From 4d89dbfaa3621d85e03eb9b30af8a77ccff973c5 Mon Sep 17 00:00:00 2001 From: HolySephi Date: Fri, 6 Feb 2015 10:31:40 +0100 Subject: [PATCH 1/5] Update rhel7.inc.php corrected and secured dovecot-sql.conf.ext --- lib/configfiles/rhel7.inc.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/configfiles/rhel7.inc.php b/lib/configfiles/rhel7.inc.php index 15f44696..8fb108da 100644 --- a/lib/configfiles/rhel7.inc.php +++ b/lib/configfiles/rhel7.inc.php @@ -97,13 +97,17 @@ return array( 'commands_install' => array( 'yum install dovecot dovecot-mysql dovecot-pigeonhole', 'systemctl enable dovecot.service', + 'touch /etc/dovecot/dovecot-sql.conf.ext', + 'chmod 0600 /etc/dovecot/dovecot-sql.conf.ext', ), 'commands' => array( 'yum install dovecot dovecot-mysql dovecot-pigeonhole', + 'touch /etc/dovecot/dovecot-sql.conf.ext', + 'chmod 0600 /etc/dovecot/dovecot-sql.conf.ext', ), 'files' => array( 'etc_dovecot_dovecot.conf' => '/etc/dovecot/dovecot.conf', - 'etc_dovecot_dovecot-sql.conf.ext' => '/etc/dovecot/dovecot.conf.ext', + 'etc_dovecot_dovecot-sql.conf.ext' => '/etc/dovecot/dovecot-sql.conf.ext', 'etc_dovecot_conf.d_10-auth.conf' => '/etc/dovecot/conf.d/10-auth.conf', 'etc_dovecot_conf.d_10-logging.conf' => '/etc/dovecot/conf.d/10-logging.conf', 'etc_dovecot_conf.d_10-mail.conf' => '/etc/dovecot/conf.d/10-mail.conf', From 2f80477f7dc0e7796f711d3e4b1f14c564a166e2 Mon Sep 17 00:00:00 2001 From: HolySephi Date: Fri, 6 Feb 2015 10:34:41 +0100 Subject: [PATCH 2/5] Update etc_postfix_master.cf spamassassin-line is not needed by default froxlor installation --- templates/misc/configfiles/rhel7/postfix/etc_postfix_master.cf | 1 - 1 file changed, 1 deletion(-) diff --git a/templates/misc/configfiles/rhel7/postfix/etc_postfix_master.cf b/templates/misc/configfiles/rhel7/postfix/etc_postfix_master.cf index 68367512..3bfab103 100644 --- a/templates/misc/configfiles/rhel7/postfix/etc_postfix_master.cf +++ b/templates/misc/configfiles/rhel7/postfix/etc_postfix_master.cf @@ -1,4 +1,3 @@ # added for Froxlor -spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} dovecot unix - n n - - pipe flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient} From 8fab2ae8f039dab9ec0aa26d253271198d3e1dcc Mon Sep 17 00:00:00 2001 From: HolySephi Date: Fri, 6 Feb 2015 10:39:16 +0100 Subject: [PATCH 3/5] fixed some minor problems --- lib/configfiles/rhel7.inc.php | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/lib/configfiles/rhel7.inc.php b/lib/configfiles/rhel7.inc.php index 8fb108da..ac437064 100644 --- a/lib/configfiles/rhel7.inc.php +++ b/lib/configfiles/rhel7.inc.php @@ -48,7 +48,7 @@ return array( (Settings::Get('system.deactivateddocroot') != '') ? 'mkdir -p ' . Settings::Get('system.deactivateddocroot') : '' ), 'restart' => array( - '/usr/bin/systemctl reload-or-restart httpd.service' + 'systemctl reload-or-restart httpd.service' ) ), ), @@ -97,11 +97,8 @@ return array( 'commands_install' => array( 'yum install dovecot dovecot-mysql dovecot-pigeonhole', 'systemctl enable dovecot.service', - 'touch /etc/dovecot/dovecot-sql.conf.ext', - 'chmod 0600 /etc/dovecot/dovecot-sql.conf.ext', ), 'commands' => array( - 'yum install dovecot dovecot-mysql dovecot-pigeonhole', 'touch /etc/dovecot/dovecot-sql.conf.ext', 'chmod 0600 /etc/dovecot/dovecot-sql.conf.ext', ), From 67fb2e1f59036c647054e9614c8bbf346f79fa9b Mon Sep 17 00:00:00 2001 From: HolySephi Date: Fri, 6 Feb 2015 10:42:46 +0100 Subject: [PATCH 4/5] removed DebugLevel, changed umask --- .../rhel7/proftpd/etc_proftpd_proftpd.conf | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/templates/misc/configfiles/rhel7/proftpd/etc_proftpd_proftpd.conf b/templates/misc/configfiles/rhel7/proftpd/etc_proftpd_proftpd.conf index 05be413f..696c6a5b 100644 --- a/templates/misc/configfiles/rhel7/proftpd/etc_proftpd_proftpd.conf +++ b/templates/misc/configfiles/rhel7/proftpd/etc_proftpd_proftpd.conf @@ -82,7 +82,7 @@ DefaultServer on # The DebugLevel directive configures the debugging level the server will use when logging. # The level parameter must be between 0 and 9. # This configuration directive will take precedence over any command-line debugging options used. -DebugLevel 9 +#DebugLevel 9 # Cause every FTP user except adm to be chrooted into their home directory DefaultRoot ~ !adm @@ -347,7 +347,7 @@ ControlsLog /var/log/proftpd/controls.log # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable - Umask 022 + Umask 077 # Allow users to overwrite files and change permissions AllowOverwrite yes @@ -419,30 +419,30 @@ ControlsLog /var/log/proftpd/controls.log - SQLLogFile /var/log/proftpd/sql.log + SQLLogFile /var/log/proftpd/sql.log SQLAuthTypes Crypt SQLAuthenticate users* groups* SQLConnectInfo @ - SQLUserInfo ftp_users username password uid gid homedir shell + SQLUserInfo ftp_users username password uid gid homedir shell SQLGroupInfo ftp_groups groupname gid members SQLUserWhereClause "login_enabled = 'y'" - SQLLog PASS login + SQLLog PASS login #SQLNamedQuery login UPDATE "last_login=now(), login_count=login_count+1 WHERE username='%u'" ftp_users - SQLLog RETR download + SQLLog RETR download #SQLNamedQuery download UPDATE "down_count=down_count+1, down_bytes=down_bytes+%b WHERE username='%u'" ftp_users - SQLLog STOR upload + SQLLog STOR upload #SQLNamedQuery upload UPDATE "up_count=up_count+1, up_bytes=up_bytes+%b WHERE username='%u'" ftp_users - #QuotaEngine on - #QuotaShowQuotas on + #QuotaEngine on + #QuotaShowQuotas on #QuotaDisplayUnits Mb - #QuotaLock /var/lock/ftpd.quotatab.lock + #QuotaLock /var/lock/ftpd.quotatab.lock #QuotaLimitTable sql:/get-quota-limit #QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally #SQLNamedQuery get-quota-limit SELECT "ftp_users.username AS name, ftp_quotalimits.quota_type, ftp_quotalimits.per_session, ftp_quotalimits.limit_type, panel_customers.diskspace*1024 AS bytes_in_avail, ftp_quotalimits.bytes_out_avail, ftp_quotalimits.bytes_xfer_avail, ftp_quotalimits.files_in_avail, ftp_quotalimits.files_out_avail, ftp_quotalimits.files_xfer_avail FROM ftp_users, ftp_quotalimits, panel_customers WHERE ftp_users.username = '%{0}' AND panel_customers.loginname = SUBSTRING_INDEX('%{0}', 'ftp', 1) AND quota_type ='%{1}'" #SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used,bytes_out_used, bytes_xfer_used, files_in_used, files_out_used,files_xfer_used FROM ftp_quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'" #SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used= files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name= '%{6}' AND quota_type = '%{7}'" ftp_quotatallies #SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies - \ No newline at end of file + From 4256546115a5121d096206f701de24b8f0af6f86 Mon Sep 17 00:00:00 2001 From: HolySephi Date: Fri, 6 Feb 2015 10:46:37 +0100 Subject: [PATCH 5/5] fixed mysql file permissions for postfix-files --- lib/configfiles/rhel7.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/configfiles/rhel7.inc.php b/lib/configfiles/rhel7.inc.php index ac437064..97c42e86 100644 --- a/lib/configfiles/rhel7.inc.php +++ b/lib/configfiles/rhel7.inc.php @@ -72,7 +72,7 @@ return array( 'touch /etc/postfix/mysql-virtual_mailbox_maps.cf', 'touch /etc/postfix/mysql-virtual_sender_permissions.cf', 'chown root:root /etc/postfix/mysql-*.cf', - 'chmod 0644 /etc/postfix/mysql-*.cf', + 'chmod 0600 /etc/postfix/mysql-*.cf', ), 'files' => array( 'etc_postfix_main.cf' => '/etc/postfix/main.cf',