Merge branch 'minor-security-glitches' into 'master'

Till Brehm · Till Brehm · commit 632dd86fe314 · 2017-01-04T12:13:10.000+01:00
Fixed NameVirtualHost-Info, Normalized Welcome Messages and removed Version infos

Warning:
I think Apache will currently not listen to custom port numbers set in IPs. This is confirmed on my test environment!
This issue also exists in current 3.1 release! (Will open an issue)

See merge request !503
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
@@ -1551,6 +1551,9 @@ public function configure_pureftpd() {
 		}
 
 		if(!is_file('/etc/pure-ftpd/conf/DontResolve')) exec('echo "yes" > /etc/pure-ftpd/conf/DontResolve');
+		
+		if(!is_file('/etc/pure-ftpd/welcome.msg')) exec('echo "FTP managed by ISPConfig" > /etc/pure-ftpd/welcome.msg');
+		if(!is_file('/etc/pure-ftpd/conf/FortunesFile')) exec('echo "/etc/pure-ftpd/welcome.msg" > /etc/pure-ftpd/conf/FortunesFile');
 	}
 
 	public function configure_mydns() {
diff --git a/install/tpl/apache_ispconfig.conf.master b/install/tpl/apache_ispconfig.conf.master
@@ -1,3 +1,10 @@
+################################################
+# ISPConfig General Apache Options
+################################################
+ServerTokens ProductOnly
+ServerSignature Off
+
+
 
 ################################################
 # ISPConfig Logfile configuration for vlogger
@@ -130,9 +137,10 @@ Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-know
 		</tmpl_if>
 </Directory>
 
+<tmpl_if name='apache_version' op='<' value='2.4' format='version'>
 NameVirtualHost *:80
 NameVirtualHost *:443
 <tmpl_loop name="ip_adresses">
 NameVirtualHost {tmpl_var name="ip_address"}:{tmpl_var name="port"}
 </tmpl_loop>
-
+</tmpl_if>
diff --git a/install/tpl/apache_ispconfig.vhost.master b/install/tpl/apache_ispconfig.vhost.master
@@ -4,7 +4,7 @@
 ######################################################
 
 <tmpl_var name="vhost_port_listen"> Listen <tmpl_var name="vhost_port">
-NameVirtualHost *:<tmpl_var name="vhost_port">
+<tmpl_if name='apache_version' op='<' value='2.4' format='version'>NameVirtualHost *:<tmpl_var name="vhost_port"></tmpl_if>
 
 <VirtualHost _default_:<tmpl_var name="vhost_port">>
   ServerAdmin webmaster@localhost
diff --git a/install/tpl/debian6_dovecot.conf.master b/install/tpl/debian6_dovecot.conf.master
@@ -18,7 +18,7 @@ ssl_key_file = /etc/postfix/smtpd.key
 
 mail_privileged_group = mail
 
-login_greeting = ISPConfig3 IMAP server ready...
+login_greeting = MailServer managed by ISPConfig
 
 ## IMAP specific settings
 protocol imap {
diff --git a/install/tpl/debian_dovecot.conf.master b/install/tpl/debian_dovecot.conf.master
@@ -178,7 +178,7 @@ ssl_key_file = /etc/postfix/smtpd.key
 #login_max_connections = 256
 
 # Greeting message for clients.
-#login_greeting = Dovecot ready.
+login_greeting = MailServer managed by ISPConfig
 
 # Space-separated list of elements we want to log. The elements which have
 # a non-empty variable value are joined together to form a comma-separated
diff --git a/install/tpl/debian_postfix.conf.master b/install/tpl/debian_postfix.conf.master
@@ -43,3 +43,4 @@ smtpd_tls_protocols = !SSLv2,!SSLv3
 smtp_tls_protocols = !SSLv2,!SSLv3
 smtpd_tls_exclude_ciphers = RC4, aNULL
 smtp_tls_exclude_ciphers = RC4, aNULL
+smtpd_banner = MailServer managed by ISPConfig
diff --git a/install/tpl/fedora_dovecot.conf.master b/install/tpl/fedora_dovecot.conf.master
@@ -180,7 +180,7 @@ ssl_key_file = /etc/postfix/smtpd.key
 #login_max_connections = 256
 
 # Greeting message for clients.
-#login_greeting = Dovecot ready.
+login_greeting = MailServer managed by ISPConfig
 
 # Space separated list of trusted network ranges. Connections from these
 # IPs are allowed to override their IP addresses and ports (for logging and
diff --git a/install/tpl/fedora_postfix.conf.master b/install/tpl/fedora_postfix.conf.master
@@ -40,3 +40,4 @@ smtpd_tls_protocols = !SSLv2,!SSLv3
 smtp_tls_protocols = !SSLv2,!SSLv3
 smtpd_tls_exclude_ciphers = RC4, aNULL
 smtp_tls_exclude_ciphers = RC4, aNULL
+smtpd_banner = MailServer managed by ISPConfig
diff --git a/install/tpl/gentoo_postfix.conf.master b/install/tpl/gentoo_postfix.conf.master
@@ -39,3 +39,4 @@ smtpd_tls_protocols = !SSLv2,!SSLv3
 smtp_tls_protocols = !SSLv2,!SSLv3
 smtpd_tls_exclude_ciphers = RC4, aNULL
 smtp_tls_exclude_ciphers = RC4, aNULL
+smtpd_banner = MailServer managed by ISPConfig
diff --git a/install/tpl/opensuse_dovecot.conf.master b/install/tpl/opensuse_dovecot.conf.master
@@ -187,7 +187,7 @@ ssl_key_file = /etc/postfix/smtpd.key
 #login_max_connections = 256
 
 # Greeting message for clients.
-#login_greeting = Dovecot ready.
+login_greeting = MailServer managed by ISPConfig
 
 # Space separated list of trusted network ranges. Connections from these
 # IPs are allowed to override their IP addresses and ports (for logging and
diff --git a/install/tpl/opensuse_postfix.conf.master b/install/tpl/opensuse_postfix.conf.master
@@ -42,3 +42,4 @@ smtpd_tls_protocols = !SSLv2,!SSLv3
 smtp_tls_protocols = !SSLv2,!SSLv3
 smtpd_tls_exclude_ciphers = RC4, aNULL
 smtp_tls_exclude_ciphers = RC4, aNULL
+smtpd_banner = MailServer managed by ISPConfig

Original file line number	Diff line number	Diff line change
`@@ -1551,6 +1551,9 @@ public function configure_pureftpd() {`
`1551`	`1551`	`}`
`1552`	`1552`
`1553`	`1553`	`if(!is_file('/etc/pure-ftpd/conf/DontResolve')) exec('echo "yes" > /etc/pure-ftpd/conf/DontResolve');`
	`1554`	`+`
	`1555`	`+ if(!is_file('/etc/pure-ftpd/welcome.msg')) exec('echo "FTP managed by ISPConfig" > /etc/pure-ftpd/welcome.msg');`
	`1556`	`+ if(!is_file('/etc/pure-ftpd/conf/FortunesFile')) exec('echo "/etc/pure-ftpd/welcome.msg" > /etc/pure-ftpd/conf/FortunesFile');`
`1554`	`1557`	`}`
`1555`	`1558`
`1556`	`1559`	`public function configure_mydns() {`