Modified install / update to copy over jailkit configs

Included jailkit config templates
Added bash.bashrc and motd templates to copy over for for chroot system
Updated ispconfig vhost to include php fastcgi configs if fastcgi is enabled. What if the module is loaded too ?
TODO: jailkit chroot is still not loading the modified motd in /etc/motd and /var/run/motd ??

Author: daniel

install/dist/conf/debian40.conf.php

@@ -76,4 +76,9 @@
 $conf['mydns']['config_dir'] = '/etc';
 $conf['mydns']['init_script'] = 'mydns';
 
+//* Jailkit
+$conf['jailkit']['config_dir'] = '/etc/jailkit';
+$conf['jailkit']['jk_init'] = 'jk_init.ini';
+$conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini';
+
 ?>

install/dist/conf/gentoo.conf.php

@@ -62,4 +62,9 @@
 $dist['mydns']['config_dir'] = '/etc';
 $dist['mydns']['init_script'] = 'mydns';
 
+//* Jailkit
+$conf['jailkit']['config_dir'] = '/etc/jailkit';
+$conf['jailkit']['jk_init'] = 'jk_init.ini';
+$conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini';
+
 ?>

install/install.php

@@ -134,6 +134,10 @@
 
 	//* Configure postfix
 	$inst->configure_postfix();
+	
+	//* Configure postfix
+	swriteln('Configuring Jailkit');
+	$inst->configure_jailkit();
 
 	//* Configure saslauthd
 	swriteln('Configuring SASL');

install/lib/installer_base.lib.php

@@ -183,7 +183,24 @@ private function process_postfix_config($configfile)
         wf($full_file_name, $content);
     }
 
-
+	public function configure_jailkit()
+    {
+        $cf = $this->conf['jailkit'];
+		$config_dir = $cf['config_dir'];
+		$jk_init = $cf['jk_init'];
+		$jk_chrootsh = $cf['jk_chrootsh'];
+		
+		if (!is_dir($config_dir))
+		{
+			copy($config_dir.'/'.$jk_init, $config_dir.'/'.$jk_init.'~');
+			copy($config_dir.'/'.$jk_chrootsh.".master", $config_dir.'/'.$jk_chrootsh.'~');
+			
+			copy('tpl/'.$jk_init.".master", $config_dir.'/'.$jk_init);
+			copy('tpl/'.$jk_chrootsh.".master", $config_dir.'/'.$jk_chrootsh);
+		}
+		
+    }
+        
 	public function configure_postfix($options = '')
     {
         $cf = $this->conf['postfix'];

install/tpl/jk_chrootsh.ini.master

@@ -0,0 +1,13 @@
+## example for a user
+#[test]
+#env= DISPLAY, XAUTHORITY
+#
+##example for a group, there should be only 1 space inbetween the words!
+#[group users]
+#env = DISPLAY, XAUTHORITY
+#
+[DEFAULT]
+#relax_home_group=1
+skip_injail_passwd_check=1
+injail_shell=/bin/bash
+env = TERM, PATH

install/tpl/jk_init.ini.master

@@ -0,0 +1,151 @@
+[uidbasics]
+# this section probably needs adjustment on 64bit systems
+# or non-Linux systems
+comment = common files for all jails that need user/group information
+libraries = /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss*.so.2, /lib64/libnss*.so.2
+regularfiles = /etc/nsswitch.conf /etc/ld.so.conf
+
+[netbasics]
+comment = common files for all jails that need any internet connectivity
+libraries = /lib/libnss_dns.so.2, /lib64/libnss_dns.so.2
+regularfiles = /etc/resolv.conf, /etc/host.conf, /etc/hosts, /etc/protocols
+
+[logbasics]
+comment = timezone information
+regularfiles = /etc/localtime
+need_logsocket = 1
+
+[jk_lsh]
+comment = Jailkit limited shell
+executables = /usr/sbin/jk_lsh
+regularfiles = /etc/jailkit/jk_lsh.ini
+users = root
+groups = root
+need_logsocket = 1
+includesections = uidbasics
+
+[limitedshell]
+comment = alias for jk_lsh
+includesections = jk_lsh
+
+[cvs]
+comment = Concurrent Versions System
+executables = /usr/bin/cvs
+devices = /dev/null
+
+[git]
+comment = Fast Version Control System
+executables = /usr/bin/git*
+directories = /usr/share/git-core
+includesections = editors
+
+[scp]
+comment = ssh secure copy
+executables = /usr/bin/scp
+includesections = netbasics, uidbasics
+devices = /dev/urandom
+
+[sftp]
+comment = ssh secure ftp
+executables = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server, /usr/libexec/sftp-server
+includesections = netbasics, uidbasics
+devices = /dev/urandom, /dev/null
+
+[ssh]
+comment = ssh secure shell
+executables = /usr/bin/ssh
+includesections = netbasics, uidbasics
+devices = /dev/urandom, /dev/tty
+
+[rsync]
+executables = /usr/bin/rsync
+includesections = netbasics, uidbasics
+
+[procmail]
+comment = procmail mail delivery
+executables = /usr/bin/procmail, /bin/sh
+devices = /dev/null
+
+[basicshell]
+comment = bash based shell with several basic utilities
+executables = /bin/sh, /bin/bash, /bin/ls, /bin/cat, /bin/chmod, /bin/mkdir, /bin/cp, /bin/cpio, /bin/date, /bin/dd, /bin/echo, /bin/egrep, /bin/false, /bin/fgrep, /bin/grep, /bin/gunzip, /bin/gzip, /bin/ln, /bin/ls, /bin/mkdir, /bin/mktemp, /bin/more, /bin/mv, /bin/pwd, /bin/rm, /bin/rmdir, /bin/sed, /bin/sh, /bin/sleep, /bin/sync, /bin/tar, /bin/touch, /bin/true, /bin/uncompress, /bin/zcat
+regularfiles = /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile
+directories = /usr/lib/locale/en_US.utf8
+users = root
+groups = root
+includesections = uidbasics
+
+[midnightcommander]
+comment = Midnight Commander
+executables = /usr/bin/mc, /usr/bin/mcedit, /usr/bin/mcview
+directories = /etc/terminfo, /usr/share/terminfo, /usr/share/mc
+includesections = basicshell
+
+[extendedshell]
+comment = bash shell including things like awk, bzip, tail, less
+executables = /usr/bin/awk, /usr/bin/bzip2, /usr/bin/bunzip2, /usr/bin/ldd, /usr/bin/less, /usr/bin/clear, /usr/bin/cut, /usr/bin/du, /usr/bin/find, /usr/bin/head, /usr/bin/less, /usr/bin/md5sum, /usr/bin/nice, /usr/bin/sort, /usr/bin/tac, /usr/bin/tail, /usr/bin/tr, /usr/bin/sort, /usr/bin/wc, /usr/bin/watch, /usb/bin/whoami
+includesections = basicshell, midnightcommander, editors
+
+[editors]
+comment = vim, joe and nano
+executables = /usb/bin/joe, /usr/bin/nano, /usr/bin/vi, /usr/bin/vim, /usr/bin/pico
+regularfiles = /etc/vimrc
+directories = /etc/joe, /etc/terminfo, /usr/share/vim, /usr/share/terminfo, /lib/terminfo
+
+[netutils]
+comment = several internet utilities like wget, ftp, rsync, scp, ssh
+executables = /usr/bin/wget, /usr/bin/lynx, /usr/bin/ftp, /usr/bin/host, /usr/bin/rsync, /usr/bin/smbclient
+includesections = netbasics, ssh, sftp, scp
+
+[apacheutils]
+comment = htpasswd utility
+executables = /usr/bin/htpasswd
+
+[extshellplusnet]
+comment = alias for extendedshell + netutils + apacheutils
+includesections = extendedshell, netutils, apacheutils
+
+[openvpn]
+comment = jail for the openvpn daemon
+executables = /usr/sbin/openvpn
+users = root,nobody
+groups = root,nogroup
+includesections = netbasics
+devices = /dev/urandom, /dev/random, /dev/net/tun
+includesections = netbasics, uidbasics
+need_logsocket = 1
+
+[apache]
+comment = the apache webserver, very basic setup, probably too limited for you
+executables = /usr/sbin/apache
+users = root, www-data
+groups = root, www-data
+includesections = netbasics, uidbasics
+
+[perl]
+comment = the perl interpreter and libraries
+executables = /usr/bin/perl
+directories = /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5
+
+[xauth]
+comment = getting X authentication to work
+executables = /usr/bin/X11/xauth
+regularfiles = /usr/X11R6/lib/X11/rgb.txt, /etc/ld.so.conf
+
+[xclients]
+comment = minimal files for X clients
+regularfiles = /usr/X11R6/lib/X11/rgb.txt
+includesections = xauth
+
+[vncserver]
+comment = the VNC server program
+executables = /usr/bin/Xvnc, /usr/bin/Xrealvnc
+directories = /usr/X11R6/lib/X11/fonts/
+includesections = xclients
+
+
+#[xterm]
+#comment = xterm
+#executables = /usr/bin/X11/xterm
+#directories = /usr/share/terminfo, /etc/terminfo
+#devices = /dev/pts/0, /dev/pts/1, /dev/pts/2, /dev/pts/3, /dev/pts/4, /dev/ptyb4, /dev/ptya4, /dev/tty, /dev/tty0, /dev/tty4

install/update.php

@@ -134,7 +134,11 @@
 if($reconfigure_services_answer == 'yes') {
 	//** Configure postfix
 	$inst->configure_postfix('dont-create-certs');
-
+	
+	//* Configure postfix
+	swriteln('Configuring Jailkit');
+	$inst->configure_jailkit();
+	
 	//** Configure saslauthd
 	swriteln('Configuring SASL');
 	$inst->configure_saslauthd();

interface/bin/php-fcgi

@@ -0,0 +1,10 @@
+#!/bin/sh 
+PHPRC="/etc/php5/cgi/" 
+export PHPRC 
+PHP_DOCUMENT_ROOT="/usr/local/ispconfig/interface/web/"
+export PHP_DOCUMENT_ROOT
+PHP_FCGI_CHILDREN=8 
+export PHP_FCGI_CHILDREN 
+PHP_FCGI_MAX_REQUESTS=5000 
+export PHP_FCGI_MAX_REQUESTS 
+exec /usr/bin/php-cgi $1

server/conf/bash.bashrc.master

@@ -0,0 +1,63 @@
+
+<tmpl_if name='jailkit_chroot'>
+## Hack for Jailkit User to change back to the logged in user ##
+if [ "$LOGNAME" != $USER ]; then
+ export HOME=<tmpl_var name='home_dir'>$LOGNAME
+ export USER=$LOGNAME
+ export USERNAME=$LOGNAME
+ cd $HOME
+fi
+
+## Change machine hostname to site domain ##
+export HOSTNAME=<tmpl_var name='domain'>
+
+</tmpl_if>
+
+
+# If not running interactively, don't do anything
+[ -z "$PS1" ] && return
+
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+# make less more friendly for non-text input files, see lesspipe(1)
+[ -x /usr/bin/lesspipe ] && eval "$(lesspipe)"
+
+
+# set a fancy prompt (non-color, unless we know we "want" color)
+case "$TERM" in
+xterm-color)
+    PS1='\[\033[01;32m\]$USER@$HOSTNAME\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+    ;;
+*)
+    PS1='\$USER@$HOSTNAME:\w\$ '
+    ;;
+esac
+
+
+# If this is an xterm set the title to user@host:dir
+case "$TERM" in
+xterm*|rxvt*)
+    PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME}: ${PWD/$HOME/~}\007"'
+    ;;
+*)
+    ;;
+esac
+
+
+# enable color support of ls and also add handy aliases
+if [ "$TERM" != "dumb" ]; then
+    eval "`dircolors -b`"
+    alias ls='ls --color=auto'
+    #alias dir='ls --color=auto --format=vertical'
+    #alias vdir='ls --color=auto --format=long'
+fi
+
+# some more ls aliases
+#alias ll='ls -l'
+#alias la='ls -A'
+#alias l='ls -CF'
+
+

server/conf/motd.master

@@ -0,0 +1,4 @@
+Welcome To Site <tmpl_var name='domain'>
+
+
+