From cb8c86a5eb7b70feb29a2ef7503aae497d40bf57 Mon Sep 17 00:00:00 2001 From: wyrie Date: Wed, 2 Dec 2009 11:57:59 +0000 Subject: [PATCH] Implemented: FS#973 - Gentoo support for installer. Fixed FS#974 - Directory mode for firewall configuration --- install/dist/conf/gentoo.conf.php | 169 ++-- install/dist/lib/gentoo.lib.php | 728 +++++++++++++++++- .../tpl/gentoo/amavisd-ispconfig.conf.master | 98 +++ .../tpl/gentoo/apache_ispconfig.conf.master | 16 + install/dist/tpl/gentoo/jk_init.ini.master | 154 ++++ install/install.php | 4 +- install/lib/install.lib.php | 14 +- install/lib/installer_base.lib.php | 117 ++- 8 files changed, 1249 insertions(+), 51 deletions(-) create mode 100644 install/dist/tpl/gentoo/amavisd-ispconfig.conf.master create mode 100644 install/dist/tpl/gentoo/apache_ispconfig.conf.master create mode 100644 install/dist/tpl/gentoo/jk_init.ini.master diff --git a/install/dist/conf/gentoo.conf.php b/install/dist/conf/gentoo.conf.php index 95cf32ab9f..71a1413be4 100644 --- a/install/dist/conf/gentoo.conf.php +++ b/install/dist/conf/gentoo.conf.php @@ -31,85 +31,162 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. //*** Gentoo default settings //* Main -$dist['init_scripts'] = '/etc/init.d'; -$dist['runlevel'] = '/etc'; -$dist['shells'] = '/etc/shells'; -$dist['cron_tab'] = '/var/spool/cron/crontabs/root'; -$dist['pam'] = '/etc/pam.d'; +$conf['language'] = 'en'; +$conf['distname'] = 'gentoo-1.12.11.1'; +$conf['hostname'] = 'server1.domain.tld'; // Full hostname +$conf['ispconfig_install_dir'] = '/usr/local/ispconfig'; +$conf['ispconfig_config_dir'] = '/usr/local/ispconfig'; +$conf['ispconfig_log_priority'] = 2; // 0 = Debug, 1 = Warning, 2 = Error +$conf['server_id'] = 1; +$conf['init_scripts'] = '/etc/init.d'; +$conf['runlevel'] = '/etc'; +$conf['shells'] = '/etc/shells'; +$conf['cron_tab'] = '/var/spool/cron/crontabs/root'; +$conf['pam'] = '/etc/pam.d'; + +//* Services provided by this server, this selection will be overridden by the expert mode +$conf['services']['mail'] = true; +$conf['services']['web'] = true; +$conf['services']['dns'] = true; +$conf['services']['file'] = true; +$conf['services']['db'] = true; +$conf['services']['vserver'] = true; //* MySQL -$dist['mysql']['init_script'] = 'mysql'; +$conf['mysql']['installed'] = false; // will be detected automatically during installation +$conf['mysql']['init_script'] = 'mysql'; +$conf['mysql']['host'] = 'localhost'; +$conf['mysql']['ip'] = '127.0.0.1'; +$conf['mysql']['port'] = '3306'; +$conf['mysql']['database'] = 'dbispconfig'; +$conf['mysql']['admin_user'] = 'root'; +$conf['mysql']['admin_password'] = ''; +$conf['mysql']['charset'] = 'utf8'; +$conf['mysql']['ispconfig_user'] = 'ispconfig'; +$conf['mysql']['ispconfig_password'] = md5 (uniqid (rand())); +$conf['mysql']['master_slave_setup'] = 'n'; +$conf['mysql']['master_host'] = ''; +$conf['mysql']['master_database'] = 'dbispconfig'; +$conf['mysql']['master_admin_user'] = 'root'; +$conf['mysql']['master_admin_password'] = ''; +$conf['mysql']['master_ispconfig_user'] = ''; +$conf['mysql']['master_ispconfig_password'] = md5 (uniqid (rand())); + +//* SuPHP +$conf['suphp']['config_file'] = '/etc/suphp.conf'; //* Apache -$dist['apache']['user'] = 'apache'; -$dist['apache']['group'] = 'apache'; -$dist['apache']['init_script'] = 'apache2'; -$dist['apache']['version'] = '2.2'; -$dist['apache']['vhost_dist_dir'] = '/etc/apache2/vhosts.d'; -$dist['apache']['vhost_dist_enabled_dir'] = '/etc/apache2/vhosts.d'; +$conf['apache']['installed'] = false; // will be detected automatically during installation +$conf['apache']['user'] = 'apache'; +$conf['apache']['group'] = 'apache'; +$conf['apache']['init_script'] = 'apache2'; +$conf['apache']['version'] = '2.2'; +$conf['apache']['config_dir'] = '/etc/apache2'; +$conf['apache']['config_file'] = $conf['apache']['config_dir'] .'/httpd.conf'; +$conf['apache']['ssl_dir'] = $conf['apache']['config_dir'] .'/ssl'; +$conf['apache']['vhost_conf_dir'] = $conf['apache']['config_dir'] . '/vhosts.d'; +$conf['apache']['vhost_conf_enabled_dir'] = $conf['apache']['vhost_conf_dir']; +$conf['apache']['vhost_default'] = '00_default_vhost.conf'; $conf['apache']['vhost_port'] = '8080'; +//* Website base settings +$conf['web']['website_basedir'] = '/var/www'; +$conf['web']['website_path'] = '/var/www/clients/client[client_id]/web[website_id]'; +$conf['web']['website_symlinks'] = '/var/www/[website_domain]/:/var/www/clients/client[client_id]/[website_domain]/'; + +//* Apps base settings +$conf['web']['apps_vhost_ip'] = '_default_'; +$conf['web']['apps_vhost_port'] = '8081'; +$conf['web']['apps_vhost_servername'] = ''; +$conf['web']['apps_vhost_user'] = 'ispapps'; +$conf['web']['apps_vhost_group'] = 'ispapps'; + +//* Fastcgi +$conf['fastcgi']['fastcgi_phpini_path'] = '/etc/php5/cgi/'; +$conf['fastcgi']['fastcgi_starter_path'] = '/var/www/php-fcgi-scripts/[system_user]/'; + //* Postfix -$dist['postfix']['config_dir'] = '/etc/postfix'; -$dist['postfix']['init_script'] = 'postfix'; -$dist['postfix']['user'] = 'postfix'; -$dist['postfix']['group'] = 'postfix'; -$dist['postfix']['vmail_userid'] = '5000'; -$dist['postfix']['vmail_username'] = 'vmail'; -$dist['postfix']['vmail_groupid'] = '5000'; -$dist['postfix']['vmail_groupname'] = 'vmail'; -$dist['postfix']['vmail_mailbox_base'] = '/var/vmail'; +$conf['postfix']['installed'] = false; // will be detected automatically during installation +$conf['postfix']['config_dir'] = '/etc/postfix'; +$conf['postfix']['init_script'] = 'postfix'; +$conf['postfix']['user'] = 'postfix'; +$conf['postfix']['group'] = 'postfix'; +$conf['postfix']['vmail_userid'] = '5000'; +$conf['postfix']['vmail_username'] = 'vmail'; +$conf['postfix']['vmail_groupid'] = '5000'; +$conf['postfix']['vmail_groupname'] = 'vmail'; +$conf['postfix']['vmail_mailbox_base'] = '/var/vmail'; //* Getmail -$dist['getmail']['config_dir'] = '/etc/getmail'; -$dist['getmail']['program'] = '/usr/bin/getmail'; +$conf['getmail']['installed'] = false; // will be detected automatically during installation +$conf['getmail']['user'] = 'getmail'; +$conf['getmail']['config_dir'] = '/etc/getmail'; +$conf['getmail']['program'] = '/usr/bin/getmail'; //* Courier -$dist['courier']['config_dir'] = '/etc/courier'; -$dist['courier']['courier-authdaemon'] = 'courier-authlib'; -$dist['courier']['courier-imap'] = 'courier-imapd'; -$dist['courier']['courier-imap-ssl'] = 'courier-imapd-ssl'; -$dist['courier']['courier-pop'] = 'courier-pop3d'; -$dist['courier']['courier-pop-ssl'] = 'courier-pop3d-ssl'; +$conf['courier']['installed'] = false; // will be detected automatically during installation +$conf['courier']['config_dir'] = '/etc/courier/authlib'; +$conf['courier']['courier-authdaemon'] = 'courier-authlib'; +$conf['courier']['courier-imap'] = 'courier-imapd'; +$conf['courier']['courier-imap-ssl'] = 'courier-imapd-ssl'; +$conf['courier']['courier-pop'] = 'courier-pop3d'; +$conf['courier']['courier-pop-ssl'] = 'courier-pop3d-ssl'; //* SASL -$dist['saslauthd']['config'] = '/etc/default/saslauthd'; -$dist['saslauthd']['init_script'] = 'saslauthd'; +$conf['saslauthd']['installed'] = false; // will be detected automatically during installation +$conf['saslauthd']['config_file'] = '/etc/conf.d/saslauthd'; +$conf['saslauthd']['config_dir'] = '/etc/sasl2'; +$conf['saslauthd']['init_script'] = 'saslauthd'; //* Amavisd -$dist['amavis']['config_dir'] = '/etc/amavis'; -$dist['amavis']['init_script'] = 'amavisd'; +$conf['amavis']['installed'] = false; // will be detected automatically during installation +$conf['amavis']['config_file'] = '/etc/amavisd.conf'; +$conf['amavis']['init_script'] = 'amavisd'; //* ClamAV -$dist['clamav']['init_script'] = 'clamd'; +$conf['clamav']['installed'] = false; // will be detected automatically during installation +$conf['clamav']['init_script'] = 'clamd'; //* Pureftpd -$dist['pureftpd']['config_dir'] = '/etc/pure-ftpd'; -$dist['pureftpd']['init_script'] = 'pure-ftpd'; +$conf['pureftpd']['installed'] = false; // will be detected automatically during installation +$conf['pureftpd']['config_file'] = '/etc/conf.d/pure-ftpd'; +$conf['pureftpd']['mysql_config_file'] = '/etc/pureftpd-mysql.conf'; +$conf['pureftpd']['init_script'] = 'pure-ftpd'; //* MyDNS -$dist['mydns']['config_dir'] = '/etc'; -$dist['mydns']['init_script'] = 'mydns'; +$conf['mydns']['installed'] = false; // will be detected automatically during installation +$conf['mydns']['config_dir'] = '/etc'; +$conf['mydns']['init_script'] = 'mydns'; //* PowerDNS $conf['powerdns']['installed'] = false; // will be detected automatically during installation $conf['powerdns']['database'] = 'powerdns'; -$conf["powerdns"]["config_dir"] = '/etc/powerdns/pdns.d'; -$conf['powerdns']['init_script'] = 'pdns'; +$conf["powerdns"]["config_dir"] = '/etc/powerdns'; +$conf["powerdns"]["config_file"] = 'pdns-local.conf'; +$conf['powerdns']['init_script'] = 'pdns.local'; + +//* BIND DNS Server +$conf['bind']['installed'] = false; // will be detected automatically during installation +$conf['bind']['bind_user'] = 'root'; +$conf['bind']['bind_group'] = 'bind'; +$conf['bind']['bind_zonefiles_dir'] = '/etc/bind'; +$conf['bind']['named_conf_path'] = '/etc/bind/named.conf'; +$conf['bind']['named_conf_local_path'] = '/etc/bind/named.conf.local'; +$conf['bind']['init_script'] = 'named'; //* Jailkit +$conf['jailkit']['installed'] = false; // will be detected automatically during installation $conf['jailkit']['config_dir'] = '/etc/jailkit'; $conf['jailkit']['jk_init'] = 'jk_init.ini'; $conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini'; -$conf['jailkit']['jailkit_chroot_app_programs'] = '/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico'; -$conf['jailkit']['jailkit_chroot_cron_programs'] = '/usr/bin/php /usr/bin/perl /usr/share/perl /usr/share/php'; +$conf['jailkit']['jailkit_chroot_app_programs'] = '/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/less /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/vim'; //* vlogger -$conf['vlogger']['config_dir'] = '/etc'; +$conf['vlogger']['config_dir'] = '/etc/vlogger'; //* cron -$conf['cron']['init_script'] = 'cron'; +$conf['cron']['init_script'] = 'vixie-cron'; $conf['cron']['crontab_dir'] = '/etc/cron.d'; +$conf['cron']['group'] = 'cron'; $conf['cron']['wget'] = '/usr/bin/wget'; - -?> \ No newline at end of file +?> diff --git a/install/dist/lib/gentoo.lib.php b/install/dist/lib/gentoo.lib.php index cf8e864e6b..08d3494a2e 100644 --- a/install/dist/lib/gentoo.lib.php +++ b/install/dist/lib/gentoo.lib.php @@ -28,9 +28,735 @@ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -class installer extends installer_base { +class installer extends installer_base +{ + public function configure_jailkit() + { + global $conf; + + if (is_dir($conf['jailkit']['config_dir'])) + { + $jkinit_content = $this->get_template_file($conf['jailkit']['jk_init'], true); // get contents + $this->write_config_file($conf['jailkit']['config_dir'] . '/' . $conf['jailkit']['jk_init'], $jkinit_content); + + $jkchroot_content = $this->get_template_file($conf['jailkit']['jk_chrootsh'], true); // get contents + $this->write_config_file($conf['jailkit']['config_dir'] . '/' . $conf['jailkit']['jk_chrootsh'], $jkchroot_content); + } + + $command = "chown root:root /var/www"; + caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + } + + public function configure_postfix($options = '') + { + global $conf; + + $cf = $conf['postfix']; + $config_dir = $cf['config_dir']; + + if(!is_dir($config_dir)){ + $this->error("The postfix configuration directory '$config_dir' does not exist."); + } + + // Install virtual mappings + foreach (glob("tpl/mysql-virtual_*.master") as $filename) { + $this->process_postfix_config( basename($filename, ".master") ); + } + + // Changing mode and group of the new created config files. + caselog('chmod o= '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null', + __FILE__, __LINE__, 'chmod on mysql-virtual_*.cf*', 'chmod on mysql-virtual_*.cf* failed'); + caselog('chgrp '.$cf['group'].' '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null', + __FILE__, __LINE__, 'chgrp on mysql-virtual_*.cf*', 'chgrp on mysql-virtual_*.cf* failed'); + + // Creating virtual mail user and group + $command = 'groupadd -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname']; + if (!is_group($cf['vmail_groupname'])) { + caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + } + $command = 'useradd -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' '.$cf['vmail_username'].' -d '.$cf['vmail_mailbox_base'].' -m'; + if (!is_user($cf['vmail_username'])) { + caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + } + $postconf_commands = array ( + 'myhostname = '.$conf['hostname'], + 'mydestination = '.$conf['hostname'].', localhost, localhost.localdomain', + 'mynetworks = 127.0.0.0/8 [::1]/128', + 'virtual_alias_domains =', + 'virtual_alias_maps = proxy:mysql:'.$config_dir.'/mysql-virtual_forwardings.cf, mysql:'.$config_dir.'/mysql-virtual_email2email.cf', + 'virtual_mailbox_domains = proxy:mysql:'.$config_dir.'/mysql-virtual_domains.cf', + 'virtual_mailbox_maps = proxy:mysql:'.$config_dir.'/mysql-virtual_mailboxes.cf', + 'virtual_mailbox_base = '.$cf['vmail_mailbox_base'], + 'virtual_uid_maps = static:'.$cf['vmail_userid'], + 'virtual_gid_maps = static:'.$cf['vmail_groupid'], + 'smtpd_sasl_auth_enable = yes', + 'broken_sasl_auth_clients = yes', + 'smtpd_sasl_authenticated_header = yes', + 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:'.$config_dir.'/mysql-virtual_recipient.cf, reject_unauth_destination', + 'smtpd_use_tls = yes', + 'smtpd_tls_security_level = may', + 'smtpd_tls_cert_file = '.$config_dir.'/smtpd.cert', + 'smtpd_tls_key_file = '.$config_dir.'/smtpd.key', + 'transport_maps = proxy:mysql:'.$config_dir.'/mysql-virtual_transports.cf', + 'relay_domains = mysql:'.$config_dir.'/mysql-virtual_relaydomains.cf', + 'virtual_create_maildirsize = yes', + 'virtual_maildir_extended = yes', + 'virtual_mailbox_limit_maps = proxy:mysql:'.$config_dir.'/mysql-virtual_mailbox_limit_maps.cf', + 'virtual_mailbox_limit_override = yes', + 'virtual_maildir_limit_message = "The user you are trying to reach is over quota."', + 'virtual_overquota_bounce = yes', + 'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps', + 'smtpd_sender_restrictions = check_sender_access mysql:'.$config_dir.'/mysql-virtual_sender.cf', + 'smtpd_client_restrictions = check_client_access mysql:'.$config_dir.'/mysql-virtual_client.cf', + 'maildrop_destination_concurrency_limit = 1', + 'maildrop_destination_recipient_limit = 1', + 'virtual_transport = maildrop', + 'header_checks = regexp:'.$config_dir.'/header_checks', + 'mime_header_checks = regexp:'.$config_dir.'/mime_header_checks', + 'nested_header_checks = regexp:'.$config_dir.'/nested_header_checks', + 'body_checks = regexp:'.$config_dir.'/body_checks' + ); + + // Create the header and body check files + touch($config_dir.'/header_checks'); + touch($config_dir.'/mime_header_checks'); + touch($config_dir.'/nested_header_checks'); + touch($config_dir.'/body_checks'); + + + // Make a backup copy of the main.cf file + copy($config_dir.'/main.cf', $config_dir.'/main.cf~'); + + // Executing the postconf commands + foreach($postconf_commands as $cmd) { + $command = "postconf -e '$cmd'"; + caselog($command." &> /dev/null", __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command); + } + + // Create the SSL certificate + if (!stristr($options,'dont-create-certs')) + { + $command = 'cd '.$config_dir.'; ' + .'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509'; + exec($command); + + $command = 'chmod o= '.$config_dir.'/smtpd.key'; + caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command); + } + + // We have to change the permissions of the courier authdaemon directory to make it accessible for maildrop. + $command = 'chmod 755 /var/run/courier/authdaemon/'; + caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command); + + // Changing maildrop lines in posfix master.cf + $configfile = $config_dir.'/master.cf'; + $content = rf($configfile); + + $content = preg_replace('/^#?maildrop/m', 'maildrop', $content); + $content = preg_replace('/^#?(\s+)flags=DRhu user=vmail argv=\/usr\/bin\/maildrop -d/m', + '$1flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail \${extension} \${recipient} \${user} \${nexthop} \${sender}', + $content); + + $this->write_config_file($configfile, $content); + + // Writing the Maildrop mailfilter file + $content = rf("tpl/mailfilter.master"); + $content = str_replace('{dist_postfix_vmail_mailbox_base}', $cf['vmail_mailbox_base'], $content); + + $this->write_config_file($cf['vmail_mailbox_base'].'/.mailfilter', $content); + + // Create the directory for the custom mailfilters + if (!is_dir($cf['vmail_mailbox_base'].'/mailfilters')) + { + $command = 'mkdir '.$cf['vmail_mailbox_base'].'/mailfilters'; + caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + } + + // Chmod and chown the .mailfilter file + $command = 'chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base'].'/.mailfilter'; + caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + + $command = 'chmod -R 600 '.$cf['vmail_mailbox_base'].'/.mailfilter'; + caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + + } + + public function configure_saslauthd() + { + global $conf; + + $content = $this->get_template_file('sasl_smtpd.conf', true, true); // get contents & insert db cred + $this->write_config_file($conf['saslauthd']['config_dir'].'/smtpd.conf', $content); + + // Edit the file saslauthd config file + $content = rf($conf["saslauthd"]["config_file"]); + $content = preg_replace('/(?<=\n)SASLAUTHD_OPTS="\$\{SASLAUTHD_OPTS\}[^"]+"/', 'SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -a pam -r -c -s 128 -t 30 -n 5"', $content); + + $this->write_config_file($conf["saslauthd"]["config_file"], $content); + } + + public function configure_courier() + { + global $conf; + + // authmysqlrc + $content = $this->get_template_file('authmysqlrc', true, true); // get contents & insert db cred + $this->write_config_file($conf['courier']['config_dir'].'/authmysqlrc', $content); + + // authdaemonrc + $configfile = $conf['courier']['config_dir'].'/authdaemonrc'; + + $content = rf($configfile); + $content = preg_replace('/(?<=\n)authmodulelist="[^"]+"/', "authmodulelist=\"authmysql\"", $content); + $this->write_config_file($configfile, $content); + + // create certificates + $command = "mkimapdcert"; + caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + + $command = "mkpop3dcert"; + caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + } + + public function configure_spamassassin() + { + return true; + } + + public function configure_getmail() + { + global $conf; + + $config_dir = $conf['getmail']['config_dir']; + + if (!is_dir($config_dir)) { + exec("mkdir -p ".escapeshellcmd($config_dir)); + } + + $command = "useradd -d $config_dir ".$conf['getmail']['user']; + if (!is_user('getmail')) { + caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + } + + $command = "chown -R getmail $config_dir"; + caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + + $command = "chmod -R 700 $config_dir"; + caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + + // Getmail will be run from cron. In order to have access to cron the getmail user needs to be part of the cron group. + $command = "gpasswd -a getmail " . $conf['cron']['group']; + caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + } + + public function configure_amavis() + { + global $conf; + + // Amavisd-new user config file + $conf_file = 'amavisd-ispconfig.conf'; + $conf_path = dirname($conf['amavis']['config_file']) . '/' . $conf_file; + + $content = $this->get_template_file($conf_file, true, true); // get contents & insert db cred + $this->write_config_file($conf_path, $content); + + // Activate config directory in default file + $amavis_conf = rf($conf['amavis']['config_file']); + if (strpos($amavis_conf, $conf_path) === false) + { + $amavis_conf = preg_replace('/(#-------------\n1;)/', + "include_config_files('$conf_path');\n$1", + $amavis_conf); + + $this->write_config_file($conf['amavis']['config_file'], $amavis_conf); + } + + // Adding the amavisd commands to the postfix configuration + $postconf_commands = array ( + 'content_filter = amavis:[127.0.0.1]:10024', + 'receive_override_options = no_address_mappings' + ); + + foreach($postconf_commands as $cmd) { + $command = "postconf -e '$cmd'"; + caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + } + + // Append the configuration for amavisd to the master.cf file + $content = rf($conf["postfix"]["config_dir"].'/master.cf'); + + if(!stristr($content,"127.0.0.1:10025")) // Only add the content if we had not addded it before + { + unset($content); + $content = $this->get_template_file("master_cf_amavis", true); + af($conf["postfix"]["config_dir"].'/master.cf', $content); + } + unset($content); + + // Add the clamav user to the amavis group + exec('usermod -a -G amavis clamav'); + } + + public function configure_pureftpd() + { + global $conf; + + //* configure pure-ftpd for MySQL authentication against the ispconfig database + $content = $this->get_template_file('pureftpd_mysql.conf', true, true); // get contents & insert db cred + $content = str_replace('{server_id}', $conf["server_id"], $content); + + $this->write_config_file($conf['pureftpd']['mysql_config_file'], $content, 600, 'root', 'root'); + + // **enable pure-ftpd and server settings + $content = rf($conf["pureftpd"]["config_file"]); + + $content = preg_replace('/#?IS_CONFIGURED="(?:yes|no)"/', 'IS_CONFIGURED="yes"', $content); + $content = str_replace('AUTH="-l unix"', 'AUTH="-l mysql:'.$conf['pureftpd']['mysql_config_file'].'"', $content); + + // Logging defaults to syslog's ftp facility. Override this behaviour for better compatibility with debian/ubuntu + // and specify the format. + $logdir = '/var/log/pure-ftpd'; + if (!is_dir($logdir)) { + mkdir($logdir, 0755, true); + } + + /* + * @link http://download.pureftpd.org/pub/pure-ftpd/doc/README + * -b brokenclientscompatibility + * -A chrooteveryone + * -E noanonymous + * -O altlog : + * -Z customerproof (Add safe guards against common customer mistakes ie. like chmod 0 on their own files) + */ + $content = preg_replace('/MISC_OTHER="[^"]+"/', 'MISC_OTHER="-b -A -E -Z -O clf:'.$logdir.'/transfer.log"', $content); + + $this->write_config_file($conf["pureftpd"]["config_file"], $content); + } + + public function configure_powerdns() + { + global $conf; + + //* Create the database + if(!$this->db->query('CREATE DATABASE IF NOT EXISTS '.$conf['powerdns']['database'].' DEFAULT CHARACTER SET '.$conf['mysql']['charset'])) { + $this->error('Unable to create MySQL database: '.$conf['powerdns']['database'].'.'); + } + + //* Create the ISPConfig database user in the local database + $query = "GRANT ALL ON `".$conf['powerdns']['database']."` . * TO '".$conf['mysql']['ispconfig_user']."'@'localhost';"; + if(!$this->db->query($query)) { + $this->error('Unable to create user for powerdns database Error: '.$this->db->errorMessage); + } + + //* Reload database privelages + $this->db->query('FLUSH PRIVILEGES;'); + + //* load the powerdns databse dump + if($conf['mysql']['admin_password'] == '') { + caselog("mysql --default-character-set=".$conf['mysql']['charset']." -h '".$conf['mysql']['host']."' -u '".$conf['mysql']['admin_user']."' '".$conf['powerdns']['database']."' < '".ISPC_INSTALL_ROOT."/install/sql/powerdns.sql' &> /dev/null", + __FILE__, __LINE__, 'read in ispconfig3.sql', 'could not read in powerdns.sql'); + } else { + caselog("mysql --default-character-set=".$conf['mysql']['charset']." -h '".$conf['mysql']['host']."' -u '".$conf['mysql']['admin_user']."' -p'".$conf['mysql']['admin_password']."' '".$conf['powerdns']['database']."' < '".ISPC_INSTALL_ROOT."/install/sql/powerdns.sql' &> /dev/null", + __FILE__, __LINE__, 'read in ispconfig3.sql', 'could not read in powerdns.sql'); + } + + //* Create the powerdns config file + $content = $this->get_template_file('pdns.local', true, true); // get contents & insert db cred + $content = str_replace('{powerdns_database}', $conf['powerdns']['database'], $content); + + $this->write_config_file($conf["powerdns"]["config_dir"].'/'.$conf["powerdns"]["config_file"], $content, 600, 'root', 'root'); + + // Create symlink to init script to start the correct config file + if( !is_link($conf['init_scripts'].'/'.$conf['powerdns']['init_script']) ) { + symlink($conf['init_scripts'].'/pdns', $conf['init_scripts'].'/'.$conf['powerdns']['init_script']); + } + } + + public function configure_apache() + { + global $conf; + + // Create the logging directory for the vhost logfiles + if (!is_dir('/var/log/ispconfig/httpd')) { + mkdir('/var/log/ispconfig/httpd', 0755, true); + } + + if (is_file($conf['suphp']['config_file'])) + { + $content = rf($conf['suphp']['config_file']); + + $content = preg_replace('/;Handler for php-scripts/',";Handler for php-scripts\nx-httpd-suphp=php:/usr/bin/php-cgi", $content); + $content = preg_replace('/;?umask=\d+/','umask=0022', $content); + + $this->write_config_file($conf['suphp']['config_file'], $content); + } + + // Enable ISPConfig default vhost settings + $default_vhost_path = $conf['apache']['vhost_conf_dir'].'/'.$conf['apache']['vhost_default']; + if (is_file($default_vhost_path)) + { + $content = rf($default_vhost_path); + + $content = preg_replace('/^#?\s*NameVirtualHost.*$/m', 'NameVirtualHost *:80', $content); + $content = preg_replace('/]+>/', '', $content); + + $this->write_config_file($default_vhost_path, $content); + } + + // Generate default ssl certificates + if (!is_dir($conf['apache']['ssl_dir'])) { + mkdir($conf['apache']['ssl_dir']); + } + + if ($conf['services']['mail'] == true) + { + copy($conf['postfix']['config_dir']."/smtpd.key", $conf['apache']['ssl_dir']."/server.key"); + copy($conf['postfix']['config_dir']."/smtpd.cert", $conf['apache']['ssl_dir']."/server.crt"); + } + else + { + if (!is_file($conf['apache']['ssl_dir'] . '/server.crt')) { + exec("openssl req -new -outform PEM -out {$conf['apache']['ssl_dir']}/server.crt -newkey rsa:2048 -nodes -keyout {$conf['apache']['ssl_dir']}/server.key -keyform PEM -days 365 -x509"); + } + } + + + + // Copy the ISPConfig configuration include + $content = $this->get_template_file('apache_ispconfig.conf', true); + + $records = $this->db->queryAllRecords("SELECT * FROM server_ip WHERE server_id = ".$conf["server_id"]." AND virtualhost = 'y'"); + if(is_array($records) && count($records) > 0) + { + foreach($records as $rec) { + $content .= "NameVirtualHost ".$rec["ip_address"].":80\n"; + $content .= "NameVirtualHost ".$rec["ip_address"].":443\n"; + } + } + + $this->write_config_file($conf['apache']['vhost_conf_dir'].'/000-ispconfig.conf', $content); + + // Gentoo by default does not include .vhost files. Add include line to config file. + $content = rf($conf['apache']['config_file']); + if ( strpos($content, 'Include /etc/apache2/vhosts.d/*.vhost') === false ) { + $content = preg_replace('|(Include /etc/apache2/vhosts.d/\*.conf)|',"$1\nInclude /etc/apache2/vhosts.d/*.vhost", $content); + } + + $this->write_config_file($conf['apache']['config_file'], $content); + + // make sure that webalizer finds its config file when it is directly in /etc + if(is_file('/etc/webalizer.conf') && !is_dir('/etc/webalizer')) + { + mkdir('/etc/webalizer', 0755); + symlink('/etc/webalizer.conf', '/etc/webalizer/webalizer.conf'); + } + + if(is_file('/etc/webalizer/webalizer.conf')) // Change webalizer mode to incremental + { + replaceLine('/etc/webalizer/webalizer.conf','#IncrementalName','IncrementalName webalizer.current',0,0); + replaceLine('/etc/webalizer/webalizer.conf','#Incremental','Incremental yes',0,0); + replaceLine('/etc/webalizer/webalizer.conf','#HistoryName','HistoryName webalizer.hist',0,0); + } + + // add a sshusers group + if (!is_group('sshusers')) + { + $command = 'groupadd sshusers'; + caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + } + } + + public function configure_apps_vhost() + { + global $conf; + + //* Create the ispconfig apps vhost user and group + + $apps_vhost_user = $conf['web']['apps_vhost_user']; + $apps_vhost_group = $conf['web']['apps_vhost_group']; + $install_dir = $conf['web']['website_basedir'].'/apps'; + + $command = 'groupadd '.$apps_vhost_user; + if ( !is_group($apps_vhost_group) ) { + caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + } + + $command = "useradd -g '$apps_vhost_group' -d $install_dir $apps_vhost_group"; + if ( !is_user($apps_vhost_user) ) { + caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + } + + $command = 'adduser '.$conf['apache']['user'].' '.$apps_vhost_group; + caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + + exec('mkdir -p '.escapeshellcmd($conf['web']['website_basedir'].'/apps')); + + //* Copy the apps vhost file + $vhost_conf_dir = $conf['apache']['vhost_conf_dir']; + $vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir']; + $apps_vhost_servername = ($conf['web']['apps_vhost_servername'] == '') ? '' : 'ServerName '.$conf['web']['apps_vhost_servername']; + + // Dont just copy over the virtualhost template but add some custom settings + $content = $this->get_template_file('apache_apps.vhost', true); + + $content = str_replace('{apps_vhost_ip}', $conf['web']['apps_vhost_ip'], $content); + $content = str_replace('{apps_vhost_port}', $conf['web']['apps_vhost_port'], $content); + $content = str_replace('{apps_vhost_dir}', $conf['web']['website_basedir'].'/apps', $content); + $content = str_replace('{website_basedir}', $conf['web']['website_basedir'], $content); + $content = str_replace('{apps_vhost_servername}', $apps_vhost_servername, $content); + + // comment out the listen directive if port is 80 or 443 + if($conf['web']['apps_vhost_ip'] == 80 or $conf['web']['apps_vhost_ip'] == 443) { + $content = str_replace('{vhost_port_listen}', '#', $content); + } else { + $content = str_replace('{vhost_port_listen}', '', $content); + } + + $this->write_config_file("$vhost_conf_dir/apps.vhost", $content); + + if ( !is_file($conf['web']['website_basedir'].'/php-fcgi-scripts/apps/.php-fcgi-starter') ) + { + exec('mkdir -p '.$conf['web']['website_basedir'].'/php-fcgi-scripts/apps'); + exec('cp tpl/apache_apps_fcgi_starter.master '.$conf['web']['website_basedir'].'/php-fcgi-scripts/apps/.php-fcgi-starter'); + exec('chmod +x '.$conf['web']['website_basedir'].'/php-fcgi-scripts/apps/.php-fcgi-starter'); + exec('chown -R ispapps:ispapps '.$conf['web']['website_basedir'].'/php-fcgi-scripts/apps'); + + } + } + + public function install_ispconfig() + { + global $conf; + + $install_dir = $conf['ispconfig_install_dir']; + + // Create the ISPConfig installation directory + if(!is_dir($install_dir)) + { + $command = "mkdir $install_dir"; + caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + } + + // Create a ISPConfig user and group + if (!is_group('ispconfig')) + { + $command = 'groupadd ispconfig'; + caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + } + + if (!is_user('ispconfig')) + { + $command = "useradd -g ispconfig -d $install_dir ispconfig"; + caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + } + + // copy the ISPConfig interface part + $command = "cp -rf ../interface $install_dir"; + caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + + // copy the ISPConfig server part + $command = "cp -rf ../server $install_dir"; + caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + + + // Create the config file for ISPConfig interface + $configfile = 'config.inc.php'; + $content = $this->get_template_file($configfile, true, true); // get contents & insert db cred + + $content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content); + $content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content); + $content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content); + $content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content); + + $content = str_replace('{server_id}', $conf['server_id'], $content); + $content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content); + $content = str_replace('{language}', $conf['language'], $content); + + $this->write_config_file("$install_dir/interface/lib/$configfile", $content); + + // Create the config file for ISPConfig server + $this->write_config_file("$install_dir/server/lib/$configfile", $content); + + // Enable the server modules and plugins. + // TODO: Implement a selector which modules and plugins shall be enabled. + $dir = $install_dir.'/server/mods-available/'; + if (is_dir($dir)) { + if ($dh = opendir($dir)) { + while (($file = readdir($dh)) !== false) { + if($file != '.' && $file != '..' && substr($file,-8,8) == '.inc.php') { + include_once($install_dir.'/server/mods-available/'.$file); + $module_name = substr($file,0,-8); + $tmp = new $module_name; + if($tmp->onInstall()) { + if(!@is_link($install_dir.'/server/mods-enabled/'.$file)) @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-enabled/'.$file); + if (strpos($file, '_core_module') !== false) { + if(!@is_link($install_dir.'/server/mods-core/'.$file)) @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-core/'.$file); + } + } + unset($tmp); + } + } + closedir($dh); + } + } + + $dir = $install_dir.'/server/plugins-available/'; + if (is_dir($dir)) { + if ($dh = opendir($dir)) { + while (($file = readdir($dh)) !== false) { + if($file != '.' && $file != '..' && substr($file,-8,8) == '.inc.php') { + include_once($install_dir.'/server/plugins-available/'.$file); + $plugin_name = substr($file,0,-8); + $tmp = new $plugin_name; + if(method_exists($tmp,'onInstall') && $tmp->onInstall()) { + if(!@is_link($install_dir.'/server/plugins-enabled/'.$file)) @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-enabled/'.$file); + if (strpos($file, '_core_plugin') !== false) { + if(!@is_link($install_dir.'/server/plugins-core/'.$file)) @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-core/'.$file); + } + } + unset($tmp); + } + } + closedir($dh); + } + } + + // Update the server config + $mail_server_enabled = ($conf['services']['mail'])?1:0; + $web_server_enabled = ($conf['services']['web'])?1:0; + $dns_server_enabled = ($conf['services']['dns'])?1:0; + $file_server_enabled = ($conf['services']['file'])?1:0; + $db_server_enabled = ($conf['services']['db'])?1:0; + $vserver_server_enabled = ($conf['services']['vserver'])?1:0; + + $sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled' WHERE server_id = ".intval($conf['server_id']); + + if($conf['mysql']['master_slave_setup'] == 'y') { + $this->dbmaster->query($sql); + $this->db->query($sql); + } else { + $this->db->query($sql); + } + + // Chmod the files + $command = "chmod -R 750 $install_dir"; + caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + + // chown the files to the ispconfig user and group + $command = "chown -R ispconfig:ispconfig $install_dir"; + caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + + // Make the global language file directory group writable + exec("chmod -R 770 $install_dir/interface/lib/lang"); + + // Make the temp directory for language file exports writable + exec("chmod -R 770 $install_dir/interface/web/temp"); + + // Make all interface language file directories group writable + $handle = @opendir($install_dir.'/interface/web'); + while ($file = @readdir ($handle)) { + if ($file != '.' && $file != '..') { + if(@is_dir($install_dir.'/interface/web'.'/'.$file.'/lib/lang')) { + $handle2 = opendir($install_dir.'/interface/web'.'/'.$file.'/lib/lang'); + chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang',0770); + while ($lang_file = @readdir ($handle2)) { + if ($lang_file != '.' && $lang_file != '..') { + chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang/'.$lang_file,0770); + } + } + } + } + } + + // make sure that the server config file (not the interface one) is only readable by the root user + exec("chmod 600 $install_dir/server/lib/$configfile"); + exec("chown root:root $install_dir/server/lib/$configfile"); + if (is_file("$install_dir/server/lib/mysql_clientdb.conf")) { + exec("chmod 600 $install_dir/server/lib/mysql_clientdb.conf"); + exec("chown root:root $install_dir/server/lib/mysql_clientdb.conf"); + } + + // TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing + // and must be fixed as this will allow the apache user to read the ispconfig files. + // Later this must run as own apache server or via suexec! + $command = 'usermod -a -G ispconfig '.$conf['apache']['user']; + caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + + // Make the shell scripts executable + $command = "chmod +x $install_dir/server/scripts/*.sh"; + caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); + + // Copy the ISPConfig vhost for the controlpanel + $content = $this->get_template_file("apache_ispconfig.vhost", true); + $content = str_replace('{vhost_port}', $conf['apache']['vhost_port'], $content); + + // comment out the listen directive if port is 80 or 443 + if ($conf['apache']['vhost_port'] == 80 or $conf['apache']['vhost_port'] == 443) { + $content = str_replace('{vhost_port_listen}', '#', $content); + } else { + $content = str_replace('{vhost_port_listen}', '', $content); + } + + $vhost_path = $conf['apache']['vhost_conf_dir'].'/ispconfig.vhost'; + $this->write_config_file($vhost_path, $content); + + if (!is_file('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter')) + { + mkdir('/var/www/php-fcgi-scripts/ispconfig', 0755, true); + copy('tpl/apache_ispconfig_fcgi_starter.master', '/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter'); + chmod('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', 0755); + symlink('/usr/local/ispconfig/interface/web', '/var/www/ispconfig'); + exec('chown -R ispconfig:ispconfig /var/www/php-fcgi-scripts/ispconfig'); + } + + // Install the update script + if (is_file('/usr/local/bin/ispconfig_update_from_svn.sh')) { + unlink('/usr/local/bin/ispconfig_update_from_svn.sh'); + } + + chown('/usr/local/ispconfig/server/scripts/update_from_svn.sh', 'root'); + chmod('/usr/local/ispconfig/server/scripts/update_from_svn.sh', 0700); + chown('/usr/local/ispconfig/server/scripts/update_from_tgz.sh', 'root'); + chmod('/usr/local/ispconfig/server/scripts/update_from_tgz.sh', 0700); + chown('/usr/local/ispconfig/server/scripts/ispconfig_update.sh', 'root'); + chmod('/usr/local/ispconfig/server/scripts/ispconfig_update.sh', 0700); + + if (!is_link('/usr/local/bin/ispconfig_update_from_svn.sh')) { + symlink('/usr/local/ispconfig/server/scripts/ispconfig_update.sh', '/usr/local/bin/ispconfig_update_from_svn.sh'); + } + + if (!is_link('/usr/local/bin/ispconfig_update.sh')) { + symlink('/usr/local/ispconfig/server/scripts/ispconfig_update.sh', '/usr/local/bin/ispconfig_update.sh'); + } + + // Make the logs readable for the ispconfig user + if (is_file('/var/log/maillog')) { + exec('chmod +r /var/log/maillog'); + } + if (is_file('/var/log/messages')) { + exec('chmod +r /var/log/messages'); + } + if (is_file('/var/log/clamav/clamav.log')) { + exec('chmod +r /var/log/clamav/clamav.log'); + } + if (is_file('/var/log/clamav/freshclam.log')) { + exec('chmod +r /var/log/clamav/freshclam.log'); + } + + // Create the ispconfig log directory + if (!is_dir('/var/log/ispconfig')) { + mkdir('/var/log/ispconfig'); + } + if (!is_file('/var/log/ispconfig/ispconfig.log')) { + exec('touch /var/log/ispconfig/ispconfig.log'); + } + + exec('mv /usr/local/ispconfig/server/scripts/run-getmail.sh /usr/local/bin/run-getmail.sh'); + exec('chown getmail /usr/local/bin/run-getmail.sh'); + exec('chmod 744 /usr/local/bin/run-getmail.sh'); + } } ?> \ No newline at end of file diff --git a/install/dist/tpl/gentoo/amavisd-ispconfig.conf.master b/install/dist/tpl/gentoo/amavisd-ispconfig.conf.master new file mode 100644 index 0000000000..d67c60aa2d --- /dev/null +++ b/install/dist/tpl/gentoo/amavisd-ispconfig.conf.master @@ -0,0 +1,98 @@ +use strict; + +# +# Place your configuration directives here. They will override those in +# earlier files. +# +# See /usr/share/doc/amavisd-new/ for documentation and examples of +# the directives you can use in this file +# + +@av_scanners = ( + +### http://www.clamav.net/ + ['ClamAV-clamd', + \&ask_daemon, ["SCAN {}\n", "/var/run/clamav/clamd.sock"], + qr/\bOK$/, qr/\bFOUND$/, + qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], +); + +@av_scanners_backup = ( + +### http://www.clamav.net/ - backs up clamd or Mail::ClamAV +['ClamAV-clamscan', 'clamscan', + "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1], + qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], + +); + +@bypass_virus_checks_maps = ( + \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); + +@bypass_spam_checks_maps = ( + \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); + +# +# Database connection settings +# + +@lookup_sql_dsn = + ( ['DBI:mysql:database={mysql_server_database};host={mysql_server_ip};port={mysql_server_port}', '{mysql_server_ispconfig_user}', '{mysql_server_ispconfig_password}'] ); + +# @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database +#$sql_select_policy = 'SELECT "Y" as local FROM mail_domain WHERE CONCAT("@",domain) IN (%k)'; +# $banned_files_quarantine_method = 'sql'; +# $spam_quarantine_method = 'sql'; + +# +# SQL Select statements +# + +$sql_select_policy = + 'SELECT *,spamfilter_users.id'. + ' FROM spamfilter_users LEFT JOIN spamfilter_policy ON spamfilter_users.policy_id=spamfilter_policy.id'. + ' WHERE spamfilter_users.email IN (%k) ORDER BY spamfilter_users.priority DESC'; + + +$sql_select_white_black_list = 'SELECT wb FROM spamfilter_wblist'. + ' WHERE (spamfilter_wblist.rid=?) AND (spamfilter_wblist.email IN (%k))' . + ' ORDER BY spamfilter_wblist.priority DESC'; + +# +# Quarantine settings +# + +$final_virus_destiny = D_BOUNCE; +$final_spam_destiny = D_DISCARD; +$final_banned_destiny = D_BOUNCE; +$final_bad_header_destiny = D_PASS; + +# Default settings, we st this very high to not filter aut emails accidently +$sa_spam_subject_tag = '***SPAM*** '; +$sa_tag_level_deflt = 20.0; # add spam info headers if at, or above that level +$sa_tag2_level_deflt = 60.0; # add 'spam detected' headers at that level +$sa_kill_level_deflt = 60.0; # triggers spam evasive actions +$sa_dsn_cutoff_level = 100; # spam level beyond which a DSN is not sent + +# +# Disable spam and virus notifications for the admin user. +# Can be overridden by the policies in mysql +# + +$virus_admin = undef; +$spam_admin = undef; + + +# +# Enable Logging +# + +$DO_SYSLOG = 1; +$LOGFILE = "/var/log/amavis.log"; # (defaults to empty, no log) + +# Set the log_level to 5 for debugging +$log_level = 0; # (defaults to 0) + + +#------------ Do not modify anything below this line ------------- +1; # insure a defined return diff --git a/install/dist/tpl/gentoo/apache_ispconfig.conf.master b/install/dist/tpl/gentoo/apache_ispconfig.conf.master new file mode 100644 index 0000000000..78dc555856 --- /dev/null +++ b/install/dist/tpl/gentoo/apache_ispconfig.conf.master @@ -0,0 +1,16 @@ + + +################################################ +# ISPConfig Logfile configuration for vlogger +################################################ + +LogFormat "%v %h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig +CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m%d-access.log\" -d \"/etc/vlogger/vlogger-dbi.conf\" /var/log/ispconfig/httpd" combined_ispconfig + + + AllowOverride None + Order Deny,Allow + Deny from all + + + diff --git a/install/dist/tpl/gentoo/jk_init.ini.master b/install/dist/tpl/gentoo/jk_init.ini.master new file mode 100644 index 0000000000..a2ff3a1951 --- /dev/null +++ b/install/dist/tpl/gentoo/jk_init.ini.master @@ -0,0 +1,154 @@ +[ldconfig] +executables = /sbin/ldconfig +regularfiles = /etc/ld.so.conf + +[uidbasics] +comment = common files for all jails that need user/group information +libraries = /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss*.so.2, /lib64/libnss*.so.2 +regularfiles = /etc/nsswitch.conf +includesections = ldconfig + +[netbasics] +comment = common files for all jails that need any internet connectivity +libraries = /lib/libnss_dns.so.2, /lib64/libnss_dns.so.2 +regularfiles = /etc/resolv.conf, /etc/host.conf, /etc/hosts, /etc/protocols + +[logbasics] +comment = timezone information +regularfiles = /etc/localtime +need_logsocket = 1 + +[jk_lsh] +comment = Jailkit limited shell +executables = /usr/sbin/jk_lsh +regularfiles = /etc/jailkit/jk_lsh.ini +users = root +groups = root +need_logsocket = 1 +includesections = uidbasics + +[limitedshell] +comment = alias for jk_lsh +includesections = jk_lsh + +[cvs] +comment = Concurrent Versions System +executables = /usr/bin/cvs +devices = /dev/null + +[git] +comment = Fast Version Control System +executables = /usr/bin/git* +directories = /usr/share/git-core +includesections = editors + +[scp] +comment = ssh secure copy +executables = /usr/bin/scp +includesections = netbasics, uidbasics +devices = /dev/urandom + +[sftp] +comment = ssh secure ftp +executables = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server, /usr/libexec/sftp-server +includesections = netbasics, uidbasics +devices = /dev/urandom, /dev/null + +[ssh] +comment = ssh secure shell +executables = /usr/bin/ssh +includesections = netbasics, uidbasics +devices = /dev/urandom, /dev/tty + +[rsync] +executables = /usr/bin/rsync +includesections = netbasics, uidbasics + +[procmail] +comment = procmail mail delivery +executables = /usr/bin/procmail, /bin/sh +devices = /dev/null + +[basicshell] +comment = bash based shell with several basic utilities +executables = /bin/sh, /bin/bash, /bin/ls, /bin/cat, /bin/chmod, /bin/mkdir, /bin/cp, /bin/cpio, /bin/date, /bin/dd, /bin/echo, /bin/egrep, /bin/false, /bin/fgrep, /bin/grep, /bin/gunzip, /bin/gzip, /bin/ln, /bin/ls, /bin/mkdir, /bin/mktemp, /bin/more, /bin/mv, /bin/pwd, /bin/rm, /bin/rmdir, /bin/sed, /bin/sh, /bin/sleep, /bin/sync, /bin/tar, /bin/touch, /bin/true, /bin/uncompress, /bin/zcat +regularfiles = /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile +#directories = +users = root +groups = root +includesections = uidbasics + +[midnightcommander] +comment = Midnight Commander +executables = /usr/bin/mc, /usr/bin/mcedit, /usr/bin/mcview +directories = /etc/terminfo, /usr/share/terminfo, /usr/share/mc +includesections = basicshell + +[extendedshell] +comment = bash shell including things like awk, bzip, tail, less +executables = /usr/bin/awk, /bin/bzip2, /bin/bunzip2, /usr/bin/ldd, /usr/bin/less, /usr/bin/clear, /usr/bin/cut, /usr/bin/du, /usr/bin/find, /usr/bin/head, /usr/bin/md5sum, /usr/bin/nice, /usr/bin/sort, /usr/bin/tac, /usr/bin/tail, /usr/bin/tr, /usr/bin/wc, /usr/bin/watch, /usb/bin/whoami +includesections = basicshell, midnightcommander, editors + +[editors] +comment = joe and nano +executables = /usr/bin/joe, /usr/bin/nano, /usr/bin/vi, /usr/bin/vim +regularfiles = /etc/vimrc +directories = /etc/joe, /etc/terminfo, /usr/share/vim, /usr/share/terminfo, /usr/lib/terminfo + +[netutils] +comment = several internet utilities like wget, ftp, rsync, scp, ssh +executables = /usr/bin/wget, /usr/bin/lynx, /usr/bin/ftp, /usr/bin/host, /usr/bin/rsync, /usr/bin/smbclient +includesections = netbasics, ssh, sftp, scp + +[apacheutils] +comment = htpasswd utility +executables = /usr/bin/htpasswd + +[extshellplusnet] +comment = alias for extendedshell + netutils + apacheutils +includesections = extendedshell, netutils, apacheutils + +[openvpn] +comment = jail for the openvpn daemon +executables = /usr/sbin/openvpn +users = root,nobody +groups = root,nogroup +includesections = netbasics +devices = /dev/urandom, /dev/random, /dev/net/tun +includesections = netbasics, uidbasics +need_logsocket = 1 + +[apache] +comment = the apache webserver, very basic setup, probably too limited for you +executables = /usr/sbin/apache2 +users = root, apache +groups = root, apache +includesections = netbasics, uidbasics + +[perl] +comment = the perl interpreter and libraries +executables = /usr/bin/perl +directories = /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5 + +[xauth] +comment = getting X authentication to work +executables = /usr/bin/X11/xauth +regularfiles = /usr/X11R6/lib/X11/rgb.txt, /etc/ld.so.conf + +[xclients] +comment = minimal files for X clients +regularfiles = /usr/X11R6/lib/X11/rgb.txt +includesections = xauth + +[vncserver] +comment = the VNC server program +executables = /usr/bin/Xvnc, /usr/bin/Xrealvnc +directories = /usr/X11R6/lib/X11/fonts/ +includesections = xclients + + +#[xterm] +#comment = xterm +#executables = /usr/bin/X11/xterm +#directories = /usr/share/terminfo, /etc/terminfo +#devices = /dev/pts/0, /dev/pts/1, /dev/pts/2, /dev/pts/3, /dev/pts/4, /dev/ptyb4, /dev/ptya4, /dev/tty, /dev/tty0, /dev/tty4 diff --git a/install/install.php b/install/install.php index 5c19b54bfb..2e8606b3f6 100644 --- a/install/install.php +++ b/install/install.php @@ -55,7 +55,9 @@ require_once('lib/installer_base.lib.php'); //** Ensure that current working directory is install directory $cur_dir = getcwd(); -if(realpath(dirname(__FILE__)) != $cur_dir) die("Please run installation/update from _inside_ the install directory!\n"); +if(realpath(dirname(__FILE__)) != $cur_dir) { + chdir( realpath(dirname(__FILE__)) ); +} //** Install logfile define('ISPC_LOG_FILE', '/var/log/ispconfig_install.log'); diff --git a/install/lib/install.lib.php b/install/lib/install.lib.php index d27ff11914..889821cc56 100644 --- a/install/lib/install.lib.php +++ b/install/lib/install.lib.php @@ -159,7 +159,19 @@ function get_distname() { $distbaseid = 'fedora'; swriteln("Operating System: Redhat or compatible, unknown version.\n"); } - + } + + //** Gentoo + elseif(file_exists("/etc/gentoo-release")) { + + $content = file_get_contents('/etc/gentoo-release'); + + preg_match_all('/([0-9]{1,2})/', $content, $version); + $distname = 'Gentoo'; + $distver = $version[0][0].$version[0][1]; + $distid = 'gentoo'; + $distbaseid = 'gentoo'; + swriteln("Operating System: Gentoo $distver or compatible\n"); } else { die('unrecognized linux distribution'); diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index f671db1129..7f5046bd97 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -737,7 +737,7 @@ class installer_base { $config_dir = $conf['pureftpd']['config_dir']; - //* configure pam for SMTP authentication agains the ispconfig database + //* configure pure-ftpd for MySQL authentication against the ispconfig database $configfile = 'db/mysql.conf'; if(is_file("$config_dir/$configfile")){ copy("$config_dir/$configfile", "$config_dir/$configfile~"); @@ -903,7 +903,7 @@ class installer_base { if(is_dir("/etc/Bastille.backup")) caselog("rm -rf /etc/Bastille.backup", __FILE__, __LINE__); if(is_dir("/etc/Bastille")) caselog("mv -f /etc/Bastille /etc/Bastille.backup", __FILE__, __LINE__); - @mkdir("/etc/Bastille", octdec($directory_mode)); + @mkdir("/etc/Bastille", 0700); if(is_dir("/etc/Bastille.backup/firewall.d")) caselog("cp -pfr /etc/Bastille.backup/firewall.d /etc/Bastille/", __FILE__, __LINE__); caselog("cp -f tpl/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__); caselog("chmod 644 /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__); @@ -1383,6 +1383,119 @@ class installer_base { } + /** + * Helper function - get the path to a template file based on + * the local part of the filename. Checks first for the existence + * of a distribution specific file and if not found looks in the + * base template folder. Optionally the behaviour can be changed + * by setting the 2nd parameter which will fetch the contents + * of the template file and return it instead of the path. The 3rd + * parameter further extends this behaviour by filtering the contents + * by inserting the ispconfig database credentials using the {} placeholders. + * + * @param string $tLocal local part of filename + * @param bool $tRf + * @param bool $tDBCred + * @return string Relative path to the chosen template file + */ + protected function get_template_file($tLocal, $tRf=false, $tDBCred=false) + { + global $conf, $dist; + + $final_path = ''; + $dist_template = 'dist/tpl/'.strtolower($dist['name'])."/$tLocal.master"; + if (file_exists($dist_template)) { + $final_path = $dist_template; + } else { + $final_path = "tpl/$tLocal.master"; + } + + if (!$tRf) { + return $final_path; + } else { + return (!$tDBCred) ? rf($final_path) : $this->insert_db_credentials(rf($final_path)); + } + } + + /** + * Helper function - writes the contents to a config file + * and performs a backup if the file exist. Additionally + * if the file exists the new file will be given the + * same rights and ownership as the original. Optionally the + * rights and/or ownership can be overriden by appending umask, + * user and group to the parameters. Providing only uid and gid + * values will result in only a chown. + * + * @param $tConf + * @param $tContents + * @return bool + */ + protected function write_config_file($tConf, $tContents) + { + // Backup config file before writing new contents and stat file + if ( is_file($tConf) ) + { + $stat = exec('stat -c \'%a %U %G\' '.escapeshellarg($tConf), $output, $res); + if ($res == 0) { // stat successfull + list($access, $user, $group) = split(" ", $stat); + } + + if ( copy($tConf, $tConf.'~') ) { + exec('chmod 400 '.$tConf.'~'); + } + } + + wf($tConf, $tContents); // write file + + if (func_num_args() >= 4) // override rights and/or ownership + { + $args = func_get_args(); + $output = array_slice($args, 2); + + switch (sizeof($output)) { + case 3: + $umask = array_shift($output); + if (is_numeric($umask) && preg_match('/^0?[0-7]{3}$/', $umask)) { + $access = $umask; + } + case 2: + if (is_user($output[0]) && is_group($output[1])) { + list($user,$group) = $output; + } + break; + } + } + + if (!empty($user) && !empty($group)) { + exec("chown $user:$group $tConf"); + } + + if (!empty($access)) { + exec("chmod $access $tConf"); + } + } + + /** + * Helper function - filter the contents of a config + * file by inserting the common ispconfig database + * credentials. + * + * @param $tContents + * @return string + */ + protected function insert_db_credentials($tContents) + { + global $conf; + + $tContents = str_replace('{mysql_server_ispconfig_user}', $conf["mysql"]["ispconfig_user"], $tContents); + $tContents = str_replace('{mysql_server_ispconfig_password}', $conf["mysql"]["ispconfig_password"], $tContents); + $tContents = str_replace('{mysql_server_database}', $conf["mysql"]["database"], $tContents); + $tContents = str_replace('{mysql_server_ip}', $conf["mysql"]["ip"], $tContents); + $tContents = str_replace('{mysql_server_host}',$conf['mysql']['host'], $tContents); + $tContents = str_replace('{mysql_server_port}',$conf["mysql"]["port"], $tContents); + + return $tContents; + } } ?> \ No newline at end of file -- GitLab