Merge with master and rename MIAB to Mail-in-a-Box Management Daemon
This commit is contained in:
commit
9fe0be0b4f
21
CHANGELOG.md
21
CHANGELOG.md
|
@ -16,6 +16,27 @@ Control panel:
|
||||||
Setup:
|
Setup:
|
||||||
|
|
||||||
* A swap file is now created if system memory is less than 2GB, 5GB of free disk space is available, and if no swap file yet exists.
|
* A swap file is now created if system memory is less than 2GB, 5GB of free disk space is available, and if no swap file yet exists.
|
||||||
|
|
||||||
|
v0.17c (April 1, 2016)
|
||||||
|
----------------------
|
||||||
|
|
||||||
|
This update addresses some minor security concerns and some installation issues.
|
||||||
|
|
||||||
|
ownCoud:
|
||||||
|
|
||||||
|
* Block web access to the configuration parameters (config.php). There is no immediate impact (see [#776](https://github.com/mail-in-a-box/mailinabox/pull/776)), although advanced users may want to take note.
|
||||||
|
|
||||||
|
Mail:
|
||||||
|
|
||||||
|
* Roundcube html5_notifier plugin updated from version 0.6 to 0.6.2 to fix Roundcube getting stuck for some people.
|
||||||
|
|
||||||
|
Control panel:
|
||||||
|
|
||||||
|
* Prevent click-jacking of the management interface by adding HTTP headers.
|
||||||
|
* Failed login no longer reveals whether an account exists on the system.
|
||||||
|
|
||||||
|
Setup:
|
||||||
|
|
||||||
* Setup dialogs did not appear correctly when connecting to SSH using Putty on Windows.
|
* Setup dialogs did not appear correctly when connecting to SSH using Putty on Windows.
|
||||||
* We now install Roundcube from our own mirror because Sourceforge's downloads experience frequent intermittant unavailability.
|
* We now install Roundcube from our own mirror because Sourceforge's downloads experience frequent intermittant unavailability.
|
||||||
|
|
||||||
|
|
|
@ -59,7 +59,7 @@ by me:
|
||||||
$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
|
$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
|
||||||
gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported
|
gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported
|
||||||
|
|
||||||
$ git verify-tag v0.17b
|
$ git verify-tag v0.17c
|
||||||
gpg: Signature made ..... using RSA key ID C10BDD81
|
gpg: Signature made ..... using RSA key ID C10BDD81
|
||||||
gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
|
gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
|
||||||
gpg: WARNING: This key is not certified with a trusted signature!
|
gpg: WARNING: This key is not certified with a trusted signature!
|
||||||
|
@ -72,7 +72,7 @@ and on my [personal homepage](https://razor.occams.info/). (Of course, if this r
|
||||||
|
|
||||||
Checkout the tag corresponding to the most recent release:
|
Checkout the tag corresponding to the most recent release:
|
||||||
|
|
||||||
$ git checkout v0.17b
|
$ git checkout v0.17c
|
||||||
|
|
||||||
Begin the installation.
|
Begin the installation.
|
||||||
|
|
||||||
|
|
|
@ -8,5 +8,5 @@ before = common.conf
|
||||||
|
|
||||||
_daemon = mailinabox
|
_daemon = mailinabox
|
||||||
|
|
||||||
failregex = MIAB: Failed login attempt from ip <HOST> - timestamp .*
|
failregex = Mail-in-a-Box Management Daemon: Failed login attempt from ip <HOST> - timestamp .*
|
||||||
ignoreregex =
|
ignoreregex =
|
||||||
|
|
|
@ -1,4 +1,14 @@
|
||||||
[recidive]
|
[recidive]
|
||||||
enabled = true
|
enabled = true
|
||||||
maxretry = 10
|
maxretry = 10
|
||||||
|
action = iptables-allports[name=recidive]
|
||||||
|
# In the recidive section of jail.conf the action contains:
|
||||||
|
#
|
||||||
|
# action = iptables-allports[name=recidive]
|
||||||
|
# sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]
|
||||||
|
#
|
||||||
|
# The last line on the action will sent an email to the configured address. This mail will
|
||||||
|
# notify the administrator that someone has been repeatedly triggering one of the other jails.
|
||||||
|
# By default we don't configure this address and no action is required from the admin anyway.
|
||||||
|
# So the notification is ommited. This will prevent message appearing in the mail.log that mail
|
||||||
|
# can't be delivered to fail2ban@$HOSTNAME.
|
||||||
|
|
|
@ -5,4 +5,3 @@
|
||||||
# ping services over the public interface so we should whitelist that address of
|
# ping services over the public interface so we should whitelist that address of
|
||||||
# ours too. The string is substituted during installation.
|
# ours too. The string is substituted during installation.
|
||||||
ignoreip = 127.0.0.1/8 PUBLIC_IP
|
ignoreip = 127.0.0.1/8 PUBLIC_IP
|
||||||
|
|
||||||
|
|
|
@ -18,8 +18,11 @@
|
||||||
rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html;
|
rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html;
|
||||||
location /cloud/ {
|
location /cloud/ {
|
||||||
alias /usr/local/lib/owncloud/;
|
alias /usr/local/lib/owncloud/;
|
||||||
location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
|
location ~ ^/cloud/(build|tests|config|lib|3rdparty|templates|data|README)/ {
|
||||||
deny all;
|
deny all;
|
||||||
|
}
|
||||||
|
location ~ ^/cloud/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||||
|
deny all;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
location ~ ^(/cloud)((?:/ocs)?/[^/]+\.php)(/.*)?$ {
|
location ~ ^(/cloud)((?:/ocs)?/[^/]+\.php)(/.*)?$ {
|
||||||
|
|
|
@ -603,7 +603,7 @@ def log_failed_login(request):
|
||||||
|
|
||||||
# We need to add a timestamp to the log message, otherwise /dev/log will eat the "duplicate"
|
# We need to add a timestamp to the log message, otherwise /dev/log will eat the "duplicate"
|
||||||
# message.
|
# message.
|
||||||
app.logger.warning( "MIAB: Failed login attempt from ip %s - timestamp %s" % (ip, time.time()))
|
app.logger.warning( "Mail-in-a-Box Management Daemon: Failed login attempt from ip %s - timestamp %s" % (ip, time.time()))
|
||||||
|
|
||||||
|
|
||||||
# APP
|
# APP
|
||||||
|
|
|
@ -36,6 +36,7 @@
|
||||||
<option value="CNAME" data-hint="Enter another domain name followed by a period at the end (e.g. mypage.github.io.).">CNAME (DNS forwarding)</option>
|
<option value="CNAME" data-hint="Enter another domain name followed by a period at the end (e.g. mypage.github.io.).">CNAME (DNS forwarding)</option>
|
||||||
<option value="TXT" data-hint="Enter arbitrary text.">TXT (text record)</option>
|
<option value="TXT" data-hint="Enter arbitrary text.">TXT (text record)</option>
|
||||||
<option value="MX" data-hint="Enter record in the form of PRIORIY DOMAIN., including trailing period (e.g. 20 mx.example.com.).">MX (mail exchanger)</option>
|
<option value="MX" data-hint="Enter record in the form of PRIORIY DOMAIN., including trailing period (e.g. 20 mx.example.com.).">MX (mail exchanger)</option>
|
||||||
|
<option value="SRV" data-hint="Enter record in the form of PRIORIY WEIGHT PORT TARGET., including trailing period (e.g. 10 10 5060 sip.example.com.).">SRV (service record)</option>
|
||||||
</select>
|
</select>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
#########################################################
|
#########################################################
|
||||||
|
|
||||||
if [ -z "$TAG" ]; then
|
if [ -z "$TAG" ]; then
|
||||||
TAG=v0.17b
|
TAG=v0.17c
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Are we running as root?
|
# Are we running as root?
|
||||||
|
|
Loading…
Reference in New Issue