脚本用于在OpenSUSE 11.3上自动设置完美的服务器并安装ISPConfig 3

#!/bin/sh

# OpenSUSE 11.3 Perfect Server ISPConfig script by George Yohng (georgesc#oss3d.com)
# Script Version 2.1

# Do zypper update and reboot before running this script

# Also better change host name manually with yast2 before running this script.

# This script requires two manual actions. 

#    First - when mysql_secure_install is running. One should type a new mysql password, the same as here
#    Second - for ISPConfig3 update. One should type 'svn' when the update type is asked
#    For both of scripts, all other options are default, one can just press ENTER.


# Also, please change MYSQLROOTPASS below, and be sure to enter it verbatim
# during the installation of mysql_secure_install.

# Important: When setting an MX entry, point it to mail.yourdomain.com rather than
# just to yourdomain.com, and create a CNAME entry for mail. Otherwise it doesn't
# seem to work somehow.

# Platform is x86_64 or i586

THIS_PLATFORM=x86_64

MYSQLROOTPASS=87h4eq2jr2

# Change this to your server name. By default it's configured to server1.mydomain.com

# If your web site hosts a complete domain, such as domain.com, still leave
# something for MY_HOSTNAME. 'server1' or 'host' is a good name.

MY_HOSTNAME=server1
MY_DOMAIN=mydomain.com

# Uncomment to use SVN-version of ISP config, and to run update once the installation is finished
#ISPCONFIG_SVN=yes

# Packages may have been updated, therefore also check the RPM and TARGZ locations below,
# and preferably use the latest versions of everything.

GETMAIL_RPM=http://download.opensuse.org/repositories/server:/mail/openSUSE_11.3/noarch/getmail-4.20.0-1.1.noarch.rpm
PAM_MYSQL_TARGZ=http://heanet.dl.sourceforge.net/sourceforge/pam-mysql/pam_mysql-0.7RC1.tar.gz
SUPHP_RPM=http://download.opensuse.org/repositories/server:/php/openSUSE_11.3/$THIS_PLATFORM/suphp-0.7.1-3.1.$THIS_PLATFORM.rpm

AWSTATS_RPM=http://download.opensuse.org/repositories/network:/utilities/openSUSE_11.3/noarch/awstats-6.95-3.1.noarch.rpm

SQUIRRELMAIL_RPM=http://download.opensuse.org/repositories/server:/php:/applications/openSUSE_11.3/noarch/squirrelmail-1.4.21-1.1.noarch.rpm

JAILKIT_TARGZ=http://olivier.sessink.nl/jailkit/jailkit-2.12.tar.gz

PHPMYADMIN_RPM=http://download.opensuse.org/repositories/server:/php:/applications/openSUSE_11.3/noarch/phpMyAdmin-3.3.4-1.1.noarch.rpm
VLOGGER_TARGZ=http://n0rp.chemlab.org/vlogger/vlogger-1.3.tar.gz

RDIFF_BACKUP_TARGZ=http://savannah.nongnu.org/download/rdiff-backup/rdiff-backup-1.2.8.tar.gz

EACCELERATOR_TARGZ=http://bart.eaccelerator.net/source/0.9.6.1/eaccelerator-0.9.6.1.tar.bz2

ISPCONFIG_TAR_GZ=http://downloads.sourceforge.net/ispconfig/ISPConfig-3.0.3.3.tar.gz?use_mirror=

MY_FULLHOSTNAME=$MY_HOSTNAME.$MY_DOMAIN

# Disable apparmor

/etc/init.d/boot.apparmor stop
chkconfig -d boot.apparmor

# Install SuSEfirewall

yast2 -i SuSEfirewall2 iptables

# Allow ports through firewall

SuSEfirewall2 open EXT TCP 22
SuSEfirewall2 open EXT TCP 21 80 8080 25 143 465 585 993 30000:30500
SuSEfirewall2

# Switch off X login (check!)

chkconfig --del xdm
rcxdm stop

# Quota

yast2 -i quota

touch /aquota.user /aquota.group
chmod 600 /aquota.*
touch /srv/aquota.user /srv/aquota.group
chmod 600 /srv/aquota.*

# TODO: change fstab here
# Ignore errors from the below commands

mount -o remount /
mount -o remount /srv
mount -o remount /home

quotacheck -avugm
quotaon -avug

# Basic packages

yast2 -i mc

yast2 -i GeoIP libGeoIP-devel libGeoIP1

geoip-fetch

yast2 -i findutils readline libgcc glibc-devel findutils-locate gcc flex lynx compat-readline4 db-devel wget gcc-c++ subversion make vim telnet cron iptables iputils man man-pages nano pico

# Host name

echo $MY_FULLHOSTNAME > /etc/HOSTNAME
echo 127.0.0.2 $MY_FULLHOSTNAME $MY_HOSTNAME >> /etc/hosts

export HOST=$MY_FULLHOSTNAME
export HOSTNAME=$MY_FULLHOSTNAME

SuSEconfig

# Postfix, Dovecot, MySQL

yast2 -i postfix postfix-mysql mysql-community-server mysql-community-server-client mysql-community-server-tools 
yast2 -i python cron
yast2 -i libmysqlclient-devel pwgen 
yast2 -i dovecot12 dovecot12-backend-mysql
yast2 -i bind

chkconfig --add mysql
chkconfig --add postfix
chkconfig --add dovecot
chkconfig --add named

test -d /lib64 && ln -s /usr/lib64/dovecot/modules /usr/lib/dovecot 

/etc/init.d/mysql start
/etc/init.d/postfix start
/etc/init.d/dovecot start
/etc/init.d/named start

# getmail

cd /tmp
rpm -i $GETMAIL_RPM

# pam

if [ "$THIS_PLATFORM" == "x86_64" ]; then 
    yast2 -i pam-devel pam-32bit pam-devel-32bit pam-modules-32bit
fi

if [ "$THIS_PLATFORM" == "i586" ]; then 
    yast2 -i pam-devel pam pam-modules
fi


# pam_mysql

cd /tmp
wget -c $PAM_MYSQL_TARGZ
tar xvfz pam_mysql-*.tar.gz
rm -rf pam_mysql-*.tar.gz
cd pam_mysql-*
./configure
make
make install
cd /tmp
rm -rf /tmp/pam_mysql-*

test -d /lib64 && cp /lib/security/pam_mysql* /lib64/security

# mysql_secure_installation

mysql_secure_installation

#(echo Y; echo $MYSQLROOTPASS; echo $MYSQLROOTPASS; echo; echo; echo; echo; echo; echo; echo; echo; echo; echo; echo; echo; echo; echo; ) 

# amavis, spam asassin, etc

yast2 -i spamassassin amavisd-new clamav clamav-db zoo unzip unrar bzip2 unarj perl-DBD-mysql

sa-update

# TODO: change /etc/amavisd.conf 

#$mydomain = "$MY_DOMAIN";   # a convenient default for other settings
#$myhostname = "$MY_HOSTNAME";

sed -i 's/\$mydomain = '\''example.com'\'';/\$mydomain='\'$MY_DOMAIN\'';\n\$myhostname='\'$MY_FULLHOSTNAME\'';/g' /etc/amavisd.conf

# Correct a path to clamd socket
sed -i 's,/var/run/clamav/clamd,/var/lib/clamav/clamd-socket,g' /etc/amavisd.conf

chkconfig --add amavis
chkconfig --add clamd
/etc/init.d/amavis start
/etc/init.d/clamd start

# Apache2

yast2 -i apache2 apache2-mod_fcgid

yast2 -i php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dom php5-ftp php5-gd php5-gettext php5-gmp php5-iconv php5-imap php5-ldap php5-mbstring php5-mcrypt php5-mysql php5-odbc php5-openssl php5-pcntl php5-pgsql php5-posix php5-shmop php5-snmp php5-soap php5-sockets php5-sqlite php5-sysvsem php5-tokenizer php5-wddx php5-xmlrpc php5-xsl php5-zlib php5-exif php5-fastcgi php5-pear php5-sysvmsg php5-sysvshm ImageMagick curl apache2-mod_php5

rpm -i $SUPHP_RPM

a2enmod suexec
a2enmod deflate
a2enmod rewrite
a2enmod ssl
a2enmod actions
a2enmod suphp
a2enmod fcgid
a2enmod logio
chown root:www /usr/sbin/suexec2
chmod 4755 /usr/sbin/suexec2

chkconfig --add apache2
/etc/init.d/apache2 start

# PhpMyAdmin

rpm -i $PHPMYADMIN_RPM

# FTP

yast2 -i pure-ftpd quota

chkconfig --add pure-ftpd
/etc/init.d/pure-ftpd start

# VLOGGER, WEBALIZER

cd /tmp
wget -c $VLOGGER_TARGZ
tar xvfz vlogger-*.tar.gz
rm -f vlogger-*.tar.gz
mv vlogger-*/vlogger /usr/sbin/
rm -rf vlogger*

yast2 -i webalizer perl-DateManip

# Fail2ban

yast2 -i fail2ban

chkconfig --add fail2ban
service fail2ban start

# Jailkit

cd /tmp
wget -c $JAILKIT_TARGZ
tar xvfz jailkit-*.tar.gz
rm -f jailkit-*.tar.gz
cd jailkit-*
./configure
make
make install
cd /tmp
rm -rf jailkit-*

# Synchronize system clock
# Remove this, if you are inside XENU

yast2 -i xntp

chkconfig --add ntp
/etc/init.d/ntp start

# ISPCONFIG

cd /tmp
wget -c $ISPCONFIG_TAR_GZ
tar xvfz ISPConfig-*.tar.gz
cd ispconfig3_install/install/

(echo; echo; echo $MY_FULLHOSTNAME; echo; echo; echo $MYSQLROOTPASS; echo; echo; echo; echo; echo; echo; echo; echo; echo; echo; echo; echo; ) | php -q install.php

cd /tmp
rm -rf /tmp/ispconfig3_install
rm -f /tmp/ISPConfig-*.tar.gz

# Squirrelmail 

rpm -i $SQUIRRELMAIL_RPM
ln -s /srv/www/htdocs/squirrelmail /usr/local/ispconfig/interface/web/webmail

# Symlink

ln -s /srv/www/htdocs/phpMyAdmin /usr/local/ispconfig/interface/web/phpmyadmin

sed -i 's/\"en_US\.UTF-8/\"en_US\.ISO-8859-1/g' /etc/sysconfig/language

sed -i 's/x\-httpd\-php\=\"php\:\/usr\/bin\/php\-cgi5\"/x-httpd-php="php:\/usr\/bin\/php-cgi5"\nx-httpd-suphp="php:\/usr\/bin\/php-cgi5"/g' /etc/suphp.conf

SuSEconfig

# Generate certificates

openssl genrsa -passout pass:0passphrase$MYSQLROOTPASS -des3 -out /etc/apache2/ssl.key/server.key 4096
(echo;echo;echo;echo;echo;echo;echo;echo;echo;echo;echo;echo;echo;echo;echo;) | openssl req -passin pass:0passphrase$MYSQLROOTPASS -new -key /etc/apache2/ssl.key/server.key -out /etc/apache2/ssl.csr/server.csr
openssl x509 -passin pass:0passphrase$MYSQLROOTPASS -req -days 3650 -in /etc/apache2/ssl.csr/server.csr -signkey /etc/apache2/ssl.key/server.key -out /etc/apache2/ssl.crt/server.crt
openssl rsa -passin pass:0passphrase$MYSQLROOTPASS -in /etc/apache2/ssl.key/server.key -out /etc/apache2/ssl.key/server.key.insecure
mv /etc/apache2/ssl.key/server.key /etc/apache2/ssl.key/server.key.secure
mv /etc/apache2/ssl.key/server.key.insecure /etc/apache2/ssl.key/server.key
a2enmod ssl

sed -i 's/.VirtualHost _default_\:8080./\<VirtualHost _default_\:8080\>\nSSLEngine On\nSSLCertificateFile \/etc\/apache2\/ssl.crt\/server.crt\nSSLCertificateKeyFile \/etc\/apache2\/ssl.key\/server.key/g' /etc/apache2/sites-available/ispconfig.vhost

sed -i 's/DirectoryIndex index.html index.html.var/DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php5 index.php4 index.php3 index.pl index.html.var index.aspx default.aspx/g' /etc/apache2/httpd.conf

# enable named hosts
sed -i 's/^#NameVirtualHost \*\:80$/NameVirtualHost *:80/g' /etc/apache2/listen.conf

sed -i 's,^Alias /error/,#Alias /error/,' /etc/apache2/errors.conf

sed -i 's/max_execution_time = 30/max_execution_time = 120/' /etc/php5/apache2/php.ini
sed -i 's/max_execution_time = 30/max_execution_time = 120/' /etc/php5/cli/php.ini
sed -i 's/max_execution_time = 30/max_execution_time = 120/' /etc/php5/fastcgi/php.ini

sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 32M/' /etc/php5/apache2/php.ini
sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 32M/' /etc/php5/cli/php.ini
sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 32M/' /etc/php5/fastcgi/php.ini

sed -i 's/post_max_size = 8M/post_max_size = 32M/' /etc/php5/apache2/php.ini
sed -i 's/post_max_size = 8M/post_max_size = 32M/' /etc/php5/cli/php.ini
sed -i 's/post_max_size = 8M/post_max_size = 32M/' /etc/php5/fastcgi/php.ini

sed -i 's/^error_reporting = .*/error_reporting = E_ALL \& ~E_DEPRECATED \& ~E_NOTICE/' /etc/php5/apache2/php.ini
sed -i 's/^error_reporting = .*/error_reporting = E_ALL \& ~E_DEPRECATED \& ~E_NOTICE/' /etc/php5/cli/php.ini
sed -i 's/^error_reporting = .*/error_reporting = E_ALL \& ~E_DEPRECATED \& ~E_NOTICE/' /etc/php5/fastcgi/php.ini

rcapache2 restart

# postfix certificate

(echo;echo;echo;echo;echo;echo;echo;echo;echo;echo;echo;echo;echo;echo;echo;) | openssl req -new -key /etc/postfix/smtpd.key -out /etc/postfix/smtpd.csr
openssl x509 -req -days 3650 -in /etc/postfix/smtpd.csr -signkey /etc/postfix/smtpd.key -out /etc/postfix/smtpd.cert

chmod o-rwx /etc/postfix/smtpd.csr
chmod o-rwx /etc/postfix/smtpd.cert

# rdiff-backup

yast2 -i python-devel librsync

cd tmp
wget -c $RDIFF_BACKUP_TARGZ
tar xfz rdiff-backup-*.tar.gz
rm -f rdiff-backup-*.tar.gz
cd rdiff-backup-*
./setup.py install
cd /tmp
rm -rf rdiff-backup-*

yast2 -i iptraf iftop

# create backup script

mkdir /backup
chown root:root /backup

mkdir /srvbackup_do
chown root:root /srvbackup_do
chmod og-rwx /srvbackup_do

cat > /srvbackup_do/dobackup.sh <<EOFMARKER2
#!/bin/bash

cd /srvbackup_do
sync
mysqladmin -p$MYSQLROOTPASS refresh
mysqlcheck -p$MYSQLROOTPASS -A --auto-repair

# backup into a single file
# mysqldump -p$MYSQLROOTPASS --all-databases >mysqldump.sql
# chmod og-rw mysqldump.sql

# backup into multiple files
rm -rf mysql
mkdir mysql
chown root:root mysql
chmod og-rwx mysql

for i in /var/lib/mysql/*/; do
    dbname=\`basename \$i\`

    echo >mysql/\$dbname.sql
    chown root:root mysql/\$dbname.sql
    chmod og-rwx mysql/\$dbname.sql

    mysqldump -p$MYSQLROOTPASS \$dbname >mysql/\$dbname.sql
    chown root:root mysql/\$dbname.sql
    chmod og-rwx mysql/\$dbname.sql
done

/usr/local/bin/rdiff-backup --preserve-numerical-ids --exclude /tmp --exclude /backup --exclude /mnt --exclude /proc --exclude /dev --exclude /sys --exclude /var/lib/ntp/proc --exclude /media --exclude /var/tmp / /backup/$MY_FULLHOSTNAME
EOFMARKER2

chown root:root /srvbackup_do/dobackup.sh
chmod og-rwx /srvbackup_do/dobackup.sh
chmod u+x /srvbackup_do/dobackup.sh

echo '51 3 * * * /srvbackup_do/dobackup.sh >> /var/log/backuplog 2>&1' >>/var/spool/cron/tabs/root

# Fail2ban config

cat > /etc/fail2ban/filter.d/dovecot-pop3imap.conf <<EOFMARKER4
[Definition]
failregex = (?: pop3-login|imap-login): (?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.*
ignoreregex =
EOFMARKER4


cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.def
cat > /etc/fail2ban/jail.conf <<EOFMARKER3
# Fail2Ban configuration file

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1

# "bantime" is the number of seconds that a host is banned.
bantime  = 600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 3

# "backend" specifies the backend used to get files modification. Available
# options are "gamin", "polling" and "auto". This option can be overridden in
# each jail too (use "gamin" for a jail and "polling" for another).
#
# gamin:   requires Gamin (a file alteration monitor) to be installed. If Gamin
#          is not installed, Fail2ban will use polling.
# polling: uses a polling algorithm which does not require external libraries.
# auto:    will choose Gamin if available and polling otherwise.
backend = auto


# This jail corresponds to the standard configuration in Fail2ban 0.6.
# The mail-whois action send a notification e-mail with a whois request
# in the body.

[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
logpath  = /var/log/messages
maxretry = 5

[ssh-ddos-iptables]

enabled  = true
filter   = sshd-ddos
action   = iptables[name=SSH, port=ssh, protocol=tcp]
logpath  = /var/log/messages
maxretry = 5


[proftpd-iptables]

enabled  = true
filter   = proftpd
action   = iptables[name=ProFTPD, port=ftp, protocol=tcp]
logpath  = /var/log/messages
maxretry = 6

[pure-ftpd-iptables]

enabled  = true
filter   = pure-ftpd
action   = iptables[name=PureFTPD, port=ftp, protocol=tcp]
logpath  = /var/log/messages
maxretry = 6

[courier-imap-iptables]

enabled  = true
filter   = courierlogin
action   = iptables[name=CourierIMAP, port=ftp, protocol=tcp]
logpath  = /var/log/messages
maxretry = 6

[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,imap,pop3s,imaps", protocol=tcp]
logpath = /var/log/mail
maxretry = 6


# This jail forces the backend to "polling".

[sasl-iptables]

enabled  = true
filter   = sasl
backend  = polling
action   = iptables[name=sasl, port=smtp, protocol=tcp]
logpath  = /var/log/mail

# Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
# used to avoid banning the user "myuser".

[ssh-tcpwrapper]

enabled     = true
filter      = sshd
action      = hostsdeny
ignoreregex = for myuser from
logpath     = /var/log/messages

[ssh-ddos-tcpwrapper]

enabled     = true
filter      = sshd-ddos
action      = hostsdeny
ignoreregex = for myuser from
logpath     = /var/log/messages


# This jail demonstrates the use of wildcards in "logpath".
# Moreover, it is possible to give other files on a new line.

[apache-tcpwrapper]

enabled  = true
filter	 = apache-auth
action   = hostsdeny
logpath  = /var/log/apache2/error_log
maxretry = 6

# The hosts.deny path can be defined with the "file" argument if it is
# not in /etc.

[postfix-tcpwrapper]

enabled  = true
filter   = postfix
action   = hostsdeny
logpath  = /var/log/mail
bantime  = 300

# Ban hosts which agent identifies spammer robots crawling the web
# for email addresses. The mail outputs are buffered.

[apache-badbots]

enabled  = true
filter   = apache-badbots
action   = iptables[name=BadBots1, port=http,  protocol=tcp]
           iptables[name=BadBots2, port=https, protocol=tcp]
logpath  = /var/log/apache2/access_log
bantime  = 172800
maxretry = 1

[php-url-fopen]

enabled = false
port    = http,https
filter  = php-url-fopen
logpath = /var/log/apache2/access_log
maxretry = 1

EOFMARKER3

# Ensure fail2ban recreates a socket file
# Because otherwise after a server crash, fail2ban won't restart

sed -i 's/-q start/-x -q start/' /etc/init.d/fail2ban

# Fix pure-ftpd regexp

sed -i 's/[)][?]: [(][.][+][?]@<HOST>[)] \\\[/)\?: \\(.+?@<HOST>\\) \\[/' /etc/fail2ban/filter.d/pure-ftpd.conf

service fail2ban restart

# Fix getmail user to allow running from cron

sed -i 's/getmail:[!]:/getmail:*:/' /etc/shadow

# Install AWSTATS

rpm -ivh $AWSTATS_RPM

chmod og+w /var/cache/awstats

cp /etc/awstats/awstats.web.conf /etc/awstats/awstats.conf
sed -i 's,^<IfDefine,#<IfDefine,'  /etc/apache2/conf.d/awstats.conf
sed -i 's,^</IfDefine,#</IfDefine,'  /etc/apache2/conf.d/awstats.conf

rcapache2 restart

mysqladmin -p$MYSQLROOTPASS refresh

mysqldump -u root -p$MYSQLROOTPASS dbispconfig server >/tmp/server.sql

sed -i 's,\\nawstats_data_dir=[^\\]*\\n,\\nawstats_data_dir=/var/cache/awstats\\n,' /tmp/server.sql
sed -i 's,\\nawstats_pl=[^\\]*\\n,\\nawstats_pl=/srv/www/cgi-bin/awstats.pl\\n,' /tmp/server.sql
sed -i 's,\\nawstats_buildstaticpages_pl=[^\\]*\\n,\\nawstats_buildstaticpages_pl=/usr/share/doc/packages/awstats/examples/awstats_buildstaticpages.pl\\n,' /tmp/server.sql

mysql -u root -p$MYSQLROOTPASS dbispconfig </tmp/server.sql

rm -rf /tmp/server.sql

#sed -i 's,^#LoadPlugin=\"geoipfree\",LoadPlugin=\"geoipfree\",' /etc/awstats/awstats.conf
sed -i 's,^Max\([^=]*\)= 10$,Max\1= 25,' /etc/awstats/awstats.conf
sed -i 's,^StyleSheet=\"[^\"]*\",StyleSheet=\"\",' /etc/awstats/awstats.conf


# Install eAccelerator

yast2 -i php5-devel

cd /tmp
wget $EACCELERATOR_TARGZ
tar xvfj eaccelerator-*.bz2
rm -rf eaccelerator-*.bz2
cd eaccelerator-*
phpize
# the flag is specified to prevent openbasedir limitations with ispconfig
./configure --without-eaccelerator-use-inode 
make
make install

cd ..
rm -rf eaccelerator-*

cat > /etc/php5/conf.d/eaccelerator.ini <<EOFMARKER4
extension="eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/var/cache/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
EOFMARKER4

mkdir -p /var/cache/eaccelerator
chmod 0777 /var/cache/eaccelerator

rcapache2 restart

# adjust postfix interfaces

sed -i 's/^inet_interfaces = localhost/inet_interfaces = all/g' /etc/postfix/main.cf
sed -i 's/^#tlsmgr/tlsmgr/g' /etc/postfix/master.cf

rcpostfix restart

# Fix squirrelmail

sed -i 's/^\$default_folder_prefix.*/$default_folder_prefix = '\'\'';/' /srv/www/htdocs/squirrelmail/config/config.php


# ============================
# Helper functions

function fix_pureftpd() {

sed -i 's/NoRename.*yes/NoRename no/g' "$1"
sed -i 's/AutoRename.*yes/AutoRename no/g' "$1"
sed -i 's/ProhibitDotFilesWrite.*yes/ProhibitDotFilesWrite no/g' "$1"
sed -i 's/# PassivePortRange.*30000 50000/PassivePortRange 30000 30500/g' "$1"
sed -i 's/LimitRecursion.*2000 8/LimitRecursion 20000 10/g' "$1"
sed -i 's/^Umask\ *.*$/Umask 137:027/' "$1"
sed -i 's/^MaxClientsNumber\ *10$/MaxClientsNumber 256/' "$1"
sed -i 's/^MaxClientsPerIP\ *3$/MaxClientsPerIP 16/' "$1"

}

function fix_dovecot() {

sed -i 's/^#listen =.*/listen = \*/g' "$1"
sed -i 's/^ssl = no/ssl = yes/g' "$1"
sed -i 's,#ssl_cert_file = .*,ssl_cert_file = /etc/ssl/certs/dovecot.pem,g' "$1"
sed -i 's,#ssl_key_file = .*,ssl_key_file = /etc/ssl/private/dovecot.pem,g' "$1"
sed -i 's,#mail_max_userip_connections = .*,mail_max_userip_connections = 32,g' "$1"
sed -i 's/#namespace private/namespace private {\n    separator = .\n    prefix =\n    inbox = yes\n}\n\nnamespace private {\n    separator = .\n    prefix = INBOX.\n    inbox = no\n    hidden = yes\n    list = no   # for v1.1+\n}\n\n# {changed} namespace private/g'  "$1"

}

function fix_customlog() {

sed -i 's/ent}i\\\"\" combined_ispconfig/ent}i\\\" %I %O" combined_ispconfig/g' "$1"
sed -i 's/LogFormat \"%v %h/LogFormat \"%v %a/g' "$1"

}


# ============================


if [ "$ISPCONFIG_SVN" == "yes" ]; then
# Update ISPConfig from SVN

    cd /tmp
    svn export svn://svn.ispconfig.org/ispconfig3/trunk/ ispconfigsvn
    cd ispconfigsvn/install

    fix_dovecot /tmp/ispconfigsvn/install/tpl/opensuse_dovecot.conf.master
    fix_pureftpd /tmp/ispconfigsvn/install/tpl/opensuse_pureftpd_conf.master

    fix_customlog /tmp/ispconfigsvn/server/conf/apache_ispconfig.conf.master            
    fix_customlog /tmp/ispconfigsvn/install/tpl/apache_ispconfig.conf.master
    fix_customlog /tmp/ispconfigsvn/install/dist/tpl/gentoo/apache_ispconfig.conf.master

    # Fix bug in one of SVN builds

    sed -i 's,install_dir'\''/interface,install_dir.'\''/interface,g' /tmp/ispconfigsvn/install/lib/installer_base.lib.php


    # Run update
    php -q update.php
    cd /tmp
    rm -rf /tmp/ispconfigsvn

fi


# =========================================================================
# Fix configuration files, overwritten by ISPConfig update
# Re-run these lines after ISP-Config update

# Pure-ftpd

fix_pureftpd /etc/pure-ftpd/pure-ftpd.conf

rcpure-ftpd restart

# Dovecot

fix_dovecot /etc/dovecot/dovecot.conf

cd /usr/share/doc/packages/dovecot
sh ./mkcert.sh
cd /

rcdovecot restart
rcpostfix restart

# CustomLog

fix_customlog /etc/apache2/sites-available/ispconfig.conf
fix_customlog /usr/local/ispconfig/server/conf/apache_ispconfig.conf.master
sed -i 's,^LogFormat=.*,LogFormat = "%host %other %logname %time1 %methodurl %code %other %refererquot %uaquot %other %bytesd",' /etc/awstats/awstats.conf
a2enmod logio

rcapache2 restart