From 5538547761447df757fa42d68c0bf17e219a6a73 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Thu, 07 May 2015 04:10:42 -0400
Subject: [PATCH] Set stronger permission settings on amavis configuration files.
---
install/dist/lib/centos53.lib.php | 1 +
install/lib/installer_base.lib.php | 8 +++++++-
install/dist/lib/fedora.lib.php | 9 ++++++++-
install/dist/lib/centos70.lib.php | 1 +
install/dist/lib/gentoo.lib.php | 8 +++++++-
install/dist/lib/opensuse.lib.php | 8 +++++++-
install/dist/lib/centos52.lib.php | 1 +
7 files changed, 32 insertions(+), 4 deletions(-)
diff --git a/install/dist/lib/centos52.lib.php b/install/dist/lib/centos52.lib.php
index f4aa4df..e0de81c 100644
--- a/install/dist/lib/centos52.lib.php
+++ b/install/dist/lib/centos52.lib.php
@@ -123,6 +123,7 @@
$content = str_replace('{hostname}', $conf['hostname'], $content);
$content = str_replace('/var/spool/amavisd/clamd.sock', '/tmp/clamd.socket', $content);
wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
+ chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
// Adding the amavisd commands to the postfix configuration
diff --git a/install/dist/lib/centos53.lib.php b/install/dist/lib/centos53.lib.php
index 93083b5..add467e 100644
--- a/install/dist/lib/centos53.lib.php
+++ b/install/dist/lib/centos53.lib.php
@@ -124,6 +124,7 @@
$content = str_replace('{hostname}', $conf['hostname'], $content);
$content = str_replace('/var/spool/amavisd/clamd.sock', '/var/run/clamav/clamd.sock', $content);
wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
+ chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
// Adding the amavisd commands to the postfix configuration
diff --git a/install/dist/lib/centos70.lib.php b/install/dist/lib/centos70.lib.php
index 682833b..9cee55f 100644
--- a/install/dist/lib/centos70.lib.php
+++ b/install/dist/lib/centos70.lib.php
@@ -124,6 +124,7 @@
$content = str_replace('{hostname}', $conf['hostname'], $content);
$content = str_replace('/var/spool/amavisd/clamd.sock', '/var/run/clamav/clamd.sock', $content);
wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
+ chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
// Adding the amavisd commands to the postfix configuration
diff --git a/install/dist/lib/fedora.lib.php b/install/dist/lib/fedora.lib.php
index 20fc3a8..65d7898 100644
--- a/install/dist/lib/fedora.lib.php
+++ b/install/dist/lib/fedora.lib.php
@@ -477,6 +477,7 @@
$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
$content = str_replace('{hostname}', $conf['hostname'], $content);
wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
+ chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
// Adding the amavisd commands to the postfix configuration
@@ -1271,7 +1272,13 @@
// Add symlink for patch tool
if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');
-
+
+ // Change mode of a few files from amavisd
+ if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
+ if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
+ if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
+ if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400);
+
}
public function configure_dbserver()
diff --git a/install/dist/lib/gentoo.lib.php b/install/dist/lib/gentoo.lib.php
index 3eebf91..07812fc 100644
--- a/install/dist/lib/gentoo.lib.php
+++ b/install/dist/lib/gentoo.lib.php
@@ -1140,7 +1140,13 @@
// Add symlink for patch tool
if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');
-
+
+ // Change mode of a few files from amavisd
+ if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
+ if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
+ if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
+ if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400);
+
}
}
diff --git a/install/dist/lib/opensuse.lib.php b/install/dist/lib/opensuse.lib.php
index 0019f34..154f0cb 100644
--- a/install/dist/lib/opensuse.lib.php
+++ b/install/dist/lib/opensuse.lib.php
@@ -525,6 +525,7 @@
$content = str_replace('{mysql_server_port}', $conf["mysql"]["port"], $content);
$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
+ chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
// Adding the amavisd commands to the postfix configuration
@@ -1345,7 +1346,12 @@
// Add symlink for patch tool
if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');
-
+ // Change mode of a few files from amavisd
+ if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
+ if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
+ if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
+ if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400);
+
}
public function configure_dbserver()
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index 85790ce..4adec7f 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -1034,7 +1034,7 @@
// amavisd user config file
$configfile = 'amavisd_user_config';
if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) copy($conf['amavis']['config_dir'].'/conf.d/50-user', $conf['amavis']['config_dir'].'/50-user~');
- if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user~')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user~', 0400);
+ if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
@@ -1042,6 +1042,7 @@
$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
wf($conf['amavis']['config_dir'].'/conf.d/50-user', $content);
+ chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
// TODO: chmod and chown on the config file
@@ -2200,6 +2201,11 @@
// Add symlink for patch tool
if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');
+ // Change mode of a few files from amavisd
+ if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
+ if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
+ if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
+ if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400);
}
public function configure_dbserver() {
--
Gitblit v1.9.1