#!/bin/sh
#Installscript, verwendet debian/ubuntu, syscp, apache, mysql, bind, postfix, dovecot, amavis/spamassassin, proftpd, awstats, pma und Squirrelmail
#Benoetigt openVZ oder chroot (auf dem Host sollte dann moeglichst wenig laufen)

#Copyright by Michael Fritscher <syscp@mifritscher.de>
#Keine Garantie auf irgendwas :-)

#Changelog:
#25. 2.09 0.9 beta1: Grundsaetzlich laruft es, pma macht noch Probleme, ausserdem ist das Handling von mysql noch unschoen
#26. 2.09 0.9 beta2: pma, mysql und fehlende Befehle im Host gefixt
#26. 2.09 0.9 beta3: fcgi, squirrelmail
#27. 2.09 0.9 beta4: diverse Kleinigkeiten gefixt
#27. 2.09 0.9 beta5: chroot-Unterstuetzung getestet
#27. 2.09 1.0      : weitere Kleinigkeiten gefixt, unattended-upgrades eingebaut, pma/squirrelmail/syscp in basedirs gesteckt
#27. 2.09 1.5      : rrdtool, svn, Sicherung
#28. 2.09 1.6      : squirrelmail
#11. 3.09 1.61     : diverse Bugfixes
#12. 4.09 1.62     : kunden wurde in syscp auf customer geaendert, Kleinigkeiten (Kommentar zu chroot, Test ob openVZ-Modul geladen eingebaut, exit 1 bei Fehlern)
#17. 7.09 1.63     : Defaultseite fuer unbehandelte Addressen und Ports; Verhindert dass PMA sein Alias wieder anlegt
#10.10.09 2.00     : RBL-Listen, Anzahl der max. Verbindungen zu Amavis erhoeht, logrotate fuer kundenlogs, ftppfad,
#                    http-Kompression, bei chroot auch /dev/pts mounten, suhosin angepasst, webmin, SSH-Port einstellbar
#11.10.09 2.01     : bashisms weg (v.a. echo -e)
#13.10.09 2.10     : syscp an Debian angepasst; apache2, mysql und proftpd manuell installieren, um unbeabsichtige Deinstallationen zu vermeiden
#14.10.09 2.20     : Bugfixes bei amavis, Parameterchecks eingebaut, Parameter Komponenten und minimal hinzugefuegt
#15.10.09 2.21     : Bugfixes bei Pfad in syscp, realtime-Änderungen auf Port 53141 eingebaut, clamav-logspam gefixt, Zeitzone kopieren
#17.10.09 2.30     : diverse Bugfixes, u.a. Pfad & rrdtool
#18.10.09 2.31     : dummer Fehler bei proftpd; Indexes und FollowSymLinks auch in /var/www ausschalten; xinetd vorgezogen
#19.10.09 2.32     : Mails versenden gefixt (da gabs in der Configdatei keine auskommentieren sasl<->dovecot Zeilen mehr)
#24.10.09 2.33     : Kleinere Sachen beim Mailversand gefixt
#30.10.09 2.50     : SSL, mail: pruefen ob der Absender auch dem jeweiligen User gehört
#05.11.09 2.51     : proftpd-Einstellung standalone in debconf speichern
#17.02.10 2.60     : etckeeper, Konfigdatei in /etc kopieren, kleinere Bugfixes
#12.08.10 2.61     : Vorbereitungen fuer Squeeze + froxlor
#07.11.10 2.62     : aktuelle dovecot/sieve -unterstuetzung (Squeeze)
#28.09.11 2.63     : innodbs mitsichern
#05.11.11 2.64     : locales einrichten
#22.02.12 2.65     : auch de_DE iso8859 erzeugen, damit squirrelmail deutsch ist
#12.06.12 2.66     : volatile deaktiviert
#18.10.12 2.67     : geoip-database installieren (froxxlor braucht das)
#31.03.13 2.68     : rrd/update.sh: head -n 1 eingefuegt
#25.09.16 2.69     : clamav-unofficial-sigs hinzugefuegt

#Todo
#ln -s /usr/bin/webalizer /usr/local/bin/webalizer
#-squeeze: dovecot/sieve
#-froxlor: wget, cron, xinetd, symlink
# http://config.froxlor.org/?distribution=debian_wheezy&from=0.9.32&to=0.9.33-rc1&submit=Show+differences
# rrdtool-minute script aktualisieren (für wheezy)

#-
#gpg --keyserver gpg-keyserver.de --recv-keys 4F9E9BBC
#gpg --export 4F9E9BBC|apt-key add -
#deb http://debian.froxlor.org lenny main
#deb-src http://debian.froxlor.org lenny main
#awstats: zumindest Sitedomain in awstat.conf.local einbauen
#apache.conf: keine NamedVirtualhost:80/81 anlegen (gibt ip-spezifische)
#rkhunter: loaded_modules, PermitRootLogin, Dateien / Verzeichniss für etckeeper whitelisten
#  Debian 7.0 (Wheezy) »  Sonstige (System) »  Logrotate 

#-pma: setup.php absichern
#-http://packages.debian.org/squeeze/dovecot-common
#- aptitude purge  courier-imap courier-pop courier-base courier-authlib-userdb 
#- controlvz:/var/run# aptitude install dovecot-imapd dovecot-pop3d
#- Aug 31 04:01:09 controlvz dovecot: deliver(postmaster@controlvz.de): sieve: failed to open script /var/lib/syscp/customers/mail/controlvz/postmaster@controlvz.de//.dovecot.sieve
#(view logfile /var/lib/syscp/customers/mail/controlvz/postmaster@controlvz.de//.dovecot.sieve.log for more informatio
#require ["fileinto","envelope","reject","vacation","imapflags","relational","comparator-i;ascii-numeric","regex","notify"]; ->
#require ["fileinto","envelope","reject","vacation","imap4flags","relational","comparator-i;ascii-numeric","regex","body","date"]
#- ln -s /usr/bin/webalizer /usr/local/bin/webalizer 
#- fgci: *local rausziehen
#- install dialog, remove whiptail

#dovecot bruachts ab buster:
#openssl dhparam 4096 > /etc/dovecot/dh.pem
#in die dovecot.conf: ssl_dh = </etc/dovecot/dh.pem

# chown :amavis /etc/amavis/conf.d/60-syscp 
# chmod 640 /etc/amavis/conf.d/60-syscp 

# in dovecot:
#service stats {
#  unix_listener stats-reader {
#    group = vmail
#    mode = 0666
#  }
#  unix_listener stats-writer {
#    group = vmail
#    mode = 0666
#  }
#}
#listen = *, [::] (oben)
#Funktionen

aufruf_chroot () {
	chmod +x c.sh
	chroot . /bin/sh c.sh >> install.log 2>&1
	rm c.sh
}

aufruf_openvz () {
	chmod +x c.sh
	vzctl --quiet exec "$nummer" /c.sh >> install.log 2>&1
	rm c.sh
}

aufruf () {
	if [ "$openvz" ]; then
		aufruf_openvz
	else
		aufruf_chroot
	fi
}

umgebung_teste_openvz () {
	if [ -z `which vzctl` ]; then echo "vzctl fehlt!"; exit 1; fi
	if [ ! -e /proc/vz ]; then echo "OpenVZ-Modul ist ncht geladen"; exit 1; fi

}

umgebung_teste_chroot () {
	#sonst kommen wegen locales Fehlermeldungen
	unset LANG
	#Sind die Ports frei?
	if [ ! $webmin ]; then
		webminport=""
	fi
	for i in 21 25 53 80 81 110 143 3306 10024 10025 53141 $sshport $webminport;
	do
		if [ "`netstat -l -n | grep ":$i" | grep LISTEN | grep tcp`" ]; then
			echo "Port "$i" ist belegt! (Gefunden: `netstat -p -l -n | grep ":$i" | grep LISTEN | grep tcp`)"; exit 1;
		fi
	done
}

umgebung_testen () {
	if [ -z `which debootstrap` ]; then echo "debootstrap fehlt!"; exit 1; fi
	if [ -z `which sed` ]; then echo "sed fehlt!"; exit 1; fi
	if [ -z `which wget` ]; then echo "wget fehlt!"; exit 1; fi
	if [ "$openvz" ]; then
		umgebung_teste_openvz
	else
		umgebung_teste_chroot
	fi
}
grundsystem () {
	#gibt es dieses Verzeichniss schon?
	if [ -e "$pfad/etc" ]; then echo "In $pfad scheint schon ein System zu sen!"; exit 1; fi

	#Grundsystem holen
	echo `date` "Installiere Grundsystem"
	mkdir "$pfad" >/dev/null 2>&1
	if [ ! -e "$pfad" ]; then echo "Konnte Verzeichniss nicht anlegen!"; exit 1; fi
	#Konfiguration
	if [ $configfile ]; then
		if [ -e /tmp/config.$hostname ]; then echo "/tmp/config.$hostname gibt es schon!"; exit 1; fi
		cp $configfile /tmp/config.$hostname
		chmod 600 /tmp/config.$hostname
	fi
	cd "$pfad"
	rm c.sh > /dev/null 2>&1
	rm install.log > /dev/null 2>&1

	debootstrap "$distro" . "$mirror" > install.log 2>&1

	#test
	if [ ! -e "$pfad/bin/sh" ]; then echo "Mirrorserver wahrscheinlich nicht erreichbar!"; exit 1; fi

	#zeitzone
	cp /etc/timezone etc
	cp /etc/localtime etc

	#konfiguration
	if [ $configfile ]; then
		cp /tmp/config.$hostname etc
		chmod 600 etc/config.$hostname
		rm /tmp/config.$hostname
	fi
}

booten_openvz () {
	echo `date` "In openVZ starten"
	cd "$pfad"
	if  [ -z `lsmod | grep vzdev | wc -l` ]; then echo "Kein OpenVZ-Modul geladen!"; exit 1; fi

	################sysctl -w net.ipv4.conf.eth11.proxy_arp=1  >> install.log 2>&1
	echo 1 > /proc/sys/net/ipv4/ip_forward  >> install.log 2>&1

	cp "$templates"/openvz.conf /etc/vz/conf/"$nummer".conf
	# echo "IP_ADDRESS=\"$ip\"" >> /etc/vz/conf/"$nummer".conf

	#Die ttys muellen das Syslog zu
	if [ -e etc/event.d/tty1 ]; then
		mkdir etc/event.d.alt
		mv etc/event.d/tty* etc/event.d.alt
	fi
	if [ -e etc/inittab ]; then
		if [ ! -e etc/inittab.org ]; then
			cp etc/inittab etc/inittab.org
		fi
		sed -i -e '/getty/d' etc/inittab
	fi

	vzctl --quiet set "$nummer" --save --ipadd "$ip" >> install.log 2>&1
	vzctl --quiet start "$nummer"  >> install.log 2>&1
	sleep 10
}

booten_chroot () {
	echo `date` "In chroot starten"
	cd "$pfad"
	mount -t proc none proc
	mount -t devpts none dev/pts
}

booten () {
	if [ "$openvz" ]; then
		booten_openvz
	else
		booten_chroot
	fi		
}
apti () {
	cd "$pfad"
	echo `date` "Richte Geraetedateien & Netzwerk ein, setze Passwort, installiere aptitude, erleige locales, hole weitere Mirrors und installiere etckeeper"

	echo '#!/bin/sh
#
### BEGIN INIT INFO
# Provides:          devices_not
# Default-Start:     S 1 2 3 4 5
# Default-Stop:      0 6
# Required-Start:
# Required-Stop:
# Short-Description: Creates some device nodes
# Description:       Creates some device nodes
### END INIT INFO

#Notfallmassname falls diese Dateien nicht angelegt wurden

cd /dev; /sbin/MAKEDEV pty
mknod /dev/zero c 1 5
mknod /dev/random c 1 8
mknod /dev/urandom c 1 9
chmod 666 /dev/zero
chmod 666 /dev/null' > etc/init.d/devices
	chmod +x etc/init.d/devices
	echo "/etc/init.d/devices" >> c.sh
	echo "ln -s etc/init.d/devices etc/rcS.d/S50devices" >> c.sh
	#commiten
	aufruf

	echo "$hostname" > etc/hostname
	echo "$ip $hostname mail.$hostname srv.$hostname" >> etc/hosts

	echo "$hostname" > etc/mailname

	echo "hostname $hostname" >> c.sh
	echo "$rootpasswort" > passwort
	echo "$rootpasswort" >> passwort
	echo "cat passwort | passwd" >> c.sh
	echo rm passwort >> c.sh

	echo apt-get --force-yes -y --force-yes install aptitude >> c.sh

	#weitere Mirrors
	echo export DEBIAN_FRONTEND=noninteractive >> c.sh
	echo deb "$mirror"/ "$distro" "$komponenten" > etc/apt/sources.list
	echo deb "$mirror"/ubuntu-updates/ "$distro"-updates universe main multiverse restricted >> etc/apt/sources.list
	echo deb "$mirror"/ubuntu-security/ "$distro"-security universe main multiverse restricted >> etc/apt/sources.list
	echo "APT::Get::AllowUnauthenticated \"true\";" >> etc/apt/apt.conf.d/99AllowUnauthenticated
	echo aptitude update >> c.sh
	echo aptitude -y install etckeeper >> c.sh
	echo etckeeper init >> c.sh
	echo etckeeper commit grundsystem >> c.sh
	echo aptitude clean >> c.sh

	#committen
	aufruf
	
	#test
	if [ ! -e usr/bin/aptitude ]; then echo "Im Gastsystem konnte kein aptitude installiert werden -> es hat wahrscheinlich kein Netzwerkzugriff! Eventuell http://wiki.openvz.org/Installation_on_Debian#sysctl vergessen?"; exit 1; fi

	#var/cache/debconf/config.dat
	printf "Name: locales/default_environment_locale
Template: locales/default_environment_locale
Value: en_US.UTF-8
Owners: locales
Flags: seen
Variables:
 locales = de_DE.UTF-8, en_US.UTF-8

Name: locales/locales_to_be_generated
Template: locales/locales_to_be_generated
Value: de_DE ISO-8859-1, de_DE.UTF-8 UTF-8, en_US.UTF-8 UTF-8
Owners: locales
Flags: seen

" >> var/cache/debconf/config.dat
	echo dpkg-reconfigure -f Noninteractive locales >> c.sh

	#commiten
	aufruf
}

syscp () {
	cd "$pfad"
	echo `date` "Installiere syscp"
	#Key
	wget http://debian.syscp.org/pubkey >> install.log 2>&1

	if [ ! -e pubkey ]; then
		# brauchts manchmal
		sleep 3
		wget http://debian.syscp.org/pubkey >> install.log 2>&1
	fi

	if [ ! -e pubkey ]; then echo "syscp-pubkey konnte nicht herunterladen werden!"; exit 1; fi
	
	#froxlor: key
	echo "gpg --keyserver gpg-keyserver.de --recv-keys 4F9E9BBC" >> c.sh
	echo "gpg --export 4F9E9BBC|apt-key add - " >> c.sh
	
	#froxlor: quelle
	## echo "deb http://debian.froxlor.org/ squeeze main" >> etc/apt/sources.list.d/froxlor.list
	#Quelle
	echo deb http://debian.syscp.org/ lenny/ >> etc/apt/sources.list

	#debconf

	#var/cache/debconf/config.dat
	printf "Name: phpmyadmin/dbconfig-upgrade
Template: dbconfig-common/dbconfig-upgrade
Value: true
Owners: phpmyadmin
Flags: seen
Variables:
 dbvendor = MySQL
 pkg = phpmyadmin

Name: phpmyadmin/mysql/admin-user
Template: dbconfig-common/mysql/admin-user
Value: root
Owners: phpmyadmin
Flags: seen
Variables:
 dbvendor = MySQL
 pkg = phpmyadmin

Name: phpmyadmin/reconfigure-webserver
Template: phpmyadmin/reconfigure-webserver
Value: apache2
Owners: phpmyadmin
Flags: seen

Name: shared/proftpd/inetd_or_standalone
Template: shared/proftpd/inetd_or_standalone
Value: standalone
Owners: proftpd-basic
Flags: seen

Name: syscp/admin-username
Template: syscp/admin-username
Value: admin
Owners: syscp
Flags: seen

Name: syscp/customer-dir
Template: syscp/customer-dir
Value: /var/lib/syscp/customers
Owners: syscp
Flags: seen

Name: syscp/dbconfig-install
Template: dbconfig-common/dbconfig-install
Value: false
Owners: syscp
Flags: seen
Variables:
 dbvendor = MySQL
 pkg = syscp

Name: syscp/mysql/admin-user
Template: dbconfig-common/mysql/admin-user
Value: root
Owners: syscp
Flags: seen
Variables:
 dbvendor = MySQL
 pkg = syscp

Name: syscp/reconfigure-webserver
Template: syscp/reconfigure-webserver
Value: apache2
Owners: syscp
Flags: seen

Name: syscp/no-config
Template: syscp/no-config
Value:
Owners: syscp
Flags: seen

Name: locales/default_environment_locale
Template: locales/default_environment_locale
Value: None
Owners: locales
Flags: seen
Variables:
 locales = de_DE.UTF-8, en_US.UTF-8

Name: locales/locales_to_be_generated
Template: locales/locales_to_be_generated
Value: de_DE.UTF-8 UTF-8, en_US.UTF-8 UTF-8
Owners: locales
Flags: seen

" >> var/cache/debconf/config.dat

	#var/cache/debconf/passwords.dat
	printf "Name: mysql-server/root_password
Template: mysql-server/root_password
Value: $mysqlrootpasswort
Owners: mysql-server-5.0
Flags: seen

Name: mysql-server/root_password_again
Template: mysql-server/root_password_again
Value: $mysqlrootpasswort
Owners: mysql-server-5.0
Flags: seen

Name: phpmyadmin/mysql/admin-pass
Template: dbconfig-common/mysql/admin-pass
Value: $mysqlrootpasswort
Owners: phpmyadmin
Flags: seen
Variables:
 dbvendor = MySQL
 pkg = phpmyadmin

Name: syscp/mysql/admin-pass
Template: dbconfig-common/mysql/admin-pass
Value: $mysqlrootpasswort
Owners: syscp
Flags: seen
Variables:
 dbvendor = MySQL
 pkg = syscp
" >> var/cache/debconf/passwords.dat

	#InnoDB-Dateien als einzelne Dateien speichern, erleichtert das sichern
	mkdir -p etc/mysql/conf.d
	printf "[mysqld]
innodb_file_per_table = true
innodb_buffer_pool_size = 32M
" > etc/mysql/conf.d/innodb.cnf

	printf "[mysqld]
table_cache            = 512
table_definition_cache = 1024
open_files_limit       = 2048
key_buffer             = 64M
read_buffer_size       = 512K
log_slow_queries       = /var/log/mysql/mysql-slow.log
long_query_time = 2
log-queries-not-using-indexes
" > etc/mysql/conf.d/myisamdb.cnf

	#debian-syscp
	mkdir -p etc/syscp
	printf "<?php

// This file is only for setup. Changing the password here won't do anything. The
// file just reflects what was set at installation time and will be reused for
// later installations if the package wasn't purged before.

$setup['admin'] = \"admin\";
$setup['password'] = \"$syscppasswort\";
$setup['webserver'] = \"\";
$setup['customer_dir'] = \"/var/lib/syscp/customers\";

?>
" > etc/syscp/debian.php

	mkdir -p etc/dbconfig-common
	printf "dbc_install='false'
dbc_upgrade='true'
dbc_dbuser='syscp'
dbc_dbpass='$mysqlsyscppasswort'
dbc_dbadmin='root'
" > etc/dbconfig-common/syscp

	#Installieren
	echo export DEBIAN_FRONTEND=noninteractive >> c.sh
	echo apt-key add pubkey >> c.sh
	echo "gpg --import pubkey && gpg --fingerprint" >> c.sh
	echo rm pubkey >> c.sh
	echo rm pubkey.1 >> c.sh
	echo etckeeper commit syscp_1 >> c.sh
	echo aptitude update >> c.sh
	echo aptitude -y install xinetd syscp dbconfig-common dovecot-imapd dovecot-pop3d bind9 postfix postfix-mysql libsasl2 libsasl2-modules libsasl2-modules-sql apache2 apache2-suexec-custom libnss-mysql nscd libapache2-mod-fcgid php5-cgi mysql-common mysql-server proftpd-mod-mysql wget geoip-database >> c.sh
	echo mysqladmin -u root password "$mysqlrootpasswort">> c.sh
	echo aptitude clean >>c.sh
	#committen
	echo etckeeper commit syscp_2 >> c.sh
	aufruf
	
	#test
	if [ ! -e var/www/syscp/index.php ]; then echo "syscp-Installation schlug fehl! Eventuell http://wiki.openvz.org/Installation_on_Debian#sysctl vergessen?"; exit 1; fi

	#speichern des root-PWs offiziell machen
	if [ ! -e etc/dbconfig-common/config.org ]; then
		cp etc/dbconfig-common/config etc/dbconfig-common/config.org
	fi
	cp etc/dbconfig-common/config.org etc/dbconfig-common/config
	sed "s\dbc_remember_admin_pass='false'\dbc_remember_admin_pass='true'\g " etc/dbconfig-common/config.org > etc/dbconfig-common/config
	
	#committen
	echo etckeeper commit syscp_3 > c.sh
	aufruf
}

sonst () {
	cd "$pfad"
	echo `date` "Installiere weitere grundlegende Tools, Spamfilter etc."
	echo export DEBIAN_FRONTEND=noninteractive >> c.sh
	echo aptitude install -y bzip2 wget ncftp rrdtool openssh-server dnsutils nano mc man psmisc squirrelmail avelsieve phpmyadmin awstats php5-xcache php-pear clamav-daemon clamav-client clamav-unofficial-sigs amavisd-new spamassassin mailutils chkrootkit rkhunter unattended-upgrades subversion telnet-ssl bc dialog >> c.sh
	echo aptitude -y remove whiptail >> c.sh

	#committen
	echo etckeeper commit sonst >> c.sh
	aufruf

	#test
	if [ ! -e /usr/bin/mc ]; then echo "Installation weiterer Programme schlug fehl!"; exit 1; fi
}

webmin () {
	if [ "$webmin" ]; then
		echo `date` "Installiere webmin"
		echo deb http://download.webmin.com/download/repository sarge contrib >> etc/apt/sources.list
		wget http://www.webmin.com/jcameron-key.asc >> install.log 2>&1
		echo "apt-key add jcameron-key.asc" >>c.sh
		echo "rm jcameron-key.asc" >>c.sh
		echo etckeeper commit webmin_1 >> c.sh
		echo "aptitude update" >>c.sh
		echo aptitude install -y webmin >> c.sh
		#committen
		aufruf
		if [ ! -e etc/webmin/miniserv.conf.org ]; then
			cp etc/webmin/miniserv.conf etc/webmin/miniserv.conf.org
		fi
		sed "s\port=10000\port=$webminport\g" etc/webmin/miniserv.conf.org > tmp/miniserv.conf
		sed "s\listen=10000\listen=$webminport\g" tmp/miniserv.conf > etc/webmin/miniserv.conf
		rm tmp/miniserv.conf

		echo /etc/init.d/webmin restart >> c.sh
		#committen
		echo etckeeper commit webmin_2 >> c.sh
		aufruf
	fi
}
einrichten_syscp () {
	cd "$pfad"
	echo -n "Syscp "

	#per wget syscp installieren und fcgi, Port 81 etc. einstellen
	if [ ! -e etc/apache2/ports.conf.org ]; then
		cp etc/apache2/ports.conf etc/apache2/ports.conf.org
	fi
	cp etc/apache2/ports.conf.org etc/apache2/ports.conf

	echo "echo >>/etc/apache2/ports.conf" >> c.sh
	echo "echo NameVirtualHost *:81 >>/etc/apache2/ports.conf" >> c.sh
	echo "echo Listen 81 >>/etc/apache2/ports.conf" >> c.sh
	echo "echo NameVirtualHost $ip:80 >>/etc/apache2/ports.conf" >> c.sh

	if [ ! -e etc/apache2/sites-available/default.org ]; then
		cp etc/apache2/sites-available/default etc/apache2/sites-available/default.org
	fi

	sed "s/<VirtualHost \*:80>/<VirtualHost \*:81>/g" etc/apache2/sites-available/default > etc/apache2/sites-available/default.neu
	sed "s/ Indexes/ -Indexes/g" etc/apache2/sites-available/default.neu > etc/apache2/sites-available/default
	sed "s/ FollowSymLinks/ SymlinksIfOwnerMatch/g" etc/apache2/sites-available/default > etc/apache2/sites-available/default.neu
	# ssl
	sed "s_</VirtualHost>_SSLEngine on\nSSLCertificateKeyFile /root/ssl/server81-key-u.pem\nSSLCertificateFile /root/ssl/server81-cert.pem\n</VirtualHost>_g" etc/apache2/sites-available/default.neu > etc/apache2/sites-available/default
	#mv etc/apache2/sites-available/default.neu etc/apache2/sites-available/default
	rm etc/apache2/sites-available/default.neu
	echo a2enmod ssl >> c.sh
	
	#realtime-Updates
	if [ ! -e etc/services.org ]; then
	    cp etc/services etc/services.org
	fi
	cp etc/services.org etc/services
	echo "syscp           53141/tcp                        # SysCP Cronscript" >> etc/services
	
	echo "service syscp
{
	socket_type     = stream
	protocol        = tcp
	wait            = no
	user            = root
	server          = /usr/bin/php5
	bind            = 127.0.0.1
	server_args     = -q /var/www/syscp/scripts/cron_tasks.php
	only_from       = 127.0.0.1
}" > etc/xinetd.d/syscp

	echo /etc/init.d/xinetd restart >> c.sh

	#committen
	echo etckeeper commit einrichten_syscp_1 >> c.sh
	aufruf

	#defaultseite für unkonfigurierte Addressen und Ports
	printf "<VirtualHost *>
    DocumentRoot /var/www/80/
</VirtualHost>
" > etc/apache2/sites-available/999-absicherung

	echo "ln -s /etc/apache2/sites-available/999-absicherung /etc/apache2/sites-enabled/999-absicherung" >> c.sh
	
	mkdir var/www/80
	echo "Default" > var/www/80/index.html
	echo /etc/init.d/apache2 restart >> c.sh
	echo wget --no-check-certificate --post-data \'"mysql_host=127.0.0.1&mysql_database=syscp&mysql_unpriv_user=syscp&mysql_unpriv_pass=$mysqlsyscppasswort&mysql_root_user=root&mysql_root_pass=$mysqlrootpasswort&admin_user=admin&admin_pass1=$syscppasswort&admin_pass2=$syscppasswort&servername=$hostname&serverip=$ip&webserver=apache2&httpuser=www-data&httpgroup=www-data&language=english&installstep=1&submitbutton=Next"\' https://127.0.0.1:81/syscp/install/install.php >> c.sh

	#MySQL Zeugs einstellen (eingeschränkter User, Sicherheit etc.)
	echo "SET PASSWORD FOR 'root'@'127.0.0.1' = PASSWORD( '$mysqlrootpasswort' );
SET PASSWORD FOR 'root'@'$hostname' = PASSWORD( '$mysqlrootpasswort' );

CREATE USER 'syscpe'@'127.0.0.1' IDENTIFIED BY '$mysqlsyscpepasswort';

GRANT USAGE ON * . * TO 'syscpe'@'127.0.0.1' IDENTIFIED BY '$mysqlsyscpepasswort' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
GRANT SELECT ON syscp.ftp_groups TO 'syscpe'@'127.0.0.1';
GRANT SELECT ,
UPDATE (
login_count ,
last_login ,
up_count ,
up_bytes ,
down_count ,
down_bytes
) ON syscp.ftp_users TO 'syscpe'@'127.0.0.1';
GRANT SELECT ON syscp.mail_users TO 'syscpe'@'127.0.0.1';
GRANT SELECT ON syscp.mail_virtual TO 'syscpe'@'127.0.0.1';
GRANT SELECT ON syscp.panel_domains TO 'syscpe'@'127.0.0.1';

CREATE USER 'syscpe'@'localhost' IDENTIFIED BY '$mysqlsyscpepasswort';

GRANT USAGE ON * . * TO 'syscpe'@'localhost' IDENTIFIED BY '$mysqlsyscpepasswort' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
GRANT SELECT ON syscp.ftp_groups TO 'syscpe'@'localhost';
GRANT SELECT ,
UPDATE (
login_count ,
last_login ,
up_count ,
up_bytes ,
down_count ,
down_bytes
) ON syscp.ftp_users TO 'syscpe'@'localhost';
GRANT SELECT ON syscp.mail_users TO 'syscpe'@'localhost';
GRANT SELECT ON syscp.mail_virtual TO 'syscpe'@'localhost';
GRANT SELECT ON syscp.panel_domains TO 'syscpe'@'localhost';

DELETE FROM mysql.db WHERE db.Host = '%' AND db.User = '' LIMIT 1;
DROP USER ''@'%';
flush privileges; "> mysql.sql
	echo "mysql -uroot -p$mysqlrootpasswort < mysql.sql" >> c.sh
	echo "rm mysql.sql" >> c.sh

	#committen
	echo etckeeper commit einrichten_syscp_2 >> c.sh
	aufruf

	#test
	if [ ! -e install.php ]; then echo "syscp-Einrichtung schlug fehl!"; exit 1; fi
	rm install.php
}

einrichten_syscp2 () {
	cd "$pfad"
	echo -n "Syscp2 "

	#Als admin einloggen
	rm admin_index.* >/dev/null 2>&1
	echo > cookie
	wget --trust-server-names --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "loginname=admin&password=$syscppasswort&language=profile&send=send&submit=Login" "https://$ip:81/syscp/index.php" >>install.log 2>&1

	ls admin_index.* >session.tmp
	sed 's/admin_index.php?s=//g' session.tmp >session
	rm session.tmp
	session=`cat session`
	rm session
	#echo "$session"
	if [ -z $session ]; then echo "Einloggen als Admin fehlgeschlagen!"; exit 1; fi

	#Paneleinstellungen
	wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "s=$session&page=overview&part=panel&action=&send=send&panel_natsorting=1&panel_no_robots=0&panel_paging=100&panel_pathedit=Manual&panel_adminmail=$postmaster&panel_decimal_places=4&panel_phpmyadmin_url=https://$ip:81/phpmyadmin&panel_webmail_url=https://$ip:81/squirrelmail&panel_webftp_url=&part=panel" "https://$ip:81/syscp/admin_settings.php?s=$session&page=overview&part=panel" >/dev/null 2>&1
	#Statistikeinstellungen
	#wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php"p --post-data "s=$session&page=overview&part=panel&action=&send=send&system_webalizer_quiet=2&system_awstats_enabled=1&part=statistic" "https://$ip:81/syscp/admin_settings.php?s=$session" >>install.log 2>&1
	#hmm, /usr/bin/awstats_updateall.pl gibts bei mir nicht
	#wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "s=$session&page=overview&part=panel&action=&send=send&system_webalizer_quiet=2&system_awstats_enabled=1&system_awstats_domain_file=/etc/awstats/&system_awstats_model_file=/etc/awstats/awstats.model.conf.syscp&system_awstats_path=/usr/lib/cgi-bin&system_awstats_updateall_command=/usr/bin/awstats_updateall.pl&part=statistic" "https://$ip:81/syscp/admin_settings.php?s=$session" >>install.log 2>&1

	#Pfad anpassen (mail)
	wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "s=$session&page=overview&part=mail&action=&send=send&system_vmail_uid=2000&system_vmail_gid=2000&system_vmail_homedir=/var/lib/syscp/customers/mail/&panel_sendalternativemail=0&system_mail_quota_enabled=0&system_mail_quota=2500&autoresponder_active=0&page=overview&part=mail" "https://$ip:81/syscp/admin_settings.php?s=$session" >>install.log 2>&1

	#Pfad anpassen (webserver)
	wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "s=$session&page=overview&part=webserver&action=&send=send&panel_webserver_selected=apache2&system_apacheconf_vhost=/etc/apache2/sites-enabled/&system_apacheconf_diroptions=/etc/apache2/sites-enabled/&system_apacheconf_htpasswddir=/etc/apache2/syscp-htpasswd/&/etc/init.d/apache2 reload&system_modlogsql=0&system_logfiles_directory=/var/lib/syscp/customers/logs&system_phpappendopenbasedir=/tmp/&system_deactivateddocroot=&system_default_vhostconf=" "https://$ip:81/syscp/admin_settings.php?s=$session&page=overview&part=webserver" >>install.log 2>&1

	#Pfad anpassen (system)
	wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "s=$session&page=overview&part=system&action=&send=send&system_documentroot_prefix=/var/lib/syscp/customers/webs/&system_ipaddress=$ip&system_defaultip=1&system_hostname=$hostname&system_mysql_access_host=127.0.0.1,localhost,$ip&system_realtime_port=53141&index_file_extension=html" "https://$ip:81/syscp/admin_settings.php?s=$session&page=overview&part=system" >>install.log 2>&1

	#Sicherheit samt fcgi
	wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "s=$session&page=overview&part=security&action=&send=send&panel_unix_names=1&system_mailpwcleartext=0&system_modfcgid=1&system_mod_fcgid_configdir=/var/www/php-fcgi-scripts&system_mod_fcgid_tmpdir=/var/lib/syscp/customers/tmp&system_mod_fcgid_peardir=/usr/share/php/:/usr/share/php5/&system_mod_fcgid_wrapper=1&system_mod_fcgid_starter=0&system_mod_fcgid_maxrequests=250" "https://$ip:81/syscp/admin_settings.php?s=$session&page=overview&part=security" >>install.log 2>&1

	#Klartextpasswoerter loeschen
	wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "s=$session&send=send&page=wipecleartextmailpws&submitbutton=yes" "https://$ip:81/syscp/admin_settings.php?page=wipecleartextmailpws&s=$session" >>install.log 2>&1

	#SSL
	wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "s=$session&send=send&page=ipsandports&ip=188.40.170.101&port=443&listen_statement=0&namevirtualhost_statement=1&vhostcontainer=1&specialsettings=SSLCertificateKeyFile /root/ssl/server443-key-u.pem&vhostcontainer_servername_statement=1&ssl=1&ssl_cert_file=/root/ssl/server443-cert.pem" "https://$ip:81/syscp/admin_ipsandports.php?s=$session&page=ipsandports" >>install.log 2>&1

	#Customer anlegen
	wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "s=$session&page=customers&action=add&send=send&loginname=$syscpacclogin&createstdsubdomain=1&customer_password=$syscpaccpasswort&sendpassword=1&def_password=Deutsch&name=$syscpaccname&firstname=$syscpaccvorname&email=$postmaster&diskspace=2000&traffic=10&subdomains=100&emails=100&email_accounts=100&email_forwarders=100&email_imap=1&email_pop3=1&ftps=100&tickets=100&mysqls=100&phpenabled=1" "https://$ip:81/syscp/admin_customers.php?s=$session" >>install.log 2>&1

	#Domain
	wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "s=$session&page=domains&action=add&send=send&domain=$domain&customerid=1&adminid=1&alias=0&caneditdomain=1&registration_date=`date +%F`&documentroot=&ipandport=1&wwwserveralias=1&speciallogfile=0&openbasedir=1&safemode=1&phpsettingid=1&mod_fcgid_starter=&mod_fcgid_maxrequests=&isbinddomain=1&zonefile=&isemaildomain=1&email_only=0&subcanemaildomain=0" "https://$ip:81/syscp/admin_domains.php?s=$session" >>install.log 2>&1

	#Als customer einloggen
	rm customer_index.* >/dev/null 2>&1
	wget --trust-server-names --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "loginname=$syscpacclogin&password=$syscpaccpasswort&language=profile&send=send&submit=Login" "https://$ip:81/syscp/index.php" >>install.log 2>&1
	ls customer_index.* >session.tmp
	sed 's/customer_index.php?s=//g' session.tmp >session_customer
	rm session.tmp
	session_customer=`cat session_customer`
	rm session_customer
	#echo "$session_customer"
	if [ -z $session_customer ]; then echo "Einloggen als Customer fehlgeschlagen! Eventuell konnte der Account nicht erstellt werden?"; exit 1; fi

	#Emailaddresse
	wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "s=$session_customer&page=emails&action=add&send=send&email_part=postmaster&domain=$domain&iscatchall=1" "https://$ip:81/syscp/customer_email.php?s=$session_customer" >>install.log 2>&1

	#Emailaccount
	wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "s=$session_customer&page=accounts&action=add&send=send&id=1&email_password=$syscpaccpasswort" "https://$ip:81/syscp/customer_email.php?s=$session_customer" >>install.log 2>&1

	rm admin*php*
	rm customer*php*
	rm index*php*
	rm cookie

	#cron manuell ausfuehren
	echo "/usr/bin/php5 -q /var/www/syscp/scripts/cron_tasks.php" >> c.sh

	#committen
	echo etckeeper commit einrichten_syscp2 >> c.sh
	aufruf
}

einrichten_apache () {
	cd "$pfad"
	echo -n "Apache "

	mkdir -p var/lib/syscp/customers/webs/
	mkdir -p var/lib/syscp/customers/logs/
	mkdir -p var/lib/syscp/customers/tmp
	chmod 1777 var/lib/syscp/customers/tmp

	#xcache.ini
	if [ ! -e etc/php5/conf.d/xcache.ini.org ]; then
		cp etc/php5/conf.d/xcache.ini etc/php5/conf.d/xcache.ini.org
	fi
	sed "s/xcache.var_size  =            0M/xcache.var_size  =            4M/g" etc/php5/conf.d/xcache.ini.org > etc/php5/conf.d/xcache.ini

	#Zugriff auf versteckte Dateien verbieten und die Geschwaetzigkeit abstellen
	printf '<Files ~ "^\.">
    Order allow,deny
    Deny from all
</Files>

<Directory ~ "/\.">
    Order allow,deny
    Deny from all
</Directory>

<Files *~>
    Order allow,deny
    Deny from all
</Files>

ServerTokens Minimal
ServerSignature Off
TraceEnable Off
Options -Indexes -FollowSymLinks
' >> etc/apache2/conf.d/security2

	#selbe in der default
	if [ ! -e etc/apache2/sites-available/default.apache.org ]; then
		cp etc/apache2/sites-available/default etc/apache2/sites-available/default.apache.org
	fi
	sed "s/ Indexes/ -Indexes/g" etc/apache2/sites-available/default.apache.org > etc/apache2/sites-available/default.tmp
	sed "s/+Indexes/-Indexes/g" etc/apache2/sites-available/default.tmp > etc/apache2/sites-available/default
	sed "s/FollowSymLinks/SymLinksIfOwnerMatch/g" etc/apache2/sites-available/default > etc/apache2/sites-available/default.tmp
	mv etc/apache2/sites-available/default.tmp etc/apache2/sites-available/default

	#Kompression
	echo a2enmod deflate >>c.sh
	printf '<IfModule mod_deflate.c>
    #http://httpd.apache.org/docs/2.0/mod/mod_deflate.html
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript application/javascript
</IfModule>
' > etc/apache2/conf.d/deflate

	#suhosin anpassen
	if [ ! -e etc/php5/conf.d/suhosin.ini.org ]; then
		cp etc/php5/conf.d/suhosin.ini etc/php5/conf.d/suhosin.ini.org
	fi
	printf '
;Gibt sonst z.b. bei Drupal oder pma bei vielen (>200) Tabellen Probleme
suhosin.post.max_array_depth = 1000
suhosin.post.max_array_index_length = 640
suhosin.post.max_name_length = 64
suhosin.post.max_totalname_length = 256
suhosin.post.max_value_length = 65000
suhosin.post.max_vars = 2000
suhosin.post.disallow_nul = on
suhosin.request.max_array_depth = 1000
suhosin.request.max_array_index_length = 640
suhosin.request.max_totalname_length = 256
suhosin.request.max_value_length = 65000
suhosin.request.max_vars = 2000
suhosin.request.max_varname_length = 64

;srandr wird manchmal als Hash missbraucht, auch ist sonst debuggen u.U. schwieriger
suhosin.srand.ignore=false
suhosin.mt_srand.ignore=false
' >> etc/php5/conf.d/suhosin.ini

	#userdir nervt
	echo a2dismod userdir >>c.sh

	echo /etc/init.d/apache2 restart >>c.sh

	#committen
	echo etckeeper commit einrichten_apache >> c.sh
	aufruf
}

einrichten_bind () {
	cd "$pfad"
	echo -n "Bind "

	if [ ! -e etc/bind/named.conf.org ]; then
		cp etc/bind/named.conf etc/bind/named.conf.org
	fi
	cp etc/bind/named.conf.org etc/bind/named.conf

	echo "include \"/etc/bind/syscp_bind.conf\";" >> etc/bind/named.conf
	touch etc/bind/syscp_bind.conf
	
	echo /etc/init.d/bind9 restart >> c.sh	

	#committen
	echo etckeeper commit einrichten_bind >> c.sh
	aufruf
}

einrichten_awstats () {
	cd "$pfad"
	echo -n "Awstats "
	
	#awstats
	if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/awstats/etc_awstats_awstats.model.conf.syscp ]; then echo "syscp-awstats Quelle 1 existiert nicht!"; exit 1; fi 
	cp var/www/syscp/templates/misc/configfiles/debian_etch/awstats/etc_awstats_awstats.model.conf.syscp etc/awstats/awstats.model.conf.syscp
	
	if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/awstats/etc_cron.d_awstats ]; then echo "syscp-awstats Quelle 2 existiert nicht!"; exit 1; fi 
	cp var/www/syscp/templates/misc/configfiles/debian_etch/awstats/etc_cron.d_awstats etc/cron.d/awstats

	if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/awstats/etc_apache_vhosts_05_awstats.conf ]; then echo "syscp-awstats Quelle 3 existiert nicht!"; exit 1; fi 
	cp var/www/syscp/templates/misc/configfiles/debian_etch/awstats/etc_apache_vhosts_05_awstats.conf etc/apache2/sites-enabled/05_awstats.conf

	echo /etc/init.d/apache2 restart >>c.sh

	#committen
	echo etckeeper commit einrichten_awstats >> c.sh
	aufruf
}

einrichten_system () {
	cd "$pfad"
	echo -n "System "
	
	#cron	
	if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/cron/etc_cron.d_syscp ]; then echo "syscp-cron Quelle existiert nicht!"; exit 1; fi 
	cp var/www/syscp/templates/misc/configfiles/debian_etch/cron/etc_cron.d_syscp etc/cron.d/syscp
	echo /etc/init.d/cron restart >>c.sh

	#unattended-updates
	printf "APT::Periodic::Update-Package-Lists \"1\";
APT::Periodic::Unattended-Upgrade \"1\";
APT::Periodic::AutocleanInterval \"60\";
Unattended-Upgrade::Mail \"$postmaster\";" > etc/apt/apt.conf.d/unattended-upgrades

	#subversion
	mkdir -p home/svn
	printf '#!/bin/sh
### BEGIN INIT INFO
# Provides:          svn
# Required-Start:    $remote_fs $syslog $network
# Required-Stop:     $remote_fs $syslog $network
# Should-Start:      $named $time
# Should-Stop:       $named $time
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start and stop the svn server daemon
# Description:       Controls the svn server daemon.
### END INIT INFO

svnserve -d -T -r /home/svn
' > etc/init.d/svnserve
	chmod +x etc/init.d/svnserve
	echo ln -s /etc/init.d/svnserve /etc/rc2.d/S91svnserve >> c.sh
	echo ln -s /etc/init.d/svnserve /etc/rc3.d/S91svnserve >> c.sh
	echo ln -s /etc/init.d/svnserve /etc/rc4.d/S91svnserve >> c.sh
	echo ln -s /etc/init.d/svnserve /etc/rc5.d/S91svnserve >> c.sh
	echo etc/init.d/svnserve >> c.sh

	#logrotate
	if [ ! -e etc/logrotate.d/apache2 ]; then echo "logrotate Quelle existiert nicht!"; exit 1; fi 
	sed "s\/var/log/apache2\/var/lib/syscp/customers/logs\g" etc/logrotate.d/apache2 > etc/logrotate.d/syscp

	#ssh
	if [ ! -e etc/ssh/sshd_config.org ]; then
		cp etc/ssh/sshd_config etc/ssh/sshd_config.org
	fi
	sed "s\Port 22\Port $sshport\g" etc/ssh/sshd_config.org > etc/ssh/sshd_config
	echo /etc/init.d/ssh restart >> c.sh

	#committen
	echo etckeeper commit einrichten_system >> c.sh
	aufruf
}

einrichten_rrdtool () {
	cd "$pfad"
	echo -n "rrdtool "

	#http://www.arbeitsplatzvernichtung-durch-outsourcing.de/marty44/rrdtool.html
	mkdir -p var/lib/rrd
	mkdir -p var/www/monitoring

	printf 'rrdtool \
create /var/lib/rrd/process.rrd --step 60 \
DS:processes:GAUGE:120:U:U \
RRA:AVERAGE:0.5:1:2160 \
RRA:AVERAGE:0.5:5:2016 \
RRA:AVERAGE:0.5:15:2880 \
RRA:AVERAGE:0.5:60:8760 \
RRA:MAX:0.5:1:2160 \
RRA:MAX:0.5:5:2016 \
RRA:MAX:0.5:15:2880 \
RRA:MAX:0.5:60:8760
' >> c.sh

	printf 'rrdtool \
create /var/lib/rrd/loadavg.rrd --step 60 \
DS:load1:GAUGE:120:0:U \
DS:load5:GAUGE:120:0:U \
DS:load15:GAUGE:120:0:U \
RRA:AVERAGE:0.5:1:2160 \
RRA:AVERAGE:0.5:5:2016 \
RRA:AVERAGE:0.5:15:2880 \
RRA:AVERAGE:0.5:60:8760
' >> c.sh

	printf 'rrdtool \
create /var/lib/rrd/memory.rrd --step 60 \
DS:fram:GAUGE:120:U:U \
DS:fcache:GAUGE:120:U:U \
DS:fbuffers:GAUGE:120:U:U \
DS:fswap:GAUGE:120:U:U \
RRA:AVERAGE:0.5:1:2160 \
RRA:AVERAGE:0.5:5:2016 \
RRA:AVERAGE:0.5:15:2880 \
RRA:AVERAGE:0.5:60:8760
' >> c.sh

	printf 'rrdtool create /var/lib/rrd/disk.rrd --step 300 \
DS:disk:GAUGE:600:0:U \
RRA:AVERAGE:0.5:1:432 \
RRA:AVERAGE:0.5:1:2016 \
RRA:AVERAGE:0.5:3:2880 \
RRA:AVERAGE:0.5:12:8640
' >> c.sh

	printf 'rrdtool create \
/var/lib/rrd/network.rrd --step 60 \
DS:r:COUNTER:120:0:U \
DS:t:COUNTER:120:0:U \
RRA:AVERAGE:0.5:1:2160 \
RRA:AVERAGE:0.5:5:2016 \
RRA:AVERAGE:0.5:15:2880 \
RRA:AVERAGE:0.5:60:8760 \
RRA:MAX:0.5:1:2160 \
RRA:MAX:0.5:5:2016 \
RRA:MAX:0.5:15:2880 \
RRA:MAX:0.5:60:8760
' >> c.sh

	echo '#!/bin/sh
sleep 3
# 36 Stunden - Prozesse
nice -n 19 rrdtool graph /var/www/monitoring/proc36h.png \
--start -129600 -a PNG -t "Prozesse" --vertical-label "Prozesse" -w 600 -h 100 \
DEF:auswertung=/var/lib/rrd/process.rrd:processes:AVERAGE LINE1:auswertung#ff0000:"Anzahl Prozesse" \
VDEF:auswertung1=auswertung,AVERAGE \
GPRINT:auswertung1:"Durchschnitt Anzahl Prozesse\: %lg" \
DEF:maxaus=/var/lib/rrd/process.rrd:processes:MAX \
VDEF:maxaus1=maxaus,MAXIMUM \
GPRINT:maxaus1:"Hoechste Anzahl Prozesse\: %lg\j" \
> /dev/null
# 7 Tage - Prozesse
nice -n 19 rrdtool graph /var/www/monitoring/procwoc.png \
--start -604800 -a PNG -t "Prozesse" --vertical-label "Prozesse" -w 600 -h 100 \
DEF:auswertung=/var/lib/rrd/process.rrd:processes:AVERAGE LINE1:auswertung#ff0000:"Anzahl Prozesse" \
VDEF:auswertung1=auswertung,AVERAGE \
GPRINT:auswertung1:"Durchschnitt Anzahl Prozesse\: %lg" \
DEF:maxaus=/var/lib/rrd/process.rrd:processes:MAX \
VDEF:maxaus1=maxaus,MAXIMUM \
GPRINT:maxaus1:"Hoechste Anzahl Prozesse\: %lg\j" \
> /dev/null

SWAPT=`grep SwapTotal: /proc/meminfo|tr -s [:blank:]|cut -f2 -d" "`
MEMT=`grep MemTotal: /proc/meminfo|tr -s [:blank:]|cut -f2 -d" "`

MEMTOTAL=$(expr $MEMT \* 1024)
SWAPTOTAL=$(expr $SWAPT \* 1024)

# 36 Stunden - RAM und Swap in einen
nice -n 19 rrdtool graph /var/www/monitoring/ramswap.png \
-b 1024 --start -129600 -a PNG -t "RAM und SWAP" --vertical-label "Bytes" -w 700 -h 100 \
DEF:cache=/var/lib/rrd/memory.rrd:fcache:AVERAGE \
DEF:buffers=/var/lib/rrd/memory.rrd:fbuffers:AVERAGE \
DEF:fram=/var/lib/rrd/memory.rrd:fram:AVERAGE \
DEF:fswap=/var/lib/rrd/memory.rrd:fswap:AVERAGE \
CDEF:cache2=cache,buffers,+ \
CDEF:cacheb=cache2,1024,* \
CDEF:framb=fram,1024,* \
CDEF:fswapb=fswap,1024,* \
CDEF:bram=$MEMTOTAL,framb,- \
CDEF:bswap=$SWAPTOTAL,fswapb,- \
CDEF:brammb=bram,1048576,/ \
CDEF:cachemb=cacheb,1048576,/ \
CDEF:frammb=framb,1048576,/ \
CDEF:bswapmb=bswap,1048576,/ \
CDEF:fswapmb=fswapb,1048576,/ \
VDEF:brammb1=brammb,LAST \
VDEF:cachemb1=cachemb,LAST \
VDEF:frammb1=frammb,LAST \
VDEF:bswapmb1=bswapmb,LAST \
VDEF:fswapmb1=fswapmb,LAST \
AREA:bram#99ffff:"belegter RAM,  letzter\: " GPRINT:brammb1:"%7.3lf MB " \
LINE1:cacheb#00ff00:"Cache,  letzter\: " GPRINT:cachemb1:"%7.3lf MB " \
LINE1:framb#ff0000:"freier RAM,  letzter\: " GPRINT:frammb1:"%7.3lf MB     Grafik erzeugt am\n" \
LINE1:bswap#000000:"belegter SWAP, letzter\: " GPRINT:bswapmb1:"%7.3lf MB " \
LINE1:fswapb#006600:"freier SWAP, letzter\: " GPRINT:fswapmb1:"%7.3lf MB    $(/bin/date "+%d.%m.%Y %H\:%M\:%S")" \
> /dev/null
# 7 Tage - RAM und Swap in einen
nice -n 19 rrdtool graph /var/www/monitoring/ramwoc.png \
-b 1024 --start -604800 -a PNG -t "RAM und SWAP" --vertical-label "Bytes" -w 700 -h 100 \
DEF:cache=/var/lib/rrd/memory.rrd:fcache:AVERAGE \
DEF:buffers=/var/lib/rrd/memory.rrd:fbuffers:AVERAGE \
DEF:fram=/var/lib/rrd/memory.rrd:fram:AVERAGE \
DEF:fswap=/var/lib/rrd/memory.rrd:fswap:AVERAGE \
CDEF:cache2=cache,buffers,+ \
CDEF:cacheb=cache,1024,* \
CDEF:framb=fram,1024,* \
CDEF:fswapb=fswap,1024,* \
CDEF:bram=$MEMTOTAL,framb,- \
CDEF:bswap=$SWAPTOTAL,fswapb,- \
AREA:bram#99ffff:"belegter RAM" \
LINE1:cacheb#00ff00:"Cache" \
LINE1:framb#ff0000:"freier RAM" \
LINE1:bswap#000000:"belegter SWAP" \
LINE1:fswapb#006600:"freier SWAP" \
> /dev/null

# 36 Stunden - Load Average
nice -n 19 rrdtool graph /var/www/monitoring/loadavg.png --start -129600 \
-a PNG -t "Load Average" --vertical-label "Average Load" -w 600 -h 100 -M \
DEF:load1=/var/lib/rrd/loadavg.rrd:load1:AVERAGE \
DEF:load5=/var/lib/rrd/loadavg.rrd:load5:AVERAGE \
DEF:load15=/var/lib/rrd/loadavg.rrd:load15:AVERAGE \
VDEF:load1l=load1,LAST \
VDEF:load5l=load5,LAST \
VDEF:load15l=load15,LAST \
AREA:load1#ff0000:"1 Minute,   letzter\:" GPRINT:load1l:"%5.2lf\n" \
AREA:load5#ff9900:"5 Minuten,  letzter\:" GPRINT:load5l:"%5.2lf     Grafik erzeugt am\n" \
AREA:load15#ffff00:"15 Minuten, letzter\:" GPRINT:load15l:"%5.2lf    $(/bin/date "+%d.%m.%Y %H\:%M\:%S")" \
LINE1:load5#ff9900:"" \
LINE1:load1#ff0000:"" \
> /dev/null

# 7 Tage - Load Average
nice -n 19 rrdtool graph /var/www/monitoring/loadwoc.png --start -604800 \
-a PNG -t "Load Average" --vertical-label "Average Load" -w 600 -h 100 \
DEF:load1=/var/lib/rrd/loadavg.rrd:load1:AVERAGE \
DEF:load5=/var/lib/rrd/loadavg.rrd:load5:AVERAGE \
DEF:load15=/var/lib/rrd/loadavg.rrd:load15:AVERAGE \
VDEF:load1l=load1,LAST \
VDEF:load5l=load5,LAST \
VDEF:load15l=load15,LAST \
AREA:load1#ff0000:"1 Minute,   letzter\:" GPRINT:load1l:"%5.2lf\n" \
AREA:load5#ff9900:"5 Minuten,  letzter\:" GPRINT:load5l:"%5.2lf     Grafik erzeugt am\n" \
AREA:load15#ffff00:"15 Minuten, letzter\:" GPRINT:load15l:"%5.2lf    $(/bin/date "+%d.%m.%Y %H\:%M\:%S")" \
LINE1:load5#ff9900:"" \
LINE1:load1#ff0000:"" \
> /dev/null

# 36 Stunden - network
nice -n 19 rrdtool graph /var/www/monitoring/net36h.png --start -129600 \
-a PNG -t "Network Interface" --vertical-label "Bytes/s" -w 600 -h 100 -M \
DEF:eth0r=/var/lib/rrd/network.rrd:r:AVERAGE \
DEF:eth0t=/var/lib/rrd/network.rrd:t:AVERAGE \
CDEF:eth0tn=eth0t,-1,* \
VDEF:eth0ra=eth0r,AVERAGE \
VDEF:eth0rm=eth0r,MAXIMUM \
VDEF:eth0rc=eth0r,LAST \
VDEF:eth0ta=eth0t,AVERAGE \
VDEF:eth0tm=eth0t,MAXIMUM \
VDEF:eth0tc=eth0t,LAST \
COMMENT:"               Durchschnitt           Maximum          aktuell   pro Sekunde\n" \
AREA:eth0r#00dd00:"Receive " \
GPRINT:eth0ra:"%12.3lf %sb" \
GPRINT:eth0rm:"%12.3lf %sb" \
GPRINT:eth0rc:"%12.3lf %sb\n" \
AREA:eth0tn#0000ff:"Transmit" \
GPRINT:eth0ta:"%12.3lf %sb" \
GPRINT:eth0tm:"%12.3lf %sb" \
GPRINT:eth0tc:"%12.3lf %sb" \
> /dev/null

# 7 Tage - network
nice -n 19 rrdtool graph /var/www/monitoring/netwoc.png --start -604800 \
-a PNG -t "Network Interface" --vertical-label "Bytes/s" -w 600 -h 100 -M \
DEF:eth0r=/var/lib/rrd/network.rrd:r:AVERAGE \
DEF:eth0t=/var/lib/rrd/network.rrd:t:AVERAGE \
CDEF:eth0tn=eth0t,-1,* \
VDEF:eth0ra=eth0r,AVERAGE \
VDEF:eth0rm=eth0r,MAXIMUM \
VDEF:eth0rc=eth0r,LAST \
VDEF:eth0ta=eth0t,AVERAGE \
VDEF:eth0tm=eth0t,MAXIMUM \
VDEF:eth0tc=eth0t,LAST \
COMMENT:"               Durchschnitt           Maximum          aktuell   pro Sekunde\n" \
AREA:eth0r#00dd00:"Receive " \
GPRINT:eth0ra:"%12.3lf %sb" \
GPRINT:eth0rm:"%12.3lf %sb" \
GPRINT:eth0rc:"%12.3lf %sb\n" \
AREA:eth0tn#0000ff:"Transmit" \
GPRINT:eth0ta:"%12.3lf %sb" \
GPRINT:eth0tm:"%12.3lf %sb" \
GPRINT:eth0tc:"%12.3lf %sb" \
> /dev/null


# disk
nice -n 19 rrdtool graph /var/www/monitoring/disk.png  -b 1024 --start -129600 \
-t "Belegung disk" --vertical-label "Bytes belegt" -w 600 -h 100 \
DEF:disk=/var/lib/rrd/disk.rrd:disk:AVERAGE AREA:disk#00ff00:"belegter Platz" > /dev/null
nice -n 19 rrdtool graph /var/www/monitoring/disk-7.png -b 1024 --start -604800 \
-t "Belegung disk" --vertical-label "Bytes belegt" -w 600 -h 100 \
DEF:disk=/var/lib/rrd/disk.rrd:disk:AVERAGE AREA:disk#00ff00:"belegter Platz" > /dev/null


rm /var/www/monitoring/i.html
cp /var/www/monitoring/i_vorlage.html /var/www/monitoring/i.html
echo "<pre>" >>/var/www/monitoring/i.html
df -h >> /var/www/monitoring/i.html
echo "</pre></body></html>" >>/var/www/monitoring/i.html
' > var/lib/rrd/erzeugepng.sh

	chmod +x var/lib/rrd/erzeugepng.sh

	printf '#!/bin/sh
sleep 2

#load
LOAD=$(awk ""{print $1":"$2":"$3}"" < /proc/loadavg)
rrdtool update /var/lib/rrd/loadavg.rrd N:$LOAD

#prozesse
PROZESSE=$(ps hax|wc -l)
rrdtool update /var/lib/rrd/process.rrd N:$PROZESSE

#speicher
CACHE=`grep Cached: /proc/meminfo|tr -s [:blank:]|cut -f2 -d" "|head -n 1`
BUFFER=`grep Buffers: /proc/meminfo|tr -s [:blank:]|cut -f2 -d" "`
FRAM=`grep MemFree: /proc/meminfo|tr -s [:blank:]|cut -f2 -d" "`
FSWAP=`grep SwapFree: /proc/meminfo|tr -s [:blank:]|cut -f2 -d" "`
rrdtool update /var/lib/rrd/memory.rrd N:$FRAM:$CACHE:$BUFFER:$FSWAP

#netzwerk
AETH0=$(grep venet0 /proc/net/dev)
AE0DOWN=$(echo $AETH0|tr \: \ |awk ""{print $2}"")
AE0UP=$(echo $AETH0|tr \: \ |awk ""{print $10}"")
rrdtool update /var/lib/rrd/network.rrd N:$AE0DOWN:$AE0UP

#HDD
Kdisk=`df|grep simfs|head -n 1|tr -s [:blank:]| cut -f3 -d" "`
disk=$(expr $Kdisk \* 1024)
rrdtool update /var/lib/rrd/disk.rrd N:$disk

' > tmp/update.sh
	sed "s!\"\"!'!" tmp/update.sh > tmp/update2.sh
	#gibts 2x in einer Zeile
	sed "s!\"\"!'!" tmp/update2.sh > tmp/update.sh
	sed "s!venet0!$eth0!" tmp/update.sh > tmp/update2.sh
	sed "s!simfs!$hdd!" tmp/update2.sh > var/lib/rrd/update.sh
	rm tmp/update.sh
	rm tmp/update2.sh
	chmod +x var/lib/rrd/update.sh

	printf '<html>
<body>
<h1>Stats</h1>
<img src="proc36h.png" /><br />
<img src="procwoc.png" /><br /><br />
<img src="loadavg.png" /><br />
<img src="loadwoc.png" /><br /><br />
<img src="ramswap.png" /><br />
<img src="ramwoc.png" /><br /><br />
<img src="net36h.png" /><br />
<img src="netwoc.png" /><br /><br />
<img src="disk.png" /><br />
<img src="disk-7.png" /><br /><br />
' > var/www/monitoring/i_vorlage.html

	printf "* * * * * root /var/lib/rrd/update.sh
18,48 * * * * root /var/lib/rrd/erzeugepng.sh
" > etc/cron.d/rrdtool
	echo /etc/init.d/cron restart >>c.sh

	echo /var/lib/rrd/update.sh >> c.sh
	echo /var/lib/rrd/erzeugepng.sh >> c.sh
	
	#committen
	echo etckeeper commit einrichten_rrdtool >> c.sh
	aufruf
}
einrichten_postfix () {
	cd "$pfad"
	echo -n "Postfix "

	mkdir -p etc/postfix/sasl
	mkdir -p var/spool/postfix/etc/pam.d
	mkdir -p var/spool/postfix/var/run/mysqld
	mkdir -p var/lib/syscp/customers/mail/
	touch etc/postfix/mysql-virtual_alias_maps.cf
	touch etc/postfix/mysql-virtual_mailbox_domains.cf
	touch etc/postfix/mysql-virtual_mailbox_maps.cf
	touch etc/postfix/sasl/smtpd.conf
	
	echo groupadd -g 2000 vmail >>c.sh
	echo useradd -u 2000 -g vmail vmail >>c.sh
	echo chown -R vmail:vmail /var/lib/syscp/customers/mail/ >>c.sh
	echo chmod 600 /etc/postfix/mysql-virtual_alias_maps.cf >>c.sh
	echo chmod 600 /etc/postfix/mysql-virtual_mailbox_domains.cf >>c.sh
	echo chmod 600 /etc/postfix/mysql-virtual_mailbox_maps.cf >>c.sh
	echo chmod 600 /etc/postfix/sasl/smtpd.conf >>c.sh
	echo chgrp postfix /etc/postfix/mysql-virtual_alias_maps.cf >>c.sh
	echo chgrp postfix /etc/postfix/mysql-virtual_mailbox_domains.cf >>c.sh
	echo chgrp postfix /etc/postfix/mysql-virtual_mailbox_maps.cf >>c.sh
	echo chgrp postfix /etc/postfix/sasl/smtpd.conf >>c.sh

	#main.cf
	if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/postfix/etc_postfix_main.cf ]; then echo "syscp-postfix Quelle main.cf existiert nicht!"; exit 1; fi 
	if [ ! -e etc/postfix/main.cf.org ]; then
		mv etc/postfix/main.cf etc/postfix/main.cf.org
	fi
	cp etc/postfix/main.cf.org tmp/main.cf
	cat var/www/syscp/templates/misc/configfiles/debian_etch/postfix/etc_postfix_main.cf >> tmp/main.cf
	sed "s/mydomain = <SERVERNAME>/mydomain = $hostname/g" tmp/main.cf > tmp/main2.cf
	sed "s/myhostname = <SERVERNAME>/myhostname = mail.$hostname/g" tmp/main2.cf > tmp/main.cf
#	sed "s\#mailbox_command = /usr/libexec/dovecot/deliver\mailbox_command = /usr/lib/dovecot/deliver\g" tmp/main.cf > tmp/main2.cf
#	sed "s\#smtpd_sasl_type = dovecot\smtpd_sasl_type = dovecot\g" tmp/main2.cf > tmp/main.cf
#	sed "s\#smtpd_sasl_path = private/auth\smtpd_sasl_path = private/auth\g" tmp/main.cf > tmp/main2.cf
#	sed "s\#virtual_transport = dovecot\virtual_transport = dovecot\g" tmp/main2.cf > tmp/main.cf
#	sed "s\#dovecot_destination_recipient_limit = 1\dovecot_destination_recipient_limit = 1\g" tmp/main.cf > tmp/main2.cf
	sed "s\<VIRTUAL_MAILBOX_BASE>\/var/lib/syscp/customers/mail/\g" tmp/main2.cf > tmp/main.cf
	sed "s\<VIRTUAL_UID_MAPS>\2000\g" tmp/main.cf > tmp/main2.cf
	sed "s\<VIRTUAL_GID_MAPS>\2000\g" tmp/main2.cf > tmp/main.cf
	sed "s\<SERVERNAME>\\$hostname\g" tmp/main.cf > tmp/main2.cf
	sed "s/reject_non_fqdn_recipient/reject_non_fqdn_recipient,\n\treject_rbl_client zen.spamhaus.org,\n\treject_rbl_client ix.dnsbl.manitu.net/g" tmp/main2.cf > tmp/main.cf
	sed "s/smtpd_sender_restrictions = permit_mynetworks,/smtpd_sender_restrictions = permit_mynetworks,\n\treject_sender_login_mismatch,/g" tmp/main.cf > tmp/main2.cf
	mv tmp/main2.cf etc/postfix/main.cf
	#manchmal scheints die Optionen nicht zu geben...
	echo "
#zur Sicherheit, manchmal gibts die Optionen nicht
#mailbox_command = /usr/lib/dovecot/deliver
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
smtpd_sender_login_maps = mysql:/etc/postfix/mysql-virtual_sender_permissions.cf
" >> etc/postfix/main.cf
	rm tmp/main.cf

	#master.cf
	if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/postfix/etc_postfix_master.cf ]; then echo "syscp-postfix Quelle master.cf existiert nicht!"; exit 1; fi 
	if [ ! -e etc/postfix/master.cf.org ]; then
		cp etc/postfix/master.cf etc/postfix/master.cf.org
	fi
	cp etc/postfix/master.cf.org etc/postfix/master.cf
	cat var/www/syscp/templates/misc/configfiles/debian_etch/postfix/etc_postfix_master.cf >> etc/postfix/master.cf

	#mysql-virtual_alias_maps.cf
	if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/postfix/etc_postfix_mysql-virtual_alias_maps.cf ]; then echo "syscp-postfix Quelle mysql-virtual_alias_maps.cf existiert nicht!"; exit 1; fi
	
	cp var/www/syscp/templates/misc/configfiles/debian_etch/postfix/etc_postfix_mysql-virtual_alias_maps.cf tmp/maps.cf
	sed "s\<SQL_UNPRIVILEGED_USER>\syscpe\g" tmp/maps.cf > tmp/maps2.cf
	sed "s\<SQL_UNPRIVILEGED_PASSWORD>\\$mysqlsyscpepasswort\g" tmp/maps2.cf > tmp/maps.cf
	sed "s\<SQL_DB>\syscp\g" tmp/maps.cf > tmp/maps2.cf
	sed "s\<SQL_HOST>\127.0.0.1\g" tmp/maps2.cf > tmp/maps.cf
	mv tmp/maps.cf etc/postfix/mysql-virtual_alias_maps.cf
	rm tmp/maps2.cf

	#mysql-virtual_mailbox_domains.cf
	if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/postfix/etc_postfix_mysql-virtual_mailbox_domains.cf ]; then echo "syscp-postfix Quelle mysql-virtual_alias_maps.cf existiert nicht!"; exit 1; fi
	
	cp var/www/syscp/templates/misc/configfiles/debian_etch/postfix/etc_postfix_mysql-virtual_mailbox_domains.cf tmp/maps.cf
	sed "s\<SQL_UNPRIVILEGED_USER>\syscpe\g" tmp/maps.cf > tmp/maps2.cf
	sed "s\<SQL_UNPRIVILEGED_PASSWORD>\\$mysqlsyscpepasswort\g" tmp/maps2.cf > tmp/maps.cf
	sed "s\<SQL_DB>\syscp\g" tmp/maps.cf > tmp/maps2.cf
	sed "s\<SQL_HOST>\127.0.0.1\g" tmp/maps2.cf > tmp/maps.cf
	mv tmp/maps.cf etc/postfix/mysql-virtual_mailbox_domains.cf
	rm tmp/maps2.cf

	#mysql-virtual_mailbox_maps.cf
	if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/postfix/etc_postfix_mysql-virtual_mailbox_maps.cf ]; then echo "syscp-postfix Quelle mysql-virtual_mailbox_maps.cf existiert nicht!"; exit 1; fi
	
	cp var/www/syscp/templates/misc/configfiles/debian_etch/postfix/etc_postfix_mysql-virtual_mailbox_maps.cf tmp/maps.cf
	sed "s\<SQL_UNPRIVILEGED_USER>\syscpe\g" tmp/maps.cf > tmp/maps2.cf
	sed "s\<SQL_UNPRIVILEGED_PASSWORD>\\$mysqlsyscpepasswort\g" tmp/maps2.cf > tmp/maps.cf
	sed "s\<SQL_DB>\syscp\g" tmp/maps.cf > tmp/maps2.cf
	sed "s\<SQL_HOST>\127.0.0.1\g" tmp/maps2.cf > tmp/maps.cf
	mv tmp/maps.cf etc/postfix/mysql-virtual_mailbox_maps.cf
	rm tmp/maps2.cf

	#mysql-virtual_sender_permissions.cf
	echo "user = syscpe
password = $mysqlsyscpepasswort
dbname = syscp
query = select username from mail_users where email in (select mail_virtual.email_full from mail_virtual where mail_virtual.email = '%s');
hosts = 127.0.0.1
	" > etc/postfix/mysql-virtual_sender_permissions.cf

	#etc_postfix_sasl_smtpd.conf
	if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/postfix/etc_postfix_sasl_smtpd.conf ]; then echo "syscp-postfix Quelle etc_postfix_sasl_smtpd.conf existiert nicht!"; exit 1; fi
	
	cp var/www/syscp/templates/misc/configfiles/debian_etch/postfix/etc_postfix_sasl_smtpd.conf tmp/datei.cf
	sed "s\<SQL_UNPRIVILEGED_USER>\syscpe\g" tmp/datei.cf > tmp/datei2.cf
	sed "s\<SQL_UNPRIVILEGED_PASSWORD>\\$mysqlsyscpepasswort\g" tmp/datei2.cf > tmp/datei.cf
	sed "s\<SQL_DB>\syscp\g" tmp/datei.cf > tmp/datei2.cf
	sed "s\<SQL_HOST>\127.0.0.1\g" tmp/datei2.cf > tmp/datei.cf
	mv tmp/datei.cf etc/postfix/sasl/smtpd.conf
	rm tmp/datei2.cf


	#aliases
	echo "www-data: root" >> etc/aliases
	echo "root: $postmaster" >> etc/aliases

	echo /etc/init.d/postfix restart >>c.sh
	echo newaliases >>c.sh

	#committen
	echo etckeeper commit einrichten_postfix >> c.sh
	aufruf
}

einrichten_dovecot () {
	cd "$pfad"
	echo -n "Dovecot "
	#dovecot.conf
	if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/dovecot/etc_dovecot_dovecot.conf ]; then echo "syscp-dovecot Quelle etc_dovecot_dovecot.conf existiert nicht!"; exit 1; fi
	if [ ! -e etc/dovecot/dovecot.conf.org ]; then
		cp etc/dovecot/dovecot.conf etc/dovecot/dovecot.conf.org
	fi
	cp etc/dovecot/dovecot.conf.org etc/dovecot/dovecot.conf
	cp var/www/syscp/templates/misc/configfiles/debian_etch/dovecot/etc_dovecot_dovecot.conf tmp/datei.cf
	sed "s\<SERVERNAME>\\$hostname\g" tmp/datei.cf > tmp/datei2.cf
	sed "s\<SSLPROTOCOLS>\imaps pop3s managesieve\g" tmp/datei2.cf > tmp/datei.cf
	sed "s\<postmaster-address>\\$postmaster\g" tmp/datei.cf > tmp/datei2.cf
	grep -v "mail_plugins = quota" tmp/datei2.cf > tmp/datei.cf
	sed "s.pop3_uidl_format = UID%u-%v.pop3_uidl_format = UID%u-%v\n    mail_plugins = quota.g" tmp/datei.cf > tmp/datei2.cf
	sed "s.auth_socket_path = /var/run/dovecot/auth-master.auth_socket_path = /var/run/dovecot/auth-master\n    mail_plugins = quota sieve.g" tmp/datei2.cf > tmp/datei.cf
	sed "s.protocol imap {.protocol imap {\n    mail_plugins = quota imap_quota.g" tmp/datei.cf > tmp/datei2.cf
	mv tmp/datei2.cf etc/dovecot/dovecot.conf
	rm tmp/datei.cf

	echo "plugin {
	quota = maildir
	sieve = ~/.dovecot.sieve
	sieve_dir = ~/sieve
}

## MANAGESIEVE specific settings
##

protocol managesieve {
  listen = *:4190
  # Login executable location.
  #login_executable = /usr/libexec/dovecot/managesieve-login

  # MANAGESIEVE executable location. See IMAP's mail_executable above for
  # examples how this could be changed.
  #mail_executable = /usr/libexec/dovecot/managesieve

  # Maximum MANAGESIEVE command line length in bytes. This setting is
  # directly borrowed from IMAP. But, since long command lines are very
  # unlikely with MANAGESIEVE, changing this will not be very useful.
  #managesieve_max_line_length = 65536

  # Specifies the location of the symlink pointing to the active script in
  # the sieve storage directory. This must match the SIEVE setting used by
  # deliver (refer to http://wiki.dovecot.org/LDA/Sieve#location for more
  # info). Variable substitution with % is recognized.
  ##  sieve=~/.dovecot.sieve

  # This specifies the path to the directory where the uploaded scripts must
  # be stored. In terms of '%' variable substitution it is identical to   
  # dovecot's mail_location setting used by the mail protocol daemons.
  ## sieve_storage=~/sieve

  # If, for some inobvious reason, the sieve_storage remains unset, the   
  # managesieve daemon uses the specification of the mail_location to find out
  # where to store the sieve files (see explaination in README.managesieve).
  # The example below, when uncommented, overrides any global mail_location
  # specification and stores all the scripts in '~/mail/sieve' if sieve_storage
  # is unset. However, you should always use the sieve_storage setting.
  # mail_location = mbox:~/mail

  # To fool managesieve clients that are focused on timesieved you can
  # specify the IMPLEMENTATION capability that the dovecot reports to clients
  # (default: dovecot).
  #managesieve_implementation_string = Cyrus timsieved v2.2.13
}
" >> etc/dovecot/dovecot.conf
	
	#dovecot-sql.conf
	if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/dovecot/etc_dovecot_dovecot-sql.conf ]; then echo "syscp-dovecot Quelle etc_dovecot_dovecot-sql.conf existiert nicht!"; exit 1; fi
	
	cp var/www/syscp/templates/misc/configfiles/debian_etch/dovecot/etc_dovecot_dovecot-sql.conf tmp/datei.cf
	sed "s\<SQL_UNPRIVILEGED_USER>\syscpe\g" tmp/datei.cf > tmp/datei2.cf
	sed "s\<SQL_UNPRIVILEGED_PASSWORD>\\$mysqlsyscpepasswort\g" tmp/datei2.cf > tmp/datei.cf
	sed "s\<SQL_DB>\syscp\g" tmp/datei.cf > tmp/datei2.cf
	sed "s\<SQL_HOST>\127.0.0.1\g" tmp/datei2.cf > tmp/datei.cf
	#sed "s\SELECT homedir AS home, concat('maildir:', maildir) AS mail\SELECT concat(homedir,maildir) AS home, concat('maildir:', homedir,maildir) AS mail\g" tmp/datei.cf > tmp/datei2.cf
	cat tmp/datei.cf | grep -v user_query | grep -v password_query >tmp/datei2.cf
	echo "user_query = SELECT CONCAT(homedir,maildir) AS home, concat('maildir:',homedir,maildir,'mail/' ) AS mail, uid, gid, concat('maildir:storage=', (quota*1024)) as quota FROM mail_users where username = '%u';
password_query = SELECT password_enc AS password, CONCAT(homedir,maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid, concat('maildir:',homedir,maildir,'mail/' ) AS userdb_mail, concat('maildir:storage=', (quota*1024)) as userdb_quota FROM mail_users WHERE username = '%u'
" >>tmp/datei2.cf
	mv tmp/datei2.cf etc/dovecot/dovecot-sql.conf
	rm tmp/datei.cf
	chmod 600 etc/dovecot/dovecot-sql.conf

	echo /etc/init.d/dovecot stop >>c.sh
	echo killall dovecot >>c.sh
	echo sleep 1 >>c.sh
	echo /etc/init.d/dovecot start >>c.sh
	echo /etc/init.d/postfix restart >>c.sh

	#committen
	aufruf
}

einrichten_proftpd () {
	cd "$pfad"
	echo -n "Proftpd "
	#modules.conf
	if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/proftpd/etc_proftpd_modules.conf ]; then echo "syscp-proftpd Quelle etc_proftpd_modules.conf existiert nicht!"; exit 1; fi
	if [ ! -e etc/proftpd/modules.conf.org ]; then
		cp etc/proftpd/modules.conf etc/proftpd/modules.conf.org
	fi
	sed "s\#LoadModule mod_sql_mysql.c\LoadModule mod_sql_mysql.c\g" etc/proftpd/modules.conf.org > tmp/modules.conf
	sed "s\#LoadModule mod_sql.c\LoadModule mod_sql.c\g" tmp/modules.conf > etc/proftpd/modules.conf

	#proftpd.conf

	if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/proftpd/etc_proftpd_proftpd.conf ]; then echo "syscp-proftpd Quelle etc_proftpd_proftpd.conf existiert nicht!"; exit 1; fi
	if [ ! -e etc/proftpd/proftpd.conf.org ]; then
		cp etc/proftpd/proftpd.conf etc/proftpd/proftpd.conf.org
	fi
	sed "s\#Include /etc/proftpd/sql.conf\Include /etc/proftpd/sql-syscp.conf\g" etc/proftpd/proftpd.conf.org > etc/proftpd/proftpd.conf
	
	printf "DefaultRoot ~
RequireValidShell off

AuthOrder mod_sql.c

SQLAuthTypes Crypt
SQLAuthenticate users* groups*
SQLConnectInfo syscp@127.0.0.1 syscpe $mysqlsyscpepasswort
SQLUserInfo ftp_users username password uid gid homedir shell
SQLGroupInfo ftp_groups groupname gid members
SQLUserWhereClause \"login_enabled = 'y'\"

SQLLog PASS login
SQLNamedQuery login UPDATE \"last_login=now(), login_count=login_count+1 WHERE username='%u'\" ftp_users

SQLLog RETR download
SQLNamedQuery download UPDATE \"down_count=down_count+1, down_bytes=down_bytes+%b WHERE username='%u'\" ftp_users

SQLLog STOR upload
SQLNamedQuery upload UPDATE \"up_count=up_count+1, up_bytes=up_bytes+%b WHERE username='%u'\" ftp_users
" > etc/proftpd/sql-syscp.conf
	chmod  600 etc/proftpd/sql-syscp.conf

	echo /etc/init.d/proftpd restart >>c.sh

	#committen
	aufruf
}

einrichten_amavis () {
	cd "$pfad"
	echo -n "Amavis "
	#defaults/spamassassin
	if [ ! -e etc/default/spamassassin.org ]; then
		cp etc/default/spamassassin etc/default/spamassassin.org
	fi
	cp etc/default/spamassassin.org etc/default/spamassassin
	cp etc/default/spamassassin tmp/datei.cf
	sed "s\ENABLED=0\ENABLED=1\g" tmp/datei.cf >tmp/datei2.cf
	sed "s\CRON=0\CRON=1\g" tmp/datei2.cf >tmp/datei.cf
	mv tmp/datei.cf etc/default/spamassassin
	rm tmp/datei2.cf
	#/etc/amavis/conf.d/60-syscp
	printf "use strict;

#
# Place your configuration directives here.  They will override those in
# earlier files.
#
# See /usr/share/doc/amavisd-new/ for documentation and examples of
# the directives you can use in this file
#

# Where to find SQL server(s) and database to support SQL lookups?
# A list of triples: (dsn,user,passw).   (dsn = data source name)
# More than one entry may be specified for multiple (backup) SQL servers.
# See 'man DBI', 'man DBD::mysql', 'man DBD::Pg', ... for details.
# When chroot-ed, accessing SQL server over inet socket may be more convenient.
#
@lookup_sql_dsn =
  ( ['DBI:mysql:database=syscp;host=127.0.0.1;port=3306', 'syscpe', '$mysqlsyscpepasswort']);
#     ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'] );
#
# ('mail' in the example is the database name, choose what you like)
# With PostgreSQL the dsn (first element of the triple) may look like:
#      'DBI:Pg:host=host1;dbname=mail'

# The SQL select clause to fetch per-recipient policy settings.
# The %%k will be replaced by a comma-separated list of query addresses
# (e.g. full address, domain only, catchall).  Use ORDER, if there
# is a chance that multiple records will match - the first match wins.
# If field names are not unique (e.g. 'id'), the later field overwrites the
# earlier in a hash returned by lookup, which is why we use '*,users.id'.
# \$sql_select_policy = 'SELECT \"Y\" as local FROM panel_domains where \"%%k\" like concat(\"%%@\",domain)';
\$sql_select_policy = 'SELECT \"Y\" as local FROM mail_virtual WHERE (email_full IN (%%k)) OR (email IN (%%k))';
\$sql_select_policy = 'SELECT \"Y\" as local FROM panel_domains  WHERE CONCAT(\"@\",domain) IN (%%k)';
# \$sql_select_policy = 'SELECT *,users.id FROM users,policy'.
#   ' WHERE (users.policy_id=policy.id) AND (users.email IN (%%k))'.
#   ' ORDER BY users.priority DESC';
#
# The SQL select clause to check sender in per-recipient whitelist/blacklist
# The first SELECT argument '?' will be users.id from recipient SQL lookup,
# the %%k will be sender addresses (e.g. full address, domain only, catchall).
# \$sql_select_white_black_list = 'SELECT wb FROM wblist,mailaddr'.
#     ' WHERE (wblist.rid=?) AND (wblist.sid=mailaddr.id)'.
#     '   AND (mailaddr.email IN (%%k))'.
#   ' ORDER BY mailaddr.priority DESC';

\$sql_select_white_black_list = undef;  # undef disables SQL white/blacklisting

\$myhostname = 'mail.$hostname';



#
# Default antivirus checking mode
# Uncomment the two lines below to enable it back
#

@bypass_virus_checks_maps = (
   \%%bypass_virus_checks, \@bypass_virus_checks_acl, \\\$bypass_virus_checks_re);


#
# Default SPAM checking mode
# Uncomment the two lines below to enable it back
#

@bypass_spam_checks_maps = (
   \%%bypass_spam_checks, \@bypass_spam_checks_acl, \\\$bypass_spam_checks_re);

\$sa_spam_subject_tag = '';
\$sa_tag_level_deflt  = -1000;  # add spam info headers if at, or above that level
\$sa_kill_level_deflt = 10; # triggers spam evasive actions
\$final_spam_destiny       = D_DISCARD;

#------------ Do not modify anything below this line -------------
1;  # insure a defined return
" >etc/amavis/conf.d/60-syscp
chmod 600 etc/amavis/conf.d/60-syscp



	#/etc/postfix/main.cf
printf "#Amavis
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings" >> etc/postfix/main.cf



	#/etc/postfix/master.cf
printf "#amavis
amavis unix - - - - 4 smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject   
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks" >> etc/postfix/master.cf

	echo  usermod -a -G amavis clamav >>c.sh

	echo /etc/init.d/clamav-daemon restart >>c.sh
	echo /etc/init.d/spamassassin restart >>c.sh
	echo /etc/init.d/amavis restart >>c.sh
	echo /etc/init.d/postfix restart >>c.sh

	#committen
	echo etckeeper commit einrichten_dovecot >> c.sh
	aufruf
}

einrichten_squirrelmail () {
	cd "$pfad"
	echo -n "Squirrelmail "

	if [ ! -e etc/squirrelmail/config.php.org ]; then
		cp etc/squirrelmail/config.php etc/squirrelmail/config.php.org
	fi
	sed "s!\$imap_server_type       = 'other';!\$imap_server_type       = 'dovecot';!g" etc/squirrelmail/config.php.org > tmp/datei.cf
	sed "s!'INBOX.Trash'!'Trash'!g" tmp/datei.cf > tmp/datei2.cf
	sed "s!'INBOX.Sent'!'Sent'!g" tmp/datei2.cf > tmp/datei.cf
	sed "s!'INBOX.Drafts'!'Drafts'!g" tmp/datei.cf > tmp/datei2.cf
	sed "s!\$default_sub_of_inbox           = true;!\$default_sub_of_inbox           = false;!g" tmp/datei2.cf > tmp/datei.cf
	sed "s!\$force_username_lowercase = false;!\$force_username_lowercase = true;!g" tmp/datei.cf > tmp/datei2.cf
	sed "s!\$allow_thread_sort        = false;!\$allow_thread_sort        = true;!g" tmp/datei2.cf > tmp/datei.cf
	sed "s!\$allow_server_sort        = false;!\$allow_server_sort        = true;!g" tmp/datei.cf > tmp/datei2.cf
	mv tmp/datei2.cf etc/squirrelmail/config.php
	printf "\$plugins[1] = 'calendar';
\$plugins[2] = 'delete_move_next';
\$plugins[3] = 'filters';
\$plugins[4] = 'mail_fetch';
\$plugins[5] = 'sent_subfolders';
\$plugins[6] = 'newmail';" >> etc/squirrelmail/config.php
	rm tmp/datei.cf
	echo  >>c.sh

	#committen
	echo etckeeper commit einrichten_squirrelmail >> c.sh
	aufruf
}
einrichten_fcgi () {
	cd "$pfad"
	echo -n "fcgi "

	#nss-mysql-root.conf
	if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/libnss/etc_nss-mysql-root.conf ]; then echo "syscp-nss Quelle etc_nss-mysql-root.conf existiert nicht!"; exit 1; fi
	if [ ! -e etc/nss-mysql-root.conf.org ]; then
		cp etc/nss-mysql-root.conf etc/nss-mysql-root.conf.org
	fi
	cp var/www/syscp/templates/misc/configfiles/debian_etch/libnss/etc_nss-mysql-root.conf tmp/datei.cf
	sed "s\<SQL_UNPRIVILEGED_USER>\syscpe\g" tmp/datei.cf > tmp/datei2.cf
	sed "s\<SQL_UNPRIVILEGED_PASSWORD>\\$mysqlsyscpepasswort\g" tmp/datei2.cf > tmp/datei.cf
	sed "s\<SQL_DB>\syscp\g" tmp/datei.cf > tmp/datei2.cf
	sed "s\<SQL_HOST>\127.0.0.1\g" tmp/datei2.cf > tmp/datei.cf
	mv tmp/datei.cf etc/nss-mysql-root.conf
	rm tmp/datei2.cf

	#nss-mysql.conf
	if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/libnss/etc_nss-mysql.conf ]; then echo "syscp-nss Quelle etc_nss-mysql.conf existiert nicht!"; exit 1; fi
	if [ ! -e etc/nss-mysql.conf.org ]; then
		cp etc/nss-mysql.conf etc/nss-mysql.conf.org
	fi
	cp var/www/syscp/templates/misc/configfiles/debian_etch/libnss/etc_nss-mysql.conf tmp/datei.cf
	sed "s\<SQL_UNPRIVILEGED_USER>\syscpe\g" tmp/datei.cf > tmp/datei2.cf
	sed "s\<SQL_UNPRIVILEGED_PASSWORD>\\$mysqlsyscpepasswort\g" tmp/datei2.cf > tmp/datei.cf
	sed "s\<SQL_DB>\syscp\g" tmp/datei.cf > tmp/datei2.cf
	sed "s\<SQL_HOST>\127.0.0.1\g" tmp/datei2.cf > tmp/datei.cf
	mv tmp/datei.cf etc/nss-mysql.conf
	rm tmp/datei2.cf

	#etc/nsswitch.conf
	if [ ! -e etc/nsswitch.conf.org ]; then
		cp etc/nsswitch.conf etc/nsswitch.conf.org
	fi
	cp etc/nsswitch.conf.org tmp/datei.cf
	sed "s\passwd:         compat\passwd:         compat mysql\g" tmp/datei.cf >tmp/datei2.cf
	sed "s\group:          compat\group:          compat mysql\g" tmp/datei2.cf >tmp/datei.cf
	sed "s\shadow:         compat\shadow:         compat mysql\g" tmp/datei.cf >tmp/datei2.cf
	mv tmp/datei2.cf etc/nsswitch.conf
	rm tmp/datei.cf

	chmod 600 etc/nss-mysql.conf etc/nss-mysql-root.conf

	#var/www/php-fcgi-scripts/syscplocal
	mkdir -p var/www/php-fcgi-scripts/syscplocal
	cp etc/php5/cgi/php.ini tmp/datei.cf
	sed 's\disable_functions =\disable_functions = exec,passthru,shell_exec,system,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate\g' tmp/datei.cf > tmp/datei2.cf
	sed 's\;open_basedir =\open_basedir =/var/lib/syscp/customers:/var/www/syscp:/etc/apache2/sites-enabled/:/usr/share/php/:/usr/share/php5/:/tmp/\g' tmp/datei2.cf > tmp/datei.cf
	sed 's\ddddddddddsafe_mode = Off\safe_mode = On\g'  tmp/datei.cf > tmp/datei2.cf
	sed 's\allow_url_fopen = On\allow_url_fopen = Off\g'  tmp/datei2.cf > tmp/datei.cf
	sed 's\magic_quotes_gpc = On\magic_quotes_gpc = Off\g'  tmp/datei.cf > tmp/datei2.cf
	mv tmp/datei2.cf var/www/php-fcgi-scripts/syscplocal/php.ini
	rm tmp/datei.cf

	printf "#!/bin/sh
PHPRC='/var/www/php-fcgi-scripts/syscplocal/'
export PHPRC
PHP_FCGI_CHILDREN=0
export PHP_FCGI_CHILDREN
PHP_FCGI_MAX_REQUESTS=0
export PHP_FCGI_MAX_REQUESTS
exec /usr/bin/php-cgi -c '/var/www/php-fcgi-scripts/syscplocal/'" >> var/www/php-fcgi-scripts/syscplocal/php-fcgi-starter

	chown -R 9999:9999 var/www/php-fcgi-scripts/syscplocal
	chmod 755 var/www/php-fcgi-scripts/syscplocal
	chmod 644 var/www/php-fcgi-scripts/syscplocal/php.ini
	chmod 755 var/www/php-fcgi-scripts/syscplocal/php-fcgi-starter
	chattr +i var/www/php-fcgi-scripts/syscplocal/php-fcgi-starter

	#var/www/php-fcgi-scripts/phpmyadminlocal
	mkdir -p var/www/php-fcgi-scripts/phpmyadminlocal
	cp etc/php5/cgi/php.ini tmp/datei.cf
	sed 's\disable_functions =\disable_functions = exec,passthru,shell_exec,system,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate\g' tmp/datei.cf > tmp/datei2.cf
	sed 's\;open_basedir =\open_basedir =/var/www/phpmyadmin:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/:/usr/share/php5/:/tmp/\g' tmp/datei2.cf > tmp/datei.cf
	sed 's\ddddddddddddddsafe_mode = Off\safe_mode = On\g'  tmp/datei.cf > tmp/datei2.cf
	sed 's\allow_url_fopen = On\allow_url_fopen = Off\g'  tmp/datei2.cf > tmp/datei.cf
	sed 's\magic_quotes_gpc = On\magic_quotes_gpc = Off\g'  tmp/datei.cf > tmp/datei2.cf
	mv tmp/datei2.cf var/www/php-fcgi-scripts/phpmyadminlocal/php.ini
	rm tmp/datei.cf

	printf "#!/bin/sh
PHPRC='/var/www/php-fcgi-scripts/phpmyadminlocal/'
export PHPRC
PHP_FCGI_CHILDREN=0
export PHP_FCGI_CHILDREN
PHP_FCGI_MAX_REQUESTS=0
export PHP_FCGI_MAX_REQUESTS
exec /usr/bin/php-cgi -c '/var/www/php-fcgi-scripts/phpmyadminlocal/'" >> var/www/php-fcgi-scripts/phpmyadminlocal/php-fcgi-starter

	chown -R 9999:9999 var/www/php-fcgi-scripts/phpmyadminlocal
	chmod 755 var/www/php-fcgi-scripts/phpmyadminlocal
	chmod 644 var/www/php-fcgi-scripts/phpmyadminlocal/php.ini
	chmod 755 var/www/php-fcgi-scripts/phpmyadminlocal/php-fcgi-starter
	chattr +i var/www/php-fcgi-scripts/phpmyadminlocal/php-fcgi-starter


	#var/www/php-fcgi-scripts/squirrelmaillocal
	mkdir -p var/www/php-fcgi-scripts/squirrelmaillocal
	cp etc/php5/cgi/php.ini tmp/datei.cf
	sed 's\disable_functions =\disable_functions = exec,passthru,shell_exec,system,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate\g' tmp/datei.cf > tmp/datei2.cf
	sed 's\;open_basedir =\open_basedir =/var/www/squirrelmail:/etc/mailname:/etc/hostname:/etc/squirrelmail/:/var/spool/squirrelmail/:/var/lib/squirrelmail/:/usr/share/php/:/usr/share/php5/:/tmp/\g' tmp/datei2.cf > tmp/datei.cf
	sed 's\ddddddddddddddddsafe_mode = Off\safe_mode = On\g'  tmp/datei.cf > tmp/datei2.cf
	sed 's\allow_url_fopen = On\allow_url_fopen = Off\g'  tmp/datei2.cf > tmp/datei.cf
	sed 's\magic_quotes_gpc = On\magic_quotes_gpc = Off\g'  tmp/datei.cf > tmp/datei2.cf
	mv tmp/datei2.cf var/www/php-fcgi-scripts/squirrelmaillocal/php.ini
	rm tmp/datei.cf

	printf "#!/bin/sh
PHPRC='/var/www/php-fcgi-scripts/squirrelmaillocal/'
export PHPRC
PHP_FCGI_CHILDREN=0
export PHP_FCGI_CHILDREN
PHP_FCGI_MAX_REQUESTS=0
export PHP_FCGI_MAX_REQUESTS
exec /usr/bin/php-cgi -c '/var/www/php-fcgi-scripts/squirrelmaillocal/'" >> var/www/php-fcgi-scripts/squirrelmaillocal/php-fcgi-starter

	chown -R 9999:9999 var/www/php-fcgi-scripts/squirrelmaillocal
	chmod 755 var/www/php-fcgi-scripts/squirrelmaillocal
	chmod 644 var/www/php-fcgi-scripts/squirrelmaillocal/php.ini
	chmod 755 var/www/php-fcgi-scripts/squirrelmaillocal/php-fcgi-starter
	chattr +i var/www/php-fcgi-scripts/squirrelmaillocal/php-fcgi-starter

	#etc/apache2/sites-available/default
	if [ ! -e etc/apache2/sites-available/default.org2 ]; then
		cp etc/apache2/sites-available/default etc/apache2/sites-available/default.org2
	fi
	sed "s!</VirtualHost>!!" etc/apache2/sites-available/default.org2 > etc/apache2/sites-available/default
	printf "
    <Directory \"/var/www\">
	Options         +FollowSymLinks
    </Directory>
    <Directory \"/var/www/syscp\">
        AllowOverride   AuthConfig FileInfo Limit
	FCGIWrapper     /var/www/php-fcgi-scripts/syscplocal/php-fcgi-starter .php
	AddHandler      fcgid-script    .php
	Options         +FollowSymLinks -MultiViews +ExecCGI
    </Directory>
    <Directory \"/var/www/phpmyadmin\">
        AllowOverride   AuthConfig FileInfo Limit
	FCGIWrapper     /var/www/php-fcgi-scripts/phpmyadminlocal/php-fcgi-starter .php
	AddHandler      fcgid-script    .php
	Options         +FollowSymLinks -MultiViews +ExecCGI
    </Directory>
    <Directory \"/var/www/squirrelmail\">
        AllowOverride   AuthConfig FileInfo Limit
	FCGIWrapper     /var/www/php-fcgi-scripts/squirrelmaillocal/php-fcgi-starter .php
	AddHandler      fcgid-script    .php
	Options         +FollowSymLinks -MultiViews +ExecCGI
    </Directory>

    SuexecUserGroup syscplocal syscplocal

</VirtualHost>
" >> etc/apache2/sites-available/default

	#syscp-Besitzer anpassen
	chown -R 9999:9999 var/www/syscp

	#pma Hackfixen
	echo ln -s  /usr/share/phpmyadmin /var/www/phpmyadmin >> c.sh
	cp usr/share/phpmyadmin/libraries/.htaccess usr/share/phpmyadmin/setup/.htaccess >/dev/null 2>&1
	chown 9999:9999 etc/phpmyadmin/config-db.php  >> install.log 2>&1
	chown 9999:9999 var/lib/phpmyadmin/*  >> install.log 2>&1
	
	#nicht dass diese Datei irgendwie nochmal angelegt wird	
	echo "" > etc/apache2/conf.d/phpmyadmin.conf

	chmod a-w etc/apache2/conf.d/phpmyadmin.conf
	chmod a-w var/lib/phpmyadmin/config.inc.php
	chmod a-w var/lib/phpmyadmin/blowfish_secret.inc.php

	#squirrelmail
	echo ln -s  /usr/share/squirrelmail /var/www/squirrelmail >> c.sh
	chown -R 9999:9999 var/lib/squirrelmail >> install.log 2>&1
	chown -R 9999:9999 var/spool/squirrelmail >> install.log 2>&1

	echo /etc/init.d/nscd restart >>c.sh
	echo a2enmod suexec >> c.sh
	echo a2enmod fcgid >> c.sh
	echo a2dismod php5 >> c.sh

	echo groupadd -g 9999 syscplocal >> c.sh
	echo useradd -g 9999 -u 9999 -s /bin/false syscplocal >> c.sh
	echo passwd -l syscplocal >>c.sh
	echo /etc/init.d/apache2 restart >> c.sh

	#committen
	echo etckeeper commit einrichten_fcgi >> c.sh
	aufruf
}

einrichten_sicherung () {
	cd "$pfad"
	echo -n "Sicherungen "

	#allgemein
	printf 'echo $1>/tmp/run
chmod +x /tmp/run
nice /tmp/run
rm /tmp/run' > usr/local/bin/sicherung-run.sh
	chmod +x usr/local/bin/sicherung-run.sh
	mkdir ftp-backup

	#mysql
	mkdir -p ftp-backup/mysql
	echo '#!/bin/sh
quelldir=/var/lib/mysql/
datum=`date +%G-%m-%d_%k:%M`
zieldir=/ftp-backup/mysql/$datum/
mkdir -p "$zieldir"
cd "$quelldir"
find -maxdepth 1 -mindepth 1 -type d  -exec /usr/local/bin/sicherung-run.sh "tar -c {}| gzip -1 -c >\"$zieldir{}.tar.gz\"" \;
/usr/local/bin/sicherung-run.sh "tar -c ib*| gzip -1 -c >\"${zieldir}_inno.tar.gz\""
cd "$zieldir"' > usr/local/bin/sicherung-mysql.sh
	if [ "$ftpserver" ]; then
		echo "ncftpput -m -u $ftplogin -p $ftppasswort $ftpserver \"$ftppfad/mysql/\$datum\" * " >> usr/local/bin/sicherung-mysql.sh
	fi
	chmod +x usr/local/bin/sicherung-mysql.sh

	#svn
	mkdir -p ftp-backup/svn
	echo '#!/bin/sh
quelldir=/home/svn/
datum=`date +%G-%m-%d_%k:%M`
zieldir=/ftp-backup/svn/$datum/
mkdir -p "$zieldir"
cd "$quelldir"
find -maxdepth 1 -mindepth 1 -type d  -exec /usr/local/bin/sicherung-run.sh "tar -c {}| gzip -1 -c >\"$zieldir{}.tar.gz\"" \;
cd "$zieldir"' > usr/local/bin/sicherung-svn.sh
	if [ "$ftpserver" ]; then
		echo "ncftpput -m -u $ftplogin -p $ftppasswort $ftpserver \"$ftppfad/mysql/\$datum\" * " >> usr/local/bin/sicherung-svn.sh
	fi
	chmod +x usr/local/bin/sicherung-svn.sh

	#webs
	mkdir -p ftp-backup/webs
	echo '#!/bin/sh
quelldir=/var/lib/syscp/customers/webs/
datum=`date +%G-%m-%d_%k:%M`
zieldir=/ftp-backup/webs/$datum/
mkdir -p "$zieldir"
cd "$quelldir"
find -maxdepth 1 -mindepth 1 -type d  -exec /usr/local/bin/sicherung-run.sh "tar -c {}| gzip -1 -c >\"$zieldir{}.tar.gz\"" \;
cd "$zieldir"' > usr/local/bin/sicherung-webs.sh
	if [ "$ftpserver" ]; then
		echo "ncftpput -m -u $ftplogin -p $ftppasswort $ftpserver \"$ftppfad/mysql/\$datum\" * " >> usr/local/bin/sicherung-webs.sh
	fi
	chmod +x usr/local/bin/sicherung-webs.sh

	#mails
	mkdir -p ftp-backup/mail
	echo '#!/bin/sh
quelldir=/var/lib/syscp/customers/mail/
datum=`date +%G-%m-%d_%k:%M`
zieldir=/ftp-backup/mail/$datum/
mkdir -p "$zieldir"
cd "$quelldir"
find -maxdepth 1 -mindepth 1 -type d  -exec /usr/local/bin/sicherung-run.sh "tar -c {}| gzip -1 -c >\"$zieldir{}.tar.gz\"" \;
cd "$zieldir"' > usr/local/bin/sicherung-mail.sh
	if [ "$ftpserver" ]; then
		echo "ncftpput -m -u $ftplogin -p $ftppasswort $ftpserver \"$ftppfad/mysql/\$datum\" * " >> usr/local/bin/sicherung-mail.sh
	fi
	chmod +x usr/local/bin/sicherung-mail.sh

	#cron
	printf "2 3,15 * * * root /usr/local/bin/sicherung-mysql.sh
25 1 * * 6 root /usr/local/bin/sicherung-svn.sh
25 1 * * 3 root /usr/local/bin/sicherung-mail.sh
47 4 * * 1 root /usr/local/bin/sicherung-webs.sh
" > etc/cron.d/sicherung

	echo  /etc/init.d/cron restart>>c.sh
	
	chown -R 700 ftp-backup

	#committen
	echo etckeeper commit einrichten_sicherung >> c.sh
	aufruf
}

einrichten_pear () {
	cd "$pfad"
	echo -n "pear "

	echo pear channel-update pear.php.net >>c.sh
	echo pear install --alldeps DB_DataObject Mail >>c.sh
	#committen
	echo etckeeper commit einrichten_pear >> c.sh
	aufruf
}

einrichten_ssl () {
	cd "$pfad"
	echo -n "ssl "

	echo "
rm -rf /root/ssl
mkdir -p /root/ssl
cd /root/ssl
echo \"CA\"
#neue ca erzeugen
echo \"DE
.
.
$hostname
CA
$domain
$postmaster
\" |
openssl req -passout pass:$capasswort -new -newkey rsa:4096 -x509 -keyout ca_key.pem -out ca_cert.pem -days 3650 -set_serial 1
#bissle aufraeumen
openssl x509 -in ca_cert.pem -out ca_cert.crt
chmod 600 ca_key.pem

#verzeichnisse anlegen
mkdir demoCA
touch demoCA/index.txt
echo 01 > demoCA/serial

echo \"Server81\"
# Neues .csr File geniereren
echo \"DE
.
.
$hostname
admin
$domain
$postmaster


\" |
openssl req -passout pass:$ssladminpasswort -new -newkey rsa:4096 -keyout server81-key.pem -out server81-req.pem -days 3640

#csr von ca signieren
yes | openssl ca -passin pass:$capasswort -keyfile ca_key.pem -cert ca_cert.pem -policy policy_anything -outdir . -out server81-cert.pem -days 3640 -infiles server81-req.pem

#entschluesseln
openssl rsa -passin pass:$ssladminpasswort -in server81-key.pem > server81-key-u.pem
chmod 600 server81-key-u.pem
chmod 600 server81-key.pem

echo \"Server443\"
# Neues .csr File geniereren
echo \"DE
.
.
$hostname
web
$domain
$postmaster


\" |
openssl req -passout pass:$sslwebpasswort -new -newkey rsa:4096 -keyout server443-key.pem -out server443-req.pem -days 3640
#csr von ca signieren
yes | openssl ca -passin pass:$capasswort -keyfile ca_key.pem -cert ca_cert.pem -policy policy_anything -outdir . -out server443-cert.pem -days 3640 -infiles server443-req.pem

#entschluesseln
openssl rsa -passin pass:$sslwebpasswort -in server443-key.pem > server443-key-u.pem
chmod 600 server443-key-u.pem
chmod 600 server443-key.pem
exit
nice openssl dhparam -out dh4096.pem 4096 &
	" >>c.sh

	#committen
	echo etckeeper commit einrichten_pear >> c.sh
	aufruf
}

einrichten_template () {
	cd "$pfad"
	echo -n " "

	echo  >>c.sh

	#committen
	echo etckeeper commit einrichten_template >> c.sh
	aufruf
}

einrichten () {
	echo -n `date` "Einrichten "

	einrichten_ssl
	einrichten_fcgi
	einrichten_syscp
	einrichten_apache
	einrichten_pear
	einrichten_bind
	einrichten_postfix
	einrichten_dovecot
	einrichten_amavis
	einrichten_proftpd
	einrichten_awstats
	einrichten_squirrelmail
	einrichten_syscp2
	einrichten_rrdtool
	einrichten_system
	einrichten_sicherung

	echo
}

einrichten_minimal () {
	cd "$pfad"
	echo `date` "Einrichten_minimal"
	echo aptitude -y install ssh ssh-server >> c.sh
	
	#committen
	aufruf
}

aufraeumen () {
	cd "$pfad"
	echo `date` "Aufraeumen"
	echo export DEBIAN_FRONTEND=noninteractive >> c.sh
	echo aptitude clean >> c.sh
	echo freshclam >> c.sh

	#committen
	echo etckeeper commit aufraeumen >> c.sh
	aufruf
}

parameter_test () {
	if [ ! `echo $ip | grep "\."` ]; then
		echo "IP $ip unkorrekt!"; exit 1;
	fi
	if [ ! `echo $hostname | grep "\."` ]; then
		echo "Host $hostname unkorrekt!"; exit 1;
	fi
	if [ ! `echo $domain | grep "\."` ]; then
		echo "Domain $domain unkorrekt!"; exit 1;
	fi
	if [ ! `echo $postmaster | grep "\." | grep "@"` ]; then
		echo "Postmaster $postmaster unkorrekt!"; exit 1;
	fi
}


#Einstellungen
#allgemein
#leer=chroot, ansonsten openvz
#minimalsystem?
minimal=""
openvz=""
nummer="1001"
pfad="/vz/private/chroot"
mirror="http://de.archive.ubuntu.com/ubuntu"
distro="precise"
komponenten="main universe restricted" #ubuntu
#komponenten="main contrib non-free" #debian
ip="192.168.0.201"
hostname="test"
domain="mifritscher2.de"
postmaster="postmaster@$domain"
templates="/vz"
sshport="22"
#leer=nicht installieren, ansonsten wird es installiert
webmin=""
webminport="10000"
#fuer die Statistiken
eth0="venet0"
hdd="simfs"

#Passwoerter
rootpasswort="rootpass"
mysqlrootpasswort="mysqlpasswo"
mysqlsyscppasswort="mysqlsyscpasswo"
mysqlsyscpepasswort="mysqlsyscpeassw"
mysqlpmapasswort="mysqlpmapasswo"
syscppasswort="syscppasswo"
capasswort="capasswose"
ssladminpasswort="sslapassosf"
sslwebpasswort="sslwpasskdke"

#der Customer
syscpacclogin="Mustermann"
syscpaccpasswort="web0passwo"
syscpaccname="Mustermann"
syscpaccvorname="Max"

#ftp-Daten für Sicherungen, falls nicht angegeben wird nur lokal gesichert
ftpserver="192.168.3.2"
ftplogin="ftpuser"
ftppasswort="ftppass"
ftppfad="" #muss wenn nicht leer mit / beginnen

#Einstellungen per Datei

PATH_SIC=$PATH
export PATH=$PATH_SIC:.
configfile=""
if [ "$1" ]; then
	if [ ! -e "$1" ]; then
		echo "Konfigdatei gibt es nicht"; exit 1
	fi
	. $1
	configfile="$1"
fi
export PATH=$PATH_SIC

#Main^^
echo -n `date` "Installiere $distro von $mirror in $pfad mit der IP $ip"
if [ "$openvz" ]; then
	echo -n " (mittels openVZ)"
else
	echo -n " (mittels chroot)"
fi
if [ "$minimal" ]; then
	echo -n " (minimal)"
else
	echo -n " (vollstaendig)"
fi
echo
echo

umgebung_testen
if [ ! $minimal ]; then
    parameter_test
fi
grundsystem
booten
cd "$pfad"
apti
if [ ! $minimal ]; then
    syscp
    sonst
    webmin
    einrichten
else
    einrichten_minimal
fi
aufraeumen
echo `date` "Fertig"
exit 0