Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • ispconfig/ispconfig3
  • RealOpty/ispconfig3
  • Horfic/ispconfig3
  • kingcody/ispconfig3
  • mbethke/ispconfig3
  • harkman/ispconfig3
  • stefanheinen/ispconfig3
  • JanKraljic/ispconfig3
  • pulsweb/ispconfig3
  • kayyy/ispconfig3
  • mwacht/ispconfig3
  • schuetzm/ispconfig3
  • gbg/ispconfig3
  • jproxx/ispconfig3
  • Nilpo/ispconfig3
  • Cambra/ispconfig3
  • crackerizer/ispconfig3
  • simonswine/ispconfig3
  • zbuzanic/ispconfig3
  • alexalouit/ispconfig3
  • guilhermefilippo/ispconfig3
  • kotishe/ispconfig3
  • Rescue9/ispconfig3
  • DmitriyLyalyuev/ispconfig3
  • simon.levesque/ispconfig3
  • Viktor/ispconfig3
  • Dr4c0/ispconfig3
  • stefanmcds-mnt/ispconfig3
  • Konflikted/ispconfig3
  • Schoene/ispconfig3
  • stefan.eertwegh/ispconfig3
  • Quest/ispconfig3
  • bst2002/ispconfig3
  • jphustman/ispconfig3
  • lepirlouit/ispconfig3
  • lolo888/ispconfig3
  • Quetzal/ispconfig3
  • kolorafa/ispconfig3
  • jdsn/ispconfig3
  • mk/ispconfig3
  • jnorell/ispconfig3
  • madalin/ispconfig3
  • edspiner/ispconfig3
  • blu3bird/ispconfig3
  • ITManager/ispconfig3
  • virtualweb/ispconfig3
  • dirkd/ispconfig3
  • jcdirks/ispconfig3
  • bvbmedia/ispconfig3
  • CSoellinger/ispconfig3
  • lutacon/ispconfig3
  • armsby/ispconfig3
  • psantos/ispconfig3
  • pkdevbox_y/ispconfig3
  • tlanger/ispconfig3
  • Krauser/ispconfig3
  • ochorocho/ispconfig3
  • aisfrond/ispconfig3
  • ldrrp/ispconfig3
  • steglicd/ispconfig3
  • darkalex/ispconfig3
  • b.dokimakis/ispconfig3
  • MarioSteinitz/ispconfig3
  • bweston/ispconfig3
  • bob/ispconfig3
  • HHGAG/ispconfig3
  • ark74/ispconfig3
  • fuerni/ispconfig3
  • hexblot/ispconfig3
  • maxxer/ispconfig3
  • JustDevZero/ispconfig3
  • habeggerl/ispconfig3
  • phpexpert/ispconfig3
  • Questler/ispconfig3
  • JanThiel/ispconfig3
  • joni_1993/ispconfig3
  • MePha/ispconfig3
  • flies/ispconfig3
  • macjohnny/ispconfig3
  • csegarra/ispconfig3
  • Tibius/ispconfig3
  • wairuru/ispconfig3
  • pdreissen/ispconfig3
  • mgiworx/ispconfig3
  • michielp/ispconfig3
  • ZarToK/ispconfig3
  • x-f/ispconfig3
  • tomlankhorst/ispconfig3
  • olivier.br/ispconfig3
  • hajti/ispconfig3
  • JaviSabalete/ispconfig3
  • dharman/ispconfig3
  • Martin-enavn/ispconfig3
  • Fr3k4Life/ispconfig3
  • Caldeira/ispconfig3
  • enavn/ispconfig3
  • cybernet2u/ispconfig3
  • Denny/ispconfig3
  • jbbr/ispconfig3
  • kakohari/ispconfig3
  • almere/ispconfig3
  • Kyokata/ispconfig3
  • burn/ispconfig3
  • feldsam/ispconfig3
  • woutervddn/ispconfig3
  • tm/ispconfig3
  • blount/ispconfig3
  • pravdomil/ispconfig3
  • manyk/ispconfig3
  • Poppabear/ispconfig3
  • t1st3/ispconfig3
  • scrat14/ispconfig3
  • ncomputers.org/ispconfig3
  • wlisik/ispconfig3
  • CupOfTea696/ispconfig3
  • ogmelch/ispconfig3
  • techwolf12/ispconfig3
  • timo.boldt/ispconfig3
  • DemoFreak/ispconfig3
  • EndelWar/ispconfig3
  • maanus/ispconfig3
  • ms217/ispconfig3
  • luisvivasb/ispconfig3
  • Ismir/ispconfig3
  • truongld/ispconfig3
  • nhutphan/ispconfig3
  • ram/ispconfig3
  • josemorenoasix/ispconfig3
  • onestepp/ispconfig3
  • gguglielmetti/ispconfig3
  • andre/ispconfig3
  • omig/ispconfig3
  • liane/ispconfig3
  • PVasileff/ispconfig3
  • mattanja/ispconfig3
  • dnl-jst/ispconfig3
  • jkalousek/ispconfig3
  • lgg42/ispconfig3
  • ispcomm/ispconfig3
  • moglgasy/ispconfig3
  • natanfelles/ispconfig3
  • cristiandeluxe/ispconfig3
  • pete/ispconfig3
  • Sosha/ispconfig3
  • shr3k/ispconfig3
  • niceit/ispconfig3
  • dani/ispconfig3
  • Ongaro/ispconfig3
  • Djidel/ispconfig3
  • andre.ballensiefen/ispconfig3
  • qroac/ispconfig3
  • magenbrot/ispconfig3
  • doekia/ispconfig3
  • edersonmora/ispconfig3
  • zucha.imz/ispconfig3
  • ckc/ispconfig3
  • Sroka/ispconfig3
  • batgau/ispconfig3
  • isp/ispconfig3
  • oboumati/ispconfig3
  • mscholz/ispconfig3
  • katiak/ispconfig3
  • jamiroph/ispconfig3
  • buhlerax/ispconfig3
  • johan/ispconfig3
  • KordianBruck/ispconfig3
  • trs997/ispconfig3
  • Funclineal/ispconfig3
  • xals/ispconfig3
  • sververda/ispconfig3
  • presure/ispconfig3
  • vojtech.myslivec/ispconfig3
  • helmo/ispconfig3
  • brody/ispconfig3
  • GameO7er/ispconfig3
  • webslice/ispconfig3
  • ufoonline/ispconfig3
  • alwin/ispconfig3
  • t.heller/ispconfig3
  • philipp/ispconfig3
  • andrzejs/ispconfig3
  • pixcept/ispconfig3
  • tgmedia/ispconfig3
  • Nardol/ispconfig3
  • m42e/ispconfig3
  • condless/ispconfig3
  • alesak/ispconfig3
  • MasonChase/ispconfig3
  • brt/ispconfig3
  • Rusek/ispconfig3
  • credz/ispconfig3
  • fiftyz/ispconfig3
  • dciancu/ispconfig3
  • thom/ispconfig3
  • florian030/ispconfig3
  • Mixasik/ispconfig3
  • SimonSparks/ispconfig3
  • eurodomenii/ispconfig3
  • vitex/ispconfig3
  • mitho/ispconfig3
  • CaptainStarbuck/ispconfig3
  • renky/ispconfig3
  • d--j/ispconfig3
  • inetspec/ispconfig3
  • Christian/ispconfig3
  • lukav/ispconfig3
  • galgenjunge/ispconfig3
  • gody/ispconfig3
  • kpendic/ispconfig3
  • diciannove/ispconfig3
  • tbasler/ispconfig3
  • logifech/ispconfig3
  • maximaweb/ispconfig3
  • tommaso-perondi/ispconfig3
  • francoisPE/ispconfig3
  • elgeorge2k/ispconfig3
  • francoisgrizzlydev/ispconfig3
  • Chris_UK/ispconfig3
  • mrutkowski/ispconfig3
  • mladen074/ispconfig3
  • trogper/ispconfig3
  • Lokutos/ispconfig3
  • manoaratefy/ispconfig3
  • GwynethLlewelyn/ispconfig3
  • tim427/ispconfig3
  • mapreri/ispconfig3
  • gsubiron/ispconfig3
  • eriam/ispconfig3
  • Steveorevo/ispconfig3
  • Jens/ispconfig3
  • ebela/ispconfig3
  • typoworx/ispconfig3
  • teuto.net/ispconfig3
  • sonority/ispconfig3
  • element/ispconfig3
  • Petar/ispconfig3
  • ewsp/ispconfig3
  • bicisteadm/ispconfig3
  • ivmm/ispconfig3
  • blinkenbox/ispconfig3
  • Samgarr/ispconfig3
  • B.Richard/ispconfig3
  • ahrasis/ispconfig3
  • nephi.aust/ispconfig3
  • beastycoding/ispconfig3
  • luttje/ispconfig3
  • hairy/ispconfig3
  • styxtdo/ispconfig3
  • SGr33n/ispconfig3
  • mepstein/ispconfig3
  • kobuki/ispconfig3
  • dachris/ispconfig3
  • mina/ispconfig3
253 results
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 2933 additions and 0 deletions
docs/Remote_API_docs.txt 0 → 100644
View file @ 6e2f910e
The remote API documentation is in the remoting_client/API-docs subfolder.
docs/autoinstall_samples/autoinstall.conf_sample.php 0 → 100644
View file @ 6e2f910e
<?php
$autoinstall['language'] = 'en'; // de, en (default)
$autoinstall['install_mode'] = 'standard'; // standard (default), expert
$autoinstall['hostname'] = 'server1.example.com'; // default
$autoinstall['mysql_hostname'] = 'localhost'; // default: localhost
$autoinstall['mysql_port'] = '3306'; // default: 3306
$autoinstall['mysql_root_user'] = 'root'; // default: root
$autoinstall['mysql_root_password'] = 'howtoforge';
$autoinstall['mysql_database'] = 'dbispconfig'; // default: dbispcongig
$autoinstall['mysql_charset'] = 'utf8'; // default: utf8
$autoinstall['http_server'] = 'nginx'; // apache (default), nginx
$autoinstall['ispconfig_port'] = '8080'; // default: 8080
$autoinstall['ispconfig_use_ssl'] = 'y'; // y (default), n
$autoinstall['ispconfig_admin_password'] = 'admin'; // default: admin
$autoinstall['create_ssl_server_certs'] = 'y';
$autoinstall['ignore_hostname_dns'] = 'n';
$autoinstall['ispconfig_postfix_ssl_symlink'] = 'y';
$autoinstall['ispconfig_pureftpd_ssl_symlink'] = 'y';
/* SSL Settings */
$autoinstall['ssl_cert_country'] = 'AU';
$autoinstall['ssl_cert_state'] = 'Some-State';
$autoinstall['ssl_cert_locality'] = 'Chicago';
$autoinstall['ssl_cert_organisation'] = 'Internet Widgits Pty Ltd';
$autoinstall['ssl_cert_organisation_unit'] = 'IT department';
$autoinstall['ssl_cert_common_name'] = $autoinstall['hostname'];
$autoinstall['ssl_cert_email'] = 'hostmaster@'.$autoinstall['hostname'];
/* optional expert mode settings, needed only for expert mode */
$autoinstall['mysql_ispconfig_user'] = 'ispconfig'; // default: ispconfig
$autoinstall['mysql_ispconfig_password'] = bin2hex(random_bytes(20));
$autoinstall['join_multiserver_setup'] = 'n'; // y, n (default)
$autoinstall['mysql_master_hostname'] = 'master.example.com';
$autoinstall['mysql_master_root_user'] = 'root';
$autoinstall['mysql_master_root_password'] = 'howtoforge';
$autoinstall['mysql_master_database'] = 'dbispconfig'; // default: dbispconfig
$autoinstall['configure_mail'] = 'y'; // y (default), n
$autoinstall['configure_jailkit'] = 'y'; // y (default), n
$autoinstall['configure_ftp'] = 'y'; // y (default), n
$autoinstall['configure_dns'] = 'y'; // y (default), n
$autoinstall['configure_apache'] = 'y'; // y (default), n
$autoinstall['configure_nginx'] = 'y'; // y (default), n
$autoinstall['configure_firewall'] = 'y'; // y (default), n
$autoinstall['install_ispconfig_web_interface'] = 'y'; // y (default), n
/* optional update settings, needed only for updates */
$autoupdate['do_backup'] = 'yes'; // yes (default), no
$autoupdate['mysql_root_password'] = 'howtoforge';
$autoupdate['mysql_master_hostname'] = 'master.example.com';
$autoupdate['mysql_master_root_user'] = 'root';
$autoupdate['mysql_master_root_password'] = 'howtoforge';
$autoupdate['mysql_master_database'] = 'dbispconfig'; // default: dbispconfig
$autoupdate['reconfigure_permissions_in_master_database'] = 'no'; // no (default), yes
$autoupdate['reconfigure_services'] = 'yes'; // yes (default), no
$autoupdate['ispconfig_port'] = '8080'; // default: 8080
$autoupdate['create_new_ispconfig_ssl_cert'] = 'no'; // no (default), yes
$autoupdate['reconfigure_crontab'] = 'yes'; // yes (default), no
$autoupdate['create_ssl_server_certs'] = 'y';
$autoupdate['ignore_hostname_dns'] = 'n';
$autoupdate['ispconfig_postfix_ssl_symlink'] = 'y';
$autoupdate['ispconfig_pureftpd_ssl_symlink'] = 'y';
/* These are for service-detection (defaulting to old behaviour where all changes were automatically accepted) */
$autoupdate['svc_detect_change_mail_server'] = 'yes'; // yes (default), no
$autoupdate['svc_detect_change_web_server'] = 'yes'; // yes (default), no
$autoupdate['svc_detect_change_dns_server'] = 'yes'; // yes (default), no
$autoupdate['svc_detect_change_xmpp_server'] = 'yes'; // yes (default), no
$autoupdate['svc_detect_change_firewall_server'] = 'yes'; // yes (default), no
$autoupdate['svc_detect_change_vserver_server'] = 'yes'; // yes (default), no
$autoupdate['svc_detect_change_db_server'] = 'yes'; // yes (default), no
?>
docs/autoinstall_samples/autoinstall.ini.sample 0 → 100644
View file @ 6e2f910e
[install]
language=en
install_mode=standard
hostname=server1.example.com
mysql_hostname=localhost
mysql_port=3306
mysql_root_user=root
mysql_root_password=ispconfig
mysql_database=dbispconfig
mysql_charset=utf8
http_server=apache
ispconfig_port=8080
ispconfig_use_ssl=y
ispconfig_admin_password=admin
create_ssl_server_certs=y
ignore_hostname_dns=n
ispconfig_postfix_ssl_symlink=y
ispconfig_pureftpd_ssl_symlink=y
[ssl_cert]
ssl_cert_country=AU
ssl_cert_state=Some-State
ssl_cert_locality=Chicago
ssl_cert_organisation=Internet Widgits Pty Ltd
ssl_cert_organisation_unit=IT department
ssl_cert_common_name=server1.example.com
ssl_cert_email=hostmaster@example.com
[expert]
mysql_ispconfig_user=ispconfig
mysql_ispconfig_password=afStEratXBsgatRtsa42CadwhQ
join_multiserver_setup=n
mysql_master_hostname=master.example.com
mysql_master_root_user=root
mysql_master_root_password=ispconfig
mysql_master_database=dbispconfig
configure_mail=y
configure_jailkit=y
configure_ftp=y
configure_dns=y
configure_apache=y
configure_nginx=y
configure_firewall=y
install_ispconfig_web_interface=y
[update]
do_backup=yes
mysql_root_password=ispconfig
mysql_master_hostname=master.example.com
mysql_master_root_user=root
mysql_master_root_password=ispconfig
mysql_master_database=dbispconfig
reconfigure_permissions_in_master_database=no
reconfigure_services=yes
ispconfig_port=8080
create_new_ispconfig_ssl_cert=no
reconfigure_crontab=yes
create_ssl_server_certs=y
ignore_hostname_dns=n
ispconfig_postfix_ssl_symlink=y
ispconfig_pureftpd_ssl_symlink=y
; These are for service-detection (defaulting to old behaviour where all changes were automatically accepted)
svc_detect_change_mail_server=yes
svc_detect_change_web_server=yes
svc_detect_change_dns_server=yes
svc_detect_change_xmpp_server=yes
svc_detect_change_firewall_server=yes
svc_detect_change_vserver_server=yes
svc_detect_change_db_server=yes
docs/examples/blacklist_helo.master 0 → 100644
View file @ 6e2f910e
# blacklist_helo - after permit_sasl, used to stop common spammers/misconfigurations
#
# This file can be used to block hostnames used in smtp HELO command which are known bad.
# Occasionally you will run into legitimate mail servers which are misconfigured and end
# up blocked here, so this is not enabled by default, but it is useful if you are prepared
# to address those cases. .local is particularly problematic, and commented out by default.
#
# Note that any server hitting this check is misconfigured, all of the names below are bogus
# and not allowed per RFC 2821.
#
# If your own users are blocked by this, they are not authenticating to your server when
# sending (this check is after permit_sasl, which permits authenticated senders).
#
# Instructions:
#
# Copy this file to /usr/local/ispconfig/server/conf-custom/install/blacklist_helo.master,
# as well as /etc/postfix/blacklist_helo, so your changes are not overwritten with ispconfig
# updates.
# probably just put REJECT lines in here,
# as OK lines will bypass a lot of other checks you may want done
# (use DUNNO instead of OK)
#
# common for spammers (check https://data.iana.org/TLD/tlds-alpha-by-domain.txt and remove valid tld's occasionally)
/.*\.administrator$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.admin$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.adsl$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.arpa$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.bac$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.coma$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.dhcp$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.dlink$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.dns$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.domain$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.dynamic$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.dyndns\.org$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.dyn$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.firewall$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.gateway$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.home$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.internal$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.intern$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.janak$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.kornet$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.lab$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.lan$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.localdomain$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.localhost$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
# .local is used by spammers a lot, but too many otherwise legit servers hit it
# (instead of REJECT, should send to greylisting)
#/.*\.local$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.loc$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.lokal$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.mail$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.nat$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.netzwerk$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.pc$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.privat$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.private$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.router$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.setup$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.119$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.beeline$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.cici$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.gt_3g$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.gt-3g$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.hananet$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.skbroadband$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
/.*\.tbroad$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
docs/old_server_plugins/bind_dlz_plugin.inc.php 0 → 100644
View file @ 6e2f910e
<?php
/*
Copyright (c) 2009, Falko Timme, Till Brehm, projektfarm Gmbh
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of ISPConfig nor the names of its contributors
may be used to endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
TABLE STRUCTURE of the "named" database:
CREATE TABLE IF NOT EXISTS `records` (
`id` int(10) unsigned NOT NULL auto_increment,
`zone` varchar(255) NOT NULL,
`ttl` int(11) NOT NULL default '3600',
`type` varchar(255) NOT NULL,
`host` varchar(255) NOT NULL default '@',
`mx_priority` int(11) default NULL,
`data` text,
`primary_ns` varchar(255) default NULL,
`resp_contact` varchar(255) default NULL,
`serial` bigint(20) default NULL,
`refresh` int(11) default NULL,
`retry` int(11) default NULL,
`expire` int(11) default NULL,
`minimum` int(11) default NULL,
`ispconfig_id` int(11) NOT NULL,
PRIMARY KEY (`id`),
KEY `type` (`type`),
KEY `host` (`host`),
KEY `zone` (`zone`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `xfr` (
`id` int(11) NOT NULL auto_increment,
`zone` varchar(255) NOT NULL,
`client` varchar(255) NOT NULL,
`ispconfig_id` int(11) NOT NULL,
PRIMARY KEY (`id`),
KEY `zone` (`zone`),
KEY `client` (`client`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
*/
class bind_dlz_plugin {
var $plugin_name = 'bind_dlz_plugin';
var $class_name = 'bind_dlz_plugin';
//* This function is called during ispconfig installation to determine
// if a symlink shall be created for this plugin.
function onInstall()
{
global $conf;
if(isset($conf['bind']['installed']) && $conf['bind']['installed'] == true) {
// Temporarily disabled until the installer supports the automatic creation of the necessary
// database or at least to select between filebased nd db based bind, as not all bind versions
// support dlz out of the box. To enable this plugin manually, create a symlink from the plugins-enabled
// directory to this file in the plugins-available directory.
return false;
//return true;
} else {
return false;
}
}
/*
This function is called when the plugin is loaded
*/
function onLoad()
{
global $app;
/*
Register for the events
*/
//* SOA
$app->plugins->registerEvent('dns_soa_insert', $this->plugin_name, 'soa_insert');
$app->plugins->registerEvent('dns_soa_update', $this->plugin_name, 'soa_update');
$app->plugins->registerEvent('dns_soa_delete', $this->plugin_name, 'soa_delete');
//* RR
$app->plugins->registerEvent('dns_rr_insert', $this->plugin_name, 'rr_insert');
$app->plugins->registerEvent('dns_rr_update', $this->plugin_name, 'rr_update');
$app->plugins->registerEvent('dns_rr_delete', $this->plugin_name, 'rr_delete');
}
function soa_insert($event_name, $data)
{
global $app, $conf;
if($data["new"]["active"] != 'Y') return;
$origin = substr($data["new"]["origin"], 0, -1);
$ispconfig_id = $data["new"]["id"];
$serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $ispconfig_id);
$ttl = $data["new"]["ttl"];
//$_db = clone $app->db;
//$_db->dbName = 'named';
$app->db->query("INSERT INTO named.records (zone, ttl, type, primary_ns, resp_contact, serial, refresh, retry, expire, minimum, ispconfig_id) VALUES ".
"(?, ?, 'SOA', ?, ?, ?, ?, ?, ?, ?, ?)", $origin, $ttl, $data["new"]["ns"], $data["new"]["mbox"], $serial["serial"], $serial["refresh"], $serial["retry"], $serial["expire"], $serial["minimum"], $ispconfig_id);
//unset($_db);
}
function soa_update($event_name, $data)
{
global $app, $conf;
if($data["new"]["active"] != 'Y')
{
if($data["old"]["active"] != 'Y') return;
$this->soa_delete($event_name, $data);
}
else
{
if($data["old"]["active"] == 'Y')
{
$origin = substr($data["new"]["origin"], 0, -1);
$ispconfig_id = $data["new"]["id"];
$serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $ispconfig_id);
$ttl = $data["new"]["ttl"];
//$_db = clone $app->db;
//$_db->dbName = 'named';
$app->db->query("UPDATE named.records SET zone = ?, ttl = ?, primary_ns = ?, resp_contact = ?, serial = ?, refresh = ?, retry = ?, expire = ?, minimum = ? WHERE ispconfig_id = ? AND type = 'SOA'", $origin, $ttl, $data["new"]["ns"], $data["new"]["mbox"], $serial["serial"], $serial["refresh"], $serial["retry"], $serial["expire"], $serial["minimum"], $data["new"]["id"]);
//unset($_db);
}
else
{
$this->soa_insert($event_name, $data);
$ispconfig_id = $data["new"]["id"];
if ($records = $app->db->queryAllRecords("SELECT * FROM dns_rr WHERE zone = ? AND active = 'Y'", $ispconfig_id))
{
foreach($records as $record)
{
foreach ($record as $key => $val) {
$data["new"][$key] = $val;
}
$this->rr_insert("dns_rr_insert", $data);
}
}
}
}
}
function soa_delete($event_name, $data)
{
global $app, $conf;
//$_db = clone $app->db;
//$_db->dbName = 'named';
$app->db->query( "DELETE FROM named.dns_records WHERE zone = ?", substr($data['old']['origin'], 0, -1));
//unset($_db);
}
function rr_insert($event_name, $data)
{
global $app, $conf;
if($data["new"]["active"] != 'Y') return;
$zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data["new"]["zone"]);
$origin = substr($zone["origin"], 0, -1);
$ispconfig_id = $data["new"]["id"];
$type = $data["new"]["type"];
if (substr($data["new"]["name"], -1) == '.') {
$name = substr($data["new"]["name"], 0, -1);
} else {
$name = ($data["new"]["name"] == "") ? $name = '@' : $data["new"]["name"];
}
if ($name == $origin || $name == '') {
$name = '@';
}
switch ($type)
{
case "CNAME":
case "MX":
case "NS":
case "ALIAS":
case "PTR":
case "SRV":
if(substr($data["new"]["data"], -1) != '.'){
$content = $data["new"]["data"] . '.';
} else {
$content = $data["new"]["data"];
}
break;
case "HINFO":
$content = $data["new"]["data"];
$quote1 = strpos($content, '"');
if($quote1 !== FALSE) {
$quote2 = strpos(substr($content, ($quote1 + 1)), '"');
}
if ($quote1 !== FALSE && $quote2 !== FALSE) {
$text_between_quotes = str_replace(' ', '_', substr($content, ($quote1 + 1), (($quote2 - $quote1))));
$content = $text_between_quotes.substr($content, ($quote2 + 2));
}
break;
default:
$content = $data["new"]["data"];
}
$ttl = $data["new"]["ttl"];
//$_db = clone $app->db;
//$_db->dbName = 'named';
if ($type == 'MX') {
$app->db->query("INSERT INTO named.records (zone, ttl, type, host, mx_priority, data, ispconfig_id)".
" VALUES (?, ?, ?, ?, ?, ?, ?)", $origin, $ttl, $type, $name, $data["new"]["aux"], $content, $ispconfig_id);
} elseif ($type == 'SRV') {
$app->db->query("INSERT INTO named.records (zone, ttl, type, data, ispconfig_id)".
" VALUES (?, ?, ?, ?, ?)", $origin, $ttl, $type, $data["new"]["aux"] . ' ' . $content, $ispconfig_id);
} else {
$app->db->query("INSERT INTO named.records (zone, ttl, type, host, data, ispconfig_id)".
" VALUES (?, ?, ?, ?, ?, ?)", $origin, $ttl, $type, $name, $content, $ispconfig_id);
}
//unset($_db);
}
function rr_update($event_name, $data)
{
global $app, $conf;
if ($data["new"]["active"] != 'Y')
{
if($data["old"]["active"] != 'Y') return;
$this->rr_delete($event_name, $data);
}
else
{
if ($data["old"]["active"] == 'Y')
{
$zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data["new"]["zone"]);
$origin = substr($zone["origin"], 0, -1);
$ispconfig_id = $data["new"]["id"];
$type = $data["new"]["type"];
if (substr($data["new"]["name"], -1) == '.') {
$name = substr($data["new"]["name"], 0, -1);
} else {
$name = ($data["new"]["name"] == "") ? $name = '@' : $data["new"]["name"];
}
if ($name == $origin || $name == '') {
$name = '@';
}
switch ($type)
{
case "CNAME":
case "MX":
case "NS":
case "ALIAS":
case "PTR":
case "SRV":
if(substr($data["new"]["data"], -1) != '.'){
$content = $data["new"]["data"] . '.';
} else {
$content = $data["new"]["data"];
}
break;
case "HINFO":
$content = $data["new"]["data"];
$quote1 = strpos($content, '"');
if($quote1 !== FALSE){
$quote2 = strpos(substr($content, ($quote1 + 1)), '"');
}
if($quote1 !== FALSE && $quote2 !== FALSE){
$text_between_quotes = str_replace(' ', '_', substr($content, ($quote1 + 1), (($quote2 - $quote1))));
$content = $text_between_quotes.substr($content, ($quote2 + 2));
}
break;
default:
$content = $data["new"]["data"];
}
$ttl = $data["new"]["ttl"];
$prio = (int)$data["new"]["aux"];
//$_db = clone $app->db;
//$_db->dbName = 'named';
if ($type == 'MX') {
$app->db->query("UPDATE named.records SET zone = ?, ttl = ?, type = ?, host = ?, mx_priority = ?, data = ? WHERE ispconfig_id = ? AND type != 'SOA'", $origin, $ttl, $type, $name, $prio, $content, $ispconfig_id);
} elseif ($type == 'SRV') {
$app->db->query("UPDATE named.records SET zone = ?, ttl = ?, type = ?, data = ? WHERE ispconfig_id = ? AND type != 'SOA'", $origin, $ttl, $type, $prio . ' ' . $content, $ispconfig_id);
} else {
$app->db->query("UPDATE named.records SET zone = ?, ttl = ?, type = ?, host = ?, data = ? WHERE ispconfig_id = ? AND type != 'SOA'", $origin, $ttl, $type, $name, $content, $ispconfig_id);
}
//unset($_db);
} else {
$this->rr_insert($event_name, $data);
}
}
}
function rr_delete($event_name, $data) {
global $app, $conf;
//$_db = clone $app->db;
//$_db->dbName = 'named';
$app->db->query( "DELETE FROM named.dns_records WHERE type != 'SOA' AND zone = ?", substr($data['old']['origin'], 0, -1));
//unset($_db);
}
} // end class
?>
docs/old_server_plugins/nginx_reverseproxy_plugin.inc.php 0 → 100644
View file @ 6e2f910e
<?php
class nginx_reverseproxy_plugin {
var $plugin_name = 'nginx_reverseproxy_plugin';
var $class_name = 'nginx_reverseproxy_plugin';
// private variables
var $action = '';
//* This function is called during ispconfig installation to determine
// if a symlink shall be created for this plugin.
function onInstall() {
global $conf;
if(isset($conf['services']['proxy']) && $conf['services']['proxy'] == true && isset($conf['nginx']['installed']) && $conf['nginx']['installed'] == true) {
return true;
} else {
return false;
}
}
/*
This function is called when the plugin is loaded
*/
function onLoad() {
global $app;
/*
Register for the events
*/
$app->plugins->registerEvent('web_domain_insert', $this->plugin_name, 'ssl');
$app->plugins->registerEvent('web_domain_update', $this->plugin_name, 'ssl');
$app->plugins->registerEvent('web_domain_delete', $this->plugin_name, 'ssl');
$app->plugins->registerEvent('web_domain_insert', $this->plugin_name, 'insert');
$app->plugins->registerEvent('web_domain_update', $this->plugin_name, 'update');
$app->plugins->registerEvent('web_domain_delete', $this->plugin_name, 'delete');
// $app->plugins->registerEvent('proxy_reverse_insert',$this->plugin_name,'rewrite_insert');
// $app->plugins->registerEvent('proxy_reverse_update',$this->plugin_name,'rewrite_update');
// $app->plugins->registerEvent('proxy_reverse_delete',$this->plugin_name,'rewrite_delete');
}
function insert($event_name, $data) {
global $app, $conf;
// just run the update function
$this->update($event_name, $data);
}
function update($event_name, $data) {
global $app, $conf;
if($this->action != 'insert') $this->action = 'update';
if($data['new']['type'] != 'vhost' && $data['new']['type'] != 'vhostsubdomain' && $data['new']['type'] != 'vhostalias' && $data['new']['parent_domain_id'] > 0) {
$old_parent_domain_id = intval($data['old']['parent_domain_id']);
$new_parent_domain_id = intval($data['new']['parent_domain_id']);
// If the parent_domain_id has been chenged, we will have to update the old site as well.
if($this->action == 'update' && $data['new']['parent_domain_id'] != $data['old']['parent_domain_id']) {
$tmp = $app->dbmaster->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $old_parent_domain_id);
$data['new'] = $tmp;
$data['old'] = $tmp;
$this->action = 'update';
$this->update($event_name, $data);
}
// This is not a vhost, so we need to update the parent record instead.
$tmp = $app->dbmaster->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $new_parent_domain_id);
$data['new'] = $tmp;
$data['old'] = $tmp;
$this->action = 'update';
}
// load the server configuration options
$app->uses('getconf');
$nginx_config = $app->getconf->get_server_config($conf['server_id'], 'web');
// Create group and user, if not exist
$app->uses('system');
//* Create the vhost config file
$app->load('tpl');
$tpl = new tpl();
$tpl->newTemplate('nginx_reverseproxy_vhost.conf.master');
$vhost_data = $data['new'];
$vhost_data['config_dir'] = $config['nginx']['config_dir'];
$vhost_data['ssl_domain'] = $data['new']['ssl_domain'];
// Check if a SSL cert exists
$ssl_dir = $config['nginx']['config_dir'].'/ssl';
$domain = $data['new']['ssl_domain'];
$key_file = $ssl_dir.'/'.$domain.'.key';
$crt_file = $ssl_dir.'/'.$domain.'.crt';
$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
if($vhost_data['nginx_directives']) {
$vhost_data['nginx_directives'] = preg_replace("/\[IP\]/", $vhost_data['ip_address'], $vhost_data['nginx_directives']);
}
if($data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file)) {
$vhost_data['ssl_enabled'] = 1;
$app->log('Enable SSL for: '.$domain, LOGLEVEL_DEBUG);
} else {
$vhost_data['ssl_enabled'] = 0;
$app->log('Disable SSL for: '.$domain, LOGLEVEL_DEBUG);
}
if(@is_file($bundle_file)) $vhost_data['has_bundle_cert'] = 1;
$tpl->setVar($vhost_data);
// get alias domains (co-domains and subdomains)
$aliases = $app->dbmaster->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ? AND (type != 'vhostsubdomain' OR type != 'vhostalias') AND active = 'y'", $data['new']['domain_id']);
$server_alias = array();
switch($data['new']['subdomain']) {
case 'www':
$server_alias[] .= 'www.'.$data['new']['domain'].' ';
break;
case '*':
$server_alias[] .= '*.'.$data['new']['domain'].' ';
break;
}
if(is_array($aliases)) {
foreach($aliases as $alias) {
switch($alias['subdomain']) {
case 'www':
$server_alias[] .= 'www.'.$alias['domain'].' '.$alias['domain'].' ';
break;
case '*':
$server_alias[] .= '*.'.$alias['domain'].' '.$alias['domain'].' ';
break;
default:
$server_alias[] .= $alias['domain'].' ';
break;
}
$app->log('Add server alias: '.$alias['domain'], LOGLEVEL_DEBUG);
}
}
//* If we have some alias records
if(count($server_alias) > 0) {
$server_alias_str = '';
$n = 0;
// begin a new ServerAlias line after 30 alias domains
foreach($server_alias as $tmp_alias) {
if($n % 30 == 0) $server_alias_str .= " ";
$server_alias_str .= $tmp_alias;
}
unset($tmp_alias);
$tpl->setVar('alias', trim($server_alias_str));
} else {
$tpl->setVar('alias', '');
}
$vhost_file = $nginx_config['nginx_vhost_conf_dir'].'/'.$data['new']['domain'].'.vhost';
//* Make a backup copy of vhost file
copy($vhost_file, $vhost_file.'~');
//* Write vhost file
file_put_contents($vhost_file, $tpl->grab());
$app->log('Writing the vhost file: '.$vhost_file, LOGLEVEL_DEBUG);
unset($tpl);
// Set the symlink to enable the vhost
$vhost_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/'.$data['new']['domain'].'.vhost';
if($data['new']['active'] == 'y' && !is_link($vhost_symlink)) {
symlink($vhost_file, $vhost_symlink);
$app->log('Creating symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
}
// Remove the symlink, if site is inactive
if($data['new']['active'] == 'n' && is_link($vhost_symlink)) {
unlink($vhost_symlink);
$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
}
if(!is_dir('/var/log/ispconfig/nginx/'.$data['new']['domain'])) $app->system->exec_safe('mkdir -p ?', '/var/log/ispconfig/nginx/'.$data['new']['domain']);
// remove old symlink and vhost file, if domain name of the site has changed
if($this->action == 'update' && $data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain']) {
$vhost_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/'.$data['old']['domain'].'.vhost';
unlink($vhost_symlink);
$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
$vhost_file = $nginx_config['nginx_vhost_conf_dir'].'/'.$data['old']['domain'].'.vhost';
unlink($vhost_file);
$app->log('Removing file: '.$vhost_file, LOGLEVEL_DEBUG);
if(is_dir('/var/log/ispconfig/nginx/'.$data['old']['domain'])) $app->system->exec_safe('rm -rf ?', '/var/log/ispconfig/nginx/'.$data['old']['domain']);
}
// request a httpd reload when all records have been processed
$app->services->restartServiceDelayed('nginx', 'restart');
// Remove the backup copy of the config file.
if(@is_file($vhost_file.'~')) unlink($vhost_file.'~');
//* Unset action to clean it for next processed vhost.
$this->action = '';
}
// Handle the creation of SSL certificates
function ssl($event_name, $data) {
global $app, $conf;
if(!is_dir($conf['nginx']['config_dir'].'/ssl')) $app->system->exec_safe('mkdir -p ?', $conf['nginx']['config_dir'].'/ssl');
$ssl_dir = $conf['nginx']['config_dir'].'/ssl';
$domain = $data['new']['ssl_domain'];
$key_file = $ssl_dir.'/'.$domain.'.key.org';
$key_file2 = $ssl_dir.'/'.$domain.'.key';
$csr_file = $ssl_dir.'/'.$domain.'.csr';
$crt_file = $ssl_dir.'/'.$domain.'.crt';
//* Save a SSL certificate to disk
if($data["new"]["ssl_action"] == 'save') {
$web = $app->masterdb->queryOneRecord("select wd.document_root, sp.ip_address from web_domain wd INNER JOIN server_ip sp USING(server_id) WHERE domain = ?", $data['new']['domain']);
$src_ssl_dir = $web["document_root"]."/ssl";
//$domain = $data["new"]["ssl_domain"];
//$csr_file = $ssl_dir.'/'.$domain.".csr";
//$crt_file = $ssl_dir.'/'.$domain.".crt";
//$bundle_file = $ssl_dir.'/'.$domain.".bundle";
$app->system->exec_safe('rsync -v -e ssh root@?:? ?', $web['ip_address'], '~/'.$src_ssl_dir, $ssl_dir);
$app->log('Syncing SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
}
//* Delete a SSL certificate
if($data['new']['ssl_action'] == 'del') {
//$ssl_dir = $data['new']['document_root'].'/ssl';
$domain = $data['new']['ssl_domain'];
$csr_file = $ssl_dir.'/'.$domain.'.csr';
$crt_file = $ssl_dir.'/'.$domain.'.crt';
$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
unlink($csr_file);
unlink($crt_file);
unlink($bundle_file);
$app->log('Deleting SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
}
}
function delete($event_name, $data) {
global $app, $conf;
// load the server configuration options
$app->uses('getconf');
$nginx_config = $app->getconf->get_server_config($conf['server_id'], 'web');
if($data['old']['type'] == 'vhost' || $data['old']['type'] == 'vhostsubdomain' || $data['old']['type'] == 'vhostalias') {
//* This is a website
// Deleting the vhost file, symlink and the data directory
$vhost_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/'.$data['old']['domain'].'.vhost';
unlink($vhost_symlink);
$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
$vhost_file = $nginx_config['nginx_vhost_conf_dir'].'/'.$data['old']['domain'].'.vhost';
unlink($vhost_file);
$app->log('Removing vhost file: '.$vhost_file, LOGLEVEL_DEBUG);
// Delete the log file directory
$vhost_logfile_dir = '/var/log/ispconfig/nginx/'.$data['old']['domain'];
if($data['old']['domain'] != '' && !stristr($vhost_logfile_dir, '..')) $app->system->exec_safe('rm -rf ?', $vhost_logfile_dir);
$app->log('Removing website logfile directory: '.$vhost_logfile_dir, LOGLEVEL_DEBUG);
}
}
function rewrite_insert($event_name, $data) {
global $app, $conf;
// just run the update function
$this->update($event_name, $data);
}
function rewrite_update($event_name, $data) {
global $app, $conf;
$rules = $this->_getRewriteRules($app);
$app->uses('getconf');
$nginx_config = $app->getconf->get_server_config($conf['server_id'], 'web');
$app->load('tpl');
$tpl = new tpl();
$tpl->newTemplate("nginx_reverseproxy_rewrites.conf.master");
if (!empty($rules))$tpl->setLoop('nginx_rewrite_rules', $rules);
$rewrites_file = $nginx_config['nginx_vhost_conf_dir'].'/default.rewrites.conf';
//* Make a backup copy of vhost file
copy($rewrites_file, $rewrites_file.'~');
//* Write vhost file
file_put_contents($rewrites_file, $tpl->grab());
$app->log('Writing the nginx rewrites file: '.$rewrites_file, LOGLEVEL_DEBUG);
unset($tpl);
// Set the symlink to enable the vhost
$rewrite_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/default.rewrites.conf';
if(!is_link($rewrite_symlink)) {
symlink($rewrites_file, $rewrite_symlink);
$app->log('Creating symlink for nginx rewrites: '.$rewrite_symlink.'->'.$rewrites_file, LOGLEVEL_DEBUG);
}
}
function rewrite_delete($event_name, $data) {
global $app, $conf;
// just run the update function
$this->rewrite_update($event_name, $data);
}
function _getRewriteRules($app)
{
$rules = array();
$rules = $app->db->queryAllRecords("SELECT rewrite_url_src, rewrite_url_dst FROM proxy_reverse ORDER BY rewrite_id ASC");
return $rules;
}
} // end class
?>
docs/under_development/CHROOTED_DEBIAN_5.0.txt 0 → 100644
View file @ 6e2f910e
#!/bin/sh
#
# rev 0.6
#
# dxr@brutalsec.net
# 01-09-2009
#
# We can create a script for configure chroot environment but,
# YOU MUST UNDERSTAND HOW TO WORK IT for can solve possible
# problems in the future.
#
# Every service has its own chroot environment:
# BIND -> chroot
# Apache -> chroot
# Dovecot -> chroot
# Pureftpd -> Apache's chroot
#
# Only apache and php packages aren't installed in real system,
# only in chroot environment with symbolic links from real system.
#
# PLEASE, CONFIGURE CHROOT ENVIROMENT IF SECURITY IS REALLY
# IMPORTANT FOR YOU AND YOU KNOWN HOW TO WORK IT!
#
exit 1
1. BACKUP before changing anything on the system
2. Create partitions
3. Remove possible Apache or PHP installations on real system
4. Prepare Chroot environment
5. Linking Webserver aplication from real system
6. mini_sendmail
7. Test services
8. Howto install ispconfig3
9. Migration
1. BACKUP before changing anything on the system
# If is not a new installation, then
BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP
BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP
BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP
BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP
2. Create partitions
/var/www/ Chroot partition (ext3)
/var/www/html/ Chroot system
/var/www/html/var/log/apache2 Log partition (ext3)
/var/www/html/var/www/html Webs partition (xfs)
/var/www/html/tmp Temporal dir (tmpfs, options: )
/dev/lvm_foobar1/chroot_lv -> /var/www/ (ext3)
/dev/lvm_foobar2/apachelogs_lv -> /var/www/html/var/log/apache2 (ext3)
/dev/lvm_foobar3/hosting_lv -> /var/www/html/var/www/html (xfs)
mount /dev/lvm_foobar1/chroot_lv /var/www/
mkdir -p /var/www/html/var/log/apache2 /var/www/html/var/www/html
mount /dev/lvm_foobar2/apachelogs_lv /var/www/html/var/log/apache2
mount /dev/lvm_foobar3/hosting_lv /var/www/html/var/www/html
3. Remove possible Apache or PHP installations on real system
# We never wont install apache or php in non-chroot system, if we have installed, we only have do a backup of configurations, uninstall, and check every symbolic link
dpkg -l|egrep --color -i 'apache|php'
4. Prepare Chroot environment
# Install packages in real system
apt-get install debootstrap libpcre3 libaprutil1 libxml2 mime-support patch make gcc mysql-server subversion ssh openssh-server ntp ntpdate vim libdbd-mysql libdbi-perl dnsutils
# The non webserver will install outside of chroot
apt-get install postfix postfix-mysql postfix-doc mysql-client openssl getmail4 rkhunter amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl pure-ftpd-common pure-ftpd-mysql quota quotatool
# If you will use courier:
apt-get install courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql courier-maildrop
# If you will use dovecot:
#apt-get install dovecot-imapd dovecot-pop3d
# If you will use BIND:
apt-get install bind9 bind9utils
#
# If we want execute php from real system (crontabs for example) we need install php dependencies in real system:
# libgd2-xpm libt1-5 libmagick10 libc-client2007b libmcrypt4
# cat /var/log/ispconfig/cron.log
# ldd /usr/lib/php5/20060613/mcrypt.so
#
time debootstrap --arch=amd64 lenny /var/www/html/ ftp://ftp.fr.debian.org/debian/
echo "/proc /var/www/html/proc proc defaults 0 0">>/etc/fstab
echo "devpts /var/www/html/dev/pts devpts defaults 0 0">>/etc/fstab
mount -a
# We must create sshusers group
echo "@sshusers - chroot /var/www/html/">>/etc/security/limits.conf
chroot /var/www/html apt-get update
chroot /var/www/html apt-get install fakeroot --force-yes -y
chroot /var/www/html apt-get install locales
chroot /var/www/html dpkg-reconfigure locales
mv /usr/lib/apache2 /usr/lib/apache2_old
mv /var/log/apache2 /var/log/apache2_old
mv /var/lock/apache2 /var/lock/apache2_old
mv /var/lib/apache2 /var/lib/apache2_old
mv /usr/lib/php5 /usr/lib/php5_old
mv /etc/apache2 /etc/apache2_old
mv /etc/suphp /etc/suphp_old
chroot /var/www/html apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby libapache2-mod-chroot php-apc libtimedate-perl
chroot /var/www/html /etc/init.d/apache2 stop
chroot /var/www/html a2enmod mod_chroot
chroot /var/www/html a2enmod suexec
echo "ChrootDir /var/www/html" > /var/www/html/etc/apache2/conf.d/mod_chroot.conf
sed -i -e 's#DocumentRoot /var/www/#DocumentRoot /var/www/html/#' /var/www/html/etc/apache2/sites-enabled/000-default
sed -i -e 's#x-httpd-php=php:/usr/bin/php-cgi#x-httpd-php=php:/usr/bin/php-cgi\nx-httpd-suphp=php:/usr/bin/php-cgi\nx-httpd-php=php:/usr/bin/php-cgi#' /var/www/html/etc/suphp/suphp.conf
sed -i -e 's#/var/run/apache2.pid#/var/run/apache2/apache2.pid#' /var/www/html/etc/apache2/envvars
sed -i -e 's/^"syntax on/syntax on/' /etc/vim/vimrc
sed -i -e 's/^"syntax on/syntax on/' /var/www/html/etc/vim/vimrc
# Protect apache configuration. ONLY root can read it
chown root:root /var/www/html/etc/apache2/ && chmod 700 /var/www/html/etc/apache2/
chmod 711 /var/www/html/etc/php5/
5. # Is good idea to add Nagios alarm for check every symbolic link is correct.
ln -s /var/www/html/etc/apache2 /etc/apache2
ln -s /var/www/html/etc/suphp /etc/suphp
ln -s /var/www/html/var/run/apache2 /var/run/apache2
ln -s /var/www/html/var/run/apache2.pid /var/run/apache2.pid
ln -s /var/www/html/usr/sbin/apache2ctl /usr/sbin/apache2ctl
ln -s /var/www/html/usr/sbin/apache2 /usr/sbin/apache2
ln -s /var/www/html/usr/lib/apache2 /usr/lib/apache2
ln -s /var/www/html/usr/sbin/a2enmod /usr/sbin/a2enmod
ln -s /var/www/html/usr/sbin/a2dismod /usr/sbin/a2dismod
ln -s /var/www/html/usr/sbin/a2ensite /usr/sbin/a2ensite
ln -s /var/www/html/usr/sbin/a2dissite /usr/sbin/a2dissite
ln -s /var/www/html/var/log/apache2 /var/log/apache2
ln -s /var/www/html/var/lock/apache2 /var/lock/apache2
ln -s /var/www/html/var/lib/apache2 /var/lib/apache2
ln -s /var/www/html/usr/lib/php5 /usr/lib/php5
ln -s /var/www/html/etc/init.d/apache2 /etc/init.d/apache2
# Neccessary for to install ispconfig3 from real system:
ln -s /var/www/html/usr/bin/php5 /usr/bin/php5
ln -s /var/www/html/etc/alternatives/php /etc/alternatives/php
ln -s /var/www/html/usr/bin/php /usr/bin/php
ln -s /var/www/html/etc/php5 /etc/php5
6. # Install mini_sendmail for chroot
# We can use mini_sendmail for delivery emails directy in remote servers, but i prefer to control it in central mailserver for check spammers and limit it.
cd /tmp/
wget http://acme.com/software/mini_sendmail/mini_sendmail-1.3.6.tar.gz
tar xzf mini_sendmail-1.3.6.tar.gz
wget http://users1.leipzig.freifunk.net/%7Efirmware-build/brcm_2_4_Broadcom_default/build/openwrt_packages/mail/mini_sendmail/patches/200-fullname.patch
patch -p0 < 200-fullname.patch
cd mini_sendmail-1.3.6
make
# 2e555b2573c3ea65a467a5960f0b51f6 mini_sendmail
mv /var/www/html/usr/lib/sendmail /var/www/html/usr/lib/sendmail_old
mv /var/www/html/usr/sbin/sendmail /var/www/html/usr/sbin/sendmail_old
cp mini_sendmail /var/www/html/usr/sbin/mini_sendmail
cd /var/www/html/usr/lib/ && ln -s ../sbin/mini_sendmail sendmail
cd /var/www/html/usr/sbin && ln -s mini_sendmail sendmail
# ./mini_sendmail -h
# usage: ./mini_sendmail [-f<name>] [-t] [-s<server>] [-p<port>] [-T<timeout>] [-v] [address ...]
#add to php.ini (/var/www/html/etc/php5/apache2/php.ini /var/www2/etc/php5/cli/php.ini /var/www2/etc/php5/cgi/php.ini line :672)
# sendmail_path = /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1
sed -i -e 's#^;sendmail_path =$#sendmail_path = /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1#' /var/www/html/etc/php5/apache2/php.ini /var/www/html/etc/php5/cli/php.ini /var/www/html/etc/php5/cgi/php.ini
7.
# Test
apache2ctl restart
# php -i|grep --color sendmail
#sendmail_from => no value => no value
#sendmail_path => /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1 => /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1
#Path to sendmail => /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1
# Sould be good idea check /var/www/html/usr/lib/sendmail /var/www/html/usr/sbin/sendmail and /var/www/html/usr/sbin/mini_sendmail with nagios alarm ;)
8. Install ispconfig ........
cd /tmp/
svn co svn://svn.ispconfig.org/ispconfig3 svn.ispconfig.org
mv /usr/local/ispconfig /var/www/html/usr/local/
ln -s /var/www/html/usr/local/ispconfig /usr/local/ispconfig
mv /var/www/apps /var/www/html/var/www/
mv /var/www/php-fcgi-scripts /var/www/html/var/www/
mv /var/www/ispconfig /var/www/html/var/www/
ln -s /var/www/html//var/www/ispconfig /var/www/ispconfig
ln -s /var/www/html/var/www/php-fcgi-scripts /var/www/php-fcgi-scripts
ln -s /var/www/html/var/www/apps /var/www/apps
# After copy, we must clean unnecessary users and groups
cp -r /etc/{passwd,group,apt} /var/www/html/etc/
apache2ctl stop
apache2ctl start
### Migration to other server ###
Really easy:
Do step 1
And after do a simple rsync:
screen
time rsync -a --progress root@host1:/var/www/ /var/www/
# Install some apache's dependencies
apt-get install debootstrap libpcre3 libaprutil1 libxml2 mime-support
Do step 5
Do step 6
docs/under_development/DEV_CHROOTED_DEBIAN_5.0.txt 0 → 100644
View file @ 6e2f910e
Setting up a chrooted ispconfig 3 installation
--------------------------------------------------------------------
# Follow the steps 1 - 8 of the INSTALL_DEBIAN_5.0 Guide, then proceed
# with the steps below.
#
# This guide is experimental as there are a few changes necessary in
# ispconfig to get it working. These changes will be part of ISPConfig 3.0.2
# Install packages
apt-get install debootstrap libapache2-mod-chroot
# Create the chroot environment
debootstrap lenny /var/www/ ftp://ftp.fr.debian.org/debian/
# Add mountpoints for the chroot env into the fstab file
echo "/proc /var/www/proc proc defaults 0 0">>/etc/fstab
echo "devpts /var/www/dev/pts devpts defaults 0 0">>/etc/fstab
# mount all the filesystems
mount -a
# add a default chroot dir for all users of the sshusers group
echo "@sshusers - chroot /var/www/">>/etc/security/limits.conf
# copy passwd and group files to the chroot env
cp -rf /etc/apt /etc/passwd /etc/group /var/www/etc/ # Cleaning unnecessary users and groups
# Create symlinks
cd /var/www/var/
rm -rf /var/www/var/www
ln -s / www
# Enter the chroot
chroot /var/www
# Update files in the chroot environment and install some packages.
# You can ignore warnings about locales, we will fix them in the next step.
apt-get update
apt-get install fakeroot --force-yes -y
apt-get install locales
# Reconfigure locales. Select e.g the en_US* locales.
dpkg-reconfigure locales
# run a dist-upgrade
fakeroot apt-get dist-upgrade
# Install Apache and PHP in the chroot environment
apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby
/etc/init.d/apache2 stop
# Exit the chroot
exit
# Moving the apache configuration is not necessary, as Apache reads
# the config files before it moves into the chroot
# rm -rf /var/www/etc/apache2
# mv -f /etc/apache2 /var/www/etc/
# ln -s /var/www/etc/apache2 /etc/apache2
rm -rf /var/www/etc/php5/cgi/
mv -f /etc/php5/cgi/ /var/www/etc/php5/
ln -s /var/www/etc/php5/cgi /etc/php5/
rm -rf /var/www/etc/php5/apache2/
mv -f /etc/php5/apache2/ /var/www/etc/php5/
ln -s /var/www/etc/php5/apache2 /etc/php5/
ln -s /var/www/var/run/apache2.pid /var/run/apache2.pid
# enable mod_chroot
a2enmod mod_chroot
echo "ChrootDir /var/www" > /etc/apache2/conf.d/mod_chroot.conf
# Start apache
/etc/init.d/apache2 start
# Install ISPConfig
cd /tmp
wget https://www.ispconfig.org/downloads/ISPConfig-3.0.1.4-beta-2.tar.gz
tar xvfz ISPConfig-3.0.1.4-beta-2.tar.gz
cd ispconfig3_install/install/
php -q install.php
cd /tmp/
rm -rf ispconfig3_install
rm -f ISPConfig-3.0.1.4-beta-2.tar.gz
# Move the ispconfig interface part to the chroot environment and create a symlink
mkdir /var/www/usr/local/ispconfig
chown ispconfig:ispconfig /var/www/usr/local/ispconfig
chmod 750 /var/www/usr/local/ispconfig
mv /usr/local/ispconfig/interface /var/www/usr/local/ispconfig/
ln -s /var/www/usr/local/ispconfig/interface /usr/local/ispconfig/interface
chroot /var/www adduser www-data ispconfig
# Create a link for the MySQL socket
ln /var/run/mysqld/mysqld.sock /var/www/var/run/mysqld/mysqld.sock
# As an alternative to making a hardlink to the MySQL socket,
# change the my.cnf file in the chroot to use TCP sockets.
# This is more secure but a bit slower than using the mysqld.sock file.
# Restart Apache
/etc/init.d/apache2 restart
interface/web/designer/index.php extensions/empty.dir
View file @ 6e2f910e
File moved
helper_scripts/cert_check.sh 0 → 100644
View file @ 6e2f910e
#!/bin/bash
chkdata() {
F=$1
CRT=$2
KEY=$3
if [[ "$CRT" != "" && "$KEY" != "" ]] ; then
if [[ ! -f "$CRT" ]] ; then
echo "[WARN] CERTIFICATE FILE ${CRT} MISSING FOR ${F}" ;
else
echo -n "Checking ${CRT}" ;
CHK=$(openssl x509 -in "${CRT}" -text -noout >/dev/null 2>&1 ; echo $?);
if [[ $CHK -ne 0 ]] ; then
echo " FAILED!" ;
else
echo " OK" ;
fi
fi
if [[ ! -f "$KEY" ]] ; then
echo "[WARN] KEY FILE ${KEY} MISSING FOR ${F}" ;
else
echo -n "Checking ${KEY}" ;
CHK=$(openssl rsa -in "${KEY}" -check -noout >/dev/null 2>&1 ; echo $?);
if [[ $CHK -ne 0 ]] ; then
echo " FAILED!" ;
else
echo " OK" ;
fi
fi
if [[ -f "$CRT" && -f "$KEY" ]] ; then
echo -n "Checking that key and certificate match";
MDCRT=$(openssl x509 -noout -modulus -in "${CRT}" | openssl md5) ;
MDKEY=$(openssl rsa -noout -modulus -in "${KEY}" | openssl md5) ;
if [[ "$MDCRT" != "$MDKEY" ]] ; then
echo " FAILED!" ;
else
echo " OK" ;
fi
fi
echo "---" ;
elif [[ "$CRT" != "" || "$KEY" != "" ]] ; then
echo "[WARN] Check SSL config of ${F}";
echo "---" ;
fi
}
if [[ -d /etc/apache2/sites-enabled ]] ; then
echo "Checking enabled apache vhosts" ;
for FIL in /etc/apache2/sites-enabled/* ; do
CRT=$(grep 'SSLCertificateFile' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
KEY=$(grep 'SSLCertificateKeyFile' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
chkdata "$FIL" "$CRT" "$KEY" ;
done
fi
if [[ -d /etc/nginx/sites-enabled ]] ; then
echo "Checking enabled nginx vhosts" ;
for FIL in /etc/nginx/sites-enabled/* ; do
CRT=$(grep 'ssl_certificate' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
CRT=${CRT%;}
KEY=$(grep 'ssl_certificate_key' "${FIL}" | grep -E -v '^[[:space:]]*#' | awk '{print $2}' | head -n 1) ;
KEY=${KEY%;}
chkdata "$FIL" "$CRT" "$KEY" ;
done
fi
\ No newline at end of file
helper_scripts/debian_setup.sh 0 → 100755
View file @ 6e2f910e
#!/bin/sh
apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl postfix-tls libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4
apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
modprobe capability
echo 'capability' >> /etc/modules
apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool
echo 'yes' > /etc/pure-ftpd/conf/DontResolve
apt-get install mydns-mysql
apt-get install vlogger webalizer
php -q ../install/install.php
helper_scripts/dns_export_to_bind.php 0 → 100644
View file @ 6e2f910e
<?php
$host="IP_ADDRESS";
$user="USERNAME";
$password="PASSWORD";
mysql_connect($host, $user, $password) or die(mysql_error());
mysql_select_db("dbispconfig");
$result = "";
$result = mysql_query("SELECT id,origin,ns,ttl,mbox,serial,refresh,retry,expire,minimum FROM dns_soa;");
function hostname2ipfunktion($tmp1, $timeout = 1)
{
if ($tmp1 == 0)
{
$query = `nslookup -timeout=$timeout -retry=0 $tmp1`;
if(preg_match('/\nAddress: (.*)\n/', $query, $matches))
return trim($matches[1]);
return $tmp1;
}
}
$serialsearch=date("Ymd");
$resultx12 = mysql_query("SELECT origin,serial FROM dns_soa WHERE serial LIKE '$serialsearch%' ORDER BY origin ASC;");
while ($rowx12=mysql_fetch_array($resultx12)) {
$zone=substr($rowx12["origin"], 0, -1);
$filename_x1="/var/cache/bind/".$zone;
if (file_exists($filename_x1)) {
$serialvergleich[$zone]=exec("grep \";Serial\" /var/cache/bind/$zone |cut -d\" \" -f1 | awk '{print $1}'");
}
}
while($row = mysql_fetch_array($result))
{
//## Hier ALLES Aktivieren bei Primary Nameserver TEIL 1 #################################################################################
$varx11=substr($row["origin"], 0, -1);
$filename="/var/cache/bind/".$varx11;
if (file_exists($filename)) {
unlink("/var/cache/bind/$varx11");
}
$arr1[$x11]="zone \"$varx11\" in { type master; file \"$varx11\"; };\n";
$x11=$x11+1;
$result2 = mysql_query("select name,type,aux,data from dns_rr where zone=$row[id] and active='Y' ORDER BY name ASC;");
$arr3[0]="\$TTL ".$row['ttl']."\n@ IN SOA ".$row['ns']." ".$row['mbox']." (\n ".$row['serial']." ;Serial\n"." ".$row['refresh']." ;Refresh\n"." ".$row['retry']." ;Retry\n"." ".$row['expire']." ;Expire\n"." ".$row['minimum']." ) ;Minimum\n\n";
$xx1=1;
while($row2 = mysql_fetch_row($result2))
{
$arr2[$xx1]=$row2['0']." IN ".$row2['1']." ";
if ($row2['2']>0)
{
$arr3[$xx1]=$arr2[$xx1].$row2['2']." ".$row2['3']."\n";
}
else
{
$arr3[$xx1]=$arr2[$xx1].$row2['3']."\n";
}
$xx1=$xx1+1;
}
$f = fopen("/var/cache/bind/$varx11", "a+");
foreach($arr3 as $values) fputs($f, $values);
fclose($f);
$arr2=array();
$arr3=array();
//## ENDE Primärer Nameserver TEIL 2 #####################################################################################################
//## Hier ALLES Aktivieren bei Secondary Nameserver ######################################################################################
// $tmp1 = substr($row["ns"],0,-1);
// $tmp2 = substr($row["origin"],0,-1);
// if (!isset($dnscache[$tmp1])) $nsip = hostname2ipfunktion($tmp1) ;
// else $nsip=$dnscache[$tmp1] ;
// if ($nsip == $tmp1)
// {
// echo "$tmp2 $tmp1 Not a valid Nameserver";
// echo "\n";
// }
// else
// {
// $dnscache[$tmp1]=$nsip;
// $arr1[$x11]="zone \"".$tmp2."\" in { type slave; file \"".$tmp2."\"; masters {".$nsip."; }; };\n";
// $x11=$x11+1;
// }
//## ENDE Secondary Nameserver ###########################################################################################################
}
unlink("/etc/bind/named.conf.local");
$fx = fopen("/etc/bind/named.conf.local", "a+");
foreach($arr1 as $values) fputs($fx, $values);
fclose($fx);
system("rndc reconfig >/dev/null 2>&1");
//## ANFANG Primärer Namerserver TEIL 2 ##################################################################################################
$serialsearch=date("Ymd");
$resultx13 = mysql_query("SELECT origin,serial FROM dns_soa WHERE serial LIKE '$serialsearch%' ORDER BY origin ASC;");
while ($rowx13=mysql_fetch_array($resultx13)) {
$serial_ist=($rowx13["serial"]);
$zone=substr($rowx13["origin"], 0, -1);
// echo "zone: ".$zone." ist: ".$serial_ist." vergleich: ".$serialvergleich[$zone]."\n";
if ($serialvergleich[$zone] != $serial_ist) {
$reload=system("rndc reload $zone >/dev/null 2>&1");
}
}
//## ENDE Primärer NamerserverTEIL 2 ######################################################################################################
?>
helper_scripts/dns_export_to_bind_retrans_daily.php 0 → 100644
View file @ 6e2f910e
<?php
$host="IP_ADDRESS";
$user="USERNAME";
$password="PASSWORD";
mysql_connect($host, $user, $password) or die(mysql_error());
mysql_select_db("dbispconfig");
$result = "";
$result = mysql_query("SELECT origin FROM dns_soa ORDER BY origin ASC;");
while($row = mysql_fetch_array($result))
{
$zone=substr($row["origin"], 0, -1);
system("rndc retransfer ".$zone);
}
?>
helper_scripts/fixcerts 0 → 100644
View file @ 6e2f910e
#!/bin/bash
#####################################################################################
# #
# Syntax: fixcerts DOMAIN #
# #
# Use: Extend Letsencrypt SSl certificates for commonly grouped services such as #
# Apache,Postfix,Dovecot using Certbot. Useful for keeping all client #
# applications referencing the same virtual domain name, such as auto-config #
# email clients on phones, i.e. mailuser@mydomain.TLD smtp.mydomain.TLD #
# imaps.mydomain.TLD instead of mailuser@mydomain.TLD mail.ISPmaildomain.TLD #
# Also useful when sending mail through services like Gmail that will #
# validate sender through a negotiated TLS encrypted connection. #
# #
# Ex: sh fixcerts myhosteddomain.com #
# #
# Prerequisites: #
# - A Letsencrypt certificate for the DOMAIN must already exist #
# - A seperate certificate each for Dovecot and Postfix were previously generated #
# - All new host names to add MUST already exist in DNS at least as a CNAME #
# - Edit the Dovecot/Postfix conf to use the alternate certificate #
# - Set the variable wr_file to a directory that certbot can read and write from #
# - Set the dom_cert=,dv_cert=,pf_cert=,dv_file=, and pf_file= variables #
# #
# In my case, I ran: #
# certbot certonly -webroot /usr/local/ispconfig/interface/acme -d dc.hrst.xyz #
# certbot certonly -webroot /usr/local/ispconfig/interface/acme -d pf.hrst.xyz #
# to create the separate Dovecot and Postscript certificates, then edited and #
# ran the script to extend those certificate, once per hosted domain #
# #
# If you use only one alternate certifcate for both mail services, set both dv_file #
# and pf_file to the same file name and set one of _cert files="" and #
# use the other. If you don't wish to add to a particular certificate, set the #
# variable ="", such as dom_cert #
# TODO: Pre-validate desired additions as already existing in DNS #
# Generate SRV Records and add to DNS to autoconfig clients #
# #
# Author: tad.hasse@gmail.com #
# #
#####################################################################################
#bail out on error
set -e
# Hostnames to add to the main domain certificate
dom_cert="webmail"
# Hostnames to add to the Dovecot domain certificate
dv_cert="pop3s imap"
# Hostnames to add to the Postfix domain certificate
pf_cert="mail smtp smtps"
# Name of the certificate file that handles Dovecot
dv_file="dc.hrst.xyz"
# Name of the certificate file that handles Postfix
pf_file="pf.hrst.xyz"
# Writeable webroot for certbot (I use ISPConfig,
wr_file="/usr/local/ispconfig/interface/acme"
new_cert=""
nanobot=""
affected_services=""
if [ -z "$1" ] # Is parameter #1 zero length?
then
echo "-No DOMAIN specified" # Or no parameter passed.
exit 1
fi
#live_check='/etc/letsencrypt/live/'$1
if [[ ! -d '/etc/letsencrypt/live/'$1 ]]; then
echo "- DOMAIN certificate for \"$1\" not found -"
exit 1
fi
if [[ ! -d '/etc/letsencrypt/live/'${dv_file} ]]; then
echo "- Dovecot/postoffice certificate" ${dv_file}" for \"$1\" not found -"
exit 1
fi
if [[ ! -d '/etc/letsencrypt/live/'${pf_file} ]]; then
echo "- Postfix/mail certificate" ${pf_file}" for \"$1\" not found -"
exit 1
fi
# Have certbot generate its current certificate list for use as input
certbot certificates >~/certfile
# Extend base domain certificate which typically only contains the domain.TLD and www.domain.TLD
if [[ ! -z "${dom_cert}" ]]; then
echo
new_cert=$(echo $dom_cert| sed -e "s/ /.$1 /g" -e 's/ / -d /g' -e "s/$/.$1 /g" -e 's/^/-d /g')
echo "Adding" ${new_cert} " to "$1
nanobot=$(grep -A1 "Certificate Name: "$1 certfile |awk -F': ' '{ {getline}; $1=""; print }'|sed 's/ / -d /g')
doit_cert=$(echo "certbot certonly --webroot -w ${wr_file}${nanobot} ${new_cert}")
${doit_cert}
affected_services=${affected_services}+"A"
else
echo "Domain Certificate unaffected"
fi
# Extend the Dovecot certificate
if [[ ! -z "${dv_cert}" ]]; then
echo
new_cert=$(echo $dv_cert| sed -e "s/ /.$1 /g" -e 's/ / -d /g' -e "s/$/.$1 /g" -e 's/^/-d /g')
echo "Adding" ${new_cert} " to "${dv_file}
nanobot=$(grep -A1 "Certificate Name: "${dv_file} certfile |awk -F': ' '{ {getline}; $1=""; print }'|sed 's/ / -d /g')
doit_cert=$(echo "certbot certonly --webroot -w ${wr_file}${nanobot} ${new_cert}")
${doit_cert}
affected_services=${affected_services}+"D"
else
echo "Dovecot Certificate unaffected"
fi
# Extend the Postscript certificate
if [[ ! -z "{$pf_cert}" ]]; then
echo
new_cert=$(echo $pf_cert| sed -e "s/ /.$1 /g" -e 's/ / -d /g' -e "s/$/.$1 /g" -e 's/^/-d /g')
echo "Adding" ${new_cert} " to " ${pf_file}
nanobot=$(grep -A1 "Certificate Name: "${pf_file} certfile |awk -F': ' '{ {getline}; $1=""; print }'|sed 's/ / -d /g')
doit_cert=$(echo "certbot certonly --webroot -w ${wr_file}${nanobot} ${new_cert}")
${doit_cert}
affected_services=${affected_services}+"P"
else
echo "Postfix Certificate unaffected"
fi
if [[ $affected_services == *"A"* ]]; then
echo "Remember to restart the httpd service"
fi
if [[ $affected_services == *"D"* ]]; then
echo "Remember to restart the dovecot/postoffice service"
fi
if [[ $affected_services == *"P"* ]]; then
echo "Remember to restart the postfix/sendmail service"
fi
echo
echo
echo "Add the following SRV records to DNS for client setup for "$1
if [[ $affected_services == *"D"* ]]; then
echo "_imaps._tcp."$1 "SRV 3600 4 60 993 imaps"
echo "_pop3s._tcp."$1 "SRV 3600 6 60 995 pop3s"
echo "_imap._tcp."$1 " SRV 3600 8 60 143 imap"
fi
if [[ $affected_services == *"P"* ]]; then
echo "_smtps._tcp."$1 "SRV 3600 8 60 465 smtps"
echo "_smtp._tcp."$1 " SRV 3600 10 60 587 smtp"
fi
\ No newline at end of file
helper_scripts/gentoo_setup.sh 0 → 100644
View file @ 6e2f910e
#!/bin/bash
# Copyright (c) 2009, Scott Barr <gsbarr@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# * Neither the name of the <organization> nor the
# names of its contributors may be used to endorse or promote products
# derived from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ''AS IS''
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL <copyright holder> BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Global vars
install_mail="no"
install_web="no"
install_ftp="no"
install_dns="no"
spinner_pid=0
version="0.7"
source_path=`dirname $0`
source ${source_path}/utils.sh
function package_has_use_flag()
{
local package=$1
local useflag=$2
res=`equery -C -N uses $package | grep -o -P "^ [-+]{1} \+ $useflag"`
[ -n "$res" ]
}
function package_is_emerged()
{
local package=$1
installed=`equery -C -N list -e -i $1 | grep $1 | grep "^\[I"`
[ -n "$installed" ]
}
function is_package_installed()
{
local usechange="no"
local uselist=""
package_is_emerged "$1"
installed=$?
if [ -n "$2" ] # Use flags parsed
then
for useflag in $2
do
uselist="$uselist +$useflag"
# If the use flag isn't currently set or wasn't enabled when installed we'll need to re-install it.
package_has_use_flag "$1" "$useflag" || usechange="yes"
done
flagedit $1 $uselist --nowarn
fi
[ $installed -eq 0 ] && [ "$usechange" == "no" ]
}
function install_progress()
{
SP_STRING="/-\\|"
packages=( $2 )
IP_STRING=`printf "1 of %d" "${#packages[@]}"`
loop_count=0
nowf=`date +'%b %d, %Y %H:%M'`
while [ -d /proc/$1 ] && [ -d /proc/$$ ]
do
printf "\e[1;37m\e7[ %1.1s %s ] \e8\e[0m" "$SP_STRING" "$IP_STRING"
sleep 0.2
if [ $loop_count -lt 8 ]
then
loop_count=$(($loop_count+1))
else
current=`sed -n "/Started emerge on: $nowf/,/G/p" /var/log/emerge.log | grep ">>> emerge" | tail -1 | grep -m 1 -o -P "\d+ of \d+"`
if [ -n "$current" ]
then
IP_STRING=$current
fi
loop_count=0
fi
SP_STRING=${SP_STRING#"${SP_STRING%?}"}${SP_STRING%?};
done
printf "%-15s" " "
}
function install_packages()
{
local package_list=$1
local title=$2
if [ -z "$title" ]
then
title="Installing packages"
fi
if [ -n "$package_list" ]
then
echo -e "The following packages are going to be emerged (not including dependencies):"
echo -e "$package_list"
echo -e ""
countdown "00:00:10" Continue in
echo -e ""
printf "%-40s" "$title"
(emerge $package_list >/dev/null 2>&1) &
pid=$!
install_progress $pid "$package_list"
wait $pid
status=$?
if [ $status -eq 0 ];
then
echo -e "\e[1;37m[ \e[0m\e[1;32mok\e[0m\e[1;37m ] \e[0m"
else
echo -e "\e[1;37m[ \e[0m\e[1;31mfailed\e[0m\e[1;37m ] \e[0m"
echo -e "Failed installing the following packages:"
echo -e "$1"
exit 1
fi
else
echo -e "No packages to install!"
fi
}
function install_rcscripts()
{
if [ -n "$1" ]
then
for rc in $1
do
res=`rc-status default | grep "$1" | grep -v grep`
if [ -z "$res" ]
then
printf "\e[1;37m%-40s\e[0m" "Adding $rc to default runlevel"
start_spinner
rc-update add $rc default &> /dev/null
stop_spinner
echo -e "\e[1;37m[ \e[0m\e[1;32mdone\e[0m\e[1;37m ]\e[0m"
fi
done
fi
}
function enable_apache_module()
{
local apache_conffile='/etc/conf.d/apache2'
if [ -n "$1" ]
then
source $apache_conffile
if [ $(expr "$APACHE2_OPTS" : ".*$1.*") == "0" ]
then
APACHE2_OPTS="${APACHE2_OPTS} -D $1"
sed -i -e "s:APACHE2_OPTS=\".*\":APACHE2_OPTS=\"${APACHE2_OPTS}\":" $apache_conffile
fi
fi
}
function meta_mail()
{
local package_list=""
local add_maildrop=""
local remove_ssmtp="no"
local rc_scripts=""
local use_courier="no"
local use_dovecot="no"
local useflags_postfix="mysql"
local installed_postfix="no"
local installed_amavisd="no"
valid_input "Do you want to use dovecot or courier?" "dovecot/courier"
if [ "$Return_Val" = "dovecot" ]
then
use_dovecot="yes"
else
use_courier="yes"
fi
echo -e ""
printf "\e[1;37m%-40s\e[0m" "Building list of required mail packages"
start_spinner
if [ "$use_courier" == "yes" ]
then
is_package_installed "net-libs/courier-authlib" "mysql" || { package_list="$package_list net-libs/courier-authlib"; rc_scripts="$rc_scripts courier-authlib"; }
is_package_installed "net-mail/courier-imap" "fam" || { package_list="$package_list net-mail/courier-imap"; rc_scripts="$rc_scripts courier-imapd courier-imapd-ssl courier-pop3d courier-pop3d-ssl"; }
is_package_installed "mail-filter/maildrop" || add_maildrop="yes" # Avoid file collision warnings from emerge
is_package_installed "dev-libs/cyrus-sasl" "mysql" || { package_list="$package_list dev-libs/cyrus-sasl"; rc_scripts="$rc_scripts saslauthd"; }
useflags_postfix="$useflags_postfix sasl"
fi
if [ "$use_dovecot" == "yes" ]
then
is_package_installed "net-mail/dovecot" "sieve managesieve maildir" || { package_list="$package_list net-mail/dovecot"; rc_scripts="$rc_scripts dovecot"; }
useflags_postfix="$useflags_postfix dovecot-sasl"
fi
if ! is_package_installed "mail-mta/postfix" "$useflags_postfix"
then
is_package_installed "mail-mta/ssmtp" && local remove_ssmtp="yes"; # Ssmtp blocks postfix and is installed by default.
package_list="$package_list mail-mta/postfix"
rc_scripts="$rc_scripts postfix"
package_is_emerged "mail-mta/postfix" # USE flag difference will result in re-installing. If we are installing for the first time do some things later.
installed=$?
if [ $installed -eq 1 ]
then
installed_postfix="yes"
fi
fi
is_package_installed "net-mail/getmail" || package_list="$package_list net-mail/getmail"
if ! is_package_installed "mail-filter/amavisd-new" "mysql razor spamassassin"
then
package_list="$package_list mail-filter/amavisd-new"
rc_scripts="$rc_scripts amavisd"
package_is_emerged "mail-filter/amavisd-new" # USE flag difference will result in re-installing. If we are installing for the first time do some things later.
installed=$?
if [ $installed -eq 1 ]
then
installed_amavisd="yes"
fi
fi
is_package_installed "app-antivirus/clamav" || { package_list="$package_list app-antivirus/clamav"; rc_scripts="$rc_scripts clamd"; }
is_package_installed "dev-perl/Authen-SASL" || package_list="$package_list dev-perl/Authen-SASL"
is_package_installed "dev-perl/perl-ldap" || package_list="$package_list dev-perl/perl-ldap"
stop_spinner
echo -e "\e[1;37m[ \e[0m\e[1;32mdone\e[0m\e[1;37m ]\e[0m"
if [ "$remove_ssmtp" == "yes" ]
then
exec_command "emerge --unmerge mail-mta/ssmtp" "Removing ssmtp to install postfix"
fi
install_packages "$package_list" "Installing mail packages"
if [ -n "$add_maildrop" ]
then
exec_command "COLLISION_IGNORE=\"/usr\" emerge mail-filter/maildrop" "Installing maildrop"
fi
if [ "$installed_postfix" == "yes" ] && [ ! -d '/etc/mail/aliases.db' ]
then
postmap /etc/mail/aliases 2> /dev/null
fi
if [ "$installed_amavisd" == "yes" ]
then
if [ -e '/usr/share/spamassassin/sa-update-pubkey.txt' ]
then
sa-update --import /usr/share/spamassassin/sa-update-pubkey.txt
fi
sa-update
fi
install_rcscripts "$rc_scripts"
}
function meta_web()
{
local package_list=""
local fix_jailkit="no"
local linguas_add="no"
local webmail_add="no"
local rc_scripts=""
local installed_fcgid="no"
if ! is_package_installed "dev-vcs/subversion"
then
flagedit dev-vcs/subversion -apache2 --nowarn
fi
is_package_installed "app-portage/layman" "subversion" || exec_command "emerge app-portage/layman" "Installing layman";
# Check if sunrise overlay has been enabled
if [ -z "$(layman -l | grep sunrise)" ]
then
layman -q -S > /dev/null
exec_command "layman -a sunrise" "Adding/syncing package overlay"
fi
if [ -z "$(grep 'var/lib/layman' /etc/make.conf)" ]
then
echo "source /var/lib/layman/make.conf" >> /etc/make.conf
fi
echo -e ""
printf "\e[1;37m%-40s\e[0m" "Building list of required web packages"
start_spinner
# Check profile and ensure the apache modules ISPConfig needs are enabled.
source /etc/make.conf
if [ -z "${APACHE2_MODULES+xxx}" ] # Not set, fetch defaults
then
source /usr/portage/profiles/base/make.defaults
echo "APACHE2_MODULES=\"$APACHE2_MODULES\"" >> /etc/make.conf
source /etc/make.conf
fi
local added_module='no'
for module in rewrite dav dav_fs auth_digest
do
if [ $(expr "$APACHE2_MODULES" : ".*$module.*") == "0" ]
then
APACHE2_MODULES="${APACHE2_MODULES} $module"
added_module='yes'
fi
done
if [ "$added_module" == "yes" ]
then
sed -i -e "s:APACHE2_MODULES=\".*\":APACHE2_MODULES=\"${APACHE2_MODULES}\":" /etc/make.conf
fi
local added_worker='no'
if [ -z "${APACHE2_MPMS+xxx}" ] # Not set, fetch defaults
then
echo 'APACHE2_MPMS="prefork"' >> /etc/make.conf
added_worker='yes'
else
if [ $(expr "$APACHE2_MPMS" : '.*prefork.*') == "0" ]
then
APACHE2_MPMS="${APACHE2_MPMS} prefork"
sed -i -e "s:APACHE2_MPMS=\".*\":APACHE2_MPMS=\"${APACHE2_MPMS}\":" /etc/make.conf
added_worker='yes'
fi
fi
if is_package_installed "www-servers/apache" "ssl suexec doc" || "$added_module" == "yes" || "$added_worker" == "yes"
then
package_list="$package_list www-servers/apache"
rc_scripts="$rc_scripts apache2"
fi
if ! is_package_installed "www-apache/mod_fcgid"
then
installed_fcgid="yes"
package_list="$package_list www-apache/mod_fcgid"
fi
if ! is_package_installed "app-admin/webalizer" "vhosts apache2"
then
is_package_installed "media-libs/gd" "jpeg png" || package_list="$package_list media-libs/gd"
if package_has_use_flag "app-admin/webalizer" "nls"
then
source /etc/make.conf
if [ -z "${LINGUAS}" ]
then
linguas_add="yes"
fi
fi
package_list="$package_list app-admin/webalizer"
fi
is_package_installed "www-misc/awstats" "vhosts apache2" || package_list="$package_list www-misc/awstats"
if ! is_package_installed "app-admin/vlogger" "dbi"
then
# Check if package is masked
if [ -n "$(equery -C -N list -I -o -e app-admin/vlogger | grep app-admin/vlogger | awk '{print $2}' | grep '^\[M')" ]
then
flagedit app-admin/vlogger -- +~amd64 +~x86 > /dev/null
fi
package_list="$package_list app-admin/vlogger"
fi
is_package_installed "app-crypt/mcrypt" || package_list="$package_list app-crypt/mcrypt"
is_package_installed "dev-lang/php" "apache2 gd mysql mysqli imap cli cgi pcre xml zlib crypt ctype session unicode mhash ftp soap" || package_list="$package_list dev-lang/php"
if ! is_package_installed "www-apache/mod_suphp"
then
# Check if package is masked
if [ -n "$(equery -C -N list -I -p -e www-apache/mod_suphp | grep www-apache/mod_suphp | awk '{print $2}' | grep '^\[M')" ]
then
flagedit www-apache/mod_suphp -- +~amd64 +~x86 > /dev/null
fi
package_list="$package_list www-apache/mod_suphp"
fi
is_package_installed "www-apache/mod_ruby" || package_list="$package_list www-apache/mod_ruby"
is_package_installed "media-gfx/imagemagick" "jpeg png tiff" || package_list="$package_list media-gfx/imagemagick"
is_package_installed "dev-php/PEAR-PEAR" || package_list="$package_list dev-php/PEAR-PEAR"
is_package_installed "dev-php/PEAR-Auth" || package_list="$package_list dev-php/PEAR-Auth"
is_package_installed "dev-php5/pecl-imagick" || package_list="$package_list dev-php5/pecl-imagick"
is_package_installed "sys-auth/pam_mysql" || package_list="$package_list sys-auth/pam_mysql"
is_package_installed "app-admin/sudo" || package_list="$package_list app-admin/sudo"
is_package_installed "app-arch/zip" || package_list="$package_list app-arch/zip"
if ! is_package_installed "app-admin/jailkit"
then
# Check if package is masked
if [ -n "$(equery -C -N list -I -o -e app-admin/jailkit | grep app-admin/jailkit | awk '{print $2}' | grep '^\[M')" ]
then
flagedit app-admin/jailkit -- +~amd64 +~x86 > /dev/null
fi
# The ebuild for jailkit 2.3 has a nasty bug that breaks the login shell. Check for version and
# apply the fix if necessary.
if [ "$(emerge -pv app-admin/jailkit | grep -o -P '(?<=jailkit-)[\d-.rp_]+')" == "2.3" ]
then
fix_jailkit="yes"
cp /etc/shells /etc/shells~
fi
package_list="$package_list app-admin/jailkit"
fi
#if [ "$install_mail" == "yes" ] && ! is_package_installed "mail-client/squirrelmail" "vhosts"
#then
# if ! is_package_installed "app-admin/webapp-config"
# then
# package_list="$package_list app-admin/webapp-config"
# fi
# webmail_add="yes"
# package_list="$package_list mail-client/squirrelmail"
#fi
stop_spinner
echo -e "\e[1;37m[ \e[0m\e[1;32mdone\e[0m\e[1;37m ]\e[0m"
if [ "$linguas_add" == "yes" ]
then
echo -e ""
echo -e "The nls use flag is enabled for webalizer and no locale preference is set in make.conf. If "
echo -e "not set webalizer will fail to install."
echo -e ""
accept_locales=`find /usr/share/locale/ -maxdepth 1 -type d -exec basename '{}' \; | grep -v "locale" | sort | tr "\n" "/" | sed -e 's,\(.\)/$,\1,'`
valid_input "Set locale value for gettext-based programs to: " "$accept_locales" "en"
echo "LINGUAS=\"$Return_Val\"" >> /etc/make.conf
echo -e ""
fi
install_packages "$package_list" "Installing web packages"
if [ $? -eq 0 ] && [ "$fix_jailkit" == "yes" ] && [ -z "$(grep 'jk_chrootsh' /etc/shells)" ]
then
cp /etc/shells /etc/shells.jailkit-v2.3
cp /etc/shells~ /etc/shells
echo "/usr/sbin/jk_chrootsh" >> /etc/shells
fi
for config_module in SUEXEC FCGID AUTH_DIGEST DAV DAV_FS RUBY
do
enable_apache_module "$config_module"
done
#if [ "$webmail_add" == "yes" ]
#then
# exec_command "webapp-config -I -h localhost -u apache -d /webmail squirrelmail $(ls -r /usr/share/webapps/squirrelmail/ | awk '{print $1}')" "Adding squirrelmail to localhost"
#fi
install_rcscripts "$rc_scripts"
}
function meta_ftp()
{
local package_list=""
local rc_scripts=""
echo -e ""
printf "\e[1;37m%-40s\e[0m" "Building list of required ftp packages"
start_spinner
is_package_installed "net-ftp/pure-ftpd" "mysql" || { package_list="$package_list net-ftp/pure-ftpd"; rc_scripts="$rc_scripts pure-ftpd"; }
is_package_installed "sys-fs/quota" || package_list="$package_list sys-fs/quota";
if ! is_package_installed "sys-fs/quotatool"
then
# Check if package is masked
if [ -n "$(equery -C -N list -I -p -e sys-fs/quotatool | grep sys-fs/quotatool | awk '{print $2}' | grep '^\[M')" ]
then
flagedit sys-fs/quotatool -- +~amd64 +~x86 > /dev/null
fi
package_list="$package_list sys-fs/quotatool"
fi
stop_spinner
echo -e "\e[1;37m[ \e[0m\e[1;32mdone\e[0m\e[1;37m ]\e[0m"
if [ $(expr "$package_list" : '.*sys-fs/quota.*') -ne 0 ]
then
echo -e ""
echo -e "\e[1;33mNotice:\e[0m Don't forget to edit your fstab file and add the usrquota & grpquota options to your data partition."
echo -e ""
sleep 2
fi
install_packages "$package_list" "Installing ftp packages"
install_rcscripts "$rc_scripts"
}
function meta_dns()
{
local package_list=""
local use_bind="no"
local use_pdns="no"
valid_input "Do you want to use bind or powerdns?" "bind/powerdns"
if [ "$Return_Val" = "bind" ]
then
use_bind="yes"
else
use_pdns="yes"
fi
echo -e ""
printf "\e[1;37m%-40s\e[0m" "Building list of required dns packages"
start_spinner
if [ "$use_bind" == "yes" ]
then
is_package_installed "net-dns/bind" "mysql dlz" || { package_list="$package_list net-dns/bind"; rc_scripts="$rc_scripts named"; }
fi
if [ "$use_pdns" == "yes" ]
then
is_package_installed "net-dns/pdns" "mysql" || package_list="$package_list net-dns/pdns";
fi
stop_spinner
echo -e "\e[1;37m[ \e[0m\e[1;32mdone\e[0m\e[1;37m ]\e[0m"
install_packages "$package_list" "Installing dns packages"
install_rcscripts "$rc_scripts"
}
function meta_all()
{
meta_mail
meta_web
meta_ftp
meta_dns
}
case $1 in
"--version"|"-h"|"--help")
echo -e "Gentoo Linux ISPConfig setup script"
echo -e "Version $version"
echo -e ""
echo -e "No arguments needed, simply execute the script."
exit 0
;;
*)
;;
esac
clear
echo -e "\e[1;33mGentoo Linux ISPConfig setup script v$version\e[0m"
echo -e "\e[1;32m========================================\e[0m"
echo -e ""
if [ -e "/etc/gentoo-release" ]
then
BASELAYOUT_VERSION=$(cat /etc/gentoo-release | sed "s/[^0-9.]//g")
package_is_emerged "sys-apps/baselayout-$BASELAYOUT_VERSION"
installed=$?
if [ "$installed" != "0" ]
then
echo -e ""
echo "This script is exclusively for use with a Gentoo Linux system."
exit 10
fi
else
echo -e ""
echo "This script is exclusively for use with a Gentoo Linux system."
exit 10
fi
sleep 0.5
valid_input "Would you like to sync portage now?"
if [ "$Return_Val" = "yes" ]
then
exec_command "emerge --sync --quiet" "Updating portage tree"
fi
# Get all the programs we need to do portage queries etc.
echo -en "\e[1;37mChecking for required packages\e[0m\n"
# Verify if gentoolkit has been emerged and install if not
which equery &> /dev/null
if [ $? -ne 0 ]
then
exec_command "emerge app-portage/gentoolkit" "Installing gentoolkit"
fi
which flagedit &> /dev/null
if [ $? -ne 0 ]
then
exec_command "emerge app-portage/flagedit" "Installing flagedit"
fi
if ! is_package_installed "app-admin/rsyslog"
then
printf "\e[1;37m%-40s\e[0m" "Checking for installed system loggers"
start_spinner
loggers=( syslog-ng metalog sysklogd )
clogger=""
rsyslog_install="yes"
for logger in $loggers
do
if is_package_installed "app-admin/$logger" && [ -n "$(rc-config list default | grep $logger)" ]
then
clogger=$logger
break
fi
done
stop_spinner
echo -e "\e[1;37m[ \e[0m\e[1;32mdone\e[0m\e[1;37m ]\e[0m"
if [ "$clogger" != "" ]
then
echo -e ""
echo -e "$clogger appears to be installed on your system."
echo -e "To use the log monitoring features in ISPConfig"
echo -e "the log facilities need to be configured to certain"
echo -e "paths. Currently the default rsyslog file is used."
echo -e ""
valid_input "Would you like to replace $clogger with rsyslog?"
if [ "$Return_Val" = "yes" ]
then
echo -e ""
exec_command "/etc/init.d/$clogger stop" "Stopping $clogger"
exec_command "rc-update del $clogger default" "Remove $clogger from default runlevel"
else
rsyslog_install="no"
fi
fi
if [ "$rsyslog_install" == "yes" ]
then
exec_command "emerge app-admin/rsyslog" "Installing rsyslog"
exec_command "/etc/init.d/rsyslog start" "Starting rsyslog"
exec_command "rc-update add rsyslog default" "Add rsyslog to default runlevel"
fi
echo -e ""
fi
if ! is_package_installed "dev-db/mysql" "extraengine big-tables"
then
package_is_emerged "dev-db/mysql"
installed=$?
exec_command "emerge dev-db/mysql" "Installing MySql"
if [ $installed -eq 1 ]
then
echo -e ""
echo -e "\e[1;33mNotice:\e[0m Don't forget to set the mysql root password with: /usr/bin/mysqladmin -u root password 'new-password'."
echo -e ""
fi
fi
if [ ! -d '/var/lib/mysql/mysql' ]
then
exec_command "mysql_install_db" "Set-up mysql grant tables"
fi
install_rcscripts "mysql"
mysql_started=`eselect rc show | grep mysql | grep started | grep -v grep`
if [ -z "$mysql_started" ]
then
exec_command "/etc/init.d/mysql start" "Starting MySQL service"
fi
which vim &> /dev/null
if [ $? -ne 0 ]
then
exec_command "emerge app-editors/vim" "Installing vim"
fi
is_package_installed "sys-devel/binutils" || exec_command "emerge sys-devel/binutils" "Installing binutils";
is_package_installed "app-forensics/rkhunter" || exec_command "emerge app-forensics/rkhunter" "Installing rkhunter";
is_package_installed "net-analyzer/fail2ban" || exec_command "emerge net-analyzer/fail2ban" "Installing fail2ban";
echo -e ""
# Service based packages
echo -en "\e[1;37mService based packages\e[0m\n"
valid_input "Install all packages or select targeted services?" "all/targeted"
if [ "$Return_Val" = "all" ]
then
install_mail="yes"
install_web="yes"
install_ftp="yes"
install_dns="yes"
meta_all
else
valid_input "Install mail related packages?"
install_mail=$Return_Val
if [ "$install_mail" = "yes" ]
then
meta_mail
fi
echo -e ""
echo -e "\e[1;33mNotice:\e[0m If this server is going to run the ISPConfig interface, say 'yes' to web related packages."
echo -e ""
valid_input "Install web related packages?"
install_web=$Return_Val
if [ "$install_web" = "yes" ]
then
meta_web
fi
echo -e ""
valid_input "Install ftp related packages?"
install_ftp=$Return_Val
if [ "$install_ftp" = "yes" ]
then
meta_ftp
fi
echo -e ""
valid_input "Install dns related packages?"
install_dns=$Return_Val
if [ "$install_dns" = "yes" ]
then
meta_dns
fi
fi
if [ "$install_web" = "no" ] && ! is_package_installed "dev-lang/php" "-apache2 gd mysql mysqli imap cli cgi pcre xml zlib crypt ctype session unicode mhash ftp"
then
exec_command "emerge dev-lang/php" "Installing PHP"
fi
echo -e ""
echo -e "\e[1;33mSetup script completed\e[0m"
echo -e "\e[1;32m========================================\e[0m"
echo -e ""
valid_input "Do you want to start the ISPConfig installer?"
if [ "$Return_Val" = "yes" ]
then
clear
php -q ../install/install.php
fi
exit $?
helper_scripts/import_dkim.php 0 → 100644
View file @ 6e2f910e
<?php
/**
Copyright (c) 2015, Florian Schaal, schaal @it
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of ISPConfig nor the names of its contributors
may be used to endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/* define your settings here */
$username = 'admin';
$password = 'admin';
$soap_location = 'http://192.168.0.105:8080/remote/index.php';
$soap_uri = 'http://192.168.0.105:8080/remote/';
/* stop editing */
error_reporting(E_ALL^ E_WARNING);
exec('which amavisd-new 2> /dev/null', $tmp_output, $tmp_retval);
if ($tmp_retval != 0) {
exec('which amavisd 2> /dev/null', $tmp_output, $tmp_retval);
if ($tmp_retval == 0) $amavis = $tmp_output[0];
} else $amavis = $tmp_output[0];
if (!isset($amavis)) die ("amavisd not found");
echo "Importing dkim-settings from amavis.\n\nTo import the settings even when the public-key is not available, use ".$argv[0]." --force\nNOTE: In force-mode dkim will be set to 'no' if no public-key was found.\n\n";
if ( isset($argv) && isset ($argv[1]) && $argv[1] == '--force' ) $force = true; else $force = false;
$client = new SoapClient(null, array('location' => $soap_location,
'uri' => $soap_uri,
'trace' => 1,
'exceptions' => 1));
exec($amavis.' showkeys', $tmp_output, $tmp_retval);
foreach ( $tmp_output as $line ) {
//* get domain and private key-file
if ( preg_match('#^; key#', $line) ) {
$line_array = explode(' ', $line);
if ( $line_array[2] = 'domain' ) {
$domain = rtrim($line_array[3], ',');
$private_keyfile = $line_array[4];
//* get the public-key from private-key
unset($public_key);
unset($pubkey);
unset($private_key);
$private_key = file_get_contents($private_keyfile);
if ( isset($private_key) && !empty($private_key)) {
exec('echo '.escapeshellarg($private_key).'|openssl rsa -pubout -outform PEM 2> /dev/null',$pubkey,$result);
$public_key='';
foreach($pubkey as $values) $public_key=$public_key.$values."\n";
}
}
}
//* get selector
if ( isset($domain) ) {
if ( preg_match('/_domainkey.'.$domain.'.* TXT \(/', $line) ) {
$line_array = explode(' ', $line);
$selector = substr ( $line_array[0], 0, strpos($line_array[0], '.') );
}
}
if ( isset($domain) && isset($selector) && isset($private_keyfile) && isset($public_key) ) {
try {
if ( !$session_id = $client->login($username, $password) ) {
echo 'SOAP-ERROR: Cant login';
}
echo "\nprocessing ".$domain."...\n";
$record = $client->mail_domain_get_by_domain($session_id, $domain);
if ( !empty($record) ) {
$record = $record[0];
echo " OK: domain exists in the database\n";
//* check if the public-key is available
exec($amavis.' testkeys '.escapeshellarg($domain).'', $test_output, $test_retval);
$pub_key = false;
if ( preg_match('/^TESTING.*'.$selector.'._domainkey.'.$domain.'.*pass/',$test_output[0]) ) $pub_key = true;
$client_id = $client->client_get_id($session_id, $record['sys_userid']);
unset($test_output);
if ( $pub_key ) {
$record['dkim_selector'] = $selector;
$record['dkim'] = 'y';
if ( preg_match("/(^-----BEGIN PUBLIC KEY-----)[a-zA-Z0-9\r\n\/\+=]{1,221}(-----END PUBLIC KEY-----(\n|\r)?$)/", $record['dkim_public'] ) ) {
$record['dkim_public'] = $public_key;
echo " OK: public key\n";
} else {
$record['dkim_public'] = '';
$record['dkim'] = 'n';
echo " ERROR: public key invalid\n disable dkim for ".$domain."\n";
}
if ( preg_match("/(^-----BEGIN RSA PRIVATE KEY-----)[a-zA-Z0-9\r\n\/\+=]{1,850}(-----END RSA PRIVATE KEY-----(\n|\r)?$)/", $private_key) ) {
$record['dkim_private'] = $private_key;
echo " OK: private key\n";
} else {
$record['dkim_private'] = '';
$record['dkim'] = 'n';
echo " ERROR: private key invalid\n disable dkim for ".$domain."\n";
}
$client->mail_domain_update($session_id, $client_id, $record['domain_id'], $record);
echo " OK: updating database\n";
} else {
echo " ERROR: no public-key available - skipping ".$domain."\n";
}
} else {
echo " ERROR: domain not in the database - skipping ".$domain."\n";
}
$client->logout($session_id);
} catch (SoapFault $e) {
echo $client->__getLastResponse();
die('SOAP Error: '.$e->getMessage());
}
unset($domain);
unset($selector);
}
}
?>
helper_scripts/import_dkim.txt 0 → 100644
View file @ 6e2f910e
This scripts stores all dkim-keys from the amavis-config to the ispconfig-database
Create a remote-user with at least rights for mail_domain and clients and adjust the settings for
$username = 'admin';
$password = 'admin';
$soap_location = 'http://192.168.0.105:8080/remote/index.php';
$soap_uri = 'http://192.168.0.105:8080/remote/';
in import_dkim.php
helper_scripts/import_langfile.php 0 → 100644
View file @ 6e2f910e
<?php
/*
Copyright (c) 2007-2016, Till Brehm, projektfarm Gmbh
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of ISPConfig nor the names of its contributors
may be used to endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
require "/usr/local/ispconfig/interface/lib/config.inc.php";
require "/usr/local/ispconfig/interface/lib/app.inc.php";
set_time_limit(0);
ini_set('error_reporting', E_ALL & ~E_NOTICE);
//** Get commandline options
$cmd_opt = getopt('', array('lng:','isppath::'));
if(isset($cmd_opt['lng']) && is_file($cmd_opt['lng'])) {
// Language file that shall be imported
$lang_file = $cmd_opt['lng'];
} else {
die('Usage example: php import_langfile.php --lng=de.lng --isppath=/usr/local/ispconfig'."\n");
}
if(isset($cmd_opt['isppath']) && is_dir($cmd_opt['isppath'])) {
$ispconfig_path = $cmd_opt['isppath'];
} else {
$ispconfig_path = '/usr/local/ispconfig';
}
function normalize_string($string, $quote, $allow_special = false) {
$escaped = false;
$in_string = true;
$new_string = '';
for($c = 0; $c < mb_strlen($string); $c++) {
$char = mb_substr($string, $c, 1);
if($in_string === true && $escaped === false && $char === $quote) {
// this marks a string end (e.g. for concatenation)
$in_string = false;
continue;
} elseif($in_string === false) {
if($escaped === false && $char === $quote) {
$in_string = true;
continue;
} else {
continue; // we strip everything from outside the string!
}
}
if($char === '"' && $escaped === true && $quote === '"') {
// unescape this
$new_string .= $char;
$escaped = false;
continue;
} elseif($char === "'" && $escaped === false && $quote === '"') {
// escape this
$new_string .= '\\' . $char;
continue;
}
if($escaped === true) {
// the next character is the escaped one.
if($allow_special === true && ($char === 'n' || $char === 'r' || $char === 't')) {
$new_string .= '\' . "\\' . $char . '" . \'';
} else {
$new_string .= '\\' . $char;
}
$escaped = false;
} else {
if($char === '\\') {
$escaped = true;
} else {
$new_string .= $char;
}
}
}
return $new_string;
}
function validate_line($line) {
$line = trim($line);
if($line === '' || $line === '<?php' || $line === '?>') return $line; // don't treat empty lines as malicious
$ok = preg_match('/^\s*\$wb\[(["\'])(.*?)\\1\]\s*=\s*(["\'])(.*?)\\3\s*;\s*$/', $line, $matches);
if(!$ok) return false; // this line has invalid form and could lead to malfunction
$keyquote = $matches[1]; // ' or "
$key = $matches[2];
if(strpos($key, '"') !== false || strpos($key, "'") !== false) return false;
$textquote = $matches[3]; // ' or "
$text = $matches[4];
$new_line = '$wb[\'';
// validate the language key
$key = normalize_string($key, $keyquote);
$new_line .= $key . '\'] = \'';
// validate this text to avoid code injection
$text = normalize_string($text, $textquote, true);
$new_line .= $text . '\';';
return $new_line;
}
$lines = file($lang_file);
define('ISPC_ROOT_PATH', $ispconfig_path.'/interface');
define('ISPC_LIB_PATH', ISPC_ROOT_PATH.'/lib');
define('ISPC_WEB_PATH', ISPC_ROOT_PATH.'/web');
// initial check
$parts = explode('|', $lines[0]);
if($parts[0] == '---' && $parts[1] == 'ISPConfig Language File') {
unset($lines[0]);
$buffer = '';
$langfile_path = '';
// all other lines
$ln = 1;
foreach($lines as $line) {
$ln++;
$parts = explode('|', $line);
if(is_array($parts) && count($parts) > 0 && $parts[0] == '--') {
// Write language file, if its not the first file
if($buffer != '' && $langfile_path != '') {
$buffer = trim($buffer)."\n";
$msg .= "File written: $langfile_path\n";
file_put_contents($langfile_path, $buffer);
}
// empty buffer and set variables
$buffer = '';
$module_name = trim($parts[1]);
$selected_language = trim($parts[2]);
$file_name = trim($parts[3]);
if(!preg_match("/^[a-z]{2}$/i", $selected_language)) die("unallowed characters in selected language name: $selected_language");
if(!preg_match("/^[a-z_]+$/i", $module_name)) die('unallowed characters in module name.');
if(!preg_match("/^[a-z\._\-]+$/i", $file_name) || stristr($file_name, '..')) die("unallowed characters in language file name: '$file_name'");
if($module_name == 'global') {
$langfile_path = trim(ISPC_LIB_PATH."/lang/".$selected_language.".lng");
} else {
$langfile_path = trim(ISPC_WEB_PATH.'/'.$module_name.'/lib/lang/'.$file_name);
}
} elseif(is_array($parts) && count($parts) > 1 && $parts[0] == '---' && $parts[1] == 'EOF') {
// EOF line, ignore it.
} else {
$line = validate_line($line);
if($line === false) $error .= "Language file contains invalid language entry on line $ln.\n";
else $buffer .= $line."\n";
}
}
}
echo $error;
echo $msg;
die("finished import.\n");
?>
helper_scripts/multifile_add 0 → 100755
View file @ 6e2f910e
#!/bin/bash
# Adding a new translation string to the files for all languages.
# If you already added the string to your current language, be sure to deduplicate.
new=$(cat << 'EOD'
$wb['foo_txt'] = 'Some translation';
EOD
)
if [ -z "$1" ]; then
echo "Usage: $0 <files>"
exit 1
fi
for f in $*; do
# Preserve a php close tag as the last line.
close='?>'
if [ "$(tail -n 1 $f)" == "$close" ]; then
(
head -n -1 $f;
echo "$new";
echo "?>";
) > ${f}.new
mv ${f}.new $f
else
echo "$new" >> $f
fi
done
helper_scripts/mydns_to_powerdns_migration.php 0 → 100644
View file @ 6e2f910e
<?php
$host="localhost";
$user="root";
$password="MYSQL-ROOT-PASSWD";
mysql_connect($host, $user, $password) or die(mysql_error());
mysql_select_db("dbispconfig");
$sql1 = mysql_query("SELECT id, substr(origin,1, LENGTH(origin)-1) AS origin, substr(ns,1, LENGTH(ns)-1) AS ns, substr(mbox,1, LENGTH(mbox)-1) AS mbox,ttl FROM dns_soa order by id asc;");
mysql_select_db("powerdns");
while($row1 = mysql_fetch_array($sql1))
{
mysql_query("INSERT INTO domains (id,name,type,ispconfig_id) values ('$row1[id]','$row1[origin]','NATIVE','$row1[id]');");
mysql_query("INSERT INTO records (domain_id,name,content,ispconfig_id,type,ttl,prio,change_date) values ('$row1[id]','$row1[origin]','$row1[ns] $row1[mbox] 0','$row1[id]','SOA','$row1[ttl]','0','1260446221');");
}
mysql_select_db("dbispconfig");
$sql2 = mysql_query("SELECT id,zone,name,data,aux,ttl,type FROM dns_rr order by id asc;");
mysql_select_db("powerdns");
while($row2 = mysql_fetch_array($sql2))
{
if (strlen($row2['name']))
{
$file1=substr($row2['data'], -1);
if ($file1==".")
{
$text = $row2['data'];
$laenge = strlen($row2['data'])-1;
$file2 = substr($text, 0, strlen($text)-1);
}
else
{
$file2=$row2['data'];
}
//
// Fix for 'domain.ext.' apex notation
//
$record_name_end=substr($row2['name'], -1);
if ($record_name_end==".")
{
// remove trailing dot from apex
$record_name = substr($row2['name'], 0, strlen($row2['name'])-1);
}
else
{
// add domain to make it a fqdn
$record_name = $row2['name'] . "." . $row3['origin'];
}
print "$row2[name].$row3[origin]" . " $record_name\r\n";
mysql_select_db("dbispconfig");
$sql3 = mysql_query("SELECT substr(origin,1, LENGTH(origin)-1) AS origin FROM dns_soa where id=$row2[zone];");
$row3 = mysql_fetch_array($sql3);
mysql_select_db("powerdns");
mysql_query("INSERT INTO records (domain_id,name,content,ispconfig_id,type,ttl,prio,change_date) values ('$row2[zone]','$record_name','$file2','$row2[id]','$row2[type]','$row2[ttl]','$row2[aux]','1260446221');");
}
else
{
$file1=substr($row2['data'], -1);
if ($file1==".")
{
$text = $row2['data'];
$laenge = strlen($row2['data'])-1;
$file2 = substr($text, 0, strlen($text)-1);
}
else
{
$file2=$row2['data'];
}
mysql_select_db("dbispconfig");
$sql3 = mysql_query("SELECT substr(origin,1, LENGTH(origin)-1) AS origin FROM dns_soa where id=$row2[zone];");
$row3 = mysql_fetch_array($sql3);
mysql_select_db("powerdns");
mysql_query("INSERT INTO records (domain_id,name,content,ispconfig_id,type,ttl,prio,change_date) values ('$row2[zone]','$row3[origin]','$file2','$row2[id]','$row2[type]','$row2[ttl]','$row2[aux]','1260446221');");
}
}
mysql_select_db("powerdns");
$sql4 = mysql_query("SELECT records.id,records.content,records.type,domains.name FROM records,domains where records.domain_id=domains.id and records.content NOT LIKE '%.%' and (records.type='CNAME' or records.type='NS' or records.type='MX') order by domain_id asc;");
while($row4 = mysql_fetch_array($sql4))
{
mysql_query("UPDATE records SET content = '$row4[content].$row4[name]' where id='$row4[id]';");
}
?>