File tree Expand file tree Collapse file tree 4 files changed +22
-5
lines changed
Expand file tree Collapse file tree 4 files changed +22
-5
lines changed Original file line number Diff line number Diff line change @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
33
44## [ CURRENT] - Development
55### Features
6+ - Use stronger ciphers and Disable TLS v1.1 for vsftpd.
67
78### Bugfixes
89- Create mailhelo.conf if it doesnt exist to prevent a error message during grep.
Original file line number Diff line number Diff line change @@ -25,10 +25,17 @@ source $HESTIA/conf/hestia.conf
2525# Verifications #
2626# ----------------------------------------------------------#
2727
28- check_args ' 2 ' " $# " ' USER PASSWORD'
28+ check_args ' 1 ' " $# " ' USER [ PASSWORD] '
2929is_format_valid ' user'
3030is_object_valid ' user' ' USER' " $user "
3131is_object_unsuspended ' user' ' USER' " $user "
32+
33+ # Non-interactive (stdin not opened)
34+ [[ -z " $password " && ! -t 0 ]] && read -r password
35+
36+ # Password prompt
37+ [[ -z " $password " && read -r -s -p " Password:"
38+
3239is_password_valid
3340
3441# Perform verification if read-only mode is enabled
Original file line number Diff line number Diff line change @@ -31,10 +31,10 @@ utf8_filesystem=YES
3131ssl_enable=YES
3232allow_anon_ssl=NO
3333require_ssl_reuse=NO
34- ssl_ciphers=HIGH
35- ssl_tlsv1=NO
34+ ssl_ciphers=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
3635ssl_sslv2=NO
3736ssl_sslv3=NO
37+ ssl_tlsv1=NO
3838force_local_data_ssl=NO
3939force_local_logins_ssl=NO
4040rsa_cert_file=/usr/local/hestia/ssl/certificate.crt
Original file line number Diff line number Diff line change 88
99# Update template files to add warnings
1010# Backup current templates
11- cp -r -f $HESTIA /data/templates/* $HESTIA_BACKUP /templates/
1211echo " [ ! ] Updating default web domain templates..."
1312$BIN /v-update-web-templates
1413echo " [ ! ] Updating default mail domain templates..."
1514$BIN /v-update-mail-templates
1615echo " [ ! ] Updating default DNS zone templates..."
17- $BIN /v-update-dns-templates
16+ $BIN /v-update-dns-templates
17+
18+ # Enhance Vsftpd security
19+ if [ " $FTP_SYSTEM " = " vsftpd" ; then
20+ echo " [ ! ] Hardening Vsftpd TLS configuration..."
21+ if [ -e /etc/vsftpd.conf ]; then
22+ rm -f /etc/vsftpd.conf
23+ fi
24+ cp -f $HESTIA_INSTALL_DIR /vsftpd/vsftpd.conf /etc/
25+ chmod 644 /etc/vsftpd.conf
26+ fi
You can’t perform that action at this time.
0 commit comments