gitlabFork/ISPConfig3.git - Solinfo Gitblit

Set stronger permission settings on amavis configuration files.

Till Brehm

2015-05-07 5538547761447df757fa42d68c0bf17e219a6a73

commit \| author \| age
0711af	1	<?php
T	2
	3	/*
436ed8	4	Copyright (c) 2007, Till Brehm, projektfarm Gmbh
0711af	5	All rights reserved.
T	6
	7	Redistribution and use in source and binary forms, with or without modification,
	8	are permitted provided that the following conditions are met:
	9
	10	* Redistributions of source code must retain the above copyright notice,
	11	this list of conditions and the following disclaimer.
	12	* Redistributions in binary form must reproduce the above copyright notice,
	13	this list of conditions and the following disclaimer in the documentation
	14	and/or other materials provided with the distribution.
	15	* Neither the name of ISPConfig nor the names of its contributors
	16	may be used to endorse or promote products derived from this software without
	17	specific prior written permission.
	18
	19	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
	20	ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	21	WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	22	IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
	24	BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	25	DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
	26	OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
	27	NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
	28	EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	29	*/
	30
344393	31	class installer_dist extends installer_base {
526b99	32
T	33	public function configure_mailman($status = 'insert') {
	34	global $conf;
	35
	36	$config_dir = $conf['mailman']['config_dir'].'/';
	37	$full_file_name = $config_dir.'mm_cfg.py';
	38	//* Backup exiting file
	39	if(is_file($full_file_name)) {
	40	copy($full_file_name, $config_dir.'mm_cfg.py~');
	41	}
	42
	43	// load files
615a0a	44	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mm_cfg.py.master', 'tpl/mm_cfg.py.master');
526b99	45	$old_file = rf($full_file_name);
T	46
	47	$old_options = array();
	48	$lines = explode("\n", $old_file);
	49	foreach ($lines as $line)
	50	{
	51	if (trim($line) != '' && substr($line, 0, 1) != '#')
	52	{
	53	@list($key, $value) = @explode("=", $line);
	54	if (!empty($value))
	55	{
	56	$key = rtrim($key);
	57	$old_options[$key] = trim($value);
	58	}
	59	}
	60	}
7fe908	61
526b99	62	if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
T	63	exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');
	64
	65	$virtual_domains = '';
	66	if($status == 'update')
	67	{
	68	// create virtual_domains list
	69	$domainAll = $this->db->queryAllRecords("SELECT domain FROM mail_mailinglist GROUP BY domain");
	70
	71	if(is_array($domainAll)) {
7fe908	72	foreach($domainAll as $domain)
MC	73	{
	74	if ($domainAll[0]['domain'] == $domain['domain'])
	75	$virtual_domains .= "'".$domain['domain']."'";
	76	else
	77	$virtual_domains .= ", '".$domain['domain']."'";
	78	}
526b99	79	}
T	80	}
	81	else
	82	$virtual_domains = "' '";
	83
	84	$content = str_replace('{hostname}', $conf['hostname'], $content);
	85	if(!isset($old_options['DEFAULT_SERVER_LANGUAGE'])) $old_options['DEFAULT_SERVER_LANGUAGE'] = '';
	86	$content = str_replace('{default_language}', $old_options['DEFAULT_SERVER_LANGUAGE'], $content);
	87	$content = str_replace('{virtual_domains}', $virtual_domains, $content);
	88
	89	wf($full_file_name, $content);
7fe908	90
3f478f	91	//* Write virtual_to_transport.sh script
T	92	$config_dir = $conf['mailman']['config_dir'].'/';
	93	$full_file_name = $config_dir.'virtual_to_transport.sh';
7fe908	94
3f478f	95	//* Backup exiting virtual_to_transport.sh script
T	96	if(is_file($full_file_name)) {
	97	copy($full_file_name, $config_dir.'virtual_to_transport.sh~');
	98	}
7fe908	99
3f478f	100	if(is_dir('/etc/mailman')) {
7fe908	101	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/mailman-virtual_to_transport.sh')) {
MC	102	copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/mailman-virtual_to_transport.sh', $full_file_name);
	103	} else {
	104	copy('tpl/mailman-virtual_to_transport.sh', $full_file_name);
	105	}
	106	chgrp($full_file_name, 'mailman');
	107	chmod($full_file_name, 0750);
3f478f	108	}
7fe908	109
3f478f	110	//* Create aliasaes
T	111	exec('/usr/lib/mailman/bin/genaliases 2>/dev/null');
7fe908	112
526b99	113	}
7fe908	114
0711af	115	function configure_postfix($options = '')
7fe908	116	{
b51c22	117	global $conf,$autoinstall;
0711af	118	$cf = $conf['postfix'];
T	119	$config_dir = $cf['config_dir'];
7fe908	120
0711af	121	if(!is_dir($config_dir)){
7fe908	122	$this->error("The postfix configuration directory '$config_dir' does not exist.");
MC	123	}
	124
0711af	125	//* mysql-virtual_domains.cf
7fe908	126	$this->process_postfix_config('mysql-virtual_domains.cf');
0711af	127
T	128	//* mysql-virtual_forwardings.cf
7fe908	129	$this->process_postfix_config('mysql-virtual_forwardings.cf');
0711af	130
T	131	//* mysql-virtual_mailboxes.cf
7fe908	132	$this->process_postfix_config('mysql-virtual_mailboxes.cf');
0711af	133
T	134	//* mysql-virtual_email2email.cf
7fe908	135	$this->process_postfix_config('mysql-virtual_email2email.cf');
0711af	136
T	137	//* mysql-virtual_transports.cf
7fe908	138	$this->process_postfix_config('mysql-virtual_transports.cf');
0711af	139
T	140	//* mysql-virtual_recipient.cf
7fe908	141	$this->process_postfix_config('mysql-virtual_recipient.cf');
0711af	142
T	143	//* mysql-virtual_sender.cf
7fe908	144	$this->process_postfix_config('mysql-virtual_sender.cf');
0711af	145
T	146	//* mysql-virtual_client.cf
7fe908	147	$this->process_postfix_config('mysql-virtual_client.cf');
MC	148
0711af	149	//* mysql-virtual_relaydomains.cf
7fe908	150	$this->process_postfix_config('mysql-virtual_relaydomains.cf');
MC	151
429dcf	152	//* mysql-virtual_relayrecipientmaps.cf
7fe908	153	$this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');
0711af	154
T	155	//* Changing mode and group of the new created config files.
	156	caselog('chmod o= '.$config_dir.'/mysql-virtual_.cf &> /dev/null',
7fe908	157	__FILE__, __LINE__, 'chmod on mysql-virtual_.cf', 'chmod on mysql-virtual_.cf failed');
MC	158	caselog('chgrp '.$cf['group'].' '.$config_dir.'/mysql-virtual_.cf &> /dev/null',
	159	__FILE__, __LINE__, 'chgrp on mysql-virtual_.cf', 'chgrp on mysql-virtual_.cf failed');
	160
0711af	161	//* Creating virtual mail user and group
T	162	$command = 'groupadd -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
392450	163	if(!is_group($cf['vmail_groupname'])) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
0711af	164
T	165	$command = 'useradd -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' '.$cf['vmail_username'].' -d '.$cf['vmail_mailbox_base'].' -m';
7b47c0	166	if(!is_user($cf['vmail_username'])) caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
T	167
	168	//* These postconf commands will be executed on installation and update
	169	$server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ".$conf['server_id']);
	170	$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
	171	unset($server_ini_rec);
	172
	173	//* If there are RBL's defined, format the list and add them to smtp_recipient_restrictions to prevent removeal after an update
	174	$rbl_list = '';
	175	if (@isset($server_ini_array['mail']['realtime_blackhole_list']) && $server_ini_array['mail']['realtime_blackhole_list'] != '') {
7fe908	176	$rbl_hosts = explode(",", str_replace(" ", "", $server_ini_array['mail']['realtime_blackhole_list']));
7b47c0	177	foreach ($rbl_hosts as $key => $value) {
T	178	$rbl_list .= ", reject_rbl_client ". $value;
	179	}
	180	}
	181	unset($rbl_hosts);
	182	unset($server_ini_array);
0711af	183
b67344	184	//* These postconf commands will be executed on installation and update
7fe908	185	$postconf_placeholders = array('{config_dir}' => $config_dir,
MC	186	'{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
	187	'{vmail_userid}' => $cf['vmail_userid'],
	188	'{vmail_groupid}' => $cf['vmail_groupid'],
	189	'{rbl_list}' => $rbl_list);
	190
	191	$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_postfix.conf.master', 'tpl/fedora_postfix.conf.master');
	192	$postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);
	193	$postconf_commands = array_filter(explode("\n", $postconf_tpl)); // read and remove empty lines
	194
b67344	195	//* These postconf commands will be executed on installation only
T	196	if($this->is_update == false) {
7fe908	197	$postconf_commands = array_merge($postconf_commands, array(
MC	198	'myhostname = '.$conf['hostname'],
	199	'mydestination = '.$conf['hostname'].', localhost, localhost.localdomain',
	200	'mynetworks = 127.0.0.0/8 [::1]/128'
	201	));
b67344	202	}
7fe908	203
0711af	204	//* Create the header and body check files
T	205	touch($config_dir.'/header_checks');
	206	touch($config_dir.'/mime_header_checks');
	207	touch($config_dir.'/nested_header_checks');
	208	touch($config_dir.'/body_checks');
7fe908	209
3f478f	210	//* Create the mailman files
T	211	if(!is_dir('/var/lib/mailman/data')) exec('mkdir -p /var/lib/mailman/data');
	212	//if(!is_file('/var/lib/mailman/data/aliases')) touch('/var/lib/mailman/data/aliases');
	213	if(is_file('/var/lib/mailman/data/aliases')) unlink('/var/lib/mailman/data/aliases');
7fe908	214	if(!is_link('/var/lib/mailman/data/aliases')) symlink('/etc/mailman/aliases', '/var/lib/mailman/data/aliases');
3f478f	215	exec('postalias /var/lib/mailman/data/aliases');
79bd20	216	if(!is_file('/etc/mailman/virtual-mailman')) touch('/etc/mailman/virtual-mailman');
TB	217	exec('postmap /etc/mailman/virtual-mailman');
3f478f	218	if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
T	219	exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');
7fe908	220
0711af	221	//* Make a backup copy of the main.cf file
T	222	copy($config_dir.'/main.cf', $config_dir.'/main.cf~');
7fe908	223
0711af	224	//* Executing the postconf commands
T	225	foreach($postconf_commands as $cmd) {
	226	$command = "postconf -e '$cmd'";
	227	caselog($command." &> /dev/null", __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
	228	}
7fe908	229
MC	230	if(!stristr($options, 'dont-create-certs')) {
0711af	231	//* Create the SSL certificate
b04e82	232	if(AUTOINSTALL){
TB	233	$command = 'cd '.$config_dir.'; '
c43c29	234	."openssl req -new -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509";
b04e82	235	} else {
TB	236	$command = 'cd '.$config_dir.'; '
c43c29	237	.'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
TB	238	}
0711af	239	exec($command);
7fe908	240
01423f	241	$command = 'chmod o= '.$config_dir.'/smtpd.key';
0711af	242	caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
T	243	}
7fe908	244
0711af	245	//** We have to change the permissions of the courier authdaemon directory to make it accessible for maildrop.
T	246	$command = 'chmod 755 /var/spool/authdaemon';
	247	caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
7fe908	248
0711af	249	//* Changing maildrop lines in posfix master.cf
T	250	if(is_file($config_dir.'/master.cf')){
7fe908	251	copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
MC	252	}
0711af	253	if(is_file($config_dir.'/master.cf~')){
7fe908	254	exec('chmod 400 '.$config_dir.'/master.cf~');
MC	255	}
0711af	256	$configfile = $config_dir.'/master.cf';
T	257	$content = rf($configfile);
2c8f94	258	// if postfix package is from fedora or centios main repo
7fe908	259	$content = str_replace('# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}',
MC	260	' flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
	261	$content);
	262
2c8f94	263	// If postfix package is from centos plus repo
7fe908	264	$content = str_replace('# flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}',
MC	265	' flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
	266	$content);
	267
	268	$content = str_replace(' flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}',
	269	' flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
	270	$content);
	271
	272
	273	$content = str_replace('#maildrop unix - n n - - pipe',
	274	'maildrop unix - n n - - pipe',
	275	$content);
	276
0711af	277	wf($configfile, $content);
7fe908	278
0711af	279	//* Writing the Maildrop mailfilter file
T	280	$configfile = 'mailfilter';
	281	if(is_file($cf['vmail_mailbox_base'].'/.'.$configfile)){
7fe908	282	copy($cf['vmail_mailbox_base'].'/.'.$configfile, $cf['vmail_mailbox_base'].'/.'.$configfile.'~');
MC	283	}
615a0a	284	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
0711af	285	$content = str_replace('{dist_postfix_vmail_mailbox_base}', $cf['vmail_mailbox_base'], $content);
T	286	wf($cf['vmail_mailbox_base'].'/.'.$configfile, $content);
7fe908	287
0711af	288	//* Create the directory for the custom mailfilters
T	289	$command = 'mkdir '.$cf['vmail_mailbox_base'].'/mailfilters';
	290	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	291
0711af	292	//* Chmod and chown the .mailfilter file
T	293	$command = 'chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base'].'/.mailfilter';
	294	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	295
0711af	296	$command = 'chmod -R 600 '.$cf['vmail_mailbox_base'].'/.mailfilter';
T	297	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	298
0711af	299	}
7fe908	300
0711af	301	public function configure_saslauthd() {
T	302	global $conf;
7fe908	303
0711af	304	$configfile = 'tpl/fedora_saslauthd_smtpd_conf.master';
615a0a	305	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_saslauthd_smtpd_conf.master', $configfile);
7fe908	306	wf('/usr/lib/sasl2/smtpd.conf', $content);
MC	307	if(is_dir('/usr/lib64')) wf('/usr/lib64/sasl/smtpd.conf', $content);
	308	if(is_dir('/usr/lib64')) wf('/usr/lib64/sasl2/smtpd.conf', $content);
	309
0711af	310	}
7fe908	311
0711af	312	public function configure_pam()
7fe908	313	{
0711af	314	global $conf;
T	315	$pam = $conf['pam'];
	316	//* configure pam for SMTP authentication agains the ispconfig database
	317	$configfile = 'pamd_smtp';
	318	if(is_file("$pam/smtp")) copy("$pam/smtp", "$pam/smtp~");
	319	if(is_file("$pam/smtp~")) exec("chmod 400 $pam/smtp~");
	320
615a0a	321	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
0711af	322	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
T	323	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	324	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	325	$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
	326	wf("$pam/smtp", $content);
03bff7	327	// On some OSes smtp is world readable which allows for reading database information. Removing world readable rights should have no effect.
T	328	if(is_file("$pam/smtp")) exec("chmod o= $pam/smtp");
0711af	329	//exec("chmod 660 $pam/smtp");
T	330	//exec("chown root:root $pam/smtp");
7fe908	331
0711af	332	}
7fe908	333
0711af	334	public function configure_courier()
7fe908	335	{
0711af	336	global $conf;
T	337	$config_dir = $conf['courier']['config_dir'];
	338	//* authmysqlrc
	339	$configfile = 'authmysqlrc';
	340	if(is_file("$config_dir/$configfile")){
7fe908	341	copy("$config_dir/$configfile", "$config_dir/$configfile~");
MC	342	}
0711af	343	exec("chmod 400 $config_dir/$configfile~");
615a0a	344	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
7fe908	345	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	346	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	347	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	348	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
0711af	349	wf("$config_dir/$configfile", $content);
7fe908	350
0711af	351	exec("chmod 660 $config_dir/$configfile");
T	352	exec("chown root:root $config_dir/$configfile");
7fe908	353
0711af	354	//* authdaemonrc
T	355	$configfile = $conf['courier']['config_dir'].'/authdaemonrc';
	356	if(is_file($configfile)){
7fe908	357	copy($configfile, $configfile.'~');
MC	358	}
0711af	359	if(is_file($configfile.'~')){
7fe908	360	exec('chmod 400 '.$configfile.'~');
MC	361	}
0711af	362	$content = rf($configfile);
T	363	$content = str_replace('authmodulelist=', 'authmodulelist="authmysql"', $content);
	364	wf($configfile, $content);
	365	}
7fe908	366
0f2bb1	367	public function configure_dovecot()
7fe908	368	{
0f2bb1	369	global $conf;
7fe908	370
0f2bb1	371	$config_dir = $conf['dovecot']['config_dir'];
7fe908	372
9ec545	373	//* Use /etc/dovecot as config dir if exists
T	374	if(is_dir('/etc/dovecot')) $config_dir = '/etc/dovecot';
7fe908	375
0f2bb1	376	//* Configure master.cf and add a line for deliver
T	377	if(is_file($config_dir.'/master.cf')){
7fe908	378	copy($config_dir.'/master.cf', $config_dir.'/master.cf~2');
MC	379	}
0f2bb1	380	if(is_file($config_dir.'/master.cf~')){
7fe908	381	exec('chmod 400 '.$config_dir.'/master.cf~2');
MC	382	}
0f2bb1	383	$content = rf($conf["postfix"]["config_dir"].'/master.cf');
T	384	// Only add the content if we had not addded it before
7fe908	385	if(!stristr($content, "dovecot/deliver")) {
013ae4	386	$deliver_content = 'dovecot unix - n n - - pipe'."\n".' flags=DROhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop}';
7fe908	387	af($conf["postfix"]["config_dir"].'/master.cf', $deliver_content);
0f2bb1	388	}
T	389	unset($content);
	390	unset($deliver_content);
7fe908	391
MC	392
0f2bb1	393	//* Reconfigure postfix to use dovecot authentication
T	394	// Adding the amavisd commands to the postfix configuration
	395	$postconf_commands = array (
	396	'dovecot_destination_recipient_limit = 1',
	397	'virtual_transport = dovecot',
	398	'smtpd_sasl_type = dovecot',
	399	'smtpd_sasl_path = private/auth',
	400	);
7fe908	401
0f2bb1	402	// Make a backup copy of the main.cf file
7fe908	403	copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~3');
MC	404
0f2bb1	405	// Executing the postconf commands
T	406	foreach($postconf_commands as $cmd) {
	407	$command = "postconf -e '$cmd'";
	408	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	409	}
7fe908	410
31e0d1	411	//* backup dovecot.conf
0f2bb1	412	$configfile = 'dovecot.conf';
T	413	if(is_file("$config_dir/$configfile")){
7fe908	414	copy("$config_dir/$configfile", "$config_dir/$configfile~");
MC	415	}
	416
31e0d1	417	//* Get the dovecot version
7fe908	418	exec('dovecot --version', $tmp);
b79f6c	419	$dovecot_version = $tmp[0];
31e0d1	420	unset($tmp);
7fe908	421
31e0d1	422	//* Copy dovecot configuration file
b79f6c	423	if(version_compare($dovecot_version,2) >= 0) {
7fe908	424	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot2.conf.master')) {
MC	425	copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot2.conf.master', $config_dir.'/'.$configfile);
	426	} else {
	427	copy('tpl/fedora_dovecot2.conf.master', $config_dir.'/'.$configfile);
	428	}
b79f6c	429	if(version_compare($dovecot_version,2.1) < 0) {
TB	430	removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
	431	}
31e0d1	432	} else {
7fe908	433	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot.conf.master')) {
MC	434	copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot.conf.master', $config_dir.'/'.$configfile);
	435	} else {
	436	copy('tpl/fedora_dovecot.conf.master', $config_dir.'/'.$configfile);
	437	}
31e0d1	438	}
615a0a	439
0f2bb1	440	//* dovecot-sql.conf
T	441	$configfile = 'dovecot-sql.conf';
	442	if(is_file("$config_dir/$configfile")){
7fe908	443	copy("$config_dir/$configfile", "$config_dir/$configfile~");
0f2bb1	444	exec("chmod 400 $config_dir/$configfile~");
7fe908	445	}
85f6fb	446
TB	447	if(!@file_exists('/etc/dovecot-sql.conf')) exec('ln -s /etc/dovecot/dovecot-sql.conf /etc/dovecot-sql.conf');
7fe908	448
615a0a	449	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot-sql.conf.master', "tpl/fedora_dovecot-sql.conf.master");
7fe908	450	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	451	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	452	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	453	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
032b86	454	$content = str_replace('{server_id}', $conf['server_id'], $content);
0f2bb1	455	wf("$config_dir/$configfile", $content);
7fe908	456
0f2bb1	457	exec("chmod 600 $config_dir/$configfile");
T	458	exec("chown root:root $config_dir/$configfile");
5e7306	459
TB	460	// Dovecot shall ignore mounts in website directory
85f6fb	461	if(is_installed('doveadm')) exec("doveadm mount add '/var/www/*' ignore > /dev/null 2> /dev/null");
0f2bb1	462
T	463	}
7fe908	464
0711af	465	public function configure_amavis() {
T	466	global $conf;
7fe908	467
0711af	468	// amavisd user config file
T	469	$configfile = 'fedora_amavisd_conf';
7fe908	470	if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf')) copy($conf["amavis"]["config_dir"].'/amavisd.conf', $conf["amavis"]["config_dir"].'/amavisd.conf~');
0711af	471	if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf~')) exec('chmod 400 '.$conf["amavis"]["config_dir"].'/amavisd.conf~');
615a0a	472	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
7fe908	473	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	474	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	475	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	476	$content = str_replace('{mysql_server_port}', $conf["mysql"]["port"], $content);
	477	$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
	478	$content = str_replace('{hostname}', $conf['hostname'], $content);
	479	wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
553854	480	chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
7fe908	481
MC	482
0711af	483	// Adding the amavisd commands to the postfix configuration
T	484	$postconf_commands = array (
	485	'content_filter = amavis:[127.0.0.1]:10024',
	486	'receive_override_options = no_address_mappings'
	487	);
7fe908	488
0711af	489	// Make a backup copy of the main.cf file
7fe908	490	copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~2');
MC	491
0711af	492	// Executing the postconf commands
T	493	foreach($postconf_commands as $cmd) {
	494	$command = "postconf -e '$cmd'";
	495	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	496	}
7fe908	497
0711af	498	// Append the configuration for amavisd to the master.cf file
7fe908	499	if(is_file($conf["postfix"]["config_dir"].'/master.cf')) copy($conf["postfix"]["config_dir"].'/master.cf', $conf["postfix"]["config_dir"].'/master.cf~');
0711af	500	$content = rf($conf["postfix"]["config_dir"].'/master.cf');
T	501	// Only add the content if we had not addded it before
7fe908	502	if(!stristr($content, "127.0.0.1:10025")) {
0711af	503	unset($content);
615a0a	504	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', "tpl/master_cf_amavis.master");
7fe908	505	af($conf["postfix"]["config_dir"].'/master.cf', $content);
0711af	506	}
T	507	unset($content);
7fe908	508
MC	509	removeLine('/etc/sysconfig/freshclam', 'FRESHCLAM_DELAY=disabled-warn # REMOVE ME', 1);
	510	replaceLine('/etc/freshclam.conf', 'Example', '# Example', 1);
	511
0711af	512	// Add the clamav user to the vscan group
T	513	//exec('groupmod --add-user clamav vscan');
7fe908	514
MC	515
0711af	516	}
7fe908	517
0711af	518	public function configure_spamassassin()
7fe908	519	{
0711af	520	global $conf;
7fe908	521
0711af	522	//* Enable spamasasssin on debian and ubuntu
T	523	/*
	524	$configfile = '/etc/default/spamassassin';
	525	if(is_file($configfile)){
	526	copy($configfile, $configfile.'~');
	527	}
	528	$content = rf($configfile);
	529	$content = str_replace('ENABLED=0', 'ENABLED=1', $content);
	530	wf($configfile, $content);
	531	*/
	532	}
7fe908	533
0711af	534	public function configure_getmail()
7fe908	535	{
0711af	536	global $conf;
7fe908	537
0711af	538	$config_dir = $conf['getmail']['config_dir'];
7fe908	539
0711af	540	if(!is_dir($config_dir)) exec("mkdir -p ".escapeshellcmd($config_dir));
T	541
	542	$command = "useradd -d $config_dir getmail";
392450	543	if(!is_user('getmail')) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	544
0711af	545	$command = "chown -R getmail $config_dir";
T	546	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	547
0711af	548	$command = "chmod -R 700 $config_dir";
T	549	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	550	}
7fe908	551
MC	552
0711af	553	public function configure_pureftpd()
7fe908	554	{
0711af	555	global $conf;
7fe908	556
0711af	557	$config_dir = $conf['pureftpd']['config_dir'];
T	558
	559	//* configure pam for SMTP authentication agains the ispconfig database
	560	$configfile = 'pureftpd-mysql.conf';
	561	if(is_file("$config_dir/$configfile")){
7fe908	562	copy("$config_dir/$configfile", "$config_dir/$configfile~");
MC	563	}
0711af	564	if(is_file("$config_dir/$configfile~")){
7fe908	565	exec("chmod 400 $config_dir/$configfile~");
MC	566	}
615a0a	567	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/pureftpd_mysql.conf.master', 'tpl/pureftpd_mysql.conf.master');
0711af	568	$content = str_replace('{mysql_server_ispconfig_user}', $conf["mysql"]["ispconfig_user"], $content);
T	569	$content = str_replace('{mysql_server_ispconfig_password}', $conf["mysql"]["ispconfig_password"], $content);
	570	$content = str_replace('{mysql_server_database}', $conf["mysql"]["database"], $content);
	571	$content = str_replace('{mysql_server_ip}', $conf["mysql"]["ip"], $content);
	572	$content = str_replace('{server_id}', $conf["server_id"], $content);
	573	wf("$config_dir/$configfile", $content);
	574	exec("chmod 600 $config_dir/$configfile");
	575	exec("chown root:root $config_dir/$configfile");
7fe908	576
0711af	577	// copy our customized copy of pureftpd.conf to the pure-ftpd config directory
615a0a	578	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_pureftpd_conf.master')) {
7fe908	579	exec("cp " . $conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_pureftpd_conf.master ' . "$config_dir/pure-ftpd.conf");
MC	580	}else {
	581	exec("cp tpl/fedora_pureftpd_conf.master $config_dir/pure-ftpd.conf");
	582	}
	583
0711af	584	}
7fe908	585
0711af	586	public function configure_mydns()
7fe908	587	{
0711af	588	global $conf;
7fe908	589
0711af	590	// configure mydns
T	591	$configfile = 'mydns.conf';
7fe908	592	if(is_file($conf["mydns"]["config_dir"].'/'.$configfile)) copy($conf["mydns"]["config_dir"].'/'.$configfile, $conf["mydns"]["config_dir"].'/'.$configfile.'~');
0711af	593	if(is_file($conf["mydns"]["config_dir"].'/'.$configfile.'~')) exec('chmod 400 '.$conf["mydns"]["config_dir"].'/'.$configfile.'~');
615a0a	594	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
7fe908	595	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	596	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	597	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	598	$content = str_replace('{mysql_server_host}', $conf["mysql"]["host"], $content);
	599	$content = str_replace('{server_id}', $conf["server_id"], $content);
	600	wf($conf["mydns"]["config_dir"].'/'.$configfile, $content);
0711af	601	exec('chmod 600 '.$conf["mydns"]["config_dir"].'/'.$configfile);
T	602	exec('chown root:root '.$conf["mydns"]["config_dir"].'/'.$configfile);
7fe908	603
0711af	604	}
7fe908	605
0f2bb1	606	public function configure_bind() {
T	607	global $conf;
7fe908	608
0f2bb1	609	// add the include line at the end of named.conf.
7fe908	610	replaceLine('/etc/named.conf', 'include "/etc/named.conf.local";', 'include "/etc/named.conf.local";', 0, 1);
fd4cfd	611
D	612	//* Check if the zonefile directory has a slash at the end
	613	$content=$conf['bind']['bind_zonefiles_dir'];
7fe908	614	if(substr($content, -1, 1) != '/') {
fd4cfd	615	$content .= '/';
D	616	}
	617
	618	//* Create the slave subdirectory
	619	$content .= 'slave';
	620	$content_mkdir = 'mkdir -p '.$content;
	621	exec($content_mkdir);
	622
	623	//* Chown the slave subdirectory to $conf['bind']['bind_user']
	624	exec('chown '.$conf['bind']['bind_user'].':'.$conf['bind']['bind_group'].' '.$content);
fc7f1b	625	exec('chmod 2770 '.$content);
7fe908	626
0f2bb1	627	}
7fe908	628
0711af	629	public function configure_apache()
7fe908	630	{
0711af	631	global $conf;
7fe908	632
1bd269	633	if($conf['apache']['installed'] == false) return;
bde98e	634	if(is_file('/etc/suphp.conf')) {
4c7fd5	635	//replaceLine('/etc/suphp.conf','php=php:/usr/bin','x-httpd-suphp=php:/usr/bin/php-cgi',0);
7fe908	636	replaceLine('/etc/suphp.conf', 'docroot=', 'docroot=/var/www', 0);
MC	637	replaceLine('/etc/suphp.conf', 'umask=0077', 'umask=0022', 0);
bde98e	638	}
7fe908	639
0711af	640	//* Create the logging directory for the vhost logfiles
T	641	exec('mkdir -p /var/log/ispconfig/httpd');
7fe908	642
0711af	643	// Sites enabled and avaulable dirs
T	644	exec('mkdir -p '.$conf['apache']['vhost_conf_enabled_dir']);
	645	exec('mkdir -p '.$conf['apache']['vhost_conf_dir']);
7fe908	646
0711af	647	$content = rf('/etc/httpd/conf/httpd.conf');
7fe908	648	if(!stristr($content, 'Include /etc/httpd/conf/sites-enabled/')) {
MC	649	af('/etc/httpd/conf/httpd.conf', "\nNameVirtualHost :80\nNameVirtualHost :443\nInclude /etc/httpd/conf/sites-enabled/\n\n");
0711af	650	}
T	651	unset($content);
7fe908	652
9de0c4	653	//* Copy the ISPConfig configuration include
7fe908	654	$vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
MC	655	$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
	656
ccbf14	657	$tpl = new tpl('apache_ispconfig.conf.master');
TB	658	$tpl->setVar('apache_version',getapacheversion());
	659
a2156e	660	$records = $this->db->queryAllRecords('SELECT * FROM '.$conf['mysql']['master_database'].'.server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");
ccbf14	661	$ip_addresses = array();
TB	662
fb3a98	663	if(is_array($records) && count($records) > 0) {
86e3bb	664	foreach($records as $rec) {
a2156e	665	if($rec['ip_type'] == 'IPv6') {
T	666	$ip_address = '['.$rec['ip_address'].']';
	667	} else {
	668	$ip_address = $rec['ip_address'];
	669	}
7fe908	670	$ports = explode(',', $rec['virtualhost_port']);
a2156e	671	if(is_array($ports)) {
T	672	foreach($ports as $port) {
	673	$port = intval($port);
	674	if($port > 0 && $port < 65536 && $ip_address != '') {
ccbf14	675	$ip_addresses[] = array('ip_address' => $ip_address, 'port' => $port);
a2156e	676	}
T	677	}
	678	}
86e3bb	679	}
T	680	}
855547	681
3de838	682	if(count($ip_addresses) > 0) $tpl->setLoop('ip_adresses',$ip_addresses);
7fe908	683
ccbf14	684	wf($vhost_conf_dir.'/ispconfig.conf', $tpl->grab());
TB	685	unset($tpl);
7fe908	686
9de0c4	687	if(!@is_link($vhost_conf_enabled_dir."/000-ispconfig.conf")) {
T	688	exec("ln -s ".$vhost_conf_dir."/ispconfig.conf ".$vhost_conf_enabled_dir."/000-ispconfig.conf");
	689	}
7fe908	690
99d5dc	691	//* make sure that webalizer finds its config file when it is directly in /etc
T	692	if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
	693	exec('mkdir /etc/webalizer');
	694	exec('ln -s /etc/webalizer.conf /etc/webalizer/webalizer.conf');
	695	}
7fe908	696
99d5dc	697	if(is_file('/etc/webalizer/webalizer.conf')) {
T	698	// Change webalizer mode to incremental
7fe908	699	replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
MC	700	replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental yes', 0, 0);
	701	replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName webalizer.hist', 0, 0);
99d5dc	702	}
7fe908	703
6b029a	704	//* add a sshusers group
T	705	$command = 'groupadd sshusers';
	706	if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	707
0711af	708	}
7fe908	709
d95ed9	710	public function configure_nginx(){
F	711	global $conf;
7fe908	712
d95ed9	713	if($conf['nginx']['installed'] == false) return;
F	714	//* Create the logging directory for the vhost logfiles
	715	if(!@is_dir($conf['ispconfig_log_dir'].'/httpd')) mkdir($conf['ispconfig_log_dir'].'/httpd', 0755, true);
7fe908	716
d95ed9	717	// Sites enabled and avaulable dirs
F	718	exec('mkdir -p '.$conf['nginx']['vhost_conf_enabled_dir']);
	719	exec('mkdir -p '.$conf['nginx']['vhost_conf_dir']);
	720
7fe908	721	wf('/etc/nginx/conf.d/ispconfig_vhosts.conf', "include /etc/nginx/sites-enabled/*.vhost;");
d95ed9	722
F	723	//* make sure that webalizer finds its config file when it is directly in /etc
	724	if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
	725	mkdir('/etc/webalizer');
7fe908	726	symlink('/etc/webalizer.conf', '/etc/webalizer/webalizer.conf');
d95ed9	727	}
F	728
	729	if(is_file('/etc/webalizer/webalizer.conf')) {
	730	// Change webalizer mode to incremental
7fe908	731	replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
MC	732	replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental yes', 0, 0);
	733	replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName webalizer.hist', 0, 0);
d95ed9	734	}
7fe908	735
d95ed9	736	// Check the awsatst script
F	737	if(!is_dir('/usr/share/awstats/tools')) exec('mkdir -p /usr/share/awstats/tools');
7fe908	738	if(!file_exists('/usr/share/awstats/tools/awstats_buildstaticpages.pl') && file_exists('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl')) symlink('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl', '/usr/share/awstats/tools/awstats_buildstaticpages.pl');
MC	739	if(file_exists('/etc/awstats/awstats.conf.local')) replaceLine('/etc/awstats/awstats.conf.local', 'LogFormat=4', 'LogFormat=1', 0, 1);
	740
d95ed9	741	//* add a sshusers group
F	742	$command = 'groupadd sshusers';
	743	if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	744	}
7fe908	745
0711af	746	public function configure_firewall()
T	747	{
	748	global $conf;
7fe908	749
0711af	750	$dist_init_scripts = $conf['init_scripts'];
7fe908	751
0711af	752	if(is_dir("/etc/Bastille.backup")) caselog("rm -rf /etc/Bastille.backup", __FILE__, __LINE__);
T	753	if(is_dir("/etc/Bastille")) caselog("mv -f /etc/Bastille /etc/Bastille.backup", __FILE__, __LINE__);
7fe908	754	@mkdir("/etc/Bastille", octdec($directory_mode));
MC	755	if(is_dir("/etc/Bastille.backup/firewall.d")) caselog("cp -pfr /etc/Bastille.backup/firewall.d /etc/Bastille/", __FILE__, __LINE__);
	756	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/bastille-firewall.cfg.master')) {
	757	caselog("cp -f " . $conf['ispconfig_install_dir']."/server/conf-custom/install/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
	758	} else {
	759	caselog("cp -f tpl/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
	760	}
	761	caselog("chmod 644 /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
	762	$content = rf("/etc/Bastille/bastille-firewall.cfg");
	763	$content = str_replace("{DNS_SERVERS}", "", $content);
0711af	764
7fe908	765	$tcp_public_services = '';
MC	766	$udp_public_services = '';
	767
fb3a98	768	$row = $this->db->queryOneRecord('SELECT * FROM '.$conf["mysql"]["database"].'.firewall WHERE server_id = '.intval($conf['server_id']));
7fe908	769
MC	770	if(trim($row["tcp_port"]) != '' \|\| trim($row["udp_port"]) != ''){
	771	$tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"]));
	772	$udp_public_services = trim(str_replace(',', ' ', $row["udp_port"]));
	773	} else {
	774	$tcp_public_services = '21 22 25 53 80 110 443 3306 8080 10000';
	775	$udp_public_services = '53';
	776	}
9ce725	777	if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
96cc31	778	$tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
57299d	779	if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ',".intval($conf['apache']['vhost_port'])."' WHERE server_id = ".intval($conf['server_id']));
9ce725	780	}
0711af	781
7fe908	782	$content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content);
MC	783	$content = str_replace("{UDP_PUBLIC_SERVICES}", $udp_public_services, $content);
0711af	784
7fe908	785	wf("/etc/Bastille/bastille-firewall.cfg", $content);
0711af	786
7fe908	787	if(is_file($dist_init_scripts."/bastille-firewall")) caselog("mv -f $dist_init_scripts/bastille-firewall $dist_init_scripts/bastille-firewall.backup", __FILE__, __LINE__);
MC	788	caselog("cp -f apps/bastille-firewall $dist_init_scripts", __FILE__, __LINE__);
	789	caselog("chmod 700 $dist_init_scripts/bastille-firewall", __FILE__, __LINE__);
0711af	790
7fe908	791	if(is_file("/sbin/bastille-ipchains")) caselog("mv -f /sbin/bastille-ipchains /sbin/bastille-ipchains.backup", __FILE__, __LINE__);
MC	792	caselog("cp -f apps/bastille-ipchains /sbin", __FILE__, __LINE__);
	793	caselog("chmod 700 /sbin/bastille-ipchains", __FILE__, __LINE__);
	794
	795	if(is_file("/sbin/bastille-netfilter")) caselog("mv -f /sbin/bastille-netfilter /sbin/bastille-netfilter.backup", __FILE__, __LINE__);
	796	caselog("cp -f apps/bastille-netfilter /sbin", __FILE__, __LINE__);
	797	caselog("chmod 700 /sbin/bastille-netfilter", __FILE__, __LINE__);
	798
0711af	799	if(!@is_dir('/var/lock/subsys')) caselog("mkdir /var/lock/subsys", __FILE__, __LINE__);
T	800
7fe908	801	exec("which ipchains &> /dev/null", $ipchains_location, $ret_val);
MC	802	if(!is_file("/sbin/ipchains") && !is_link("/sbin/ipchains") && $ret_val == 0) phpcaselog(@symlink(shell_exec("which ipchains"), "/sbin/ipchains"), 'create symlink', __FILE__, __LINE__);
	803	unset($ipchains_location);
	804	exec("which iptables &> /dev/null", $iptables_location, $ret_val);
	805	if(!is_file("/sbin/iptables") && !is_link("/sbin/iptables") && $ret_val == 0) phpcaselog(@symlink(trim(shell_exec("which iptables")), "/sbin/iptables"), 'create symlink', __FILE__, __LINE__);
	806	unset($iptables_location);
0711af	807
T	808	}
7fe908	809
MC	810
0711af	811	public function install_ispconfig()
7fe908	812	{
0711af	813	global $conf;
7fe908	814
0711af	815	$install_dir = $conf['ispconfig_install_dir'];
T	816
	817	//* Create the ISPConfig installation directory
	818	if(!@is_dir("$install_dir")) {
	819	$command = "mkdir $install_dir";
	820	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	821	}
7fe908	822
0711af	823	//* Create a ISPConfig user and group
T	824	$command = 'groupadd ispconfig';
392450	825	if(!is_group('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	826
0711af	827	$command = "useradd -g ispconfig -d $install_dir ispconfig";
392450	828	if(!is_user('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	829
0711af	830	//* copy the ISPConfig interface part
T	831	$command = "cp -rf ../interface $install_dir";
	832	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	833
0711af	834	//* copy the ISPConfig server part
T	835	$command = "cp -rf ../server $install_dir";
	836	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
a13af2	837
fb6c56	838	//* Make a backup of the security settings
TB	839	if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~');
	840
a13af2	841	//* copy the ISPConfig security part
TB	842	$command = 'cp -rf ../security '.$install_dir;
	843	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
fb6c56	844
TB	845	//* Apply changed security_settings.ini values to new security_settings.ini file
	846	if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) {
	847	$security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~'));
	848	$security_settings_new = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini'));
	849	if(is_array($security_settings_new) && is_array($security_settings_old)) {
	850	foreach($security_settings_new as $section => $sval) {
	851	if(is_array($sval)) {
	852	foreach($sval as $key => $val) {
	853	if(isset($security_settings_old[$section]) && isset($security_settings_old[$section][$key])) {
	854	$security_settings_new[$section][$key] = $security_settings_old[$section][$key];
	855	}
	856	}
	857	}
	858	}
	859	file_put_contents('/usr/local/ispconfig/security/security_settings.ini',array_to_ini($security_settings_new));
	860	}
	861	}
7fe908	862
0711af	863	//* Create a symlink, so ISPConfig is accessible via web
T	864	// Replaced by a separate vhost definition for port 8080
	865	// $command = "ln -s $install_dir/interface/web/ /var/www/ispconfig";
	866	// caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	867
0711af	868	//* Create the config file for ISPConfig interface
T	869	$configfile = 'config.inc.php';
	870	if(is_file($install_dir.'/interface/lib/'.$configfile)){
7fe908	871	copy("$install_dir/interface/lib/$configfile", "$install_dir/interface/lib/$configfile~");
MC	872	}
615a0a	873	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
0711af	874	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
7fe908	875	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
0711af	876	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
T	877	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
7fe908	878
12e3ba	879	$content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
T	880	$content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
	881	$content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
	882	$content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
7fe908	883
7c3b60	884	$content = str_replace('{server_id}', $conf['server_id'], $content);
0711af	885	$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
56f1f4	886	$content = str_replace('{language}', $conf['language'], $content);
8cf78b	887	$content = str_replace('{timezone}', $conf['timezone'], $content);
41eaa8	888	$content = str_replace('{theme}', $conf['theme'], $content);
992797	889	$content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
7fe908	890
0711af	891	wf("$install_dir/interface/lib/$configfile", $content);
7fe908	892
0711af	893	//* Create the config file for ISPConfig server
T	894	$configfile = 'config.inc.php';
	895	if(is_file($install_dir.'/server/lib/'.$configfile)){
7fe908	896	copy("$install_dir/server/lib/$configfile", "$install_dir/interface/lib/$configfile~");
MC	897	}
615a0a	898	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
0711af	899	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
T	900	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	901	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	902	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
7fe908	903
12e3ba	904	$content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
T	905	$content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
	906	$content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
	907	$content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
7fe908	908
0711af	909	$content = str_replace('{server_id}', $conf['server_id'], $content);
T	910	$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
5898e6	911	$content = str_replace('{language}', $conf['language'], $content);
8cf78b	912	$content = str_replace('{timezone}', $conf['timezone'], $content);
41eaa8	913	$content = str_replace('{theme}', $conf['theme'], $content);
992797	914	$content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
5c4d55	915
0711af	916	wf("$install_dir/server/lib/$configfile", $content);
7fe908	917
fb3a98	918	//* Create the config file for remote-actions (but only, if it does not exist, because
T	919	// the value is a autoinc-value and so changed by the remoteaction_core_module
	920	if (!file_exists($install_dir.'/server/lib/remote_action.inc.php')) {
	921	$content = '<?php' . "\n" . '$maxid_remote_action = 0;' . "\n" . '?>';
	922	wf($install_dir.'/server/lib/remote_action.inc.php', $content);
	923	}
7fe908	924
MC	925
0711af	926	//* Enable the server modules and plugins.
T	927	// TODO: Implement a selector which modules and plugins shall be enabled.
	928	$dir = $install_dir.'/server/mods-available/';
	929	if (is_dir($dir)) {
	930	if ($dh = opendir($dir)) {
	931	while (($file = readdir($dh)) !== false) {
7fe908	932	if($file != '.' && $file != '..' && substr($file, -8, 8) == '.inc.php') {
MC	933	include_once $install_dir.'/server/mods-available/'.$file;
	934	$module_name = substr($file, 0, -8);
392450	935	$tmp = new $module_name;
T	936	if($tmp->onInstall()) {
	937	if(!@is_link($install_dir.'/server/mods-enabled/'.$file)) @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-enabled/'.$file);
	938	if (strpos($file, '_core_module') !== false) {
	939	if(!@is_link($install_dir.'/server/mods-core/'.$file)) @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-core/'.$file);
	940	}
0d0cd9	941	}
392450	942	unset($tmp);
0711af	943	}
T	944	}
	945	closedir($dh);
	946	}
	947	}
7fe908	948
0711af	949	$dir = $install_dir.'/server/plugins-available/';
T	950	if (is_dir($dir)) {
	951	if ($dh = opendir($dir)) {
	952	while (($file = readdir($dh)) !== false) {
1bd269	953	if($conf['apache']['installed'] == true && $file == 'nginx_plugin.inc.php') continue;
F	954	if($conf['nginx']['installed'] == true && $file == 'apache2_plugin.inc.php') continue;
7fe908	955	if($file != '.' && $file != '..' && substr($file, -8, 8) == '.inc.php') {
MC	956	include_once $install_dir.'/server/plugins-available/'.$file;
	957	$plugin_name = substr($file, 0, -8);
392450	958	$tmp = new $plugin_name;
T	959	if($tmp->onInstall()) {
	960	if(!@is_link($install_dir.'/server/plugins-enabled/'.$file)) @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-enabled/'.$file);
	961	if (strpos($file, '_core_plugin') !== false) {
	962	if(!@is_link($install_dir.'/server/plugins-core/'.$file)) @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-core/'.$file);
	963	}
0d0cd9	964	}
392450	965	unset($tmp);
0711af	966	}
T	967	}
	968	closedir($dh);
	969	}
	970	}
7fe908	971
392450	972	// Update the server config
T	973	$mail_server_enabled = ($conf['services']['mail'])?1:0;
	974	$web_server_enabled = ($conf['services']['web'])?1:0;
	975	$dns_server_enabled = ($conf['services']['dns'])?1:0;
	976	$file_server_enabled = ($conf['services']['file'])?1:0;
	977	$db_server_enabled = ($conf['services']['db'])?1:0;
	978	$vserver_server_enabled = ($conf['services']['vserver'])?1:0;
	979	$sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled' WHERE server_id = ".intval($conf['server_id']);
7fe908	980
392450	981	if($conf['mysql']['master_slave_setup'] == 'y') {
T	982	$this->dbmaster->query($sql);
f66929	983	$this->db->query($sql);
392450	984	} else {
T	985	$this->db->query($sql);
	986	}
7fe908	987
fa029b	988	// chown install dir to root and chmod 755
3e0fc8	989	$command = 'chown root:root '.$install_dir;
TB	990	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	991	$command = 'chmod 755 '.$install_dir;
0711af	992	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
T	993
fa029b	994	//* Chmod the files and directories in the install dir
3e0fc8	995	$command = 'chmod -R 750 '.$install_dir.'/*';
TB	996	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	997
	998	//* chown the interface files to the ispconfig user and group
	999	$command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface';
	1000	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1001
	1002	//* chown the server files to the root user and group
	1003	$command = 'chown -R root:root '.$install_dir.'/server';
0711af	1004	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
fa029b	1005
TB	1006	//* chown the security files to the root user and group
	1007	$command = 'chown -R root:root '.$install_dir.'/security';
	1008	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1009
	1010	//* chown the security directory and security_settings.ini to root:ispconfig
	1011	$command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini';
	1012	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1013	$command = 'chown root:ispconfig '.$install_dir.'/security';
	1014	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
cb1221	1015	$command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist';
TB	1016	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1017	$command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield';
	1018	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1019	$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
	1020	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	1021
0711af	1022	//* Make the global language file directory group writable
T	1023	exec("chmod -R 770 $install_dir/interface/lib/lang");
7fe908	1024
0711af	1025	//* Make the temp directory for language file exports writable
T	1026	exec("chmod -R 770 $install_dir/interface/web/temp");
7fe908	1027
0711af	1028	//* Make all interface language file directories group writable
T	1029	$handle = @opendir($install_dir.'/interface/web');
7fe908	1030	while ($file = @readdir($handle)) {
MC	1031	if ($file != '.' && $file != '..') {
	1032	if(@is_dir($install_dir.'/interface/web'.'/'.$file.'/lib/lang')) {
0711af	1033	$handle2 = opendir($install_dir.'/interface/web'.'/'.$file.'/lib/lang');
7fe908	1034	chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang', 0770);
MC	1035	while ($lang_file = @readdir($handle2)) {
0711af	1036	if ($lang_file != '.' && $lang_file != '..') {
7fe908	1037	chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang/'.$lang_file, 0770);
0711af	1038	}
T	1039	}
	1040	}
	1041	}
	1042	}
7fe908	1043
477d4e	1044	//* Make the APS directories group writable
T	1045	exec("chmod -R 770 $install_dir/interface/web/sites/aps_meta_packages");
	1046	exec("chmod -R 770 $install_dir/server/aps_packages");
7fe908	1047
0711af	1048	//* make sure that the server config file (not the interface one) is only readable by the root user
bfcdef	1049	chmod($install_dir.'/server/lib/config.inc.php', 0600);
T	1050	chown($install_dir.'/server/lib/config.inc.php', 'root');
	1051	chgrp($install_dir.'/server/lib/config.inc.php', 'root');
7fe908	1052
bfcdef	1053	//* Make sure thet the interface config file is readable by user ispconfig only
T	1054	chmod($install_dir.'/interface/lib/config.inc.php', 0600);
	1055	chown($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
	1056	chgrp($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
7fe908	1057
0711af	1058	if(@is_file("$install_dir/server/lib/mysql_clientdb.conf")) {
T	1059	exec("chmod 600 $install_dir/server/lib/mysql_clientdb.conf");
	1060	exec("chown root:root $install_dir/server/lib/mysql_clientdb.conf");
	1061	}
980485	1062
TB	1063	if(is_dir($install_dir.'/interface/invoices')) {
	1064	exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
	1065	exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
	1066	}
	1067
	1068	exec('chown -R root:root /usr/local/ispconfig/interface/ssl');
7fe908	1069
0711af	1070	// TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
T	1071	// and must be fixed as this will allow the apache user to read the ispconfig files.
	1072	// Later this must run as own apache server or via suexec!
63b369	1073	if($conf['apache']['installed'] == true){
F	1074	$command = 'usermod -a -G ispconfig '.$conf['apache']['user'];
	1075	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
272aec	1076	if(is_group('ispapps')){
F	1077	$command = 'usermod -a -G ispapps '.$conf['apache']['user'];
	1078	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1079	}
63b369	1080	}
F	1081	if($conf['nginx']['installed'] == true){
	1082	$command = 'usermod -a -G ispconfig '.$conf['nginx']['user'];
	1083	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
8ab3cd	1084	//if(is_user('ispapps')){
7fe908	1085	// Allow the ispapps vhost access to /etc/squirrelmail
MC	1086	//$command = 'usermod -a -G '.$conf['apache']['group'].' ispapps';
	1087	//caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
8ab3cd	1088	//}
272aec	1089	if(is_group('ispapps')){
F	1090	$command = 'usermod -a -G ispapps '.$conf['nginx']['user'];
	1091	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1092	}
63b369	1093	}
7fe908	1094
0711af	1095	//* Make the shell scripts executable
T	1096	$command = "chmod +x $install_dir/server/scripts/*.sh";
	1097	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	1098
7e1cfb	1099	if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
1bd269	1100	//* Copy the ISPConfig vhost for the controlpanel
F	1101	// TODO: These are missing! should they be "vhost_dist_*_dir" ?
	1102	$vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
	1103	$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
7fe908	1104
MC	1105
1bd269	1106	// Dont just copy over the virtualhost template but add some custom settings
ccbf14	1107	$tpl = new tpl('apache_ispconfig.vhost.master');
TB	1108	$tpl->setVar('vhost_port',$conf['apache']['vhost_port']);
7fe908	1109
1bd269	1110	// comment out the listen directive if port is 80 or 443
F	1111	if($conf['apache']['vhost_port'] == 80 or $conf['apache']['vhost_port'] == 443) {
ccbf14	1112	$tpl->setVar('vhost_port_listen','#');
1bd269	1113	} else {
ccbf14	1114	$tpl->setVar('vhost_port_listen','');
1bd269	1115	}
7fe908	1116
ccbf14	1117	if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
TB	1118	$tpl->setVar('ssl_comment','');
1bd269	1119	} else {
ccbf14	1120	$tpl->setVar('ssl_comment','#');
1bd269	1121	}
10b4c8	1122	if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key') && is_file($install_dir.'/interface/ssl/ispserver.bundle')) {
ccbf14	1123	$tpl->setVar('ssl_bundle_comment','');
10b4c8	1124	} else {
ccbf14	1125	$tpl->setVar('ssl_bundle_comment','#');
10b4c8	1126	}
ccbf14	1127
TB	1128	$tpl->setVar('apache_version',getapacheversion());
7fe908	1129
ccbf14	1130	wf($vhost_conf_dir.'/ispconfig.vhost', $tpl->grab());
7fe908	1131
1bd269	1132	//copy('tpl/apache_ispconfig.vhost.master', "$vhost_conf_dir/ispconfig.vhost");
F	1133	//* and create the symlink
cc6568	1134	//if($this->is_update == false) {
7fe908	1135	if(@is_link("$vhost_conf_enabled_dir/ispconfig.vhost")) unlink("$vhost_conf_enabled_dir/ispconfig.vhost");
MC	1136	if(!@is_link("$vhost_conf_enabled_dir/000-ispconfig.vhost")) {
	1137	exec("ln -s $vhost_conf_dir/ispconfig.vhost $vhost_conf_enabled_dir/000-ispconfig.vhost");
	1138	}
	1139
	1140	/*
1bd269	1141	exec('mkdir -p /var/www/php-fcgi-scripts/ispconfig');
F	1142	exec('cp tpl/apache_ispconfig_fcgi_starter.master /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
	1143	exec('chmod +x /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
	1144	exec('ln -s /usr/local/ispconfig/interface/web /var/www/ispconfig');
	1145	exec('chown -R ispconfig:ispconfig /var/www/php-fcgi-scripts/ispconfig');
7fe908	1146
1bd269	1147	replaceLine('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter','PHPRC=','PHPRC=/etc/',0,0);
526b99	1148	*/
7fe908	1149	//if(!is_file('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter')) {
MC	1150	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/apache_ispconfig_fcgi_starter.master', 'tpl/apache_ispconfig_fcgi_starter.master');
	1151	$content = str_replace('{fastcgi_bin}', $conf['fastcgi']['fastcgi_bin'], $content);
	1152	$content = str_replace('{fastcgi_phpini_path}', $conf['fastcgi']['fastcgi_phpini_path'], $content);
	1153	if(!is_dir('/var/www/php-fcgi-scripts/ispconfig')) exec('mkdir -p /var/www/php-fcgi-scripts/ispconfig');
	1154	wf('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', $content);
	1155	exec('chmod +x /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
	1156	if(!is_link('/var/www/ispconfig')) exec('ln -s /usr/local/ispconfig/interface/web /var/www/ispconfig');
	1157	exec('chown -R ispconfig:ispconfig /var/www/php-fcgi-scripts/ispconfig');
	1158	//}
cc6568	1159	//}
f6d745	1160	}
7fe908	1161
7e1cfb	1162	if($conf['nginx']['installed'] == true && $this->install_ispconfig_interface == true){
1bd269	1163	//* Copy the ISPConfig vhost for the controlpanel
F	1164	$vhost_conf_dir = $conf['nginx']['vhost_conf_dir'];
	1165	$vhost_conf_enabled_dir = $conf['nginx']['vhost_conf_enabled_dir'];
	1166
	1167	// Dont just copy over the virtualhost template but add some custom settings
615a0a	1168	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/nginx_ispconfig.vhost.master', 'tpl/nginx_ispconfig.vhost.master');
1bd269	1169	$content = str_replace('{vhost_port}', $conf['nginx']['vhost_port'], $content);
7fe908	1170
1bd269	1171	if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
10b4c8	1172	$content = str_replace('{ssl_on}', ' on', $content);
1bd269	1173	$content = str_replace('{ssl_comment}', '', $content);
F	1174	$content = str_replace('{fastcgi_ssl}', 'on', $content);
	1175	} else {
10b4c8	1176	$content = str_replace('{ssl_on}', ' off', $content);
1bd269	1177	$content = str_replace('{ssl_comment}', '#', $content);
F	1178	$content = str_replace('{fastcgi_ssl}', 'off', $content);
0711af	1179	}
7fe908	1180
ca0b77	1181	$socket_dir = escapeshellcmd($conf['nginx']['php_fpm_socket_dir']);
7fe908	1182	if(substr($socket_dir, -1) != '/') $socket_dir .= '/';
ca0b77	1183	if(!is_dir($socket_dir)) exec('mkdir -p '.$socket_dir);
F	1184	$fpm_socket = $socket_dir.'ispconfig.sock';
7fe908	1185
ca0b77	1186	//$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
F	1187	$content = str_replace('{fpm_socket}', $fpm_socket, $content);
1bd269	1188
F	1189	wf($vhost_conf_dir.'/ispconfig.vhost', $content);
7fe908	1190
1bd269	1191	unset($content);
7fe908	1192
1bd269	1193	// PHP-FPM
F	1194	// Dont just copy over the php-fpm pool template but add some custom settings
615a0a	1195	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/php_fpm_pool.conf.master', 'tpl/php_fpm_pool.conf.master');
1bd269	1196	$content = str_replace('{fpm_pool}', 'ispconfig', $content);
ca0b77	1197	//$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
F	1198	$content = str_replace('{fpm_socket}', $fpm_socket, $content);
1bd269	1199	$content = str_replace('{fpm_user}', 'ispconfig', $content);
F	1200	$content = str_replace('{fpm_group}', 'ispconfig', $content);
	1201	wf($conf['nginx']['php_fpm_pool_dir'].'/ispconfig.conf', $content);
	1202
	1203	//copy('tpl/nginx_ispconfig.vhost.master', $vhost_conf_dir.'/ispconfig.vhost');
	1204	//* and create the symlink
7e1cfb	1205	if($this->is_update == false) {
1bd269	1206	if(@is_link($vhost_conf_enabled_dir.'/ispconfig.vhost')) unlink($vhost_conf_enabled_dir.'/ispconfig.vhost');
F	1207	if(!@is_link($vhost_conf_enabled_dir.'/000-ispconfig.vhost')) {
7fe908	1208	symlink($vhost_conf_dir.'/ispconfig.vhost', $vhost_conf_enabled_dir.'/000-ispconfig.vhost');
1bd269	1209	}
76f197	1210	}
7fe908	1211
3b273a	1212	// create symlink from /usr/share/phpmyadmin to /usr/share/phpMyAdmin, if it is installed
7fe908	1213	if(!@file_exists('/usr/share/phpmyadmin') && @is_dir('/usr/share/phpMyAdmin')) symlink('/usr/share/phpMyAdmin/', '/usr/share/phpmyadmin');
0711af	1214	}
7fe908	1215
0711af	1216	// Make the Clamav log files readable by ISPConfig
T	1217	//exec('chmod +r /var/log/clamav/clamav.log');
	1218	//exec('chmod +r /var/log/clamav/freshclam.log');
7fe908	1219
66768a	1220	//* Install the update script
b34f99	1221	if(is_file('/usr/local/bin/ispconfig_update_from_dev.sh')) unlink('/usr/local/bin/ispconfig_update_from_dev.sh');
MC	1222	exec('chown root /usr/local/ispconfig/server/scripts/update_from_dev.sh');
	1223	exec('chmod 700 /usr/local/ispconfig/server/scripts/update_from_dev.sh');
66768a	1224	exec('chown root /usr/local/ispconfig/server/scripts/update_from_tgz.sh');
T	1225	exec('chmod 700 /usr/local/ispconfig/server/scripts/update_from_tgz.sh');
	1226	exec('chown root /usr/local/ispconfig/server/scripts/ispconfig_update.sh');
	1227	exec('chmod 700 /usr/local/ispconfig/server/scripts/ispconfig_update.sh');
b34f99	1228	if(!is_link('/usr/local/bin/ispconfig_update_from_dev.sh')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_update.sh /usr/local/bin/ispconfig_update_from_dev.sh');
608a8c	1229	if(!is_link('/usr/local/bin/ispconfig_update.sh')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_update.sh /usr/local/bin/ispconfig_update.sh');
7fe908	1230
76f197	1231	// set the fast cgi starter script to executable
T	1232	// exec('chmod 755 '.$install_dir.'/interface/bin/php-fcgi');
7fe908	1233
0711af	1234	//* Make the logs readable for the ispconfig user
T	1235	if(@is_file('/var/log/maillog')) exec('chmod +r /var/log/maillog');
	1236	//if(@is_file('/var/log/mail.warn')) exec('chmod +r /var/log/mail.warn');
	1237	//if(@is_file('/var/log/mail.err')) exec('chmod +r /var/log/mail.err');
	1238	if(@is_file('/var/log/messages')) exec('chmod +r /var/log/messages');
7fe908	1239
0711af	1240	//To enable apache to read the directories
T	1241	// exec('chmod a+rx /usr/local/ispconfig');
	1242	// exec('chmod -R 751 /usr/local/ispconfig/interface');
	1243	// exec('chmod a+rx /usr/local/ispconfig/interface/web');
7fe908	1244
d9c8a7	1245	//* Create the ispconfig log directory
e38d14	1246	if(!is_dir($conf['ispconfig_log_dir'])) mkdir($conf['ispconfig_log_dir']);
J	1247	if(!is_file($conf['ispconfig_log_dir'].'/ispconfig.log')) exec('touch '.$conf['ispconfig_log_dir'].'/ispconfig.log');
7fe908	1248
0c5b42	1249	if(is_user('getmail')) {
T	1250	exec('mv /usr/local/ispconfig/server/scripts/run-getmail.sh /usr/local/bin/run-getmail.sh');
	1251	exec('chown getmail /usr/local/bin/run-getmail.sh');
	1252	exec('chmod 744 /usr/local/bin/run-getmail.sh');
	1253	}
7fe908	1254
9f56bd	1255	// Edit the file Edit the file /etc/sudoers and comment out the requiregetty line, otherwise the backup function will fail
7fe908	1256	replaceLine('/etc/sudoers', 'Defaults requiretty', '#Defaults requiretty', 0, 0);
MC	1257
8cf78b	1258	if(is_dir($install_dir.'/interface/invoices')) {
e94a9f	1259	exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
T	1260	exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
edf806	1261	}
7fe908	1262
0799f8	1263	//* Create the ispconfig auth log file and set uid/gid
T	1264	if(!is_file($conf['ispconfig_log_dir'].'/auth.log')) {
	1265	touch($conf['ispconfig_log_dir'].'/auth.log');
	1266	}
	1267	exec('chown ispconfig:ispconfig '. $conf['ispconfig_log_dir'].'/auth.log');
	1268	exec('chmod 660 '. $conf['ispconfig_log_dir'].'/auth.log');
7fe908	1269
d71bae	1270	//* Remove Domain module as its functions are available in the client module now
T	1271	if(@is_dir('/usr/local/ispconfig/interface/web/domain')) exec('rm -rf /usr/local/ispconfig/interface/web/domain');
021aec	1272
TB	1273	// Add symlink for patch tool
	1274	if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');
553854	1275
TB	1276	// Change mode of a few files from amavisd
	1277	if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
	1278	if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
	1279	if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
	1280	if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400);
	1281
0711af	1282	}
7fe908	1283
0711af	1284	public function configure_dbserver()
T	1285	{
	1286	global $conf;
7fe908	1287
0711af	1288	//* If this server shall act as database server for client DB's, we configure this here
T	1289	$install_dir = $conf['ispconfig_install_dir'];
7fe908	1290
MC	1291	// Create a file with the database login details which
0711af	1292	// are used to create the client databases.
7fe908	1293
0711af	1294	if(!is_dir("$install_dir/server/lib")) {
T	1295	$command = "mkdir $install_dir/server/lib";
	1296	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1297	}
7fe908	1298
615a0a	1299	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mysql_clientdb.conf.master', "tpl/mysql_clientdb.conf.master");
7fe908	1300	$content = str_replace('{hostname}', $conf['mysql']['host'], $content);
MC	1301	$content = str_replace('{username}', $conf['mysql']['admin_user'], $content);
67fede	1302	$content = str_replace('{password}', addslashes($conf['mysql']['admin_password']), $content);
7fe908	1303	wf("$install_dir/server/lib/mysql_clientdb.conf", $content);
0711af	1304	exec('chmod 600 '."$install_dir/server/lib/mysql_clientdb.conf");
T	1305	exec('chown root:root '."$install_dir/server/lib/mysql_clientdb.conf");
7fe908	1306
0711af	1307	}
7fe908	1308
0711af	1309	public function install_crontab()
7fe908	1310	{
0711af	1311	global $conf;
7fe908	1312
0711af	1313	//* Root Crontab
T	1314	exec('crontab -u root -l > crontab.txt');
	1315	$existing_root_cron_jobs = file('crontab.txt');
7fe908	1316
a8a328	1317	// remove existing ispconfig cronjobs, in case the syntax has changed
T	1318	foreach($existing_root_cron_jobs as $key => $val) {
7fe908	1319	if(stristr($val, '/usr/local/ispconfig')) unset($existing_root_cron_jobs[$key]);
a8a328	1320	}
7fe908	1321
0711af	1322	$root_cron_jobs = array(
T	1323	'* * * * * /usr/local/ispconfig/server/server.sh &> /dev/null',
	1324	'30 00 * * * /usr/local/ispconfig/server/cron_daily.sh &> /dev/null'
	1325	);
7fe908	1326
b6a10a	1327	if ($conf['nginx']['installed'] == true) {
F	1328	$root_cron_jobs[] = "0 0 * * * /usr/local/ispconfig/server/scripts/create_daily_nginx_access_logs.sh &> /dev/null";
	1329	}
7fe908	1330
0711af	1331	foreach($root_cron_jobs as $cron_job) {
T	1332	if(!in_array($cron_job."\n", $existing_root_cron_jobs)) {
	1333	$existing_root_cron_jobs[] = $cron_job."\n";
	1334	}
	1335	}
	1336	file_put_contents('crontab.txt', $existing_root_cron_jobs);
	1337	exec('crontab -u root crontab.txt &> /dev/null');
	1338	unlink('crontab.txt');
7fe908	1339
0711af	1340	//* Getmail crontab
a8a328	1341	if(is_user('getmail')) {
7fe908	1342	$cf = $conf['getmail'];
a8a328	1343	exec('crontab -u getmail -l > crontab.txt');
T	1344	$existing_cron_jobs = file('crontab.txt');
7fe908	1345
27c3a6	1346	$cron_jobs = array(
7fe908	1347	'/5 * * * /usr/local/bin/run-getmail.sh > /dev/null 2>> /dev/null'
MC	1348	);
	1349
a8a328	1350	// remove existing ispconfig cronjobs, in case the syntax has changed
9b30b0	1351	foreach($existing_cron_jobs as $key => $val) {
7fe908	1352	if(stristr($val, 'getmail')) unset($existing_cron_jobs[$key]);
0711af	1353	}
7fe908	1354
a8a328	1355	foreach($cron_jobs as $cron_job) {
T	1356	if(!in_array($cron_job."\n", $existing_cron_jobs)) {
	1357	$existing_cron_jobs[] = $cron_job."\n";
	1358	}
	1359	}
	1360	file_put_contents('crontab.txt', $existing_cron_jobs);
	1361	exec('crontab -u getmail crontab.txt &> /dev/null');
	1362	unlink('crontab.txt');
0711af	1363	}
7fe908	1364
00d730	1365	exec('touch /var/log/ispconfig/cron.log');
cc6568	1366	exec('chmod 660 /var/log/ispconfig/cron.log');
0711af	1367	}
T	1368
	1369	}
	1370
fd4cfd	1371	?>