Add 1.0.2's instructions to archive and remove duplicate entries from 1.0.3

Kristan Kenney · Kristan Kenney · commit c6f44621d38c · 2019-07-06T16:14:10.000-03:00
diff --git a/install/upgrade/versions/latest.sh b/install/upgrade/versions/latest.sh
@@ -12,77 +12,24 @@ if [ -z $THEME ]; then
     $BIN/v-change-sys-theme default
 fi
 
-# Replace dhparam 1024 with dhparam 4096
-echo "(*) Increasing Diffie-Hellman Parameter strength to 4096-bit..."
-if [ -e /etc/ssl/dhparam.pem ]; then
-    mv /etc/ssl/dhparam.pem $HESTIA_BACKUP/conf/
-fi
-cp -f $HESTIA_INSTALL_DIR/ssl/dhparam.pem /etc/ssl/
-chmod 600 /etc/ssl/dhparam.pem
-
 # Reduce SSH login grace time
 echo "(*) Hardening SSH daemon configuration..."
 sed -i "s/LoginGraceTime 2m/LoginGraceTime 1m/g" /etc/ssh/sshd_config
 sed -i "s/#LoginGraceTime 2m/LoginGraceTime 1m/g" /etc/ssh/sshd_config
 
-# Enhance Vsftpd security
-if [ "$FTP_SYSTEM" = "vsftpd" ]; then
-    echo "(*) Hardening Vsftpd SSL configuration..."
-    cp -f /etc/vsftpd.conf $HESTIA_BACKUP/conf/
-    sed -i "s|ssl_tlsv1=YES|ssl_tlsv1=NO|g" /etc/vsftpd.conf
-fi
-
-# Enhance Dovecot security
-if [ "$IMAP_SYSTEM" = "dovecot" ]; then
-    echo "(*) Hardening Dovecot SSL configuration..."
-    mv /etc/dovecot/conf.d/10-ssl.conf $HESTIA_BACKUP/conf/
-    cp -f $HESTIA_INSTALL_DIR/dovecot/conf.d/10-ssl.conf /etc/dovecot/conf.d/
-fi
-# Update DNS resolvers in hestia-nginx's configuration
-echo "(*) Updating DNS resolvers for Hestia Internal Web Server..."
-dns_resolver=$(cat /etc/resolv.conf | grep -i '^nameserver' | cut -d ' ' -f2 | tr '\r\n' ' ' | xargs)
-for ip in $dns_resolver; do
-    if [[ $ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-        resolver="$ip $resolver"
-    fi
-done
-if [ ! -z "$resolver" ]; then
-    sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /usr/local/hestia/nginx/conf/nginx.conf
-fi
-
-# Remove Webalizer and set AWStats as default
-WEBALIZER_CHECK=$(cat $HESTIA/conf/hestia.conf | grep webalizer)
-if [ ! -z "$WEBALIZER_CHECK" ]; then
-    echo "(*) Removing Webalizer and setting AWStats as default web statistics backend..."
-    apt purge webalizer -y > /dev/null 2>&1
-    if [ -d "$HESTIA/data/templates/web/webalizer" ]; then
-        rm -rf $HESTIA/data/templates/web/webalizer
-    fi
-    if [ -d "/var/www/webalizer" ]; then
-        rm -rf /var/www/webalizer
-    fi
-    $HESTIA/bin/v-change-sys-config-value 'STATS_SYSTEM' 'awstats'
-fi
-
-# Remove old hestia.conf files from Apache & NGINX if they exist
-if [ -f "/etc/apache2/conf.d/hestia.conf" ]; then
-    echo "(*) Removing old Apache configuration file from previous version of Hestia Control Panel..."
-    rm -f /etc/apache2/conf.d/hestia.conf
-fi
-if [ -f "/etc/nginx/conf.d/hestia.conf" ]; then
-    echo "(*) Removing old NGINX configuration file from previous version of Hestia Control Panel..."
-    rm -f /etc/nginx/conf.d/hestia.conf
-fi
-
 # Implement recidive jail for fail2ban
 if [ ! -z "$FIREWALL_EXTENSION" ]; then
     if ! cat /etc/fail2ban/jail.local | grep -q "recidive"; then
         echo -e "\n\n[recidive]\nenabled  = true\nfilter   = recidive\naction   = hestia[name=HESTIA]\nlogpath  = /var/log/fail2ban.log\nmaxretry = 3\nfindtime = 86400\nbantime  = 864000" >> /etc/fail2ban/jail.local
     fi
 fi
 
-# Update webmail templates to enable OCSP/SSL stapling
+# Enable OCSP SSL stapling and harden nginx configuration for roundcube
 if [ ! -z "$IMAP_SYSTEM" ]; then
-    echo "(*) Improving SSL security of Roundcube webmail..."
+    echo "(*) Hardening security of Roundcube webmail..."
     $BIN/v-update-mail-templates > /dev/null 2>&1
+    if [ -e /etc/nginx/conf.d/webmail.inc ]; then
+        cp -f /etc/nginx/conf.d/webmail.inc $HESTIA_BACKUP/conf/
+        sed -i "s/config|temp|logs/README.md|config|temp|logs|bin|SQL|INSTALL|LICENSE|CHANGELOG|UPGRADING/g" /etc/nginx/conf.d/webmail.inc
+    fi
 fi 
diff --git a/install/upgrade/versions/previous/1.0.2.sh b/install/upgrade/versions/previous/1.0.2.sh
@@ -5,3 +5,79 @@
 #######################################################################################
 #######                      Place additional commands below.                   #######
 #######################################################################################
+
+#!/bin/sh
+
+# Hestia Control Panel upgrade script for target version 1.0.2
+
+#######################################################################################
+#######                      Place additional commands below.                   #######
+#######################################################################################
+
+# Replace dhparam 1024 with dhparam 4096
+echo "(*) Increasing Diffie-Hellman Parameter strength to 4096-bit..."
+if [ -e /etc/ssl/dhparam.pem ]; then
+    mv /etc/ssl/dhparam.pem $HESTIA_BACKUP/conf/
+fi
+cp -f $HESTIA/install/deb/ssl/dhparam.pem /etc/ssl/
+chmod 600 /etc/ssl/dhparam.pem
+
+# Enhance Vsftpd security
+if [ "$FTP_SYSTEM" = "vsftpd" ]; then
+    echo "(*) Hardening Vsftpd SSL configuration..."
+    cp -f /etc/vsftpd.conf $HESTIA_BACKUP/conf/
+    sed -i "s|ssl_tlsv1=YES|ssl_tlsv1=NO|g" /etc/vsftpd.conf
+fi
+
+# Enhance Dovecot security
+if [ "$IMAP_SYSTEM" = "dovecot" ]; then
+    echo "(*) Hardening Dovecot SSL configuration..."
+    mv /etc/dovecot/conf.d/10-ssl.conf $HESTIA_BACKUP/conf/
+    cp -f $HESTIA/install/deb/dovecot/conf.d/10-ssl.conf /etc/dovecot/conf.d/
+fi
+
+# Update DNS resolvers in hestia-nginx's configuration
+echo "(*) Updating DNS resolvers for Hestia Internal Web Server..."
+dns_resolver=$(cat /etc/resolv.conf | grep -i '^nameserver' | cut -d ' ' -f2 | tr '\r\n' ' ' | xargs)
+for ip in $dns_resolver; do
+    if [[ $ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+        resolver="$ip $resolver"
+    fi
+done
+if [ ! -z "$resolver" ]; then
+    sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /usr/local/hestia/nginx/conf/nginx.conf
+fi
+
+# Remove Webalizer and set AWStats as default
+WEBALIZER_CHECK=$(cat $HESTIA/conf/hestia.conf | grep webalizer)
+if [ ! -z "$WEBALIZER_CHECK" ]; then
+    echo "(*) Removing Webalizer and setting AWStats as default web statistics backend..."
+    apt purge webalizer -y > /dev/null 2>&1
+    if [ -d "$HESTIA/data/templates/web/webalizer" ]; then
+        rm -rf $HESTIA/data/templates/web/webalizer
+    fi
+    if [ -d "/var/www/webalizer" ]; then
+        rm -rf /var/www/webalizer
+    fi
+    $HESTIA/bin/v-change-sys-config-value '$STATS_SYSTEM' 'awstats'
+fi
+
+# Remove old hestia.conf files from Apache & NGINX if they exist
+if [ -f "/etc/apache2/conf.d/hestia.conf" ]; then
+    echo "(*) Removing old Apache configuration file from previous version of Hestia Control Panel..."
+    rm -f /etc/apache2/conf.d/hestia.conf
+fi
+if [ -f "/etc/nginx/conf.d/hestia.conf" ]; then
+    echo "(*) Removing old NGINX configuration file from previous version of Hestia Control Panel..."
+    rm -f /etc/nginx/conf.d/hestia.conf
+fi
+
+# Update webmail templates to enable OCSP/SSL stapling
+if [ ! -z "$IMAP_SYSTEM" ]; then
+    echo "(*) Enabling OCSP stapling support for webmail services..."
+    $BIN/v-update-mail-templates > /dev/null 2>&1
+fi 
+
+# Enhance webmail security
+cp -f /etc/nginx/conf.d/webmail.inc $HESTIA_BACKUP/conf/
+sed -i "s/config|temp|logs/README.md|config|temp|logs|bin|SQL|INSTALL|LICENSE|CHANGELOG|UPGRADING/g" /etc/nginx/conf.d/webmail.inc
