From c83951c5710f482bcced81084b17c12768ac996f Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Thu, 7 May 2015 10:11:24 +0200
Subject: [PATCH] Set stronger permission settings on amavis configuration
 files.

---
 install/dist/lib/centos52.lib.php  |  1 +
 install/dist/lib/centos53.lib.php  |  1 +
 install/dist/lib/centos70.lib.php  |  1 +
 install/dist/lib/fedora.lib.php    |  8 +++++++-
 install/dist/lib/gentoo.lib.php    |  8 +++++++-
 install/dist/lib/opensuse.lib.php  |  8 +++++++-
 install/lib/installer_base.lib.php | 10 +++++++++-
 7 files changed, 33 insertions(+), 4 deletions(-)

diff --git a/install/dist/lib/centos52.lib.php b/install/dist/lib/centos52.lib.php
index 7d9b78caa..911152804 100644
--- a/install/dist/lib/centos52.lib.php
+++ b/install/dist/lib/centos52.lib.php
@@ -123,6 +123,7 @@ class installer extends installer_dist {
 		$content = str_replace('{hostname}', $conf['hostname'], $content);
 		$content = str_replace('/var/spool/amavisd/clamd.sock', '/tmp/clamd.socket', $content);
 		wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
+		chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
 
 
 		// Adding the amavisd commands to the postfix configuration
diff --git a/install/dist/lib/centos53.lib.php b/install/dist/lib/centos53.lib.php
index c7e11e50a..0ac99f266 100644
--- a/install/dist/lib/centos53.lib.php
+++ b/install/dist/lib/centos53.lib.php
@@ -124,6 +124,7 @@ class installer extends installer_dist {
 		$content = str_replace('{hostname}', $conf['hostname'], $content);
 		$content = str_replace('/var/spool/amavisd/clamd.sock', '/var/run/clamav/clamd.sock', $content);
 		wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
+		chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
 
 
 		// Adding the amavisd commands to the postfix configuration
diff --git a/install/dist/lib/centos70.lib.php b/install/dist/lib/centos70.lib.php
index 682833b70..9cee55ff2 100644
--- a/install/dist/lib/centos70.lib.php
+++ b/install/dist/lib/centos70.lib.php
@@ -124,6 +124,7 @@ class installer extends installer_dist {
 		$content = str_replace('{hostname}', $conf['hostname'], $content);
 		$content = str_replace('/var/spool/amavisd/clamd.sock', '/var/run/clamav/clamd.sock', $content);
 		wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
+		chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
 
 
 		// Adding the amavisd commands to the postfix configuration
diff --git a/install/dist/lib/fedora.lib.php b/install/dist/lib/fedora.lib.php
index 7b3fd6e25..636a7824e 100644
--- a/install/dist/lib/fedora.lib.php
+++ b/install/dist/lib/fedora.lib.php
@@ -522,6 +522,7 @@ class installer_dist extends installer_base {
 		$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
 		$content = str_replace('{hostname}', $conf['hostname'], $content);
 		wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
+		chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
 
 
 		// Adding the amavisd commands to the postfix configuration
@@ -1326,7 +1327,12 @@ class installer_dist extends installer_base {
 		
 		// Add symlink for patch tool
 		if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');
-
+		
+		// Change mode of a few files from amavisd
+		if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
+		if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
+		if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
+		if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400);
 	}
 }
 
diff --git a/install/dist/lib/gentoo.lib.php b/install/dist/lib/gentoo.lib.php
index d8c3f3818..2e1400628 100644
--- a/install/dist/lib/gentoo.lib.php
+++ b/install/dist/lib/gentoo.lib.php
@@ -1189,7 +1189,13 @@ class installer extends installer_base
 		
 		// Add symlink for patch tool
 		if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');
-
+		
+		// Change mode of a few files from amavisd
+		if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
+		if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
+		if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
+		if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400);
+		
 	}
 
 }
diff --git a/install/dist/lib/opensuse.lib.php b/install/dist/lib/opensuse.lib.php
index 55d48884a..4c9749eab 100644
--- a/install/dist/lib/opensuse.lib.php
+++ b/install/dist/lib/opensuse.lib.php
@@ -570,6 +570,7 @@ class installer_dist extends installer_base {
 		$content = str_replace('{mysql_server_port}', $conf["mysql"]["port"], $content);
 		$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
 		wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
+		chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
 
 
 		// Adding the amavisd commands to the postfix configuration
@@ -1399,7 +1400,12 @@ class installer_dist extends installer_base {
 		
 		// Add symlink for patch tool
 		if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');
-
+		
+		// Change mode of a few files from amavisd
+		if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
+		if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
+		if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
+		if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400);
 
 	}
 
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index 42c054474..b322f7179 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -1099,7 +1099,7 @@ class installer_base {
 		// amavisd user config file
 		$configfile = 'amavisd_user_config';
 		if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) copy($conf['amavis']['config_dir'].'/conf.d/50-user', $conf['amavis']['config_dir'].'/50-user~');
-		if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user~')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user~', 0400);
+		if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
 		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
 		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
 		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
@@ -1107,6 +1107,7 @@ class installer_base {
 		$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
 		$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
 		wf($conf['amavis']['config_dir'].'/conf.d/50-user', $content);
+		chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
 
 		// TODO: chmod and chown on the config file
 
@@ -2375,6 +2376,13 @@ Email Address []:
 		// Add symlink for patch tool
 		if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');
 		
+		// Change mode of a few files from amavisd
+		if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
+		if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
+		if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
+		if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400);
+		
+		
 	}
 
 	public function configure_dbserver() {
-- 
GitLab