Bump to version 1.1.1

Author: Kristan Kenney

install/hst-install-debian.sh

@@ -437,7 +437,7 @@ echo ' |  _  |  __/\__ \ |_| | (_| | |___|  __/ '
 echo ' |_| |_|\___||___/\__|_|\__,_|\____|_|    '
 echo
 echo '                      Hestia Control Panel'
-echo '                                    v1.1.0'
+echo '                                    v1.1.1'
 echo -e "\n"
 echo "===================================================================="
 echo -e "\n"

install/hst-install-ubuntu.sh

@@ -399,7 +399,7 @@ echo ' |  _  |  __/\__ \ |_| | (_| | |___|  __/ '
 echo ' |_| |_|\___||___/\__|_|\__,_|\____|_|    '
 echo
 echo '                      Hestia Control Panel'
-echo '                                    v1.1.0'
+echo '                                    v1.1.1'
 echo -e "\n"
 echo "===================================================================="
 echo -e "\n"

install/upgrade/versions/latest.sh

@@ -1,224 +1,7 @@
 #!/bin/sh
 
-# Hestia Control Panel upgrade script for target version 1.1.0
+# Hestia Control Panel upgrade script for target version 1.1.1
 
 #######################################################################################
 #######                      Place additional commands below.                   #######
 #######################################################################################
-
-# Set default theme
-if [ -z $THEME ]; then
-    echo "(*) Enabling support for themes..."
-    $BIN/v-change-sys-theme 'default'
-fi
-
-# Reduce SSH login grace time
-if [ -e /etc/ssh/sshd_config ]; then
-    echo "(*) Hardening SSH daemon configuration..."
-    sed -i "s/LoginGraceTime 2m/LoginGraceTime 1m/g" /etc/ssh/sshd_config
-    sed -i "s/#LoginGraceTime 2m/LoginGraceTime 1m/g" /etc/ssh/sshd_config
-fi
-
-# Implement recidive jail for fail2ban
-if [ ! -z "$FIREWALL_EXTENSION" ]; then
-    if ! cat /etc/fail2ban/jail.local | grep -q "\[recidive\]"; then
-        echo -e "\n\n[recidive]\nenabled  = true\nfilter   = recidive\naction   = hestia[name=HESTIA]\nlogpath  = /var/log/fail2ban.log\nmaxretry = 3\nfindtime = 86400\nbantime  = 864000" >> /etc/fail2ban/jail.local
-    fi
-fi
-
-# Enable OCSP SSL stapling and harden nginx configuration for roundcube
-if [ ! -z "$IMAP_SYSTEM" ]; then
-    echo "(*) Hardening security of Roundcube webmail..."
-    $BIN/v-update-mail-templates > /dev/null 2>&1
-    if [ -e /etc/nginx/conf.d/webmail.inc ]; then
-        cp -f /etc/nginx/conf.d/webmail.inc $HESTIA_BACKUP/conf/
-        sed -i "s/config|temp|logs/README.md|config|temp|logs|bin|SQL|INSTALL|LICENSE|CHANGELOG|UPGRADING/g" /etc/nginx/conf.d/webmail.inc
-    fi
-fi
-
-# Fix restart queue
-if [ -z "$($BIN/v-list-cron-jobs admin | grep 'v-update-sys-queue restart')" ]; then
-    command="sudo $BIN/v-update-sys-queue restart"
-    $BIN/v-add-cron-job 'admin' '*/2' '*' '*' '*' '*' "$command"
-fi
-
-# Remove deprecated line from ClamAV configuration file
-if [ -e "/etc/clamav/clamd.conf" ]; then
-    clamd_conf_update_check=$(grep DetectBrokenExecutables /etc/clamav/clamd.conf)
-    if [ ! -z "$clamd_conf_update_check" ]; then
-        echo "(*) Updating ClamAV configuration..."
-        sed -i '/DetectBrokenExecutables/d' /etc/clamav/clamd.conf
-    fi
-fi
-
-# Remove errornous history.log file created by certain builds due to bug in v-restart-system
-if [ -e $HESTIA/data/users/history.log ]; then
-    rm -f $HESTIA/data/users/history.log
-fi
-
-# Use exim4 server hostname instead of mail domain and remove hardcoded mail prefix
-if [ ! -z "$MAIL_SYSTEM" ]; then
-    echo "(*) Updating exim configuration..."
-    if cat /etc/exim4/exim4.conf.template | grep -q 'helo_data = mail.${sender_address_domain}'; then
-        sed -i 's/helo_data = mail.${sender_address_domain}/helo_data = ${primary_hostname}/g' /etc/exim4/exim4.conf.template
-    fi
-    if ! grep -q '^OUTGOING_IP = /' /etc/exim4/exim4.conf.template; then
-        sed -i '/^OUTGOING_IP/d' /etc/exim4/exim4.conf.template
-        sed -i 's|^begin acl|OUTGOING_IP = /etc/exim4/domains/$sender_address_domain/ip\nbegin acl|' /etc/exim4/exim4.conf.template
-    fi
-    if ! grep -q 'interface =' /etc/exim4/exim4.conf.template; then
-        sed -i '/interface =/d' /etc/exim4/exim4.conf.template
-        sed -i 's|dkim_strict = 0|dkim_strict = 0\n  interface = ${if exists{OUTGOING_IP}{${readfile{OUTGOING_IP}}}}|' /etc/exim4/exim4.conf.template
-    fi
-fi
-
-# Members of admin group should be permitted to enter admin folder
-if [ -d /home/admin ]; then
-    setfacl -m "g:admin:r-x" /home/admin
-fi
-
-# Fix sftp jail cronjob
-if [ -e "/etc/cron.d/hestia-sftp" ]; then
-    if ! cat /etc/cron.d/hestia-sftp | grep -q 'root'; then
-        echo "@reboot root /usr/local/hestia/bin/v-add-sys-sftp-jail" > /etc/cron.d/hestia-sftp
-    fi
-fi
-
-# Create default writeable folders for all users
-echo "(*) Updating default writable folders for all users..."
-for user in $($HESTIA/bin/v-list-sys-users plain); do
-    mkdir -p \
-        $HOMEDIR/$user/.cache \
-        $HOMEDIR/$user/.config \
-        $HOMEDIR/$user/.local \
-        $HOMEDIR/$user/.composer \
-        $HOMEDIR/$user/.ssh
-
-    chown $user:$user \
-        $HOMEDIR/$user/.cache \
-        $HOMEDIR/$user/.config \
-        $HOMEDIR/$user/.local \
-        $HOMEDIR/$user/.composer \
-        $HOMEDIR/$user/.ssh
-done
-
-# Remove redundant fail2ban jail
-if fail2ban-client status sshd > /dev/null 2>&1 ; then
-    fail2ban-client stop sshd >/dev/null 2>&1
-    if [ -f /etc/fail2ban/jail.d/defaults-debian.conf ]; then
-        mkdir -p $HESTIA_BACKUP/conf/fail2ban/jail.d
-        mv /etc/fail2ban/jail.d/defaults-debian.conf $HESTIA_BACKUP/conf/fail2ban/jail.d/
-    fi
-fi
-
-# Update Office 365/Microsoft 365 DNS template
-if [ -e "$HESTIA/data/templates/dns/office365.tpl" ]; then
-    echo "(*) Updating DNS template for Office 365..."
-    cp -f $HESTIA/install/deb/templates/dns/office365.tpl $HESTIA/data/templates/dns/office365.tpl
-fi
-
-# Ensure that backup compression level is correctly set
-GZIP_LVL_CHECK=$(cat $HESTIA/conf/hestia.conf | grep BACKUP_GZIP)
-if [ -z "$GZIP_LVL_CHECK" ]; then
-    echo "(*) Updating backup compression level variable..."
-    $BIN/v-change-sys-config-value "BACKUP_GZIP" '9'
-fi
-
-# Randomize Roundcube des_key for better security
-if [ -f "/etc/roundcube/config.inc.php" ]; then
-    rcDesKey="$(openssl rand -base64 30 | tr -d "/" | cut -c1-24)"
-    sed -i "s/vtIOjLZo9kffJoqzpSbm5r1r/$rcDesKey/g" /etc/roundcube/config.inc.php
-fi
-
-# Place robots.txt to prevent webmail crawling by search engine bots.
-if [ -e "/var/lib/roundcube/" ]; then
-    if [ ! -f "/var/lib/roundcube/robots.txt" ]; then
-        echo "User-agent: *" > /var/lib/roundcube/robots.txt
-        echo "Disallow: /" >> /var/lib/roundcube/robots.txt
-    fi
-fi
-
-# Installing postgresql repo
-if [ -e "/etc/postgresql" ]; then
-    echo "(*) Enabling native PostgreSQL APT repository..."
-    osname="$(cat /etc/os-release | grep "^ID\=" | sed "s/ID\=//g")"
-    if [ "$osname" = "ubuntu" ]; then
-        codename="$(lsb_release -s -c)"
-    else
-        codename="$(cat /etc/os-release |grep VERSION= |cut -f 2 -d \(|cut -f 1 -d \))"
-    fi
-    echo "deb http://apt.postgresql.org/pub/repos/apt/ $codename-pgdg main" > /etc/apt/sources.list.d/postgresql.list
-    wget --quiet https://www.postgresql.org/media/keys/ACCC4CF8.asc -O /tmp/psql_signing.key
-    APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add /tmp/psql_signing.key > /dev/null 2>&1
-    rm /tmp/psql_signing.key
-fi
-
-# Hardening MySQL configuration, prevent local infile.
-if [ -e "/etc/mysql/my.cnf" ]; then
-    mysql_local_infile_check=$(grep local-infile /etc/mysql/my.cnf)
-    if [ -z "$mysql_local_infile_check" ]; then
-        echo "(*) Hardening MySQL configuration..."
-        sed -i '/symbolic-links\=0/a\local-infile=0' /etc/mysql/my.cnf
-    fi
-fi
-
-# Hardening nginx configuration, drop TLSv1.1 support.
-if [ -e "/etc/nginx/nginx.conf" ]; then
-    nginx_tls_check=$(grep TLSv1.1 /etc/nginx/nginx.conf)
-    if [ ! -z "$nginx_tls_check" ]; then
-        echo "(*) Updating nginx security settings - disabling TLS v1.1..."
-        sed -i 's/TLSv1.1 //g' /etc/nginx/nginx.conf
-    fi
-fi
-
-# Fix logrotate permission bug for nginx
-if [ -e "/etc/logrotate/nginx" ]; then
-    sed -i "s/create 640 nginx adm/create 640/g" /etc/logrotate.d/nginx
-fi
-
-# Fix logrotate permission bug for apache
-if [ -e "/etc/logrotate/apache2" ]; then
-    sed -i "s/create 640 root adm/create 640/g" /etc/logrotate.d/apache2
-fi
-
-# Repair messed up user log permissions from the logrotate bug. Ignoring errors
-for user in $($HESTIA/bin/v-list-users plain | cut -f1); do
-    for domain in $($HESTIA/bin/v-list-web-domains $user plain | cut -f1); do
-        chown root:$user /var/log/$WEB_SYSTEM/domains/$domain.* > /dev/null 2>&1
-        for sub_domain in $($HESTIA/bin/v-list-web-domain $user $domain plain | cut -f7 | tr ',' '\n'); do
-            chown root:$user /var/log/$WEB_SYSTEM/domains/$sub_domain.* > /dev/null 2>&1
-        done
-    done
-done
-
-chown root:root /var/log/$WEB_SYSTEM/domains/$WEBMAIL_ALIAS* > /dev/null 2>&1
-
-# Enable IMAP/POP3 quota information
-if [ "$IMAP_SYSTEM" = "dovecot" ]; then
-    echo "(*) Enabling IMAP quota information reporting..."
-    if [ -e /etc/dovecot/conf.d/20-pop3.conf ]; then
-        cp -f $HESTIA/install/deb/dovecot/conf.d/20-pop3.conf /etc/dovecot/conf.d/20-pop3.conf
-    fi
-    if [ -e /etc/dovecot/conf.d/20-imap.conf ]; then
-        cp -f $HESTIA/install/deb/dovecot/conf.d/20-imap.conf /etc/dovecot/conf.d/20-imap.conf
-    fi
-    if [ -e /etc/dovecot/conf.d/90-quota.conf ]; then
-        cp -f $HESTIA/install/deb/dovecot/conf.d/90-quota.conf /etc/dovecot/conf.d/90-quota.conf
-    fi
-fi
-
-# Trigger multiphp legacy migration script
-num_php_versions=$(ls -d /etc/php/*/fpm/pool.d 2>/dev/null |wc -l)
-if [ "$num_php_versions" -gt 1 ] && [ -z "$WEB_BACKEND" ]; then
-    echo "(*) Enabling modular Multi-PHP backend..."
-    cp -rf $HESTIA/data/templates/web $HESTIA_BACKUP/templates/web
-    bash $HESTIA/install/upgrade/manual/migrate_multiphp.sh > /dev/null 2>&1
-fi
-
-# Disable global subfolder alias for webmail in favor of subdomain
-if [ -e /etc/nginx/conf.d/webmail.inc ]; then
-    rm -f /etc/nginx/conf.d/webmail.inc
-fi
-if [ -e /etc/apache2/conf.d/roundcube.conf ]; then
-    rm -f /etc/apache2/conf.d/roundcube.conf
-fi