Merge pull request #394 from E-F-A/3.0.2.5

3.0.2.5

Author: Shawn Iverson

CHANGELOG

@@ -5,11 +5,15 @@ EFA Version 3.0.2.5 Changes
 Issue #324 Enhancement - Import external backup to new EFA device
 Issue #361 Enhancement - Display EFA version in the CLI via EFA-Configure
 Issue #385 Bug         - Changed from reload to restart for Postfix
+Issue #386 Bug         - Admin cannot modify domain admin accounts
 Issue #387 Enhancement - Updated MariaDB recovery script
 
 Enhancement - Let's Encrypt
 Enhancement - Add EFA sponsored DCC servers
 Enhancement - Hypervisor detection during init
+Enhancement - MailScanner update to 5.0.6-5
+Enhancement - MailWatch updated to latest develop
+Enhancement - clamav-unofficial-sigs updated to 5.6.2
 Security - Regenerate self signed certs for Postfix/Apache/Webmin
 Security - Enabled strong cipher preference in Postfix
 Security - Enabled strong cipher preference in Apache

RELEASENOTES

@@ -1,5 +1,5 @@
 ######################################################################
-# EFA 3.0.2.4 RELEASE NOTES
+# EFA 3.0.2.5 RELEASE NOTES
 ######################################################################
 # Copyright (C) 2015-2017  https://efa-project.org
 #
@@ -17,17 +17,17 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #######################################################################
 
-Welcome to EFA Version 3.0.2.4!
+Welcome to EFA Version 3.0.2.5!
 
 Many thanks goes to the developers of EFA and maintainers of all
 3rd party packages!
 
-These release notes will help guide you through the 3.0.2.4 update.
+These release notes will help guide you through the 3.0.2.5 update.
 
 Many fixes and enhancements have been made to EFA.  Please review the
 CHANGELOG for further information.
 
-https://raw.githubusercontent.com/E-F-A/v3/3.0.2.4/CHANGELOG
+https://raw.githubusercontent.com/E-F-A/v3/3.0.2.5/CHANGELOG
 
 ###################### How To Update ##################################
 
@@ -49,7 +49,7 @@ Choose option 14) Update Now
 The first time you run this update, the kernel may update. If this
 happens, the script will halt to give you an opportunity to restart.
 After restarting and booting to the new kernel, rerun EFA-Update to
-continue the update process to 3.0.2.4.
+continue the update process to 3.0.2.5.
 
 EFA-Update will not proceed until you are running on the latest
 kernel.  This is to ensure that open-vm-tools updates appropriately
@@ -69,7 +69,7 @@ elevate and downgrade privileges of other admins and domain admins.
 ################ Important Info -- Custom Tweaks ######################
 
 Many EFA users have modified their EFA installations and made tweaks
-that may "disappear" after an update to 3.0.2.4.
+that may "disappear" after an update to 3.0.2.5.
 
 Updated files have been automatically backed up to the following
 location:
@@ -81,8 +81,8 @@ location:
 ########################## Known Issues ###############################
 
 1)  If you are running commercial VMware-Tools, open-vm-tools may
-install itself after updating to 3.0.2.4.  Reapply VMware-Tools
-after updating to 3.0.2.4.  Run the following command to remove
+install itself after updating to 3.0.2.5.  Reapply VMware-Tools
+after updating to 3.0.2.5.  Run the following command to remove
 open-vm-tools:
 
 sudo rpm -e open-vm-tools

TESTPLAN

@@ -3,14 +3,19 @@ EFA Version 3.0.2.5 TEST PLAN
 ############################################################
 
 Confirm certbot gets installed PASSED
-Confirm DCC servers get update PASSED
+Confirm EFA-Configure DCC Server option PASSED
 Confirm postfix hardening occurs PASSED
 Confirm Apache hardening occurs PASSED
 Confrim enabling Let's Encrypt works (apache/postfix/webmin) PASSED
 Confirm disabling Let's Encrypt places self-signed certs back (apache/postfix/webmin) PASSED
 Confrim upgrade from 3.0.2.4 -> 3.0.2.5 starts new cert regen (change self-signed from SHA1 to SHA256) PASSED
 Confirm new buils detect hypervisor and installs agent accordingly PASSED
+Confirm successful update to latest MailWatch PASSED
+Confirm successful update to latest MailScanner PASSED
+Confirm successful update to latest clamav-unofficial-sigs PASSED
+Confirm msre_reload cron symlinked properly PASSED
 
+Todo:  build testing
 
 ############################################################
 EFA Version 3.0.2.4 TEST PLAN

build/EFA/EFA-Configure

@@ -59,6 +59,7 @@ shopt -s extglob
 . /var/EFA/lib/EFA-Configure/func_maintenance
 . /var/EFA/lib/EFA-Configure/func_peruser
 . /var/EFA/lib/EFA-Configure/func_letsencrypt
+. /var/EFA/lib/EFA-Configure/func_askdccservers
 
 # +---------------------------------------------------+
 

build/EFA/EFA-Init

@@ -952,6 +952,9 @@ function func_configure-system() {
   randompw
   MUNINPWD=$PASSWD
   htpasswd -b /etc/munin/munin-htpasswd munin $MUNINPWD
+  
+  # Add nova53.net dcc server
+  /usr/local/bin/cdcc "add dcc.nova53.net"
 
   # Issue 322 Geoip update during EFA-Init
   /usr/bin/php /usr/local/sbin/geoip_update_cmd.php
@@ -1072,6 +1075,7 @@ function func_end() {
   else
     echo "AUTOUPDATES:DISABLED" >> /etc/EFA-Config
   fi
+  echo "DCCPOOL:default" >> /etc/EFA-Config
 
   sed -i "/CONFIGURED:/ c\CONFIGURED:YES" /etc/EFA-Config
 

build/EFA/lib-EFA-Configure/func_askdccservers

@@ -0,0 +1,84 @@
+# +---------------------------------------------------+
+# Function to ask and set DCC Server Pool
+# +---------------------------------------------------+
+
+function func_ask-dccservers() {
+  func_echo-header
+  echo -e "$green[EFA]$clean - Set DCC Server Pools"
+  echo -e ""
+  echo -e "$green[EFA]$clean This option will allow you to set the DCC server"
+  echo -e "$green[EFA]$clean pools that you want to use."
+  echo -e "$green[EFA]$clean The default pool includes dcc limited use servers and nova53.net"
+  echo -e "$green[EFA]$clean The nova53.net pool is free for unlimited use for EFA users."
+  echo -e "$green[EFA]$clean The dcc-servers.net pool is limited use and what ships with dcc."
+  echo -e "$green[EFA]$clean Choice of pool may affect performance, depending on your location"
+  echo -e ""
+  DCCPOOL=$(grep DCCPOOL /etc/EFA-Config | sed -e 's/.*://')
+  echo -e "Current DCC Pool: $DCCPOOL"
+  echo -e ""
+  
+  while [ "1" == "1" ]
+    do  
+      echo -e "Choose an option:"
+      echo -e "1) Use default pool (both)"
+      echo -e "2) Use nova53.net pool"
+      echo -e "3) Use dccservers pool"
+      echo -e ""
+      echo -e "e) Return to main menu"
+      echo -e ""
+      echo -e -n "$green[EFA]$clean : "
+      local choice
+      read choice
+      case $choice in
+                1)
+                    cleardcc
+                    /usr/local/bin/cdcc "add dcc1.dcc-servers.net"
+                    /usr/local/bin/cdcc "add dcc2.dcc-servers.net"
+                    /usr/local/bin/cdcc "add dcc3.dcc-servers.net"
+                    /usr/local/bin/cdcc "add dcc4.dcc-servers.net"
+                    /usr/local/bin/cdcc "add dcc5.dcc-servers.net"
+                    /usr/local/bin/cdcc "add dcc.nova53.net"
+                    sed -i '/^DCCPOOL:/ c\DCCPOOL:default' /etc/EFA-Config
+                    echo -e "$green[EFA]$clean DCC Pool set to default"
+                    sleep 5
+                    return ;;
+                 2)
+                    cleardcc
+                    /usr/local/bin/cdcc "add dcc1.nova53.net"
+                    /usr/local/bin/cdcc "add dcc2.nova53.net"
+                    /usr/local/bin/cdcc "add dcc3.nova53.net"
+                    /usr/local/bin/cdcc "add dcc4.nova53.net"
+                    sed -i '/^DCCPOOL:/ c\DCCPOOL:nova53.net' /etc/EFA-Config
+                    echo -e "$green[EFA]$clean DCC Pool set to nova53.net"
+                    sleep 2
+                    return ;;
+                 3)
+                    cleardcc
+                    /usr/local/bin/cdcc "add dcc1.dcc-servers.net"
+                    /usr/local/bin/cdcc "add dcc2.dcc-servers.net"
+                    /usr/local/bin/cdcc "add dcc3.dcc-servers.net"
+                    /usr/local/bin/cdcc "add dcc4.dcc-servers.net"
+                    /usr/local/bin/cdcc "add dcc5.dcc-servers.net"
+                    sed -i '/^DCCPOOL:/ c\DCCPOOL:dcc-servers.net' /etc/EFA-Config
+                    echo -e "$green[EFA]$clean DCC Pool set to dcc-servers.net"
+                    sleep 2
+                    return ;;
+                e) return ;;
+                *) echo -e "Error \"$choice\" is not an option..." && sleep 2
+      esac
+    done
+}
+
+
+function cleardcc() {
+    /usr/local/bin/cdcc "delete dcc.nova53.net" >/dev/null 2&>1
+    /usr/local/bin/cdcc "delete dcc1.nova53.net" >/dev/null 2&>1
+    /usr/local/bin/cdcc "delete dcc2.nova53.net" >/dev/null 2&>1
+    /usr/local/bin/cdcc "delete dcc3.nova53.net" >/dev/null 2&>1
+    /usr/local/bin/cdcc "delete dcc4.nova53.net" >/dev/null 2&>1
+    /usr/local/bin/cdcc "delete dcc1.dcc-servers.net" >/dev/null 2&>1
+    /usr/local/bin/cdcc "delete dcc2.dcc-servers.net" >/dev/null 2&>1
+    /usr/local/bin/cdcc "delete dcc3.dcc-servers.net" >/dev/null 2&>1
+    /usr/local/bin/cdcc "delete dcc4.dcc-servers.net" >/dev/null 2&>1
+    /usr/local/bin/cdcc "delete dcc5.dcc-servers.net" >/dev/null 2&>1
+}

build/EFA/lib-EFA-Configure/func_spamsettings

@@ -17,6 +17,7 @@ function func_spam-settings() {
       echo -e "6) Mailwatch sa-learn Max Message Size"
       echo -e "7) Mailwatch hide high spam/mcp"
       echo -e "8) MalwarePatrol Key Code"
+      echo -e "9) DCC Servers"
       echo -e ""
       echo -e "e) Return to main menu"
       echo -e ""
@@ -32,6 +33,7 @@ function func_spam-settings() {
                 6) func_ask-maxsizemailwatch;;
                 7) func_ask-highspammailwatch;;
                 8) func_ask-malwarepatrol;;
+                9) func_ask-dccservers;;
                 e) menu=1 && return ;;
                 *) echo -e "Error \"$choice\" is not an option..." && sleep 2
       esac

build/EFA/lib-EFA-Configure/libraries-filelist.txt

@@ -29,3 +29,4 @@ func_retention
 func_maintenance
 func_peruser
 func_letsencrypt
+func_askdccservers

build/build.bash

@@ -33,7 +33,7 @@ mirror="http://dl.efa-project.org"
 smirror="https://dl.efa-project.org"
 mirrorpath="/build/$version"
 yumexclude="kernel* MariaDB* postfix* mailscanner* MailScanner* clamav* clamd* open-vm-tools* qemu-guest-agent*"
-MAILWATCHVERSION="c08ef03"
+MAILWATCHVERSION="7f70aa3"
 MAILWATCHRELEASE="1.2.7-dev"
 MAILWATCHBRANCH="develop"
 IMAGECEBERUSVERSION="1.1"
@@ -583,7 +583,7 @@ func_apache () {
     mkdir /etc/pki/tls/backup
     mv /etc/pki/tls/certs/localhost.crt /etc/pki/tls/backup
     mv /etc/pki/tls/private/localhost.key /etc/pki/tls/backup
-    mv /etc/pki/tls/certs/server-chain.crt /etc/pki/tls/backup
+    # mv /etc/pki/tls/certs/server-chain.crt /etc/pki/tls/backup
 
     # use postfix cert
     ln -s /etc/postfix/ssl/rsa_smtpd.pem /etc/pki/tls/certs/localhost.crt
@@ -908,7 +908,8 @@ EOF
     chgrp -R apache /etc/MailScanner/rules
     chmod g+rwxs /etc/MailScanner/rules
     chmod g+rw /etc/MailScanner/rules/*.rules
-    ln -s /usr/local/bin/mailwatch/tools/Cron_jobs/msre_reload.crond /etc/cron.d/msre_reload.crond
+    # Issue #393 fix msre_reload.sh symlink to new location
+    ln -s /usr/local/bin/mailwatch/tools/MailScanner_rule_editor/msre_reload.crontab /etc/cron.d/msre_reload.crond
     ln -s /usr/local/bin/mailwatch/tools/MailScanner_rule_editor/msre_reload.sh /usr/local/bin/msre_reload.sh
     chmod ugo+x /usr/local/bin/mailwatch/tools/MailScanner_rule_editor/msre_reload.sh
 
@@ -1146,14 +1147,6 @@ func_dcc () {
 
     cp /var/dcc/libexec/rcDCC /etc/init.d/adcc
     sed -i "s/#loadplugin Mail::SpamAssassin::Plugin::DCC/loadplugin Mail::SpamAssassin::Plugin::DCC/g" /etc/mail/spamassassin/v310.pre
-    
-    #remove old servers
-    /usr/local/bin/cdcc "delete dcc.nova53.net" >/dev/null 2>&1
-    #add new EFA servers
-    /usr/local/bin/cdcc "add dcc1.nova53.net"
-    /usr/local/bin/cdcc "add dcc2.nova53.net"
-    /usr/local/bin/cdcc "add dcc3.nova53.net"
-    /usr/local/bin/cdcc "add dcc4.nova53.net"
 }
 # +---------------------------------------------------+
 

build/ks.cfg

@@ -193,7 +193,7 @@ openssl-devel
 %post
 mkdir /var/log/EFA
 mkdir /usr/src/EFA
-/usr/bin/wget -q -O /usr/src/EFA/build.bash -o /var/log/EFA/wget.log https://raw.githubusercontent.com/E-F-A/v3/3.0.2.4/build/build.bash --no-check-certificate
+/usr/bin/wget -q -O /usr/src/EFA/build.bash -o /var/log/EFA/wget.log https://raw.githubusercontent.com/E-F-A/v3/3.0.2.5/build/build.bash --no-check-certificate
 chmod 700 /usr/src/EFA/build.bash
 logsave /var/log/EFA/build.log /usr/src/EFA/build.bash
 %end