há 5 anos atrás · 601e27cf12
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
 
				 
			
 
				 ## [CURRENT] - Development
			
 
				 ### Features
			
 
				+- Use stronger ciphers and Disable TLS v1.1 for vsftpd.
			
 
				 
			
 
				 ### Bugfixes
			
 
				 - Create mailhelo.conf if it doesnt exist to prevent a error message during grep.
			
--- a/bin/v-change-user-password
+++ b/bin/v-change-user-password
@@ -25,10 +25,17 @@ source $HESTIA/conf/hestia.conf
 
				 #                    Verifications                         #
			
 
				 #----------------------------------------------------------#
			
 
				 
			
 
				-check_args '2' "$#" 'USER PASSWORD'
			
 
				+check_args '1' "$#" 'USER [PASSWORD]'
			
 
				 is_format_valid 'user'
			
 
				 is_object_valid 'user' 'USER' "$user"
			
 
				 is_object_unsuspended 'user' 'USER' "$user"
			
 
				+
			
 
				+# Non-interactive (stdin not opened)
			
 
				+[[ -z "$password" && ! -t 0 ]] && read -r password
			
 
				+
			
 
				+# Password prompt
			
 
				+[[ -z "$password" ]] && read -r -s -p "Password:" password
			
 
				+
			
 
				 is_password_valid
			
 
				 
			
 
				 # Perform verification if read-only mode is enabled
			
--- a/install/deb/vsftpd/vsftpd.conf
+++ b/install/deb/vsftpd/vsftpd.conf
@@ -31,10 +31,10 @@ utf8_filesystem=YES
 
				 ssl_enable=YES
			
 
				 allow_anon_ssl=NO
			
 
				 require_ssl_reuse=NO
			
 
				-ssl_ciphers=HIGH
			
 
				-ssl_tlsv1=NO
			
 
				+ssl_ciphers=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
			
 
				 ssl_sslv2=NO
			
 
				 ssl_sslv3=NO
			
 
				+ssl_tlsv1=NO
			
 
				 force_local_data_ssl=NO
			
 
				 force_local_logins_ssl=NO
			
 
				 rsa_cert_file=/usr/local/hestia/ssl/certificate.crt
			
--- a/install/upgrade/versions/latest.sh
+++ b/install/upgrade/versions/latest.sh
@@ -8,10 +8,19 @@
 
				 
			
 
				 # Update template files to add warnings
			
 
				 # Backup current templates
			
 
				-cp -r -f $HESTIA/data/templates/* $HESTIA_BACKUP/templates/
			
 
				 echo "[ ! ] Updating default web domain templates..."
			
 
				 $BIN/v-update-web-templates
			
 
				 echo "[ ! ] Updating default mail domain templates..."
			
 
				 $BIN/v-update-mail-templates
			
 
				 echo "[ ! ] Updating default DNS zone templates..."
			
 
				-$BIN/v-update-dns-templates
			
 
				+$BIN/v-update-dns-templates
			
 
				+
			
 
				+# Enhance Vsftpd security
			
 
				+if [ "$FTP_SYSTEM" = "vsftpd" ]; then
			
 
				+    echo "[ ! ] Hardening Vsftpd TLS configuration..."
			
 
				+    if [ -e /etc/vsftpd.conf ]; then
			
 
				+        rm -f /etc/vsftpd.conf
			
 
				+    fi
			
 
				+    cp -f $HESTIA_INSTALL_DIR/vsftpd/vsftpd.conf /etc/
			
 
				+    chmod 644 /etc/vsftpd.conf
			
 
				+fi