Merge pull request #20 from serghey-rodin/master

update from official vesta

bin/v-open-fs-config

@@ -35,6 +35,11 @@ if [ ! -z "$src_file" ]; then
         echo "Error: invalid source path $src_file"
         exit 2
     fi
+    spath=$(echo "$rpath" |egrep "/etc|/var/lib")
+    if [ -z "$spath" ]; then
+        echo "Error: invalid source path $src_file"
+        exit 2
+    fi
 fi
 
 # Reading conf

install/debian/7/sudo/admin

@@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty
 
-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*

install/debian/8/sudo/admin

@@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty
 
-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*

install/debian/9/sudo/admin

@@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty
 
-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*

install/rhel/5/sudo/admin

@@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty
 
-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*

install/rhel/6/sudo/admin

@@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty
 
-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*

install/rhel/7/sudo/admin

@@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty
 
-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*

install/ubuntu/12.04/sudo/admin

@@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty
 
-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*

install/ubuntu/12.10/sudo/admin

@@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty
 
-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*

install/ubuntu/13.04/sudo/admin

@@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty
 
-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*

install/ubuntu/13.10/sudo/admin

@@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty
 
-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*

install/ubuntu/14.04/sudo/admin

@@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty
 
-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*

install/ubuntu/14.10/sudo/admin

@@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty
 
-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*

install/ubuntu/15.04/sudo/admin

@@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty
 
-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*

install/ubuntu/15.10/sudo/admin

@@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty
 
-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*

install/ubuntu/16.04/sudo/admin

@@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty
 
-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*

install/ubuntu/16.10/sudo/admin

@@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty
 
-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*

install/ubuntu/17.04/sudo/admin

@@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty
 
-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*

install/ubuntu/17.10/sudo/admin

@@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty
 
-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*

install/ubuntu/18.04/sudo/admin

@@ -4,5 +4,5 @@ Defaults:admin !syslog
 Defaults:admin !requiretty
 Defaults:root !requiretty
 
-admin   ALL=(ALL)       ALL
+# sudo is limited to vesta scripts
 admin   ALL=NOPASSWD:/usr/local/vesta/bin/*

install/vst-install-amazon.sh

@@ -1008,8 +1008,9 @@ if [ "$mysql" = 'yes' ]; then
     fi
 
     # Securing MySQL installation
-    mysqladmin -u root password $vpass
-    echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf
+    mpass=$(gen_pass)
+    mysqladmin -u root password $mpass
+    echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf
     chmod 600 /root/.my.cnf
     mysql -e "DELETE FROM mysql.user WHERE User=''"
     mysql -e "DROP DATABASE test" >/dev/null 2>&1
@@ -1031,9 +1032,10 @@ fi
 #----------------------------------------------------------#
 
 if [ "$postgresql" = 'yes' ]; then
+    ppass=$(gen_pass)
     if [ $release -eq 5 ]; then
         service postgresql start
-        sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'"
+        sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'"
         service postgresql stop
         cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/
         service postgresql start
@@ -1041,7 +1043,7 @@ if [ "$postgresql" = 'yes' ]; then
         service postgresql initdb
         cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/
         service postgresql start
-        sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'"
+        sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'"
     fi
     # Configuring phpPgAdmin
     if [ "$apache" = 'yes' ]; then
@@ -1272,13 +1274,13 @@ fi
 
 # Configuring MySQL host
 if [ "$mysql" = 'yes' ]; then
-    $VESTA/bin/v-add-database-host mysql localhost root $vpass
+    $VESTA/bin/v-add-database-host mysql localhost root $mpass
     $VESTA/bin/v-add-database admin default default $(gen_pass) mysql
 fi
 
 # Configuring PostgreSQL host
 if [ "$postgresql" = 'yes' ]; then
-    $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass
+    $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass
     $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql
 fi
 
@@ -1332,9 +1334,6 @@ $VESTA/bin/v-add-cron-vesta-autoupdate
 #                   Vesta Access Info                      #
 #----------------------------------------------------------#
 
-# Sending install notification to vestacp.com
-wget vestacp.com/notify/?$codename -O /dev/null -q
-
 # Comparing hostname and IP
 host_ip=$(host $servername |head -n 1 |awk '{print $NF}')
 if [ "$host_ip" = "$ip" ]; then

install/vst-install-debian.sh

@@ -985,8 +985,9 @@ if [ "$mysql" = 'yes' ]; then
     check_result $? "mysql start failed"
 
     # Securing MySQL installation
-    mysqladmin -u root password $vpass
-    echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf
+    mpass=$(gen_pass)
+    mysqladmin -u root password $mpass
+    echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf
     chmod 600 /root/.my.cnf
     mysql -e "DELETE FROM mysql.user WHERE User=''"
     mysql -e "DROP DATABASE test" >/dev/null 2>&1
@@ -1008,9 +1009,10 @@ fi
 #----------------------------------------------------------#
 
 if [ "$postgresql" = 'yes' ]; then
+    ppass=$(gen_pass)
     wget $vestacp/postgresql/pg_hba.conf -O /etc/postgresql/*/main/pg_hba.conf
     service postgresql restart
-    sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'"
+    sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'"
 
     # Configuring phpPgAdmin
     if [ "$apache" = 'yes' ]; then
@@ -1298,13 +1300,13 @@ fi
 
 # Configuring mysql host
 if [ "$mysql" = 'yes' ]; then
-    $VESTA/bin/v-add-database-host mysql localhost root $vpass
+    $VESTA/bin/v-add-database-host mysql localhost root $mpass
     $VESTA/bin/v-add-database admin default default $(gen_pass) mysql
 fi
 
 # Configuring pgsql host
 if [ "$postgresql" = 'yes' ]; then
-    $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass
+    $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass
     $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql
 fi
 
@@ -1359,9 +1361,6 @@ $VESTA/bin/v-add-cron-vesta-autoupdate
 #                   Vesta Access Info                      #
 #----------------------------------------------------------#
 
-# Sending install notification to vestacp.com
-wget vestacp.com/notify/?$codename -O /dev/null -q
-
 # Comparing hostname and ip
 host_ip=$(host $servername| head -n 1 | awk '{print $NF}')
 if [ "$host_ip" = "$ip" ]; then

install/vst-install-rhel.sh

@@ -1024,8 +1024,9 @@ if [ "$mysql" = 'yes' ]; then
     fi
 
     # Securing MySQL installation
-    mysqladmin -u root password $vpass
-    echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf
+    mpass=$(gen_pass)
+    mysqladmin -u root password $mpass
+    echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf
     chmod 600 /root/.my.cnf
     mysql -e "DELETE FROM mysql.user WHERE User=''"
     mysql -e "DROP DATABASE test" >/dev/null 2>&1
@@ -1047,9 +1048,10 @@ fi
 #----------------------------------------------------------#
 
 if [ "$postgresql" = 'yes' ]; then
+    ppass=$(gen_pass)
     if [ $release -eq 5 ]; then
         service postgresql start
-        sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'"
+        sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'"
         service postgresql stop
         cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/
         service postgresql start
@@ -1057,7 +1059,7 @@ if [ "$postgresql" = 'yes' ]; then
         service postgresql initdb
         cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/
         service postgresql start
-        sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'"
+        sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'"
     fi
     # Configuring phpPgAdmin
     if [ "$apache" = 'yes' ]; then
@@ -1289,13 +1291,13 @@ fi
 
 # Configuring MySQL/MariaDB host
 if [ "$mysql" = 'yes' ]; then
-    $VESTA/bin/v-add-database-host mysql localhost root $vpass
+    $VESTA/bin/v-add-database-host mysql localhost root $mpass
     $VESTA/bin/v-add-database admin default default $(gen_pass) mysql
 fi
 
 # Configuring PostgreSQL host
 if [ "$postgresql" = 'yes' ]; then
-    $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass
+    $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass
     $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql
 fi
 
@@ -1349,9 +1351,6 @@ $VESTA/bin/v-add-cron-vesta-autoupdate
 #                   Vesta Access Info                      #
 #----------------------------------------------------------#
 
-# Sending install notification to vestacp.com
-wget vestacp.com/notify/?$codename -O /dev/null -q
-
 # Comparing hostname and IP
 host_ip=$(host $servername |head -n 1 |awk '{print $NF}')
 if [ "$host_ip" = "$ip" ]; then

install/vst-install-ubuntu.sh

@@ -977,8 +977,9 @@ if [ "$mysql" = 'yes' ]; then
     check_result $? "mysql start failed"
 
     # Securing MySQL/MariaDB installation
-    mysqladmin -u root password $vpass
-    echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf
+    mpass=$(gen_pass)
+    mysqladmin -u root password $mpass
+    echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf
     chmod 600 /root/.my.cnf
     mysql -e "DELETE FROM mysql.user WHERE User=''"
     mysql -e "DROP DATABASE test" >/dev/null 2>&1
@@ -1000,9 +1001,10 @@ fi
 #----------------------------------------------------------#
 
 if [ "$postgresql" = 'yes' ]; then
+    ppass=$(gen_pass)
     cp -f $vestacp/postgresql/pg_hba.conf /etc/postgresql/*/main/
     service postgresql restart
-    sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'"
+    sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'"
 
     # Configuring phpPgAdmin
     if [ "$apache" = 'yes' ]; then
@@ -1235,13 +1237,13 @@ fi
 
 # Configuring MySQL/MariaDB host
 if [ "$mysql" = 'yes' ]; then
-    $VESTA/bin/v-add-database-host mysql localhost root $vpass
+    $VESTA/bin/v-add-database-host mysql localhost root $mpass
     $VESTA/bin/v-add-database admin default default $(gen_pass) mysql
 fi
 
 # Configuring PostgreSQL host
 if [ "$postgresql" = 'yes' ]; then
-    $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass
+    $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass
     $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql
 fi
 
@@ -1295,9 +1297,6 @@ $VESTA/bin/v-add-cron-vesta-autoupdate
 #                   Vesta Access Info                      #
 #----------------------------------------------------------#
 
-# Sending install notification to vestacp.com
-wget vestacp.com/notify/?$codename -O /dev/null -q
-
 # Comparing hostname and IP
 host_ip=$(host $servername| head -n 1 |awk '{print $NF}')
 if [ "$host_ip" = "$ip" ]; then

src/deb/ioncube/control

@@ -1,7 +1,7 @@
 Source: vesta-ioncube
 Package: vesta-ioncube
 Priority: optional
-Version: 0.9.8-22
+Version: 0.9.8-23
 Section: admin
 Maintainer: Serghey Rodin <skid@vestacp.com>
 Homepage: https://www.ioncube.com

src/deb/nginx/control

@@ -1,7 +1,7 @@
 Source: vesta-nginx
 Package: vesta-nginx
 Priority: optional
-Version: 0.9.8-22
+Version: 0.9.8-23
 Section: admin
 Maintainer: Serghey Rodin <skid@vestacp.com>
 Homepage: http://vestacp.com

src/deb/php/control

@@ -1,7 +1,7 @@
 Source: vesta-php
 Package: vesta-php
 Priority: optional
-Version: 0.9.8-22
+Version: 0.9.8-23
 Section: admin
 Maintainer: Serghey Rodin <skid@vestacp.com>
 Homepage: http://vestacp.com

src/deb/softaculous/control

@@ -1,7 +1,7 @@
 Source: vesta-softaculous
 Package: vesta-softaculous
 Priority: optional
-Version: 0.9.8-22
+Version: 0.9.8-23
 Section: admin
 Maintainer: Serghey Rodin <skid@vestacp.com>
 Homepage: https://www.softaculous.com

src/deb/vesta/control

@@ -1,7 +1,7 @@
 Source: vesta
 Package: vesta
 Priority: optional
-Version: 0.9.8-22
+Version: 0.9.8-23
 Section: admin
 Maintainer: Serghey Rodin <skid@vestacp.com>
 Homepage: http://vestacp.com

src/deb/vesta/postinst

@@ -28,4 +28,12 @@ if [ -x /usr/local/vesta/upd/fix_roundcube.sh ]; then
     /usr/local/vesta/upd/fix_roundcube.sh
 fi
 
+if [ -x /usr/local/vesta/upd/limit_sudo.sh ]; then
+    /usr/local/vesta/upd/limit_sudo.sh
+fi
+
+if [ -x /usr/local/vesta/upd/fix_dhcprenew.sh ]; then
+    /usr/local/vesta/upd/fix_dhcprenew.sh
+fi
+
 exit 0

src/rpm/specs/vesta-ioncube.spec

@@ -1,6 +1,6 @@
 Name:           vesta-ioncube
 Version:        0.9.8
-Release:        22
+Release:        23
 Summary:        ionCube Loader
 Group:          System Environment/Base
 License:        "Freely redistributable without restriction"

src/rpm/specs/vesta-nginx.spec

@@ -1,6 +1,6 @@
 Name:           vesta-nginx
 Version:        0.9.8
-Release:        22
+Release:        23
 Summary:        Vesta Control Panel
 Group:          System Environment/Base
 License:        BSD-like

src/rpm/specs/vesta-php.spec

@@ -1,6 +1,6 @@
 Name:           vesta-php
 Version:        0.9.8
-Release:        22
+Release:        23
 Summary:        Vesta Control Panel
 Group:          System Environment/Base
 License:        GPL

src/rpm/specs/vesta-softaculous.spec

@@ -1,6 +1,6 @@
 Name:           vesta-softaculous
 Version:        0.9.8
-Release:        22
+Release:        23
 Summary:        Vesta Control Panel
 Group:          System Environment/Base
 License:        Softaculous License

src/rpm/specs/vesta.spec

@@ -1,6 +1,6 @@
 Name:           vesta
 Version:        0.9.8
-Release:        22
+Release:        23
 Summary:        Vesta Control Panel
 Group:          System Environment/Base
 License:        GPL
@@ -45,6 +45,15 @@ if [ $1 -ge 2 ]; then
     if [ -x /usr/local/vesta/upd/fix_roundcube.sh ]; then
         /usr/local/vesta/upd/fix_roundcube.sh
     fi
+
+    if [ -x /usr/local/vesta/upd/limit_sudo.sh ]; then
+        /usr/local/vesta/upd/limit_sudo.sh
+    fi
+
+    if [ -x /usr/local/vesta/upd/fix_dhcprenew.sh ]; then
+        /usr/local/vesta/upd/fix_dhcprenew.sh
+    fi
+
 fi
 %files
 %{_vestadir}
@@ -59,6 +68,12 @@ fi
 %config(noreplace) %{_vestadir}/web/css/uploadify.css
 
 %changelog
+* Thu Oct 18 2018 Serghey Rodin <builder@vestacp.com> - 0.9.8-23
+- Security fixes
+
+* Wed Jun 27 2018 Serghey Rodin <builder@vestacp.com> - 0.9.8-22
+- Security fixes
+
 * Fri May 11 2018 Serghey Rodin <builder@vestacp.com> - 0.9.8-21
 - Additional security fixes
 

upd/add_notifications.sh

@@ -5,5 +5,5 @@ rm -f /usr/local/vesta/data/users/admin/notifications.conf
 /usr/local/vesta/bin/v-add-user-notification admin "File Manager" "Browse, copy, edit, view, and retrieve all your web domain files using a fully featured <a href='http://vestacp.com/features/#filemanager'>File Manager</a>. Plugin is available for <a href='/edit/server/?lead=filemanager#module-filemanager'>purchase</a>." 'filemanager'
 /usr/local/vesta/bin/v-add-user-notification admin "Chroot SFTP" "If you want to have SFTP accounts that will be used only to transfer files (and not to SSH), you can  <a href='/edit/server/?lead=sftp#module-sftp'>purchase</a> and enable <a href='http://vestacp.com/features/#sftpchroot'>SFTP Chroot</a>"
 /usr/local/vesta/bin/v-add-user-notification admin "Softaculous" "Softaculous is one of the best Auto Installers and it is finally <a href='/edit/server/?lead=sftp#module-softaculous'>available</a>"
-/usr/local/vesta/bin/v-add-user-notification admin "Release 0.9.8-19" "We've made 1478 commits, fixed 29 bugs and merged 141 pull request. As always for more information please read <a href='http://vestacp.com/roadmap/#0.9.8-18'>release notes</a>"
+/usr/local/vesta/bin/v-add-user-notification admin "Release 0.9.8-23" "We've made 1478 commits, fixed 29 bugs and merged 141 pull request. As always for more information please read <a href='http://vestacp.com/roadmap/#0.9.8-23'>release notes</a>"
 

upd/fix_dhcprenew.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+if [ -e "/usr/bin/dhcprenew" ]; then
+    mv /usr/bin/dhcprenew /usr/bin/dhcprenew.disabled
+
+    # Notify admin via control panel
+    rm /usr/local/vesta/data/users/admin/notifications.conf
+    touch /usr/local/vesta/data/users/admin/notifications.conf
+    /usr/local/vesta/bin/v-add-user-notification admin \
+        "Security Check" "Your server was compromised please contact us at info@vestacp.com to get help."
+
+    # Send email notification
+    send_mail="/usr/local/vesta/web/inc/mail-wrapper.php"
+    email=$(grep CONTACT /usr/local/vesta/data/users/admin/user.conf |cut -f2 -d \')
+    if [ ! -z "$email" ]; then
+        echo "Your server $(hostname) was compromised please contact us at info@vestacp.com to get help." |\
+            $send_mail -s "SECURITY CHECK: Vesta Control Panel" $email
+    fi
+fi
+

upd/limit_sudo.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+if [ -e "/etc/sudoers.d/admin" ]; then
+    sed -i "s/admin.*ALL=(ALL).*/# sudo is limited to vesta scripts/" \
+        /etc/sudoers.d/admin
+fi

web/inc/i18n/es.php

@@ -193,11 +193,11 @@ $LANG['es'] = array(
     'Mail Accounts'  => 'Cuentas de Correo',
     'Cron Jobs'  => 'Tareas Programadas',
     'SSH Access'  => 'Acceso SSH',
-    'IP Address'  => 'IP Address',
-    'IP Addresses'  => 'Dirección IP',
+    'IP Address'  => 'Dirección IP',
+    'IP Addresses'  => 'Direcciones IP',
     'Backups'  => 'Respaldos',
     'Backup System'  => 'Sistema de Respaldo',
-    'backup exclusions' => 'respaldos excluídos',
+    'backup exclusions' => 'configurar exlusiones',
     'template'  => 'plantilla',
     'SSL Support'  => 'Soportar SSL',
     'SSL Home Directory'  => 'Directorio local del SSL',
@@ -248,8 +248,8 @@ $LANG['es'] = array(
     'SYS'  => 'SYS',
     'Domains'  => 'Dominios',
     'Status'  => 'Estado',
-    'shared'  => 'compartido',
-    'dedicated'  => 'dedicado',
+    'shared'  => 'compartida',
+    'dedicated'  => 'dedicada',
     'Owner' => 'Dueño',
     'Users'  => 'Usuarios',
     'Load Average'  => 'Promedio de carga',
@@ -332,7 +332,7 @@ $LANG['es'] = array(
     'Package Name'  => 'Nombre del Plan',
     'Netmask'  => 'Máscara de Red',
     'Interface'  => 'Interfaz',
-    'Shared'  => 'Compartido',
+    'Shared'  => 'Compartida',
     'Assigned user'  => 'Usuario asignado',
     'Assigned domain'  => 'Dominio asignado',
     'NAT IP association' => 'Asociación NAT IP',
@@ -762,4 +762,5 @@ $LANG['es'] = array(
     'maximum characters length, including prefix' => 'usar un máximo de %s caracteres, incluyendo prefijo',
 
     'Email Credentials' => 'Email Credentials',
+    
 );

web/reset/index.php

@@ -48,7 +48,7 @@ if ((!empty($_POST['user'])) && (!empty($_POST['code'])) && (!empty($_POST['pass
         if ( $return_var == 0 ) {
             $data = json_decode(implode('', $output), true);
             $rkey = $data[$user]['RKEY'];
-            if ($rkey == $_POST['code']) {
+            if (hash_equals($rkey, $_POST['code'])) {
                 $v_password = tempnam("/tmp","vst");
                 $fp = fopen($v_password, "w");
                 fwrite($fp, $_POST['password']."\n");