Fixed: FS#3696 - Interface SSL keys should be owned by root
- Improved postfix SSL configuration to protect against poodle attack.
| | |
| | | exec("chmod 600 $install_dir/server/lib/mysql_clientdb.conf"); |
| | | exec("chown root:root $install_dir/server/lib/mysql_clientdb.conf"); |
| | | } |
| | | |
| | | if(is_dir($install_dir.'/interface/invoices')) { |
| | | exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices')); |
| | | exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices')); |
| | | } |
| | | |
| | | exec('chown -R root:root /usr/local/ispconfig/interface/ssl'); |
| | | |
| | | // TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing |
| | | // and must be fixed as this will allow the apache user to read the ispconfig files. |
| | |
| | | exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices')); |
| | | exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices')); |
| | | } |
| | | |
| | | exec('chown -R root:root /usr/local/ispconfig/interface/ssl'); |
| | | |
| | | // TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing |
| | | // and must be fixed as this will allow the apache user to read the ispconfig files. |
| | |
| | | exec("chmod 600 $install_dir/server/lib/mysql_clientdb.conf"); |
| | | exec("chown root:root $install_dir/server/lib/mysql_clientdb.conf"); |
| | | } |
| | | |
| | | if(is_dir($install_dir.'/interface/invoices')) { |
| | | exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices')); |
| | | exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices')); |
| | | } |
| | | |
| | | exec('chown -R root:root /usr/local/ispconfig/interface/ssl'); |
| | | |
| | | // TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing |
| | | // and must be fixed as this will allow the apache user to read the ispconfig files. |
| | |
| | | exec("openssl rsa -passin pass:$ssl_pw -in $ssl_key_file -out $ssl_key_file.insecure"); |
| | | rename($ssl_key_file, $ssl_key_file.'.secure'); |
| | | rename($ssl_key_file.'.insecure', $ssl_key_file); |
| | | |
| | | exec('chown -R root:root /usr/local/ispconfig/interface/ssl'); |
| | | |
| | | } |
| | | |
| | |
| | | exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices')); |
| | | exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices')); |
| | | } |
| | | |
| | | exec('chown -R root:root /usr/local/ispconfig/interface/ssl'); |
| | | |
| | | // TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing |
| | | // and must be fixed as this will allow the apache user to read the ispconfig files. |
| | |
| | | body_checks = regexp:{config_dir}/body_checks |
| | | owner_request_special = no |
| | | smtp_tls_security_level = may |
| | | smtpd_tls_mandatory_protocols=!SSLv2, !SSLv3 |
| | | smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 |
| | | smtpd_tls_protocols = !SSLv2,!SSLv3 |
| | | smtp_tls_protocols = !SSLv2,!SSLv3 |
| | |
| | | body_checks = regexp:{config_dir}/body_checks |
| | | inet_interfaces = all |
| | | smtp_tls_security_level = may |
| | | smtpd_tls_mandatory_protocols=!SSLv2, !SSLv3 |
| | | smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 |
| | | smtpd_tls_protocols = !SSLv2,!SSLv3 |
| | | smtp_tls_protocols = !SSLv2,!SSLv3 |
| | |
| | | body_checks = regexp:{config_dir}/body_checks |
| | | inet_interfaces = all |
| | | smtp_tls_security_level = may |
| | | smtpd_tls_mandatory_protocols=!SSLv2, !SSLv3 |
| | | smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 |
| | | smtpd_tls_protocols = !SSLv2,!SSLv3 |
| | | smtp_tls_protocols = !SSLv2,!SSLv3 |
| | |
| | | body_checks = regexp:{config_dir}/body_checks |
| | | inet_interfaces = all |
| | | smtp_tls_security_level = may |
| | | smtpd_tls_mandatory_protocols=!SSLv2, !SSLv3 |
| | | smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 |
| | | smtpd_tls_protocols = !SSLv2,!SSLv3 |
| | | smtp_tls_protocols = !SSLv2,!SSLv3 |