docs/INSTALL.txt

+
+The installation instructions for ISPConfig can be found here:
+
+https://www.ispconfig.org/page/en/documentation.html
+
+

docs/Remote_API_docs.txt

+
+
+The remote API documentation is in the remoting_client/API-docs subfolder.

docs/autoinstall_samples/autoinstall.conf_sample.php

+<?php
+$autoinstall['language'] = 'en'; // de, en (default)
+$autoinstall['install_mode'] = 'standard'; // standard (default), expert
+
+$autoinstall['hostname'] = 'server1.example.com'; // default
+$autoinstall['mysql_hostname'] = 'localhost'; // default: localhost
+$autoinstall['mysql_port'] = '3306'; // default: 3306
+$autoinstall['mysql_root_user'] = 'root'; // default: root
+$autoinstall['mysql_root_password'] = 'howtoforge';
+$autoinstall['mysql_database'] = 'dbispconfig'; // default: dbispcongig
+$autoinstall['mysql_charset'] = 'utf8'; // default: utf8
+$autoinstall['http_server'] = 'nginx'; // apache (default), nginx
+$autoinstall['ispconfig_port'] = '8080'; // default: 8080
+$autoinstall['ispconfig_use_ssl'] = 'y'; // y (default), n
+$autoinstall['ispconfig_admin_password'] = 'admin'; // default: admin
+$autoinstall['create_ssl_server_certs'] = 'y';
+$autoinstall['ignore_hostname_dns'] = 'n';
+$autoinstall['ispconfig_postfix_ssl_symlink'] = 'y';
+$autoinstall['ispconfig_pureftpd_ssl_symlink'] = 'y';
+
+/* SSL Settings */
+$autoinstall['ssl_cert_country'] = 'AU';
+$autoinstall['ssl_cert_state'] = 'Some-State';
+$autoinstall['ssl_cert_locality'] = 'Chicago';
+$autoinstall['ssl_cert_organisation'] = 'Internet Widgits Pty Ltd';
+$autoinstall['ssl_cert_organisation_unit'] = 'IT department';
+$autoinstall['ssl_cert_common_name'] = $autoinstall['hostname'];
+$autoinstall['ssl_cert_email'] = 'hostmaster@'.$autoinstall['hostname'];
+
+/* optional expert mode settings, needed only for expert mode */
+$autoinstall['mysql_ispconfig_user'] = 'ispconfig'; // default: ispconfig
+$autoinstall['mysql_ispconfig_password'] = bin2hex(random_bytes(20));
+$autoinstall['join_multiserver_setup'] = 'n'; // y, n (default)
+$autoinstall['mysql_master_hostname'] = 'master.example.com';
+$autoinstall['mysql_master_root_user'] = 'root';
+$autoinstall['mysql_master_root_password'] = 'howtoforge';
+$autoinstall['mysql_master_database'] = 'dbispconfig'; // default: dbispconfig
+$autoinstall['configure_mail'] = 'y'; // y (default), n
+$autoinstall['configure_jailkit'] = 'y'; // y (default), n
+$autoinstall['configure_ftp'] = 'y'; // y (default), n
+$autoinstall['configure_dns'] = 'y'; // y (default), n
+$autoinstall['configure_apache'] = 'y'; // y (default), n
+$autoinstall['configure_nginx'] = 'y'; // y (default), n
+$autoinstall['configure_firewall'] = 'y'; // y (default), n
+$autoinstall['install_ispconfig_web_interface'] = 'y'; // y (default), n
+
+/* optional update settings, needed only for updates */
+$autoupdate['do_backup'] = 'yes'; // yes (default), no
+$autoupdate['mysql_root_password'] = 'howtoforge';
+$autoupdate['mysql_master_hostname'] = 'master.example.com';
+$autoupdate['mysql_master_root_user'] = 'root';
+$autoupdate['mysql_master_root_password'] = 'howtoforge';
+$autoupdate['mysql_master_database'] = 'dbispconfig'; // default: dbispconfig
+$autoupdate['reconfigure_permissions_in_master_database'] = 'no'; // no (default), yes
+$autoupdate['reconfigure_services'] = 'yes'; // yes (default), no
+$autoupdate['ispconfig_port'] = '8080'; // default: 8080
+$autoupdate['create_new_ispconfig_ssl_cert'] = 'no'; // no (default), yes
+$autoupdate['reconfigure_crontab'] = 'yes'; // yes (default), no
+$autoupdate['create_ssl_server_certs'] = 'y';
+$autoupdate['ignore_hostname_dns'] = 'n';
+$autoupdate['ispconfig_postfix_ssl_symlink'] = 'y';
+$autoupdate['ispconfig_pureftpd_ssl_symlink'] = 'y';
+
+/* These are for service-detection (defaulting to old behaviour where all changes were automatically accepted) */
+$autoupdate['svc_detect_change_mail_server'] = 'yes'; // yes (default), no
+$autoupdate['svc_detect_change_web_server'] = 'yes'; // yes (default), no
+$autoupdate['svc_detect_change_dns_server'] = 'yes'; // yes (default), no
+$autoupdate['svc_detect_change_xmpp_server'] = 'yes'; // yes (default), no
+$autoupdate['svc_detect_change_firewall_server'] = 'yes'; // yes (default), no
+$autoupdate['svc_detect_change_vserver_server'] = 'yes'; // yes (default), no
+$autoupdate['svc_detect_change_db_server'] = 'yes'; // yes (default), no
+
+?>

docs/autoinstall_samples/autoinstall.ini.sample

+[install]
+language=en
+install_mode=standard
+hostname=server1.example.com
+mysql_hostname=localhost
+mysql_port=3306
+mysql_root_user=root
+mysql_root_password=ispconfig
+mysql_database=dbispconfig
+mysql_charset=utf8
+http_server=apache
+ispconfig_port=8080
+ispconfig_use_ssl=y
+ispconfig_admin_password=admin
+create_ssl_server_certs=y
+ignore_hostname_dns=n
+ispconfig_postfix_ssl_symlink=y
+ispconfig_pureftpd_ssl_symlink=y
+
+[ssl_cert]
+ssl_cert_country=AU
+ssl_cert_state=Some-State
+ssl_cert_locality=Chicago
+ssl_cert_organisation=Internet Widgits Pty Ltd
+ssl_cert_organisation_unit=IT department
+ssl_cert_common_name=server1.example.com
+ssl_cert_email=hostmaster@example.com
+
+[expert]
+mysql_ispconfig_user=ispconfig
+mysql_ispconfig_password=afStEratXBsgatRtsa42CadwhQ
+join_multiserver_setup=n
+mysql_master_hostname=master.example.com
+mysql_master_root_user=root
+mysql_master_root_password=ispconfig
+mysql_master_database=dbispconfig
+configure_mail=y
+configure_jailkit=y
+configure_ftp=y
+configure_dns=y
+configure_apache=y
+configure_nginx=y
+configure_firewall=y
+install_ispconfig_web_interface=y
+
+[update]
+do_backup=yes
+mysql_root_password=ispconfig
+mysql_master_hostname=master.example.com
+mysql_master_root_user=root
+mysql_master_root_password=ispconfig
+mysql_master_database=dbispconfig
+reconfigure_permissions_in_master_database=no
+reconfigure_services=yes
+ispconfig_port=8080
+create_new_ispconfig_ssl_cert=no
+reconfigure_crontab=yes
+create_ssl_server_certs=y
+ignore_hostname_dns=n
+ispconfig_postfix_ssl_symlink=y
+ispconfig_pureftpd_ssl_symlink=y
+
+; These are for service-detection (defaulting to old behaviour where all changes were automatically accepted)
+svc_detect_change_mail_server=yes
+svc_detect_change_web_server=yes
+svc_detect_change_dns_server=yes
+svc_detect_change_xmpp_server=yes
+svc_detect_change_firewall_server=yes
+svc_detect_change_vserver_server=yes
+svc_detect_change_db_server=yes

docs/examples/blacklist_helo.master

+# blacklist_helo - after permit_sasl, used to stop common spammers/misconfigurations
+#
+# This file can be used to block hostnames used in smtp HELO command which are known bad.
+# Occasionally you will run into legitimate mail servers which are misconfigured and end
+# up blocked here, so this is not enabled by default, but it is useful if you are prepared
+# to address those cases.  .local is particularly problematic, and commented out by default.
+#
+# Note that any server hitting this check is misconfigured, all of the names below are bogus
+# and not allowed per RFC 2821.
+#
+# If your own users are blocked by this, they are not authenticating to your server when
+# sending (this check is after permit_sasl, which permits authenticated senders).
+#
+# Instructions:
+#
+# Copy this file to /usr/local/ispconfig/server/conf-custom/install/blacklist_helo.master,
+# as well as /etc/postfix/blacklist_helo, so your changes are not overwritten with ispconfig
+# updates.
+
+# probably just put REJECT lines in here,
+# as OK lines will bypass a lot of other checks you may want done
+# (use DUNNO instead of OK)
+#
+
+# common for spammers (check https://data.iana.org/TLD/tlds-alpha-by-domain.txt and remove valid tld's occasionally)
+/.*\.administrator$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.admin$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.adsl$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.arpa$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.bac$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.coma$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dhcp$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dlink$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dns$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.domain$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dynamic$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dyndns\.org$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dyn$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.firewall$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.gateway$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.home$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.internal$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.intern$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.janak$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.kornet$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.lab$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.lan$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.localdomain$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.localhost$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+
+# .local is used by spammers a lot, but too many otherwise legit servers hit it
+# (instead of REJECT, should send to greylisting)
+#/.*\.local$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+
+/.*\.loc$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.lokal$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.mail$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.nat$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.netzwerk$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.pc$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.privat$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.private$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.router$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.setup$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+
+/.*\.119$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.beeline$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.cici$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.gt_3g$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.gt-3g$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.hananet$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.skbroadband$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.tbroad$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+

docs/old_server_plugins/bind_dlz_plugin.inc.php

+<?php
+
+/*
+Copyright (c) 2009, Falko Timme, Till Brehm, projektfarm Gmbh
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/*
+TABLE STRUCTURE of the "named" database:
+
+CREATE TABLE IF NOT EXISTS `records` (
+  `id` int(10) unsigned NOT NULL auto_increment,
+  `zone` varchar(255) NOT NULL,
+  `ttl` int(11) NOT NULL default '3600',
+  `type` varchar(255) NOT NULL,
+  `host` varchar(255) NOT NULL default '@',
+  `mx_priority` int(11) default NULL,
+  `data` text,
+  `primary_ns` varchar(255) default NULL,
+  `resp_contact` varchar(255) default NULL,
+  `serial` bigint(20) default NULL,
+  `refresh` int(11) default NULL,
+  `retry` int(11) default NULL,
+  `expire` int(11) default NULL,
+  `minimum` int(11) default NULL,
+  `ispconfig_id` int(11) NOT NULL,
+  PRIMARY KEY  (`id`),
+  KEY `type` (`type`),
+  KEY `host` (`host`),
+  KEY `zone` (`zone`)
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8;
+
+CREATE TABLE IF NOT EXISTS `xfr` (
+  `id` int(11) NOT NULL auto_increment,
+  `zone` varchar(255) NOT NULL,
+  `client` varchar(255) NOT NULL,
+  `ispconfig_id` int(11) NOT NULL,
+  PRIMARY KEY  (`id`),
+  KEY `zone` (`zone`),
+  KEY `client` (`client`)
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8;
+
+*/
+
+class bind_dlz_plugin {
+
+	var $plugin_name = 'bind_dlz_plugin';
+	var $class_name  = 'bind_dlz_plugin';
+
+	//* This function is called during ispconfig installation to determine
+	//  if a symlink shall be created for this plugin.
+	function onInstall()
+	{
+		global $conf;
+
+		if(isset($conf['bind']['installed']) && $conf['bind']['installed'] == true) {
+			// Temporarily disabled until the installer supports the automatic creation of the necessary
+			// database or at least to select between filebased nd db based bind, as not all bind versions
+			// support dlz out of the box. To enable this plugin manually, create a symlink from the plugins-enabled
+			// directory to this file in the plugins-available directory.
+			return false;
+			//return true;
+		} else {
+			return false;
+		}
+
+	}
+
+	/*
+	 	This function is called when the plugin is loaded
+	*/
+
+	function onLoad()
+	{
+		global $app;
+
+		/*
+		Register for the events
+		*/
+
+		//* SOA
+		$app->plugins->registerEvent('dns_soa_insert', $this->plugin_name, 'soa_insert');
+		$app->plugins->registerEvent('dns_soa_update', $this->plugin_name, 'soa_update');
+		$app->plugins->registerEvent('dns_soa_delete', $this->plugin_name, 'soa_delete');
+
+		//* RR
+		$app->plugins->registerEvent('dns_rr_insert', $this->plugin_name, 'rr_insert');
+		$app->plugins->registerEvent('dns_rr_update', $this->plugin_name, 'rr_update');
+		$app->plugins->registerEvent('dns_rr_delete', $this->plugin_name, 'rr_delete');
+	}
+
+
+	function soa_insert($event_name, $data)
+	{
+		global $app, $conf;
+
+		if($data["new"]["active"] != 'Y') return;
+
+		$origin = substr($data["new"]["origin"], 0, -1);
+		$ispconfig_id = $data["new"]["id"];
+		$serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $ispconfig_id);
+
+		$ttl = $data["new"]["ttl"];
+
+		//$_db = clone $app->db;
+		//$_db->dbName = 'named';
+
+		$app->db->query("INSERT INTO named.records (zone, ttl, type, primary_ns, resp_contact, serial, refresh, retry, expire, minimum, ispconfig_id) VALUES ".
+			"(?, ?, 'SOA', ?, ?, ?, ?, ?, ?, ?, ?)", $origin, $ttl, $data["new"]["ns"], $data["new"]["mbox"], $serial["serial"], $serial["refresh"], $serial["retry"], $serial["expire"], $serial["minimum"], $ispconfig_id);
+		//unset($_db);
+	}
+
+	function soa_update($event_name, $data)
+	{
+		global $app, $conf;
+
+		if($data["new"]["active"] != 'Y')
+		{
+			if($data["old"]["active"] != 'Y') return;
+			$this->soa_delete($event_name, $data);
+		}
+		else
+		{
+			if($data["old"]["active"] == 'Y')
+			{
+				$origin = substr($data["new"]["origin"], 0, -1);
+				$ispconfig_id = $data["new"]["id"];
+				$serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $ispconfig_id);
+
+				$ttl = $data["new"]["ttl"];
+
+				//$_db = clone $app->db;
+				//$_db->dbName = 'named';
+
+				$app->db->query("UPDATE named.records SET zone = ?, ttl = ?, primary_ns = ?, resp_contact = ?, serial = ?, refresh = ?, retry = ?, expire = ?, minimum = ? WHERE ispconfig_id = ? AND type = 'SOA'", $origin, $ttl, $data["new"]["ns"], $data["new"]["mbox"], $serial["serial"], $serial["refresh"], $serial["retry"], $serial["expire"], $serial["minimum"], $data["new"]["id"]);
+				//unset($_db);
+			}
+			else
+			{
+				$this->soa_insert($event_name, $data);
+				$ispconfig_id = $data["new"]["id"];
+
+				if ($records = $app->db->queryAllRecords("SELECT * FROM dns_rr WHERE zone = ? AND active = 'Y'", $ispconfig_id))
+				{
+					foreach($records as $record)
+					{
+						foreach ($record as $key => $val) {
+							$data["new"][$key] = $val;
+						}
+						$this->rr_insert("dns_rr_insert", $data);
+					}
+				}
+			}
+		}
+
+	}
+
+	function soa_delete($event_name, $data)
+	{
+		global $app, $conf;
+
+		//$_db = clone $app->db;
+		//$_db->dbName = 'named';
+
+		$app->db->query( "DELETE FROM named.dns_records WHERE zone = ?", substr($data['old']['origin'], 0, -1));
+		//unset($_db);
+	}
+
+	function rr_insert($event_name, $data)
+	{
+		global $app, $conf;
+		if($data["new"]["active"] != 'Y') return;
+
+		$zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data["new"]["zone"]);
+		$origin = substr($zone["origin"], 0, -1);
+		$ispconfig_id = $data["new"]["id"];
+
+		$type = $data["new"]["type"];
+
+		if (substr($data["new"]["name"], -1) == '.') {
+			$name = substr($data["new"]["name"], 0, -1);
+		} else {
+			$name = ($data["new"]["name"] == "") ? $name = '@' : $data["new"]["name"];
+		}
+
+		if ($name == $origin || $name == '') {
+			$name = '@';
+		}
+
+		switch ($type)
+		{
+		case "CNAME":
+		case "MX":
+		case "NS":
+		case "ALIAS":
+		case "PTR":
+		case "SRV":
+			if(substr($data["new"]["data"], -1) != '.'){
+				$content = $data["new"]["data"] . '.';
+			} else {
+				$content = $data["new"]["data"];
+			}
+			break;
+		case "HINFO":
+			$content = $data["new"]["data"];
+			$quote1 = strpos($content, '"');
+
+			if($quote1 !== FALSE) {
+				$quote2 = strpos(substr($content, ($quote1 + 1)), '"');
+			}
+
+			if ($quote1 !== FALSE && $quote2 !== FALSE) {
+				$text_between_quotes = str_replace(' ', '_', substr($content, ($quote1 + 1), (($quote2 - $quote1))));
+				$content = $text_between_quotes.substr($content, ($quote2 + 2));
+			}
+			break;
+		default:
+			$content = $data["new"]["data"];
+		}
+
+		$ttl = $data["new"]["ttl"];
+
+		//$_db = clone $app->db;
+		//$_db->dbName = 'named';
+
+		if ($type == 'MX') {
+			$app->db->query("INSERT INTO named.records (zone, ttl, type, host, mx_priority, data, ispconfig_id)".
+				" VALUES (?, ?, ?, ?, ?, ?, ?)", $origin, $ttl, $type, $name, $data["new"]["aux"], $content, $ispconfig_id);
+		} elseif ($type == 'SRV') {
+			$app->db->query("INSERT INTO named.records (zone, ttl, type, data, ispconfig_id)".
+				" VALUES (?, ?, ?, ?, ?)", $origin, $ttl, $type, $data["new"]["aux"] . ' ' . $content, $ispconfig_id);
+		} else {
+			$app->db->query("INSERT INTO named.records (zone, ttl, type, host, data, ispconfig_id)".
+				" VALUES (?, ?, ?, ?, ?, ?)", $origin, $ttl, $type, $name, $content, $ispconfig_id);
+		}
+
+		//unset($_db);
+	}
+
+	function rr_update($event_name, $data)
+	{
+		global $app, $conf;
+
+		if ($data["new"]["active"] != 'Y')
+		{
+			if($data["old"]["active"] != 'Y') return;
+			$this->rr_delete($event_name, $data);
+		}
+		else
+		{
+			if ($data["old"]["active"] == 'Y')
+			{
+				$zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data["new"]["zone"]);
+				$origin = substr($zone["origin"], 0, -1);
+				$ispconfig_id = $data["new"]["id"];
+
+				$type = $data["new"]["type"];
+
+				if (substr($data["new"]["name"], -1) == '.') {
+					$name = substr($data["new"]["name"], 0, -1);
+				} else {
+					$name = ($data["new"]["name"] == "") ? $name = '@' : $data["new"]["name"];
+				}
+
+				if ($name == $origin || $name == '') {
+					$name = '@';
+				}
+
+				switch ($type)
+				{
+				case "CNAME":
+				case "MX":
+				case "NS":
+				case "ALIAS":
+				case "PTR":
+				case "SRV":
+					if(substr($data["new"]["data"], -1) != '.'){
+						$content = $data["new"]["data"] . '.';
+					} else {
+						$content = $data["new"]["data"];
+					}
+					break;
+				case "HINFO":
+					$content = $data["new"]["data"];
+					$quote1 = strpos($content, '"');
+					if($quote1 !== FALSE){
+						$quote2 = strpos(substr($content, ($quote1 + 1)), '"');
+					}
+					if($quote1 !== FALSE && $quote2 !== FALSE){
+						$text_between_quotes = str_replace(' ', '_', substr($content, ($quote1 + 1), (($quote2 - $quote1))));
+						$content = $text_between_quotes.substr($content, ($quote2 + 2));
+					}
+					break;
+				default:
+					$content = $data["new"]["data"];
+				}
+
+				$ttl = $data["new"]["ttl"];
+				$prio = (int)$data["new"]["aux"];
+
+				//$_db = clone $app->db;
+				//$_db->dbName = 'named';
+
+				if ($type == 'MX') {
+					$app->db->query("UPDATE named.records SET zone = ?, ttl = ?, type = ?, host = ?, mx_priority = ?, data = ? WHERE ispconfig_id = ? AND type != 'SOA'", $origin, $ttl, $type, $name, $prio, $content, $ispconfig_id);
+				} elseif ($type == 'SRV') {
+					$app->db->query("UPDATE named.records SET zone = ?, ttl = ?, type = ?, data = ? WHERE ispconfig_id = ? AND type != 'SOA'", $origin, $ttl, $type, $prio . ' ' . $content, $ispconfig_id);
+				} else {
+					$app->db->query("UPDATE named.records SET zone = ?, ttl = ?, type = ?, host = ?, data = ? WHERE ispconfig_id = ? AND type != 'SOA'", $origin, $ttl, $type, $name, $content, $ispconfig_id);
+				}
+
+				//unset($_db);
+			} else {
+				$this->rr_insert($event_name, $data);
+			}
+		}
+	}
+
+	function rr_delete($event_name, $data) {
+		global $app, $conf;
+
+		//$_db = clone $app->db;
+		//$_db->dbName = 'named';
+
+		$app->db->query( "DELETE FROM named.dns_records WHERE type != 'SOA' AND zone = ?", substr($data['old']['origin'], 0, -1));
+		//unset($_db);
+	}
+
+} // end class
+?>

docs/under_development/CHROOTED_DEBIAN_5.0.txt

+#!/bin/sh
+#
+# rev 0.6
+#
+# dxr@brutalsec.net
+#    01-09-2009
+#
+# We can create a script for configure chroot environment but,
+# YOU MUST UNDERSTAND HOW TO WORK IT for can solve possible 
+# problems in the future.
+# 
+# Every service has its own chroot environment:
+# BIND -> chroot
+# Apache -> chroot
+# Dovecot -> chroot
+# Pureftpd -> Apache's chroot
+# 
+# Only apache and php packages aren't installed in real system,
+# only in chroot environment with symbolic links from real system.
+# 
+# PLEASE, CONFIGURE CHROOT ENVIROMENT IF SECURITY IS REALLY 
+# IMPORTANT FOR YOU AND YOU KNOWN HOW TO WORK IT!
+#
+
+exit 1
+
+1. BACKUP before changing anything on the system
+2. Create partitions
+3. Remove possible Apache or PHP installations on real system
+4. Prepare Chroot environment
+5. Linking Webserver aplication from real system
+6. mini_sendmail
+7. Test services
+8. Howto install ispconfig3
+9. Migration
+
+
+1. BACKUP before changing anything on the system 
+# If is not a new installation, then
+
+BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP
+BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP
+BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP
+BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP
+
+
+2. Create partitions
+
+/var/www/ Chroot partition (ext3)
+/var/www/html/ Chroot system
+/var/www/html/var/log/apache2 Log partition (ext3)
+/var/www/html/var/www/html Webs partition (xfs)
+/var/www/html/tmp Temporal dir (tmpfs, options: )
+
+/dev/lvm_foobar1/chroot_lv      -> /var/www/ (ext3)
+/dev/lvm_foobar2/apachelogs_lv  -> /var/www/html/var/log/apache2 (ext3)
+/dev/lvm_foobar3/hosting_lv     -> /var/www/html/var/www/html (xfs)
+
+mount /dev/lvm_foobar1/chroot_lv /var/www/
+mkdir -p /var/www/html/var/log/apache2 /var/www/html/var/www/html
+mount /dev/lvm_foobar2/apachelogs_lv /var/www/html/var/log/apache2
+mount /dev/lvm_foobar3/hosting_lv /var/www/html/var/www/html
+
+
+3. Remove possible Apache or PHP installations on real system
+# We never wont install apache or php in non-chroot system, if we have installed, we only have do a backup of configurations, uninstall, and check every symbolic link
+dpkg -l|egrep --color -i 'apache|php'
+
+
+4. Prepare Chroot environment
+
+# Install packages in real system
+apt-get install debootstrap libpcre3 libaprutil1 libxml2 mime-support patch make gcc mysql-server subversion ssh openssh-server ntp ntpdate vim libdbd-mysql libdbi-perl dnsutils
+# The non webserver will install outside of chroot
+apt-get install postfix postfix-mysql postfix-doc mysql-client openssl getmail4 rkhunter amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl pure-ftpd-common pure-ftpd-mysql quota quotatool
+# If you will use courier:
+apt-get install courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql courier-maildrop
+# If you will use dovecot:
+#apt-get install dovecot-imapd dovecot-pop3d
+# If you will use BIND:
+apt-get install bind9 bind9utils
+
+#
+# If we want execute php from real system (crontabs for example) we need install php dependencies in real system:
+# libgd2-xpm libt1-5 libmagick10 libc-client2007b libmcrypt4
+# cat /var/log/ispconfig/cron.log
+# ldd /usr/lib/php5/20060613/mcrypt.so
+#
+
+time debootstrap --arch=amd64 lenny /var/www/html/ ftp://ftp.fr.debian.org/debian/
+
+echo "/proc         /var/www/html/proc               proc           defaults        0       0">>/etc/fstab
+echo "devpts      /var/www/html/dev/pts            devpts         defaults        0       0">>/etc/fstab
+
+mount -a
+
+# We must create sshusers group
+echo "@sshusers       -       chroot  /var/www/html/">>/etc/security/limits.conf
+
+chroot /var/www/html apt-get update
+chroot /var/www/html apt-get install fakeroot --force-yes -y
+chroot /var/www/html apt-get install locales
+chroot /var/www/html dpkg-reconfigure locales
+
+mv /usr/lib/apache2 /usr/lib/apache2_old
+mv /var/log/apache2 /var/log/apache2_old
+mv /var/lock/apache2 /var/lock/apache2_old
+mv /var/lib/apache2 /var/lib/apache2_old
+mv /usr/lib/php5 /usr/lib/php5_old
+mv /etc/apache2 /etc/apache2_old
+mv /etc/suphp /etc/suphp_old
+
+chroot /var/www/html apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby libapache2-mod-chroot php-apc libtimedate-perl
+
+chroot /var/www/html /etc/init.d/apache2 stop
+
+chroot /var/www/html a2enmod mod_chroot
+chroot /var/www/html a2enmod suexec
+echo "ChrootDir /var/www/html" > /var/www/html/etc/apache2/conf.d/mod_chroot.conf
+sed -i -e 's#DocumentRoot /var/www/#DocumentRoot /var/www/html/#' /var/www/html/etc/apache2/sites-enabled/000-default
+sed -i -e 's#x-httpd-php=php:/usr/bin/php-cgi#x-httpd-php=php:/usr/bin/php-cgi\nx-httpd-suphp=php:/usr/bin/php-cgi\nx-httpd-php=php:/usr/bin/php-cgi#' /var/www/html/etc/suphp/suphp.conf
+sed -i -e 's#/var/run/apache2.pid#/var/run/apache2/apache2.pid#' /var/www/html/etc/apache2/envvars
+sed -i -e 's/^"syntax on/syntax on/' /etc/vim/vimrc
+sed -i -e 's/^"syntax on/syntax on/' /var/www/html/etc/vim/vimrc
+
+# Protect apache configuration. ONLY root can read it
+chown root:root /var/www/html/etc/apache2/ && chmod 700 /var/www/html/etc/apache2/
+chmod 711 /var/www/html/etc/php5/
+
+
+5. # Is good idea to add Nagios alarm for check every symbolic link is correct.
+ln -s /var/www/html/etc/apache2 /etc/apache2
+ln -s /var/www/html/etc/suphp /etc/suphp
+ln -s /var/www/html/var/run/apache2 /var/run/apache2
+ln -s /var/www/html/var/run/apache2.pid /var/run/apache2.pid
+ln -s /var/www/html/usr/sbin/apache2ctl /usr/sbin/apache2ctl
+ln -s /var/www/html/usr/sbin/apache2 /usr/sbin/apache2
+ln -s /var/www/html/usr/lib/apache2 /usr/lib/apache2
+ln -s /var/www/html/usr/sbin/a2enmod /usr/sbin/a2enmod
+ln -s /var/www/html/usr/sbin/a2dismod /usr/sbin/a2dismod
+ln -s /var/www/html/usr/sbin/a2ensite /usr/sbin/a2ensite
+ln -s /var/www/html/usr/sbin/a2dissite /usr/sbin/a2dissite
+ln -s /var/www/html/var/log/apache2 /var/log/apache2
+ln -s /var/www/html/var/lock/apache2 /var/lock/apache2
+ln -s /var/www/html/var/lib/apache2 /var/lib/apache2
+ln -s /var/www/html/usr/lib/php5 /usr/lib/php5
+ln -s /var/www/html/etc/init.d/apache2 /etc/init.d/apache2
+# Neccessary for to install ispconfig3 from real system:
+ln -s /var/www/html/usr/bin/php5 /usr/bin/php5
+ln -s /var/www/html/etc/alternatives/php /etc/alternatives/php
+ln -s /var/www/html/usr/bin/php /usr/bin/php
+ln -s /var/www/html/etc/php5 /etc/php5
+
+6. # Install mini_sendmail for chroot
+# We can use mini_sendmail for delivery emails directy in remote servers, but i prefer to control it in central mailserver for check spammers and limit it.
+
+cd /tmp/
+wget http://acme.com/software/mini_sendmail/mini_sendmail-1.3.6.tar.gz
+tar xzf mini_sendmail-1.3.6.tar.gz
+wget http://users1.leipzig.freifunk.net/%7Efirmware-build/brcm_2_4_Broadcom_default/build/openwrt_packages/mail/mini_sendmail/patches/200-fullname.patch
+patch -p0 < 200-fullname.patch
+cd mini_sendmail-1.3.6
+make
+# 2e555b2573c3ea65a467a5960f0b51f6  mini_sendmail
+mv /var/www/html/usr/lib/sendmail /var/www/html/usr/lib/sendmail_old
+mv /var/www/html/usr/sbin/sendmail /var/www/html/usr/sbin/sendmail_old
+cp mini_sendmail /var/www/html/usr/sbin/mini_sendmail
+cd /var/www/html/usr/lib/ && ln -s ../sbin/mini_sendmail sendmail
+cd /var/www/html/usr/sbin && ln -s mini_sendmail sendmail
+
+# ./mini_sendmail -h
+# usage:  ./mini_sendmail [-f<name>] [-t] [-s<server>] [-p<port>] [-T<timeout>] [-v] [address ...]
+
+#add to php.ini (/var/www/html/etc/php5/apache2/php.ini /var/www2/etc/php5/cli/php.ini /var/www2/etc/php5/cgi/php.ini line :672)
+# sendmail_path = /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1
+
+sed -i -e 's#^;sendmail_path =$#sendmail_path = /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1#' /var/www/html/etc/php5/apache2/php.ini /var/www/html/etc/php5/cli/php.ini /var/www/html/etc/php5/cgi/php.ini
+
+
+7. 
+# Test
+apache2ctl restart
+
+# php -i|grep --color sendmail
+#sendmail_from => no value => no value
+#sendmail_path => /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1 => /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1
+#Path to sendmail => /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1
+
+# Sould be good idea check /var/www/html/usr/lib/sendmail /var/www/html/usr/sbin/sendmail and /var/www/html/usr/sbin/mini_sendmail with nagios alarm ;)
+
+
+8. Install ispconfig ........
+
+cd /tmp/
+svn co svn://svn.ispconfig.org/ispconfig3 svn.ispconfig.org
+
+mv /usr/local/ispconfig /var/www/html/usr/local/
+ln -s /var/www/html/usr/local/ispconfig /usr/local/ispconfig
+mv /var/www/apps /var/www/html/var/www/
+mv /var/www/php-fcgi-scripts /var/www/html/var/www/
+mv /var/www/ispconfig /var/www/html/var/www/
+ln -s /var/www/html//var/www/ispconfig /var/www/ispconfig
+ln -s /var/www/html/var/www/php-fcgi-scripts /var/www/php-fcgi-scripts
+ln -s /var/www/html/var/www/apps /var/www/apps
+# After copy, we must clean unnecessary users and groups
+cp -r /etc/{passwd,group,apt} /var/www/html/etc/
+apache2ctl stop
+apache2ctl start
+
+
+### Migration to other server ###
+Really easy:
+
+Do step 1
+
+And after do a simple rsync:
+
+screen
+time rsync -a --progress root@host1:/var/www/ /var/www/
+
+# Install some apache's dependencies
+apt-get install debootstrap libpcre3 libaprutil1 libxml2 mime-support
+
+Do step 5
+Do step 6
+

helper_scripts/cert_check.sh

+#!/bin/bash
+
+chkdata() {
+	F=$1
+	CRT=$2
+	KEY=$3
+	if [[ "$CRT" != "" && "$KEY" != "" ]] ; then
+		if [[ ! -f "$CRT" ]] ; then
+			echo "[WARN] CERTIFICATE FILE ${CRT} MISSING FOR ${F}" ;
+		else 
+			echo -n "Checking ${CRT}" ;
+			CHK=$(openssl x509 -in "${CRT}" -text -noout >/dev/null 2>&1 ; echo $?);
+			if [[ $CHK -ne 0 ]] ; then
+				echo " FAILED!" ;
+			else
+				echo " OK" ;
+			fi
+		fi
+		if [[ ! -f "$KEY" ]] ; then
+			echo "[WARN] KEY FILE ${KEY} MISSING FOR ${F}" ;
+		else
+			echo -n "Checking ${KEY}" ;
+			CHK=$(openssl rsa -in "${KEY}" -check -noout >/dev/null 2>&1 ; echo $?);
+			if [[ $CHK -ne 0 ]] ; then
+				echo " FAILED!" ;
+			else
+				echo " OK" ;
+			fi
+		fi
+	
+		if [[ -f "$CRT" && -f "$KEY" ]] ; then
+			echo -n "Checking that key and certificate match";
+			MDCRT=$(openssl x509 -noout -modulus -in "${CRT}" | openssl md5) ;
+			MDKEY=$(openssl rsa -noout -modulus -in "${KEY}" | openssl md5) ;
+			if [[ "$MDCRT" != "$MDKEY" ]] ; then
+				echo " FAILED!" ;
+			else
+				echo " OK" ;
+			fi
+		fi
+		echo "---" ;
+	elif [[ "$CRT" != ""  || "$KEY" != "" ]] ; then
+		echo "[WARN] Check SSL config of ${F}";
+		echo "---" ;
+	fi
+}
+
+if [[ -d /etc/apache2/sites-enabled ]] ; then
+	echo "Checking enabled apache vhosts" ;
+	for FIL in /etc/apache2/sites-enabled/* ; do
+		CRT=$(grep 'SSLCertificateFile' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
+		KEY=$(grep 'SSLCertificateKeyFile' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
+		chkdata "$FIL" "$CRT" "$KEY" ;
+	done
+fi
+
+if [[ -d /etc/nginx/sites-enabled ]] ; then
+	echo "Checking enabled nginx vhosts" ;
+	for FIL in /etc/nginx/sites-enabled/* ; do
+		CRT=$(grep 'ssl_certificate' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
+		CRT=${CRT%;}
+		KEY=$(grep 'ssl_certificate_key' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
+		KEY=${KEY%;}
+		chkdata "$FIL" "$CRT" "$KEY" ;
+	done
+fi
\ No newline at end of file