fedora.lib.php 62.1 KB
Newer Older
tbrehm's avatar
tbrehm committed
1 2 3
<?php

/*
redray's avatar
redray committed
4
Copyright (c) 2007, Till Brehm, projektfarm Gmbh
tbrehm's avatar
tbrehm committed
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
All rights reserved.

Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:

    * Redistributions of source code must retain the above copyright notice,
      this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above copyright notice,
      this list of conditions and the following disclaimer in the documentation
      and/or other materials provided with the distribution.
    * Neither the name of ISPConfig nor the names of its contributors
      may be used to endorse or promote products derived from this software without
      specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/

tbrehm's avatar
tbrehm committed
31
class installer_dist extends installer_base {
32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
	protected $mailman_group = 'mailman';
	
	public function __construct() {
		//** check apache modules */
		$mods = getapachemodules();
		if(in_array('authz_compat', $mods, true)) {
			swriteln($inst->lng('    WARNING! You are using mod_authz_compat.'));
			swriteln($inst->lng('    Please make sure that your apache config uses the new auth syntax:'));
			swriteln($inst->lng('    <Directory />'));
			swriteln($inst->lng('    Options None'));
			swriteln($inst->lng('    AllowOverride None'));
			swriteln($inst->lng('    Require all denied'));
			swriteln($inst->lng('    </Directory>'."\n"));
			
			swriteln($inst->lng('    If it uses the old syntax (deny from all) ISPConfig would fail to work.'));
47
		}
48
	}
49

tbrehm's avatar
tbrehm committed
50
	function configure_postfix($options = '')
51
	{
52
		global $conf,$autoinstall;
tbrehm's avatar
tbrehm committed
53 54
		$cf = $conf['postfix'];
		$config_dir = $cf['config_dir'];
55

tbrehm's avatar
tbrehm committed
56
		if(!is_dir($config_dir)){
57 58 59
			$this->error("The postfix configuration directory '$config_dir' does not exist.");
		}

tbrehm's avatar
tbrehm committed
60
		//* mysql-virtual_domains.cf
61
		$this->process_postfix_config('mysql-virtual_domains.cf');
tbrehm's avatar
tbrehm committed
62 63

		//* mysql-virtual_forwardings.cf
64
		$this->process_postfix_config('mysql-virtual_forwardings.cf');
tbrehm's avatar
tbrehm committed
65 66

		//* mysql-virtual_mailboxes.cf
67
		$this->process_postfix_config('mysql-virtual_mailboxes.cf');
tbrehm's avatar
tbrehm committed
68 69

		//* mysql-virtual_email2email.cf
70
		$this->process_postfix_config('mysql-virtual_email2email.cf');
tbrehm's avatar
tbrehm committed
71 72

		//* mysql-virtual_transports.cf
73
		$this->process_postfix_config('mysql-virtual_transports.cf');
tbrehm's avatar
tbrehm committed
74 75

		//* mysql-virtual_recipient.cf
76
		$this->process_postfix_config('mysql-virtual_recipient.cf');
tbrehm's avatar
tbrehm committed
77 78

		//* mysql-virtual_sender.cf
79
		$this->process_postfix_config('mysql-virtual_sender.cf');
tbrehm's avatar
tbrehm committed
80

81 82 83
		//* mysql-virtual_sender_login_maps.cf
		$this->process_postfix_config('mysql-virtual_sender_login_maps.cf');
		
tbrehm's avatar
tbrehm committed
84
		//* mysql-virtual_client.cf
85 86
		$this->process_postfix_config('mysql-virtual_client.cf');

tbrehm's avatar
tbrehm committed
87
		//* mysql-virtual_relaydomains.cf
88 89
		$this->process_postfix_config('mysql-virtual_relaydomains.cf');

90
		//* mysql-virtual_relayrecipientmaps.cf
91
		$this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');
tbrehm's avatar
tbrehm committed
92

Dominik's avatar
Dominik committed
93 94 95
		//* mysql-virtual_policy_greylist.cf
		$this->process_postfix_config('mysql-virtual_policy_greylist.cf');

96 97 98 99 100 101
		//* postfix-dkim
		$full_file_name=$config_dir.'/tag_as_originating.re';
		if(is_file($full_file_name)) {
			copy($full_file_name, $config_dir.$configfile.'~');
		}
		wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10026');
102

103 104 105 106 107
		$full_file_name=$config_dir.'/tag_as_foreign.re';
		if(is_file($full_file_name)) {
			copy($full_file_name, $config_dir.$configfile.'~');
		}
		wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10024');
108

tbrehm's avatar
tbrehm committed
109 110
		//* Changing mode and group of the new created config files.
		caselog('chmod o= '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
111 112 113 114
			__FILE__, __LINE__, 'chmod on mysql-virtual_*.cf*', 'chmod on mysql-virtual_*.cf* failed');
		caselog('chgrp '.$cf['group'].' '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
			__FILE__, __LINE__, 'chgrp on mysql-virtual_*.cf*', 'chgrp on mysql-virtual_*.cf* failed');

tbrehm's avatar
tbrehm committed
115 116
		//* Creating virtual mail user and group
		$command = 'groupadd -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
117
		if(!is_group($cf['vmail_groupname'])) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
tbrehm's avatar
tbrehm committed
118 119

		$command = 'useradd -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' '.$cf['vmail_username'].' -d '.$cf['vmail_mailbox_base'].' -m';
120 121 122
		if(!is_user($cf['vmail_username'])) caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

		//* These postconf commands will be executed on installation and update
123
		$server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ?", $conf['server_id']);
124 125 126 127 128 129
		$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
		unset($server_ini_rec);

		//* If there are RBL's defined, format the list and add them to smtp_recipient_restrictions to prevent removeal after an update
		$rbl_list = '';
		if (@isset($server_ini_array['mail']['realtime_blackhole_list']) && $server_ini_array['mail']['realtime_blackhole_list'] != '') {
130
			$rbl_hosts = explode(",", str_replace(" ", "", $server_ini_array['mail']['realtime_blackhole_list']));
131 132 133 134 135
			foreach ($rbl_hosts as $key => $value) {
				$rbl_list .= ", reject_rbl_client ". $value;
			}
		}
		unset($rbl_hosts);
Dominik's avatar
Dominik committed
136 137 138 139
		
		//* If Postgrey is installed, configure it
		$greylisting = '';
		if($conf['postgrey']['installed'] == true) {
140
			$greylisting = ', check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';
Dominik's avatar
Dominik committed
141 142
		}
		
143 144 145 146 147 148
		$reject_sender_login_mismatch = '';
		if(isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
			$reject_sender_login_mismatch = ', reject_authenticated_sender_login_mismatch';
		}
		unset($server_ini_array);
		
149 150 151 152
		$postconf_placeholders = array('{config_dir}' => $config_dir,
			'{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
			'{vmail_userid}' => $cf['vmail_userid'],
			'{vmail_groupid}' => $cf['vmail_groupid'],
Dominik's avatar
Dominik committed
153 154
			'{rbl_list}' => $rbl_list,
			'{greylisting}' => $greylisting,
155
			'{reject_slm}' => $reject_sender_login_mismatch,
Dominik's avatar
Dominik committed
156
		);
157
		
158 159 160 161
		$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_postfix.conf.master', 'tpl/fedora_postfix.conf.master');
		$postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);
		$postconf_commands = array_filter(explode("\n", $postconf_tpl)); // read and remove empty lines

162 163
		//* These postconf commands will be executed on installation only
		if($this->is_update == false) {
164 165 166 167 168
			$postconf_commands = array_merge($postconf_commands, array(
					'myhostname = '.$conf['hostname'],
					'mydestination = '.$conf['hostname'].', localhost, localhost.localdomain',
					'mynetworks = 127.0.0.0/8 [::1]/128'
				));
169
		}
170

tbrehm's avatar
tbrehm committed
171 172 173 174 175
		//* Create the header and body check files
		touch($config_dir.'/header_checks');
		touch($config_dir.'/mime_header_checks');
		touch($config_dir.'/nested_header_checks');
		touch($config_dir.'/body_checks');
176

177 178 179 180
		//* Create the mailman files
		if(!is_dir('/var/lib/mailman/data')) exec('mkdir -p /var/lib/mailman/data');
		//if(!is_file('/var/lib/mailman/data/aliases')) touch('/var/lib/mailman/data/aliases');
		if(is_file('/var/lib/mailman/data/aliases')) unlink('/var/lib/mailman/data/aliases');
181
		if(!is_link('/var/lib/mailman/data/aliases')) symlink('/etc/mailman/aliases', '/var/lib/mailman/data/aliases');
182
		exec('postalias /var/lib/mailman/data/aliases');
183 184
		if(!is_file('/etc/mailman/virtual-mailman')) touch('/etc/mailman/virtual-mailman');
		exec('postmap /etc/mailman/virtual-mailman');
185 186
		if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
		exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');
187

tbrehm's avatar
tbrehm committed
188 189
		//* Make a backup copy of the main.cf file
		copy($config_dir.'/main.cf', $config_dir.'/main.cf~');
190

tbrehm's avatar
tbrehm committed
191 192 193 194 195
		//* Executing the postconf commands
		foreach($postconf_commands as $cmd) {
			$command = "postconf -e '$cmd'";
			caselog($command." &> /dev/null", __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
		}
196 197

		if(!stristr($options, 'dont-create-certs')) {
tbrehm's avatar
tbrehm committed
198
			//* Create the SSL certificate
Till Brehm's avatar
Till Brehm committed
199 200
			if(AUTOINSTALL){
				$command = 'cd '.$config_dir.'; '
201
					."openssl req -new -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509";
Till Brehm's avatar
Till Brehm committed
202 203
			} else {
				$command = 'cd '.$config_dir.'; '
204 205
					.'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
			}
tbrehm's avatar
tbrehm committed
206
			exec($command);
207

redray's avatar
redray committed
208
			$command = 'chmod o= '.$config_dir.'/smtpd.key';
tbrehm's avatar
tbrehm committed
209 210
			caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
		}
211

tbrehm's avatar
tbrehm committed
212 213 214
		//** We have to change the permissions of the courier authdaemon directory to make it accessible for maildrop.
		$command = 'chmod 755 /var/spool/authdaemon';
		caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
215

tbrehm's avatar
tbrehm committed
216 217
		//* Changing maildrop lines in posfix master.cf
		if(is_file($config_dir.'/master.cf')){
218 219
			copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
		}
tbrehm's avatar
tbrehm committed
220
		if(is_file($config_dir.'/master.cf~')){
221 222
			exec('chmod 400 '.$config_dir.'/master.cf~');
		}
tbrehm's avatar
tbrehm committed
223 224
		$configfile = $config_dir.'/master.cf';
		$content = rf($configfile);
tbrehm's avatar
tbrehm committed
225
		// if postfix package is from fedora or centios main repo
226 227 228 229
		$content = str_replace('#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}',
			'  flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
			$content);

tbrehm's avatar
tbrehm committed
230
		// If postfix package is from centos plus repo
231 232 233 234 235 236 237 238 239 240 241 242 243
		$content = str_replace('#  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}',
			'  flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
			$content);

		$content = str_replace('  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}',
			'  flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
			$content);


		$content = str_replace('#maildrop  unix  -       n       n       -       -       pipe',
			'maildrop  unix  -       n       n       -       -       pipe',
			$content);

tbrehm's avatar
tbrehm committed
244
		wf($configfile, $content);
245

tbrehm's avatar
tbrehm committed
246 247 248
		//* Writing the Maildrop mailfilter file
		$configfile = 'mailfilter';
		if(is_file($cf['vmail_mailbox_base'].'/.'.$configfile)){
249 250
			copy($cf['vmail_mailbox_base'].'/.'.$configfile, $cf['vmail_mailbox_base'].'/.'.$configfile.'~');
		}
251
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
tbrehm's avatar
tbrehm committed
252 253
		$content = str_replace('{dist_postfix_vmail_mailbox_base}', $cf['vmail_mailbox_base'], $content);
		wf($cf['vmail_mailbox_base'].'/.'.$configfile, $content);
254

tbrehm's avatar
tbrehm committed
255 256 257
		//* Create the directory for the custom mailfilters
		$command = 'mkdir '.$cf['vmail_mailbox_base'].'/mailfilters';
		caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
258

tbrehm's avatar
tbrehm committed
259 260 261
		//* Chmod and chown the .mailfilter file
		$command = 'chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base'].'/.mailfilter';
		caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
262

tbrehm's avatar
tbrehm committed
263 264
		$command = 'chmod -R 600 '.$cf['vmail_mailbox_base'].'/.mailfilter';
		caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
265

tbrehm's avatar
tbrehm committed
266
	}
267

tbrehm's avatar
tbrehm committed
268 269
	public function configure_saslauthd() {
		global $conf;
270

tbrehm's avatar
tbrehm committed
271
		$configfile = 'tpl/fedora_saslauthd_smtpd_conf.master';
272
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_saslauthd_smtpd_conf.master', $configfile);
273 274 275 276
		wf('/usr/lib/sasl2/smtpd.conf', $content);
		if(is_dir('/usr/lib64')) wf('/usr/lib64/sasl/smtpd.conf', $content);
		if(is_dir('/usr/lib64')) wf('/usr/lib64/sasl2/smtpd.conf', $content);

tbrehm's avatar
tbrehm committed
277
	}
278

tbrehm's avatar
tbrehm committed
279
	public function configure_pam()
280
	{
tbrehm's avatar
tbrehm committed
281 282 283 284 285 286 287
		global $conf;
		$pam = $conf['pam'];
		//* configure pam for SMTP authentication agains the ispconfig database
		$configfile = 'pamd_smtp';
		if(is_file("$pam/smtp"))    copy("$pam/smtp", "$pam/smtp~");
		if(is_file("$pam/smtp~"))   exec("chmod 400 $pam/smtp~");

288
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
tbrehm's avatar
tbrehm committed
289 290 291 292 293
		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
		$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
		wf("$pam/smtp", $content);
294 295
		// On some OSes smtp is world readable which allows for reading database information.  Removing world readable rights should have no effect.
		if(is_file("$pam/smtp"))    exec("chmod o= $pam/smtp");
tbrehm's avatar
tbrehm committed
296
	}
297

tbrehm's avatar
tbrehm committed
298
	public function configure_courier()
299
	{
tbrehm's avatar
tbrehm committed
300 301 302 303 304
		global $conf;
		$config_dir = $conf['courier']['config_dir'];
		//* authmysqlrc
		$configfile = 'authmysqlrc';
		if(is_file("$config_dir/$configfile")){
305 306
			copy("$config_dir/$configfile", "$config_dir/$configfile~");
		}
tbrehm's avatar
tbrehm committed
307
		exec("chmod 400 $config_dir/$configfile~");
308
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
309 310 311 312
		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
		$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
313
		$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
tbrehm's avatar
tbrehm committed
314
		wf("$config_dir/$configfile", $content);
315

tbrehm's avatar
tbrehm committed
316 317
		exec("chmod 660 $config_dir/$configfile");
		exec("chown root:root $config_dir/$configfile");
318

tbrehm's avatar
tbrehm committed
319 320 321
		//* authdaemonrc
		$configfile = $conf['courier']['config_dir'].'/authdaemonrc';
		if(is_file($configfile)){
322 323
			copy($configfile, $configfile.'~');
		}
tbrehm's avatar
tbrehm committed
324
		if(is_file($configfile.'~')){
325 326
			exec('chmod 400 '.$configfile.'~');
		}
tbrehm's avatar
tbrehm committed
327 328 329 330
		$content = rf($configfile);
		$content = str_replace('authmodulelist=', 'authmodulelist="authmysql"', $content);
		wf($configfile, $content);
	}
331

tbrehm's avatar
tbrehm committed
332
	public function configure_dovecot()
333
	{
tbrehm's avatar
tbrehm committed
334
		global $conf;
335

Dominik Müller's avatar
Dominik Müller committed
336
		$virtual_transport = 'dovecot';
337 338

		$configure_lmtp = false;
Dominik Müller's avatar
Dominik Müller committed
339 340 341
		
		// check if virtual_transport must be changed
		if ($this->is_update) {
342
			$tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
Dominik Müller's avatar
Dominik Müller committed
343 344 345 346 347
			$ini_array = ini_to_array(stripslashes($tmp['config']));
			// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
			
			if(isset($ini_array['mail']['mailbox_virtual_uidgid_maps']) && $ini_array['mail']['mailbox_virtual_uidgid_maps'] == 'y') {
				$virtual_transport = 'lmtp:unix:private/dovecot-lmtp';
348
				$configure_lmtp = true;
Dominik Müller's avatar
Dominik Müller committed
349 350 351
			}
		}

352
		$config_dir = $conf['postfix']['config_dir'];
353

tbrehm's avatar
tbrehm committed
354
		//* Configure master.cf and add a line for deliver
355
		if(!$this->get_postfix_service('dovecot', 'unix')) {
356 357 358 359 360 361 362 363 364
			//* backup
			if(is_file($config_dir.'/master.cf')){
				copy($config_dir.'/master.cf', $config_dir.'/master.cf~2');
			}
			if(is_file($config_dir.'/master.cf~')){
				chmod($config_dir.'/master.cf~2', 0400);
			}
			//* Configure master.cf and add a line for deliver
			$content = rf($conf["postfix"]["config_dir"].'/master.cf');
365
			$deliver_content = 'dovecot   unix  -       n       n       -       -       pipe'."\n".'  flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop}'."\n";
366
			af($conf["postfix"]["config_dir"].'/master.cf', $deliver_content);
367 368
			unset($content);
			unset($deliver_content);
tbrehm's avatar
tbrehm committed
369
		}
370

tbrehm's avatar
tbrehm committed
371 372 373 374
		//* Reconfigure postfix to use dovecot authentication
		// Adding the amavisd commands to the postfix configuration
		$postconf_commands = array (
			'dovecot_destination_recipient_limit = 1',
Dominik Müller's avatar
Dominik Müller committed
375
			'virtual_transport = '.$virtual_transport,
tbrehm's avatar
tbrehm committed
376 377 378
			'smtpd_sasl_type = dovecot',
			'smtpd_sasl_path = private/auth',
		);
379

tbrehm's avatar
tbrehm committed
380
		// Make a backup copy of the main.cf file
381 382
		copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~3');

tbrehm's avatar
tbrehm committed
383 384 385 386 387
		// Executing the postconf commands
		foreach($postconf_commands as $cmd) {
			$command = "postconf -e '$cmd'";
			caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
		}
388

389 390 391 392
		//* Use /etc/dovecot as config dir if exists
//		if(is_dir('/etc/dovecot')) $config_dir = '/etc/dovecot';
		$config_dir = $conf['dovecot']['config_dir'];

393
		//* backup dovecot.conf
tbrehm's avatar
tbrehm committed
394 395
		$configfile = 'dovecot.conf';
		if(is_file("$config_dir/$configfile")){
396 397 398
			copy("$config_dir/$configfile", "$config_dir/$configfile~");
		}

399
		//* Get the dovecot version
400
		exec('dovecot --version', $tmp);
401
		$dovecot_version = $tmp[0];
402
		unset($tmp);
403

404
		//* Copy dovecot configuration file
405
		if(version_compare($dovecot_version,2) >= 0) {
406 407 408 409 410
			if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot2.conf.master')) {
				copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot2.conf.master', $config_dir.'/'.$configfile);
			} else {
				copy('tpl/fedora_dovecot2.conf.master', $config_dir.'/'.$configfile);
			}
411 412 413
			if(version_compare($dovecot_version,2.1) < 0) {
				removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
			}
414
		} else {
415 416 417 418 419
			if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot.conf.master')) {
				copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot.conf.master', $config_dir.'/'.$configfile);
			} else {
				copy('tpl/fedora_dovecot.conf.master', $config_dir.'/'.$configfile);
			}
420
		}
421

422 423 424 425 426
		//* dovecot-lmtpd
		if($configure_lmtp) {
			replaceLine($config_dir.'/'.$configfile, 'protocols = imap pop3', 'protocols = imap pop3 lmtp', 1, 0);
		}

tbrehm's avatar
tbrehm committed
427 428 429
		//* dovecot-sql.conf
		$configfile = 'dovecot-sql.conf';
		if(is_file("$config_dir/$configfile")){
430
			copy("$config_dir/$configfile", "$config_dir/$configfile~");
tbrehm's avatar
tbrehm committed
431
			exec("chmod 400 $config_dir/$configfile~");
432
		}
433 434
		
		if(!@file_exists('/etc/dovecot-sql.conf')) exec('ln -s /etc/dovecot/dovecot-sql.conf /etc/dovecot-sql.conf');
435

436
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot-sql.conf.master', "tpl/fedora_dovecot-sql.conf.master");
437 438 439 440
		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
		$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
441
		$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
442
		$content = str_replace('{server_id}', $conf['server_id'], $content);
tbrehm's avatar
tbrehm committed
443
		wf("$config_dir/$configfile", $content);
444

tbrehm's avatar
tbrehm committed
445 446
		exec("chmod 600 $config_dir/$configfile");
		exec("chown root:root $config_dir/$configfile");
447 448
		
		// Dovecot shall ignore mounts in website directory
449
		if(is_installed('doveadm')) exec("doveadm mount add '/var/www/*' ignore > /dev/null 2> /dev/null");
tbrehm's avatar
tbrehm committed
450 451

	}
452

tbrehm's avatar
tbrehm committed
453 454
	public function configure_amavis() {
		global $conf;
455

tbrehm's avatar
tbrehm committed
456 457
		// amavisd user config file
		$configfile = 'fedora_amavisd_conf';
458
		if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf')) copy($conf["amavis"]["config_dir"].'/amavisd.conf', $conf["amavis"]["config_dir"].'/amavisd.conf~');
tbrehm's avatar
tbrehm committed
459
		if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf~')) exec('chmod 400 '.$conf["amavis"]["config_dir"].'/amavisd.conf~');
460
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
461 462 463 464 465 466 467
		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
		$content = str_replace('{mysql_server_port}', $conf["mysql"]["port"], $content);
		$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
		$content = str_replace('{hostname}', $conf['hostname'], $content);
		wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
468
		chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
469 470


tbrehm's avatar
tbrehm committed
471 472 473 474 475
		// Adding the amavisd commands to the postfix configuration
		$postconf_commands = array (
			'content_filter = amavis:[127.0.0.1]:10024',
			'receive_override_options = no_address_mappings'
		);
476

tbrehm's avatar
tbrehm committed
477
		// Make a backup copy of the main.cf file
478 479
		copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~2');

tbrehm's avatar
tbrehm committed
480 481 482 483 484
		// Executing the postconf commands
		foreach($postconf_commands as $cmd) {
			$command = "postconf -e '$cmd'";
			caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
		}
485

486 487 488
		$config_dir = $conf['postfix']['config_dir'];

		// Adding amavis-services to the master.cf file if the service does not already exists
489 490 491
		$add_amavis = !$this->get_postfix_service('amavis','unix');
		$add_amavis_10025 = !$this->get_postfix_service('127.0.0.1:10025','inet');
		$add_amavis_10027 = !$this->get_postfix_service('127.0.0.1:10027','inet');
492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511

		if ($add_amavis || $add_amavis_10025 || $add_amavis_10027) {
			//* backup master.cf
			if(is_file($config_dir.'/master.cf')) copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
			// adjust amavis-config
			if($add_amavis) {
				$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', 'tpl/master_cf_amavis.master');
				af($config_dir.'/master.cf', $content);
				unset($content);
			}
			if ($add_amavis_10025) {
				$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10025.master', 'tpl/master_cf_amavis10025.master');
				af($config_dir.'/master.cf', $content);
				unset($content);
			}
			if ($add_amavis_10027) {
				$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10027.master', 'tpl/master_cf_amavis10027.master');
				af($config_dir.'/master.cf', $content);
				unset($content);
			}
tbrehm's avatar
tbrehm committed
512
		}
513 514 515 516

		removeLine('/etc/sysconfig/freshclam', 'FRESHCLAM_DELAY=disabled-warn   # REMOVE ME', 1);
		replaceLine('/etc/freshclam.conf', 'Example', '# Example', 1);

tbrehm's avatar
tbrehm committed
517 518
		// Add the clamav user to the vscan group
		//exec('groupmod --add-user clamav vscan');
519 520


tbrehm's avatar
tbrehm committed
521
	}
522

tbrehm's avatar
tbrehm committed
523
	public function configure_spamassassin()
524
	{
tbrehm's avatar
tbrehm committed
525
		global $conf;
526

tbrehm's avatar
tbrehm committed
527 528 529 530 531 532 533 534 535 536 537
		//* Enable spamasasssin on debian and ubuntu
		/*
		$configfile = '/etc/default/spamassassin';
		if(is_file($configfile)){
            copy($configfile, $configfile.'~');
        }
		$content = rf($configfile);
		$content = str_replace('ENABLED=0', 'ENABLED=1', $content);
		wf($configfile, $content);
		*/
	}
538

tbrehm's avatar
tbrehm committed
539
	public function configure_getmail()
540
	{
tbrehm's avatar
tbrehm committed
541
		global $conf;
542

tbrehm's avatar
tbrehm committed
543
		$config_dir = $conf['getmail']['config_dir'];
544

tbrehm's avatar
tbrehm committed
545 546 547
		if(!is_dir($config_dir)) exec("mkdir -p ".escapeshellcmd($config_dir));

		$command = "useradd -d $config_dir getmail";
548
		if(!is_user('getmail')) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
549

tbrehm's avatar
tbrehm committed
550 551
		$command = "chown -R getmail $config_dir";
		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
552

tbrehm's avatar
tbrehm committed
553 554 555
		$command = "chmod -R 700 $config_dir";
		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	}
556 557


tbrehm's avatar
tbrehm committed
558
	public function configure_pureftpd()
559
	{
tbrehm's avatar
tbrehm committed
560
		global $conf;
561

tbrehm's avatar
tbrehm committed
562 563 564 565 566
		$config_dir = $conf['pureftpd']['config_dir'];

		//* configure pam for SMTP authentication agains the ispconfig database
		$configfile = 'pureftpd-mysql.conf';
		if(is_file("$config_dir/$configfile")){
567 568
			copy("$config_dir/$configfile", "$config_dir/$configfile~");
		}
tbrehm's avatar
tbrehm committed
569
		if(is_file("$config_dir/$configfile~")){
570 571
			exec("chmod 400 $config_dir/$configfile~");
		}
572
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/pureftpd_mysql.conf.master', 'tpl/pureftpd_mysql.conf.master');
tbrehm's avatar
tbrehm committed
573 574 575 576 577 578 579 580
		$content = str_replace('{mysql_server_ispconfig_user}', $conf["mysql"]["ispconfig_user"], $content);
		$content = str_replace('{mysql_server_ispconfig_password}', $conf["mysql"]["ispconfig_password"], $content);
		$content = str_replace('{mysql_server_database}', $conf["mysql"]["database"], $content);
		$content = str_replace('{mysql_server_ip}', $conf["mysql"]["ip"], $content);
		$content = str_replace('{server_id}', $conf["server_id"], $content);
		wf("$config_dir/$configfile", $content);
		exec("chmod 600 $config_dir/$configfile");
		exec("chown root:root $config_dir/$configfile");
581

tbrehm's avatar
tbrehm committed
582
		// copy our customized copy of pureftpd.conf to the pure-ftpd config directory
583
		if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_pureftpd_conf.master')) {
584 585 586 587 588
			exec("cp " . $conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_pureftpd_conf.master ' . "$config_dir/pure-ftpd.conf");
		}else {
			exec("cp tpl/fedora_pureftpd_conf.master $config_dir/pure-ftpd.conf");
		}

tbrehm's avatar
tbrehm committed
589
	}
590

tbrehm's avatar
tbrehm committed
591
	public function configure_mydns()
592
	{
tbrehm's avatar
tbrehm committed
593
		global $conf;
594

tbrehm's avatar
tbrehm committed
595 596
		// configure mydns
		$configfile = 'mydns.conf';
597
		if(is_file($conf["mydns"]["config_dir"].'/'.$configfile)) copy($conf["mydns"]["config_dir"].'/'.$configfile, $conf["mydns"]["config_dir"].'/'.$configfile.'~');
tbrehm's avatar
tbrehm committed
598
		if(is_file($conf["mydns"]["config_dir"].'/'.$configfile.'~')) exec('chmod 400 '.$conf["mydns"]["config_dir"].'/'.$configfile.'~');
599
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
600 601 602 603
		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
		$content = str_replace('{mysql_server_host}', $conf["mysql"]["host"], $content);
604
		$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
605 606
		$content = str_replace('{server_id}', $conf["server_id"], $content);
		wf($conf["mydns"]["config_dir"].'/'.$configfile, $content);
tbrehm's avatar
tbrehm committed
607 608
		exec('chmod 600 '.$conf["mydns"]["config_dir"].'/'.$configfile);
		exec('chown root:root '.$conf["mydns"]["config_dir"].'/'.$configfile);
609

tbrehm's avatar
tbrehm committed
610
	}
611

tbrehm's avatar
tbrehm committed
612 613
	public function configure_bind() {
		global $conf;
614

tbrehm's avatar
tbrehm committed
615
		// add the include line at the end of named.conf.
616
		replaceLine('/etc/named.conf', 'include "/etc/named.conf.local";', 'include "/etc/named.conf.local";', 0, 1);
617 618 619

		//* Check if the zonefile directory has a slash at the end
		$content=$conf['bind']['bind_zonefiles_dir'];
620
		if(substr($content, -1, 1) != '/') {
621 622 623 624 625 626 627 628 629 630
			$content .= '/';
		}

		//* Create the slave subdirectory
		$content .= 'slave';
		$content_mkdir = 'mkdir -p '.$content;
		exec($content_mkdir);

		//* Chown the slave subdirectory to $conf['bind']['bind_user']
		exec('chown '.$conf['bind']['bind_user'].':'.$conf['bind']['bind_group'].' '.$content);
631
		exec('chmod 2770 '.$content);
632

tbrehm's avatar
tbrehm committed
633
	}
634

tbrehm's avatar
tbrehm committed
635
	public function configure_apache()
636
	{
tbrehm's avatar
tbrehm committed
637
		global $conf;
638

639
		if($conf['apache']['installed'] == false) return;
640
		if(is_file('/etc/suphp.conf')) {
tbrehm's avatar
tbrehm committed
641
			//replaceLine('/etc/suphp.conf','php=php:/usr/bin','x-httpd-suphp=php:/usr/bin/php-cgi',0);
642 643
			replaceLine('/etc/suphp.conf', 'docroot=', 'docroot=/var/www', 0);
			replaceLine('/etc/suphp.conf', 'umask=0077', 'umask=0022', 0);
644
		}
645

tbrehm's avatar
tbrehm committed
646 647
		//* Create the logging directory for the vhost logfiles
		exec('mkdir -p /var/log/ispconfig/httpd');
648

tbrehm's avatar
tbrehm committed
649 650 651
		// Sites enabled and avaulable dirs
		exec('mkdir -p '.$conf['apache']['vhost_conf_enabled_dir']);
		exec('mkdir -p '.$conf['apache']['vhost_conf_dir']);
652

tbrehm's avatar
tbrehm committed
653
		$content = rf('/etc/httpd/conf/httpd.conf');
654 655
		if(!stristr($content, 'Include /etc/httpd/conf/sites-enabled/')) {
			af('/etc/httpd/conf/httpd.conf', "\nNameVirtualHost *:80\nNameVirtualHost *:443\nInclude /etc/httpd/conf/sites-enabled/\n\n");
tbrehm's avatar
tbrehm committed
656 657
		}
		unset($content);
658

659
		//* Copy the ISPConfig configuration include
660 661 662
		$vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
		$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];

663 664 665
		$tpl = new tpl('apache_ispconfig.conf.master');
		$tpl->setVar('apache_version',getapacheversion());
		
666
		$records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
667 668
		$ip_addresses = array();
		
669
		if(is_array($records) && count($records) > 0) {
670
			foreach($records as $rec) {
671 672 673 674 675
				if($rec['ip_type'] == 'IPv6') {
					$ip_address = '['.$rec['ip_address'].']';
				} else {
					$ip_address = $rec['ip_address'];
				}
676
				$ports = explode(',', $rec['virtualhost_port']);
677 678 679 680
				if(is_array($ports)) {
					foreach($ports as $port) {
						$port = intval($port);
						if($port > 0 && $port < 65536 && $ip_address != '') {
681
							$ip_addresses[] = array('ip_address' => $ip_address, 'port' => $port);
682 683 684
						}
					}
				}
685 686
			}
		}
687
		
Till Brehm's avatar
Till Brehm committed
688
		if(count($ip_addresses) > 0) $tpl->setLoop('ip_adresses',$ip_addresses);
689

690 691
		wf($vhost_conf_dir.'/ispconfig.conf', $tpl->grab());
		unset($tpl);
692

693 694 695
		if(!@is_link($vhost_conf_enabled_dir."/000-ispconfig.conf")) {
			exec("ln -s ".$vhost_conf_dir."/ispconfig.conf ".$vhost_conf_enabled_dir."/000-ispconfig.conf");
		}
696

tbrehm's avatar
tbrehm committed
697 698 699 700 701
		//* make sure that webalizer finds its config file when it is directly in /etc
		if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
			exec('mkdir /etc/webalizer');
			exec('ln -s /etc/webalizer.conf /etc/webalizer/webalizer.conf');
		}
702

tbrehm's avatar
tbrehm committed
703 704
		if(is_file('/etc/webalizer/webalizer.conf')) {
			// Change webalizer mode to incremental
705 706 707
			replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
			replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental     yes', 0, 0);
			replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName     webalizer.hist', 0, 0);
tbrehm's avatar
tbrehm committed
708
		}
709

tbrehm's avatar
tbrehm committed
710 711 712
		//* add a sshusers group
		$command = 'groupadd sshusers';
		if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
713

tbrehm's avatar
tbrehm committed
714
	}
715

716 717
	public function configure_nginx(){
		global $conf;
718

719 720 721
		if($conf['nginx']['installed'] == false) return;
		//* Create the logging directory for the vhost logfiles
		if(!@is_dir($conf['ispconfig_log_dir'].'/httpd')) mkdir($conf['ispconfig_log_dir'].'/httpd', 0755, true);
722

723 724 725 726
		// Sites enabled and avaulable dirs
		exec('mkdir -p '.$conf['nginx']['vhost_conf_enabled_dir']);
		exec('mkdir -p '.$conf['nginx']['vhost_conf_dir']);

727
		wf('/etc/nginx/conf.d/ispconfig_vhosts.conf', "include /etc/nginx/sites-enabled/*.vhost;");
728 729 730 731

		//* make sure that webalizer finds its config file when it is directly in /etc
		if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
			mkdir('/etc/webalizer');
732
			symlink('/etc/webalizer.conf', '/etc/webalizer/webalizer.conf');
733 734 735 736
		}

		if(is_file('/etc/webalizer/webalizer.conf')) {
			// Change webalizer mode to incremental
737 738 739
			replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
			replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental     yes', 0, 0);
			replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName     webalizer.hist', 0, 0);
740
		}
741

742 743
		// Check the awsatst script
		if(!is_dir('/usr/share/awstats/tools')) exec('mkdir -p /usr/share/awstats/tools');
744 745 746
		if(!file_exists('/usr/share/awstats/tools/awstats_buildstaticpages.pl') && file_exists('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl')) symlink('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl', '/usr/share/awstats/tools/awstats_buildstaticpages.pl');
		if(file_exists('/etc/awstats/awstats.conf.local')) replaceLine('/etc/awstats/awstats.conf.local', 'LogFormat=4', 'LogFormat=1', 0, 1);

747 748 749 750
		//* add a sshusers group
		$command = 'groupadd sshusers';
		if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	}
751

752
	public function configure_bastille_firewall()
tbrehm's avatar
tbrehm committed
753 754
	{
		global $conf;
755

tbrehm's avatar
tbrehm committed
756
		$dist_init_scripts = $conf['init_scripts'];
757

tbrehm's avatar
tbrehm committed
758 759
		if(is_dir("/etc/Bastille.backup")) caselog("rm -rf /etc/Bastille.backup", __FILE__, __LINE__);
		if(is_dir("/etc/Bastille")) caselog("mv -f /etc/Bastille /etc/Bastille.backup", __FILE__, __LINE__);
760 761 762 763 764 765 766 767 768 769 770 771 772
		@mkdir("/etc/Bastille", octdec($directory_mode));
		if(is_dir("/etc/Bastille.backup/firewall.d")) caselog("cp -pfr /etc/Bastille.backup/firewall.d /etc/Bastille/", __FILE__, __LINE__);
		if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/bastille-firewall.cfg.master')) {
			caselog("cp -f " . $conf['ispconfig_install_dir']."/server/conf-custom/install/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
		} else {
			caselog("cp -f tpl/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
		}
		caselog("chmod 644 /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
		$content = rf("/etc/Bastille/bastille-firewall.cfg");
		$content = str_replace("{DNS_SERVERS}", "", $content);

		$tcp_public_services = '';
		$udp_public_services = '';
tbrehm's avatar
tbrehm committed
773

774
		$row = $this->db->queryOneRecord('SELECT * FROM ?? WHERE server_id = ?', $conf["mysql"]["database"] . '.firewall', $conf['server_id']);
775 776 777 778 779 780 781 782

		if(trim($row["tcp_port"]) != '' || trim($row["udp_port"]) != ''){
			$tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"]));
			$udp_public_services = trim(str_replace(',', ' ', $row["udp_port"]));
		} else {
			$tcp_public_services = '21 22 25 53 80 110 443 3306 8080 10000';
			$udp_public_services = '53';
		}
tbrehm's avatar
tbrehm committed
783
		if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
fantu's avatar
fantu committed
784
			$tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
785
			if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ? WHERE server_id = ?", ',' . intval($conf['apache']['vhost_port']), $conf['server_id']);
tbrehm's avatar
tbrehm committed
786
		}
tbrehm's avatar
tbrehm committed
787

788 789
		$content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content);
		$content = str_replace("{UDP_PUBLIC_SERVICES}", $udp_public_services, $content);
tbrehm's avatar
tbrehm committed
790

791
		wf("/etc/Bastille/bastille-firewall.cfg", $content);
tbrehm's avatar
tbrehm committed
792

793 794 795 796 797 798 799 800 801 802 803
		if(is_file($dist_init_scripts."/bastille-firewall")) caselog("mv -f $dist_init_scripts/bastille-firewall $dist_init_scripts/bastille-firewall.backup", __FILE__, __LINE__);
		caselog("cp -f apps/bastille-firewall $dist_init_scripts", __FILE__, __LINE__);
		caselog("chmod 700 $dist_init_scripts/bastille-firewall", __FILE__, __LINE__);

		if(is_file("/sbin/bastille-ipchains")) caselog("mv -f /sbin/bastille-ipchains /sbin/bastille-ipchains.backup", __FILE__, __LINE__);
		caselog("cp -f apps/bastille-ipchains /sbin", __FILE__, __LINE__);
		caselog("chmod 700 /sbin/bastille-ipchains", __FILE__, __LINE__);

		if(