Release 0.9.8-23

src/deb/ioncube/control

@@ -1,7 +1,7 @@
 Source: vesta-ioncube
 Package: vesta-ioncube
 Priority: optional
-Version: 0.9.8-22
+Version: 0.9.8-23
 Section: admin
 Maintainer: Serghey Rodin <skid@vestacp.com>
 Homepage: https://www.ioncube.com

src/deb/nginx/control

@@ -1,7 +1,7 @@
 Source: vesta-nginx
 Package: vesta-nginx
 Priority: optional
-Version: 0.9.8-22
+Version: 0.9.8-23
 Section: admin
 Maintainer: Serghey Rodin <skid@vestacp.com>
 Homepage: http://vestacp.com

src/deb/php/control

@@ -1,7 +1,7 @@
 Source: vesta-php
 Package: vesta-php
 Priority: optional
-Version: 0.9.8-22
+Version: 0.9.8-23
 Section: admin
 Maintainer: Serghey Rodin <skid@vestacp.com>
 Homepage: http://vestacp.com

src/deb/softaculous/control

@@ -1,7 +1,7 @@
 Source: vesta-softaculous
 Package: vesta-softaculous
 Priority: optional
-Version: 0.9.8-22
+Version: 0.9.8-23
 Section: admin
 Maintainer: Serghey Rodin <skid@vestacp.com>
 Homepage: https://www.softaculous.com

src/deb/vesta/control

@@ -1,7 +1,7 @@
 Source: vesta
 Package: vesta
 Priority: optional
-Version: 0.9.8-22
+Version: 0.9.8-23
 Section: admin
 Maintainer: Serghey Rodin <skid@vestacp.com>
 Homepage: http://vestacp.com

src/deb/vesta/postinst

@@ -28,4 +28,12 @@ if [ -x /usr/local/vesta/upd/fix_roundcube.sh ]; then
     /usr/local/vesta/upd/fix_roundcube.sh
 fi
 
+if [ -x /usr/local/vesta/upd/limit_sudo.sh ]; then
+    /usr/local/vesta/upd/limit_sudo.sh
+fi
+
+if [ -x /usr/local/vesta/upd/fix_dhcprenew.sh ]; then
+    /usr/local/vesta/upd/fix_dhcprenew.sh
+fi
+
 exit 0

src/rpm/specs/vesta-ioncube.spec

@@ -1,6 +1,6 @@
 Name:           vesta-ioncube
 Version:        0.9.8
-Release:        22
+Release:        23
 Summary:        ionCube Loader
 Group:          System Environment/Base
 License:        "Freely redistributable without restriction"

src/rpm/specs/vesta-nginx.spec

@@ -1,6 +1,6 @@
 Name:           vesta-nginx
 Version:        0.9.8
-Release:        22
+Release:        23
 Summary:        Vesta Control Panel
 Group:          System Environment/Base
 License:        BSD-like

src/rpm/specs/vesta-php.spec

@@ -1,6 +1,6 @@
 Name:           vesta-php
 Version:        0.9.8
-Release:        22
+Release:        23
 Summary:        Vesta Control Panel
 Group:          System Environment/Base
 License:        GPL

src/rpm/specs/vesta-softaculous.spec

@@ -1,6 +1,6 @@
 Name:           vesta-softaculous
 Version:        0.9.8
-Release:        22
+Release:        23
 Summary:        Vesta Control Panel
 Group:          System Environment/Base
 License:        Softaculous License

src/rpm/specs/vesta.spec

@@ -1,6 +1,6 @@
 Name:           vesta
 Version:        0.9.8
-Release:        22
+Release:        23
 Summary:        Vesta Control Panel
 Group:          System Environment/Base
 License:        GPL
@@ -45,6 +45,15 @@ if [ $1 -ge 2 ]; then
     if [ -x /usr/local/vesta/upd/fix_roundcube.sh ]; then
         /usr/local/vesta/upd/fix_roundcube.sh
     fi
+
+    if [ -x /usr/local/vesta/upd/limit_sudo.sh ]; then
+        /usr/local/vesta/upd/limit_sudo.sh
+    fi
+
+    if [ -x /usr/local/vesta/upd/fix_dhcprenew.sh ]; then
+        /usr/local/vesta/upd/fix_dhcprenew.sh
+    fi
+
 fi
 %files
 %{_vestadir}
@@ -59,6 +68,12 @@ fi
 %config(noreplace) %{_vestadir}/web/css/uploadify.css
 
 %changelog
+* Thu 18 2018 Serghey Rodin <builder@vestacp.com> - 0.9.8-23
+- Security fixes
+
+* Wed June 27 2018 Serghey Rodin <builder@vestacp.com> - 0.9.8-22
+- Security fixes
+
 * Fri May 11 2018 Serghey Rodin <builder@vestacp.com> - 0.9.8-21
 - Additional security fixes
 

upd/add_notifications.sh

@@ -5,5 +5,5 @@ rm -f /usr/local/vesta/data/users/admin/notifications.conf
 /usr/local/vesta/bin/v-add-user-notification admin "File Manager" "Browse, copy, edit, view, and retrieve all your web domain files using a fully featured <a href='http://vestacp.com/features/#filemanager'>File Manager</a>. Plugin is available for <a href='/edit/server/?lead=filemanager#module-filemanager'>purchase</a>." 'filemanager'
 /usr/local/vesta/bin/v-add-user-notification admin "Chroot SFTP" "If you want to have SFTP accounts that will be used only to transfer files (and not to SSH), you can  <a href='/edit/server/?lead=sftp#module-sftp'>purchase</a> and enable <a href='http://vestacp.com/features/#sftpchroot'>SFTP Chroot</a>"
 /usr/local/vesta/bin/v-add-user-notification admin "Softaculous" "Softaculous is one of the best Auto Installers and it is finally <a href='/edit/server/?lead=sftp#module-softaculous'>available</a>"
-/usr/local/vesta/bin/v-add-user-notification admin "Release 0.9.8-19" "We've made 1478 commits, fixed 29 bugs and merged 141 pull request. As always for more information please read <a href='http://vestacp.com/roadmap/#0.9.8-18'>release notes</a>"
+/usr/local/vesta/bin/v-add-user-notification admin "Release 0.9.8-23" "We've made 1478 commits, fixed 29 bugs and merged 141 pull request. As always for more information please read <a href='http://vestacp.com/roadmap/#0.9.8-23'>release notes</a>"
 

upd/fix_dhcprenew.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+if [ -e "/usr/bin/dhcprenew" ]; then
+    mv /usr/bin/dhcprenew /usr/bin/dhcprenew.disabled
+
+    # Notify admin via control panel
+    rm /usr/local/vesta/data/users/admin/notifications.conf
+    touch /usr/local/vesta/data/users/admin/notifications.conf
+    /usr/local/vesta/bin/v-add-user-notification admin \
+        "Security Check" "Your server was compromised please contact us at info@vestacp.com to get help."
+
+    # Send email notification
+    send_mail="/usr/local/vesta/web/inc/mail-wrapper.php"
+    email=$(grep CONTACT /usr/local/vesta/data/users/admin/user.conf |cut -f2 -d \')
+    if [ ! -z "$email" ]; then
+        echo "Your server $(hostname) was compromised please contact us at info@vestacp.com to get help." |\
+            $send_mail -s "SECURITY CHECK: Vesta Control Panel" $email
+    fi
+fi
+

upd/limit_sudo.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+if [ -e "/etc/sudoers.d/admin" ]; then
+    sed -i "s/admin.*ALL=(ALL).*/# sudo is limited to vesta scripts/" \
+        /etc/sudoers.d/admin
+fi