Added security levels for apache.
| | |
| | | exec("ln -s ".$vhost_conf_dir."/ispconfig.conf ".$vhost_conf_enabled_dir."/000-ispconfig.conf"); |
| | | } |
| | | |
| | | //* add a sshusers group |
| | | $command = 'groupadd sshusers'; |
| | | if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
| | | |
| | | } |
| | | |
| | | public function configure_firewall() |
| | |
| | | exec("ln -s ".$vhost_conf_dir."/ispconfig.conf ".$vhost_conf_enabled_dir."/000-ispconfig.conf"); |
| | | } |
| | | |
| | | //* add a sshusers group |
| | | $command = 'groupadd sshusers'; |
| | | if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
| | | |
| | | } |
| | | |
| | | public function configure_firewall() |
| | |
| | | $tpl_ini_array['web']['website_path'] = $conf['web']['website_path']; |
| | | $tpl_ini_array['web']['website_symlinks'] = $conf['web']['website_symlinks']; |
| | | $tpl_ini_array['cron']['crontab_dir'] = $conf['cron']['crontab_dir']; |
| | | $tpl_ini_array['web']['security_level'] = 20; |
| | | $tpl_ini_array['web']['user'] = $conf['web']['user']; |
| | | $tpl_ini_array['web']['group'] = $conf['web']['group']; |
| | | |
| | | $server_ini_content = array_to_ini($tpl_ini_array); |
| | | $server_ini_content = mysql_real_escape_string($server_ini_content); |
| | |
| | | exec('ln -s /etc/webalizer.conf /etc/webalizer/webalizer.conf'); |
| | | } |
| | | |
| | | //* add a sshusers group |
| | | $command = 'groupadd sshusers'; |
| | | if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); |
| | | |
| | | |
| | | |
| | | } |
| | | |
| | |
| | | website_symlinks=/var/www/[website_domain]/:/var/www/clients/client[client_id]/[website_domain]/ |
| | | vhost_conf_dir=/etc/apache2/sites-available |
| | | vhost_conf_enabled_dir=/etc/apache2/sites-enabled |
| | | securiry_level=10 |
| | | apache_user=www-data |
| | | apache_group=www-data |
| | | |
| | | [fastcgi] |
| | | fastcgi_starter_path=/var/www/php-fcgi-scripts/[system_user]/ |
| | |
| | | 'width' => '40', |
| | | 'maxlength' => '255' |
| | | ), |
| | | 'security_level' => array ( |
| | | 'datatype' => 'VARCHAR', |
| | | 'formtype' => 'SELECT', |
| | | 'default' => '20', |
| | | 'value' => array('10' => 'Medium', '20' => 'High') |
| | | ), |
| | | 'user' => array ( |
| | | 'datatype' => 'VARCHAR', |
| | | 'formtype' => 'TEXT', |
| | | 'default' => '', |
| | | 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', |
| | | 'errmsg'=> 'apache_user_error_empty'), |
| | | ), |
| | | 'value' => '', |
| | | 'width' => '40', |
| | | 'maxlength' => '255' |
| | | ), |
| | | 'group' => array ( |
| | | 'datatype' => 'VARCHAR', |
| | | 'formtype' => 'TEXT', |
| | | 'default' => '', |
| | | 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', |
| | | 'errmsg'=> 'apache_group_error_empty'), |
| | | ), |
| | | 'value' => '', |
| | | 'width' => '40', |
| | | 'maxlength' => '255' |
| | | ), |
| | | ################################## |
| | | # ENDE Datatable fields |
| | | ################################## |
| | |
| | | $wb["init_script_txt"] = 'Cron init script name'; |
| | | $wb["crontab_dir_txt"] = 'Path for individual crontabs'; |
| | | $wb["wget_txt"] = 'Path to wget program'; |
| | | $wb["security_level_txt"] = 'Security level'; |
| | | ?> |
| | |
| | | <label for="vhost_conf_enabled_dir">{tmpl_var name='vhost_conf_enabled_dir_txt'}</label> |
| | | <input name="vhost_conf_enabled_dir" id="vhost_conf_enabled_dir" value="{tmpl_var name='vhost_conf_enabled_dir'}" size="40" maxlength="255" type="text" class="textInput" /> |
| | | </div> |
| | | <div class="ctrlHolder"> |
| | | <p class="label">{tmpl_var name='security_level_txt'}</p> |
| | | <div class="multiField"> |
| | | <select name="security_level" id="security_level" class="selectInput"> |
| | | {tmpl_var name='security_level'} |
| | | </select> |
| | | </div> |
| | | </div> |
| | | <div class="ctrlHolder"> |
| | | <label for="user">{tmpl_var name='user_txt'}</label> |
| | | <input name="user" id="user" value="{tmpl_var name='user'}" size="40" maxlength="255" type="text" class="textInput" /> |
| | | </div> |
| | | <div class="ctrlHolder"> |
| | | <label for="group">{tmpl_var name='group_txt'}</label> |
| | | <input name="group" id="group" value="{tmpl_var name='group'}" size="40" maxlength="255" type="text" class="textInput" /> |
| | | </div> |
| | | </fieldset> |
| | | |
| | | <input type="hidden" name="id" value="{tmpl_var name='id'}"> |
| | |
| | | $module["startpage"] = "dns/dns_soa_list.php"; |
| | | $module["tab_width"] = ''; |
| | | |
| | | |
| | | $items[] = array( 'title' => "Add DNS Zone", |
| | | 'target' => 'content', |
| | | 'link' => 'dns/dns_wizard.php'); |
| | | |
| | | if($_SESSION["s"]["user"]["typ"] == 'admin') { |
| | | |
| | | $items[] = array( 'title' => "Templates", |
| | | 'target' => 'content', |
| | | 'link' => 'dns/dns_template_list.php'); |
| | | } |
| | | |
| | | |
| | | $module["nav"][] = array( 'title' => 'DNS Wizard', |
| | | 'open' => 1, |
| | | 'items' => $items); |
| | | |
| | | |
| | | unset($items); |
| | | |
| | | /* |
| | | Email accounts menu |
| | | */ |
| | |
| | | 'items' => $items); |
| | | |
| | | unset($items); |
| | | |
| | | |
| | | $items[] = array( 'title' => "Add DNS Zone", |
| | | 'target' => 'content', |
| | | 'link' => 'dns/dns_wizard.php'); |
| | | |
| | | if($_SESSION["s"]["user"]["typ"] == 'admin') { |
| | | |
| | | $items[] = array( 'title' => "Templates", |
| | | 'target' => 'content', |
| | | 'link' => 'dns/dns_template_list.php'); |
| | | } |
| | | |
| | | |
| | | $module["nav"][] = array( 'title' => 'DNS Wizard', |
| | | 'open' => 1, |
| | | 'items' => $items); |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | |
| | | php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@<tmpl_var name='domain'>" |
| | | php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp |
| | | php_admin_value session.save_path <tmpl_var name='document_root'>/tmp |
| | | #php_admin_value open_basedir <tmpl_var name='document_root'>:/usr/share/php5 |
| | | <tmpl_if name='security_level' op='==' value='20'> |
| | | php_admin_value open_basedir <tmpl_var name='document_root'>/web:<tmpl_var name='document_root'>/tmp:/usr/share/php5 |
| | | </tmpl_if> |
| | | </tmpl_if> |
| | | <tmpl_if name='php' op='==' value='suphp'> |
| | | # suphp enabled |
| | |
| | | php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@<tmpl_var name='domain'>" |
| | | php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp |
| | | php_admin_value session.save_path <tmpl_var name='document_root'>/tmp |
| | | #php_admin_value open_basedir <tmpl_var name='document_root'>:/usr/share/php5 |
| | | <tmpl_if name='security_level' op='==' value='20'> |
| | | php_admin_value open_basedir <tmpl_var name='document_root'>/web:<tmpl_var name='document_root'>/tmp:/usr/share/php5 |
| | | </tmpl_if> |
| | | </tmpl_if> |
| | | <tmpl_if name='php' op='==' value='suphp'> |
| | | suPHP_Engine on |
| | |
| | | |
| | | $username = escapeshellcmd($data["new"]["system_user"]); |
| | | if($data["new"]["system_user"] != '' && !$app->system->is_user($data["new"]["system_user"])) { |
| | | exec("useradd -d ".escapeshellcmd($data["new"]["document_root"])." -g $groupname $username -s /bin/false"); |
| | | exec("useradd -d ".escapeshellcmd($data["new"]["document_root"])." -g $groupname -G sshusers $username -s /bin/false"); |
| | | $app->log("Adding the user: $username",LOGLEVEL_DEBUG); |
| | | } |
| | | |
| | |
| | | exec("setquota -T -u $username 604800 604800 -a &> /dev/null"); |
| | | } |
| | | |
| | | |
| | | if($this->action == 'insert') { |
| | | // Chown and chmod the directories below the document root |
| | | exec("chown -R $username:$groupname ".escapeshellcmd($data["new"]["document_root"])); |
| | |
| | | exec("chown root:root ".escapeshellcmd($data["new"]["document_root"])); |
| | | } |
| | | |
| | | // make temp direcory writable for the apache user and the website user |
| | | exec("chmod 777 ".escapeshellcmd($data["new"]["document_root"]."/tmp")); |
| | | |
| | | |
| | | // If the security level is set to high |
| | | if($web_config['security_level'] == 20) { |
| | | |
| | | exec("chmod 711 ".escapeshellcmd($data["new"]["document_root"]."/")); |
| | | exec("chmod 711 ".escapeshellcmd($data["new"]["document_root"]."/*")); |
| | | exec("chmod 710 ".escapeshellcmd($data["new"]["document_root"]."/web")); |
| | | |
| | | //* Change the home directory and group of the website user |
| | | $command = 'usermod'; |
| | | $command .= ' --groups sshusers,'.escapeshellcmd($web_config['group']); |
| | | $command .= ' '.escapeshellcmd($data["new"]["system_user"]); |
| | | exec($command); |
| | | $app->log("Modifying user: $command",LOGLEVEL_DEBUG); |
| | | |
| | | // make temp direcory writable for the apache user and the website user |
| | | // exec("chmod 777 ".escapeshellcmd($data["new"]["document_root"]."/tmp")); |
| | | // If the security Level is set to medium |
| | | } else { |
| | | |
| | | exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"]."/")); |
| | | exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"]."/*")); |
| | | |
| | | //* Change the home directory and group of the website user |
| | | $command = 'usermod'; |
| | | $command .= ' --groups sshusers '; |
| | | $command .= ' '.escapeshellcmd($data["new"]["system_user"]); |
| | | exec($command); |
| | | $app->log("Modifying user: $command",LOGLEVEL_DEBUG); |
| | | |
| | | // make temp direcory writable for the apache user and the website user |
| | | exec("chmod 777 ".escapeshellcmd($data["new"]["document_root"]."/tmp")); |
| | | } |
| | | |
| | | |
| | | // Create the vhost config file |
| | |
| | | $vhost_data["web_document_root"] = $data["new"]["document_root"]."/web"; |
| | | $vhost_data["web_document_root_www"] = $web_config["website_basedir"]."/".$data["new"]["domain"]."/web"; |
| | | $vhost_data["web_basedir"] = $web_config["website_basedir"]; |
| | | $vhost_data["security_level"] = $web_config["security_level"]; |
| | | |
| | | // Check if a SSL cert exists |
| | | $ssl_dir = $data["new"]["document_root"]."/ssl"; |