Modified install / update to copy over jailkit configs
Included jailkit config templates
Added bash.bashrc and motd templates to copy over for for chroot system
Updated ispconfig vhost to include php fastcgi configs if fastcgi is enabled. What if the module is loaded too ?
TODO: jailkit chroot is still not loading the modified motd in /etc/motd and /var/run/motd ??
7 files modified
5 files added
| | |
| | | $conf['mydns']['config_dir'] = '/etc'; |
| | | $conf['mydns']['init_script'] = 'mydns'; |
| | | |
| | | //* Jailkit |
| | | $conf['jailkit']['config_dir'] = '/etc/jailkit'; |
| | | $conf['jailkit']['jk_init'] = 'jk_init.ini'; |
| | | $conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini'; |
| | | |
| | | ?> |
| | |
| | | $dist['mydns']['config_dir'] = '/etc'; |
| | | $dist['mydns']['init_script'] = 'mydns'; |
| | | |
| | | //* Jailkit |
| | | $conf['jailkit']['config_dir'] = '/etc/jailkit'; |
| | | $conf['jailkit']['jk_init'] = 'jk_init.ini'; |
| | | $conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini'; |
| | | |
| | | ?> |
| | |
| | | |
| | | //* Configure postfix |
| | | $inst->configure_postfix(); |
| | | |
| | | //* Configure postfix |
| | | swriteln('Configuring Jailkit'); |
| | | $inst->configure_jailkit(); |
| | | |
| | | //* Configure saslauthd |
| | | swriteln('Configuring SASL'); |
| | |
| | | wf($full_file_name, $content); |
| | | } |
| | | |
| | | |
| | | public function configure_jailkit() |
| | | { |
| | | $cf = $this->conf['jailkit']; |
| | | $config_dir = $cf['config_dir']; |
| | | $jk_init = $cf['jk_init']; |
| | | $jk_chrootsh = $cf['jk_chrootsh']; |
| | | |
| | | if (!is_dir($config_dir)) |
| | | { |
| | | copy($config_dir.'/'.$jk_init, $config_dir.'/'.$jk_init.'~'); |
| | | copy($config_dir.'/'.$jk_chrootsh.".master", $config_dir.'/'.$jk_chrootsh.'~'); |
| | | |
| | | copy('tpl/'.$jk_init.".master", $config_dir.'/'.$jk_init); |
| | | copy('tpl/'.$jk_chrootsh.".master", $config_dir.'/'.$jk_chrootsh); |
| | | } |
| | | |
| | | } |
| | | |
| | | public function configure_postfix($options = '') |
| | | { |
| | | $cf = $this->conf['postfix']; |
New file |
| | |
| | | ## example for a user |
| | | #[test] |
| | | #env= DISPLAY, XAUTHORITY |
| | | # |
| | | ##example for a group, there should be only 1 space inbetween the words! |
| | | #[group users] |
| | | #env = DISPLAY, XAUTHORITY |
| | | # |
| | | [DEFAULT] |
| | | #relax_home_group=1 |
| | | skip_injail_passwd_check=1 |
| | | injail_shell=/bin/bash |
| | | env = TERM, PATH |
New file |
| | |
| | | [uidbasics] |
| | | # this section probably needs adjustment on 64bit systems |
| | | # or non-Linux systems |
| | | comment = common files for all jails that need user/group information |
| | | libraries = /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss*.so.2, /lib64/libnss*.so.2 |
| | | regularfiles = /etc/nsswitch.conf /etc/ld.so.conf |
| | | |
| | | [netbasics] |
| | | comment = common files for all jails that need any internet connectivity |
| | | libraries = /lib/libnss_dns.so.2, /lib64/libnss_dns.so.2 |
| | | regularfiles = /etc/resolv.conf, /etc/host.conf, /etc/hosts, /etc/protocols |
| | | |
| | | [logbasics] |
| | | comment = timezone information |
| | | regularfiles = /etc/localtime |
| | | need_logsocket = 1 |
| | | |
| | | [jk_lsh] |
| | | comment = Jailkit limited shell |
| | | executables = /usr/sbin/jk_lsh |
| | | regularfiles = /etc/jailkit/jk_lsh.ini |
| | | users = root |
| | | groups = root |
| | | need_logsocket = 1 |
| | | includesections = uidbasics |
| | | |
| | | [limitedshell] |
| | | comment = alias for jk_lsh |
| | | includesections = jk_lsh |
| | | |
| | | [cvs] |
| | | comment = Concurrent Versions System |
| | | executables = /usr/bin/cvs |
| | | devices = /dev/null |
| | | |
| | | [git] |
| | | comment = Fast Version Control System |
| | | executables = /usr/bin/git* |
| | | directories = /usr/share/git-core |
| | | includesections = editors |
| | | |
| | | [scp] |
| | | comment = ssh secure copy |
| | | executables = /usr/bin/scp |
| | | includesections = netbasics, uidbasics |
| | | devices = /dev/urandom |
| | | |
| | | [sftp] |
| | | comment = ssh secure ftp |
| | | executables = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server, /usr/libexec/sftp-server |
| | | includesections = netbasics, uidbasics |
| | | devices = /dev/urandom, /dev/null |
| | | |
| | | [ssh] |
| | | comment = ssh secure shell |
| | | executables = /usr/bin/ssh |
| | | includesections = netbasics, uidbasics |
| | | devices = /dev/urandom, /dev/tty |
| | | |
| | | [rsync] |
| | | executables = /usr/bin/rsync |
| | | includesections = netbasics, uidbasics |
| | | |
| | | [procmail] |
| | | comment = procmail mail delivery |
| | | executables = /usr/bin/procmail, /bin/sh |
| | | devices = /dev/null |
| | | |
| | | [basicshell] |
| | | comment = bash based shell with several basic utilities |
| | | executables = /bin/sh, /bin/bash, /bin/ls, /bin/cat, /bin/chmod, /bin/mkdir, /bin/cp, /bin/cpio, /bin/date, /bin/dd, /bin/echo, /bin/egrep, /bin/false, /bin/fgrep, /bin/grep, /bin/gunzip, /bin/gzip, /bin/ln, /bin/ls, /bin/mkdir, /bin/mktemp, /bin/more, /bin/mv, /bin/pwd, /bin/rm, /bin/rmdir, /bin/sed, /bin/sh, /bin/sleep, /bin/sync, /bin/tar, /bin/touch, /bin/true, /bin/uncompress, /bin/zcat |
| | | regularfiles = /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile |
| | | directories = /usr/lib/locale/en_US.utf8 |
| | | users = root |
| | | groups = root |
| | | includesections = uidbasics |
| | | |
| | | [midnightcommander] |
| | | comment = Midnight Commander |
| | | executables = /usr/bin/mc, /usr/bin/mcedit, /usr/bin/mcview |
| | | directories = /etc/terminfo, /usr/share/terminfo, /usr/share/mc |
| | | includesections = basicshell |
| | | |
| | | [extendedshell] |
| | | comment = bash shell including things like awk, bzip, tail, less |
| | | executables = /usr/bin/awk, /usr/bin/bzip2, /usr/bin/bunzip2, /usr/bin/ldd, /usr/bin/less, /usr/bin/clear, /usr/bin/cut, /usr/bin/du, /usr/bin/find, /usr/bin/head, /usr/bin/less, /usr/bin/md5sum, /usr/bin/nice, /usr/bin/sort, /usr/bin/tac, /usr/bin/tail, /usr/bin/tr, /usr/bin/sort, /usr/bin/wc, /usr/bin/watch, /usb/bin/whoami |
| | | includesections = basicshell, midnightcommander, editors |
| | | |
| | | [editors] |
| | | comment = vim, joe and nano |
| | | executables = /usb/bin/joe, /usr/bin/nano, /usr/bin/vi, /usr/bin/vim, /usr/bin/pico |
| | | regularfiles = /etc/vimrc |
| | | directories = /etc/joe, /etc/terminfo, /usr/share/vim, /usr/share/terminfo, /lib/terminfo |
| | | |
| | | [netutils] |
| | | comment = several internet utilities like wget, ftp, rsync, scp, ssh |
| | | executables = /usr/bin/wget, /usr/bin/lynx, /usr/bin/ftp, /usr/bin/host, /usr/bin/rsync, /usr/bin/smbclient |
| | | includesections = netbasics, ssh, sftp, scp |
| | | |
| | | [apacheutils] |
| | | comment = htpasswd utility |
| | | executables = /usr/bin/htpasswd |
| | | |
| | | [extshellplusnet] |
| | | comment = alias for extendedshell + netutils + apacheutils |
| | | includesections = extendedshell, netutils, apacheutils |
| | | |
| | | [openvpn] |
| | | comment = jail for the openvpn daemon |
| | | executables = /usr/sbin/openvpn |
| | | users = root,nobody |
| | | groups = root,nogroup |
| | | includesections = netbasics |
| | | devices = /dev/urandom, /dev/random, /dev/net/tun |
| | | includesections = netbasics, uidbasics |
| | | need_logsocket = 1 |
| | | |
| | | [apache] |
| | | comment = the apache webserver, very basic setup, probably too limited for you |
| | | executables = /usr/sbin/apache |
| | | users = root, www-data |
| | | groups = root, www-data |
| | | includesections = netbasics, uidbasics |
| | | |
| | | [perl] |
| | | comment = the perl interpreter and libraries |
| | | executables = /usr/bin/perl |
| | | directories = /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5 |
| | | |
| | | [xauth] |
| | | comment = getting X authentication to work |
| | | executables = /usr/bin/X11/xauth |
| | | regularfiles = /usr/X11R6/lib/X11/rgb.txt, /etc/ld.so.conf |
| | | |
| | | [xclients] |
| | | comment = minimal files for X clients |
| | | regularfiles = /usr/X11R6/lib/X11/rgb.txt |
| | | includesections = xauth |
| | | |
| | | [vncserver] |
| | | comment = the VNC server program |
| | | executables = /usr/bin/Xvnc, /usr/bin/Xrealvnc |
| | | directories = /usr/X11R6/lib/X11/fonts/ |
| | | includesections = xclients |
| | | |
| | | |
| | | #[xterm] |
| | | #comment = xterm |
| | | #executables = /usr/bin/X11/xterm |
| | | #directories = /usr/share/terminfo, /etc/terminfo |
| | | #devices = /dev/pts/0, /dev/pts/1, /dev/pts/2, /dev/pts/3, /dev/pts/4, /dev/ptyb4, /dev/ptya4, /dev/tty, /dev/tty0, /dev/tty4 |
| | |
| | | if($reconfigure_services_answer == 'yes') { |
| | | //** Configure postfix |
| | | $inst->configure_postfix('dont-create-certs'); |
| | | |
| | | |
| | | //* Configure postfix |
| | | swriteln('Configuring Jailkit'); |
| | | $inst->configure_jailkit(); |
| | | |
| | | //** Configure saslauthd |
| | | swriteln('Configuring SASL'); |
| | | $inst->configure_saslauthd(); |
New file |
| | |
| | | #!/bin/sh |
| | | PHPRC="/etc/php5/cgi/" |
| | | export PHPRC |
| | | PHP_DOCUMENT_ROOT="/usr/local/ispconfig/interface/web/" |
| | | export PHP_DOCUMENT_ROOT |
| | | PHP_FCGI_CHILDREN=8 |
| | | export PHP_FCGI_CHILDREN |
| | | PHP_FCGI_MAX_REQUESTS=5000 |
| | | export PHP_FCGI_MAX_REQUESTS |
| | | exec /usr/bin/php-cgi $1 |
New file |
| | |
| | | |
| | | <tmpl_if name='jailkit_chroot'> |
| | | ## Hack for Jailkit User to change back to the logged in user ## |
| | | if [ "$LOGNAME" != $USER ]; then |
| | | export HOME=<tmpl_var name='home_dir'>$LOGNAME |
| | | export USER=$LOGNAME |
| | | export USERNAME=$LOGNAME |
| | | cd $HOME |
| | | fi |
| | | |
| | | ## Change machine hostname to site domain ## |
| | | export HOSTNAME=<tmpl_var name='domain'> |
| | | |
| | | </tmpl_if> |
| | | |
| | | |
| | | # If not running interactively, don't do anything |
| | | [ -z "$PS1" ] && return |
| | | |
| | | |
| | | # check the window size after each command and, if necessary, |
| | | # update the values of LINES and COLUMNS. |
| | | shopt -s checkwinsize |
| | | |
| | | # make less more friendly for non-text input files, see lesspipe(1) |
| | | [ -x /usr/bin/lesspipe ] && eval "$(lesspipe)" |
| | | |
| | | |
| | | # set a fancy prompt (non-color, unless we know we "want" color) |
| | | case "$TERM" in |
| | | xterm-color) |
| | | PS1='\[\033[01;32m\]$USER@$HOSTNAME\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' |
| | | ;; |
| | | *) |
| | | PS1='\$USER@$HOSTNAME:\w\$ ' |
| | | ;; |
| | | esac |
| | | |
| | | |
| | | # If this is an xterm set the title to user@host:dir |
| | | case "$TERM" in |
| | | xterm*|rxvt*) |
| | | PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME}: ${PWD/$HOME/~}\007"' |
| | | ;; |
| | | *) |
| | | ;; |
| | | esac |
| | | |
| | | |
| | | # enable color support of ls and also add handy aliases |
| | | if [ "$TERM" != "dumb" ]; then |
| | | eval "`dircolors -b`" |
| | | alias ls='ls --color=auto' |
| | | #alias dir='ls --color=auto --format=vertical' |
| | | #alias vdir='ls --color=auto --format=long' |
| | | fi |
| | | |
| | | # some more ls aliases |
| | | #alias ll='ls -l' |
| | | #alias la='ls -A' |
| | | #alias l='ls -CF' |
| | | |
| | | |
New file |
| | |
| | | Welcome To Site <tmpl_var name='domain'> |
| | | |
| | | |
| | | |
| | |
| | | $fastcgi_config = $app->getconf->get_server_config($conf["server_id"], 'fastcgi'); |
| | | |
| | | $fastcgi_starter_path = str_replace("[system_user]",$data["new"]["system_user"],$fastcgi_config["fastcgi_starter_path"]); |
| | | $fastcgi_starter_path = str_replace("[client_id]",$client_id,$fastcgi_starter_path); |
| | | |
| | | if (!is_dir($fastcgi_starter_path)) |
| | | { |
| | | exec("mkdir -p $fastcgi_starter_path"); |
| | | exec("chown ".$data["new"]["system_user"].":".$data["new"]["system_group"]." $fastcgi_starter_path"); |
| | | exec("mkdir -p ".escapeshellcmd($fastcgi_starter_path)); |
| | | exec("chown ".$data["new"]["system_user"].":".$data["new"]["system_group"]." ".escapeshellcmd($fastcgi_starter_path)); |
| | | |
| | | |
| | | $app->log("Creating fastcgi starter script directory: $fastcgi_starter_path",LOGLEVEL_DEBUG); |
| | |
| | | $fcgi_tpl->setVar('php_fcgi_max_requests',$fastcgi_config["fastcgi_max_requests"]); |
| | | $fcgi_tpl->setVar('php_fcgi_bin',$fastcgi_config["fastcgi_bin"]); |
| | | |
| | | $fcgi_starter_script = escapeshellcmd($fastcgi_starter_path."/".$fastcgi_config["fastcgi_starter_script"]); |
| | | $fcgi_starter_script = escapeshellcmd($fastcgi_starter_path.$fastcgi_config["fastcgi_starter_script"]); |
| | | file_put_contents($fcgi_starter_script,$fcgi_tpl->grab()); |
| | | unset($fcgi_tpl); |
| | | |
| | |
| | | } |
| | | |
| | | //* This function is called, when a shell user is deleted in the database |
| | | /** |
| | | * TODO: Remove chroot user home and from the chroot passwd file |
| | | */ |
| | | function delete($event_name,$data) { |
| | | global $app, $conf; |
| | | |
| | |
| | | |
| | | $jailkit_chroot_userhome = $this->_get_home_dir($data['old']['username']); |
| | | |
| | | exec('rm -rf '.$data['old']['dir'].$jailkit_chroot_userhome); |
| | | //commented out proved to be dangerous on config errors |
| | | //exec('rm -rf '.$data['old']['dir'].$jailkit_chroot_userhome); |
| | | |
| | | |
| | | $app->log("Jalikit Plugin -> delete chroot home:".$data['old']['dir'].$jailkit_chroot_userhome,LOGLEVEL_DEBUG); |
| | |
| | | |
| | | $this->_add_jailkit_programs(); |
| | | |
| | | //add bash.bashrc script |
| | | //we need to collect the domain name to be used as the HOSTNAME in the bashrc script |
| | | $web = $this->app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id = ".intval($this->data['new']["parent_domain_id"])); |
| | | |
| | | $this->app->load('tpl'); |
| | | |
| | | $tpl = new tpl(); |
| | | $tpl->newTemplate("bash.bashrc.master"); |
| | | |
| | | $tpl->setVar('jailkit_chroot',true); |
| | | $tpl->setVar('domain',$web['domain']); |
| | | $tpl->setVar('home_dir',$this->_get_home_dir("")); |
| | | |
| | | $bashrc = escapeshellcmd($this->data['new']['dir']).'/etc/bash.bashrc'; |
| | | exec('rm '.$bashrc); |
| | | |
| | | file_put_contents($bashrc,$tpl->grab()); |
| | | unset($tpl); |
| | | |
| | | $this->app->log("Added bashrc scrpt : ".$bashrc,LOGLEVEL_DEBUG); |
| | | |
| | | $tpl = new tpl(); |
| | | $tpl->newTemplate("motd.master"); |
| | | |
| | | $tpl->setVar('domain',$web['domain']); |
| | | |
| | | $motd = escapeshellcmd($this->data['new']['dir']).'/var/run/motd'; |
| | | exec('rm '.$motd); |
| | | |
| | | file_put_contents($motd,$tpl->grab()); |
| | | |
| | | } |
| | | } |
| | |
| | | |
| | | $this->app->log("Added jailkit user to chroot with command: ".$command,LOGLEVEL_DEBUG); |
| | | |
| | | exec("mkdir -p ".$this->data['new']['dir'].$jailkit_chroot_userhome); |
| | | exec("chown ".$this->data['new']['username'].":".$this->data['new']['pgroup']." ".$this->data['new']['dir'].$jailkit_chroot_userhome); |
| | | exec("mkdir -p ".escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome)); |
| | | exec("chown ".$this->data['new']['username'].":".$this->data['new']['pgroup']." ".escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome)); |
| | | |
| | | $this->app->log("Added created jailkit user home in : ".$this->data['new']['dir'].$jailkit_chroot_userhome,LOGLEVEL_DEBUG); |
| | | |
| | | exec("mkdir -p ".$this->data['new']['dir'].$jailkit_chroot_puserhome); |
| | | exec("chown ".$this->data['new']['puser'].":".$this->data['new']['pgroup']." ".$this->data['new']['dir'].$jailkit_chroot_puserhome); |
| | | exec("mkdir -p ".escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome)); |
| | | exec("chown ".$this->data['new']['puser'].":".$this->data['new']['pgroup']." ".escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome)); |
| | | |
| | | $this->app->log("Added created jailkit parent user home in : ".$this->data['new']['dir'].$jailkit_chroot_puserhome,LOGLEVEL_DEBUG); |
| | | |
| | | } |
| | | } |
| | | |