class.ISPConfigDebianOS.inc.php

				throw new ISPConfigOSException('Command ' . $cmd . ' failed.');
			}

			$packages = array(
				'pure-ftpd-common',
				'pure-ftpd-mysql',
				'webalizer',
				'awstats'
			);
			$this->installPackages($packages);

			ISPConfigLog::info('Enabling TLS for pureftpd', true);
			if(!is_dir('/etc/pure-ftpd/conf')) {
				mkdir('/etc/pure-ftpd/conf', 0755);
			}
			file_put_contents('/etc/pure-ftpd/conf/TLS', '1');
			if(!is_dir('/etc/ssl/private')) {
				mkdir('/etc/ssl/private', 0755, true);
			}

			$ssl_subject = '/C=DE/ST=None/L=None/O=IT/CN=' . $host_name;
			$cmd = 'openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -subj ' . escapeshellarg($ssl_subject) . ' -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem > /dev/null 2>&1';
			$result = $this->exec($cmd);
			if($result === false) {
				throw new ISPConfigOSException('Command ' . $cmd . ' failed.');
			}
			chmod('/etc/ssl/private/pure-ftpd.pem', 0600);

			// set passive port range if needed
			$ftp_ports = ISPConfig::getFTPPassivePorts();
			if($ftp_ports) {
				file_put_contents('/etc/pure-ftpd/conf/PassivePortRange', $ftp_ports['from'] . ' ' . $ftp_ports['to']);
			}

			$this->restartService('pure-ftpd-mysql');

			ISPConfigLog::info('Disabling awstats cron.', true);
			$entries = array(
				array(
					'first_line' => '/.*/',
					'last_line' => '/####nomatch###/',
					'search' => '/.*/'
				)
			);
			$this->commentLines('/etc/cron.d/awstats', $entries);

			if($this->shallCompileJailkit()) {
				$cmd = 'cd /tmp ; ( wget -O jailkit-2.20.tar.gz "http://olivier.sessink.nl/jailkit/jailkit-2.20.tar.gz" > /dev/null 2>&1 && tar xzf jailkit-2.20.tar.gz 2>&1 ) && ( cd jailkit-2.20 ; echo 5 > debian/compat ; ./debian/rules binary 2>&1 ) && ( cd /tmp ; dpkg -i jailkit_2.20-1_*.deb 2>&1 ; rm -rf jailkit-2.20* )';
				$result = $this->exec($cmd, array(), 3);
				if($result === false) {
					throw new ISPConfigOSException('Command ' . $cmd . ' failed.');

				}
			}
		}

		$packages = array(
			'fail2ban'
		);
		if(ISPConfig::shallInstall('firewall')) {
			$packages[] = 'ufw';
		}

		$this->installPackages($packages);

		$jk_jail = $this->getFail2BanJail();
		file_put_contents('/etc/fail2ban/jail.local', $jk_jail);
		unset($jk_jail);

		$this->restartService('fail2ban');

		$this->fixDbconfigCommon();

		if(ISPConfig::shallInstall('mail') && ISPConfig::shallInstall('roundcube')) {
			ISPConfigLog::info('Installing roundcube.', true);

			$cmd = 'APP_PASS="' . ISPConfigFunctions::generatePassword(15) . '"' . "\n";
			$cmd .= 'ROOT_PASS="' . $mysql_root_pw . '"' . "\n";
			$cmd .= 'APP_DB_PASS="' . ISPConfigFunctions::generatePassword(15) . '"' . "\n";
			$cmd .= 'echo "roundcube-core roundcube/dbconfig-install boolean true" | debconf-set-selections 2>&1' . "\n";
			$cmd .= 'echo "roundcube-core roundcube/database-type select mysql" | debconf-set-selections 2>&1' . "\n";
			$cmd .= 'echo "roundcube-core roundcube/mysql/admin-user string root" | debconf-set-selections 2>&1' . "\n";
			$cmd .= 'echo "roundcube-core roundcube/mysql/admin-pass password $ROOT_PASS" | debconf-set-selections 2>&1' . "\n";
			$cmd .= 'echo "roundcube-core roundcube/mysql/app-pass password $APP_DB_PASS" | debconf-set-selections 2>&1' . "\n";
			$cmd .= 'echo "roundcube-core roundcube/reconfigure-webserver multiselect apache2" | debconf-set-selections 2>&1' . "\n";
			$result = $this->exec($cmd);
			if($result === false) {
				throw new ISPConfigOSException('Command ' . $cmd . ' failed.');
			}

			$packages = array(
				'roundcube',
				'roundcube-core',
				'roundcube-mysql',
				'roundcube-plugins'
			);
			$this->installPackages($packages);

			$replacements = array(
				'/^\s*\$config\s*\[["\']default_host["\']\]\s*=.*$/m' => '$config[\'default_host\'] = \'localhost\';',
				'/^\s*\$config\s*\[["\']smtp_server["\']\]\s*=.*$/m' => '$config[\'smtp_server\'] = \'%h\';',
				'/^\s*\$config\s*\[["\']smtp_port["\']\]\s*=.*$/m' => '$config[\'smtp_port\'] = 25;',
				'/^\s*\$config\s*\[["\']smtp_user["\']\]\s*=.*$/m' => '$config[\'smtp_user\'] = \'%u\';',
				'/^\s*\$config\s*\[["\']smtp_pass["\']\]\s*=.*$/m' => '$config[\'smtp_pass\'] = \'%p\';'
			);
			$result = $this->replaceContents('/etc/roundcube/config.inc.php', $replacements);

			if(ISPConfig::$WEBSERVER === ISPC_WEBSERVER_APACHE) {
				$replacements = array(
					'/^\s*#*\s*Alias\s+\/roundcube\s+\/var\/lib\/roundcube\s*$/m' => 'Alias /webmail /var/lib/roundcube'
				);
				$result = $this->replaceContents('/etc/apache2/conf-enabled/roundcube.conf', $replacements);
			} elseif(ISPConfig::$WEBSERVER === ISPC_WEBSERVER_NGINX) {
				symlink('/usr/share/roundcube', '/usr/share/squirrelmail');
			}
		}

		if(ISPConfig::shallInstall('web')) {
			if(ISPConfig::$WEBSERVER === ISPC_WEBSERVER_APACHE) {
				$this->restartService('apache2');
			} else {
				$this->restartService('nginx');
			}
		}

		ISPConfigLog::info('Installing ISPConfig3.', true);

		$ispconfig_admin_pw = ISPConfigFunctions::generatePassword(15);

		if(!ISPConfig::wantsInteractive()) {
			$autoinstall = '[install]
	language=' . (isset($_GET['lang']) && $_GET['lang'] === 'de' ? 'de' : 'en') . '
	install_mode=expert
	hostname=' . $host_name . '
	mysql_hostname=localhost
	mysql_port=3306
	mysql_root_user=root
	mysql_root_password=' . $mysql_root_pw . '
	mysql_database=dbispconfig
	mysql_charset=utf8
	http_server=' . (ISPConfig::$WEBSERVER === ISPC_WEBSERVER_APACHE ? 'apache' : 'nginx') . '
	ispconfig_port=8080
	ispconfig_use_ssl=y
	ispconfig_admin_password=' . $ispconfig_admin_pw . '
	create_ssl_server_certs=y
	ignore_hostname_dns=n
	ispconfig_postfix_ssl_symlink=y
	ispconfig_pureftpd_ssl_symlink=y

	[ssl_cert]
	ssl_cert_country=DE
	ssl_cert_state=None
	ssl_cert_locality=None
	ssl_cert_organisation=None
	ssl_cert_organisation_unit=IT
	ssl_cert_common_name=' . $host_name . '
	ssl_cert_email=

	[expert]
	mysql_ispconfig_user=ispconfig
	mysql_ispconfig_password=' . ISPConfigFunctions::generatePassword(15) . '
	join_multiserver_setup=n
	mysql_master_hostname=
	mysql_master_root_user=
	mysql_master_root_password=
	mysql_master_database=
	configure_mail=' . (ISPConfig::shallInstall('mail') ? 'y' : 'n') . '
	configure_jailkit=' . (ISPConfig::shallInstall('web') ? 'y' : 'n') . '
	configure_ftp=' . (ISPConfig::shallInstall('web') ? 'y' : 'n') . '
	configure_dns=' . (ISPConfig::shallInstall('dns') ? 'y' : 'n') . '
	configure_apache=' . (ISPConfig::shallInstall('web') && ISPConfig::$WEBSERVER === ISPC_WEBSERVER_APACHE ? 'y' : 'n') . '
	configure_nginx=' . (ISPConfig::shallInstall('web') && ISPConfig::$WEBSERVER === ISPC_WEBSERVER_NGINX ? 'y' : 'n') . '
	configure_firewall=' . (ISPConfig::shallInstall('firewall') ? 'y' : 'n') . '
	configure_webserver=' . (ISPConfig::shallInstall('web') ? 'y' : 'n') . '
	install_ispconfig_web_interface=' . (ISPConfig::shallInstall('web') ? 'y' : 'n') . '

	[update]
	do_backup=yes
	mysql_root_password=' . $mysql_root_pw . '
	mysql_master_hostname=
	mysql_master_root_user=
	mysql_master_root_password=
	mysql_master_database=
	reconfigure_permissions_in_master_database=no
	reconfigure_services=yes
	ispconfig_port=8080
	create_new_ispconfig_ssl_cert=no
	reconfigure_crontab=yes
	create_ssl_server_certs=y
	ignore_hostname_dns=n
	ispconfig_postfix_ssl_symlink=y
	ispconfig_pureftpd_ssl_symlink=y

	; These are for service-detection (defaulting to old behaviour where alle changes were automatically accepted)
	svc_detect_change_mail_server=yes
	svc_detect_change_web_server=yes
	svc_detect_change_dns_server=yes
	svc_detect_change_xmpp_server=yes
	svc_detect_change_firewall_server=yes
	svc_detect_change_vserver_server=yes
	svc_detect_change_db_server=yes';
			file_put_contents('/tmp/ispconfig.autoinstall.ini', $autoinstall);
			$ai_argument = '--autoinstall=/tmp/ispconfig.autoinstall.ini';
		} else {
			$ai_argument = '';
		}

		if(ISPConfig::wantsInteractive()) {
			ISPConfigLog::info('Your MySQL root password is: ' . $mysql_root_pw, true);
		}

		$cmd = 'cd /tmp ; rm -rf ispconfig3_install 2>&1';
		if(ISPConfig::getISPConfigChannel() === 'dev') {
			$cmd .= ' ; wget -O ispconfig.tar.gz "https://git.ispconfig.org/ispconfig/ispconfig3/-/archive/develop/ispconfig3-develop.tar.gz" >/dev/null 2>&1 ; tar xzf ispconfig.tar.gz ; mv ispconfig3-develop ispconfig3_install';
		} else {
			$cmd .= ' ; wget -O ispconfig.tar.gz "https://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz" >/dev/null 2>&1 ; tar xzf ispconfig.tar.gz';
		}
		$cmd .= ' ; cd ispconfig3_install ; cd install ; php -q install.php ' . $ai_argument . ' 2>&1 ; cd /tmp ; rm -rf ispconfig3_install 2>&1';
		if(ISPConfig::wantsInteractive()) {
			$result = $this->passthru($cmd);
		} else {
			$result = $this->exec($cmd);
		}
		if($result === false) {
			throw new ISPConfigOSException('Command ' . $cmd . ' failed.');
		}

		if(!ISPConfig::wantsInteractive() && is_file('/tmp/ispconfig.autoinstall.ini')) {
			unlink('/tmp/ispconfig.autoinstall.ini');
		}

		if(ISPConfig::shallInstall('web')) {
			ISPConfigLog::info('Adding php versions to ISPConfig.', true);

			$server_id = 0;
			$ispc_config = ISPConfigConnector::getLocalConfig();
			if(!$ispc_config || !isset($ispc_config['server_id']) || !$ispc_config['server_id']) {
				throw new ISPConfigOSException('Could not read ISPConfig settings file.');
			}
			$server_id = $ispc_config['server_id'];

			foreach($php_versions as $curver) {
				$qry = 'INSERT IGNORE INTO `dbispconfig`.`server_php` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `client_id`, `name`, `php_fastcgi_binary`, `php_fastcgi_ini_dir`, `php_fpm_init_script`, `php_fpm_ini_dir`, `php_fpm_pool_dir`, `active`) VALUES (1, 1, \'riud\', \'riud\', \'\', ' . intval($server_id) . ', 0, \'PHP ' . $curver . '\', \'/usr/bin/php-cgi' . $curver . '\', \'/etc/php/' . $curver . '/cgi/php.ini\', \'/etc/init.d/php' . $curver . '-fpm\', \'/etc/php/' . $curver . '/fpm/php.ini\', \'/etc/php/' . $curver . '/fpm/pool.d\', \'y\')';			  $cmd = 'mysql --defaults-file=/etc/mysql/debian.cnf -e ' . escapeshellarg($qry);
				$result = $this->exec($cmd);
				if($result === false) {
					throw new ISPConfigOSException('Command ' . $cmd . ' failed.');
				}
			}
		}

		$this->restartService('clamav-daemon');
		if(ISPConfig::shallInstall('mail')) {
			if(ISPConfig::wantsAmavis()) {
				$this->restartService('amavis');
			} else {
				$this->startService('rspamd');
			}
		}


		ISPConfigLog::info('Checking all services are running.', true);
		$check_services = array(
			'mysql',
			'clamav-daemon',
			'postfix',
		);

		if(ISPConfig::shallInstall('local-dns')) {
			if(ISPConfig::wantsUnbound()) {
				$check_services[] = 'unbound';
			} else {
				$check_services[] = 'bind9';
			}
		}
		if(ISPConfig::shallInstall('web')) {
			$check_services[] = 'pureftpd';
			if(ISPConfig::$WEBSERVER === ISPC_WEBSERVER_APACHE) {
				$check_services[] = 'apache2';
			} elseif(ISPConfig::$WEBSERVER === ISPC_WEBSERVER_NGINX) {
				$check_services[] = 'nginx';
			}
		}
		if(ISPConfig::shallInstall('mail')) {
			if(!ISPConfig::wantsAmavis()) {
				$check_services[] = 'rspamd';
				$check_services[] = 'redis-server';
			} else {
				$check_services[] = 'amavis';
			}
			$check_services[] = 'dovecot';
		}

		foreach($check_services as $service) {
			$status = $this->isServiceRunning($service);
			ISPConfigLog::info($service . ': ' . ($status ? '<green>OK</green>' : '<lightred>FAILED</lightred>'), true);
			if(!$status) {
				ISPConfigLog::warn($service . ' seems not to be running!', true);
			}
		}


		ISPConfigLog::info('Installation ready.', true);

		if(ISPConfig::shallInstall('mailman') && $mailman_password != '') {
			ISPConfigLog::info('Your Mailman password is: ' . $mailman_password, true);
		}
		if(ISPConfig::shallInstall('web') && !ISPConfig::wantsInteractive()) {
			ISPConfigLog::info('Your ISPConfig admin password is: ' . $ispconfig_admin_pw, true);
		}
		ISPConfigLog::info('Your MySQL root password is: ' . $mysql_root_pw, true);

		return true;
	}

	protected function getSystemPHPVersion() {
		return '7.0';
	}
}