@@ -130,7 +130,7 @@ public function configure_mailman($status = 'insert') {
130130
131131 function configure_postfix ($ options'' )
132132 {
133- global $ conf
133+ global $ conf, $ autoinstall
134134 $ cf$ conf'postfix ' ];
135135 $ config_dir$ cf'config_dir ' ];
136136
@@ -264,6 +264,7 @@ function configure_postfix($options = '')
264264 $ command'cd ' .$ config_dir'; '
265265 .'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509 ' ;
266266 }
267+ exec ($ command
267268
268269 $ command'chmod o= ' .$ config_dir'/smtpd.key ' ;
269270 caselog ($ command' &> /dev/null ' , __FILE__ , __LINE__ , 'EXECUTED: ' .$ command'Failed to execute the command ' .$ command
@@ -903,6 +904,31 @@ public function install_ispconfig()
903904 //* copy the ISPConfig server part
904905 $ command"cp -rf ../server $ install_dir ;
905906 caselog ($ command' &> /dev/null ' , __FILE__ , __LINE__ , "EXECUTED: $ command , "Failed to execute the command $ command );
907+
908+ //* Make a backup of the security settings
909+ if (is_file ('/usr/local/ispconfig/security/security_settings.ini ' )) copy ('/usr/local/ispconfig/security/security_settings.ini ' ,'/usr/local/ispconfig/security/security_settings.ini~ ' );
910+
911+ //* copy the ISPConfig security part
912+ $ command'cp -rf ../security ' .$ install_dir
913+ caselog ($ command' &> /dev/null ' , __FILE__ , __LINE__ , "EXECUTED: $ command , "Failed to execute the command $ command );
914+
915+ //* Apply changed security_settings.ini values to new security_settings.ini file
916+ if (is_file ('/usr/local/ispconfig/security/security_settings.ini~ ' )) {
917+ $ security_settings_oldini_to_array (file_get_contents ('/usr/local/ispconfig/security/security_settings.ini~ ' ));
918+ $ security_settings_newini_to_array (file_get_contents ('/usr/local/ispconfig/security/security_settings.ini ' ));
919+ if (is_array ($ security_settings_newis_array ($ security_settings_old
920+ foreach ($ security_settings_newas $ section$ sval
921+ if (is_array ($ sval
922+ foreach ($ svalas $ key$ val
923+ if (isset ($ security_settings_old$ sectionisset ($ security_settings_old$ section$ key
924+ $ security_settings_new$ section$ key$ security_settings_old$ section$ key
925+ }
926+ }
927+ }
928+ }
929+ file_put_contents ('/usr/local/ispconfig/security/security_settings.ini ' ,array_to_ini ($ security_settings_new
930+ }
931+ }
906932
907933 //* Create a symlink, so ISPConfig is accessible via web
908934 // Replaced by a separate vhost definition for port 8080
@@ -1028,12 +1054,38 @@ public function install_ispconfig()
10281054 $ this db ->query ($ sql
10291055 }
10301056
1031- //* Chmod the files
1032- $ command"chmod -R 750 $ install_dir ;
1057+ // chown install dir to root and chmod 755
1058+ $ command'chown root:root ' .$ install_dir
1059+ caselog ($ command' &> /dev/null ' , __FILE__ , __LINE__ , "EXECUTED: $ command , "Failed to execute the command $ command );
1060+ $ command'chmod 755 ' .$ install_dir
1061+ caselog ($ command' &> /dev/null ' , __FILE__ , __LINE__ , "EXECUTED: $ command , "Failed to execute the command $ command );
1062+
1063+ //* Chmod the files and directories in the install dir
1064+ $ command'chmod -R 750 ' .$ install_dir'/* ' ;
10331065 caselog ($ command' &> /dev/null ' , __FILE__ , __LINE__ , "EXECUTED: $ command , "Failed to execute the command $ command );
10341066
1035- //* chown the files to the ispconfig user and group
1036- $ command"chown -R ispconfig:ispconfig $ install_dir ;
1067+ //* chown the interface files to the ispconfig user and group
1068+ $ command'chown -R ispconfig:ispconfig ' .$ install_dir'/interface ' ;
1069+ caselog ($ command' &> /dev/null ' , __FILE__ , __LINE__ , "EXECUTED: $ command , "Failed to execute the command $ command );
1070+
1071+ //* chown the server files to the root user and group
1072+ $ command'chown -R root:root ' .$ install_dir'/server ' ;
1073+ caselog ($ command' &> /dev/null ' , __FILE__ , __LINE__ , "EXECUTED: $ command , "Failed to execute the command $ command );
1074+
1075+ //* chown the security files to the root user and group
1076+ $ command'chown -R root:root ' .$ install_dir'/security ' ;
1077+ caselog ($ command' &> /dev/null ' , __FILE__ , __LINE__ , "EXECUTED: $ command , "Failed to execute the command $ command );
1078+
1079+ //* chown the security directory and security_settings.ini to root:ispconfig
1080+ $ command'chown root:ispconfig ' .$ install_dir'/security/security_settings.ini ' ;
1081+ caselog ($ command' &> /dev/null ' , __FILE__ , __LINE__ , "EXECUTED: $ command , "Failed to execute the command $ command );
1082+ $ command'chown root:ispconfig ' .$ install_dir'/security ' ;
1083+ caselog ($ command' &> /dev/null ' , __FILE__ , __LINE__ , "EXECUTED: $ command , "Failed to execute the command $ command );
1084+ $ command'chown root:ispconfig ' .$ install_dir'/security/ids.whitelist ' ;
1085+ caselog ($ command' &> /dev/null ' , __FILE__ , __LINE__ , "EXECUTED: $ command , "Failed to execute the command $ command );
1086+ $ command'chown root:ispconfig ' .$ install_dir'/security/ids.htmlfield ' ;
1087+ caselog ($ command' &> /dev/null ' , __FILE__ , __LINE__ , "EXECUTED: $ command , "Failed to execute the command $ command );
1088+ $ command'chown root:ispconfig ' .$ install_dir'/security/apache_directives.blacklist ' ;
10371089 caselog ($ command' &> /dev/null ' , __FILE__ , __LINE__ , "EXECUTED: $ command , "Failed to execute the command $ command );
10381090
10391091 //* Make the global language file directory group writable
0 commit comments