Pre-release bugfixes for 1.0.2

bin/v-change-sys-webmail

@@ -46,6 +46,7 @@ if [ "$WEB_SYSTEM" = 'apache2' ]; then
 fi
 if [ -e /etc/nginx/conf.d/webmail.inc ]; then
     sed -i "s|location \/$OLD_ALIAS|location \/$NEW_ALIAS|gI" /etc/nginx/conf.d/webmail.inc
+    sed -i "s|location ~ ^\/$OLD_ALIAS|location ~ ^\/$NEW_ALIAS|gI" /etc/nginx/conf.d/webmail.inc
 fi
 
 #----------------------------------------------------------#

func/domain.sh

@@ -694,12 +694,23 @@ add_webmail_config() {
     ssl_pem="$HOMEDIR/$user/conf/mail/$domain/ssl/$domain.pem"
     ssl_ca="$HOMEDIR/$user/conf/mail/$domain/ssl/$domain.ca"
 
+    if [ "$WEBMAIL_ALIAS" = "mail" ]; then
+        override_alias=""
+    else
+        override_alias="mail.$domain"
+    fi
+
+    override_alias="";
+    if [ "$WEBMAIL_ALIAS" != "mail" ]; then
+        override_alias="mail.$domain"
+    fi
+
     cat $MAILTPL/$1/$2 | \
         sed -e "s|%ip%|$local_ip|g" \
             -e "s|%domain%|$WEBMAIL_ALIAS.$domain|g" \
             -e "s|%domain_idn%|$domain_idn|g" \
             -e "s|%root_domain%|$domain|g" \
-            -e "s|%alias%|mail.$domain|g" \
+            -e "s|%alias%|$override_alias|g" \
             -e "s|%alias_idn%|${aliases_idn//,/ }|g" \
             -e "s|%alias_string%|$alias_string|g" \
             -e "s|%email%|info@$domain|g" \

install/hst-install-debian.sh

@@ -1143,6 +1143,8 @@ chown root:mail $HESTIA/ssl/*
 chmod 660 $HESTIA/ssl/*
 rm /tmp/hst.pem
 
+# Install dhparam.pem
+cp -f $HESTIA/install/deb/ssl/dhparam.pem /etc/ssl
 
 #----------------------------------------------------------#
 #                     Configure Nginx                      #
@@ -1180,9 +1182,6 @@ if [ "$nginx" = 'yes' ]; then
         check_result $? "php$fpm_v-fpm start failed"
     fi
 
-    # Install dhparam.
-    cp -f $HESTIA/install/deb/ssl/dhparam.pem /etc/ssl
-
     # Update dns servers in nginx.conf
     dns_resolver=$(cat /etc/resolv.conf | grep -i '^nameserver' | cut -d ' ' -f2 | tr '\r\n' ' ' | xargs)
     for ip in $dns_resolver; do

install/hst-install-ubuntu.sh

@@ -1023,7 +1023,6 @@ fi
 # Mail stack
 if [ "$exim" = 'yes' ]; then
     echo "MAIL_SYSTEM='exim4'" >> $HESTIA/conf/hestia.conf
-    echo "WEBMAIL_ALIAS='webmail'" >> $HESTIA/conf/hestia.conf
     if [ "$clamd" = 'yes'  ]; then
         echo "ANTIVIRUS_SYSTEM='clamav-daemon'" >> $HESTIA/conf/hestia.conf
     fi
@@ -1111,6 +1110,8 @@ if [ -z "$(grep nologin /etc/shells)" ]; then
     echo "/usr/sbin/nologin" >> /etc/shells
 fi
 
+# Install dhparam.pem
+cp -f $HESTIA/install/deb/ssl/dhparam.pem /etc/ssl
 
 #----------------------------------------------------------#
 #                     Configure Nginx                      #
@@ -1148,9 +1149,6 @@ if [ "$nginx" = 'yes' ]; then
         check_result $? "php$fpm_v-fpm start failed"
     fi
 
-    # Install dhparam.
-    cp -f $HESTIA/install/deb/ssl/dhparam.pem /etc/ssl
-
     # Update dns servers in nginx.conf
     dns_resolver=$(cat /etc/resolv.conf | grep -i '^nameserver' | cut -d ' ' -f2 | tr '\r\n' ' ' | xargs)
     for ip in $dns_resolver; do

install/upgrade/versions/1.0.2.sh

@@ -72,4 +72,12 @@ fi
 
 # Enhance webmail security
 cp -f /etc/nginx/conf.d/webmail.inc $HESTIA_BACKUP/conf/
+echo "(*) Hardening security of Roundcube webmail..."
 sed -i "s/config|temp|logs/README.md|config|temp|logs|bin|SQL|INSTALL|LICENSE|CHANGELOG|UPGRADING/g" /etc/nginx/conf.d/webmail.inc
+
+# Reduce SSH login grace time
+if [ -e /etc/ssh/sshd_config ]; then
+    echo "(*) Hardening SSH daemon configuration..."
+    sed -i "s/LoginGraceTime 2m/LoginGraceTime 1m/g" /etc/ssh/sshd_config
+    sed -i "s/#LoginGraceTime 2m/LoginGraceTime 1m/g" /etc/ssh/sshd_config
+fi