Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
I
ISPConfig 3
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
482
Issues
482
List
Boards
Labels
Service Desk
Milestones
Merge Requests
23
Merge Requests
23
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
ISPConfig
ISPConfig 3
Commits
6b029af6
Commit
6b029af6
authored
Jul 05, 2009
by
tbrehm
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Added security levels for apache.
parent
c8d40dcd
Changes
10
Hide whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
126 additions
and
26 deletions
+126
-26
install/dist/lib/fedora.lib.php
install/dist/lib/fedora.lib.php
+4
-0
install/dist/lib/opensuse.lib.php
install/dist/lib/opensuse.lib.php
+4
-0
install/lib/installer_base.lib.php
install/lib/installer_base.lib.php
+8
-0
install/tpl/server.ini.master
install/tpl/server.ini.master
+3
-0
interface/web/admin/form/server_config.tform.php
interface/web/admin/form/server_config.tform.php
+28
-0
interface/web/admin/lib/lang/en_server_config.lng
interface/web/admin/lib/lang/en_server_config.lng
+1
-0
interface/web/admin/templates/server_config_web_edit.htm
interface/web/admin/templates/server_config_web_edit.htm
+16
-0
interface/web/dns/lib/module.conf.php
interface/web/dns/lib/module.conf.php
+20
-20
server/conf/vhost.conf.master
server/conf/vhost.conf.master
+6
-2
server/plugins-available/apache2_plugin.inc.php
server/plugins-available/apache2_plugin.inc.php
+36
-4
No files found.
install/dist/lib/fedora.lib.php
View file @
6b029af6
...
...
@@ -444,6 +444,10 @@ class installer_dist extends installer_base {
exec
(
"ln -s "
.
$vhost_conf_dir
.
"/ispconfig.conf "
.
$vhost_conf_enabled_dir
.
"/000-ispconfig.conf"
);
}
//* add a sshusers group
$command
=
'groupadd sshusers'
;
if
(
!
is_group
(
'sshusers'
))
caselog
(
$command
.
' &> /dev/null 2> /dev/null'
,
__FILE__
,
__LINE__
,
"EXECUTED:
$command
"
,
"Failed to execute the command
$command
"
);
}
public
function
configure_firewall
()
...
...
install/dist/lib/opensuse.lib.php
View file @
6b029af6
...
...
@@ -464,6 +464,10 @@ class installer_dist extends installer_base {
exec
(
"ln -s "
.
$vhost_conf_dir
.
"/ispconfig.conf "
.
$vhost_conf_enabled_dir
.
"/000-ispconfig.conf"
);
}
//* add a sshusers group
$command
=
'groupadd sshusers'
;
if
(
!
is_group
(
'sshusers'
))
caselog
(
$command
.
' &> /dev/null 2> /dev/null'
,
__FILE__
,
__LINE__
,
"EXECUTED:
$command
"
,
"Failed to execute the command
$command
"
);
}
public
function
configure_firewall
()
...
...
install/lib/installer_base.lib.php
View file @
6b029af6
...
...
@@ -211,6 +211,9 @@ class installer_base {
$tpl_ini_array
[
'web'
][
'website_path'
]
=
$conf
[
'web'
][
'website_path'
];
$tpl_ini_array
[
'web'
][
'website_symlinks'
]
=
$conf
[
'web'
][
'website_symlinks'
];
$tpl_ini_array
[
'cron'
][
'crontab_dir'
]
=
$conf
[
'cron'
][
'crontab_dir'
];
$tpl_ini_array
[
'web'
][
'security_level'
]
=
20
;
$tpl_ini_array
[
'web'
][
'user'
]
=
$conf
[
'web'
][
'user'
];
$tpl_ini_array
[
'web'
][
'group'
]
=
$conf
[
'web'
][
'group'
];
$server_ini_content
=
array_to_ini
(
$tpl_ini_array
);
$server_ini_content
=
mysql_real_escape_string
(
$server_ini_content
);
...
...
@@ -815,6 +818,11 @@ class installer_base {
exec
(
'ln -s /etc/webalizer.conf /etc/webalizer/webalizer.conf'
);
}
//* add a sshusers group
$command
=
'groupadd sshusers'
;
if
(
!
is_group
(
'sshusers'
))
caselog
(
$command
.
' &> /dev/null 2> /dev/null'
,
__FILE__
,
__LINE__
,
"EXECUTED:
$command
"
,
"Failed to execute the command
$command
"
);
}
...
...
install/tpl/server.ini.master
View file @
6b029af6
...
...
@@ -34,6 +34,9 @@ website_path=/var/www/clients/client[client_id]/web[website_id]
website_symlinks=/var/www/[website_domain]/:/var/www/clients/client[client_id]/[website_domain]/
vhost_conf_dir=/etc/apache2/sites-available
vhost_conf_enabled_dir=/etc/apache2/sites-enabled
securiry_level=10
apache_user=www-data
apache_group=www-data
[fastcgi]
fastcgi_starter_path=/var/www/php-fcgi-scripts/[system_user]/
...
...
interface/web/admin/form/server_config.tform.php
View file @
6b029af6
...
...
@@ -339,6 +339,34 @@ $form["tabs"]['web'] = array (
'width'
=>
'40'
,
'maxlength'
=>
'255'
),
'security_level'
=>
array
(
'datatype'
=>
'VARCHAR'
,
'formtype'
=>
'SELECT'
,
'default'
=>
'20'
,
'value'
=>
array
(
'10'
=>
'Medium'
,
'20'
=>
'High'
)
),
'user'
=>
array
(
'datatype'
=>
'VARCHAR'
,
'formtype'
=>
'TEXT'
,
'default'
=>
''
,
'validators'
=>
array
(
0
=>
array
(
'type'
=>
'NOTEMPTY'
,
'errmsg'
=>
'apache_user_error_empty'
),
),
'value'
=>
''
,
'width'
=>
'40'
,
'maxlength'
=>
'255'
),
'group'
=>
array
(
'datatype'
=>
'VARCHAR'
,
'formtype'
=>
'TEXT'
,
'default'
=>
''
,
'validators'
=>
array
(
0
=>
array
(
'type'
=>
'NOTEMPTY'
,
'errmsg'
=>
'apache_group_error_empty'
),
),
'value'
=>
''
,
'width'
=>
'40'
,
'maxlength'
=>
'255'
),
##################################
# ENDE Datatable fields
##################################
...
...
interface/web/admin/lib/lang/en_server_config.lng
View file @
6b029af6
...
...
@@ -43,4 +43,5 @@ $wb["config_dir_txt"] = 'Config directory';
$wb
[
"init_script_txt"
]
=
'Cron init script name'
;
$wb
[
"crontab_dir_txt"
]
=
'Path for individual crontabs'
;
$wb
[
"wget_txt"
]
=
'Path to wget program'
;
$wb
[
"security_level_txt"
]
=
'Security level'
;
?>
\ No newline at end of file
interface/web/admin/templates/server_config_web_edit.htm
View file @
6b029af6
...
...
@@ -25,6 +25,22 @@
<label
for=
"vhost_conf_enabled_dir"
>
{tmpl_var name='vhost_conf_enabled_dir_txt'}
</label>
<input
name=
"vhost_conf_enabled_dir"
id=
"vhost_conf_enabled_dir"
value=
"{tmpl_var name='vhost_conf_enabled_dir'}"
size=
"40"
maxlength=
"255"
type=
"text"
class=
"textInput"
/>
</div>
<div
class=
"ctrlHolder"
>
<p
class=
"label"
>
{tmpl_var name='security_level_txt'}
</p>
<div
class=
"multiField"
>
<select
name=
"security_level"
id=
"security_level"
class=
"selectInput"
>
{tmpl_var name='security_level'}
</select>
</div>
</div>
<div
class=
"ctrlHolder"
>
<label
for=
"user"
>
{tmpl_var name='user_txt'}
</label>
<input
name=
"user"
id=
"user"
value=
"{tmpl_var name='user'}"
size=
"40"
maxlength=
"255"
type=
"text"
class=
"textInput"
/>
</div>
<div
class=
"ctrlHolder"
>
<label
for=
"group"
>
{tmpl_var name='group_txt'}
</label>
<input
name=
"group"
id=
"group"
value=
"{tmpl_var name='group'}"
size=
"40"
maxlength=
"255"
type=
"text"
class=
"textInput"
/>
</div>
</fieldset>
<input
type=
"hidden"
name=
"id"
value=
"{tmpl_var name='id'}"
>
...
...
interface/web/dns/lib/module.conf.php
View file @
6b029af6
...
...
@@ -6,6 +6,26 @@ $module["template"] = "module.tpl.htm";
$module
[
"startpage"
]
=
"dns/dns_soa_list.php"
;
$module
[
"tab_width"
]
=
''
;
$items
[]
=
array
(
'title'
=>
"Add DNS Zone"
,
'target'
=>
'content'
,
'link'
=>
'dns/dns_wizard.php'
);
if
(
$_SESSION
[
"s"
][
"user"
][
"typ"
]
==
'admin'
)
{
$items
[]
=
array
(
'title'
=>
"Templates"
,
'target'
=>
'content'
,
'link'
=>
'dns/dns_template_list.php'
);
}
$module
[
"nav"
][]
=
array
(
'title'
=>
'DNS Wizard'
,
'open'
=>
1
,
'items'
=>
$items
);
unset
(
$items
);
/*
Email accounts menu
*/
...
...
@@ -28,26 +48,6 @@ $module["nav"][] = array( 'title' => 'DNS',
unset
(
$items
);
$items
[]
=
array
(
'title'
=>
"Add DNS Zone"
,
'target'
=>
'content'
,
'link'
=>
'dns/dns_wizard.php'
);
if
(
$_SESSION
[
"s"
][
"user"
][
"typ"
]
==
'admin'
)
{
$items
[]
=
array
(
'title'
=>
"Templates"
,
'target'
=>
'content'
,
'link'
=>
'dns/dns_template_list.php'
);
}
$module
[
"nav"
][]
=
array
(
'title'
=>
'DNS Wizard'
,
'open'
=>
1
,
'items'
=>
$items
);
...
...
server/conf/vhost.conf.master
View file @
6b029af6
...
...
@@ -95,7 +95,9 @@
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@<tmpl_var name='domain'>"
php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp
php_admin_value session.save_path <tmpl_var name='document_root'>/tmp
#php_admin_value open_basedir <tmpl_var name='document_root'>:/usr/share/php5
<tmpl_if name='security_level' op='==' value='20'>
php_admin_value open_basedir <tmpl_var name='document_root'>/web:<tmpl_var name='document_root'>/tmp:/usr/share/php5
</tmpl_if>
</tmpl_if>
<tmpl_if name='php' op='==' value='suphp'>
# suphp enabled
...
...
@@ -249,7 +251,9 @@
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@<tmpl_var name='domain'>"
php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp
php_admin_value session.save_path <tmpl_var name='document_root'>/tmp
#php_admin_value open_basedir <tmpl_var name='document_root'>:/usr/share/php5
<tmpl_if name='security_level' op='==' value='20'>
php_admin_value open_basedir <tmpl_var name='document_root'>/web:<tmpl_var name='document_root'>/tmp:/usr/share/php5
</tmpl_if>
</tmpl_if>
<tmpl_if name='php' op='==' value='suphp'>
suPHP_Engine on
...
...
server/plugins-available/apache2_plugin.inc.php
View file @
6b029af6
...
...
@@ -443,7 +443,7 @@ class apache2_plugin {
$username
=
escapeshellcmd
(
$data
[
"new"
][
"system_user"
]);
if
(
$data
[
"new"
][
"system_user"
]
!=
''
&&
!
$app
->
system
->
is_user
(
$data
[
"new"
][
"system_user"
]))
{
exec
(
"useradd -d "
.
escapeshellcmd
(
$data
[
"new"
][
"document_root"
])
.
" -g
$groupname
$username
-s /bin/false"
);
exec
(
"useradd -d "
.
escapeshellcmd
(
$data
[
"new"
][
"document_root"
])
.
" -g
$groupname
-G sshusers
$username
-s /bin/false"
);
$app
->
log
(
"Adding the user:
$username
"
,
LOGLEVEL_DEBUG
);
}
...
...
@@ -459,7 +459,6 @@ class apache2_plugin {
exec
(
"setquota -T -u
$username
604800 604800 -a &> /dev/null"
);
}
if
(
$this
->
action
==
'insert'
)
{
// Chown and chmod the directories below the document root
exec
(
"chown -R
$username
:
$groupname
"
.
escapeshellcmd
(
$data
[
"new"
][
"document_root"
]));
...
...
@@ -468,8 +467,40 @@ class apache2_plugin {
exec
(
"chown root:root "
.
escapeshellcmd
(
$data
[
"new"
][
"document_root"
]));
}
// make temp direcory writable for the apache user and the website user
exec
(
"chmod 777 "
.
escapeshellcmd
(
$data
[
"new"
][
"document_root"
]
.
"/tmp"
));
// If the security level is set to high
if
(
$web_config
[
'security_level'
]
==
20
)
{
exec
(
"chmod 711 "
.
escapeshellcmd
(
$data
[
"new"
][
"document_root"
]
.
"/"
));
exec
(
"chmod 711 "
.
escapeshellcmd
(
$data
[
"new"
][
"document_root"
]
.
"/*"
));
exec
(
"chmod 710 "
.
escapeshellcmd
(
$data
[
"new"
][
"document_root"
]
.
"/web"
));
//* Change the home directory and group of the website user
$command
=
'usermod'
;
$command
.
=
' --groups sshusers,'
.
escapeshellcmd
(
$web_config
[
'group'
]);
$command
.
=
' '
.
escapeshellcmd
(
$data
[
"new"
][
"system_user"
]);
exec
(
$command
);
$app
->
log
(
"Modifying user:
$command
"
,
LOGLEVEL_DEBUG
);
// make temp direcory writable for the apache user and the website user
// exec("chmod 777 ".escapeshellcmd($data["new"]["document_root"]."/tmp"));
// If the security Level is set to medium
}
else
{
exec
(
"chmod 755 "
.
escapeshellcmd
(
$data
[
"new"
][
"document_root"
]
.
"/"
));
exec
(
"chmod 755 "
.
escapeshellcmd
(
$data
[
"new"
][
"document_root"
]
.
"/*"
));
//* Change the home directory and group of the website user
$command
=
'usermod'
;
$command
.
=
' --groups sshusers '
;
$command
.
=
' '
.
escapeshellcmd
(
$data
[
"new"
][
"system_user"
]);
exec
(
$command
);
$app
->
log
(
"Modifying user:
$command
"
,
LOGLEVEL_DEBUG
);
// make temp direcory writable for the apache user and the website user
exec
(
"chmod 777 "
.
escapeshellcmd
(
$data
[
"new"
][
"document_root"
]
.
"/tmp"
));
}
// Create the vhost config file
...
...
@@ -482,6 +513,7 @@ class apache2_plugin {
$vhost_data
[
"web_document_root"
]
=
$data
[
"new"
][
"document_root"
]
.
"/web"
;
$vhost_data
[
"web_document_root_www"
]
=
$web_config
[
"website_basedir"
]
.
"/"
.
$data
[
"new"
][
"domain"
]
.
"/web"
;
$vhost_data
[
"web_basedir"
]
=
$web_config
[
"website_basedir"
];
$vhost_data
[
"security_level"
]
=
$web_config
[
"security_level"
];
// Check if a SSL cert exists
$ssl_dir
=
$data
[
"new"
][
"document_root"
]
.
"/ssl"
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment