/root';
+$conf['pam'] = '/etc/pam.d';
+
+//* Services provided by this server, this selection will be overridden by the expert mode
+$conf['services']['mail'] = true;
+$conf['services']['web'] = true;
+$conf['services']['dns'] = true;
+$conf['services']['file'] = true;
+$conf['services']['db'] = true;
+$conf['services']['vserver'] = true;
 
 //* MySQL
-$dist['mysql']['init_script'] = 'mysql';
+$conf['mysql']['installed'] = false; // will be detected automatically during installation
+$conf['mysql']['init_script'] = 'mysql';
+$conf['mysql']['host'] = 'localhost';
+$conf['mysql']['ip'] = '127.0.0.1';
+$conf['mysql']['port'] = '3306';
+$conf['mysql']['database'] = 'dbispconfig';
+$conf['mysql']['admin_user'] = 'root';
+$conf['mysql']['admin_password'] = '';
+$conf['mysql']['charset'] = 'utf8';
+$conf['mysql']['ispconfig_user'] = 'ispconfig';
+$conf['mysql']['ispconfig_password'] = md5 (uniqid (rand()));
+$conf['mysql']['master_slave_setup'] = 'n';
+$conf['mysql']['master_host'] = '';
+$conf['mysql']['master_database'] = 'dbispconfig';
+$conf['mysql']['master_admin_user'] = 'root';
+$conf['mysql']['master_admin_password'] = '';
+$conf['mysql']['master_ispconfig_user'] = '';
+$conf['mysql']['master_ispconfig_password'] = md5 (uniqid (rand()));
+
+//* SuPHP
+$conf['suphp']['config_file'] = '/etc/suphp.conf';
 
 //* Apache
-$dist['apache']['user'] = 'apache';
-$dist['apache']['group'] = 'apache';
-$dist['apache']['init_script'] = 'apache2';
-$dist['apache']['version'] = '2.2';
-$dist['apache']['vhost_dist_dir'] = '/etc/apache2/vhosts.d';
-$dist['apache']['vhost_dist_enabled_dir'] = '/etc/apache2/vhosts.d';
+$conf['apache']['installed'] = false; // will be detected automatically during installation
+$conf['apache']['user'] = 'apache';
+$conf['apache']['group'] = 'apache';
+$conf['apache']['init_script'] = 'apache2';
+$conf['apache']['version'] = '2.2';
+$conf['apache']['config_dir'] = '/etc/apache2';
+$conf['apache']['config_file'] = $conf['apache']['config_dir'] .'/httpd.conf';
+$conf['apache']['ssl_dir'] = $conf['apache']['config_dir'] .'/ssl';
+$conf['apache']['vhost_conf_dir'] = $conf['apache']['config_dir'] . '/vhosts.d';
+$conf['apache']['vhost_conf_enabled_dir'] = $conf['apache']['vhost_conf_dir']; 
+$conf['apache']['vhost_default'] = '00_default_vhost.conf';
 $conf['apache']['vhost_port'] = '8080';
 
+//* Website base settings
+$conf['web']['website_basedir'] = '/var/www';
+$conf['web']['website_path'] = '/var/www/clients/client[client_id]/web[website_id]';
+$conf['web']['website_symlinks'] = '/var/www/[website_domain]/:/var/www/clients/client[client_id]/[website_domain]/';
+
+//* Apps base settings
+$conf['web']['apps_vhost_ip'] = '_default_';
+$conf['web']['apps_vhost_port'] = '8081';
+$conf['web']['apps_vhost_servername'] = '';
+$conf['web']['apps_vhost_user'] = 'ispapps';
+$conf['web']['apps_vhost_group'] = 'ispapps';
+
+//* Fastcgi
+$conf['fastcgi']['fastcgi_phpini_path'] = '/etc/php5/cgi/';
+$conf['fastcgi']['fastcgi_starter_path'] = '/var/www/php-fcgi-scripts/[system_user]/';
+
 //* Postfix
-$dist['postfix']['config_dir'] = '/etc/postfix';
-$dist['postfix']['init_script'] = 'postfix';
-$dist['postfix']['user'] = 'postfix';
-$dist['postfix']['group'] = 'postfix';
-$dist['postfix']['vmail_userid'] = '5000';
-$dist['postfix']['vmail_username'] = 'vmail';
-$dist['postfix']['vmail_groupid'] = '5000';
-$dist['postfix']['vmail_groupname'] = 'vmail';
-$dist['postfix']['vmail_mailbox_base'] = '/var/vmail';
+$conf['postfix']['installed'] = false; // will be detected automatically during installation
+$conf['postfix']['config_dir'] = '/etc/postfix';
+$conf['postfix']['init_script'] = 'postfix';
+$conf['postfix']['user'] = 'postfix';
+$conf['postfix']['group'] = 'postfix';
+$conf['postfix']['vmail_userid'] = '5000';
+$conf['postfix']['vmail_username'] = 'vmail';
+$conf['postfix']['vmail_groupid'] = '5000';
+$conf['postfix']['vmail_groupname'] = 'vmail';
+$conf['postfix']['vmail_mailbox_base'] = '/var/vmail';
 
 //* Getmail
-$dist['getmail']['config_dir'] = '/etc/getmail';
-$dist['getmail']['program'] = '/usr/bin/getmail';
+$conf['getmail']['installed'] = false; // will be detected automatically during installation
+$conf['getmail']['user'] = 'getmail';
+$conf['getmail']['config_dir'] = '/etc/getmail';
+$conf['getmail']['program'] = '/usr/bin/getmail';
 
 //* Courier
-$dist['courier']['config_dir'] = '/etc/courier';
-$dist['courier']['courier-authdaemon'] = 'courier-authlib';
-$dist['courier']['courier-imap'] = 'courier-imapd';
-$dist['courier']['courier-imap-ssl'] = 'courier-imapd-ssl';
-$dist['courier']['courier-pop'] = 'courier-pop3d';
-$dist['courier']['courier-pop-ssl'] = 'courier-pop3d-ssl';
+$conf['courier']['installed'] = false; // will be detected automatically during installation
+$conf['courier']['config_dir'] = '/etc/courier/authlib';
+$conf['courier']['courier-authdaemon'] = 'courier-authlib';
+$conf['courier']['courier-imap'] = 'courier-imapd';
+$conf['courier']['courier-imap-ssl'] = 'courier-imapd-ssl';
+$conf['courier']['courier-pop'] = 'courier-pop3d';
+$conf['courier']['courier-pop-ssl'] = 'courier-pop3d-ssl';
 
 //* SASL
-$dist['saslauthd']['config'] = '/etc/default/saslauthd';
-$dist['saslauthd']['init_script'] = 'saslauthd';
+$conf['saslauthd']['installed'] = false; // will be detected automatically during installation
+$conf['saslauthd']['config_file'] = '/etc/conf.d/saslauthd';
+$conf['saslauthd']['config_dir'] = '/etc/sasl2'; 
+$conf['saslauthd']['init_script'] = 'saslauthd';
 
 //* Amavisd
-$dist['amavis']['config_dir'] = '/etc/amavis';
-$dist['amavis']['init_script'] = 'amavisd';
+$conf['amavis']['installed'] = false; // will be detected automatically during installation
+$conf['amavis']['config_file'] = '/etc/amavisd.conf';
+$conf['amavis']['init_script'] = 'amavisd';
 
 //* ClamAV
-$dist['clamav']['init_script'] = 'clamd';
+$conf['clamav']['installed'] = false; // will be detected automatically during installation
+$conf['clamav']['init_script'] = 'clamd';
 
 //* Pureftpd
-$dist['pureftpd']['config_dir'] = '/etc/pure-ftpd';
-$dist['pureftpd']['init_script'] = 'pure-ftpd';
+$conf['pureftpd']['installed'] = false; // will be detected automatically during installation
+$conf['pureftpd']['config_file'] = '/etc/conf.d/pure-ftpd';
+$conf['pureftpd']['mysql_config_file'] = '/etc/pureftpd-mysql.conf';
+$conf['pureftpd']['init_script'] = 'pure-ftpd';
 
 //* MyDNS
-$dist['mydns']['config_dir'] = '/etc';
-$dist['mydns']['init_script'] = 'mydns';
+$conf['mydns']['installed'] = false; // will be detected automatically during installation
+$conf['mydns']['config_dir'] = '/etc';
+$conf['mydns']['init_script'] = 'mydns';
 
 //* PowerDNS
 $conf['powerdns']['installed'] = false; // will be detected automatically during installation
 $conf['powerdns']['database'] = 'powerdns';
-$conf["powerdns"]["config_dir"] = '/etc/powerdns/pdns.d';
-$conf['powerdns']['init_script'] = 'pdns';
+$conf["powerdns"]["config_dir"] = '/etc/powerdns';
+$conf["powerdns"]["config_file"] = 'pdns-local.conf';
+$conf['powerdns']['init_script'] = 'pdns.local';
+
+//* BIND DNS Server
+$conf['bind']['installed'] = false; // will be detected automatically during installation
+$conf['bind']['bind_user'] = 'root';
+$conf['bind']['bind_group'] = 'bind';
+$conf['bind']['bind_zonefiles_dir'] = '/etc/bind';
+$conf['bind']['named_conf_path'] = '/etc/bind/named.conf';
+$conf['bind']['named_conf_local_path'] = '/etc/bind/named.conf.local';
+$conf['bind']['init_script'] = 'named';
 
 //* Jailkit
+$conf['jailkit']['installed'] = false; // will be detected automatically during installation
 $conf['jailkit']['config_dir'] = '/etc/jailkit';
 $conf['jailkit']['jk_init'] = 'jk_init.ini';
 $conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini';
-$conf['jailkit']['jailkit_chroot_app_programs'] = '/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico';
-$conf['jailkit']['jailkit_chroot_cron_programs'] = '/usr/bin/php /usr/bin/perl /usr/share/perl /usr/share/php';
+$conf['jailkit']['jailkit_chroot_app_programs'] = '/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/less /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/vim';
 
 //* vlogger
-$conf['vlogger']['config_dir'] = '/etc';
+$conf['vlogger']['config_dir'] = '/etc/vlogger';
 
 //* cron
-$conf['cron']['init_script'] = 'cron';
+$conf['cron']['init_script'] = 'vixie-cron';
 $conf['cron']['crontab_dir'] = '/etc/cron.d';
+$conf['cron']['group'] = 'cron';
 $conf['cron']['wget'] = '/usr/bin/wget';
-
-?>
\ No newline at end of file
+?>

install/dist/tpl/gentoo/amavisd-ispconfig.conf.master

+use strict;
+
+#
+# Place your configuration directives here.  They will override those in
+# earlier files.
+#
+# See /usr/share/doc/amavisd-new/ for documentation and examples of
+# the directives you can use in this file
+#
+
+@av_scanners = (
+
+### http://www.clamav.net/
+ ['ClamAV-clamd',
+  \&ask_daemon, ["SCAN {}\n", "/var/run/clamav/clamd.sock"],
+  qr/\bOK$/, qr/\bFOUND$/,
+  qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
+);
+
+@av_scanners_backup = (
+
+### http://www.clamav.net/   - backs up clamd or Mail::ClamAV
+['ClamAV-clamscan', 'clamscan',
+    "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1],
+    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
+
+);
+
+@bypass_virus_checks_maps = (
+   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
+
+@bypass_spam_checks_maps = (
+   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
+
+#   
+# Database connection settings
+#
+
+@lookup_sql_dsn =
+   ( ['DBI:mysql:database={mysql_server_database};host={mysql_server_ip};port={mysql_server_port}', '{mysql_server_ispconfig_user}', '{mysql_server_ispconfig_password}'] );
+
+# @storage_sql_dsn = @lookup_sql_dsn;  # none, same, or separate database
+#$sql_select_policy = 'SELECT "Y" as local FROM mail_domain WHERE CONCAT("@",domain) IN (%k)';
+# $banned_files_quarantine_method = 'sql';
+# $spam_quarantine_method         = 'sql';
+
+#
+# SQL Select statements
+#
+
+$sql_select_policy =
+   'SELECT *,spamfilter_users.id'.
+   ' FROM spamfilter_users LEFT JOIN spamfilter_policy ON spamfilter_users.policy_id=spamfilter_policy.id'.
+   ' WHERE spamfilter_users.email IN (%k) ORDER BY spamfilter_users.priority DESC';
+
+
+$sql_select_white_black_list = 'SELECT wb FROM spamfilter_wblist'.
+    ' WHERE (spamfilter_wblist.rid=?) AND (spamfilter_wblist.email IN (%k))' .
+    ' ORDER BY spamfilter_wblist.priority DESC';
+
+#
+# Quarantine settings
+#
+
+$final_virus_destiny = D_BOUNCE;
+$final_spam_destiny = D_DISCARD;
+$final_banned_destiny = D_BOUNCE;
+$final_bad_header_destiny = D_PASS;
+
+# Default settings, we st this very high to not filter aut emails accidently
+$sa_spam_subject_tag = '***SPAM*** ';
+$sa_tag_level_deflt  = 20.0;  # add spam info headers if at, or above that level
+$sa_tag2_level_deflt = 60.0; # add 'spam detected' headers at that level
+$sa_kill_level_deflt = 60.0; # triggers spam evasive actions
+$sa_dsn_cutoff_level = 100;   # spam level beyond which a DSN is not sent
+
+#
+# Disable spam and virus notifications for the admin user.
+# Can be overridden by the policies in mysql
+#
+
+$virus_admin = undef;
+$spam_admin = undef;
+
+
+#
+# Enable Logging
+#
+
+$DO_SYSLOG = 1;
+$LOGFILE = "/var/log/amavis.log";  # (defaults to empty, no log)
+
+# Set the log_level to 5 for debugging
+$log_level = 0;                # (defaults to 0)
+
+
+#------------ Do not modify anything below this line -------------
+1;  # insure a defined return

install/dist/tpl/gentoo/apache_ispconfig.conf.master

+
+
+################################################
+# ISPConfig Logfile configuration for vlogger
+################################################
+
+LogFormat "%v %h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig
+CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m%d-access.log\" -d \"/etc/vlogger/vlogger-dbi.conf\" /var/log/ispconfig/httpd" combined_ispconfig
+
+<Directory /var/www/clients>
+    AllowOverride None
+    Order Deny,Allow
+    Deny from all
+</Directory>
+
+

install/dist/tpl/gentoo/jk_init.ini.master

+[ldconfig]
+executables = /sbin/ldconfig
+regularfiles = /etc/ld.so.conf
+
+[uidbasics]
+comment = common files for all jails that need user/group information
+libraries = /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss*.so.2, /lib64/libnss*.so.2
+regularfiles = /etc/nsswitch.conf
+includesections = ldconfig
+
+[netbasics]
+comment = common files for all jails that need any internet connectivity
+libraries = /lib/libnss_dns.so.2, /lib64/libnss_dns.so.2
+regularfiles = /etc/resolv.conf, /etc/host.conf, /etc/hosts, /etc/protocols
+
+[logbasics]
+comment = timezone information
+regularfiles = /etc/localtime
+need_logsocket = 1
+
+[jk_lsh]
+comment = Jailkit limited shell
+executables = /usr/sbin/jk_lsh
+regularfiles = /etc/jailkit/jk_lsh.ini
+users = root
+groups = root
+need_logsocket = 1
+includesections = uidbasics
+
+[limitedshell]
+comment = alias for jk_lsh
+includesections = jk_lsh
+
+[cvs]
+comment = Concurrent Versions System
+executables = /usr/bin/cvs
+devices = /dev/null
+
+[git]
+comment = Fast Version Control System
+executables = /usr/bin/git*
+directories = /usr/share/git-core
+includesections = editors
+
+[scp]
+comment = ssh secure copy
+executables = /usr/bin/scp
+includesections = netbasics, uidbasics
+devices = /dev/urandom
+
+[sftp]
+comment = ssh secure ftp
+executables = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server, /usr/libexec/sftp-server
+includesections = netbasics, uidbasics
+devices = /dev/urandom, /dev/null
+
+[ssh]
+comment = ssh secure shell
+executables = /usr/bin/ssh
+includesections = netbasics, uidbasics
+devices = /dev/urandom, /dev/tty
+
+[rsync]
+executables = /usr/bin/rsync
+includesections = netbasics, uidbasics
+
+[procmail]
+comment = procmail mail delivery
+executables = /usr/bin/procmail, /bin/sh
+devices = /dev/null
+
+[basicshell]
+comment = bash based shell with several basic utilities
+executables = /bin/sh, /bin/bash, /bin/ls, /bin/cat, /bin/chmod, /bin/mkdir, /bin/cp, /bin/cpio, /bin/date, /bin/dd, /bin/echo, /bin/egrep, /bin/false, /bin/fgrep, /bin/grep, /bin/gunzip, /bin/gzip, /bin/ln, /bin/ls, /bin/mkdir, /bin/mktemp, /bin/more, /bin/mv, /bin/pwd, /bin/rm, /bin/rmdir, /bin/sed, /bin/sh, /bin/sleep, /bin/sync, /bin/tar, /bin/touch, /bin/true, /bin/uncompress, /bin/zcat
+regularfiles = /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile
+#directories =
+users = root
+groups = root
+includesections = uidbasics
+
+[midnightcommander]
+comment = Midnight Commander
+executables = /usr/bin/mc, /usr/bin/mcedit, /usr/bin/mcview
+directories = /etc/terminfo, /usr/share/terminfo, /usr/share/mc
+includesections = basicshell
+
+[extendedshell]
+comment = bash shell including things like awk, bzip, tail, less
+executables = /usr/bin/awk, /bin/bzip2, /bin/bunzip2, /usr/bin/ldd, /usr/bin/less, /usr/bin/clear, /usr/bin/cut, /usr/bin/du, /usr/bin/find, /usr/bin/head, /usr/bin/md5sum, /usr/bin/nice, /usr/bin/sort, /usr/bin/tac, /usr/bin/tail, /usr/bin/tr, /usr/bin/wc, /usr/bin/watch, /usb/bin/whoami
+includesections = basicshell, midnightcommander, editors
+
+[editors]
+comment = joe and nano
+executables = /usr/bin/joe, /usr/bin/nano, /usr/bin/vi, /usr/bin/vim
+regularfiles = /etc/vimrc
+directories = /etc/joe, /etc/terminfo, /usr/share/vim, /usr/share/terminfo, /usr/lib/terminfo
+
+[netutils]
+comment = several internet utilities like wget, ftp, rsync, scp, ssh
+executables = /usr/bin/wget, /usr/bin/lynx, /usr/bin/ftp, /usr/bin/host, /usr/bin/rsync, /usr/bin/smbclient
+includesections = netbasics, ssh, sftp, scp
+
+[apacheutils]
+comment = htpasswd utility
+executables = /usr/bin/htpasswd
+
+[extshellplusnet]
+comment = alias for extendedshell + netutils + apacheutils
+includesections = extendedshell, netutils, apacheutils
+
+[openvpn]
+comment = jail for the openvpn daemon
+executables = /usr/sbin/openvpn
+users = root,nobody
+groups = root,nogroup
+includesections = netbasics
+devices = /dev/urandom, /dev/random, /dev/net/tun
+includesections = netbasics, uidbasics
+need_logsocket = 1
+
+[apache]
+comment = the apache webserver, very basic setup, probably too limited for you
+executables = /usr/sbin/apache2
+users = root, apache
+groups = root, apache
+includesections = netbasics, uidbasics
+
+[perl]
+comment = the perl interpreter and libraries
+executables = /usr/bin/perl
+directories = /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5
+
+[xauth]
+comment = getting X authentication to work
+executables = /usr/bin/X11/xauth
+regularfiles = /usr/X11R6/lib/X11/rgb.txt, /etc/ld.so.conf
+
+[xclients]
+comment = minimal files for X clients
+regularfiles = /usr/X11R6/lib/X11/rgb.txt
+includesections = xauth
+
+[vncserver]
+comment = the VNC server program
+executables = /usr/bin/Xvnc, /usr/bin/Xrealvnc
+directories = /usr/X11R6/lib/X11/fonts/
+includesections = xclients
+
+
+#[xterm]
+#comment = xterm
+#executables = /usr/bin/X11/xterm
+#directories = /usr/share/terminfo, /etc/terminfo
+#devices = /dev/pts/0, /dev/pts/1, /dev/pts/2, /dev/pts/3, /dev/pts/4, /dev/ptyb4, /dev/ptya4, /dev/tty, /dev/tty0, /dev/tty4

install/install.php

@@ -55,7 +55,9 @@ require_once('lib/installer_base.lib.php');
 
 //** Ensure that current working directory is install directory
 $cur_dir = getcwd();
-if(realpath(dirname(__FILE__)) != $cur_dir) die("Please run installation/update from _inside_ the install directory!\n");
+if(realpath(dirname(__FILE__)) != $cur_dir) {
+	chdir( realpath(dirname(__FILE__)) );
+}
 
 //** Install logfile
 define('ISPC_LOG_FILE', '/var/log/ispconfig_install.log');

install/lib/install.lib.php

@@ -159,7 +159,19 @@ function get_distname() {
 			$distbaseid = 'fedora';
 			swriteln("Operating System: Redhat or compatible, unknown version.\n");
 		}
-		
+	}
+	
+	//** Gentoo
+ 	elseif(file_exists("/etc/gentoo-release")) {
+ 		
+ 		$content = file_get_contents('/etc/gentoo-release');
+ 
+        preg_match_all('/([0-9]{1,2})/', $content, $version);
+ 		$distname = 'Gentoo';
+ 		$distver = $version[0][0].$version[0][1];
+ 		$distid = 'gentoo';
+ 		$distbaseid = 'gentoo';
+ 		swriteln("Operating System: Gentoo $distver or compatible\n");
 		
 	} else {
 		die('unrecognized linux distribution');

install/lib/installer_base.lib.php

@@ -737,7 +737,7 @@ class installer_base {
 		
 		$config_dir = $conf['pureftpd']['config_dir'];
 
-		//* configure pam for SMTP authentication agains the ispconfig database
+		//* configure pure-ftpd for MySQL authentication against the ispconfig database
 		$configfile = 'db/mysql.conf';
 		if(is_file("$config_dir/$configfile")){
             copy("$config_dir/$configfile", "$config_dir/$configfile~");
@@ -903,7 +903,7 @@ class installer_base {
   		
 		if(is_dir("/etc/Bastille.backup")) caselog("rm -rf /etc/Bastille.backup", __FILE__, __LINE__);
 		if(is_dir("/etc/Bastille")) caselog("mv -f /etc/Bastille /etc/Bastille.backup", __FILE__, __LINE__);
-  		@mkdir("/etc/Bastille", octdec($directory_mode));
+  		@mkdir("/etc/Bastille", 0700);
   		if(is_dir("/etc/Bastille.backup/firewall.d")) caselog("cp -pfr /etc/Bastille.backup/firewall.d /etc/Bastille/", __FILE__, __LINE__);
   		caselog("cp -f tpl/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
   		caselog("chmod 644 /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
@@ -1383,6 +1383,119 @@ class installer_base {
 		
 	}
 	
+	/**
+	 * Helper function - get the path to a template file based on
+	 * the local part of the filename. Checks first for the existence
+	 * of a distribution specific file and if not found looks in the
+	 * base template folder. Optionally the behaviour can be changed
+	 * by setting the 2nd parameter which will fetch the contents
+	 * of the template file and return it instead of the path. The 3rd
+	 * parameter further extends this behaviour by filtering the contents
+	 * by inserting the ispconfig database credentials using the {} placeholders.
+	 * 
+	 * @param string $tLocal local part of filename
+	 * @param bool $tRf
+	 * @param bool $tDBCred
+	 * @return string Relative path to the chosen template file
+	 */
+	protected function get_template_file($tLocal, $tRf=false, $tDBCred=false)
+	{
+		global $conf, $dist;
+		
+		$final_path = '';
+		$dist_template = 'dist/tpl/'.strtolower($dist['name'])."/$tLocal.master";
+		if (file_exists($dist_template)) {
+			$final_path = $dist_template;
+		} else {
+			$final_path = "tpl/$tLocal.master";
+		}
+		
+		if (!$tRf) {
+			return $final_path;
+		} else {
+			return (!$tDBCred) ? rf($final_path) : $this->insert_db_credentials(rf($final_path));
+		}
+	}
+	
+	/**
+	 * Helper function - writes the contents to a config file
+	 * and performs a backup if the file exist. Additionally
+	 * if the file exists the new file will be given the
+	 * same rights and ownership as the original. Optionally the
+	 * rights and/or ownership can be overriden by appending umask,
+	 * user and group to the parameters. Providing only uid and gid
+	 * values will result in only a chown.   
+	 * 
+	 * @param $tConf
+	 * @param $tContents
+	 * @return bool
+	 */
+	protected function write_config_file($tConf, $tContents)
+	{
+		// Backup config file before writing new contents and stat file
+		if ( is_file($tConf) ) 
+		{
+			$stat = exec('stat -c \'%a %U %G\' '.escapeshellarg($tConf), $output, $res);
+			if ($res == 0) { // stat successfull
+				list($access, $user, $group) = split(" ", $stat);
+			}
+			
+			if ( copy($tConf, $tConf.'~') ) {
+				exec('chmod 400 '.$tConf.'~');
+			}
+		}
+		
+		wf($tConf, $tContents); // write file
+		
+		if (func_num_args() >= 4) // override rights and/or ownership
+		{
+			$args = func_get_args();
+			$output = array_slice($args, 2);
+			
+			switch (sizeof($output)) {
+				case 3:
+					$umask = array_shift($output);
+					if