From ee678f5d94c56052b84cf1a78c2ade14b63a0a7f Mon Sep 17 00:00:00 2001
From: "Dr. Yves Kreis" <yves@hosting-skills.lu>
Date: Fri, 8 Sep 2023 11:30:38 +0300
Subject: [PATCH 1/2] --no-jailkit

---
 lib/class.ISPConfig.inc.php                | 1 +
 lib/os/class.ISPConfigDebian10OS.inc.php   | 2 +-
 lib/os/class.ISPConfigDebian11OS.inc.php   | 4 +++-
 lib/os/class.ISPConfigDebianOS.inc.php     | 4 ++--
 lib/os/class.ISPConfigUbuntu2004OS.inc.php | 6 ++++--
 5 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/lib/class.ISPConfig.inc.php b/lib/class.ISPConfig.inc.php
index 0912505..352d611 100644
--- a/lib/class.ISPConfig.inc.php
+++ b/lib/class.ISPConfig.inc.php
@@ -353,6 +353,7 @@ Possible arguments are:
 	--no-mailman	->Do not install Mailman mailing list manager.
 	--no-quota		->Disable file system quota.
 	--no-ntp		->Disable NTP setup.
+	--no-jailkit	->Do not install jailkit.
 	--monit			->Install Monit and set it up to monitor installed services. Supported services: Apache2, NGINX, MariaDB, pure-ftpd-mysql, php-fpm, ssh, named, Postfix, Dovecot, rspamd.
 	--monit-alert-email
 					->Set up alerts for Monit to be sent to given e-mail address. e.g. --monit-alert-email=me@example.com.
diff --git a/lib/os/class.ISPConfigDebian10OS.inc.php b/lib/os/class.ISPConfigDebian10OS.inc.php
index 90db2ba..f1020f0 100644
--- a/lib/os/class.ISPConfigDebian10OS.inc.php
+++ b/lib/os/class.ISPConfigDebian10OS.inc.php
@@ -51,7 +51,7 @@ class ISPConfigDebian10OS extends ISPConfigDebianOS {
 	}
 
 	protected function shallCompileJailkit() {
-		return true;
+		return ISPConfig::shallInstall('jailkit');
 	}
 
 	protected function getRoundcubePackages() {
diff --git a/lib/os/class.ISPConfigDebian11OS.inc.php b/lib/os/class.ISPConfigDebian11OS.inc.php
index f1f1958..60c2edf 100644
--- a/lib/os/class.ISPConfigDebian11OS.inc.php
+++ b/lib/os/class.ISPConfigDebian11OS.inc.php
@@ -29,7 +29,9 @@ class ISPConfigDebian11OS extends ISPConfigDebian10OS {
 			if($key !== false) {
 				unset($packages[$key]);
 			}
-			$packages[] = 'jailkit';
+			if(ISPConfig::shallInstall('jailkit')) {
+				$packages[] = 'jailkit';
+			}
 		} elseif($section === 'ftp_stats') {
 			// prepare paths
 			ISPConfigLog::info('Symlinking webalizer to use awffull.');
diff --git a/lib/os/class.ISPConfigDebianOS.inc.php b/lib/os/class.ISPConfigDebianOS.inc.php
index 22552d2..cf29f09 100644
--- a/lib/os/class.ISPConfigDebianOS.inc.php
+++ b/lib/os/class.ISPConfigDebianOS.inc.php
@@ -1099,7 +1099,7 @@ X11Forwarding no';
 	}
 
 	protected function shallCompileJailkit() {
-		return true;
+		return ISPConfig::shallInstall('jailkit');
 	}
 
 	protected function getFail2BanJail() {
@@ -2026,7 +2026,7 @@ mailman-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe mailman"';
 	mysql_master_root_password=
 	mysql_master_database=
 	configure_mail=' . (ISPConfig::shallInstall('mail') ? 'y' : 'n') . '
-	configure_jailkit=' . (ISPConfig::shallInstall('web') ? 'y' : 'n') . '
+	configure_jailkit=' . (ISPConfig::shallInstall('jailkit') ? 'y' : 'n') . '
 	configure_ftp=' . (ISPConfig::shallInstall('web') ? 'y' : 'n') . '
 	configure_dns=' . (ISPConfig::shallInstall('dns') ? 'y' : 'n') . '
 	configure_apache=' . (ISPConfig::shallInstall('web') && ISPConfig::$WEBSERVER === ISPC_WEBSERVER_APACHE ? 'y' : 'n') . '
diff --git a/lib/os/class.ISPConfigUbuntu2004OS.inc.php b/lib/os/class.ISPConfigUbuntu2004OS.inc.php
index 5db54cd..3239214 100644
--- a/lib/os/class.ISPConfigUbuntu2004OS.inc.php
+++ b/lib/os/class.ISPConfigUbuntu2004OS.inc.php
@@ -52,9 +52,11 @@ deb http://security.ubuntu.com/ubuntu focal-security multiverse
 				'imagemagick',
 				'libruby',
 				'memcached',
-				'php-apcu',
-				'jailkit'
+				'php-apcu'
 			);
+			if(ISPConfig::shallInstall('jailkit')) {
+				$packages[] = 'jailkit';
+			}
 		}
 
 		return $packages;
-- 
GitLab


From 91b58f291cba3930a0e175107d4ad7d93108b77f Mon Sep 17 00:00:00 2001
From: "Dr. Yves Kreis" <yves@hosting-skills.lu>
Date: Fri, 8 Sep 2023 11:32:29 +0300
Subject: [PATCH 2/2] --no-ftp

---
 lib/class.ISPConfig.inc.php                |  4 ++-
 lib/os/class.ISPConfigDebian10OS.inc.php   |  8 ++++--
 lib/os/class.ISPConfigDebian11OS.inc.php   |  2 +-
 lib/os/class.ISPConfigDebianOS.inc.php     | 31 ++++++++++++++++------
 lib/os/class.ISPConfigUbuntu2004OS.inc.php |  8 ++++--
 lib/os/class.ISPConfigUbuntuOS.inc.php     |  8 ++++--
 6 files changed, 45 insertions(+), 16 deletions(-)

diff --git a/lib/class.ISPConfig.inc.php b/lib/class.ISPConfig.inc.php
index 352d611..5e1347b 100644
--- a/lib/class.ISPConfig.inc.php
+++ b/lib/class.ISPConfig.inc.php
@@ -182,6 +182,7 @@ class ISPConfig {
 	}
 
 	public static function wantsPHP() {
+		// If a new version is added, the getApacheModulesToDisable function should be updated to disable the latest version (this part could be improved)
 		$available_php_versions = array(
 			'5.6',
 			'7.0',
@@ -354,6 +355,7 @@ Possible arguments are:
 	--no-quota		->Disable file system quota.
 	--no-ntp		->Disable NTP setup.
 	--no-jailkit	->Do not install jailkit.
+	--no-ftp		->Do not install pure-ftpd server.
 	--monit			->Install Monit and set it up to monitor installed services. Supported services: Apache2, NGINX, MariaDB, pure-ftpd-mysql, php-fpm, ssh, named, Postfix, Dovecot, rspamd.
 	--monit-alert-email
 					->Set up alerts for Monit to be sent to given e-mail address. e.g. --monit-alert-email=me@example.com.
@@ -387,7 +389,7 @@ Possible arguments are:
 			'unattended-upgrades', 'roundcube', 'monit', 'monit-alert-email',
 			'ssh-port', 'ssh-permit-root', 'ssh-password-authentication', 'ssh-harden',
 			'channel', 'lang',
-			'no-web', 'no-mail', 'no-dns', 'no-firewall', 'no-roundcube', 'no-pma', 'no-mailman', 'no-quota', 'no-ntp', 'no-local-dns',
+			'no-web', 'no-mail', 'no-dns', 'no-firewall', 'no-roundcube', 'no-pma', 'no-mailman', 'no-quota', 'no-ntp', 'no-local-dns', 'no-jailkit', 'no-ftp',
 			'i-know-what-i-am-doing'
 		);
 
diff --git a/lib/os/class.ISPConfigDebian10OS.inc.php b/lib/os/class.ISPConfigDebian10OS.inc.php
index f1020f0..c155636 100644
--- a/lib/os/class.ISPConfigDebian10OS.inc.php
+++ b/lib/os/class.ISPConfigDebian10OS.inc.php
@@ -85,14 +85,18 @@ class ISPConfigDebian10OS extends ISPConfigDebianOS {
 	}
 
 	protected function getFail2BanJail() {
-		$jk_jail = '[pure-ftpd]
+		$jk_jail = '';
+		if(ISPConfig::shallInstall('ftp')) {
+			$jk_jail .= '[pure-ftpd]
 enabled = true
 port = ftp
 filter = pure-ftpd
 logpath = /var/log/syslog
 maxretry = 3
 
-[dovecot]
+';
+		}
+		$jk_jail .= '[dovecot]
 enabled = true
 filter = dovecot
 logpath = /var/log/mail.log
diff --git a/lib/os/class.ISPConfigDebian11OS.inc.php b/lib/os/class.ISPConfigDebian11OS.inc.php
index 60c2edf..0854b17 100644
--- a/lib/os/class.ISPConfigDebian11OS.inc.php
+++ b/lib/os/class.ISPConfigDebian11OS.inc.php
@@ -32,7 +32,7 @@ class ISPConfigDebian11OS extends ISPConfigDebian10OS {
 			if(ISPConfig::shallInstall('jailkit')) {
 				$packages[] = 'jailkit';
 			}
-		} elseif($section === 'ftp_stats') {
+		} elseif($section === 'stats') {
 			// prepare paths
 			ISPConfigLog::info('Symlinking webalizer to use awffull.');
 			if(!is_dir('/etc/webalizer')) {
diff --git a/lib/os/class.ISPConfigDebianOS.inc.php b/lib/os/class.ISPConfigDebianOS.inc.php
index cf29f09..f467738 100644
--- a/lib/os/class.ISPConfigDebianOS.inc.php
+++ b/lib/os/class.ISPConfigDebianOS.inc.php
@@ -172,10 +172,13 @@ class ISPConfigDebianOS extends ISPConfigBaseOS {
 				}
 				$packages[] = 'postgrey';
 			}
-		} elseif($section === 'ftp_stats') {
+		} elseif($section === 'ftp') {
 			$packages = array(
 				'pure-ftpd-common',
-				'pure-ftpd-mysql',
+				'pure-ftpd-mysql'
+			);
+		} elseif($section === 'stats') {
+			$packages = array(
 				'webalizer',
 				'awstats',
 				'goaccess'
@@ -510,7 +513,6 @@ Alias /phpmyadmin /usr/share/phpmyadmin
 		$servicesInstalled = array(
 			'mariadb',
 			'memcached',
-			'pure-ftpd-mysql',
 			'fail2ban',
 			'sshd',
 			'crond',
@@ -555,6 +557,10 @@ Alias /phpmyadmin /usr/share/phpmyadmin
 			array_push($servicesInstalled, "redis-server");
 		}
 
+		if(!ISPConfig::shallInstall('ftp')) {
+			array_push($servicesInstalled, "pure-ftpd-mysql");
+		}
+
 		$services = array_unique($servicesInstalled);
 
 		// Set config directories
@@ -1103,14 +1109,18 @@ X11Forwarding no';
 	}
 
 	protected function getFail2BanJail() {
-		$jk_jail = '[pure-ftpd]
+		$jk_jail = '';
+		if(ISPConfig::shallInstall('ftp')) {
+			$jk_jail .= '[pure-ftpd]
 enabled = true
 port = ftp
 filter = pure-ftpd
 logpath = /var/log/syslog
 maxretry = 3
 
-[dovecot]
+';
+		}
+		$jk_jail .= '[dovecot]
 enabled = true
 filter = dovecot
 logpath = /var/log/mail.log
@@ -1888,7 +1898,7 @@ mailman-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe mailman"';
 			}
 		}
 
-		if(ISPConfig::shallInstall('web')) {
+		if(ISPConfig::shallInstall('ftp')) {
 			$cmd = 'echo "pure-ftpd-common pure-ftpd/standalone-or-inetd select standalone" | debconf-set-selections 2>&1' . "\n";
 			$cmd .= 'echo "pure-ftpd-common pure-ftpd/virtualchroot boolean true" | debconf-set-selections 2>&1';
 			$result = $this->exec($cmd);
@@ -1896,7 +1906,7 @@ mailman-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe mailman"';
 				throw new ISPConfigOSException('Command ' . $cmd . ' failed.');
 			}
 
-			$packages = $this->getPackagesToInstall('ftp_stats');
+			$packages = $this->getPackagesToInstall('ftp');
 			$this->installPackages($packages);
 
 			ISPConfigLog::info('Enabling TLS for pureftpd', true);
@@ -1923,6 +1933,11 @@ mailman-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe mailman"';
 			}
 
 			$this->restartService('pure-ftpd-mysql');
+		}
+
+		if(ISPConfig::shallInstall('web')) {
+			$packages = $this->getPackagesToInstall('stats');
+			$this->installPackages($packages);
 
 			ISPConfigLog::info('Disabling awstats cron.', true);
 			$entries = array(
@@ -2027,7 +2042,7 @@ mailman-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe mailman"';
 	mysql_master_database=
 	configure_mail=' . (ISPConfig::shallInstall('mail') ? 'y' : 'n') . '
 	configure_jailkit=' . (ISPConfig::shallInstall('jailkit') ? 'y' : 'n') . '
-	configure_ftp=' . (ISPConfig::shallInstall('web') ? 'y' : 'n') . '
+	configure_ftp=' . (ISPConfig::shallInstall('ftp') ? 'y' : 'n') . '
 	configure_dns=' . (ISPConfig::shallInstall('dns') ? 'y' : 'n') . '
 	configure_apache=' . (ISPConfig::shallInstall('web') && ISPConfig::$WEBSERVER === ISPC_WEBSERVER_APACHE ? 'y' : 'n') . '
 	configure_nginx=' . (ISPConfig::shallInstall('web') && ISPConfig::$WEBSERVER === ISPC_WEBSERVER_NGINX ? 'y' : 'n') . '
diff --git a/lib/os/class.ISPConfigUbuntu2004OS.inc.php b/lib/os/class.ISPConfigUbuntu2004OS.inc.php
index 3239214..cf2d1ea 100644
--- a/lib/os/class.ISPConfigUbuntu2004OS.inc.php
+++ b/lib/os/class.ISPConfigUbuntu2004OS.inc.php
@@ -77,14 +77,18 @@ deb http://security.ubuntu.com/ubuntu focal-security multiverse
 	}
 
 	protected function getFail2BanJail() {
-		$jk_jail = '[pure-ftpd]
+		$jk_jail = '';
+		if(ISPConfig::shallInstall('ftp')) {
+			$jk_jail .= '[pure-ftpd]
 enabled = true
 port = ftp
 filter = pure-ftpd
 logpath = /var/log/syslog
 maxretry = 3
 
-[dovecot]
+';
+		}
+		$jk_jail .= '[dovecot]
 enabled = true
 filter = dovecot
 action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
diff --git a/lib/os/class.ISPConfigUbuntuOS.inc.php b/lib/os/class.ISPConfigUbuntuOS.inc.php
index cb63f03..03b672b 100644
--- a/lib/os/class.ISPConfigUbuntuOS.inc.php
+++ b/lib/os/class.ISPConfigUbuntuOS.inc.php
@@ -60,14 +60,18 @@ deb http://security.ubuntu.com/ubuntu bionic-security multiverse
 	}
 
 	protected function getFail2BanJail() {
-		$jk_jail = '[pure-ftpd]
+		$jk_jail = '';
+		if(ISPConfig::shallInstall('ftp')) {
+			$jk_jail .= '[pure-ftpd]
 enabled = true
 port = ftp
 filter = pure-ftpd
 logpath = /var/log/syslog
 maxretry = 3
 
-[dovecot]
+';
+		}
+		$jk_jail .= '[dovecot]
 enabled = true
 filter = dovecot
 action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
-- 
GitLab