From 5538547761447df757fa42d68c0bf17e219a6a73 Mon Sep 17 00:00:00 2001 From: Till Brehm <tbrehm@ispconfig.org> Date: Thu, 07 May 2015 04:10:42 -0400 Subject: [PATCH] Set stronger permission settings on amavis configuration files. --- install/dist/lib/centos53.lib.php | 1 + install/lib/installer_base.lib.php | 8 +++++++- install/dist/lib/fedora.lib.php | 9 ++++++++- install/dist/lib/centos70.lib.php | 1 + install/dist/lib/gentoo.lib.php | 8 +++++++- install/dist/lib/opensuse.lib.php | 8 +++++++- install/dist/lib/centos52.lib.php | 1 + 7 files changed, 32 insertions(+), 4 deletions(-) diff --git a/install/dist/lib/centos52.lib.php b/install/dist/lib/centos52.lib.php index f4aa4df..e0de81c 100644 --- a/install/dist/lib/centos52.lib.php +++ b/install/dist/lib/centos52.lib.php @@ -123,6 +123,7 @@ $content = str_replace('{hostname}', $conf['hostname'], $content); $content = str_replace('/var/spool/amavisd/clamd.sock', '/tmp/clamd.socket', $content); wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content); + chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640); // Adding the amavisd commands to the postfix configuration diff --git a/install/dist/lib/centos53.lib.php b/install/dist/lib/centos53.lib.php index 93083b5..add467e 100644 --- a/install/dist/lib/centos53.lib.php +++ b/install/dist/lib/centos53.lib.php @@ -124,6 +124,7 @@ $content = str_replace('{hostname}', $conf['hostname'], $content); $content = str_replace('/var/spool/amavisd/clamd.sock', '/var/run/clamav/clamd.sock', $content); wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content); + chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640); // Adding the amavisd commands to the postfix configuration diff --git a/install/dist/lib/centos70.lib.php b/install/dist/lib/centos70.lib.php index 682833b..9cee55f 100644 --- a/install/dist/lib/centos70.lib.php +++ b/install/dist/lib/centos70.lib.php @@ -124,6 +124,7 @@ $content = str_replace('{hostname}', $conf['hostname'], $content); $content = str_replace('/var/spool/amavisd/clamd.sock', '/var/run/clamav/clamd.sock', $content); wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content); + chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640); // Adding the amavisd commands to the postfix configuration diff --git a/install/dist/lib/fedora.lib.php b/install/dist/lib/fedora.lib.php index 20fc3a8..65d7898 100644 --- a/install/dist/lib/fedora.lib.php +++ b/install/dist/lib/fedora.lib.php @@ -477,6 +477,7 @@ $content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content); $content = str_replace('{hostname}', $conf['hostname'], $content); wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content); + chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640); // Adding the amavisd commands to the postfix configuration @@ -1271,7 +1272,13 @@ // Add symlink for patch tool if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch'); - + + // Change mode of a few files from amavisd + if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640); + if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400); + if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640); + if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400); + } public function configure_dbserver() diff --git a/install/dist/lib/gentoo.lib.php b/install/dist/lib/gentoo.lib.php index 3eebf91..07812fc 100644 --- a/install/dist/lib/gentoo.lib.php +++ b/install/dist/lib/gentoo.lib.php @@ -1140,7 +1140,13 @@ // Add symlink for patch tool if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch'); - + + // Change mode of a few files from amavisd + if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640); + if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400); + if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640); + if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400); + } } diff --git a/install/dist/lib/opensuse.lib.php b/install/dist/lib/opensuse.lib.php index 0019f34..154f0cb 100644 --- a/install/dist/lib/opensuse.lib.php +++ b/install/dist/lib/opensuse.lib.php @@ -525,6 +525,7 @@ $content = str_replace('{mysql_server_port}', $conf["mysql"]["port"], $content); $content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content); wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content); + chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640); // Adding the amavisd commands to the postfix configuration @@ -1345,7 +1346,12 @@ // Add symlink for patch tool if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch'); - + // Change mode of a few files from amavisd + if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640); + if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400); + if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640); + if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400); + } public function configure_dbserver() diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index 85790ce..4adec7f 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -1034,7 +1034,7 @@ // amavisd user config file $configfile = 'amavisd_user_config'; if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) copy($conf['amavis']['config_dir'].'/conf.d/50-user', $conf['amavis']['config_dir'].'/50-user~'); - if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user~')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user~', 0400); + if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400); $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master'); $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content); $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content); @@ -1042,6 +1042,7 @@ $content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content); $content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content); wf($conf['amavis']['config_dir'].'/conf.d/50-user', $content); + chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640); // TODO: chmod and chown on the config file @@ -2200,6 +2201,11 @@ // Add symlink for patch tool if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch'); + // Change mode of a few files from amavisd + if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640); + if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400); + if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640); + if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400); } public function configure_dbserver() { -- Gitblit v1.9.1