Newer
Older
foreach($postconf_commands as $cmd) {
$command = "postconf -e '$cmd'";
caselog($command." &> /dev/null", __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
}
if(!stristr($options, 'dont-create-certs')) {
$command = 'cd '.$config_dir.'; '
."openssl req -new -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509";
} else {
$command = 'cd '.$config_dir.'; '
.'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
}
exec($command);
$command = 'chmod o= '.$config_dir.'/smtpd.key';
caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
}
//** We have to change the permissions of the courier authdaemon directory to make it accessible for maildrop.
$command = 'chmod 755 /var/run/courier/authdaemon/';
if(is_file('/var/run/courier/authdaemon/')) caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
//* Check maildrop service in posfix master.cf
$regex = "/^maildrop unix.*pipe flags=DRhu user=vmail argv=\\/usr\\/bin\\/maildrop -d ".$cf['vmail_username']." \\$\{extension} \\$\{recipient} \\$\{user} \\$\{nexthop} \\$\{sender}/";
$configfile = $config_dir.'/master.cf';
if($this->get_postfix_service('maildrop', 'unix')) {
exec ("postconf -M maildrop.unix &> /dev/null", $out, $ret);
$change_maildrop_flags = @(preg_match($regex, $out[0]) && $out[0] !='')?false:true;
$change_maildrop_flags = @(preg_match($regex, $configfile))?false:true;
if ($change_maildrop_flags) {
//* Change maildrop service in posfix master.cf
if(is_file($config_dir.'/master.cf')) {
copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
}
if(is_file($config_dir.'/master.cf~')) {
chmod($config_dir.'/master.cf~', 0400);
}
$configfile = $config_dir.'/master.cf';
$content = rf($configfile);
$content = str_replace('flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}',
'flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d '.$cf['vmail_username'].' ${extension} ${recipient} ${user} ${nexthop} ${sender}',
$content);
wf($configfile, $content);
}
//* Writing the Maildrop mailfilter file
$configfile = 'mailfilter';
if(is_file($cf['vmail_mailbox_base'].'/.'.$configfile)) {
copy($cf['vmail_mailbox_base'].'/.'.$configfile, $cf['vmail_mailbox_base'].'/.'.$configfile.'~');
}
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
$content = str_replace('{dist_postfix_vmail_mailbox_base}', $cf['vmail_mailbox_base'], $content);
wf($cf['vmail_mailbox_base'].'/.'.$configfile, $content);
//* Create the directory for the custom mailfilters
if(!is_dir($cf['vmail_mailbox_base'].'/mailfilters')) {
$command = 'mkdir '.$cf['vmail_mailbox_base'].'/mailfilters';
caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
}
//* Chmod and chown the .mailfilter file
$command = 'chown '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base'].'/.mailfilter';
caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
$command = 'chmod 600 '.$cf['vmail_mailbox_base'].'/.mailfilter';
caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
}
public function configure_saslauthd() {
global $conf;
exec('saslauthd -v 2>&1', $out);
$parts = explode(' ', $out[0]);
$saslversion = $parts[1];
unset($parts);
unset($out);
Florian Schaal
committed
if(version_compare($saslversion , '2.1.23', '<=')) {
//* Configfile for saslauthd versions up to 2.1.23
$configfile = 'sasl_smtpd.conf';
Florian Schaal
committed
} else {
//* Configfile for saslauthd versions 2.1.24 and newer
$configfile = 'sasl_smtpd2.conf';
if(is_file($conf['postfix']['config_dir'].'/sasl/smtpd.conf')) copy($conf['postfix']['config_dir'].'/sasl/smtpd.conf', $conf['postfix']['config_dir'].'/sasl/smtpd.conf~');
if(is_file($conf['postfix']['config_dir'].'/sasl/smtpd.conf~')) chmod($conf['postfix']['config_dir'].'/sasl/smtpd.conf~', 0400);
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
wf($conf['postfix']['config_dir'].'/sasl/smtpd.conf', $content);
// TODO: Chmod and chown on the config file
// Recursively create the spool directory
if(!@is_dir('/var/spool/postfix/var/run/saslauthd')) mkdir('/var/spool/postfix/var/run/saslauthd', 0755, true);
// Edit the file /etc/default/saslauthd
$configfile = $conf['saslauthd']['config'];
if(is_file($configfile)) copy($configfile, $configfile.'~');
if(is_file($configfile.'~')) chmod($configfile.'~', 0400);
$content = rf($configfile);
$content = str_replace('START=no', 'START=yes', $content);
$content = str_replace('OPTIONS="-c"', 'OPTIONS="-m /var/spool/postfix/var/run/saslauthd -r"', $content);
$content = str_replace('OPTIONS="-c -m /var/run/saslauthd"', 'OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"', $content);
wf($configfile, $content);
// Edit the file /etc/init.d/saslauthd
$configfile = $conf['init_scripts'].'/'.$conf['saslauthd']['init_script'];
$content = rf($configfile);
$content = str_replace('PIDFILE=$RUN_DIR/saslauthd.pid', 'PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"', $content);
wf($configfile, $content);
// add the postfix user to the sasl group (at least necessary for Ubuntu 8.04 and most likely Debian Lenny as well.
exec('adduser postfix sasl');
}
public function configure_pam() {
global $conf;
$pam = $conf['pam'];
//* configure pam for SMTP authentication agains the ispconfig database
$configfile = 'pamd_smtp';
if(is_file($pam.'/smtp')) copy($pam.'/smtp', $pam.'/smtp~');
if(is_file($pam.'/smtp~')) chmod($pam.'/smtp~', 0400);
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
wf($pam.'/smtp', $content);
// On some OSes smtp is world readable which allows for reading database information. Removing world readable rights should have no effect.
if(is_file($pam.'/smtp')) exec("chmod o= $pam/smtp");
chmod($pam.'/smtp', 0660);
chown($pam.'/smtp', 'daemon');
chgrp($pam.'/smtp', 'daemon');
}
public function configure_courier() {
global $conf;
$config_dir = $conf['courier']['config_dir'];
//* authmysqlrc
$configfile = 'authmysqlrc';
if(is_file($config_dir.'/'.$configfile)) {
copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
}
chmod($config_dir.'/'.$configfile.'~', 0400);
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
Michel Käser
committed
$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
wf($config_dir.'/'.$configfile, $content);
chmod($config_dir.'/'.$configfile, 0660);
chown($config_dir.'/'.$configfile, 'daemon');
chgrp($config_dir.'/'.$configfile, 'daemon');
//* authdaemonrc
$configfile = $config_dir.'/authdaemonrc';
if(is_file($configfile)) {
copy($configfile, $configfile.'~');
}
if(is_file($configfile.'~')) {
chmod($configfile.'~', 0400);
}
$content = rf($configfile);
$content = str_replace('authmodulelist="authpam"', 'authmodulelist="authmysql"', $content);
wf($configfile, $content);
}
public function configure_dovecot() {
global $conf;
$virtual_transport = 'dovecot';
$configure_lmtp = false;
// check if virtual_transport must be changed
if ($this->is_update) {
$tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
$ini_array = ini_to_array(stripslashes($tmp['config']));
// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
if(isset($ini_array['mail']['mailbox_virtual_uidgid_maps']) && $ini_array['mail']['mailbox_virtual_uidgid_maps'] == 'y') {
$virtual_transport = 'lmtp:unix:private/dovecot-lmtp';
$configure_lmtp = true;
$config_dir = $conf['postfix']['config_dir'];
//* Configure master.cf and add a line for deliver
if(!$this->get_postfix_service('dovecot', 'unix')) {
//* backup
if(is_file($config_dir.'/master.cf')){
copy($config_dir.'/master.cf', $config_dir.'/master.cf~2');
}
if(is_file($config_dir.'/master.cf~')){
chmod($config_dir.'/master.cf~2', 0400);
}
//* Configure master.cf and add a line for deliver
$content = rf($conf["postfix"]["config_dir"].'/master.cf');
$deliver_content = 'dovecot unix - n n - - pipe'."\n".' flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}'."\n";
af($config_dir.'/master.cf', $deliver_content);
unset($content);
unset($deliver_content);
}
//* Reconfigure postfix to use dovecot authentication
// Adding the amavisd commands to the postfix configuration
$postconf_commands = array (
'dovecot_destination_recipient_limit = 1',
'virtual_transport = '.$virtual_transport,
'smtpd_sasl_type = dovecot',
'smtpd_sasl_path = private/auth'
);
// Make a backup copy of the main.cf file
copy($conf['postfix']['config_dir'].'/main.cf', $conf['postfix']['config_dir'].'/main.cf~3');
// Executing the postconf commands
foreach($postconf_commands as $cmd) {
$command = "postconf -e '$cmd'";
caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
}
$config_dir = $conf['dovecot']['config_dir'];
$configfile = 'dovecot.conf';
if(is_file($config_dir.'/'.$configfile)) {
copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
}
exec('dovecot --version', $tmp);
$dovecot_version = $tmp[0];
//* Copy dovecot configuration file
Florian Schaal
committed
if(version_compare($dovecot_version,1, '<=')) { //* Dovecot 1.x
if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot.conf.master')) {
copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot.conf.master', $config_dir.'/'.$configfile);
} else {
copy('tpl/debian_dovecot.conf.master', $config_dir.'/'.$configfile);
}
} else { //* Dovecot 2.x
if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot2.conf.master')) {
copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot2.conf.master', $config_dir.'/'.$configfile);
} else {
copy('tpl/debian_dovecot2.conf.master', $config_dir.'/'.$configfile);
}
Till Brehm
committed
replaceLine($config_dir.'/'.$configfile, 'postmaster_address = postmaster@example.com', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
Florian Schaal
committed
if(version_compare($dovecot_version, 2.1, '<')) {
removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
}
//* dovecot-lmtpd
if($configure_lmtp) {
replaceLine($config_dir.'/'.$configfile, 'protocols = imap pop3', 'protocols = imap pop3 lmtp', 1, 0);
}
//* dovecot-sql.conf
$configfile = 'dovecot-sql.conf';
if(is_file($config_dir.'/'.$configfile)) {
copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
}
if(is_file($config_dir.'/'.$configfile.'~')) chmod($config_dir.'/'.$configfile.'~', 0400);
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot-sql.conf.master', 'tpl/debian_dovecot-sql.conf.master');
$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
Michel Käser
committed
$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
$content = str_replace('{server_id}', $conf['server_id'], $content);
if(version_compare($dovecot_version,2, '>=')) {
$content = str_replace('# iterate_query', 'iterate_query', $content);
}
wf($config_dir.'/'.$configfile, $content);
chmod($config_dir.'/'.$configfile, 0600);
chown($config_dir.'/'.$configfile, 'root');
chgrp($config_dir.'/'.$configfile, 'root');
Till Brehm
committed
// Dovecot shall ignore mounts in website directory
if(is_installed('doveadm')) exec("doveadm mount add '/var/www/*' ignore > /dev/null 2> /dev/null");
}
public function configure_amavis() {
global $conf;
// amavisd user config file
$configfile = 'amavisd_user_config';
if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) copy($conf['amavis']['config_dir'].'/conf.d/50-user', $conf['amavis']['config_dir'].'/50-user~');
if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
wf($conf['amavis']['config_dir'].'/conf.d/50-user', $content);
chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
// TODO: chmod and chown on the config file
// Adding the amavisd commands to the postfix configuration
// Add array for no error in foreach and maybe future options
$postconf_commands = array ();
// Check for amavisd -> pure webserver with postfix for mailing without antispam
$postconf_commands[] = 'content_filter = amavis:[127.0.0.1]:10024';
$postconf_commands[] = 'receive_override_options = no_address_mappings';
}
// Make a backup copy of the main.cf file
copy($conf['postfix']['config_dir'].'/main.cf', $conf['postfix']['config_dir'].'/main.cf~2');
// Executing the postconf commands
foreach($postconf_commands as $cmd) {
$command = "postconf -e '$cmd'";
caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
}
$config_dir = $conf['postfix']['config_dir'];
// Adding amavis-services to the master.cf file if the service does not already exists
$add_amavis = !$this->get_postfix_service('amavis','unix');
$add_amavis_10025 = !$this->get_postfix_service('127.0.0.1:10025','inet');
$add_amavis_10027 = !$this->get_postfix_service('127.0.0.1:10027','inet');
//*TODO: check templates against existing postfix-services to make sure we use the template
if ($add_amavis || $add_amavis_10025 || $add_amavis_10027) {
//* backup master.cf
if(is_file($config_dir.'/master.cf')) copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
// adjust amavis-config
if($add_amavis) {
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', 'tpl/master_cf_amavis.master');
af($config_dir.'/master.cf', $content);
unset($content);
}
if ($add_amavis_10025) {
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10025.master', 'tpl/master_cf_amavis10025.master');
af($config_dir.'/master.cf', $content);
unset($content);
}
if ($add_amavis_10027) {
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10027.master', 'tpl/master_cf_amavis10027.master');
af($config_dir.'/master.cf', $content);
unset($content);
}
}
// Add the clamav user to the amavis group
exec('adduser clamav amavis');
// get shell-group for amavis
$amavis_group=exec('grep -o "^amavis:\|^vscan:" /etc/group');
if(!empty($amavis_group)) {
$amavis_group=rtrim($amavis_group, ":");
// get shell-user for amavis
$amavis_user=exec('grep -o "^amavis:\|^vscan:" /etc/passwd');
if(!empty($amavis_user)) {
$amavis_user=rtrim($amavis_user, ":");
}
// Create the director for DKIM-Keys
if(!is_dir('/var/lib/amavis')) mkdir('/var/lib/amavis', 0750, true);
if(!empty($amavis_user)) exec('chown '.$amavis_user.' /var/lib/amavis');
if(!empty($amavis_group)) exec('chgrp '.$amavis_group.' /var/lib/amavis');
if(!is_dir('/var/lib/amavis/dkim')) mkdir('/var/lib/amavis/dkim', 0750);
if(!empty($amavis_user)) exec('chown -R '.$amavis_user.' /var/lib/amavis/dkim');
if(!empty($amavis_group)) exec('chgrp -R '.$amavis_group.' /var/lib/amavis/dkim');
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
}
public function configure_spamassassin() {
global $conf;
//* Enable spamasasssin on debian and ubuntu
$configfile = '/etc/default/spamassassin';
if(is_file($configfile)) {
copy($configfile, $configfile.'~');
}
$content = rf($configfile);
$content = str_replace('ENABLED=0', 'ENABLED=1', $content);
wf($configfile, $content);
}
public function configure_getmail() {
global $conf;
$config_dir = $conf['getmail']['config_dir'];
if(!@is_dir($config_dir)) mkdir(escapeshellcmd($config_dir), 0700, true);
$command = 'useradd -d '.$config_dir.' getmail';
if(!is_user('getmail')) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
$command = "chown -R getmail $config_dir";
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
$command = "chmod -R 700 $config_dir";
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
}
public function configure_pureftpd() {
global $conf;
$config_dir = $conf['pureftpd']['config_dir'];
//* configure pure-ftpd for MySQL authentication against the ispconfig database
$configfile = 'db/mysql.conf';
if(is_file($config_dir.'/'.$configfile)) {
copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
}
if(is_file($config_dir.'/'.$configfile.'~')) {
chmod($config_dir.'/'.$configfile.'~', 0400);
}
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/pureftpd_mysql.conf.master', 'tpl/pureftpd_mysql.conf.master');
$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
$content = str_replace('{server_id}', $conf['server_id'], $content);
wf($config_dir.'/'.$configfile, $content);
chmod($config_dir.'/'.$configfile, 0600);
chown($config_dir.'/'.$configfile, 'root');
chgrp($config_dir.'/'.$configfile, 'root');
// **enable chrooting
//exec('mkdir -p '.$config_dir.'/conf/ChrootEveryone');
exec('echo "yes" > '.$config_dir.'/conf/ChrootEveryone');
exec('echo "yes" > '.$config_dir.'/conf/BrokenClientsCompatibility');
exec('echo "yes" > '.$config_dir.'/conf/DisplayDotFiles');
if(is_file('/etc/default/pure-ftpd-common')) {
replaceLine('/etc/default/pure-ftpd-common', 'STANDALONE_OR_INETD=inetd', 'STANDALONE_OR_INETD=standalone', 1, 0);
replaceLine('/etc/default/pure-ftpd-common', 'VIRTUALCHROOT=false', 'VIRTUALCHROOT=true', 1, 0);
replaceLine('/etc/inetd.conf', '/usr/sbin/pure-ftpd-wrapper', '#ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/pure-ftpd-wrapper', 0, 0);
exec($this->getinitcommand('openbsd-inetd', 'restart'));
//if(is_file($conf['init_scripts'].'/'.'openbsd-inetd')) exec($conf['init_scripts'].'/'.'openbsd-inetd restart');
}
if(!is_file('/etc/pure-ftpd/conf/DontResolve')) exec('echo "yes" > /etc/pure-ftpd/conf/DontResolve');
}
public function configure_mydns() {
global $conf;
// configure pam for SMTP authentication agains the ispconfig database
$configfile = 'mydns.conf';
if(is_file($conf['mydns']['config_dir'].'/'.$configfile)) copy($conf['mydns']['config_dir'].'/'.$configfile, $conf['mydns']['config_dir'].'/'.$configfile.'~');
if(is_file($conf['mydns']['config_dir'].'/'.$configfile.'~')) chmod($conf['mydns']['config_dir'].'/'.$configfile.'~', 0400);
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
Michel Käser
committed
$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
$content = str_replace('{server_id}', $conf['server_id'], $content);
wf($conf['mydns']['config_dir'].'/'.$configfile, $content);
chmod($conf['mydns']['config_dir'].'/'.$configfile, 0600);
chown($conf['mydns']['config_dir'].'/'.$configfile, 'root');
chgrp($conf['mydns']['config_dir'].'/'.$configfile, 'root');
}
public function configure_powerdns() {
global $conf;
//* Create the database
if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['powerdns']['database'], $conf['mysql']['charset'])) {
$this->error('Unable to create MySQL database: '.$conf['powerdns']['database'].'.');
}
//* Create the ISPConfig database user in the local database
$query = "GRANT ALL ON ?? TO ?@'localhost'";
if(!$this->db->query($query, $conf['powerdns']['database'] . '.*', $conf['mysql']['ispconfig_user'])) {
$this->error('Unable to create user for powerdns database Error: '.$this->db->errorMessage);
}
//* load the powerdns databse dump
if($conf['mysql']['admin_password'] == '') {
caselog("mysql --default-character-set=".$conf['mysql']['charset']." -h '".$conf['mysql']['host']."' -u '".$conf['mysql']['admin_user']."' '".$conf['powerdns']['database']."' < '".ISPC_INSTALL_ROOT."/install/sql/powerdns.sql' &> /dev/null",
__FILE__, __LINE__, 'read in ispconfig3.sql', 'could not read in powerdns.sql');
} else {
caselog("mysql --default-character-set=".$conf['mysql']['charset']." -h '".$conf['mysql']['host']."' -u '".$conf['mysql']['admin_user']."' -p'".$conf['mysql']['admin_password']."' '".$conf['powerdns']['database']."' < '".ISPC_INSTALL_ROOT."/install/sql/powerdns.sql' &> /dev/null",
__FILE__, __LINE__, 'read in ispconfig3.sql', 'could not read in powerdns.sql');
}
//* Create the powerdns config file
$configfile = 'pdns.local';
if(is_file($conf['powerdns']['config_dir'].'/'.$configfile)) copy($conf['powerdns']['config_dir'].'/'.$configfile, $conf['powerdns']['config_dir'].'/'.$configfile.'~');
if(is_file($conf['powerdns']['config_dir'].'/'.$configfile.'~')) chmod($conf['powerdns']['config_dir'].'/'.$configfile.'~', 0400);
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
$content = str_replace('{powerdns_database}', $conf['powerdns']['database'], $content);
$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
Michel Käser
committed
$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
wf($conf['powerdns']['config_dir'].'/'.$configfile, $content);
chmod($conf['powerdns']['config_dir'].'/'.$configfile, 0600);
chown($conf['powerdns']['config_dir'].'/'.$configfile, 'root');
chgrp($conf['powerdns']['config_dir'].'/'.$configfile, 'root');
}
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
//** writes bind configuration files
public function process_bind_file($configfile, $target='/', $absolute=false) {
global $conf;
if ($absolute) $full_file_name = $target.$configfile;
else $full_file_name = $conf['ispconfig_install_dir'].$target.$configfile;
//* Backup exiting file
if(is_file($full_file_name)) {
copy($full_file_name, $config_dir.$configfile.'~');
}
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
$content = str_replace('{mysql_server_ispconfig_database}', $conf['mysql']['database'], $content);
$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
$content = str_replace('{ispconfig_install_dir}', $conf['ispconfig_install_dir'], $content);
$content = str_replace('{dnssec_conffile}', $conf['ispconfig_install_dir'].'/server/scripts/dnssec-config.sh', $content);
wf($full_file_name, $content);
}
public function configure_bind() {
global $conf;
//* Check if the zonefile directory has a slash at the end
$content=$conf['bind']['bind_zonefiles_dir'];
if(substr($content, -1, 1) != '/') {
$content .= '/';
Florian Schaal
committed
if(!@is_dir($content)) mkdir($content, 02770, true);
//* Chown the slave subdirectory to $conf['bind']['bind_user']
chown($content, $conf['bind']['bind_user']);
chgrp($content, $conf['bind']['bind_group']);
Florian Schaal
committed
chmod($content, 02770);
//* Install scripts for dnssec implementation
$this->process_bind_file('named.conf.options', '/etc/bind/', true); //TODO replace hardcoded path
public function configure_xmpp($options = '') {
global $conf;
if($conf['xmpp']['installed'] == false) return;
//* Create the logging directory for xmpp server
if(!@is_dir('/var/log/metronome')) mkdir('/var/log/metronome', 0755, true);
chown('/var/log/metronome', 'metronome');
if(!@is_dir('/var/run/metronome')) mkdir('/var/run/metronome', 0755, true);
chown('/var/run/metronome', 'metronome');
if(!@is_dir('/var/lib/metronome')) mkdir('/var/lib/metronome', 0755, true);
chown('/var/lib/metronome', 'metronome');
if(!@is_dir('/etc/metronome/hosts')) mkdir('/etc/metronome/hosts', 0755, true);
if(!@is_dir('/etc/metronome/status')) mkdir('/etc/metronome/status', 0755, true);
unlink('/etc/metronome/metronome.cfg.lua');
$row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $conf["server_id"]);
$server_name = $row["server_name"];
$tpl = new tpl('metronome_conf_main.master');
wf('/etc/metronome/metronome.cfg.lua', $tpl->grab());
unset($tpl);
$tpl = new tpl('metronome_conf_global.master');
$tpl->setVar('xmpp_admins','');
wf('/etc/metronome/global.cfg.lua', $tpl->grab());
unset($tpl);
// Copy isp libs
if(!@is_dir('/usr/lib/metronome/isp-modules')) mkdir('/usr/lib/metronome/isp-modules', 0755, true);
caselog('cp -rf apps/metronome_libs/* /usr/lib/metronome/isp-modules/', __FILE__, __LINE__);
caselog('chmod 755 /usr/lib/metronome/isp-modules/mod_auth_external/authenticate_isp.sh', __FILE__, __LINE__);
// Process db config
$full_file_name = '/usr/lib/metronome/isp-modules/mod_auth_external/db_conf.inc.php';
$content = rf($full_file_name);
$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
$content = str_replace('{server_id}', $conf['server_id'], $content);
wf($full_file_name, $content);
if(!stristr($options, 'dont-create-certs')){
// Create SSL Certificate for localhost
// Ensure no line is left blank
echo "writing new private key to 'localhost.key'\n-----\n";
$ssl_country = $this->free_query('Country Name (2 letter code)', 'AU','ssl_cert_country');
$ssl_locality = $this->free_query('Locality Name (eg, city)', 'City Name','ssl_cert_locality');
$ssl_organisation = $this->free_query('Organization Name (eg, company)', 'Internet Widgits Pty Ltd','ssl_cert_organisation');
$ssl_organisation_unit = $this->free_query('Organizational Unit Name (eg, section)', 'Infrastructure','ssl_cert_organisation_unit');
$ssl_domain = $this->free_query('Common Name (e.g. server FQDN or YOUR name)', $conf['hostname'],'ssl_cert_common_name');
$ssl_email = $this->free_query('Email Address', 'hostmaster@'.$conf['hostname'],'ssl_cert_email');
$tpl = new tpl('metronome_conf_ssl.master');
$tpl->setVar('ssl_country',$ssl_country);
$tpl->setVar('ssl_locality',$ssl_locality);
$tpl->setVar('ssl_organisation',$ssl_organisation);
$tpl->setVar('ssl_organisation_unit',$ssl_organisation_unit);
$tpl->setVar('domain',$ssl_domain);
$tpl->setVar('ssl_email',$ssl_email);
wf('/etc/metronome/certs/localhost.cnf', $tpl->grab());
unset($tpl);
// Generate new key, csr and cert
exec("(cd /etc/metronome/certs && make localhost.key)");
exec("(cd /etc/metronome/certs && make localhost.csr)");
exec("(cd /etc/metronome/certs && make localhost.cert)");
exec('chmod 0400 /etc/metronome/certs/localhost.key');
exec('chown metronome /etc/metronome/certs/localhost.key');
echo "IMPORTANT:\n";
echo "Localhost Key, Csr and a self-signed Cert have been saved to /etc/metronome/certs\n";
echo "In order to work with all clients, the server must have a trusted certificate, so use the Csr\n";
echo "to get a trusted certificate from your CA or replace Key and Cert with already signed files for\n";
echo "your domain. Clients like Pidgin dont allow to use untrusted self-signed certificates.\n";
echo "\n";
/*
echo "-----\n";
echo "Metronome XMPP SSL server certificate is not renewed. Run the following command manual as root to recreate it:\n";
echo "# (cd /etc/metronome/certs && make localhost.key && make localhost.csr && make localhost.cert && chmod 0400 localhost.key && chown metronome localhost.key)\n";
echo "-----\n";
// Copy init script
caselog('cp -f apps/metronome-init /etc/init.d/metronome', __FILE__, __LINE__);
caselog('chmod u+x /etc/init.d/metronome', __FILE__, __LINE__);
caselog('update-rc.d metronome defaults', __FILE__, __LINE__);
exec($this->getinitcommand($conf['xmpp']['init_script'], 'restart'));
}
public function configure_apache() {
global $conf;
if($conf['apache']['installed'] == false) return;
//* Create the logging directory for the vhost logfiles
if(!@is_dir($conf['ispconfig_log_dir'].'/httpd')) mkdir($conf['ispconfig_log_dir'].'/httpd', 0755, true);
if(is_file('/etc/suphp/suphp.conf')) {
replaceLine('/etc/suphp/suphp.conf', 'php="php:/usr/bin', 'x-httpd-suphp="php:/usr/bin/php-cgi"', 0);
//replaceLine('/etc/suphp/suphp.conf','docroot=','docroot=/var/clients',0);
replaceLine('/etc/suphp/suphp.conf', 'umask=00', 'umask=0022', 0);
}
if(is_file('/etc/apache2/sites-enabled/000-default')) {
replaceLine('/etc/apache2/sites-available/000-default', 'NameVirtualHost *', 'NameVirtualHost *:80', 1, 0);
replaceLine('/etc/apache2/sites-available/000-default', '<VirtualHost *>', '<VirtualHost *:80>', 1, 0);
}
if(is_file('/etc/apache2/ports.conf')) {
// add a line "Listen 443" to ports conf if line does not exist
replaceLine('/etc/apache2/ports.conf', 'Listen 443', 'Listen 443', 1);
Till Brehm
committed
// Comment out the namevirtualhost lines, as they were added by ispconfig in ispconfig.conf file again
replaceLine('/etc/apache2/ports.conf', 'NameVirtualHost *:80', '# NameVirtualHost *:80', 1);
replaceLine('/etc/apache2/ports.conf', 'NameVirtualHost *:443', '# NameVirtualHost *:443', 1);
if(is_file('/etc/apache2/mods-available/fcgid.conf')) {
// add or modify the parameters for fcgid.conf
replaceLine('/etc/apache2/mods-available/fcgid.conf','MaxRequestLen','MaxRequestLen 15728640',1);
}
if(is_file('/etc/apache2/apache.conf')) {
if(hasLine('/etc/apache2/apache.conf', 'Include sites-enabled/', 1) == false) {
if(hasLine('/etc/apache2/apache.conf', 'IncludeOptional sites-enabled/*.conf', 1) == false && hasLine('/etc/apache2/apache.conf', 'IncludeOptional sites-enabled/', 1) == false) {
replaceLine('/etc/apache2/apache.conf', 'Include sites-enabled/', 'Include sites-enabled/', 1, 1);
} elseif(hasLine('/etc/apache2/apache.conf', 'IncludeOptional sites-enabled/*.vhost', 1) == false) {
replaceLine('/etc/apache2/apache.conf', 'IncludeOptional sites-enabled/*.vhost', 'IncludeOptional sites-enabled/', 1, 1);
}
}
}
if(is_file('/etc/apache2/apache2.conf')) {
if(hasLine('/etc/apache2/apache2.conf', 'Include sites-enabled/', 1) == false && hasLine('/etc/apache2/apache2.conf', 'IncludeOptional sites-enabled/', 1) == false) {
if(hasLine('/etc/apache2/apache2.conf', 'Include sites-enabled/*.conf', 1) == true) {
replaceLine('/etc/apache2/apache2.conf', 'Include sites-enabled/*.conf', 'Include sites-enabled/', 1, 1);
} elseif(hasLine('/etc/apache2/apache2.conf', 'IncludeOptional sites-enabled/*.conf', 1) == true) {
replaceLine('/etc/apache2/apache2.conf', 'IncludeOptional sites-enabled/*.conf', 'IncludeOptional sites-enabled/', 1, 1);
//* Copy the ISPConfig configuration include
$vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
$tpl = new tpl('apache_ispconfig.conf.master');
$tpl->setVar('apache_version',getapacheversion());
$records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
if(is_array($records) && count($records) > 0) {
foreach($records as $rec) {
if($rec['ip_type'] == 'IPv6') {
$ip_address = '['.$rec['ip_address'].']';
} else {
$ip_address = $rec['ip_address'];
}
$ports = explode(',', $rec['virtualhost_port']);
if(is_array($ports)) {
foreach($ports as $port) {
$port = intval($port);
if($port > 0 && $port < 65536 && $ip_address != '') {
$ip_addresses[] = array('ip_address' => $ip_address, 'port' => $port);
}
}
}
if(count($ip_addresses) > 0) $tpl->setLoop('ip_adresses',$ip_addresses);
wf($vhost_conf_dir.'/ispconfig.conf', $tpl->grab());
unset($tpl);
if(!@is_link($vhost_conf_enabled_dir.'/000-ispconfig.conf')) {
symlink($vhost_conf_dir.'/ispconfig.conf', $vhost_conf_enabled_dir.'/000-ispconfig.conf');
}
//* make sure that webalizer finds its config file when it is directly in /etc
if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
mkdir('/etc/webalizer');
symlink('/etc/webalizer.conf', '/etc/webalizer/webalizer.conf');
}
if(is_file('/etc/webalizer/webalizer.conf')) {
// Change webalizer mode to incremental
replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental yes', 0, 0);
replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName webalizer.hist', 0, 0);
// Check the awsatst script
if(!is_dir('/usr/share/awstats/tools')) exec('mkdir -p /usr/share/awstats/tools');
if(!file_exists('/usr/share/awstats/tools/awstats_buildstaticpages.pl') && file_exists('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl')) symlink('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl', '/usr/share/awstats/tools/awstats_buildstaticpages.pl');
if(file_exists('/etc/awstats/awstats.conf.local')) replaceLine('/etc/awstats/awstats.conf.local', 'LogFormat=4', 'LogFormat=1', 0, 1);
//* add a sshusers group
$command = 'groupadd sshusers';
if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
}
public function configure_nginx(){
if($conf['nginx']['installed'] == false) return;
//* Create the logging directory for the vhost logfiles
if(!@is_dir($conf['ispconfig_log_dir'].'/httpd')) mkdir($conf['ispconfig_log_dir'].'/httpd', 0755, true);
//* make sure that webalizer finds its config file when it is directly in /etc
if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
mkdir('/etc/webalizer');
symlink('/etc/webalizer.conf', '/etc/webalizer/webalizer.conf');
}
if(is_file('/etc/webalizer/webalizer.conf')) {
// Change webalizer mode to incremental
replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental yes', 0, 0);
replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName webalizer.hist', 0, 0);
// Check the awsatst script
if(!is_dir('/usr/share/awstats/tools')) exec('mkdir -p /usr/share/awstats/tools');
if(!file_exists('/usr/share/awstats/tools/awstats_buildstaticpages.pl') && file_exists('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl')) symlink('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl', '/usr/share/awstats/tools/awstats_buildstaticpages.pl');
if(file_exists('/etc/awstats/awstats.conf.local')) replaceLine('/etc/awstats/awstats.conf.local', 'LogFormat=4', 'LogFormat=1', 0, 1);
//* add a sshusers group
$command = 'groupadd sshusers';
if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
Falko Timme
committed
public function configure_fail2ban() {
public function configure_squid()
{
global $conf;
$row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $conf["server_id"]);
$ip_address = gethostbyname($row["server_name"]);
$server_name = $row["server_name"];
if(is_file($conf["squid"]["config_dir"].'/'.$configfile)) copy($conf["squid"]["config_dir"].'/'.$configfile, $conf["squid"]["config_dir"].'/'.$configfile.'~');
if(is_file($conf["squid"]["config_dir"].'/'.$configfile.'~')) exec('chmod 400 '.$conf["squid"]["config_dir"].'/'.$configfile.'~');
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
$content = str_replace('{server_name}', $server_name, $content);
$content = str_replace('{ip_address}', $ip_address, $content);
$content = str_replace('{config_dir}', $conf['squid']['config_dir'], $content);
wf($conf["squid"]["config_dir"].'/'.$configfile, $content);
exec('chmod 600 '.$conf["squid"]["config_dir"].'/'.$configfile);
exec('chown root:root '.$conf["squid"]["config_dir"].'/'.$configfile);
}
public function configure_ufw_firewall()
{
if($this->is_update == false) {
$configfile = 'ufw.conf';
if(is_file('/etc/ufw/ufw.conf')) copy('/etc/ufw/ufw.conf', '/etc/ufw/ufw.conf~');
$content = rf("tpl/".$configfile.".master");
wf('/etc/ufw/ufw.conf', $content);
exec('chmod 600 /etc/ufw/ufw.conf');
exec('chown root:root /etc/ufw/ufw.conf');
}
public function configure_bastille_firewall() {
global $conf;
$dist_init_scripts = $conf['init_scripts'];
if(is_dir('/etc/Bastille.backup')) caselog('rm -rf /etc/Bastille.backup', __FILE__, __LINE__);
if(is_dir('/etc/Bastille')) caselog('mv -f /etc/Bastille /etc/Bastille.backup', __FILE__, __LINE__);
@mkdir('/etc/Bastille', 0700);
if(is_dir('/etc/Bastille.backup/firewall.d')) caselog('cp -pfr /etc/Bastille.backup/firewall.d /etc/Bastille/', __FILE__, __LINE__);
if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/bastille-firewall.cfg.master')) {
caselog('cp -f ' . $conf['ispconfig_install_dir'].'/server/conf-custom/install/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg', __FILE__, __LINE__);
} else {
caselog('cp -f tpl/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg', __FILE__, __LINE__);
}
caselog('chmod 644 /etc/Bastille/bastille-firewall.cfg', __FILE__, __LINE__);
$content = rf('/etc/Bastille/bastille-firewall.cfg');
$content = str_replace('{DNS_SERVERS}', '', $content);
$tcp_public_services = '';
$udp_public_services = '';
$row = $this->db->queryOneRecord('SELECT * FROM ?? WHERE server_id = ?', $conf["mysql"]["database"] . '.firewall', $conf['server_id']);
if(trim($row['tcp_port']) != '' || trim($row['udp_port']) != '') {
$tcp_public_services = trim(str_replace(',', ' ', $row['tcp_port']));
$udp_public_services = trim(str_replace(',', ' ', $row['udp_port']));
} else {
$tcp_public_services = '21 22 25 53 80 110 143 443 3306 8080 10000';
$udp_public_services = '53';
}
if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
$tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
if($row['tcp_port'] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ? WHERE server_id = ?", ',' . intval($conf['apache']['vhost_port']), $conf['server_id']);
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
}
$content = str_replace('{TCP_PUBLIC_SERVICES}', $tcp_public_services, $content);
$content = str_replace('{UDP_PUBLIC_SERVICES}', $udp_public_services, $content);
wf('/etc/Bastille/bastille-firewall.cfg', $content);
if(is_file($dist_init_scripts.'/bastille-firewall')) caselog('mv -f '.$dist_init_scripts.'/bastille-firewall '.$dist_init_scripts.'/bastille-firewall.backup', __FILE__, __LINE__);
caselog('cp -f apps/bastille-firewall '.$dist_init_scripts, __FILE__, __LINE__);
caselog('chmod 700 '.$dist_init_scripts.'/bastille-firewall', __FILE__, __LINE__);
if(is_file('/sbin/bastille-ipchains')) caselog('mv -f /sbin/bastille-ipchains /sbin/bastille-ipchains.backup', __FILE__, __LINE__);
caselog('cp -f apps/bastille-ipchains /sbin', __FILE__, __LINE__);
caselog('chmod 700 /sbin/bastille-ipchains', __FILE__, __LINE__);
if(is_file('/sbin/bastille-netfilter')) caselog('mv -f /sbin/bastille-netfilter /sbin/bastille-netfilter.backup', __FILE__, __LINE__);
caselog('cp -f apps/bastille-netfilter /sbin', __FILE__, __LINE__);
caselog('chmod 700 /sbin/bastille-netfilter', __FILE__, __LINE__);
if(!@is_dir('/var/lock/subsys')) caselog('mkdir /var/lock/subsys', __FILE__, __LINE__);
exec('which ipchains &> /dev/null', $ipchains_location, $ret_val);
if(!is_file('/sbin/ipchains') && !is_link('/sbin/ipchains') && $ret_val == 0) phpcaselog(@symlink(shell_exec('which ipchains'), '/sbin/ipchains'), 'create symlink', __FILE__, __LINE__);
unset($ipchains_location);
exec('which iptables &> /dev/null', $iptables_location, $ret_val);
if(!is_file('/sbin/iptables') && !is_link('/sbin/iptables') && $ret_val == 0) phpcaselog(@symlink(trim(shell_exec('which iptables')), '/sbin/iptables'), 'create symlink', __FILE__, __LINE__);
unset($iptables_location);
}
public function configure_vlogger() {
global $conf;
//** Configure vlogger to use traffic logging to mysql (master) db
$configfile = 'vlogger-dbi.conf';
if(is_file($conf['vlogger']['config_dir'].'/'.$configfile)) copy($conf['vlogger']['config_dir'].'/'.$configfile, $conf['vlogger']['config_dir'].'/'.$configfile.'~');
if(is_file($conf['vlogger']['config_dir'].'/'.$configfile.'~')) chmod($conf['vlogger']['config_dir'].'/'.$configfile.'~', 0400);
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
if($conf['mysql']['master_slave_setup'] == 'y') {
$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
$content = str_replace('{mysql_server_database}', $conf['mysql']['master_database'], $content);
$content = str_replace('{mysql_server_ip}', $conf['mysql']['master_host'], $content);
$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
wf($conf['vlogger']['config_dir'].'/'.$configfile, $content);
chmod($conf['vlogger']['config_dir'].'/'.$configfile, 0600);
chown($conf['vlogger']['config_dir'].'/'.$configfile, 'root');
chgrp($conf['vlogger']['config_dir'].'/'.$configfile, 'root');
}
public function configure_apps_vhost() {
global $conf;
//* Create the ispconfig apps vhost user and group
if($conf['apache']['installed'] == true){
$apps_vhost_user = escapeshellcmd($conf['web']['apps_vhost_user']);
$apps_vhost_group = escapeshellcmd($conf['web']['apps_vhost_group']);
$install_dir = escapeshellcmd($conf['web']['website_basedir'].'/apps');
$command = 'groupadd '.$apps_vhost_user;
if(!is_group($apps_vhost_group)) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
$command = 'useradd -g '.$apps_vhost_group.' -d '.$install_dir.' '.$apps_vhost_group;
if(!is_user($apps_vhost_user)) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
//$command = 'adduser '.$conf['apache']['user'].' '.$apps_vhost_group;
$command = 'usermod -a -G '.$apps_vhost_group.' '.$conf['apache']['user'];
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
Falko Timme
committed
if(!@is_dir($install_dir)){
mkdir($install_dir, 0755, true);
} else {
chmod($install_dir, 0755);
}
chown($install_dir, $apps_vhost_user);
chgrp($install_dir, $apps_vhost_group);
//* Copy the apps vhost file
$vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
$apps_vhost_servername = ($conf['web']['apps_vhost_servername'] == '')?'':'ServerName '.$conf['web']['apps_vhost_servername'];
//* Get the apps vhost port
if($this->is_update == true) {
$conf['web']['apps_vhost_port'] = get_apps_vhost_port_number();
}
// Dont just copy over the virtualhost template but add some custom settings
$tpl = new tpl('apache_apps.vhost.master');
$tpl->setVar('apps_vhost_ip',$conf['web']['apps_vhost_ip']);
$tpl->setVar('apps_vhost_port',$conf['web']['apps_vhost_port']);
$tpl->setVar('apps_vhost_dir',$conf['web']['website_basedir'].'/apps');
$tpl->setVar('apps_vhost_basedir',$conf['web']['website_basedir']);
$tpl->setVar('apps_vhost_servername',$apps_vhost_servername);
$tpl->setVar('apache_version',getapacheversion());
// comment out the listen directive if port is 80 or 443
if($conf['web']['apps_vhost_ip'] == 80 or $conf['web']['apps_vhost_ip'] == 443) {
$tpl->setVar('vhost_port_listen','#');
$tpl->setVar('vhost_port_listen','');
wf($vhost_conf_dir.'/apps.vhost', $tpl->grab());
unset($tpl);
//copy('tpl/apache_ispconfig.vhost.master', "$vhost_conf_dir/ispconfig.vhost");
//* and create the symlink
if(@is_link($vhost_conf_enabled_dir.'/apps.vhost')) unlink($vhost_conf_enabled_dir.'/apps.vhost');
if(!@is_link($vhost_conf_enabled_dir.'/000-apps.vhost')) {