github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-21 05:44:08 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: github:master
Branches Tags
github:master
github:cursor/provjera-i-prilagodba-php-koda-za-php-8-4-e6f8
github:ipv6
github:0.9.9-0-13
github:0.9.9-0-12
github:0.9.9-0-11
github:0.9.9-0-6
github:0.9.9-0-5
github:0.9.9-0-4
github:0.9.9-0-3
github:0.9.9-0
github:0.9.8-26-62
github:0.9.8-26-61
github:0.9.8-26-60
github:0.9.8-26-58
github:0.9.8-26-57
github:0.9.8-26-56
github:0.9.8-26-55
github:0.9.8-26-54
github:0.9.8-26-52
github:0.9.8-26-51
github:0.9.8-26-50
github:0.9.8-26-49
github:0.9.8-26-48
github:0.9.8-26-47
github:0.9.8-26-45
github:0.9.8-26-44
github:0.9.8-26-43
github:0.9.8-26-39
github:0.9.8-26-38
github:0.9.8-26-37
github:0.9.8-26-36
github:0.9.8-26-35
github:0.9.8-26-33
github:0.9.8-26-31
github:0.9.8-26-29
github:0.9.8-26-25
github:0.9.8-19
github:0.9.8-18
github:0.9.8-16
github:0.9.8-15
github:0.9.8-13
github:0.9.8-12
github:0.9.8-11
github:0.9.8-10
..
compare: github:0.9.9-0-11
Branches Tags
github:master
github:cursor/provjera-i-prilagodba-php-koda-za-php-8-4-e6f8
github:ipv6
github:0.9.9-0-13
github:0.9.9-0-12
github:0.9.9-0-11
github:0.9.9-0-6
github:0.9.9-0-5
github:0.9.9-0-4
github:0.9.9-0-3
github:0.9.9-0
github:0.9.8-26-62
github:0.9.8-26-61
github:0.9.8-26-60
github:0.9.8-26-58
github:0.9.8-26-57
github:0.9.8-26-56
github:0.9.8-26-55
github:0.9.8-26-54
github:0.9.8-26-52
github:0.9.8-26-51
github:0.9.8-26-50
github:0.9.8-26-49
github:0.9.8-26-48
github:0.9.8-26-47
github:0.9.8-26-45
github:0.9.8-26-44
github:0.9.8-26-43
github:0.9.8-26-39
github:0.9.8-26-38
github:0.9.8-26-37
github:0.9.8-26-36
github:0.9.8-26-35
github:0.9.8-26-33
github:0.9.8-26-31
github:0.9.8-26-29
github:0.9.8-26-25
github:0.9.8-19
github:0.9.8-18
github:0.9.8-16
github:0.9.8-15
github:0.9.8-13
github:0.9.8-12
github:0.9.8-11
github:0.9.8-10

No commits in common. "master" and "0.9.9-0-11" have entirely different histories.
master ... 0.9.9-0-11

281 changed files with 788 additions and 14940 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.gitignore vendored
View file

@ -4,6 +4,3 @@
*.gz
.vscode
.DS_Store
data
conf
log

207
Changelog.md
View file

@ -1,78 +1,15 @@
Version 0.9.9-0-13 [2025-08-15]
Version 0.9.9-0-11 [30-May-2024]
==================================================
* Improvement: Activating FileManager licence for all users (credits to Official VestaCP)
* Introducing a malware cleaning set of tools: v-install-wordfence-cli, v-desinfect-wordpress, v-fix-wordpress-core, v-change-database-password-for-wordpress, v-change-wordpress-admin-passwords, v-delete-inactive-wordpress-plugins-and-themes, v-delete-wordpress-uploads-php-files) (credits to isscbta)
* Improvement: Added support for PHP 8.3 and 8.4
* SRS support for Exim4 (v-add-srs-support-to-exim) (credits to HestiaCP)
* Security: Ensuring that PHP files are visible only to the account they belong to - setting chmod 600 for all .php and .env files (also added as admin cronjob - v-fix-website-permissions-for-all-websites-only-php)
* Added cronjob for disk usage snapshot (size of each folder) to see what folder is growing every day (v-df-snapshot-make, v-df-snapshot-diff [some-day-snapshot] [some-other-day-snapshot])
* Bugfix: SSL fix for Apache 2.4.65+ (fix for '421 Misdirected Request')
* Bugfix: vst-install-debian.sh: ability to install MySQL 8 on Debian 12
* Improvement: Update nginx block-firewall.conf when user blocks 80,443 ports for some IPv4 address in the Firewall section of the admin panel
* Improvement: v-install-wordpress: Support for IDN format domains
* Security: Adding ProFTPD jail rule to Fail2Ban
* Introducing: v-make-main-apache-log - making one log file for PHP requests for all websites
* Security: Introducing a new command: v-fix-php-ini-disable-functions
* Improvement: Introducing myVesta rules for SpamAssassin (enhancing spam filtering)
* Improvement: When deleting a domain, also delete the database if the domain has a database
* Bugfix: Removing temporary Docker container network interfaces from RRD
* Introducing v-run-wp-cli-myvesta that knows the correct terminal width
* Introducing a new command: v-cd-www alias for v-change-dir-www
* Introducing a new command: v-clear-fail2ban
* Introducing a new command: v-get-dns-config (to print zone file in bind9 format)
* Introducing a DISABLE_IP_CHECK as vesta.conf variable (if logged-in user is getting a new IPv4 address every minute)
* Security: Introducing a parse_object_kv_list_non_eval() function in main.sh, to avoid the evil eval command
* Security: Enhance package validation, in v-change-user-package 'eval' replaced with 'parse_object_kv_list_non_eval'
* Improvement: Replacing all WordPress scripts to use 'v-run-wp-cli' instead of 'wp'
* Improvement: v-install-wordpress: Almost always use https
* Improvement: Skip the prompt to continue during myVesta installation if the administrator has set all required variables in the command line
* Security: Jailing v-run-wp-cli (running WP-CLI as user, added open_basedir, disabling shell_exec() and other dangerous PHP functions)
* Security: v-commander: removing the ability to set a root password
* Bugfix: DKIM record deletion command in v-delete-mail-domain-dkim script
* Adding FTP / SFTP port for Remote Backup (credits to ikheetjeff)
* Introducing a new command: v-delete-mails - delete emails older than N days (credits to isscbta)
* Introducing new commands: v-blacklist-email-domain, v-blacklist-email-account, v-whitelist-email-domain, v-whitelist-email-account (credits to isscbta)
* Bugfix: v-move-folder-and-make-symlink: use 'mv' instead of 'rsync'
* Improvement: Calculate the size of directories on /hdd too
* Bugfix: v-move-domain-and-database-to-account: Update wordfence-waf.php
* Bugfix: v-add-letsencrypt-domain: Detecting valid status on wildcard variant
* Bugfix: db.sh and v-clone-website: mysqldump --max_allowed_packet=1024M
* Bugfix: web/index.php: Prevent recreation of token by shitty browser add-ons
* Bugfix: v-restore-user: permissions fix while restoring backup
* Bugfix: Add some loops due to 403 errors during LE request in some random cases
* Improvement: v-clone-website: adding --EXCLUDE_UPLOADS parameter
* Bugfix: vst-install-debian.sh - removing phppgadmin
* Bugfix: v-update-firewall: $FIREWALL_STATEFUL conf variable (for Infomaniak VPS servers)
* Bugfix: Awstats template for all systems does not have a closed bracket in line 27 (credits to gkirde)
* Bugfix: Update v-import-cpanel-backup - removing /*!999999\- enable the sandbox mode */
* Bugfix: Small PHP syntax fixes in the admin panel
* Introducing nginx template 'wprocket-webp-express-force-https' (credits to Luka Paunovic)
* Improvement: Added functions to check if a domain or user is unsuspended in main.sh
* Introducing a new command: v-update-document-errors-files
* Improvement: new v-backup-user-now command does backup even if the system Load Average is above the limit, or the administrator configured backups to perform only at night
* Improvement: v-install-wp-cli and v-install-wp-cli-myvesta - automatically updates if wp-cli is 30 days old
* Bugfix: Check for SSL certificate existence before deleting web domain SSL in v-install-unsigned-ssl
* Improvement: v-install-wordpress: avoid changing nginx proxy template in apache-less variant
* Added to .gitignore excludes for 'data', 'conf', and 'log' folders
* And many other minor bugfixes and improvements...
Version 0.9.9-0-12 [2025-02-28]
==================================================
* SpamHaus DNSBL removed from exim4
* A lot of small bugs fixed
Version 0.9.9-0-11 [2024-05-30]
==================================================
* Introducing v-run-wp-cli command ( @isscbta )
* Introducing v-add-wordpress-admin command ( @isscbta )
* Introducing v-run-wp-cli command
* Introducing v-add-wordpress-admin command
* Few bugs fixed
Version 0.9.9-0-10 [2024-04-11]
Version 0.9.9-0-10 [11-Apr-2024]
==================================================
* Introducing v-edit-php-ini command ( @isscbta )
* Introducing v-edit-domain-php-ini command ( @isscbta )
* Introducing v-edit-php-ini command
* Introducing v-edit-domain-php-ini command
Version 0.9.9-0-9 [2024-04-05]
Version 0.9.9-0-9 [05-Apr-2024]
==================================================
* Get quick info about a banned IP (Host, Banlist, Location) (many thanks to @VasilisParaschos )
* Few bugs fixed
@ -81,31 +18,31 @@ Version 0.9.9-0-5 to 0.9.9-0-8
==================================================
* Few bugs fixed
Version 0.9.9-0-4 [2023-06-27]
Version 0.9.9-0-4 [27-Jun-2023]
==================================================
* Support for Debian 12 ( in mutual cooperation with @HestiaCP )
Version 0.9.9-0-2 [2023-06-12]
Version 0.9.9-0-2 [12-Jun-2023]
==================================================
* Hosting panel UI perfomance fix
Version 0.9.9-0 [2023-06-05]
Version 0.9.9-0 [05-Jun-2023]
==================================================
* Redesign of hosting panel
* Fix for WP_CACHE_KEY_SALTs in v-clone-website command
* Fix for "Helo name contains a ip address" in Exim4
* Fix for Exim4 for punycode domains (in collaboration with @HestiaCP )
Version 0.9.8-26-62 [2023-04-05]
Version 0.9.8-26-62 [05-Apr-2023]
==================================================
* Fix for LetsEncrypt Asynchronous Order Finalization (in collaboration with @HestiaCP )
Version 0.9.8-26-61 [2023-04-04]
Version 0.9.8-26-61 [04-Apr-2023]
==================================================
* Many bugfixes
* Hotfix for LetsEncrypt to prevent Apache falling
Version 0.9.8-26-60 [2023-02-12]
Version 0.9.8-26-60 [12-Feb-2023]
==================================================
* New script: v-commander (useful for maintaining the server)
* New script: v-activate-rocket-nginx (serve WP-Rocket cache directly from nginx)
@ -113,7 +50,7 @@ Version 0.9.8-26-60 [2023-02-12]
* v-clone-website: By default cloning to database: user_domain_com (instead of cloning to database: user_old_db_migrated)
* Many minor bugfixes
Version 0.9.8-26-59 [2023-02-01]
Version 0.9.8-26-59 [01-Feb-2023]
==================================================
* Support for PHP 8.2
* New script: v-move-folder-and-make-symlink
@ -121,82 +58,82 @@ Version 0.9.8-26-59 [2023-02-01]
* v-install-wordpress: Installing WordPress to user_domain_com database instead of installing to user_wp database
* Many minor bugfixes
Version 0.9.8-26-58 [2022-07-12]
Version 0.9.8-26-58 [12-Jul-2022]
==================================================
* [Security] hash_equals() in /reset/mail/ (credits to @divinity76 )
* Avoid out-of-memory while downloading large log files from panel (credits to @divinity76 )
* Fix for an boring PHP Notice in vesta-php
Version 0.9.8-26-57 [2022-07-06]
Version 0.9.8-26-57 [06-Jul-2022]
==================================================
* Fix for GMail SMTP timeouts on Debian11
* [Security] Fix for Local Sed Injection Vulnerability ( credits to @cleemy-desu-wayo )
Version 0.9.8-26-56 [2022-05-28]
Version 0.9.8-26-56 [28-May-2022]
==================================================
* Adding Barracuda RBL to SpamAssassin
* Fixing insane HTML form bug in List backup items page
* Script for easy adding second IP address for SMTP authenticated users only (v-make-separated-ip-for-email)
Version 0.9.8-26-55 [2022-04-26]
Version 0.9.8-26-55 [26-Apr-2022]
==================================================
* Support for MySQL 8
* [Security] Preventing brute-force resetting password (thanks to HestiaCP @hestiacp for fix)
* Many minor bugfixes
Version 0.9.8-26-54 [2021-12-17]
Version 0.9.8-26-54 [17-Dec-2021]
==================================================
* Checking if FreshClam is started after installation
Version 0.9.8-26-53 [2021-12-12]
Version 0.9.8-26-53 [12-Dec-2021]
==================================================
* Support for PHP 8.1
* Function to ensure that pool.d folders are not empty
Version 0.9.8-26-52 [2021-11-23]
Version 0.9.8-26-52 [23-Nov-2021]
==================================================
* Fix for not to match wildcard "*domains" and "databases*" while restoring
* Added memcached to v-list-sys-services
Version 0.9.8-26-51 [2021-11-14]
Version 0.9.8-26-51 [14-Nov-2021]
==================================================
* Many fixes for "List services" page (v-list-sys-services function)
Version 0.9.8-26-50 [2021-11-07]
Version 0.9.8-26-50 [07-Nov-2021]
==================================================
* Many small bugfixes and CSRF fixes
Version 0.9.8-26-49 [2021-07-17]
Version 0.9.8-26-49 [17-Jul-2021]
==================================================
* Support for Debian 11
Version 0.9.8-26-48 [2021-07-11]
Version 0.9.8-26-48 [11-Jul-2021]
==================================================
* Fixed two bugs in LetsEncrypt generating process
Version 0.9.8-26-47 [2021-05-30]
Version 0.9.8-26-47 [30-May-2021]
==================================================
* Enabling TLS for ProFTPD FTPS
* More logical "Restore backup" template
Version 0.9.8-26-46 [2021-04-17]
Version 0.9.8-26-46 [17-Apr-2021]
==================================================
* [Feature] Updating CloudFlare IP addresses
Version 0.9.8-26-45 [2021-04-13]
Version 0.9.8-26-45 [13-Apr-2021]
==================================================
* [Feature] Logging whole LetsEncrypt process to /usr/local/vesta/log/letsencrypt.log and /usr/local/vesta/log/letsencrypt_cron.log
* [Feature] Warn admin once (by sending email) if LetsEncrypt renewing failed for server hostname
* [Bugfix] Correct truncating of CA LetsEncrypt certificate (thanks to HestiaCP @hestiacp for fix)
Version 0.9.8-26-44 [2021-04-04]
Version 0.9.8-26-44 [04-Apr-2021]
==================================================
* [Security] Preventing denial-of-service in openssl library in vesta-nginx service (CVE-2021-3449)
* [Security] Preventing admin to install non-vesta packages from vesta admin panel user interface (Credits to: Numan Türle @numanturle)
* [Bugfix] Preventing multiple execution of v-backup-users
* [UserInterface] CSS fix for Apache status table (Credits to: Milos Spasic)
Version 0.9.8-26-43 [2021-03-15]
Version 0.9.8-26-43 [15-Mar-2021]
==================================================
* [Security] fix for: CSRF remote code execution in UploadHandler.php - CVE-2021-28379 (Credits to: Fady Osman @fady_othman)
* [Security] fix for: Local privilege escalation from user account to admin account via v-add-web-domain (Credits to: Two independent security researchers, Marti Guasch Jiménez and Francisco Andreu Sanz, working with the SSD Secure Disclosure program) (and also thanks to HestiaCP @hestiacp for fix)
@ -206,62 +143,62 @@ Version 0.9.8-26-43 [2021-03-15]
* [Security] fix for: Admin to root escalation in v-activate-vesta-license (Credits to: Numan Türle @numanturle)
* [Security] Ensure HTML will not be displayed in list log page (Credits to: Kristan Kenney @kristankenney, thanks to HestiaCP @hestiacp for fix)
Version 0.9.8-26-42 [2021-02-26]
Version 0.9.8-26-42 [26-Feb-2021]
==================================================
* [Feature] Support for PHP 8.0, see: https://forum.myvestacp.com/viewtopic.php?f=18&t=52
* [Bugfix] Making sure Apache is in mpm_event mode
Version 0.9.8-26-41 [2021-02-11]
Version 0.9.8-26-41 [11-Feb-2021]
==================================================
* Few bugfixes
Version 0.9.8-26-40 [2021-02-08]
Version 0.9.8-26-40 [08-Feb-2021]
==================================================
* Few bugfixes
Version 0.9.8-26-39 [2020-12-12]
Version 0.9.8-26-39 [12-Dec-2020]
==================================================
* [Security] Fixing useless issue with tokens in "download backup" and "loginas" functions (thanks to HestiaCP for fixes)
* [Security] Fixing XSS in /list/rrd/?period= value
Version 0.9.8-26-38 [2020-12-05]
Version 0.9.8-26-38 [05-Dec-2020]
==================================================
* [Security] Fixing Apache status public access (thanks to HestiaCP for letting us know)
Version 0.9.8-26-37 [2020-10-26]
Version 0.9.8-26-37 [26-Oct-2020]
==================================================
* [Bugfix] Fixing LetsEncrypt deprecated GET method for ACME v2 (thanks to @moucho)
* [Bugfix] Fixing Roundcube to send via authenticated SMTP user instead via php
Version 0.9.8-26-36 [2020-09-10]
Version 0.9.8-26-36 [10-Sep-2020]
==================================================
* [Bugfix] Checking necessary available disk space before doing backup
* [Security] Disabling login with 'root'
Version 0.9.8-26-35 [2020-08-23]
Version 0.9.8-26-35 [23-Aug-2020]
==================================================
* [Feature] Limiting max recipients per email to 15, in order to prevent mass spamming
* [Bugfix] While restoring backup, only exclude logs folder from root, not in public_html
Version 0.9.8-26-34 [2020-08-19]
Version 0.9.8-26-34 [19-Aug-2020]
==================================================
* [Bugfix] Split long DNS TXT entries into 255 chunks
Version 0.9.8-26-33 [2020-08-16]
Version 0.9.8-26-33 [16-Aug-2020]
==================================================
* [Feature] Ability to set some domain to send emails from another IP (command: v-make-separated-ip-for-email-domain)
Version 0.9.8-26-32 [2020-08-02]
Version 0.9.8-26-32 [02-Aug-2020]
==================================================
* [Feature] v-replace-in-file command introduced
* [Security] Making sure new myVesta commands can be called only by root
Version 0.9.8-26-31 [2020-07-30]
Version 0.9.8-26-31 [30-Jul-2020]
==================================================
* [Feature] v-import-cpanel-backup command moved to vesta-bin folder (becoming standard myVesta command)
* Starting to log auto-update output
Version 0.9.8-26-30 [2020-07-26]
Version 0.9.8-26-30 [26-Jul-2020]
==================================================
* New ASCII logo in installer
* Deleted favicon when user don't know secret-url of hosting panel
@ -269,14 +206,14 @@ Version 0.9.8-26-30 [2020-07-26]
* [bugfix] Minor fix of URL for templates in v-update-dns-templates
* [bugfix] Minor fixes in installer
Version 0.9.8-26-29 [2020-07-21]
Version 0.9.8-26-29 [21-Jul-2020]
==================================================
* [Feature] v-clone-website command moved to vesta-bin folder (becoming standard myVesta command)
* [Feature] v-migrate-site-to-https command moved to vesta-bin folder (becoming standard myVesta command)
* [Bugfix] Fix for ClamAV socket
* Changing Vesta to myVesta in title of hosting panel pages
Version 0.9.8-26-28 [2020-07-15]
Version 0.9.8-26-28 [15-Jul-2020]
==================================================
* [Feature] v-install-wordpress command introduced
* [Feature] v-move-domain-and-database-to-account command introduced
@ -284,37 +221,37 @@ Version 0.9.8-26-28 [2020-07-15]
* [Bugfix] Fix for LetsEncrypt issuing in apache-less variant (nginx + php-fpm variant)
* [Bugfix] Fix for configuring phpMyAdmin DB in apache-less variant (nginx + php-fpm variant)
Version 0.9.8-26-27 [2020-07-05]
Version 0.9.8-26-27 [05-Jul-2020]
==================================================
* [Feature] Admins now see changelog when they open myVesta panel after myVesta get updated (changelog will dissapear on next refresh)
* [Bugfix] Better control of opened SMTP concurrent connections (preventing denial-of-service of SMTP) on fresh installed servers - https://github.com/myvesta/vesta/commit/c57b15b5daca2a0ea88ee6a89a2ff5a4ef47d2a3
* Second tuning of php-fpm pool.d config files (perfomances and limits)
Version 0.9.8-26-26 [2020-06-27]
Version 0.9.8-26-26 [27-Jun-2020]
==================================================
* [Feature] Self-signed SSL will be automaticaly added when you add new domain (CloudFlare is fine with that, you don't need LetsEncrypt anymore if you use CloudFlare as reverse-proxy(CDN+Firewall), just set "Full" in SSL section on CloudFlare)
* [Feature] Script for adding self-signed SSL to desired domain [v-install-unsigned-ssl]
* From now, on fresh installed server, default backup cron goes at Saturday at 01 AM (instead of everyday at 05 AM)
* New favicon for hosting panel
Version 0.9.8-26-25 [2020-06-23]
Version 0.9.8-26-25 [23-Jun-2020]
==================================================
* [Security] Fixing unnecessary slash in nginx configs for phpmyadmin and roundcube (Credits to Bernardo Berg @bberg1984 for finding this issue!)
* [Security] Adding escapeshellarg on few more places in php code (Credits to Talha Günay and @Lupul for finding these places)
Version 0.9.8-26-24 [2020-06-22]
Version 0.9.8-26-24 [22-Jun-2020]
==================================================
* [Bugfix] nginx + php-fpm installer variant now finally works
Version 0.9.8-26-23 [2020-06-14]
Version 0.9.8-26-23 [14-Jun-2020]
==================================================
* Adding label that LetsEncrypt can be added when you Edit domain
Version 0.9.8-26-22 [2020-06-13]
Version 0.9.8-26-22 [13-Jun-2020]
==================================================
* [Bugfix] Checking (in order to delete) php7.4 pool config file while deleting domain
Version 0.9.8-26-21 [2020-06-13]
Version 0.9.8-26-21 [13-Jun-2020]
==================================================
* [Feature] Blocking executable files inside archives in received emails (ClamAV)
* [Bugfix] Removing ability to schedule LetsEncrypt issuing while adding new domain (because it can fall in infinite loop whole day)
@ -323,82 +260,82 @@ Version 0.9.8-26-21 [2020-06-13]
* [Bugfix] Script that removes depricated 'ssl on;' in nginx templates
* [Security] Ensure UPDATE_SSL_SCRIPT is not set in some config files
Version 0.9.8-26-20 [2020-06-01]
Version 0.9.8-26-20 [01-Jun-2020]
==================================================
* [Bugfix] Script that will ensure that Apache2 will always stay in mpm_event mode
* [Bugfix] Ensure config files will not be overwritten while updating vesta-nginx package
* [Bugfix] Fixing URL in v-update-web-templates script
* [Feature] Additional rates for nginx anti-denial-of-service templates
Version 0.9.8-26-19 [2020-05-15]
Version 0.9.8-26-19 [15-May-2020]
==================================================
* [Bugfix] Do not match subdomains while restoring domain [v-restore-user]
Version 0.9.8-26-18 [2020-05-15]
Version 0.9.8-26-18 [15-May-2020]
==================================================
* [Bugfix] Fixing NS parameters in v-add-dns-on-web-alias
Version 0.9.8-26-17 [2020-05-15]
Version 0.9.8-26-17 [15-May-2020]
==================================================
* [Bugfix] Reverting default clamav socket path
* [Bugfix] Put mail_max_userip_connections = 50 in dovecot
Version 0.9.8-26-16 [2020-05-15]
Version 0.9.8-26-16 [15-May-2020]
==================================================
* [Bugfix] Allow quick restarting of nginx if acme-challenge should be added many times
* [Bugfix] Enabling email notification to fresh installed servers about backup success status
* [Bugfix] Timeout 10 sec for apache2 status
Version 0.9.8-26-15 [2020-05-09]
Version 0.9.8-26-15 [09-May-2020]
==================================================
* [Feature] nginx templates that can prevent denial-of-service on your server
* First tuning php-fpm pool.d config files (perfomances and limits)
* New logo
Version 0.9.8-26-14 [2020-05-08]
Version 0.9.8-26-14 [08-May-2020]
==================================================
* v-clone-website script switched to parameters
* Display new version in console while updating myVesta
Version 0.9.8-26-13 [2020-05-07]
Version 0.9.8-26-13 [07-May-2020]
==================================================
* [Feature] Put build date and version in right-bottom corner of control panel
Version 0.9.8-26-12 [2020-05-07]
Version 0.9.8-26-12 [07-May-2020]
==================================================
* [Feature] Put build date and version while compiling myVesta
* [Feature] Office365 DNS template
* [Feature] Yandex DNS template
* ProFTPD MaxIstances = 100 for fresh installed servers
Version 0.9.8-26-11 [2020-05-01]
Version 0.9.8-26-11 [01-May-2020]
==================================================
* [Feature] Skipping LE renewing after 7 failed attempts
* [Bugfix] Keep conf files during auto-update
* [Bugfix] Do not restart apache while preparing letsencrypt acme challenge
* [Bugfix] Set ALLOW_BACKUP_ANYTIME='yes' for fresh installed servers
Version 0.9.8-26-10 [2020-04-11]
Version 0.9.8-26-10 [11-Apr-2020]
==================================================
* [Feature] Creating v-normalize-restored-user script (normalize NS1, NS2 and IP of account that is backuped on other server and restored on this server)
* Tweak for hostname FPM conf
* [Security] Forbid changing root password (Credits to Alexandre ZANNI, Orange Cyberdefense, https://cyberdefense.orange.com)
* [Security] Importing system enviroment in v-change-user-password (Credits to Alexandre ZANNI, Orange Cyberdefense, https://cyberdefense.orange.com)
Version 0.9.8-26-9 [2020-03-23]
Version 0.9.8-26-9 [23-Mar-2020]
==================================================
* [Security] Preventing manipulation with $SERVER['HTTP_HOST'] (Credits to @mdisec - Managing Partner of PRODAFT / INVICTUS A.Ş. Master ninja at pentest.blog)
Version 0.9.8-26-8 [2020-03-23]
Version 0.9.8-26-8 [23-Mar-2020]
==================================================
* [Security] Temporary fix for parsing backup conf (Credits to @dreiggy - https://pentest.blog/vesta-control-panel-second-order-remote-code-execution-0day-step-by-step-analysis/)
Version 0.9.8-26-7 [2020-03-18]
Version 0.9.8-26-7 [18-Mar-2020]
==================================================
* [Bugfix] Fix that avoid LetsEncrypt domain validation timeout
* [Bugfix] Set timeout in v-list-sys-web-status script
Version 0.9.8-26-6 [2020-02-21]
Version 0.9.8-26-6 [21-Feb-2020]
==================================================
* [Bugfix] mail-wrapper.php from now works
* [Feature] Introducing NOTIFY_ADMIN_FULL_BACKUP, email notification about backup success status
@ -406,7 +343,7 @@ Version 0.9.8-26-6 [2020-02-21]
* [Feature] Introducing force-https-webmail-phpmyadmin nginx template
* [Feature] Trigger for /root/update_firewall_custom.sh
Version 0.9.8-26-5 [2020-02-10]
Version 0.9.8-26-5 [10-Feb-2020]
==================================================
* [Security] sudoers fix for Debian10
* [Feature] [Script that will migrate your site from http to https, replacing http to https URLs in database](https://github.com/myvesta/vesta/blob/master/src/deb/for-download/tools/v-migrate-site-to-https)
@ -415,7 +352,7 @@ Version 0.9.8-26-5 [2020-02-10]
* [Bugfix] Roundcube force https
* [Bugfix] Exim compatibility with Loopia for Debian10
Version 0.9.8-26-4 [2020-01-07]
Version 0.9.8-26-4 [07-Jan-2020]
==================================================
* [Feature] Allow whitelisting specific IP for /api/
* [Feature] Allow whitelisting specific IP to avoid secret_url
@ -423,11 +360,11 @@ Version 0.9.8-26-4 [2020-01-07]
* [Bugfix] apparmor install fix again
* [Bugfix] Turning off MariaDB SQL strict mode
Version 0.9.8-26-3 [2019-11-26]
Version 0.9.8-26-3 [26-Nov-2019]
==================================================
* [Bugfix] Better check if session cron already added
Version 0.9.8-26-2 [2019-11-15]
Version 0.9.8-26-2 [15-Nov-2019]
==================================================
* [Feature] Support for sub-sub-sub-sub versions :))
* [Bugfix] Support for longer username of email accounts
@ -435,7 +372,7 @@ Version 0.9.8-26-2 [2019-11-15]
* [Bugfix] Trying to fix ClamAV broken socket
* Moving to myvestacp.com
Version 0.9.8-26 [2019-09-28]
Version 0.9.8-26 [28-Sep-2019]
==================================================
* [Bugfix] Let's Encrypt HTTP/2 support (by @serghey-rodin)
* [Bugfix] Fixing broken autoreply output

14
bin/v-activate-rocket-nginx
View file

@ -75,20 +75,18 @@ fi
# Changing Proxy Template
# Check if the proxy template is already set correctly
current_template=$(/usr/local/vesta/bin/v-list-web-domain $user $domain | grep 'PROXY:' | awk '{print $2}')
if [ "$current_template" == "wprocket-force-https" ] || [ "$current_template" == "wprocket-hosting" ] || [ "$current_template" == "wprocket-webp-express-force-https" ]; then
if [ "$current_template" == "wprocket-force-https" ] || [ "$current_template" == "wprocket-hosting" ]; then
echo "Proxy Template is already set up correctly"
else
# Prompt the user to choose whether to force HTTPS or not
echo "Do you want to use wprocket-hosting template, wprocket-force-https template or wprocket-webp-express-force-https template (h/f/w):"
echo "Do you want to force-https in your Proxy Template or not (y/n):"
read answer
# Change the proxy template based on the user's choice
if [ "$answer" == "h" ]; then
/usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-hosting"
elif [ "$answer" == "f" ]; then
if [ "$answer" == "y" ]; then
/usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-force-https"
elif [ "$answer" == "w" ]; then
/usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-webp-express-force-https"
else
/usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-hosting"
fi
echo "Proxy Template is ready"
@ -128,7 +126,7 @@ else
chown $user:$user /home/$user/web/$domain/cron.log
case $fpm_ver in
5.6 | 7.0 | 7.1 | 7.2 | 7.3 | 7.4 | 8.0 | 8.1 | 8.2 | 8.3)
5.6 | 7.0 | 7.1 | 7.2 | 7.3 | 7.4 | 8.0 | 8.1 | 8.2)
/usr/local/vesta/bin/v-add-cron-job "$user" "*/15" "*" "*" "*" "*" "cd /home/$user/web/$domain/public_html; /usr/bin/php$fpm_ver wp-cron.php >/home/$user/web/$domain/cron.log 2>&1"
;;
esac

7
bin/v-add-firewall-ban
View file

@ -72,13 +72,6 @@ $iptables -I fail2ban-$chain 1 -s $ip \
# Changing permissions
chmod 660 $conf
# nginx deny rules conf
if [ "$chain" = "WEB" ] && [ -f "/etc/nginx/conf.d/block.conf" ]; then
if ! grep -q "deny $ip;" /etc/nginx/conf.d/block.conf; then
echo "deny $ip;" >> /etc/nginx/conf.d/block.conf
systemctl reload nginx
fi
fi
#----------------------------------------------------------#
# Vesta #

10
bin/v-add-firewall-rule
View file

@ -83,16 +83,6 @@ sort_fw_rules
# Updating system firewall
$BIN/v-update-firewall
if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
if [ "$port_ext" == "80,443" ] && [ "$action" == "DROP" ]; then
touch /etc/nginx/conf.d/block-firewall.conf
if ! grep -q "deny $ip;" /etc/nginx/conf.d/block-firewall.conf; then
echo "deny $ip;" >> /etc/nginx/conf.d/block-firewall.conf
systemctl restart nginx
fi
fi
fi
#----------------------------------------------------------#
# Vesta #

32
bin/v-add-letsencrypt-domain
View file

@ -154,11 +154,6 @@ for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
done
payload=$(echo "$payload"|sed "s/,$//")
payload=$payload']}'
# validation='pending'
# # Start counter to avoid infinite loop
# i=0
# while [ "$validation" = 'pending' ]; do
# echo "[$(date)] : ----------------------- step 2 loop, counter \$i=$i -----------------------" >> /usr/local/vesta/log/letsencrypt.log
echo "[$(date)] : payload=$payload" >> /usr/local/vesta/log/letsencrypt.log
echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
answer=$(query_le_v2 "$url" "$payload" "$nonce")
@ -173,19 +168,10 @@ order=$(echo -e "$answer" | grep -i location | cut -f2 -d \ | tr -d '\r\n')
echo "[$(date)] : order=$order" >> /usr/local/vesta/log/letsencrypt.log
status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
validation=$(echo "$answer" | grep 'status":' | cut -f4 -d '"')
echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log
if [[ "$status" -ne 201 ]]; then
echo "[$(date)] : EXIT=Let's Encrypt new auth status $status" >> /usr/local/vesta/log/letsencrypt.log
check_result $E_CONNECT "Let's Encrypt new auth status $status"
fi
# # Exit the loop after 5 attempts
# i=$((i + 1))
# if [ $i -gt 5 ]; then
# break
# fi
# sleep 2
# done
# Requesting authorization token / STEP 3
echo "[$(date)] : --- Requesting authorization token / STEP 3 ---" >> /usr/local/vesta/log/letsencrypt.log
@ -290,9 +276,7 @@ for auth in $authz; do
# Doing pol check on status
i=1
while [ "$validation" = 'pending' ]; do
i=0
while true; do
echo "[$(date)] : ----------------------- Doing pol check on status, counter \$i=$i -----------------------" >> /usr/local/vesta/log/letsencrypt.log
echo "[$(date)] : - Doing pol check on status" >> /usr/local/vesta/log/letsencrypt.log
payload='{}'
echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
answer=$(query_le_v2 "$url" "$payload" "$nonce")
@ -305,20 +289,6 @@ for auth in $authz; do
echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
if [[ $(echo "$answer" | grep 'addressesResolved') != "" ]]; then
break
fi
if [ "$wildcard" = 'yes' ]; then
if [[ $(echo "$answer" | grep '"status": "valid"') != "" ]]; then
break
fi
fi
i=$((i + 1))
if ((i > 30)); then
break
fi
sleep 2
done
if [[ "$status" -ne 200 ]]; then
echo "[$(date)] : EXIT=Let's Encrypt validation status $status" >> /usr/local/vesta/log/letsencrypt.log
check_result $E_CONNECT "Let's Encrypt validation status $status"

77
bin/v-add-srs-support-to-exim
View file

@ -1,77 +0,0 @@
#!/bin/bash
gen_pass() {
MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
if [ -z "$1" ]; then
LENGTH=32
else
LENGTH=$1
fi
while [ ${n:=1} -le $LENGTH ]; do
PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}"
let n+=1
done
echo "$PASS"
}
eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}')
if (( $(echo "$eximversion < 4.96" | bc -l) )); then
echo "= ERROR: Exim SRS support requires Exim 4.96 or higher."
echo "You have Exim $eximversion"
exit 1;
fi
echo "=== Addind SRS support to Exim4 ==="
# SRS support is taken from HestiaCP
if [ ! -f "/etc/exim4/srs.conf" ]; then
echo "= Generating SRS KEY"
srs=$(gen_pass 16)
echo $srs > /etc/exim4/srs.conf
chmod 640 /etc/exim4/srs.conf
chown root:Debian-exim /etc/exim4/srs.conf
fi
if [ ! -f "/etc/exim4/exim4.conf.template.backup-without-srs" ]; then
echo "= Backing up /etc/exim4/exim4.conf.template"
cp /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template.backup-without-srs
fi
if ! /usr/local/vesta/bin/v-grep 'SRS_SECRET = ' '/etc/exim4/exim4.conf.template' '-q'; then
echo "= Adding: SRS_SECRET = readfile /etc/exim4/srs.conf"
v-sed 'smtputf8_advertise_hosts =' 'smtputf8_advertise_hosts =\n\nSRS_SECRET = ${readfile{/etc/exim4/srs.conf}}' '/etc/exim4/exim4.conf.template'
fi
if ! /usr/local/vesta/bin/v-grep 'if outbound, and forwarding has been done, use an alternate transport' '/etc/exim4/exim4.conf.template' '-q'; then
echo "= Patching \"dnslookup:\" block"
/usr/local/vesta/bin/v-php-func "replace_in_file_once_between_including_borders" "/etc/exim4/exim4.conf.template" 'dnslookup:' ' no_more' 'dnslookup:\n driver = dnslookup\n # if outbound, and forwarding has been done, use an alternate transport\n domains = ! +local_domains\n transport = ${if eq {$local_part@$domain} \\n {$original_local_part@$original_domain} \\n {remote_smtp} {remote_forwarded_smtp}}\n no_more'
fi
if ! /usr/local/vesta/bin/v-grep 'inbound_srs:' '/etc/exim4/exim4.conf.template' '-q'; then
echo "= Adding \"inbound_srs\" and \"inbound_srs_failure\" blocks"
v-sed 'aliases:' 'inbound_srs:\n driver = redirect\n senders = :\n domains = +local_domains\n # detect inbound bounces which are converted to SRS, and decode them\n condition = ${if inbound_srs {$local_part} {SRS_SECRET}}\n data = $srs_recipient\n\ninbound_srs_failure:\n driver = redirect\n senders = :\n domains = +local_domains\n # detect inbound bounces which look converted to SRS but are invalid\n condition = ${if inbound_srs {$local_part} {}}\n allow_fail\n data = :fail: Invalid SRS recipient address\n\naliases:' '/etc/exim4/exim4.conf.template'
fi
if ! /usr/local/vesta/bin/v-grep 'remote_forwarded_smtp:' '/etc/exim4/exim4.conf.template' '-q'; then
echo "= Adding \"remote_forwarded_smtp:\" block"
v-sed 'procmail:\n driver = pipe' 'remote_forwarded_smtp:\n driver = smtp\n dkim_domain = DKIM_DOMAIN\n dkim_selector = mail\n dkim_private_key = DKIM_PRIVATE_KEY\n dkim_canon = relaxed\n dkim_strict = 0\n hosts_try_fastopen = \n hosts_try_chunking = !93.188.3.0/24\n message_linelength_limit = 1G\n # modify the envelope from, for mails that we forward\n max_rcpt = 1\n return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}\n\nprocmail:\n driver = pipe' '/etc/exim4/exim4.conf.template'
fi
touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour
touch /etc/exim4/limit_per_email_account_max_recipients
touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour
touch /etc/exim4/limit_per_hosting_account_max_recipients
echo "= Restarting exim4 service"
systemctl restart exim4
if [ $? -ne 0 ]; then
systemctl status exim4
cp /etc/exim4/exim4.conf.template.backup-without-srs /etc/exim4/exim4.conf.template
systemctl restart exim4
echo "=== Patching failed, old exim conf returned, exim4 restarted again."
exit 1
fi
echo "=== SRS support was added successfully. ==="
exit 0

5
bin/v-add-user-package
View file

@ -28,7 +28,7 @@ is_package_new() {
}
is_package_consistent() {
parse_object_kv_list_non_eval $(cat $pkg_dir/$package.pkg)
source $pkg_dir/$package.pkg
if [ "$WEB_DOMAINS" != 'unlimited' ]; then
is_int_format_valid $WEB_DOMAINS 'WEB_DOMAINS'
fi
@ -63,9 +63,6 @@ is_package_consistent() {
is_int_format_valid $BACKUPS 'BACKUPS'
fi
is_format_valid_shell $SHELL
is_web_template_valid $WEB_TEMPLATE
is_dns_template_valid $DNS_TEMPLATE
is_proxy_template_valid $PROXY_TEMPLATE
}

17
bin/v-add-wordpress-admin
View file

@ -12,11 +12,6 @@ if [ "$whoami" != "root" ]; then
exit 1
fi
if [ "$#" -lt 4 ]; then
echo "Usage: v-add-wordpress-admin [DOMAIN] [USERNAME] [PASSWORD] [EMAIL]"
exit 1
fi
# Importing system environment
source /etc/profile
@ -63,11 +58,21 @@ if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then
exit 1;
fi
if ! command -v wp &> /dev/null; then
echo "WP CLI is not installed. Installing..."
wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp
chmod +x /usr/local/bin/wp
echo "WP CLI installed successfully."
fi
phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain")
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
/usr/local/vesta/bin/v-run-wp-cli $domain user create $username $email --role=administrator --user_pass="$password" --skip-plugins --skip-themes;
cd /home/$USER/web/$domain/public_html
sudo -u $USER /usr/bin/php$phpver /usr/local/bin/wp user create $username $email --role=administrator --user_pass="$password" --skip-plugins=$(sudo -H -u$USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes;
#----------------------------------------------------------#
# Vesta #

3
bin/v-backup-user
View file

@ -22,9 +22,6 @@ source $VESTA/func/domain.sh
source $VESTA/func/db.sh
source $VESTA/conf/vesta.conf
if [ ! -z "$NOW" ]; then
BACKUP_LA_LIMIT=50
fi
#----------------------------------------------------------#
# Verifications #

1
bin/v-backup-user-now
View file

@ -1,6 +1,5 @@
#!/bin/bash
export ALLOW_BACKUP_ANYTIME='yes'
export NOW='yes'
nice -n 19 ionice -c 3 /usr/local/vesta/bin/v-backup-user $1

102
bin/v-blacklist-email-account
View file

@ -1,102 +0,0 @@
#!/bin/bash
# info: Add a specific email address to exim4 and spamassassin blacklist
# usage: v-blacklist-email-account EMAIL
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
whoami=$(whoami)
if [ "$whoami" != "root" ]; then
echo "You must be root to execute this script"
exit 1
fi
# Importing system environment
source /etc/profile
# Determine Debian version and set SpamAssassin service name
release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
if [ "$release" -lt 12 ]; then
SPAMD_SERVICE="spamassassin.service"
else
SPAMD_SERVICE="spamd.service"
fi
DENY_SENDERS_FILE="/etc/exim4/deny_senders"
SPAMASSASSIN_FILE="/etc/spamassassin/local.cf"
# Flags to track changes
SPAMASSASSIN_CHANGED=false
# Function to check if an entry already exists in a file
check_entry_exists() {
local entry=$1
local file=$2
grep -qF "$entry" "$file"
}
# Function to add an entry to a file
add_entry_to_file() {
local entry=$1
local file=$2
echo "$entry" >> "$file"
}
# Display usage if no arguments are provided
if [ $# -lt 1 ]; then
echo "Usage: v-blacklist-email EMAIL"
exit 1
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
EMAIL=$1
# Validate email format
if [[ ! "$EMAIL" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then
echo "Invalid email address format."
exit 1
fi
# Prepare entries for Exim4 and SpamAssassin
EXIM_ENTRY="$EMAIL"
SPAMASSASSIN_ENTRY="blacklist_from $EMAIL"
#----------------------------------------------------------#
# Exim4 Blacklist #
#----------------------------------------------------------#
echo "Updating $DENY_SENDERS_FILE..."
if ! check_entry_exists "$EXIM_ENTRY" "$DENY_SENDERS_FILE"; then
add_entry_to_file "$EXIM_ENTRY" "$DENY_SENDERS_FILE"
echo "Added $EXIM_ENTRY to $DENY_SENDERS_FILE."
else
echo "$EXIM_ENTRY already exists in $DENY_SENDERS_FILE."
fi
#----------------------------------------------------------#
# SpamAssassin Blacklist #
#----------------------------------------------------------#
echo "Updating $SPAMASSASSIN_FILE..."
if ! check_entry_exists "$SPAMASSASSIN_ENTRY" "$SPAMASSASSIN_FILE"; then
add_entry_to_file "$SPAMASSASSIN_ENTRY" "$SPAMASSASSIN_FILE"
echo "Added $SPAMASSASSIN_ENTRY to $SPAMASSASSIN_FILE."
SPAMASSASSIN_CHANGED=true
else
echo "$SPAMASSASSIN_ENTRY already exists in $SPAMASSASSIN_FILE."
fi
if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then
systemctl restart "$SPAMD_SERVICE"
echo "SpamAssassin service ($SPAMD_SERVICE) restarted."
fi
#----------------------------------------------------------#
# Done #
#----------------------------------------------------------#
exit 0

133
bin/v-blacklist-email-domain
View file

@ -1,133 +0,0 @@
#!/bin/bash
# info: Add a domain to exim4 and spamassassin blacklist
# usage: v-blacklist-email-domain DOMAIN SUBDOMAIN(YES/NO)
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
whoami=$(whoami)
if [ "$whoami" != "root" ]; then
echo "You must be root to execute this script"
exit 1
fi
# Importing system environment
source /etc/profile
# Determine Debian version and set SpamAssassin service name
release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
if [ "$release" -lt 12 ]; then
SPAMD_SERVICE="spamassassin.service"
else
SPAMD_SERVICE="spamd.service"
fi
DENY_SENDERS_FILE="/etc/exim4/deny_senders"
SPAMASSASSIN_FILE="/etc/spamassassin/local.cf"
# Flags to track changes
SPAMASSASSIN_CHANGED=false
# Function to check if a domain already exists in a file
check_domain_exists() {
local domain=$1
local file=$2
grep -qE "^${domain}$" "$file"
}
# Function to check if a SpamAssassin entry already exists
check_spamassassin_exists() {
local entry=$1
local file=$2
grep -qF "$entry" "$file"
}
# Function to add domain to file
add_domain_to_file() {
local domain=$1
local file=$2
echo "$domain" >> "$file"
}
# Display usage if no arguments are provided
if [ $# -lt 2 ]; then
echo "Usage: v-blacklist-domain DOMAIN SUBDOMAIN(YES/NO)"
exit 1
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
DOMAIN=$1
SUBDOMAIN=${2^^} # Convert to uppercase for consistency (YES/NO)
# Validate SUBDOMAIN parameter
if [[ "$SUBDOMAIN" != "YES" && "$SUBDOMAIN" != "NO" ]]; then
echo "Invalid parameter for SUBDOMAIN. Use YES or NO."
exit 1
fi
# Prepare entries for Exim4
EXIM_ENTRY_MAIN="$DOMAIN"
EXIM_ENTRY_SUB="*.$DOMAIN"
# Prepare entries for SpamAssassin
SPAMASSASSIN_ENTRY_MAIN="blacklist_from *@${DOMAIN}"
SPAMASSASSIN_ENTRY_SUB="blacklist_from *.$DOMAIN"
#----------------------------------------------------------#
# Exim4 Blacklist #
#----------------------------------------------------------#
echo "Updating $DENY_SENDERS_FILE..."
if ! check_domain_exists "$EXIM_ENTRY_MAIN" "$DENY_SENDERS_FILE"; then
add_domain_to_file "$EXIM_ENTRY_MAIN" "$DENY_SENDERS_FILE"
echo "Added $EXIM_ENTRY_MAIN to $DENY_SENDERS_FILE."
else
echo "$EXIM_ENTRY_MAIN already exists in $DENY_SENDERS_FILE."
fi
if [ "$SUBDOMAIN" == "YES" ]; then
if ! check_domain_exists "$EXIM_ENTRY_SUB" "$DENY_SENDERS_FILE"; then
add_domain_to_file "$EXIM_ENTRY_SUB" "$DENY_SENDERS_FILE"
echo "Added $EXIM_ENTRY_SUB to $DENY_SENDERS_FILE."
else
echo "$EXIM_ENTRY_SUB already exists in $DENY_SENDERS_FILE."
fi
fi
#----------------------------------------------------------#
# SpamAssassin Blacklist #
#----------------------------------------------------------#
echo "Updating $SPAMASSASSIN_FILE..."
if ! check_spamassassin_exists "$SPAMASSASSIN_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then
add_domain_to_file "$SPAMASSASSIN_ENTRY_MAIN" "$SPAMASSASSIN_FILE"
echo "Added $SPAMASSASSIN_ENTRY_MAIN to $SPAMASSASSIN_FILE."
SPAMASSASSIN_CHANGED=true
else
echo "$SPAMASSASSIN_ENTRY_MAIN already exists in $SPAMASSASSIN_FILE."
fi
if [ "$SUBDOMAIN" == "YES" ]; then
if ! check_spamassassin_exists "$SPAMASSASSIN_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then
add_domain_to_file "$SPAMASSASSIN_ENTRY_SUB" "$SPAMASSASSIN_FILE"
echo "Added $SPAMASSASSIN_ENTRY_SUB to $SPAMASSASSIN_FILE."
SPAMASSASSIN_CHANGED=true
else
echo "$SPAMASSASSIN_ENTRY_SUB already exists in $SPAMASSASSIN_FILE."
fi
fi
if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then
systemctl restart "$SPAMD_SERVICE"
echo "SpamAssassin service ($SPAMD_SERVICE) restarted."
fi
#----------------------------------------------------------#
# Done #
#----------------------------------------------------------#
exit 0

65
bin/v-change-database-password-for-all-wordpress
View file

@ -1,65 +0,0 @@
#!/bin/bash
# info: change db password to all wordpress databases
# options:
#
# The command is used for changing db password to all wordpress databases on the server.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Importing system variables
source /etc/profile
# Includes
source $VESTA/func/main.sh
only_user='';
if [ ! -z "$1" ]; then
only_user=$1
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
touch /root/remember-db-user-pass.txt
for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then
continue;
fi
if [ ! -z "$only_user" ]; then
if [ "$only_user" != "$user" ]; then
continue;
fi
fi
for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then
/usr/local/vesta/bin/v-change-database-password-for-wordpress $domain $user
echo "--------------------------------"
fi
done
if [ ! -z "$only_user" ]; then
break;
fi
done
# cat /root/remember-db-user-pass.txt
if [ -f "/root/remember-db-user-pass.txt" ]; then
rm /root/remember-db-user-pass.txt
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit

132
bin/v-change-database-password-for-wordpress
View file

@ -1,132 +0,0 @@
#!/bin/bash
# info: change database password for wordpress
# options:
#
# The command is used for changing database password for wordpress.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
whoami=$(whoami)
if [ "$whoami" != "root" ]; then
echo "You must be root to execute this script"
exit 1
fi
# Importing system environment
source /etc/profile
# Argument definition
domain=$1
# Check if number of arguments is 2
if [ $# -eq 2 ]; then
user=$2
else
user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
fi
USER=$user
if [ -z "$user" ]; then
echo "ERROR: Domain $domain not found"
exit 1;
fi
if [ ! -d "/home/$user" ]; then
echo "ERROR: User $user doesn't exist";
exit 1;
fi
# Includes
source /usr/local/vesta/func/main.sh
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
check_args '1' "$#" 'DOMAIN'
is_format_valid 'domain'
is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user"
if [ ! -d "/home/$user/web/$domain/public_html" ]; then
echo "ERROR: Domain doesn't exist";
exit 1;
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then
echo "=== Domain: $domain"
wp_config_path="/home/$user/web/$domain/public_html/wp-config.php"
if grep -q $'\r' $wp_config_path; then
echo "=== removing CRLF from wp-config.php"
tr -d '\r' < $wp_config_path > /tmp/wp-config.php && mv /tmp/wp-config.php $wp_config_path
chown $user:$user $wp_config_path
fi
db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*'\K[^']+")
db_user=$(grep "DB_USER" $wp_config_path | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*'\K[^']+")
if [ -z "$db_name" ]; then
db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*\"\K[^\"]+")
fi
if [ -z "$db_user" ]; then
db_user=$(grep "DB_USER" $wp_config_path | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*\"\K[^\"]+")
fi
new_password=''
found_existing_password=0
if [ -f "/root/remember-db-user-pass.txt" ]; then
db_user_pass=$(grep "$db_user:" /root/remember-db-user-pass.txt)
if [ -n "$db_user_pass" ]; then
new_password=$(echo "$db_user_pass" | cut -d':' -f2)
echo "= Using existing password for $db_user"
found_existing_password=1
fi
fi
if [ -z "$new_password" ]; then
new_password=$(generate_password)
fi
echo "DB name: $db_name"
echo "DB user: $db_user"
echo "New DB password: $new_password"
if [ $found_existing_password -eq 0 ]; then
touch /root/remember-db-user-pass.txt
echo "$db_user:$new_password" >> /root/remember-db-user-pass.txt
chown root:root /root/remember-db-user-pass.txt
chmod 600 /root/remember-db-user-pass.txt
fi
/usr/local/vesta/bin/v-change-database-password "$user" "$db_name" "$new_password"
if [ $? -ne 0 ]; then
echo "*************** ERROR: Failed to change database password ***************"
exit 1;
fi
line="define('DB_PASSWORD', '$new_password');"
chattr -i $wp_config_path
sed -i "s/.*define(.*DB_PASSWORD'.*/$line/" $wp_config_path
new_password_line=$(grep "DB_PASSWORD" $wp_config_path)
echo "New DB password line: $new_password_line"
if [ "$new_password_line" != "$line" ]; then
echo "*************** ERROR: line in wp-config.php is not what we expected ***************"
echo "Expected: $line"
echo "Actual : $new_password_line"
echo "*************** ERROR: Please check wp-config.php manually ***************"
exit 1;
fi
else
echo "ERROR: WP-config.php not found"
exit 1;
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit 0;

71
bin/v-change-dir-www
View file

@ -1,71 +0,0 @@
#!/bin/bash
# info: Change directory to the public_html folder of a domain
# usage: source v-cd-www DOMAIN
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
echo "This script must be sourced to change the current directory."
echo "Usage: source v-cd-www DOMAIN"
exit 1
fi
whoami=$(whoami)
if [ "$whoami" != "root" ]; then
echo "You must be root to execute this script"
return 1
fi
# Importing system environment
source /etc/profile
PATH=$PATH:/usr/local/vesta/bin && export PATH
SILENT_MODE=1
# Argument definition
domain=$1
user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
if [ -z "$user" ]; then
echo "Domain $domain doesn't exist"
return 1
fi
USER=$user
# Includes
source /usr/local/vesta/func/main.sh
source /usr/local/vesta/func/domain.sh
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '1' "$#" 'DOMAIN'
is_format_valid 'domain'
is_object_valid 'user' 'USER' "$user"
if [ ! -d "/home/$user" ]; then
echo "User $user doesn't exist"
return 1
fi
if [ ! -d "/home/$user/web/$domain/public_html" ]; then
echo "Domain $domain doesn't have a public_html directory"
return 1
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
cd "/home/$user/web/$domain/public_html"
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
return 0

8
bin/v-change-domain-owner
View file

@ -82,10 +82,6 @@ if [ ! -z "$web_data" ]; then
# Move data
mv $HOMEDIR/$owner/web/$domain $HOMEDIR/$user/web/
if [ -d "/hdd/home/$owner/web/$domain" ]; then
$BIN/v-move-folder-and-make-symlink /hdd/home/$owner/web/$domain /hdd/home/$user/web/$domain
fi
# Change ownership
find $HOMEDIR/$user/web/$domain -user $owner \
-exec chown -h $user:$user {} \;
@ -156,10 +152,6 @@ if [ ! -z "$mail_data" ]; then
# Move data
mv $HOMEDIR/$owner/mail/$domain $HOMEDIR/$user/mail/
if [ -d "/hdd/home/$owner/mail/$domain" ]; then
$BIN/v-move-folder-and-make-symlink /hdd/home/$owner/mail/$domain /hdd/home/$user/mail/$domain
fi
# Change ownership
find $HOMEDIR/$user/mail/$domain -user $owner \
-exec chown -h $user {} \;

10
bin/v-change-firewall-rule
View file

@ -62,8 +62,6 @@ str="RULE='$rule' ACTION='$action' PROTOCOL='$protocol' PORT='$port_ext'"
str="$str IP='$ip' COMMENT='$comment' SUSPENDED='no'"
str="$str TIME='$time' DATE='$date'"
oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf)
# Deleting old rule
sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf
@ -76,14 +74,6 @@ sort_fw_rules
# Updating system firewall
$BIN/v-update-firewall
if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
if [ "$port_ext" == "80,443" ] && [ "$action" == "DROP" ]; then
NEWIP=$ip
parse_object_kv_list_non_eval "$oldvalues"
sed -i "s|$IP|$NEWIP|g" /etc/nginx/conf.d/block-firewall.conf
systemctl restart nginx
fi
fi
#----------------------------------------------------------#
# Vesta #

13
bin/v-change-user-package
View file

@ -16,7 +16,6 @@ force=$3
# Includes
source $VESTA/func/main.sh
source $VESTA/func/domain.sh
source $VESTA/conf/vesta.conf
is_package_avalable() {
@ -24,7 +23,7 @@ is_package_avalable() {
usr_data=$(cat $USER_DATA/user.conf)
IFS=$'\n'
for key in $usr_data; do
parse_object_kv_list_non_eval $key
eval ${key%%=*}=${key#*=}
done
WEB_DOMAINS='0'
@ -36,7 +35,7 @@ is_package_avalable() {
pkg_data=$(cat $VESTA/data/packages/$package.pkg |grep -v TIME |\
grep -v DATE)
parse_object_kv_list_non_eval $pkg_data
eval $pkg_data
# Checking usage agains package limits
if [ "$WEB_DOMAINS" != 'unlimited' ]; then
@ -74,15 +73,11 @@ is_package_avalable() {
check_result $E_LIMIT "Package doesn't cover BANDWIDTH usage"
fi
fi
is_web_template_valid $WEB_TEMPLATE
is_dns_template_valid $DNS_TEMPLATE
is_proxy_template_valid $PROXY_TEMPLATE
}
change_user_package() {
parse_object_kv_list_non_eval $(cat $USER_DATA/user.conf)
parse_object_kv_list_non_eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE")
eval $(cat $USER_DATA/user.conf)
eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE")
echo "FNAME='$FNAME'
LNAME='$LNAME'
PACKAGE='$package'

201
bin/v-change-wordpress-admin-passwords
View file

@ -1,201 +0,0 @@
#!/bin/bash
# info: interactively delete or change WordPress admin passwords for a given domain
# options: DOMAIN
#
# d → delete user (with content reassignment)
# c → change password (random 10-char alnum)
# s → skip
# x → exit
#----------------------------------------------------------#
# Variable & Function #
#----------------------------------------------------------#
[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; }
source /etc/profile
DOMAIN="$1"
[ -z "$DOMAIN" ] && { echo "Usage: v-change-wp-admins-pass DOMAIN"; exit 1; }
USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")"
[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; }
WP_PATH="/home/$USER/web/$DOMAIN/public_html"
[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; }
# WP-CLI wrapper
if [ ! -z "$PHP" ]; then
WP_RUN="PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes"
else
WP_RUN="/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes"
fi
# random 10-char password
gen_pass() { tr -dc 'A-Za-z0-9' </dev/urandom | head -c 10; }
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
cd "$WP_PATH" || exit 1
echo
echo "WordPress administrators for $DOMAIN:"
echo "-------------------------------------"
if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then
rm /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
fi
RUN="$WP_RUN user list --role=administrator --fields=ID,user_login,user_email --format=csv --skip-plugins --skip-themes"
ADMIN_LIST_CSV=$(eval "$RUN")
return_code=$?
if [ $return_code -ne 0 ]; then
echo "WP-CLI error:"
echo "return code: $return_code"
cat /home/$USER/web/$DOMAIN/wp-cli-error.log
exit $return_code
fi
ADMIN_LIST_CSV=$(echo "$ADMIN_LIST_CSV" | tail -n +2)
[ -z "$ADMIN_LIST_CSV" ] && { echo "No administrator accounts found."; exit 0; }
DEFAULT_USER=""
printf "%-6s %-20s %s\n" "ID" "Username" "Email"
while IFS=',' read -r PID PLOGIN PEMAIL; do
printf "%-6s %-20s %s\n" "$PID" "$PLOGIN" "$PEMAIL"
if [ "$PID" = "1" ]; then
DEFAULT_USER="$PLOGIN"
fi
done <<< "$ADMIN_LIST_CSV"
echo
echo "For each admin choose: (d) delete, (c) change password, (s) skip, (x) exit."
# interactive loop
while IFS=',' read -r ID LOGIN EMAIL; do
[ -n "$EMAIL" ] && TARGET="$LOGIN <$EMAIL>" || TARGET="$LOGIN"
while true; do
echo "-------------------------------------"
read -r -p "Action for \"$TARGET\" [d/c/s/x]? " ACT < /dev/tty
skip=0;
case "$ACT" in
[Dd]* )
# read -r -p "Really DELETE \"$TARGET\" ? (y/n, default: y) " CONF < /dev/tty
CONF="y"
if [[ ! "$CONF" =~ ^[Nn]$ ]]; then
# build an array of OTHER admin usernames
mapfile -t OTHER_USERS < <(echo "$ADMIN_LIST_CSV" | awk -F',' -v cur="$ID" '$1!=cur {print $2}')
if [ "${#OTHER_USERS[@]}" -eq 0 ]; then
echo "Cannot delete the only administrator account."
break
fi
if [ "$DEFAULT_USER" = "" ]; then
DEFAULT_USER="${OTHER_USERS[0]}"
fi
echo "Available admin usernames for reassignment: ${OTHER_USERS[*]}"
while true; do
read -r -p "Reassign content to which username? [default: $DEFAULT_USER, s: skip] " REASSIGN < /dev/tty
REASSIGN=${REASSIGN:-$DEFAULT_USER}
DEFAULT_USER=$REASSIGN
if printf '%s\n' "${OTHER_USERS[@]}" | grep -qx "$REASSIGN"; then
break
fi
if [[ "$REASSIGN" =~ ^[Ss]$ ]]; then
echo "Skipping reassignment."
skip=1;
break
fi
if [[ "$REASSIGN" =~ ^[0-9]+$ ]]; then
break
fi
echo "Invalid username. Please choose one of: ${OTHER_USERS[*]}"
done
if [ $skip -eq 1 ]; then
break
fi
# delete by username, reassign by username
RUN="$WP_RUN user delete $ID --reassign=$REASSIGN --yes --skip-plugins --skip-themes"
eval "$RUN"
if [ $? -eq 0 ]; then
echo "$TARGET deleted (content reassigned to $REASSIGN)."
else
cat /home/$USER/web/$DOMAIN/wp-cli-error.log
echo "Failed to delete $TARGET."
fi
else
echo "Deletion cancelled."
fi
break
;;
[Cc]* )
NEW_PASS=$(gen_pass)
RUN="$WP_RUN user update $ID --user_pass=$NEW_PASS --skip-plugins --skip-themes"
eval "$RUN"
if [ $? -eq 0 ]; then
echo "Password for username '$TARGET' changed to: $NEW_PASS"
echo "Password for username '$TARGET' changed to: $NEW_PASS" >> /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
chown $USER:$USER /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
chmod 600 /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
else
cat /home/$USER/web/$DOMAIN/wp-cli-error.log
echo "Failed to change password for $TARGET."
fi
break
;;
[Ss]* )
echo "Skipping $TARGET."
break
;;
[Xx]* )
echo "Exiting."
exit 0
;;
* ) echo "Please answer d, c, s, or x." ;;
esac
done
done <<< "$ADMIN_LIST_CSV"
if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then
echo ""
echo ""
echo "-------------------------------------"
echo "For website $DOMAIN - new wp-admin passwords have been set."
echo "-------------------------------------"
cat /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
echo "-------------------------------------"
echo ""
echo ""
read -r -p "Do you want to save the new passwords to a file /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ? (y/n, default: n) " SAVE_PASSWORDS < /dev/tty
if [ -z "$SAVE_PASSWORDS" ]; then
SAVE_PASSWORDS="n"
fi
if [[ $SAVE_PASSWORDS =~ ^[Nn]$ ]]; then
rm /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
fi
fi
#----------------------------------------------------------#
# flush cache and refresh all security salts #
#----------------------------------------------------------#
echo "-------------------------------------"
echo
echo "Flushing cache and refreshing salts..."
RUN="$WP_RUN cache flush"
eval "$RUN"
RUN="$WP_RUN config shuffle-salts WP_CACHE_KEY_SALT --force"
eval "$RUN"
RUN="$WP_RUN config shuffle-salts"
eval "$RUN"
echo "Cache flushed and salts refreshed."
echo
echo "Done."
exit 0

21
bin/v-clean-garbage
View file

@ -14,10 +14,6 @@ if [ "$whoami" != "root" ]; then
exit 1
fi
echo "===== Before cleaning ====="
df -h
echo "==========================="
# Includes
source /usr/local/vesta/func/main.sh
@ -69,8 +65,6 @@ clean_home() {
find $1/*/web/*/public_html/wp-content/wpvividbackups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
find $1/*/web/*/public_html/wp-content/updraft/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
find $1/*/web/*/public_html/wp-content/plugins/ezpz-one-click-backup/backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
find $1/*/web/*/public_html/wp-content/backups-dup-lite/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
find $1/*/web/*/public_html/wp-content/cache/ -type f -not -name ".htaccess" -delete > /dev/null 2>&1
find $1/*/web/*/public_html/ -type f -name "*.wpress" -delete > /dev/null 2>&1
nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +1 -delete > /dev/null 2>&1
nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log" -exec truncate -s 0 {} \;
@ -90,13 +84,6 @@ if [ $fail2ban_running -eq 1 ]; then
fi
if [ -f "/var/lib/fail2ban/fail2ban.sqlite3" ]; then
rm /var/lib/fail2ban/fail2ban.sqlite3
if [ -f "/etc/nginx/conf.d/block.conf" ]; then
truncate -s 0 /etc/nginx/conf.d/block.conf
nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running')
if [ $nginx_running -eq 1 ]; then
systemctl restart nginx
fi
fi
fi
if [ $fail2ban_running -eq 1 ]; then
systemctl start fail2ban
@ -120,13 +107,7 @@ fi
# Vesta #
#----------------------------------------------------------#
echo ""
echo "***** Garbage cleaned *****"
echo ""
echo "===== After cleaning ======"
df -h
echo "==========================="
echo "=== Garbage cleaned ==="
log_event "$OK" "$ARGUMENTS"

59
bin/v-clear-fail2ban
View file

@ -1,59 +0,0 @@
#!/bin/bash
# info: Clean fail2ban database
# options: NONE
#
# The function is cleaning fail2ban database
#----------------------------------------------------------#
# Verifications & Variable & Function #
#----------------------------------------------------------#
whoami=$(whoami)
if [ "$whoami" != "root" ]; then
echo "You must be root to execute this script"
exit 1
fi
# check if fail2ban is installed
fail2ban_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'fail2ban')
if [ $fail2ban_installed -eq 0 ]; then
echo "Fail2ban is not installed"
exit 1
fi
# Includes
source /usr/local/vesta/func/main.sh
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Cleaning fail2ban database
fail2ban_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'fail2ban' | grep -c 'running')
if [ $fail2ban_running -eq 1 ]; then
echo "== Stopping fail2ban"
systemctl stop fail2ban
fi
if [ -f "/var/lib/fail2ban/fail2ban.sqlite3" ]; then
echo "== Cleaning fail2ban database"
rm /var/lib/fail2ban/fail2ban.sqlite3
if [ -f "/etc/nginx/conf.d/block.conf" ]; then
echo "== Cleaning nginx block.conf"
truncate -s 0 /etc/nginx/conf.d/block.conf
nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running')
if [ $nginx_running -eq 1 ]; then
echo "== Restarting nginx"
systemctl restart nginx
fi
fi
fi
if [ $fail2ban_running -eq 1 ]; then
echo "== Starting fail2ban"
systemctl start fail2ban
fi
echo "== Done, fail2ban database cleaned"
log_event "$OK" "$ARGUMENTS"
exit

38
bin/v-clone-website
View file

@ -20,7 +20,6 @@ if [ $# -lt 2 ]; then
echo "--TO_DATABASE_USERNAME=..."
echo "--TO_DATABASE_PASSWORD=..."
echo "--SITE_SUBFOLDER=..."
echo "--EXCLUDE_UPLOADS=1 (or do not set it)"
exit 1
fi
@ -264,6 +263,12 @@ if [ $IT_IS_WP -eq 0 ]; then
cd /root
git clone https://github.com/interconnectit/Search-Replace-DB.git
fi
else
if [ ! -f "/usr/local/bin/wp" ]; then
echo "=== Downloading latest wp-cli"
wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp
chmod +x /usr/local/bin/wp
fi
fi
CREATE_TO_DATABASE=0
@ -308,7 +313,6 @@ echo "FROM_DOMAIN_PROXY_TPL = $FROM_DOMAIN_PROXY_TPL"
echo "FROM_DOMAIN_PROXY_EXT = $FROM_DOMAIN_PROXY_EXT"
echo "SEARCH_FOR_CONFIGS_DATABASE_NAME = $SEARCH_FOR_CONFIGS_DATABASE_NAME"
echo "SEARCH_FOR_CONFIGS_DATABASE_USERNAME = $SEARCH_FOR_CONFIGS_DATABASE_USERNAME"
echo "EXCLUDE_UPLOADS = $EXCLUDE_UPLOADS"
echo "==============================================================================="
read -p "=== Press Enter to continue ==="
@ -366,25 +370,17 @@ if [ -d "/root/temp" ]; then
fi
mkdir -p /root/temp
cd /root/temp
mysqldump --max_allowed_packet=1024M $FROM_DATABASE_NAME > $FROM_DATABASE_NAME.sql
mysqldump $FROM_DATABASE_NAME > $FROM_DATABASE_NAME.sql
echo "=== Importing to database $TO_DATABASE_NAME"
mysql $TO_DATABASE_NAME < $FROM_DATABASE_NAME.sql
rm $FROM_DATABASE_NAME.sql
EXCLUDE=''
if [ ! -z "$EXCLUDE_UPLOADS" ]; then
EXCLUDE="--exclude '/wp-content/uploads/*'"
fi
echo "=== Copying files from $FROM_FOLDER to folder $TO_FOLDER"
if [ "$SITE_SUBFOLDER" != ".." ]; then
run="rsync -a --delete $EXCLUDE $FROM_FOLDER/ $TO_FOLDER/"
echo "====== Executing: $run"
eval $run
echo "====== Executing: rsync -a --delete $FROM_FOLDER/ $TO_FOLDER/"
rsync -a --delete $FROM_FOLDER/ $TO_FOLDER/
else
run="rsync -a --delete $EXCLUDE --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/"
echo "====== Executing: $run"
eval $run
echo "====== Executing: rsync -a --delete --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/"
rsync -a --delete --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/
fi
echo "=== Chowning to $TO_USER:$TO_USER in folder $TO_FOLDER"
chown -R $TO_USER:$TO_USER $TO_FOLDER
@ -423,15 +419,17 @@ if [ $IT_IS_WP -eq 0 ]; then
php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$TO_DATABASE_NAME" -u "$TO_DATABASE_USERNAME" -p "$TO_DATABASE_PASSWORD" -s "/home/$FROM_USER/" -r "/home/$TO_USER/"
fi
else
phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$TO_DOMAIN")
cd $TO_FOLDER
echo "=== Replacing $FROM_DOMAIN to $TO_DOMAIN in database $TO_DATABASE_NAME"
/usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes;
sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes;
if [ "$FROM_USER" != "$TO_USER" ]; then
echo "=== Replacing /home/$FROM_USER/ to /home/$TO_USER/ in database $TO_DATABASE_NAME"
/usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes;
sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes;
fi
/usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN cache flush --skip-plugins --skip-themes;
/usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN config shuffle-salts WP_CACHE_KEY_SALT --force --skip-plugins --skip-themes;
/usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN config shuffle-salts --skip-plugins --skip-themes;
sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp cache flush --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes;
sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts WP_CACHE_KEY_SALT --force --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes;
sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes;
fi
# ----------- Update Wordfence WAF Path -------------

53
bin/v-commander
View file

@ -76,8 +76,6 @@ myhelp() {
echo "q = quit"
echo "r = reboot"
echo "s = download sury.org apt-get key"
echo "n = download nginx gpg key"
echo "freexian = add Freexian repository"
echo "t = clean the trash"
echo "u = apt-get update"
echo "v = update myVesta"
@ -103,7 +101,7 @@ myhelp() {
echo "m def = install php-memcached if needed"
echo "check fc = check if FreshClam is up"
echo "-----------------------------"
echo "enable-ssh-root-password-login = Allow root password authentication via SSH"
echo "enable-ssh-root-password-login = Allow root password authentication via SSH and set the root password to match the password for the admin account"
echo "id_rsa = generate id_rsa and id_rsa.pub if it does not exist and show id_rsa.pub"
echo "-----------------------------"
}
@ -203,10 +201,11 @@ do
apt_upgraded=1
kernelupdate=$(grep -c 'linux-image-' /var/log/apt/history.log)
dbusupdate=$(grep -c ' dbus:a' /var/log/apt/history.log)
if [ $kernelupdate -gt 0 ] || [ $dbusupdate -gt 0 ] || [ -f "/run/reboot-required" ] || [ -f "/var/run/reboot-required" ]; then
if [ $kernelupdate -gt 0 ]; then
touch /root/kernelupdate
echo "== kernel is updated, reboot is required!"
echo "== kernel is updated"
else
echo "== kernel is not updated"
fi
fi
@ -222,33 +221,6 @@ do
fi
fi
if [ "$answer" = 'n' ] || [ "$answer" = 'N' ]; then
if [ -f "/etc/apt/sources.list.d/nginx.list" ]; then
echo "============================="
echo "== renewing nginx gpg key"
apt-get update
apt-get -y install curl gnupg2 ca-certificates lsb-release debian-archive-keyring
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/debian `lsb_release -cs` nginx" | tee /etc/apt/sources.list.d/nginx.list
fi
fi
if [ "$answer" = 'freexian' ] || [ "$answer" = 'FREEXIAN' ]; then
if [ "$release" -lt 11 ]; then
echo "============================="
echo "== adding Freexian repository"
apt-get update
apt-get install lsb-release
wget https://deb.freexian.com/extended-lts/pool/main/f/freexian-archive-keyring/freexian-archive-keyring_2022.06.08_all.deb && sudo dpkg -i freexian-archive-keyring_2022.06.08_all.deb
cat /etc/apt/sources.list
mv /etc/apt/sources.list /etc/apt/sources.list.old
echo "deb http://deb.freexian.com/extended-lts `lsb_release -cs` main contrib non-free" > /etc/apt/sources.list
rm /etc/apt/sources.list.d/hetzner*
else
echo "== Freexian is not supported on Debian 11 or higher"
fi
fi
if [ "$answer" = 'e def' ] || [ "$answer" = 'E DEF' ]; then
release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
echo "============================="
@ -307,9 +279,6 @@ do
systemctl stop clamav-daemon.service
systemctl disable clamav-daemon.service
systemctl stop clamav-daemon.socket
systemctl disable clamav-daemon.socket
systemctl stop clamav-freshclam.service
systemctl disable clamav-freshclam.service
@ -566,13 +535,21 @@ do
echo "--- New settings ---"
grep '^PermitRoot' /etc/ssh/sshd_config
echo "--------------------"
adminline=$(grep '^admin:' /etc/shadow)
adminline=${adminline:6}
adminline="root:$adminline"
sed -i "s#^root:.*#$adminline#" /etc/shadow
echo "root password is now the same as admin password."
echo "--------------------"
grep '^root:' /etc/shadow
grep '^admin:' /etc/shadow
echo "--------------------"
echo "Port 22 opened in Firewall for all IP addresses."
/usr/local/vesta/bin/v-unsuspend-firewall-rule "11"
echo "--------------------"
echo "Type 'passwd' in the terminal to set the root password."
echo "--------------------"
fi
if [ "$answer" = 'r' ] || [ "$answer" = 'R' ]; then
echo "============================="
echo "== Rebooting the server"

69
bin/v-delete-database-of-domain
View file

@ -1,69 +0,0 @@
#!/bin/bash
# info: delete database if domain has database
# options: DOMAIN
#
# The function for deleting database if domain has database
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
whoami=$(whoami)
if [ "$whoami" != "root" ]; then
echo "You must be root to execute this script"
exit 1
fi
# Importing system environment
source /etc/profile
# Argument definition
domain=$1
user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
USER=$user
# Includes
source /usr/local/vesta/func/main.sh
if [ -z "$user" ]; then
check_result $E_NOTEXIST "domain $domain doesn't exist"
fi
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '1' "$#" 'DOMAIN'
is_format_valid 'domain'
is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user"
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
RET=$OK
# echo "================================="
r=$(/usr/local/vesta/bin/v-get-database-credentials-of-domain $domain)
# echo $r
eval $r
# echo "================================="
if [ ! -z "$DATABASE_NAME" ]; then
echo "=== v-delete-database $USER $DATABASE_NAME"
/usr/local/vesta/bin/v-delete-database $USER $DATABASE_NAME
if [ $? -ne 0 ]; then
echo "=== v-delete-database failed"
RET=$E_NOTEXIST
fi
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
log_event "$RET" "$ARGUMENTS"
exit

7
bin/v-delete-domain
View file

@ -37,10 +37,9 @@ is_object_unsuspended 'user' 'USER' "$user"
if [ ! -z "$WEB_SYSTEM" ]; then
str=$(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
if [ ! -z "$str" ]; then
$BIN/v-delete-database-of-domain $domain
domain_found='yes'
$BIN/v-delete-web-domain $user $domain 'no'
check_result $? "can't delete web" > /dev/null
check_result $? "can't suspend web" > /dev/null
fi
fi
@ -50,7 +49,7 @@ if [ ! -z "$DNS_SYSTEM" ]; then
if [ ! -z "$str" ]; then
domain_found='yes'
$BIN/v-delete-dns-domain $user $domain 'no'
check_result $? "can't delete dns" > /dev/null
check_result $? "can't suspend dns" > /dev/null
fi
fi
@ -60,7 +59,7 @@ if [ ! -z "$MAIL_SYSTEM" ]; then
if [ ! -z "$str" ]; then
domain_found='yes'
$BIN/v-delete-mail-domain $user $domain
check_result $? "can't delete mail" > /dev/null
check_result $? "can't suspend mail" > /dev/null
fi
fi

5
bin/v-delete-firewall-ban
View file

@ -53,11 +53,6 @@ $iptables -D fail2ban-$chain $b 2>/dev/null
# Changing permissions
chmod 660 $conf
# nginx deny rules conf
if [ "$chain" = "WEB" ] && [ -f "/etc/nginx/conf.d/block.conf" ]; then
sed -i "/deny $ip;/d" /etc/nginx/conf.d/block.conf
systemctl reload nginx
fi
#----------------------------------------------------------#
# Vesta #

9
bin/v-delete-firewall-rule
View file

@ -34,21 +34,12 @@ is_object_valid '../../data/firewall/rules' 'RULE' "$rule"
# Action #
#----------------------------------------------------------#
oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf)
# Deleting rule
sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf
# Updating system firewall
$BIN/v-update-firewall
if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
parse_object_kv_list_non_eval "$oldvalues"
if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then
sed -i "\#$IP#d" /etc/nginx/conf.d/block-firewall.conf
systemctl restart nginx
fi
fi
#----------------------------------------------------------#
# Vesta #

165
bin/v-delete-inactive-wordpress-plugins-and-themes
View file

@ -1,165 +0,0 @@
#!/bin/bash
# info: delete inactive WordPress plugins and themes
# options: DOMAIN
#----------------------------------------------------------#
# Variable & Function #
#----------------------------------------------------------#
[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; }
source /etc/profile
DOMAIN="$1"
[ -z "$DOMAIN" ] && { echo "Usage: v-delete-inactive-wordpress-plugins-and-themes DOMAIN"; exit 1; }
USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")"
[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; }
WP_PATH="/home/$USER/web/$DOMAIN/public_html"
[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; }
# WP-CLI wrapper
if [ ! -z "$PHP" ]; then
WP_RUN="PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes"
else
WP_RUN="/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes"
fi
quarantined=0;
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
cd "$WP_PATH" || exit 1
echo "Inactive WordPress plugins for $DOMAIN:"
echo "-------------------------------------"
RUN="$WP_RUN plugin list --format=csv --skip-plugins --skip-themes"
PLUGINS_LIST_CSV=$(eval "$RUN")
return_code=$?
if [ $return_code -ne 0 ]; then
echo "WP-CLI error:"
echo "return code: $return_code"
cat /home/$USER/web/$DOMAIN/wp-cli-error.log
exit $return_code
fi
PLUGINS_LIST_CSV=$(echo "$PLUGINS_LIST_CSV" | tail -n +2)
DEACTIVATED_PLUGINS_LIST_CSV=""
if [ ! -z "$PLUGINS_LIST_CSV" ]; then
printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "name" "status" "update" "version" "update_version" "auto_update"
while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do
if [ "$STATUS" = "inactive" ]; then
printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "$NAME" "$STATUS" "$UPDATE" "$VERSION" "$UPDATE_VERSION" "$AUTO_UPDATE"
DEACTIVATED_PLUGINS_LIST_CSV="$DEACTIVATED_PLUGINS_LIST_CSV\n$NAME"
fi
done <<< "$PLUGINS_LIST_CSV"
else
echo "No plugins found."
fi
if [ ! -z "$DEACTIVATED_PLUGINS_LIST_CSV" ]; then
echo ""
read -r -p "Do you want to move inactive plugins to quarantine? (y/n, default: y): " RESPONSE < /dev/tty
if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then
while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do
if [ "$STATUS" = "inactive" ]; then
folder="/home/$USER/web/$DOMAIN/public_html/wp-content/plugins/$NAME"
file="/home/$USER/web/$DOMAIN/public_html/wp-content/plugins/$NAME.php"
if [ -d "$folder" ] || [ -f "$file" ]; then
destination_base_folder="/srv/wp-deactivated-plugins/$DOMAIN"
if [ -d "$folder" ]; then
source_path="$folder"
destination_path="$destination_base_folder/$NAME"
elif [ -f "$file" ]; then
source_path="$file"
destination_path="$destination_base_folder/$NAME.php"
fi
mkdir -p $destination_base_folder
chown $USER:$USER $destination_base_folder
mv $source_path $destination_path
if [ -d "$destination_path" ]; then
echo "= Folder $source_path moved to $destination_path"
quarantined=1;
fi
if [ -f "$destination_path" ]; then
echo "= File $source_path moved to $destination_path"
quarantined=1;
fi
else
echo "=== ERROR: Folder $folder or file $file not found - it does not exist?"
fi
fi
done <<< "$PLUGINS_LIST_CSV"
fi
fi
echo ""
echo "Inactive WordPress themes for $DOMAIN:"
echo "-------------------------------------"
RUN="$WP_RUN theme list --format=csv --skip-plugins --skip-themes"
THEMES_LIST_CSV=$(eval "$RUN")
return_code=$?
if [ $return_code -ne 0 ]; then
echo "WP-CLI error:"
echo "return code: $return_code"
cat /home/$USER/web/$DOMAIN/wp-cli-error.log
exit $return_code
fi
THEMES_LIST_CSV=$(echo "$THEMES_LIST_CSV" | tail -n +2)
DEACTIVATED_THEMES_LIST_CSV=""
if [ ! -z "$THEMES_LIST_CSV" ]; then
printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "name" "status" "update" "version" "update_version" "auto_update"
while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do
if [ "$STATUS" = "inactive" ]; then
printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "$NAME" "$STATUS" "$UPDATE" "$VERSION" "$UPDATE_VERSION" "$AUTO_UPDATE"
DEACTIVATED_THEMES_LIST_CSV="$DEACTIVATED_THEMES_LIST_CSV\n$NAME"
fi
done <<< "$THEMES_LIST_CSV"
else
echo "No themes found."
fi
if [ ! -z "$DEACTIVATED_THEMES_LIST_CSV" ]; then
echo ""
read -r -p "Do you want to move inactive themes to quarantine? (y/n, default: y): " RESPONSE < /dev/tty
if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then
while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do
if [ "$STATUS" = "inactive" ]; then
folder="/home/$USER/web/$DOMAIN/public_html/wp-content/themes/$NAME"
if [ -d "$folder" ]; then
destination_base_folder="/srv/wp-deactivated-themes/$DOMAIN"
source_path="$folder"
destination_path="$destination_base_folder/$NAME"
mkdir -p $destination_base_folder
chown $USER:$USER $destination_base_folder
mv $source_path $destination_path
if [ -d "$destination_path" ]; then
echo "= Folder $source_path moved to $destination_path"
quarantined=1;
fi
else
echo "=== ERROR: Folder $folder not found - it does not exist?"
fi
fi
done <<< "$THEMES_LIST_CSV"
fi
fi
echo ""
if [ $quarantined -eq 1 ]; then
echo "= All deactivated plugins and themes moved to quarantine."
echo "= You can find them in /srv/wp-deactivated-plugins/$DOMAIN and /srv/wp-deactivated-themes/$DOMAIN"
else
echo "= No deactivated plugins or themes found."
fi
exit 0;

3
bin/v-delete-mail-domain
View file

@ -51,9 +51,6 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then
rm -f /etc/$MAIL_SYSTEM/domains/$domain_idn
rm -rf $HOMEDIR/$user/conf/mail/$domain
rm -rf $HOMEDIR/$user/mail/$domain_idn
if [ -d "/hdd/home/$user/mail/$domain_idn" ]; then
rm -rf /hdd/home/$user/mail/$domain_idn
fi
fi
# Deleting dkim dns record

2
bin/v-delete-mail-domain-dkim
View file

@ -48,7 +48,7 @@ fi
# Deleting dns record
if [ ! -z "$DNS_SYSTEM" ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then
records=$($BIN/v-list-dns-records $user $domain plain)
dkim_records=$(echo "$records" |grep -w '_domainkey' | awk '{print $1}')
dkim_records=$(echo "$records" |grep -w '_domainkey' | cut -f 1 -d ' ')
for id in $dkim_records; do
$BIN/v-delete-dns-record $user $domain $id
done

127
bin/v-delete-mails
View file

@ -1,127 +0,0 @@
#!/bin/bash
# info: delete old emails (by mtime) for user/domain/account, with optional scope
# usage: v-delete-mails USER DOMAIN ACCOUNT MTIME_DAYS|all SCOPE
# SCOPE: all clean every Maildir folder (cur, new, tmp, custom subfolders)
# trash clean only Trash/Junk/Spam folders
# load Vesta functions & config
source "$VESTA/func/main.sh"
source "$VESTA/conf/vesta.conf"
# read arguments
user="$1"
domain="$2"
account="$3"
mtime="$4"
scope="$5"
# verify argument count
check_args '5' "$#" 'USER DOMAIN ACCOUNT MTIME_DAYS|all SCOPE'
# validate scope
if [[ "$scope" != "all" && "$scope" != "trash" ]]; then
echo "ERROR: SCOPE must be 'all' or 'trash'."
exit 1
fi
# validate logical combinations
if [[ "$user" == "all" ]]; then
if [[ "$domain" != "all" || "$account" != "all" ]]; then
echo "ERROR: When USER is 'all', both DOMAIN and ACCOUNT must be 'all'."
exit 1
fi
elif [[ "$domain" == "all" && "$account" != "all" ]]; then
echo "ERROR: When DOMAIN is 'all', ACCOUNT must also be 'all'."
exit 1
fi
# build a detailed summary for the warning
declare -a summary_parts
if [[ "$user" == "all" ]]; then
summary_parts+=("all users")
else
summary_parts+=("user '$user'")
fi
if [[ "$domain" == "all" ]]; then
summary_parts+=("all domains")
else
summary_parts+=("domain '$domain'")
fi
if [[ "$account" == "all" ]]; then
summary_parts+=("all accounts")
else
summary_parts+=("account '$account'")
fi
# join with commas
summary=$(printf ", %s" "${summary_parts[@]}")
summary=${summary:2}
# only warn if any of them is 'all' or if mtime is 'all'
if [[ "$mtime" == "all" || "$user" == "all" || "$domain" == "all" || "$account" == "all" ]]; then
echo "WARNING: This will delete emails older than '$mtime' days for ${summary}."
read -p "Are you sure? (yes/no): " confirm
[[ "$confirm" != "yes" ]] && { echo "Aborted."; exit 1; }
fi
# function to delete emails
delete_emails() {
local u="$1" d="$2" a="$3"
local maildir="/home/$u/mail/$d/$a"
[[ ! -d "$maildir" ]] && return
echo "→ Cleaning '$a@$d' (user: $u), scope: $scope, mtime: $mtime"
# build find predicates
if [[ "$scope" == "all" ]]; then
folder_expr=( -path "*/cur/*" -o -path "*/new/*" -o -path "*/tmp/*" )
else
folder_expr=( -ipath "*/trash/*" -o -ipath "*/junk/*" -o -ipath "*/spam/*" )
fi
# assemble and run find
if [[ "$mtime" == "all" ]]; then
find "$maildir" -type f \( "${folder_expr[@]}" \) -print -delete 2>/dev/null
else
find "$maildir" -type f \( "${folder_expr[@]}" \) -mtime +"$mtime" -print -delete 2>/dev/null
fi
}
# collect users
if [[ "$user" == "all" ]]; then
users=$(v-list-users plain | awk '{print $1}')
else
users="$user"
fi
# iterate through users, domains, accounts
for u in $users; do
if [[ "$domain" == "all" ]]; then
domains=$(v-list-mail-domains "$u" plain | awk '{print $1}')
else
domains="$domain"
fi
for d in $domains; do
if [[ "$account" == "all" ]]; then
accounts=$(v-list-mail-accounts "$u" "$d" plain | awk '{print $1}')
else
accounts="$account"
fi
for a in $accounts; do
delete_emails "$u" "$d" "$a"
done
done
done
# restart dovecot to refresh mailbox state
systemctl restart dovecot
# log the action (status first, then message)
log_event "$OK" "Deleted emails (>$mtime days, scope=$scope) for $user $domain $account"
exit 0

2
bin/v-delete-user
View file

@ -94,7 +94,7 @@ fi
# Deleting user directories
chattr -i $HOMEDIR/$user/conf
rm -rf $HOMEDIR/$user
if [ -d "/hdd/home/$user" ]; then
if [ -f "/hdd/home/$user" ]; then
rm -rf /hdd/home/$user
fi
rm -f /var/spool/mail/$user

3
bin/v-delete-web-domain
View file

@ -130,9 +130,6 @@ rm -f /var/log/$WEB_SYSTEM/domains/$domain.error*
# Deleting directory
rm -rf $HOMEDIR/$user/web/$domain
if [ -d "/hdd/home/$user/web/$domain" ]; then
rm -rf /hdd/home/$user/web/$domain
fi
#----------------------------------------------------------#

64
bin/v-delete-wordpress-uploads-php-files
View file

@ -1,64 +0,0 @@
#!/bin/bash
# info: delete PHP files from WordPress uploads folder
# options: DOMAIN
#----------------------------------------------------------#
# Variable & Function #
#----------------------------------------------------------#
[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; }
source /etc/profile
DOMAIN="$1"
[ -z "$DOMAIN" ] && { echo "Usage: v-delete-wordpress-uploads-php-files DOMAIN"; exit 1; }
USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")"
[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; }
WP_PATH="/home/$USER/web/$DOMAIN/public_html"
[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; }
quarantined=0;
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
cd "$WP_PATH" || exit 1
files=$(find wp-content/uploads/ -type f -name "*.php")
if [ -z "$files" ]; then
echo "= No PHP files found in WordPress uploads folder."
exit 0;
fi
echo "= Found PHP files in WordPress uploads folder for domain $DOMAIN :"
echo "-------------------------------------"
echo "$files"
echo "-------------------------------------"
read -r -p "Do you want to move these files to quarantine? (y/n, default: y): " RESPONSE < /dev/tty
if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then
for file in $files; do
source_file="/home/$USER/web/$DOMAIN/public_html/$file"
destination_file="/srv/wp-uploads-php-files-quarantine/$DOMAIN/$file"
destination_folder=$(dirname "$destination_file")
mkdir -p "$destination_folder"
chown $USER:$USER "$destination_folder"
mv "$source_file" "$destination_file"
echo "= File $source_file moved to $destination_file"
quarantined=1;
done
chown -R $USER:$USER "/srv/wp-uploads-php-files-quarantine/$DOMAIN"
fi
echo ""
if [ $quarantined -eq 1 ]; then
echo "= All PHP files moved to quarantine."
echo "= You can find them in /srv/wp-uploads-php-files-quarantine/$DOMAIN"
else
echo "= No PHP files found in WordPress uploads folder."
fi
exit 0;

86
bin/v-desinfect-wordpress
View file

@ -1,86 +0,0 @@
#!/bin/bash
# info: disinfect a WordPress site with several maintenance commands
# options: DOMAIN
# -------------------------------------------------------- #
# variables and checks #
# -------------------------------------------------------- #
if [ "$(whoami)" != "root" ]; then
echo "You must be root to run this command."
exit 1
fi
# make sure all Vesta helper scripts are reachable
export PATH="/usr/local/vesta/bin:$PATH"
source /etc/profile
domain="$1"
if [ -z "$domain" ]; then
echo "Usage: v-desinfect-wp DOMAIN"
exit 1
fi
user=$(/usr/local/vesta/bin/v-search-domain-owner "$domain")
if [ -z "$user" ]; then
echo "Domain $domain does not exist."
exit 1
fi
if [ ! -f "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" ]; then
echo "= WordFence CLI is not installed. Installing..."
/usr/local/vesta/bin/v-install-wordfence-cli
fi
# absolute paths to maintenance scripts, in desired order
declare -a tasks=(
"/usr/local/vesta/bin/v-change-database-password-for-wordpress"
"/usr/local/vesta/bin/v-change-wordpress-admin-passwords"
"/usr/local/vesta/bin/v-fix-wordpress-core"
"/usr/local/vesta/bin/v-delete-inactive-wordpress-plugins-and-themes"
"/usr/local/vesta/bin/v-delete-wordpress-uploads-php-files"
"/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate"
"INTERACTIVE=1 /usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate"
)
# -------------------------------------------------------- #
# execution strategy #
# -------------------------------------------------------- #
echo
read -r -p "Run all maintenance steps automatically? (y/n) " run_all < /dev/tty
if [[ "$run_all" =~ ^[Yy]$ ]]; then
echo "Running all maintenance steps for $domain"
automatic=true
else
echo
echo "Selective mode. You will be asked for each step."
automatic=false
fi
for cmd in "${tasks[@]}"; do
if [ ! -x "$cmd" ]; then
echo "Command $cmd not found or not executable, skipping."
continue
fi
if [ "$automatic" = false ]; then
while true; do
read -r -p "Run $(basename "$cmd") for $domain? (y/n) " yn < /dev/tty
case "$yn" in
[Yy]* ) break ;;
[Nn]* ) echo "Skipping $(basename "$cmd")."; continue 2 ;;
* ) echo "Please answer y or n." ;;
esac
done
fi
echo
echo "=== $(basename "$cmd") $domain ==="
"$cmd" "$domain"
done
echo
echo "Done."
exit 0

102
bin/v-df-snapshot-diff
View file

@ -1,102 +0,0 @@
#!/bin/bash
# info: Make a diff between two snapshots of the disk usage
# options: FILE1 FILE2
whoami=$(whoami)
if [ "$whoami" != "root" ]; then
echo "You must be root to execute this script"
exit 1
fi
# Let's declare three associative arrays
declare -A FILE1
declare -A FILE2
declare -A FILED
file1=$1
file2=$2
if [[ ! "$file1" =~ ^/usr/local/vesta/data/df/snapshot-.*\.txt$ ]]; then
file1="/usr/local/vesta/data/df/$file1"
fi
if [[ ! "$file2" =~ ^/usr/local/vesta/data/df/snapshot-.*\.txt$ ]]; then
file2="/usr/local/vesta/data/df/$file2"
fi
if [ ! -f "$file1" ]; then
echo "File $file1 not found"
exit 1
fi
if [ ! -f "$file2" ]; then
echo "File $file2 not found"
exit 1
fi
timestamp=$(date +%Y-%m-%d-%H-%M-%S)
mkdir -p /usr/local/vesta/data/df-diff
file0="/usr/local/vesta/data/df-diff/diff-$timestamp.txt"
file0s="/usr/local/vesta/data/df-diff/diff-size-sorted-$timestamp.txt"
file0f="/usr/local/vesta/data/df-diff/diff-folder-sorted-$timestamp.txt"
touch $file0
# Let's load the first file and fill the array FILE1
while IFS=$'\t' read SIZE DIRECTORY; do
# Skip blank lines or lines that are not in the correct format
[[ -z "$DIRECTORY" ]] && continue
[[ "$DIRECTORY" = "total" ]] && continue
# Insert values into the array
FILE1["$DIRECTORY"]="$SIZE"
done < "$file1"
# Let's load the second file and fill the array FILE2
while IFS=$'\t' read SIZE DIRECTORY; do
# Skip blank lines or lines that are not in the correct format
[[ -z "$DIRECTORY" ]] && continue
[[ "$DIRECTORY" = "total" ]] && continue
# Insert values into the array
FILE2["$DIRECTORY"]="$SIZE"
done < "$file2"
# We iterate through FILE1 and look for the matching key in FILE2
for k in "${!FILE1[@]}"; do
if [[ -v FILE2["$k"] ]]; then
# If there is the same folder (KEY) in FILE2
DIFF=$(( ${FILE2[$k]} - ${FILE1[$k]} ))
FILED["$k"]=$DIFF
echo -e "${DIFF}\t${k}" >> $file0
else
# If the folder (KEY) is not found in FILE2
FILED["$k"]=${FILE1["$k"]}
echo -e "${FILE1["$k"]}\t${k}" >> $file0
fi
done
# sorted by size
sort -nr -k1,1 $file0 > $file0s
# sorted by folders
while IFS=$'\t' read SIZE DIRECTORY; do
[[ -z "$DIRECTORY" ]] && continue
[[ "$DIRECTORY" = "total" ]] && continue
echo -e "$DIRECTORY\t${FILED["$DIRECTORY"]}" >> $file0f
done < "$file2"
chmod 600 $file0 $file0s $file0f
chown root:root $file0 $file0s $file0f
echo "Done."
echo "You can do:"
echo "mcview $file0"
echo "mcview $file0s"
echo "mcview $file0f"
echo "--------------------------------"
echo "Here is the first 30 lines of the diff, sorted by size (descending, in MB):"
head -n 30 $file0s
echo "--------------------------------"
echo "Here is the first 30 lines of the diff, sorted by folders (in MB):"
head -n 30 $file0f
echo "--------------------------------"
exit 0

11
bin/v-df-snapshot-logs-cleaner
View file

@ -1,11 +0,0 @@
#!/bin/bash
# info: Clean up old snapshots of the disk usage
# options: NONE
folder="/usr/local/vesta/data/df"
mkdir -p $folder
find $folder -type f -mtime +30 -delete
folder="/usr/local/vesta/data/df-diff"
mkdir -p $folder
find $folder -type f -mtime +30 -delete

52
bin/v-df-snapshot-make
View file

@ -1,52 +0,0 @@
#!/bin/bash
# info: Make a snapshot of the disk usage
# options: NONE
folder="/usr/local/vesta/data/df"
mkdir -p $folder
timestamp=$(date +%Y-%m-%d-%H-%M-%S)
du --max-depth=1 -m -x / > $folder/snapshot-$timestamp.txt
du --max-depth=6 -m -x /home > $folder/snapshot-temp.txt
for i in {2..7}; do
while IFS= read -r line; do
count=0
for (( j=0; j<${#line}; j++ )); do
if [[ ${line:j:1} == "/" ]]; then
((count++))
fi
done
if [ $count -eq $i ]; then
printf '%s\n' "$line" >> $folder/snapshot-$timestamp.txt
fi
done < $folder/snapshot-temp.txt
done
rm $folder/snapshot-temp.txt
if [ -d "/hdd" ]; then
du --max-depth=7 -m -x /hdd > $folder/snapshot-temp.txt
for i in {1..8}; do
while IFS= read -r line; do
count=0
for (( j=0; j<${#line}; j++ )); do
if [[ ${line:j:1} == "/" ]]; then
((count++))
fi
done
if [ $count -eq $i ]; then
printf '%s\n' "$line" >> $folder/snapshot-$timestamp.txt
fi
done < $folder/snapshot-temp.txt
done
rm $folder/snapshot-temp.txt
fi
du --max-depth=1 -m -x /var/lib/mysql >> $folder/snapshot-$timestamp.txt
du --max-depth=1 -m -x /var/log >> $folder/snapshot-$timestamp.txt
chmod 600 $folder/snapshot-$timestamp.txt
chown root:root $folder/snapshot-$timestamp.txt
exit 0

35
bin/v-fix-php-ini-disable-functions
View file

@ -1,35 +0,0 @@
#!/bin/bash
whoami=$(whoami)
if [ "$whoami" != "root" ]; then
echo "You must be root to execute this script"
exit 1;
fi
if [ -f "/tmp/patched" ]; then rm /tmp/patched; fi;
echo "=== Fixing php.ini files to have the correct disable_functions line"
export NOTFOUNDVAL="exec,system,passthru,shell_exec"
export LINEBEGINSWITH="disable_functions ="
export NEWVAL="disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen"
find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sh -c 'found=0; for arg do if [ ! -f "$arg.disable_patching" ]; then if [ $found -eq 0 ]; then echo "== Fixing existing lines"; found=1; touch /tmp/patched; fi; echo "= Patching $arg"; sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g" $arg; fi; done' _
export NOTFOUNDVAL2="^$LINEBEGINSWITH"
export REMOVELINETHATCONTAINS=$LINEBEGINSWITH
find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL2" {} \; | xargs sh -c 'found=0; for arg do if [ ! -f "$arg.disable_patching" ]; then if [ $found -eq 0 ]; then echo "== Adding missing lines"; found=1; touch /tmp/patched; fi; echo "= Patching $arg"; sed -i "s|.*$REMOVELINETHATCONTAINS.*||g" $arg; echo "$NEWVAL" >> $arg; fi; done' _
if [ -f "/tmp/patched" ]; then
rm /tmp/patched
echo "== Restarting all PHP-FPM services"
systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | xargs systemctl restart
echo "=== Everything done."
else
echo "=== Everything is already correct."
fi
exit 0;

7
bin/v-fix-user-permissions
View file

@ -49,10 +49,9 @@ find /home/$user/mail/*/ -maxdepth 1 -type d -exec chmod g-rwx {} \;
find /home/$user/conf/dns/ -type f -exec chown root:bind {} \;
find /home/$user/conf/ -type d -exec chown root:root {} \;
for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
/usr/local/vesta/bin/v-fix-website-permissions $domain $user
echo "--------------------------------"
done
find /home/$user/web/*/public_html/ -type d -exec chmod 755 {} +
find /home/$user/web/*/public_html/ -type f -exec chmod 644 {} +
find /home/$user/web/*/public_html/ -exec chown $user:$user {} \;
echo "Done, permissions fixed for user: $user"

116
bin/v-fix-website-permissions
View file

@ -1,6 +1,6 @@
#!/bin/bash
# info: Fixing chown and chmod permissions for a website
# options: DOMAIN [USER]
# info: Fixing chown and chmod permissions in the public_html directory
# options: DOMAIN
#----------------------------------------------------------#
# Variable&Function #
@ -18,22 +18,17 @@ source /etc/profile
# Argument definition
domain=$1
# Check if number of arguments is 2
if [ $# -eq 2 ]; then
user=$2
else
user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
fi
USER=$user
# Includes
source /usr/local/vesta/func/main.sh
source /usr/local/vesta/conf/vesta.conf
if [ -z "$user" ]; then
check_result $E_NOTEXIST "domain $domain doesn't exist"
fi
USER=$user
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
@ -43,12 +38,12 @@ is_format_valid 'domain'
is_object_valid 'user' 'USER' "$user"
if [ ! -d "/home/$user" ]; then
echo "Error: Folder /home/$user doesn't exist";
echo "User doesn't exist";
exit 1;
fi
if [ ! -d "/home/$user/web/$domain/public_html" ]; then
echo "Error: Folder /home/$user/web/$domain/public_html doesn't exist";
echo "Domain doesn't exist";
exit 1;
fi
@ -59,103 +54,14 @@ fi
# Going to domain directory
cd /home/$USER/web/$domain
# Ownership check
if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then
owner=$(stat -c '%U' "public_html/index.php")
if [ "$owner" = "root" ] || [ "$owner" = "www-data" ]; then
echo "Skipping permission fix for $domain, because v-lock-wordpress is used (index.php is owned by $owner)"
exit 1
fi
fi
echo "Updating permissions and ownership for /home/$USER/web/$domain/"
php_chmod_allowed=1
if [ -f "/home/php_chmod_disabled" ]; then
php_chmod_allowed=0
fi
if [ -f "/home/$USER/php_chmod_disabled" ]; then
php_chmod_allowed=0
fi
if [ -f "/home/$USER/web/php_chmod_disabled" ]; then
php_chmod_allowed=0
fi
if [ -f "/home/$USER/web/$domain/php_chmod_disabled" ]; then
php_chmod_allowed=0
fi
# === General files and directories permissions ===
if [ "$php_chmod_allowed" -eq 1 ]; then
# New way of fixing permissions
# Fixing permissions
find public_html/ -type d ! -perm 755 -exec chmod 755 {} +
find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -perm 644 -exec chmod 644 {} +
# Fixing ownership
find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} +
find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} +
else
# Old way of fixing permissions
# Fixing permissions
find public_html/ -type d ! -perm 755 -exec chmod 755 {} +
find public_html/ -type f ! -perm 644 -exec chmod 644 {} +
# Fixing ownership
find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} +
find public_html/ -type f ! -user $USER -exec chown $USER:$USER {} +
fi
# === PHP and .env permissions ===
if [ "$php_chmod_allowed" -eq 1 ]; then
php_chmod="600"
if [ "$WEB_SYSTEM" = 'nginx' ]; then
php_chmod="644"
fi
if [ -f "/home/php_chmod" ]; then
php_chmod=$(cat /home/php_chmod)
fi
if [ -f "/home/$USER/php_chmod" ]; then
php_chmod=$(cat /home/$USER/php_chmod)
fi
if [ -f "/home/$USER/web/php_chmod" ]; then
php_chmod=$(cat /home/$USER/web/php_chmod)
fi
if [ -f "/home/$USER/web/$domain/php_chmod" ]; then
php_chmod=$(cat /home/$USER/web/$domain/php_chmod)
fi
# Setting chmod 600 for all .php and .env files
echo "= Setting chmod $php_chmod for all .php and .env files"
# Fixing permissions
find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} +
# Fixing ownership
find -type f \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} +
fi
# === Symlinks ownership ===
symlink_chown_allowed=1
if [ -f "/home/symlink_chown_disabled" ]; then
symlink_chown_allowed=0
fi
if [ -f "/home/$USER/symlink_chown_disabled" ]; then
symlink_chown_allowed=0
fi
if [ -f "/home/$USER/web/symlink_chown_disabled" ]; then
symlink_chown_allowed=0
fi
if [ -f "/home/$USER/web/$domain/symlink_chown_disabled" ]; then
symlink_chown_allowed=0
fi
if [ "$symlink_chown_allowed" -eq 1 ]; then
find -type l ! -user $USER -exec chown -h $USER:$USER {} +
fi
echo "Updating permissions for /home/$USER/web/$domain/public_html/"
find public_html/ -type d -exec chmod 755 {} +
find public_html/ -type f -exec chmod 644 {} +
chown -R $USER:$USER public_html/
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
echo "Permissions for $domain have been successfully updated."
exit 0
exit

41
bin/v-fix-website-permissions-for-all-websites
View file

@ -1,41 +0,0 @@
#!/bin/bash
# info: fix website permissions for all websites
# options:
#
# The command is used for fixing website permissions for all websites on the server.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Importing system variables
source /etc/profile
# Includes
source $VESTA/func/main.sh
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then
continue;
fi
for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
/usr/local/vesta/bin/v-fix-website-permissions $domain $user
echo "--------------------------------"
done
done
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit

44
bin/v-fix-website-permissions-for-all-websites-only-php
View file

@ -1,44 +0,0 @@
#!/bin/bash
# info: fix website permissions for all websites
# options:
#
# The command is used for fixing website permissions for all websites on the server.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Importing system variables
source /etc/profile
# Includes
source $VESTA/func/main.sh
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
touch /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log
truncate -s 0 /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log
for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then
continue;
fi
for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
/usr/local/vesta/bin/v-fix-website-permissions-only-php $domain $user >> /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log 2>&1
echo "--------------------------------" >> /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log
done
done
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit

121
bin/v-fix-website-permissions-only-php
View file

@ -1,121 +0,0 @@
#!/bin/bash
# info: Fixing PHP and .env permissions and ownership for a website
# options: DOMAIN [USER]
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
whoami=$(whoami)
if [ "$whoami" != "root" ]; then
echo "You must be root to execute this script"
exit 1
fi
# Importing system environment
source /etc/profile
# Argument definition
domain=$1
# Check if number of arguments is 2
if [ $# -eq 2 ]; then
user=$2
else
user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
fi
USER=$user
# Includes
source /usr/local/vesta/func/main.sh
source /usr/local/vesta/conf/vesta.conf
if [ -z "$user" ]; then
check_result $E_NOTEXIST "domain $domain doesn't exist"
fi
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '1' "$#" 'DOMAIN'
is_format_valid 'domain'
is_object_valid 'user' 'USER' "$user"
if [ ! -d "/home/$user" ]; then
echo "Error: Folder /home/$user doesn't exist";
exit 1;
fi
if [ ! -d "/home/$user/web/$domain/public_html" ]; then
echo "Error: Folder /home/$user/web/$domain/public_html doesn't exist";
exit 1;
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Going to domain directory
cd /home/$USER/web/$domain
# Ownership check
if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then
owner=$(stat -c '%U' "public_html/index.php")
if [ "$owner" = "root" ] || [ "$owner" = "www-data" ]; then
echo "Skipping permission fix for $domain, because v-lock-wordpress is used (index.php is owned by $owner)"
exit 1
fi
fi
echo "Updating PHP and .env permissions and ownership for /home/$USER/web/$domain/"
php_chmod_allowed=1
if [ -f "/home/php_chmod_disabled" ]; then
php_chmod_allowed=0
fi
if [ -f "/home/$USER/php_chmod_disabled" ]; then
php_chmod_allowed=0
fi
if [ -f "/home/$USER/web/php_chmod_disabled" ]; then
php_chmod_allowed=0
fi
if [ -f "/home/$USER/web/$domain/php_chmod_disabled" ]; then
php_chmod_allowed=0
fi
# === PHP and .env permissions ===
if [ "$php_chmod_allowed" -eq 1 ]; then
php_chmod="600"
if [ "$WEB_SYSTEM" = 'nginx' ]; then
php_chmod="644"
fi
if [ -f "/home/php_chmod" ]; then
php_chmod=$(cat /home/php_chmod)
fi
if [ -f "/home/$USER/php_chmod" ]; then
php_chmod=$(cat /home/$USER/php_chmod)
fi
if [ -f "/home/$USER/web/php_chmod" ]; then
php_chmod=$(cat /home/$USER/web/php_chmod)
fi
if [ -f "/home/$USER/web/$domain/php_chmod" ]; then
php_chmod=$(cat /home/$USER/web/$domain/php_chmod)
fi
# Setting chmod 600 for all .php and .env files
echo "= Setting chmod $php_chmod for all .php and .env files"
# Fixing permissions
find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} +
# Fixing ownership
find -type f \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} +
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
echo "PHP and .env permissions and ownership for $domain have been successfully updated."
exit 0

115
bin/v-fix-wordpress-core
View file

@ -1,115 +0,0 @@
#!/bin/bash
# info: fix compromised wp-admin and wp-includes
# options: DOMAIN [CACHE_DIR]
#
# Replaces wp-admin and wp-includes with clean copies that match
# the WordPress core version detected on the site.
#
# Example:
# v-fix-wp-core example.com
# v-fix-wp-core example.com /srv/wp-cache
#----------------------------------------------------------#
# Variable & Function #
#----------------------------------------------------------#
# Arguments
DOMAIN="$1"
CACHE_DIR="${2-/srv/wp-cache}" # default cache location
QUARANTINE_DIR="/srv/wp-quarantine"
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '1' "$#" 'DOMAIN [CACHE_DIR]'
is_format_valid 'domain'
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
TMP_DIR="$(mktemp -d /tmp/wpfix.XXXXXX)" # temp workspace
trap 'rm -rf "$TMP_DIR"' EXIT
# 1etermine WP version
if [ -z "$PHP" ]; then
WP_VERSION="$(/usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')"
else
WP_VERSION="$(PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')"
fi
check_result $? "cannot detect WP version" > /dev/null
if [ -z "$WP_VERSION" ]; then
check_result 1 "empty WP version string"
fi
echo "Detected WordPress version $WP_VERSION"
# 2ind site owner and path
USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")"
check_result $? "cannot find domain owner" > /dev/null
SITE_PATH="/home/$USER/web/$DOMAIN/public_html"
if [ ! -d "$SITE_PATH" ]; then
check_result 1 "site path $SITE_PATH does not exist"
fi
# ensure cached core is present
CACHE_PATH="$CACHE_DIR/$WP_VERSION"
if [ ! -d "$CACHE_PATH/wp-admin" ] || [ ! -d "$CACHE_PATH/wp-includes" ]; then
echo "Cache for $WP_VERSION missing, downloading ZIP..."
mkdir -p "$CACHE_PATH"
ZIP_URL="https://wordpress.org/wordpress-${WP_VERSION}.zip"
ZIP_FILE="$TMP_DIR/wp.zip"
curl -fSL "$ZIP_URL" -o "$ZIP_FILE"
check_result $? "download failed" > /dev/null
unzip -q "$ZIP_FILE" -d "$TMP_DIR"
check_result $? "unzip failed" > /dev/null
mv "$TMP_DIR/wordpress/wp-admin" "$CACHE_PATH/"
mv "$TMP_DIR/wordpress/wp-includes" "$CACHE_PATH/"
cp "$TMP_DIR/wordpress"/*.php "$CACHE_PATH/"
fi
# backup current core folders
TIMESTAMP="$(date +%Y%m%d%H%M%S)"
BACKUP_DIR="$QUARANTINE_DIR/$DOMAIN/backup-core-$TIMESTAMP"
mkdir -p "$BACKUP_DIR"
mv "$SITE_PATH/wp-admin" "$BACKUP_DIR/"
mv "$SITE_PATH/wp-includes" "$BACKUP_DIR/"
for f in "$SITE_PATH"/*.php; do
[[ $(basename "$f") == "wp-config.php" ]] && continue
mv "$f" "$BACKUP_DIR/"
done
if [ -f "$SITE_PATH/.user.ini" ]; then
mv "$SITE_PATH/.user.ini" "$BACKUP_DIR/"
fi
# chown -R www-data:www-data "$BACKUP_DIR"
check_result $? "backup failed" > /dev/null
echo "Old core folders moved to $BACKUP_DIR"
# deploy clean core
rsync -a --delete "$CACHE_PATH/wp-admin/" "$SITE_PATH/wp-admin/"
rsync -a --delete "$CACHE_PATH/wp-includes/" "$SITE_PATH/wp-includes/"
check_result $? "rsync failed" > /dev/null
for corephp in "$CACHE_PATH"/*.php; do
base=$(basename "$corephp")
[ "$base" = "wp-config.php" ] && continue
rsync -a "$corephp" "$SITE_PATH/$base"
done
# fix permissions
SKIP_OWNERSHIP_CHECK=1 /usr/local/vesta/bin/v-fix-website-permissions $DOMAIN
# chown -R www-data:www-data "$BACKUP_DIR"
echo "Done, core WP files, wp-admin and wp-includes replaced for $DOMAIN"
exit

70
bin/v-get-dns-config
View file

@ -1,70 +0,0 @@
#!/bin/bash
# info: Get domain DNS config.db file content
# options: DOMAIN
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
whoami=$(whoami)
if [ "$whoami" != "root" ]; then
echo "You must be root to execute this script"
exit 1
fi
# Importing system environment
source /etc/profile
SILENT_MODE=1
# Argument definition
domain=$1
user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
USER=$user
# Includes
source /usr/local/vesta/func/main.sh
source /usr/local/vesta/func/domain.sh
if [ -z "$user" ]; then
check_result $E_NOTEXIST "domain $domain doesn't exist"
fi
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '1' "$#" 'DOMAIN'
is_format_valid 'domain'
is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user"
if [ ! -d "/home/$user" ]; then
# echo "User doesn't exist";
exit 1;
fi
if [ ! -d "/home/$user/web/$domain/public_html" ]; then
# echo "Domain doesn't exist";
exit 1;
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
DNS_FILE="/home/$user/conf/dns/$domain.db"
if [ -f "$DNS_FILE" ]; then
cat "$DNS_FILE"
else
echo "DNS configuration file for $domain does not exist."
exit 1
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
exit 0;

6
bin/v-import-cpanel-backup
View file

@ -157,15 +157,9 @@ for sk_dbr in $sk_db_list
echo " Create and restore ${sk_dbr} "
sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create
sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create
if grep -q ' enable the sandbox mode ' mysql/${sk_dbr}.create; then
v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.create
fi
mysql < mysql/${sk_dbr}.create
sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql
sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql
if grep -q ' enable the sandbox mode ' mysql/${sk_dbr}.sql; then
v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.sql
fi
mysql ${sk_dbr} < mysql/${sk_dbr}.sql
else
echo "Error: Cant restore database $sk_dbr alredy exists in mysql server"

2
bin/v-install-unsigned-ssl
View file

@ -52,9 +52,7 @@ fi
# Action #
#----------------------------------------------------------#
if [ -f "/home/$user/conf/web/ssl.$domain.crt" ]; then
/usr/local/vesta/bin/v-delete-web-domain-ssl "$user" "$domain"
fi
release=$(cat /etc/debian_version | tr "." "\n" | head -n1)

37
bin/v-install-wordfence-cli
View file

@ -1,37 +0,0 @@
#!/bin/bash
# info: Script for installing WordFence CLI
# options: NONE
if ! command -v git &> /dev/null; then
echo "= Git is not installed. Installing..."
apt-get update > /dev/null 2>&1
apt-get install -y git
fi
cd /root
if [ ! -d "myvesta-wordfence-cli" ]; then
git clone https://github.com/isscbta/myvesta-wordfence-cli.git
cd ~/myvesta-wordfence-cli/
else
cd ~/myvesta-wordfence-cli/
git pull
fi
echo ""
echo "----------------------------------------------------------------"
echo ""
echo "Which Docker container do you want to install for WordFence CLI?"
echo "1. WordFence CLI official Docker container"
echo "2. WordFence CLI Docker container maintained by myVesta"
read -r -p "Enter your choice: " choice < /dev/tty
if [ "$choice" == "1" ]; then
bash wf-cli-install.sh
fi
if [ "$choice" == "2" ]; then
bash wf-cli-install-our-image.sh
fi
exit 0;

62
bin/v-install-wordpress
View file

@ -57,26 +57,17 @@ if [ -z "$database" ]; then
fi
fi
# Convert domain to IDN if available
if command -v idn2 >/dev/null 2>&1; then
database=$(idn2 "$database")
idn_domain=$(idn2 "$domain")
elif command -v idn >/dev/null 2>&1; then
database=$(idn "$database")
idn_domain=$(idn "$domain")
fi
if [ -z "$email" ]; then
email="info@$idn_domain";
email="info@$domain";
fi
if [ ! -d "/home/$user" ]; then
echo "= Error: Folder /home/$user doesn't exist";
echo "User doesn't exist";
exit 1;
fi
if [ ! -d "/home/$user/web/$domain/public_html" ]; then
echo "= Error: Folder /home/$user/web/$domain/public_html doesn't exist";
echo "Domain doesn't exist";
exit 1;
fi
@ -104,23 +95,19 @@ PASSWDDB=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1)
# Action #
#----------------------------------------------------------#
PROTOCOL='https'
PROTOCOL='http'
if [ -z "$SKIP_LE" ]; then
if [ ! -f "/home/$user/conf/web/ssl.$domain.ca" ]; then
echo "== Trying to install LetsEncrypt for domain $domain"
/usr/local/vesta/bin/v-add-letsencrypt-domain "$user" "$domain" "www.$domain" "yes"
fi
if [ ! -z "$FORCE_HTTP" ]; then
# Switch to http:// only if --FORCE_HTTP parameter is set
echo "== Force http://"
PROTOCOL='http'
else
PROTOCOL='https'
fi
TPL_CHANGED=0;
if [ "$WEB_SYSTEM" != 'nginx' ]; then
if [ "$PROTOCOL" = "https" ]; then
if [ -f "/home/$user/conf/web/ssl.$domain.ca" ] || [ ! -z "$SKIP_LE" ]; then
PROTOCOL='https'
if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then
TPL_CHANGED=1;
/usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes"
@ -129,47 +116,42 @@ if [ "$WEB_SYSTEM" != 'nginx' ]; then
TPL_CHANGED=1;
/usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes"
fi
fi
if [ "$PROTOCOL" = "http" ]; then
else
if [ -f "/usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then
TPL_CHANGED=1;
/usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "hosting-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes"
fi
fi
fi
/usr/local/vesta/bin/v-add-database "$user" "$DBUSERSUF" "$DBUSERSUF" "$PASSWDDB" "mysql"
if [ ! -f "/usr/local/bin/wp" ]; then
echo "=== Downloading latest wp-cli"
wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp
chmod +x /usr/local/bin/wp
fi
WORKINGDIR="/home/$user/web/$domain/public_html"
rm -rf $WORKINGDIR/*
cd $WORKINGDIR
/usr/local/vesta/bin/v-run-wp-cli $domain core download
if [ ! -f "$WORKINGDIR/index.php" ]; then
echo "= WordPress installation failed: WordPress core download failed."
exit 1;
fi
/usr/local/vesta/bin/v-run-wp-cli $domain core config --dbname=$DBUSER --dbuser=$DBUSER --dbpass=$PASSWDDB
if [ ! -f "$WORKINGDIR/wp-config.php" ]; then
echo "= WordPress installation failed: WordPress core config failed, wp-config.php not found."
exit 1;
fi
sudo -H -u$user wp core download
sudo -H -u$user wp core config --dbname=$DBUSER --dbuser=$DBUSER --dbpass=$PASSWDDB
password=$(LC_CTYPE=C tr -dc A-Za-z0-9_\!\@\#\$\%\^\&\*\(\)-+= < /dev/urandom | head -c 12)
wpadmin=$(echo "$domain" | sed 's#\.#_#g')_4dm1n
/usr/local/vesta/bin/v-run-wp-cli $domain core install --url="$domain" --title="$domain" --admin_user="$wpadmin" --admin_password="$password" --admin_email="$email" --path=$WORKINGDIR
sudo -H -u$user wp core install --url="$domain" --title="$domain" --admin_user="$wpadmin" --admin_password="$password" --admin_email="$email" --path=$WORKINGDIR
mysql -u$DBUSER -p$PASSWDDB -e "USE $DBUSER; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'siteurl'; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'home';"
echo "================================================================="
echo "Your WordPress installation is complete."
echo "Installation is complete. Your username/password is listed below."
echo ""
echo "Website URL: $PROTOCOL://$domain/"
echo "Site: $PROTOCOL://$domain/"
echo ""
echo "WordPress admin login: $PROTOCOL://$domain/wp-admin/"
echo "Login: $PROTOCOL://$domain/wp-admin/"
echo "Username: $wpadmin"
echo "Password: $password"
echo ""

27
bin/v-install-wp-cli
View file

@ -1,27 +0,0 @@
#!/bin/bash
# info: Download WP CLI
# options: NONE
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
whoami=$(whoami)
if [ "$whoami" != "root" ]; then
echo "You must be root to execute this script"
exit 1
fi
echo "= Installing WP CLI by downloading phar file..."
wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp
chmod +x /usr/local/bin/wp
if [ -f "/usr/local/bin/wp" ]; then
echo "= WP CLI installed successfully."
echo "= Usage: v-run-wp-cli DOMAIN WP_CLI_COMMAND"
exit 0;
else
echo "= WP CLI installation failed."
echo "= Please install it manually."
exit 1;
fi

79
bin/v-install-wp-cli-myvesta
View file

@ -1,79 +0,0 @@
#!/bin/bash
# info: Download myVesta WP CLI
# options: NONE
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
whoami=$(whoami)
if [ "$whoami" != "root" ]; then
echo "You must be root to execute this script"
exit 1
fi
# Importing system environment
source /etc/profile
if [ ! -f "/usr/local/bin/composer" ]; then
echo "= Composer is not installed. Installing..."
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php composer-setup.php --install-dir=/usr/local/bin --filename=composer
php -r "unlink('composer-setup.php');"
echo "= Composer installed successfully."
fi
if [ -d "/usr/local/bin/wp-cli" ]; then
echo "= Removing old myVesta WP CLI..."
rm -rf /usr/local/bin/wp-cli
fi
echo "= Installing myVesta WP CLI..."
cd /usr/local/bin
git clone https://github.com/wp-cli/wp-cli.git
chown -R www-data:www-data wp-cli
ver_ge() {
# usage: ver_ge 7.2 5.6 --> returns true if $1 is greater than or equal to $2
[ "$(printf '%s\n' "$1" "$2" | sort -V | head -n1)" = "$2" ]
}
current_php_version=$(readlink -f /usr/bin/php | grep -oP 'php\K[0-9]+\.[0-9]+')
php_versions=$(/usr/local/vesta/bin/v-list-php)
for php_version in $php_versions; do
if ver_ge "$php_version" "7.2"; then
oldest_allowed_php_version=$php_version
break
fi
done
echo "= Setting PHP version to $oldest_allowed_php_version"
update-alternatives --set php /usr/bin/php$oldest_allowed_php_version
cd wp-cli/
sudo -H -u www-data composer install
echo "= Installing search-replace-command package..."
sudo -H -u www-data WP_CLI_PACKAGES_DIR=/usr/local/bin/wp-cli/packages php /usr/local/bin/wp-cli/php/boot-fs.php package install wp-cli/search-replace-command
echo "= Setting PHP version to $current_php_version"
update-alternatives --set php /usr/bin/php$current_php_version
# Fix terminal columns issue for WP CLI
echo "= Fixing terminal columns issue for WP CLI..."
/usr/local/vesta/bin/v-sed '$columns = 80;' "if (file_exists('/usr/local/bin/wp-cli/COLUMNS')) \$columns=intval(file_get_contents('/usr/local/bin/wp-cli/COLUMNS')); else \$columns = 80;" '/usr/local/bin/wp-cli/vendor/wp-cli/php-cli-tools/lib/cli/Shell.php'
echo ""
if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then
echo "= myVesta WP CLI installed successfully."
echo "= Usage: v-run-wp-cli-myvesta DOMAIN WP_CLI_COMMAND"
exit 0;
else
echo "= myVesta WP CLI installation failed."
echo "= Please install it manually."
exit 1;
fi

3
bin/v-list-sys-config
View file

@ -54,8 +54,7 @@ json_list() {
"SOFTACULOUS": "'$SOFTACULOUS'",
"MAX_DBUSER_LEN": "'$MAX_DBUSER_LEN'",
"MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'",
"VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'",
"DISABLE_IP_CHECK": "'$DISABLE_IP_CHECK'"
"VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'"
}
}'
}

14
bin/v-make-main-apache-log
View file

@ -1,14 +0,0 @@
#!/bin/bash
touch /var/log/apache2/time.log
# truncate -s 0 /var/log/apache2/time.log
chmod 0640 /var/log/apache2/time.log
chown root:adm /var/log/apache2/time.log
find /home/*/conf/web/ -type f \( -name "apache2.conf" -or -name "sapache2.conf" -or -name "*.apache2.conf" -or -name "*.apache2.ssl.conf" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n ServerName |g'
find /usr/local/vesta/data/templates/web/apache2 -type f \( -name "*.tpl" -or -name "*.stpl" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n ServerName |g'
if ! /usr/local/vesta/bin/v-grep 'LogFormat "%t %v %a %D %r %>s \"%{User-Agent}i\"" time' '/etc/apache2/apache2.conf' '-q'; then
sed -i 's|LogFormat "%b" bytes|LogFormat "%b" bytes\nLogFormat "%t %v %a %D %r %>s \\\"%{User-Agent}i\\\" pid=%P" time|g' /etc/apache2/apache2.conf
fi
systemctl restart apache2
wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic.php -O /root/analyze-traffic.php

14
bin/v-make-separated-ip-for-email
View file

@ -139,17 +139,6 @@ if [ "$check_grep" -eq 0 ]; then
echo "=== patching exim4.conf.template"
mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup
cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template
eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}')
if (( $(echo "$eximversion < 4.96" | bc -l) )); then
cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template.without-srs /etc/exim4/exim4.conf.template
sed -i "s|message_linelength_limit|#message_linelength_limit|g" /etc/exim4/exim4.conf.template
fi
if (( $(echo "$eximversion < 4.94" | bc -l) )); then
sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template
fi
sed -i "s|FIRSTIP|$HOST_IP|g" /etc/exim4/exim4.conf.template
sed -i "s|SECONDIP|$MAIL_IP|g" /etc/exim4/exim4.conf.template
sed -i "s|FIRSTHOST|$HOSTNAME|g" /etc/exim4/exim4.conf.template
@ -179,10 +168,9 @@ if [ "$check_grep" -eq 0 ]; then
fi
systemctl restart exim4
if [ $? -ne 0 ]; then
systemctl status exim4
cp /etc/exim4/exim4.conf.template-backup /etc/exim4/exim4.conf.template
systemctl restart exim4
echo "=== Patching failed, old exim conf returned, exim4 restarted again."
echo "=== Patching failed, aborting"
exit 1
fi
echo "=== Patching successful"

11
bin/v-migrate-site-to-https
View file

@ -40,7 +40,6 @@ is_format_valid 'domain' 'user'
is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user"
FROM_DATABASE_NAME=''
FROM_DATABASE_USERNAME=''
FROM_DATABASE_PASSWORD=''
@ -113,6 +112,12 @@ if [ $IT_IS_WP -eq 0 ]; then
cd /root
git clone https://github.com/interconnectit/Search-Replace-DB.git
fi
else
if [ ! -f "/usr/local/bin/wp" ]; then
echo "=== Downloading latest wp-cli"
wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp
chmod +x /usr/local/bin/wp
fi
fi
@ -167,9 +172,9 @@ if [ $IT_IS_WP -eq 0 ]; then
else
cd $SITE_FOLDER
echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME"
/usr/local/vesta/bin/v-run-wp-cli $FROM_DOMAIN search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes;
sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes;
echo "=== Replacing $FROM_REPLACE2 to $TO_REPLACE2 in database $FROM_DATABASE_NAME"
/usr/local/vesta/bin/v-run-wp-cli $FROM_DOMAIN search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes;
sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes;
fi
echo "===== DONE ===="

44
bin/v-move-domain-and-database-to-account
View file

@ -92,52 +92,32 @@ fi
# Update Wordfence WAF Path #
#----------------------------------------------------------#
filepath="/home/USER_TO/web/$domain/public_html/.user.ini"
filename=$(basename $filepath)
# Path to .user.ini file
user_ini="$USER_DATA/web/$domain/public_html/.user.ini"
# Check if file exists
if [ -f "$filepath" ]; then
echo "Updating $filename with new user path..."
# Check if .user.ini exists
if [ -f "$user_ini" ]; then
echo "Updating .user.ini with new user path..."
# Temporary file for modification
tmp_file=$(mktemp)
# Change path from old USER to new USER_TO
sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$filepath" > "$tmp_file"
sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$user_ini" > "$tmp_file"
# Check if replacement was successful and update file
# Check if replacement was successful and update .user.ini
if [ $? -eq 0 ]; then
mv "$tmp_file" "$filepath"
echo "$filename updated successfully."
mv "$tmp_file" "$user_ini"
echo ".user.ini updated successfully."
else
echo "Failed to update $filename file."
echo "Failed to update .user.ini file."
rm "$tmp_file" # Deletes temporary file
fi
fi
filepath="/home/USER_TO/web/$domain/public_html/wordfence-waf.php"
filename=$(basename $filepath)
# Check if file exists
if [ -f "$filepath" ]; then
echo "Updating $filename with new user path..."
# Temporary file for modification
tmp_file=$(mktemp)
# Change path from old USER to new USER_TO
sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$filepath" > "$tmp_file"
# Check if replacement was successful and update file
if [ $? -eq 0 ]; then
mv "$tmp_file" "$filepath"
echo "$filename updated successfully."
else
echo "Failed to update $filename file."
rm "$tmp_file" # Deletes temporary file
fi
echo ".user.ini does not exist, no changes made."
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#

28
bin/v-move-folder-and-make-symlink
View file

@ -19,8 +19,6 @@ fi
FROMFOLDER=$1
TOFOLDER=$2
echo "Executing: v-move-folder-and-make-symlink $1 $2"
# Includes
source $VESTA/func/main.sh
@ -28,16 +26,6 @@ source $VESTA/func/main.sh
# Verifications #
#----------------------------------------------------------#
if [ -z "$FROMFOLDER" ]; then
echo "First parameter is empty, aborting"
exit 1
fi
if [ -z "$TOFOLDER" ]; then
echo "Second parameter is empty, aborting"
exit 1
fi
# Trimming the ending slash, just in case
FROMFOLDER=$(echo "$FROMFOLDER" | sed 's:/*$::')
TOFOLDER=$(echo "$TOFOLDER" | sed 's:/*$::')
@ -78,21 +66,19 @@ fi
# Action #
#----------------------------------------------------------#
rsync -a "$FROMFOLDER/" "$TOFOLDER/"
# with slashes on the end of the path of both folders
if [ "$?" -ne 0 ]; then
echo "Error happened, aborting"
exit 1
fi
if [ "$FROMFOLDER" = "/home/$USER" ] && [ -d "$FROMFOLDER/conf" ]; then
# if we are moving myVesta home folder, we must remove immutable attribute from conf/ files
chattr -R -i "$FROMFOLDER/conf/" > /dev/null 2>&1
# with slashes on the end of the path of the folder
fi
# rsync -a "$FROMFOLDER/" "$TOFOLDER/"
# with slashes on the end of the path of both folders
mv "$FROMFOLDER" "$TOFOLDER"
if [ "$?" -ne 0 ]; then
echo "Error happened, aborting"
exit 1
fi
rm -rf "$FROMFOLDER"
# without slash on the end of the path of the folder

2
bin/v-restore-user
View file

@ -417,7 +417,6 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
# Restoring web domain data
chown $user $tmpdir
chmod u+w $HOMEDIR/$user/web/$domain
chmod 0755 $tmpdir/web/$domain
sudo -u $user tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \
-C $HOMEDIR/$user/web/$domain/ --exclude=./logs/* \
2> $HOMEDIR/$user/web/$domain/restore_errors.log
@ -619,7 +618,6 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then
if [ -e "$tmpdir/mail/$domain/accounts.tar.gz" ]; then
chown $user $tmpdir
chmod u+w $HOMEDIR/$user/mail/$domain_idn
chmod 0755 $tmpdir/mail/$domain
sudo -u $user tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \
-C $HOMEDIR/$user/mail/$domain_idn/
if [ "$?" -ne 0 ]; then

91
bin/v-run-wp-cli
View file

@ -36,111 +36,44 @@ fi
# Verifications #
#----------------------------------------------------------#
VERBOSE_MODE=1
check_args '2' "$#" 'DOMAIN WP_CLI_COMMAND'
is_format_valid 'domain'
is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user"
is_object_unsuspended 'web' 'DOMAIN' "$domain"
if [ ! -d "/home/$user" ]; then
echo "= User doesn't exist";
# echo "User doesn't exist";
exit 1;
fi
if [[ "$wp_command" != core\ download* ]] && [[ "$wp_command" != core\ config* ]] && [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then
echo '= Please install WordPress first.'
if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then
echo 'Please install WordPress first.'
exit 1;
fi
wpcli=""
if [ ! -f "/usr/local/bin/wp" ]; then
echo "= WP CLI is not installed. Installing..."
/usr/local/vesta/bin/v-install-wp-cli
if ! command -v wp &> /dev/null; then
echo "WP CLI is not installed. Installing..."
wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp
chmod +x /usr/local/bin/wp
echo "WP CLI installed successfully."
fi
if [ -z "$USE_WP_CLI_MYVESTA" ]; then
if [ -f "/usr/local/bin/wp" ]; then
# Get current time and file ctime in seconds since epoch
current_time=$(date +%s)
file_ctime=$(stat -c %Z /usr/local/bin/wp)
# Calculate age in days
age_days=$(( (current_time - file_ctime) / 86400 ))
if [ "$age_days" -gt 30 ]; then
echo "= The /usr/local/bin/wp file is older than 30 days (based on CTime)."
echo "= Updating WP CLI..."
/usr/local/vesta/bin/v-install-wp-cli
fi
fi
fi
if [ -t 1 ]; then
output='terminal'
else
output='file'
fi
if [ -f "/usr/local/bin/wp" ]; then
wpcli="/usr/local/bin/wp"
WP_CLI_PACKAGES_DIR=""
fi
if [ ! -z "$USE_WP_CLI_MYVESTA" ] && [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] && [ -d "/usr/local/bin/wp-cli/packages/vendor/wp-cli/search-replace-command" ] && [ "$output" == "terminal" ]; then
wpcli="/usr/local/bin/wp-cli/php/boot-fs.php"
COLUMNS=$(/usr/bin/env stty size 2>/dev/null | awk '{print $2}')
echo $COLUMNS > /usr/local/bin/wp-cli/COLUMNS
WP_CLI_PACKAGES_DIR="WP_CLI_PACKAGES_DIR=/usr/local/bin/wp-cli/packages"
fi
if [ -z "$wpcli" ]; then
echo "= WP CLI is not installed. Please install it manually."
if [ ! -d "/home/$user/web/$domain/public_html" ]; then
# echo "Domain doesn't exist";
exit 1;
fi
mkdir -p /home/$user/.wp-cli
chown $user:$user /home/$user/.wp-cli
if [ -z "$PHP" ]; then
phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain")
else
phpver=$PHP
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
cd /home/$USER/web/$domain/public_html
sudo -u $USER /usr/bin/php$phpver /usr/local/bin/wp $wp_command
if [ -z "$OPEN_BASEDIR" ]; then
OPEN_BASEDIR="/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin:/tmp"
fi
if [ -z "$DISABLE_FUNCTIONS" ]; then
DISABLE_FUNCTIONS="pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen"
fi
if [ -z "$SHOW_ERRORS" ]; then
sudo -u $USER $WP_CLI_PACKAGES_DIR /usr/bin/php$phpver -d disable_functions=$DISABLE_FUNCTIONS -d open_basedir=$OPEN_BASEDIR $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log
else
sudo -u $USER $WP_CLI_PACKAGES_DIR /usr/bin/php$phpver -d disable_functions=$DISABLE_FUNCTIONS -d open_basedir=$OPEN_BASEDIR $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command
fi
return_code=$?
if [ -f "/usr/local/bin/wp-cli/COLUMNS" ]; then
rm /usr/local/bin/wp-cli/COLUMNS
fi
if [ -z "$SHOW_ERRORS" ]; then
if grep -q "PHP Fatal error" /home/$user/web/$domain/wp-cli-error.log || [ $return_code -ne 0 ]; then
cat /home/$user/web/$domain/wp-cli-error.log
fi
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
exit $return_code;
exit 0;

21
bin/v-run-wp-cli-myvesta
View file

@ -1,21 +0,0 @@
#!/bin/bash
if [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then
echo "= myVesta WP CLI is not installed. Installing..."
/usr/local/vesta/bin/v-install-wp-cli-myvesta
fi
if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then
# Get current time and file ctime in seconds since epoch
current_time=$(date +%s)
file_ctime=$(stat -c %Z /usr/local/bin/wp-cli/php/boot-fs.php)
# Calculate age in days
age_days=$(( (current_time - file_ctime) / 86400 ))
if [ "$age_days" -gt 30 ]; then
echo "= The /usr/local/bin/wp-cli/php/boot-fs.php file is older than 30 days (based on CTime)."
echo "= Updating myVesta WP CLI..."
/usr/local/vesta/bin/v-install-wp-cli-myvesta
fi
fi
USE_WP_CLI_MYVESTA=1 /usr/local/vesta/bin/v-run-wp-cli "$@"

9
bin/v-suspend-firewall-rule
View file

@ -32,21 +32,12 @@ is_object_unsuspended '../../data/firewall/rules' 'RULE' "$rule"
# Action #
#----------------------------------------------------------#
oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf)
# Suspending rule
update_object_value ../../data/firewall/rules RULE $rule '$SUSPENDED' yes
# Updating system firewall
$BIN/v-update-firewall
if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
parse_object_kv_list_non_eval "$oldvalues"
if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then
sed -i "\#$IP#d" /etc/nginx/conf.d/block-firewall.conf
systemctl restart nginx
fi
fi
#----------------------------------------------------------#
# Vesta #

2
bin/v-unlock-wordpress
View file

@ -58,8 +58,6 @@ chown -R $user:$user public_html/
rm public_html/wp-content/uploads/.htaccess
/usr/local/vesta/bin/v-fix-website-permissions $domain
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#

13
bin/v-unsuspend-firewall-rule
View file

@ -32,25 +32,12 @@ is_object_suspended '../../data/firewall/rules' 'RULE' "$rule"
# Action #
#----------------------------------------------------------#
oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf)
# Suspending rule
update_object_value ../../data/firewall/rules RULE $rule '$SUSPENDED' no
# Updating system firewall
$BIN/v-update-firewall
if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
parse_object_kv_list_non_eval "$oldvalues"
if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then
touch /etc/nginx/conf.d/block-firewall.conf
if ! grep -q "deny $IP;" /etc/nginx/conf.d/block-firewall.conf; then
echo "deny $IP;" >> /etc/nginx/conf.d/block-firewall.conf
systemctl restart nginx
fi
fi
fi
#----------------------------------------------------------#
# Vesta #

48
bin/v-update-document-errors-files
View file

@ -1,48 +0,0 @@
#!/bin/bash
# info: fix website permissions for all websites
# options:
#
# The command is used for fixing website permissions for all websites on the server.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Importing system variables
source /etc/profile
# Includes
source $VESTA/func/main.sh
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then
continue;
fi
for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
cp /usr/local/vesta/data/templates/web/skel/document_errors/403.html /home/$user/web/$domain/document_errors/403.html
cp /usr/local/vesta/data/templates/web/skel/document_errors/404.html /home/$user/web/$domain/document_errors/404.html
cp /usr/local/vesta/data/templates/web/skel/document_errors/50x.html /home/$user/web/$domain/document_errors/50x.html
sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/403.html
sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/404.html
sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/50x.html
chown $user:$user /home/$user/web/$domain/document_errors/*
chmod 644 /home/$user/web/$domain/document_errors/*
done
done
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit

16
bin/v-update-firewall
View file

@ -67,7 +67,7 @@ echo "$iptables -P INPUT ACCEPT" >> $tmp
echo "$iptables -F INPUT" >> $tmp
# Enabling stateful support
if [ "$FIREWALL_STATEFUL" == "yes" ] || [ "$conntrack" != 'no' ] || grep --quiet container=lxc /proc/1/environ; then
if [ "$conntrack" != 'no' ] || grep --quiet container=lxc /proc/1/environ; then
str="$iptables -A INPUT -m state"
str="$str --state ESTABLISHED,RELATED -j ACCEPT"
echo "$str" >> $tmp
@ -164,12 +164,12 @@ if [ ! -z "$FIREWALL_EXTENSION" ]; then
fi
# Saving rules to the master iptables file
# if [ -d "/etc/sysconfig" ]; then
# /sbin/iptables-save > /etc/sysconfig/iptables
# if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then
# /sbin/chkconfig iptables on
# fi
# else
if [ -d "/etc/sysconfig" ]; then
/sbin/iptables-save > /etc/sysconfig/iptables
if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then
/sbin/chkconfig iptables on
fi
else
/sbin/iptables-save > /etc/iptables.rules
preup="/etc/network/if-pre-up.d/iptables"
if [ ! -e "$preup" ]; then
@ -178,7 +178,7 @@ fi
echo "exit 0" >> $preup
chmod +x $preup
fi
# fi
fi
# Worarkound for OpenVZ
if [ -e "/proc/vz/veinfo" ]; then

3
bin/v-update-mail-domain-disk
View file

@ -49,8 +49,7 @@ dom_diks=0
for account in $(search_objects "mail/$domain" 'SUSPENDED' "no" 'ACCOUNT'); do
home_dir=$HOMEDIR/$user/mail/$domain/$account
if [ -e "$home_dir" ]; then
cd $home_dir
udisk=$(nice -n 19 du -shm ./ | cut -f 1 )
udisk=$(nice -n 19 du -shm $home_dir | cut -f 1 )
else
udisk=0
fi

4
bin/v-update-mail-domains-disk
View file

@ -35,9 +35,9 @@ fi
#----------------------------------------------------------#
# Starting loop
for domain in $(list_objects 'mail' 'DOMAIN'); do
for domain in $(search_objects 'mail' 'SUSPENDED' "no" 'DOMAIN'); do
dom_diks=0
accounts=$(list_objects "mail/$domain" 'ACCOUNT')
accounts=$(search_objects "mail/$domain" 'SUSPENDED' "no" 'ACCOUNT')
for account in $accounts; do
home_dir=$HOMEDIR/$user/mail/$domain/$account
if [ -e "$home_dir" ]; then

8
bin/v-update-sys-rrd-net
View file

@ -35,15 +35,13 @@ if [ ! -d "$RRD/net" ]; then
mkdir $RRD/net
fi
find $RRD/net -name "veth*" -delete
# Parsing network interfaces
ndev=$(cat /proc/net/dev)
ifaces=$(echo "$ndev" |grep : |cut -f 1 -d : | sed "s/ //g")
# Parsing excludes
if [ -z "$RRD_IFACE_EXCLUDE" ]; then
RRD_IFACE_EXCLUDE='lo,'
RRD_IFACE_EXCLUDE='lo'
fi
for exclude in $(echo ${RRD_IFACE_EXCLUDE//,/ }); do
ifaces=$(echo "$ifaces" |grep -vw "$exclude" )
@ -64,8 +62,6 @@ for iface in $ifaces; do
RRA:MAX:0.5:6:700 \
RRA:MAX:0.5:24:775 \
RRA:MAX:0.5:288:797
else
touch $RRD/net/$iface.rrd
fi
# Parsing device stats
@ -116,8 +112,6 @@ for iface in $ifaces; do
done
find $RRD/net -name "*.png" -mtime +1 -delete
find $RRD/net -name "*.rrd" -mtime +1 -delete
#----------------------------------------------------------#
# Vesta #

8
bin/v-update-web-domain-disk
View file

@ -50,14 +50,6 @@ if [ -e "$home_dir" ]; then
disk_usage=$(nice -n 19 du -shm $home_dir | cut -f 1 )
fi
# Defining hdd home directory
home_dir="/hdd$HOMEDIR/$user/web/$domain/"
# Checking home directory exist
if [ -e "$home_dir" ] && [[ ! -L "$home_dir" ]]; then
disk_usage2=$(nice -n 19 du -shm $home_dir | cut -f 1 )
disk_usage=$(( disk_usage + disk_usage2 ))
fi
#----------------------------------------------------------#
# Vesta #

7
bin/v-update-web-domains-disk
View file

@ -32,16 +32,11 @@ is_object_valid 'user' 'USER' "$user"
#----------------------------------------------------------#
# Domain loop
for domain in $(list_objects 'web' 'DOMAIN'); do
for domain in $(search_objects 'web' 'SUSPENDED' "no" 'DOMAIN'); do
home_dir="$HOMEDIR/$user/web/$domain/"
if [ -e "$home_dir" ]; then
disk_usage=$(nice -n 19 du -shm $home_dir | cut -f 1 )
fi
home_dir="/hdd$HOMEDIR/$user/web/$domain/"
if [ -e "$home_dir" ] && [[ ! -L "$home_dir" ]]; then
disk_usage2=$(nice -n 19 du -shm $home_dir | cut -f 1 )
disk_usage=$(( disk_usage + disk_usage2 ))
fi
update_object_value 'web' 'DOMAIN' "$domain" '$U_DISK' "$disk_usage"
done

119
bin/v-whitelist-email-account
View file

@ -1,119 +0,0 @@
#!/bin/bash
# info: Add a specific email address to SpamAssassin whitelist
# usage: v-whitelist-email-account EMAIL
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
whoami=$(whoami)
if [ "$whoami" != "root" ]; then
echo "You must be root to execute this script"
exit 1
fi
# Importing system environment
source /etc/profile
# Determine Debian version and set SpamAssassin service name
release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
if [ "$release" -lt 12 ]; then
SPAMD_SERVICE="spamassassin.service"
else
SPAMD_SERVICE="spamd.service"
fi
SPAMASSASSIN_FILE="/etc/spamassassin/local.cf"
# Flags to track changes
SPAMASSASSIN_CHANGED=false
# Function to check if an entry already exists in a file
check_entry_exists() {
local entry=$1
local file=$2
grep -qF "$entry" "$file"
}
# Function to check if a domain/email is already blacklisted
check_blacklisted() {
local pattern=$1
local file=$2
grep -qE "blacklist_from.*${pattern}" "$file"
}
# Function to add an entry to a file
add_entry_to_file() {
local entry=$1
local file=$2
echo "$entry" >> "$file"
}
# Display usage if no arguments are provided
if [ $# -lt 1 ]; then
echo "Usage: v-whitelist-email-account EMAIL"
exit 1
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
EMAIL=$1
# Validate email format
if [[ ! "$EMAIL" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then
echo "Invalid email address format."
exit 1
fi
# Extract the domain from the email address
DOMAIN=$(echo "$EMAIL" | awk -F '@' '{print $2}')
# Prepare entries for SpamAssassin
WHITELIST_ENTRY="whitelist_from $EMAIL"
BLACKLIST_ENTRY_MAIN="*@${DOMAIN}"
BLACKLIST_ENTRY_SUB="*.$DOMAIN"
#----------------------------------------------------------#
# SpamAssassin Whitelist #
#----------------------------------------------------------#
echo "Updating $SPAMASSASSIN_FILE..."
# Check if the email address or its domain is already blacklisted
if check_blacklisted "$EMAIL" "$SPAMASSASSIN_FILE"; then
echo "Cannot whitelist $EMAIL. It is already blacklisted."
exit 1
fi
if check_blacklisted "$BLACKLIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then
echo "Cannot whitelist $EMAIL. The domain $DOMAIN is already blacklisted."
exit 1
fi
if check_blacklisted "$BLACKLIST_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then
echo "Cannot whitelist $EMAIL. The subdomain of $DOMAIN is already blacklisted."
exit 1
fi
# Add the email to whitelist if not already present
if ! check_entry_exists "$WHITELIST_ENTRY" "$SPAMASSASSIN_FILE"; then
add_entry_to_file "$WHITELIST_ENTRY" "$SPAMASSASSIN_FILE"
echo "Added $WHITELIST_ENTRY to $SPAMASSASSIN_FILE."
SPAMASSASSIN_CHANGED=true
else
echo "$WHITELIST_ENTRY already exists in $SPAMASSASSIN_FILE."
fi
# Restart SpamAssassin only if changes were made
if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then
systemctl restart "$SPAMD_SERVICE"
echo "SpamAssassin service ($SPAMD_SERVICE) restarted."
fi
#----------------------------------------------------------#
# Done #
#----------------------------------------------------------#
exit 0

119
bin/v-whitelist-email-domain
View file

@ -1,119 +0,0 @@
#!/bin/bash
# info: Add a domain to SpamAssassin whitelist
# usage: v-whitelist-email-domain DOMAIN SUBDOMAIN(YES/NO)
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
whoami=$(whoami)
if [ "$whoami" != "root" ]; then
echo "You must be root to execute this script"
exit 1
fi
# Importing system environment
source /etc/profile
# Determine Debian version and set SpamAssassin service name
release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
if [ "$release" -lt 12 ]; then
SPAMD_SERVICE="spamassassin.service"
else
SPAMD_SERVICE="spamd.service"
fi
SPAMASSASSIN_FILE="/etc/spamassassin/local.cf"
# Flags to track changes
SPAMASSASSIN_CHANGED=false
# Function to check if a SpamAssassin whitelist entry already exists
check_whitelist_exists() {
local entry=$1
local file=$2
grep -qF "whitelist_from $entry" "$file"
}
# Function to check if a domain/email is already blacklisted
check_blacklist_exists() {
local domain=$1
local file=$2
grep -qE "blacklist_from.*${domain}$" "$file"
}
# Function to add whitelist entry to file
add_whitelist_to_file() {
local entry=$1
local file=$2
echo "whitelist_from $entry" >> "$file"
}
# Display usage if no arguments are provided
if [ $# -lt 2 ]; then
echo "Usage: v-whitelist-email-domain DOMAIN SUBDOMAIN(YES/NO)"
exit 1
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
DOMAIN=$1
SUBDOMAIN=${2^^} # Convert to uppercase for consistency (YES/NO)
# Validate SUBDOMAIN parameter
if [[ "$SUBDOMAIN" != "YES" && "$SUBDOMAIN" != "NO" ]]; then
echo "Invalid parameter for SUBDOMAIN. Use YES or NO."
exit 1
fi
# Prepare entries for SpamAssassin
WHITELIST_ENTRY_MAIN="*@${DOMAIN}"
WHITELIST_ENTRY_SUB="*.$DOMAIN"
BLACKLIST_ENTRY_MAIN="*@${DOMAIN}"
BLACKLIST_ENTRY_SUB="*.$DOMAIN"
#----------------------------------------------------------#
# SpamAssassin Whitelist #
#----------------------------------------------------------#
echo "Updating $SPAMASSASSIN_FILE..."
# Check if the domain is already blacklisted
if check_blacklist_exists "$DOMAIN" "$SPAMASSASSIN_FILE"; then
echo "Cannot whitelist $DOMAIN. It is already blacklisted."
exit 1
fi
# Add the main entry
if ! check_whitelist_exists "$WHITELIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then
add_whitelist_to_file "$WHITELIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE"
echo "Added whitelist_from $WHITELIST_ENTRY_MAIN to $SPAMASSASSIN_FILE."
SPAMASSASSIN_CHANGED=true
else
echo "whitelist_from $WHITELIST_ENTRY_MAIN already exists in $SPAMASSASSIN_FILE."
fi
# Add the subdomain entry if needed
if [ "$SUBDOMAIN" == "YES" ]; then
if ! check_whitelist_exists "$WHITELIST_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then
add_whitelist_to_file "$WHITELIST_ENTRY_SUB" "$SPAMASSASSIN_FILE"
echo "Added whitelist_from $WHITELIST_ENTRY_SUB to $SPAMASSASSIN_FILE."
SPAMASSASSIN_CHANGED=true
else
echo "whitelist_from $WHITELIST_ENTRY_SUB already exists in $SPAMASSASSIN_FILE."
fi
fi
# Restart SpamAssassin only if changes were made
if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then
systemctl restart "$SPAMD_SERVICE"
echo "SpamAssassin service ($SPAMD_SERVICE) restarted."
fi
#----------------------------------------------------------#
# Done #
#----------------------------------------------------------#
exit 0

14
func/db.sh
View file

@ -29,9 +29,6 @@ mysql_connect() {
mysql --defaults-file=$mycnf -e 'SELECT VERSION()' > $mysql_out 2>&1
if [ '0' -ne "$?" ]; then
if [ "$notify" != 'no' ]; then
subj="Error: Connection to $HOST failed"
email=$($BIN/v-get-user-value admin CONTACT)
echo -e "Can't connect to MySQL $HOST\n$(cat $mysql_out)" |\
$SENDMAIL -s "$subj" $email
fi
@ -58,13 +55,10 @@ mysql_query() {
mysql_dump() {
err="/tmp/e.mysql"
mysqldump --defaults-file=$mycnf --complete-insert --force --quick --single-transaction --max-allowed-packet=1024MB -r $1 $2 2> $err
mysqldump --defaults-file=$mycnf --single-transaction --max_allowed_packet=100M -r $1 $2 2> $err
if [ '0' -ne "$?" ]; then
rm -rf $tmpdir
if [ "$notify" != 'no' ]; then
subj="Error: dump $database failed"
email=$($BIN/v-get-user-value admin CONTACT)
echo -e "Can't dump database $database\n$(cat $err)" |\
$SENDMAIL -s "$subj" $email
fi
@ -88,9 +82,6 @@ psql_connect() {
psql -h $HOST -U $USER -c "SELECT VERSION()" > /dev/null 2>/tmp/e.psql
if [ '0' -ne "$?" ]; then
if [ "$notify" != 'no' ]; then
subj="Error: Connection to $HOST failed"
email=$($BIN/v-get-user-value admin CONTACT)
echo -e "Can't connect to PostgreSQL $HOST\n$(cat /tmp/e.psql)" |\
$SENDMAIL -s "$subj" $email
fi
@ -112,9 +103,6 @@ psql_dump() {
if [ '0' -ne "$?" ]; then
rm -rf $tmpdir
if [ "$notify" != 'no' ]; then
subj="Error: dump $database failed"
email=$($BIN/v-get-user-value admin CONTACT)
echo -e "Can't dump database $database\n$(cat /tmp/e.psql)" |\
$SENDMAIL -s "$subj" $email
fi

1
func/main.php
View file

@ -53,7 +53,6 @@ function myvesta_check_args ($requried_arguments, $arguments) {
$argument_counter=count($argv);
$argument_counter--;
$argv[0]=str_replace('/usr/local/vesta/bin/', '', $argv[0]);
$command=$argv[0];
// myvesta_echo ( "-------------------- ".$argv[0]." --------------------\n");
if ($argument_counter<$requried_arguments) {
$arguments=str_replace(" ", "' '", $arguments);

116
func/main.sh
View file

@ -254,9 +254,6 @@ is_object_unsuspended() {
spnd=$(grep "$2='$3'" $USER_DATA/$1.conf |grep "SUSPENDED='yes'")
fi
if [ ! -z "$spnd" ]; then
if [ ! -z "$VERBOSE_MODE" ]; then
echo "Error: $(basename $1) $3 is suspended"
fi
check_result $E_SUSPENDED "$(basename $1) $3 is suspended"
fi
}
@ -362,17 +359,6 @@ search_objects() {
IFS="$OLD_IFS"
}
# List objects
list_objects() {
OLD_IFS="$IFS"
IFS=$'\n'
for line in $(cat $USER_DATA/$1.conf); do
eval $line
eval echo \$$2
done
IFS="$OLD_IFS"
}
# Get user value
get_user_value() {
grep "^${1//$/}=" $USER_DATA/user.conf |awk -F "'" '{print $2}'
@ -1157,105 +1143,3 @@ check_if_service_exists() {
echo "0"
fi
}
# Parsing config variables with key='value' and key="value" pairs and setting them as variables, without using Perl.
# Inspired by HestiaCP function and improved
parse_object_kv_list_non_eval() {
# Let's combine all the parameters into one string, replace the new lines with a space
local str="${*//$'\n'/ }"
str=${str//\\\'/---QUOTE---}
str=${str//\\\"/---DQUOTE---}
local backup_str=$str
local key val match i length length_val prefix position cut
i=0
# Searching for key='value' blocks
# Loop until we find the next key='value'
while [[ $str =~ ([A-Za-z][[:alnum:]_]*)=\'([^\']*)\' ]]; do
key="${BASH_REMATCH[1]}"
val="${BASH_REMATCH[2]}"
match="${BASH_REMATCH[0]}"
length=${#match}
length_val=${#match}
# Key validation: alphanumeric, length 266 (key must start and end with a letter/number)
if ! [[ "$key" =~ ^[[:alnum:]][_[:alnum:]]{0,64}[[:alnum:]]$ ]]; then
check_result "$E_INVALID" "Invalid key format [$key]"
fi
# Declaring a global variable
val=${val/---QUOTE---/\\\'}
val=${val/---DQUOTE---/\\\"}
declare -g "$key"="$val"
# Let's remove the processed part from str to continue
prefix=${str%%"$key="*}
position=${#prefix}
cut=$((position + 1 + length_val))
str=${str:cut}
((i++))
if [ $i -eq 100 ]; then
check_result "$E_INVALID" "Potentially conf-parsing infinite loop detected"
fi
done
# Terminate function if we don't expect strings with double apostrophes
if [ -z "$PARSE_DOUBLE_QUOTES_VAR" ]; then
return;
fi
# Searching for key="value" blocks
str=$backup_str
i=0
# Loop until we find the next key="value"
while [[ $str =~ ([A-Za-z][[:alnum:]_]*)=\"([^\"]*)\" ]]; do
key="${BASH_REMATCH[1]}"
val="${BASH_REMATCH[2]}"
match="${BASH_REMATCH[0]}"
length=${#match}
length_val=${#match}
# Key validation: alphanumeric, length 266 (key must start and end with a letter/number)
if ! [[ "$key" =~ ^[[:alnum:]][_[:alnum:]]{0,64}[[:alnum:]]$ ]]; then
check_result "$E_INVALID" "Invalid key format [$key]"
fi
# Declaring a global variable
val=${val/---QUOTE---/\\\'}
val=${val/---DQUOTE---/\\\"}
declare -g "$key"="$val"
# Let's remove the processed part from str to continue
prefix=${str%%"$key="*}
position=${#prefix}
cut=$((position + 1 + length_val))
str=${str:cut}
((i++))
if [ $i -eq 100 ]; then
check_result "$E_INVALID" "Potentially conf-parsing infinite loop detected"
fi
done
}
# Return OK (0) if domain is unsupended
# Parameters:
# $1 - user
# $2 - domain
return_ok_if_domain_is_unsuspended() {
spnd=$(grep "DOMAIN='$2'" /usr/local/vesta/data/users/$1/web.conf | grep "SUSPENDED='yes'")
if [ ! -z "$spnd" ]; then
return $E_SUSPENDED
fi
return $OK
}
# Return OK (0) if user is unsupended
# Parameters:
# $1 - user
return_ok_if_user_is_unsuspended() {
spnd=$(cat /usr/local/vesta/data/users/$1/user.conf | grep "SUSPENDED='yes'")
if [ ! -z "$spnd" ]; then
return $E_SUSPENDED
fi
return $OK
}

6
func/rebuild.sh
View file

@ -610,9 +610,6 @@ rebuild_pgsql_database() {
if [ -z $HOST ] || [ -z $USER ] || [ -z $PASSWORD ] || [ -z $TPL ]; then
echo "Error: postgresql config parsing failed"
if [ ! -z "$SENDMAIL" ]; then
subj="Error: postgresql config parsing failed"
email=$($BIN/v-get-user-value admin CONTACT)
echo "Can't parse PostgreSQL config" | $SENDMAIL -s "$subj" $email
fi
log_event "$E_PARSING" "$ARGUMENTS"
@ -624,9 +621,6 @@ rebuild_pgsql_database() {
if [ '0' -ne "$?" ]; then
echo "Error: Connection failed"
if [ ! -z "$SENDMAIL" ]; then
subj="Error: Connection failed"
email=$($BIN/v-get-user-value admin CONTACT)
echo "Database connection to PostgreSQL host $HOST failed" |\
$SENDMAIL -s "$subj" $email
fi

1
install/debian/10/exim/dnsbl.conf
View file

@ -1 +1,2 @@
bl.spamcop.net
zen.spamhaus.org

2
install/debian/10/templates/web/awstats/awstats.tpl
View file

@ -24,7 +24,7 @@ PurgeLogFile=0
ArchiveLogRecords=0
KeepBackupOfHistoricFiles=1
DefaultFile="index.php index.html"
SkipHosts="127.0.0.1"
SkipHosts="127.0.0.1
SkipUserAgents=""
SkipFiles=""
SkipReferrersBlackList=""

1
install/debian/11/exim/dnsbl.conf
View file

@ -1 +1,2 @@
bl.spamcop.net
zen.spamhaus.org

2
install/debian/11/templates/web/awstats/awstats.tpl
View file

@ -24,7 +24,7 @@ PurgeLogFile=0
ArchiveLogRecords=0
KeepBackupOfHistoricFiles=1
DefaultFile="index.php index.html"
SkipHosts="127.0.0.1"
SkipHosts="127.0.0.1
SkipUserAgents=""
SkipFiles=""
SkipReferrersBlackList=""

1
install/debian/12/exim/dnsbl.conf
View file

@ -1 +1,2 @@
bl.spamcop.net
zen.spamhaus.org

39
install/debian/12/exim/exim4.conf.template
View file

@ -13,8 +13,6 @@ add_environment=<; PATH=/bin:/usr/bin
keep_environment=
smtputf8_advertise_hosts =
SRS_SECRET = ${readfile{/etc/exim4/srs.conf}}
#local_interfaces = 0.0.0.0
#smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}}
#smtp_banner = "$smtp_active_hostname ESMTP $tod_full"
@ -147,7 +145,6 @@ acl_check_rcpt:
warn !authenticated = *
hosts = !+relay_from_hosts
condition = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}}
condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}}
set acl_m3 = yes
@ -270,11 +267,8 @@ begin routers
dnslookup:
driver = dnslookup
# if outbound, and forwarding has been done, use an alternate transport
domains = !+local_domains
transport = ${if eq {$local_part@$domain} \
{$original_local_part@$original_domain} \
{remote_smtp} {remote_forwarded_smtp}}
transport = remote_smtp
no_more
localuser_spam:
@ -311,23 +305,6 @@ autoreplay:
transport = userautoreply
unseen
inbound_srs:
driver = redirect
senders = :
domains = +local_domains
# detect inbound bounces which are converted to SRS, and decode them
condition = ${if inbound_srs {$local_part} {SRS_SECRET}}
data = $srs_recipient
inbound_srs_failure:
driver = redirect
senders = :
domains = +local_domains
# detect inbound bounces which look converted to SRS but are invalid
condition = ${if inbound_srs {$local_part} {}}
allow_fail
data = :fail: Invalid SRS recipient address
aliases:
driver = redirect
headers_add = X-redirected: yes
@ -380,20 +357,6 @@ remote_smtp:
hosts_try_chunking = !93.188.3.0/24
message_linelength_limit = 1G
remote_forwarded_smtp:
driver = smtp
dkim_domain = DKIM_DOMAIN
dkim_selector = mail
dkim_private_key = DKIM_PRIVATE_KEY
dkim_canon = relaxed
dkim_strict = 0
hosts_try_fastopen =
hosts_try_chunking = !93.188.3.0/24
message_linelength_limit = 1G
# modify the envelope from, for mails that we forward
max_rcpt = 1
return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}
procmail:
driver = pipe
command = "/usr/bin/procmail -d $local_part"

451
install/debian/12/exim/exim4.conf.template.without-srs
View file

@ -1,451 +0,0 @@
######################################################################
# #
# Exim configuration file for Vesta Control Panel #
# #
######################################################################
#SPAMASSASSIN = yes
#SPAM_SCORE = 50
#CLAMD = yes
disable_ipv6=true
add_environment=<; PATH=/bin:/usr/bin
keep_environment=
smtputf8_advertise_hosts =
#local_interfaces = 0.0.0.0
#smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}}
#smtp_banner = "$smtp_active_hostname ESMTP $tod_full"
domainlist local_domains = dsearch;/etc/exim4/domains/
domainlist relay_to_domains = dsearch;/etc/exim4/domains/
hostlist relay_from_hosts = 127.0.0.1
hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf
hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf
no_local_from_check
untrusted_set_sender = *
acl_smtp_connect = acl_check_spammers
acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
acl_smtp_mime = acl_check_mime
LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS = 15
LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS = 5
LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40
LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40
recipients_max = 150
recipients_max_reject = true
# log_selector = +smtp_connection
smtp_accept_max = 50
smtp_accept_max_per_host = 4
.ifdef SPAMASSASSIN
spamd_address = 127.0.0.1 783
.endif
.ifdef CLAMD
av_scanner = clamd: /var/run/clamav/clamd.ctl
.endif
tls_advertise_hosts = *
tls_certificate = /usr/local/vesta/ssl/certificate.crt
tls_privatekey = /usr/local/vesta/ssl/certificate.key
daemon_smtp_ports = 25 : 465 : 587 : 2525
tls_on_connect_ports = 465
never_users = root
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 0s
ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_FILE = /etc/exim4/domains/${lookup{${lc:${domain:$h_from:}}}dsearch{/etc/exim4/domains/}}/dkim.pem
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
acl_not_smtp = acl_not_smtp
begin acl
acl_not_smtp:
deny message = Too many recipients, limit is $acl_c_max_recipients recipients
set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_recipients}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS}}
condition = ${if >{$rcpt_count}{$acl_c_max_recipients}}
deny message = Hosting account is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour]
set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}}
ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id
warn ratelimit = 0 / 1h / strict / $authenticated_id
set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}}
log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour]
warn set acl_m3 = yes
accept
acl_check_spammers:
accept hosts = +whitelist
drop message = Your host in blacklist on this server.
log_message = Host in blacklist
hosts = +spammers
accept
acl_check_mail:
deny condition = ${if eq{$sender_helo_name}{}}
message = HELO required before MAIL
drop !authenticated = *
message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid
condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}}
condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}}
delay = 45s
drop !authenticated = *
condition = ${if isip{$sender_helo_name}}
message = Access denied - Invalid HELO name (See RFC2821 4.1.3)
drop !authenticated = *
condition = ${if eq{[$interface_address]}{$sender_helo_name}}
message = $interface_address is _my_ address
accept
acl_check_rcpt:
accept hosts = :
deny message = Too many recipients, limit is $acl_c_max_recipients recipients
set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_recipients}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS}}
condition = ${if >{$rcpt_count}{$acl_c_max_recipients}}
deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour]
set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}}
ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id
warn ratelimit = 0 / 1h / strict / $authenticated_id
set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}}
log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour]
warn set acl_m3 = no
warn !authenticated = *
hosts = !+relay_from_hosts
condition = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}}
condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}}
set acl_m3 = yes
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
require verify = sender
accept hosts = +relay_from_hosts
control = submission
accept authenticated = *
control = submission/domain=
deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
hosts = !+whitelist
dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}}
require message = relay not permitted
domains = +local_domains : +relay_to_domains
deny message = smtp auth requried
sender_domains = +local_domains
!authenticated = *
require verify = recipient
.ifdef CLAMD
warn set acl_m0 = no
warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}}
set acl_m0 = yes
.endif
.ifdef SPAMASSASSIN
warn set acl_m1 = no
warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}}
set acl_m1 = yes
.endif
accept
acl_check_data:
deny senders = /etc/exim4/deny_senders
.ifdef CLAMD
deny message = Message contains a virus ($malware_name) and has been rejected
malware = */defer_ok
condition = ${if eq{$acl_m0}{yes}{yes}{no}}
.endif
.ifdef SPAMASSASSIN
warn !authenticated = *
hosts = !+relay_from_hosts
condition = ${if < {$message_size}{600K}}
condition = ${if eq{$acl_m1}{yes}{yes}{no}}
spam = nobody:true/defer_ok
add_header = X-Spam-Score: $spam_score_int
add_header = X-Spam-Bar: $spam_bar
add_header = X-Spam-Report: $spam_report
set acl_m2 = $spam_score_int
warn condition = ${if !eq{$acl_m2}{} {yes}{no}}
condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}}
add_header = X-Spam-Status: Yes
message = SpamAssassin detected spam (from $sender_address to $recipients).
.endif
accept
acl_check_mime:
deny message = Blacklisted file extension detected
condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}}
accept
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
begin authenticators
dovecot_plain:
driver = dovecot
public_name = PLAIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
dovecot_login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
begin routers
#smarthost:
# driver = manualroute
# domains = ! +local_domains
# transport = remote_smtp
# route_list = * smartrelay.vestacp.com
# no_more
# no_verify
dnslookup:
driver = dnslookup
domains = !+local_domains
transport = remote_smtp
no_more
localuser_spam:
driver = accept
transport = local_spam_delivery
condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{yes}{no_such_user}}}}
userforward:
driver = redirect
check_local_user
file = $home/.forward
require_files = ${local_part}:+${home}/.forward
domains = +local_domains
allow_filter
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
procmail:
driver = accept
check_local_user
require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
transport = procmail
no_verify
autoreplay:
driver = accept
require_files = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg
condition = ${if exists{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg}{yes}{no}}
retry_use_local_part
transport = userautoreply
unseen
aliases:
driver = redirect
headers_add = X-redirected: yes
data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}}
require_files = /etc/exim4/domains/$domain/aliases
redirect_router = dnslookup
pipe_transport = address_pipe
unseen
localuser_fwd_only:
driver = accept
transport = devnull
condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}}
localuser:
driver = accept
transport = local_delivery
condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{true}{false}}
catchall:
driver = redirect
headers_add = X-redirected: yes
require_files = /etc/exim4/domains/$domain/aliases
data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}}
file_transport = local_delivery
redirect_router = dnslookup
terminate_alias:
driver = accept
transport = devnull
condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}}
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
begin transports
remote_smtp:
driver = smtp
#interface = ${if eq{$acl_m3}{yes}{FIRSTIP}{${lookup{$sender_address_domain}lsearch{/etc/exim4/virtual/interfaces} {$value}{SECONDIP}}}}
#helo_data = "${if eq{$acl_m3}{yes}{FIRSTHOST}{${lookup{$sending_ip_address}lsearch{/etc/exim4/virtual/helo_data}{$value}{SECONDHOST}}}}"
dkim_domain = DKIM_DOMAIN
dkim_selector = mail
dkim_private_key = DKIM_PRIVATE_KEY
dkim_canon = relaxed
dkim_strict = 0
hosts_try_fastopen =
hosts_try_chunking = !93.188.3.0/24
message_linelength_limit = 1G
procmail:
driver = pipe
command = "/usr/bin/procmail -d $local_part"
return_path_add
delivery_date_add
envelope_to_add
user = $local_part
initgroups
return_output
local_delivery:
driver = appendfile
maildir_format
maildir_use_size_file
user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}
group = mail
create_directory
directory_mode = 770
mode = 660
use_lockfile = no
delivery_date_add
envelope_to_add
return_path_add
directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}"
quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M
quota_warn_threshold = 75%
local_spam_delivery:
driver = appendfile
maildir_format
maildir_use_size_file
user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}
group = mail
create_directory
directory_mode = 770
mode = 660
use_lockfile = no
delivery_date_add
envelope_to_add
return_path_add
directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}/.Spam"
quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M
quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}"
quota_warn_threshold = 75%
address_pipe:
driver = pipe
return_output
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
userautoreply:
driver = autoreply
file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg
from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}"
headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit
subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}"
to = "${sender_address}"
devnull:
driver = appendfile
file = /dev/null
######################################################################
# RETRY CONFIGURATION #
######################################################################
begin retry
# Address or Domain Error Retries
# ----------------- ----- -------
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
######################################################################
# REWRITE CONFIGURATION #
######################################################################
begin rewrite
######################################################################

2
install/debian/12/templates/web/awstats/awstats.tpl
View file

@ -24,7 +24,7 @@ PurgeLogFile=0
ArchiveLogRecords=0
KeepBackupOfHistoricFiles=1
DefaultFile="index.php index.html"
SkipHosts="127.0.0.1"
SkipHosts="127.0.0.1
SkipUserAgents=""
SkipFiles=""
SkipReferrersBlackList=""

95
install/debian/13/apache2/apache2.conf
View file

@ -1,95 +0,0 @@
# It is split into several files forming the configuration hierarchy outlined
# below, all located in the /etc/apache2/ directory:
#
# /etc/apache2/
# |-- apache2.conf
# | `-- ports.conf
# |-- mods-enabled
# | |-- *.load
# | `-- *.conf
# |-- conf.d
# | `-- *
# Global configuration
PidFile ${APACHE_PID_FILE}
Timeout 900
ProxyTimeout 900
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 10
<IfModule mpm_prefork_module>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 256
MaxClients 200
MaxRequestsPerChild 4000
</IfModule>
<IfModule mpm_worker_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxClients 200
MaxRequestsPerChild 4000
</IfModule>
<IfModule mpm_event_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxClients 200
MaxRequestsPerChild 4000
</IfModule>
# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
#User www-data
#Group www-data
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy all
</Files>
DefaultType None
HostnameLookups Off
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
# Include module configuration:
Include mods-enabled/*.load
Include mods-enabled/*.conf
# Include list of ports to listen on and which to use for name based vhosts
Include ports.conf
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
LogFormat "%b" bytes
Include conf.d/
# Include the virtual host configurations:
#Include sites-enabled/
ErrorDocument 403 /error/403.html
ErrorDocument 404 /error/404.html
ErrorDocument 500 /error/50x.html
ErrorDocument 501 /error/50x.html
ErrorDocument 502 /error/50x.html
ErrorDocument 503 /error/50x.html
ErrorDocument 506 /error/50x.html

8
install/debian/13/apache2/status.conf
View file

@ -1,8 +0,0 @@
Listen 127.0.0.1:8081
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.1
# Allow from all
</Location>

12
install/debian/13/bind/named.conf
View file

@ -1,12 +0,0 @@
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

61
install/debian/13/clamav/clamd.conf
View file

@ -1,61 +0,0 @@
#Automatically Generated by clamav-base postinst
#To reconfigure clamd run #dpkg-reconfigure clamav-base
#Please read /usr/share/doc/clamav-base/README.Debian.gz for details
LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket true
LocalSocketGroup clamav
LocalSocketMode 666
# TemporaryDirectory is not set to its default /tmp here to make overriding
# the default with environment variables TMPDIR/TMP/TEMP possible
User clamav
# AllowSupplementaryGroups true
ScanMail true
ScanArchive true
ArchiveBlockEncrypted false
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
LogSyslog false
LogFacility LOG_LOCAL6
LogClean true
LogVerbose true
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav
SelfCheck 3600
Foreground false
Debug false
ScanPE true
ScanOLE2 true
ScanHTML true
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
IdleTimeout 30
PhishingSignatures true
PhishingScanURLs true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
DetectPUA false
ScanPartialMessages false
HeuristicScanPrecedence false
StructuredDataDetection false
CommandReadTimeout 5
SendBufTimeout 200
MaxQueue 100
ExtendedDetectionInfo true
OLE2BlockMacros false
StreamMaxLength 2M
MaxFileSize 2M
LogFile /var/log/clamav/clamav.log
LogTime true
LogFileUnlock false
LogFileMaxSize 0
Bytecode true
BytecodeSecurity TrustSigned
BytecodeTimeout 60000
OfficialDatabaseOnly false
CrossFilesystems true

41
install/debian/13/deb_signing.key
View file

@ -1,41 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBGDsPogBDADT7jiPewIuavqJZJMZ18c+kEC8N+/EK15k9zdBvcluxZ7gb5D6
sKT3fVmLWD49mux+OoFs8DJH1LkpFe2Ax58NVMgDwCNUtcqeR8eB6nEWpZLjzJhZ
RD5+ZpUaX/emXrr7mxJ1SvT8PgWWerl2ZuPSlpPm4Ls6JO53AvPAsUVgMTHkfHNj
4/GqKtORkanzBwimC0bcB3BBRLH/kiW/TNi3hQnR5GYIaKWrc8oGpHHqX5BNw72O
JTSqTj8OZXKG7US6cXgBQuLN68sKd9TIy2HZdTKlqR1yQyc2BiPwVYDrJemM72VT
kuW0qbsOwji7rG2B6Pg1yggWXpB8Znczzi8AfzoFgXeOTi/hzcaf3YnAxfeL1Ofq
aOW+ReqsF1wxpgVwNj0DVquPTqzd4uCIGNNGGHhlIR434FyA4YNfxK63YxZS5SAR
leQGTUtBRdh1SOKPDZMcSlJ3wEfHKbp72qmnLdqUkGl//FZsCDdPFxx3wDCPPS2e
++g3ImqeaQ553nUAEQEAAbQhbXlWZXN0YSB0ZWFtIDxpbmZvQG15dmVzdGFjcC5j
b20+iQHOBBMBCgA4FiEEDcdTLoRXCPbKaPuqiIB9SyIhM4wFAmDsPogCGwMFCwkI
BwIGFQoJCAsCBBYCAwECHgECF4AACgkQiIB9SyIhM4yADAv+M62/6N+uFx9Izbj5
HxZCzLEgvlQzdQcLJPDwFWYByVRiQRkRJWt5kqwNpndWoDo5zEtyKn3Yulbj6zyy
UqYhN0ctXyaFjKFIHIqrrz9P9AF2uGr17rTWbnRpjlMSkDSmUGXNEKO7gMtKiTo3
olWldDELuM0MQddwMGgnqZPb3/Z+om68U1/6NS8A5hAHL+HuwcKGFZpFRJYXSOLY
lIpHyicifvkRAMkPp025Y3Who3EZMWq3Bpo78djtxfA4CoUn+OH64Hn0llkJ3vU6
bM+KuC2ZrkHrzcqZbPbYnmEmVD1rkxVoOgzqE76fAY2I6YFY09uhdg0FbZeeMjA+
DReBwINRFYsk6/maY7Zc82clfc7+vr3xmR+f+KEiUCU4mI72PnlU9LT9RuoCkKbo
znUZo+Xj6ezM6lCKGnOmqhvQmWR+hdsn1zX1ufxPA5uQyeFfR5VpAjvDOFykPA93
3Et0ZdrKB2U6jjlGzWhsCkYphF7M0DVIRPOm1xLUJvLx+zB+uQGNBGDsPogBDADG
rJuQBsLJ6MWAGLydwaIBttwG3GOysSsQ1P09mbeOqiyCaWfEladePorTpKsbOHA/
USAfjN8Eik81Un1Kik6rYU8ieGERKpCMiBkcNLQH/DnYyCNT5oaGqXtIQ+5GNn71
mt7sLmf0yL3C320RJa8KSP+rAaey4ttLyl7rM1q8RPmlsRSxVjeiMw01i6cXmA1G
EJDuRbXdzDuo5utHDBMHgN0T0g8kgoTX9G2uwUTnJm9qzW2Lg3d4xoe2+H5/86Qm
0lVl5vLSMEPl01NcoTVgQpGO/yR3nJ4ubMkkbzCM0e0MByHqOKJ2LfW77BcvcoXg
coa7tF+6DZBB4UGyb1VuSZJoVOYN2tnSj2/taPk0yHJf/tLvNm/hVHEvXNXk09hy
fne0FZmHKwwp0TGSC8tzsHPRSbIOazifIC8pdN4fPTQyfI9tKxi26opCIAHHkcTr
7VOUvUNyAGVB9TU/nmzpvkv8BLCKSQM1FxUQ0owgFtrtIoMVxkYG5hb6EjAHyUcA
EQEAAYkBtgQYAQoAIBYhBA3HUy6EVwj2ymj7qoiAfUsiITOMBQJg7D6IAhsMAAoJ
EIiAfUsiITOMR40MALn5sqKFZ9FMe7982XMamanjPqO3Odi5/9rUXYKbJGjsaSof
lSC3OtqnRTVGE6KEuYErCKCpAk2ZvEf5eQHi264fC255zuxWihdcEQpiPK1DdlN3
m9JNp/4Pns38Nn/zG3cFQuDEvDsC75xmxN7pi+ZkokodwA0PgaiMVh5mSos+Mc/G
fLcEes21xVk2DQ3Vw6p1P/39uujBPZ3J2unWBqv0rCFEpwgXm/d80Y0x31tq0ToZ
hf1r/GcoB6rC3sSAtUykrTZUaRv57BouvnAP9zfFlFSrYpJZ5L9/IawBH+O9yUu2
N1jGq9eJ/RwHG1lKUBJd6wCWz1ZKzxnaoH9CfRC/aG9vRQWLSjiHCl2cnNDxElKx
JOT7RUjxlri4zvxdum49Vr8iEpjUFXzhRYq79SsmqkLuXZYQnccNFAdde8ZcPpKA
zhfavTutAPNJRyg9hbwxQYUH6N1i5J7ZZsqHB/GIBaSReXroacHjFYcU6uiBt/da
qiC8NLvRaE3PVkma9Q==
=RAbI
-----END PGP PUBLIC KEY BLOCK-----

4
install/debian/13/dovecot/conf.d/10-auth.conf
View file

@ -1,4 +0,0 @@
disable_plaintext_auth = no
auth_verbose = yes
auth_mechanisms = plain login
!include auth-passwdfile.conf.ext

1
install/debian/13/dovecot/conf.d/10-logging.conf
View file

@ -1 +0,0 @@
log_path = /var/log/dovecot.log

4
install/debian/13/dovecot/conf.d/10-mail.conf
View file

@ -1,4 +0,0 @@
mail_privileged_group = mail
mail_access_groups = mail
mail_location = maildir:%h/mail/%d/%n
pop3_uidl_format = %08Xu%08Xv

29
install/debian/13/dovecot/conf.d/10-master.conf
View file

@ -1,29 +0,0 @@
service imap-login {
inet_listener imap {
}
inet_listener imaps {
}
}
service pop3-login {
inet_listener pop3 {
}
inet_listener pop3s {
}
}
service imap {
}
service pop3 {
}
service auth {
unix_listener auth-client {
group = mail
mode = 0660
user = dovecot
}
user = dovecot
}

3
install/debian/13/dovecot/conf.d/10-ssl.conf
View file

@ -1,3 +0,0 @@
ssl = yes
ssl_cert = </usr/local/vesta/ssl/certificate.crt
ssl_key = </usr/local/vesta/ssl/certificate.key

30
install/debian/13/dovecot/conf.d/15-mailboxes.conf
View file

@ -1,30 +0,0 @@
## Mailbox definitions
##
# NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf.
namespace inbox {
inbox = yes
mailbox Drafts {
special_use = \Drafts
auto = subscribe
}
mailbox Junk {
special_use = \Junk
auto = subscribe
}
mailbox Trash {
special_use = \Trash
auto = subscribe
}
mailbox Sent {
special_use = \Sent
auto = subscribe
}
mailbox "Sent Messages" {
special_use = \Sent
}
}

58
install/debian/13/dovecot/conf.d/20-imap.conf
View file

@ -1,58 +0,0 @@
##
## IMAP specific settings
##
protocol imap {
# Maximum IMAP command line length. Some clients generate very long command
# lines with huge mailboxes, so you may need to raise this if you get
# "Too long argument" or "IMAP command line too large" errors often.
#imap_max_line_length = 64k
# Maximum number of IMAP connections allowed for a user from each IP address.
# NOTE: The username is compared case-sensitively.
mail_max_userip_connections = 50
# Space separated list of plugins to load (default is global mail_plugins).
#mail_plugins = $mail_plugins
# IMAP logout format string:
# %i - total number of bytes read from client
# %o - total number of bytes sent to client
#imap_logout_format = bytes=%i/%o
# Override the IMAP CAPABILITY response. If the value begins with '+',
# add the given capabilities on top of the defaults (e.g. +XFOO XBAR).
#imap_capability =
# How long to wait between "OK Still here" notifications when client is
# IDLEing.
#imap_idle_notify_interval = 2 mins
# ID field names and values to send to clients. Using * as the value makes
# Dovecot use the default value. The following fields have default values
# currently: name, version, os, os-version, support-url, support-email.
#imap_id_send =
# ID fields sent by client to log. * means everything.
#imap_id_log =
# Workarounds for various client bugs:
# delay-newmail:
# Send EXISTS/RECENT new mail notifications only when replying to NOOP
# and CHECK commands. Some clients ignore them otherwise, for example OSX
# Mail (<v2.1). Outlook Express breaks more badly though, without this it
# may show user "Message no longer in server" errors. Note that OE6 still
# breaks even with this workaround if synchronization is set to
# "Headers Only".
# tb-extra-mailbox-sep:
# Thunderbird gets somehow confused with LAYOUT=fs (mbox and dbox) and
# adds extra '/' suffixes to mailbox names. This option causes Dovecot to
# ignore the extra '/' instead of treating it as invalid mailbox name.
# tb-lsub-flags:
# Show \Noselect flags for LSUB replies with LAYOUT=fs (e.g. mbox).
# This makes Thunderbird realize they aren't selectable and show them
# greyed out, instead of only later giving "not selectable" popup error.
#
# The list is space-separated.
#imap_client_workarounds =
}

91
install/debian/13/dovecot/conf.d/20-pop3.conf
View file

@ -1,91 +0,0 @@
##
## POP3 specific settings
##
protocol pop3 {
# Don't try to set mails non-recent or seen with POP3 sessions. This is
# mostly intended to reduce disk I/O. With maildir it doesn't move files
# from new/ to cur/, with mbox it doesn't write Status-header.
#pop3_no_flag_updates = no
# Support LAST command which exists in old POP3 specs, but has been removed
# from new ones. Some clients still wish to use this though. Enabling this
# makes RSET command clear all \Seen flags from messages.
#pop3_enable_last = no
# If mail has X-UIDL header, use it as the mail's UIDL.
#pop3_reuse_xuidl = no
# Keep the mailbox locked for the entire POP3 session.
#pop3_lock_session = no
# POP3 requires message sizes to be listed as if they had CR+LF linefeeds.
# Many POP3 servers violate this by returning the sizes with LF linefeeds,
# because it's faster to get. When this setting is enabled, Dovecot still
# tries to do the right thing first, but if that requires opening the
# message, it fallbacks to the easier (but incorrect) size.
#pop3_fast_size_lookups = no
# POP3 UIDL (unique mail identifier) format to use. You can use following
# variables, along with the variable modifiers described in
# doc/wiki/Variables.txt (e.g. %Uf for the filename in uppercase)
#
# %v - Mailbox's IMAP UIDVALIDITY
# %u - Mail's IMAP UID
# %m - MD5 sum of the mailbox headers in hex (mbox only)
# %f - filename (maildir only)
# %g - Mail's GUID
#
# If you want UIDL compatibility with other POP3 servers, use:
# UW's ipop3d : %08Xv%08Xu
# Courier : %f or %v-%u (both might be used simultaneosly)
# Cyrus (<= 2.1.3) : %u
# Cyrus (>= 2.1.4) : %v.%u
# Dovecot v0.99.x : %v.%u
# tpop3d : %Mf
#
# Note that Outlook 2003 seems to have problems with %v.%u format which was
# Dovecot's default, so if you're building a new server it would be a good
# idea to change this. %08Xu%08Xv should be pretty fail-safe.
#
#pop3_uidl_format = %08Xu%08Xv
# Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes
# won't change those UIDLs. Currently this works only with Maildir.
#pop3_save_uidl = no
# What to do about duplicate UIDLs if they exist?
# allow: Show duplicates to clients.
# rename: Append a temporary -2, -3, etc. counter after the UIDL.
#pop3_uidl_duplicates = allow
# POP3 logout format string:
# %i - total number of bytes read from client
# %o - total number of bytes sent to client
# %t - number of TOP commands
# %p - number of bytes sent to client as a result of TOP command
# %r - number of RETR commands
# %b - number of bytes sent to client as a result of RETR command
# %d - number of deleted messages
# %m - number of messages (before deletion)
# %s - mailbox size in bytes (before deletion)
# %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly
#pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
# Maximum number of POP3 connections allowed for a user from each IP address.
# NOTE: The username is compared case-sensitively.
mail_max_userip_connections = 50
# Space separated list of plugins to load (default is global mail_plugins).
#mail_plugins = $mail_plugins
# Workarounds for various client bugs:
# outlook-no-nuls:
# Outlook and Outlook Express hang if mails contain NUL characters.
# This setting replaces them with 0x80 character.
# oe-ns-eoh:
# Outlook Express and Netscape Mail breaks if end of headers-line is
# missing. This option simply sends it if it's missing.
# The list is space-separated.
#pop3_client_workarounds =
}

9
install/debian/13/dovecot/conf.d/auth-passwdfile.conf.ext
View file

@ -1,9 +0,0 @@
passdb {
driver = passwd-file
args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd
}
userdb {
driver = passwd-file
args = username_format=%n /etc/exim4/domains/%d/passwd
}

Some files were not shown because too many files have changed in this diff Show more