#ANNEXE 19 - DS_setup_vserver.sh
#===============================
#
#!/bin/sh
# Debian-secinst v0.2.2 : ANNEXE 19 - DS_setup_vserver.sh - v1.0
# (c) 2004 Simon Castro <scastro [at] entreelibre.com>
# http://www.entreelibre.com/scastro/debian-secinst/
#
# Inspiration from :
#  http://www.paul.sladen.org/vserver/debian/
#  http://www.linux-vserver.org/index.php?page=DebianVserverVirtualHosting 
#

# No wrong doing that now...
umask 027

#####################
### CONFIGURATION ###
#####################

VSERVER_CF_PATH=/etc/vservers/
SYSTEM_PACKAGES="bash grep sysvinit shellutils textutils sysklogd logrotate cron hostname sed mawk"
ZONEINFO="/usr/share/zoneinfo/Europe/Paris"

# Type 1
PACKAGES_APACHE="apache apache-doc"
APACHE_CF=DS_setup_vserver-http.conf

# Type 2
PACKAGES_APACHE_SSL="apache apache-doc libapache-mod-ssl libapache-mod-ssl-doc"
APACHE_CF_SSL=DS_setup_vserver-https.conf
X509_CRT_STR="Fr\nFrance\nParis\nDebian-Secinst\n\n"

# Type 3
PACKAGES_APACHE_SSL_PHP="apache apache-doc libapache-mod-ssl libapache-mod-ssl-doc php4"
APACHE_CF_SSL_PHP=DS_setup_vserver-https-php.conf
X509_CRT_STR="Fr\nFrance\nParis\nDebian-Secinst\n\n"

# Type 4
PACKAGES_APACHE_SSL_PHP_MYSQL="apache apache-doc libapache-mod-ssl libapache-mod-ssl-doc php4 php4-mysql"
APACHE_CF_SSL_PHP=DS_setup_vserver-https-php.conf
X509_CRT_STR="Fr\nFrance\nParis\nDebian-Secinst\n\n"

# Type 10
PACKAGES_SSHD="ssh findutils dnsutils procps ncurses-base vim less sudo netcat wget"

# Type 20
PACKAGES_VSFTPD="vsftpd netkit-inetd tcpd"

# Type 21 (hostname and sed are required)
PACKAGES_MYSQLD="mysql-server"

# Type 22
PACKAGES_BIND9="bind9"

# Type 30
PACKAGES_IRCD="ircd"

# Type 40
PACKAGES_POSTFIX="postfix postfix-doc sed mawk tar diff findutils"

# Type 41
PACKAGES_POPBEFSMTP="pop-before-smtp"

# Type 42 / No package, you have to setup the popa3d daemon in the reference
# vserver manually
PACKAGES_POPA3D=""

###############################################################################
################################ GENERIC FUNCTIONS ############################
###############################################################################

REF=
NEW=
DEPS_ON=
TYPE=
IP=
HOSTNAME=
VNAME=
PACKAGES=
CTX=
OVERRIDE=
CHECK=
UPDATE=
DELETE=

version()
{
  cat << EOF
DS_setup_vserver.sh - v1.0
(C) 2004 Simon Castro - <scastro [at] entreelibre.com>
http://www.entreelibre.com/scastro/debian-secinst/

EOF
}


usage()
{
  cat << EOF
Synopsis
--------
  ./DS_setup_vserver.sh -r vsrv -n vsrv -v vsrvname -i IP -c CTX [-H hostname] "-t type [-O pkg_list]" [-C]
  ./DS_setup_vserver.sh -U -r vsrv -n vsrv "-t type [-O pkg_list]" [-C]
  ./DS_setup_vserver.sh -D -r vsrv -n vsrv "-t type [-O pkg_list]" [-C]
  ./DS_setup_vserver.sh [-h|-V]

  -U                    Update the vserver with the related packages / Dependencies are checked
  -D                    Delete the related packages from the vserver / Dependencies are not checked / Configuration files are removed but working files (ex: /var/www , /var/mail, etc) are not.

  -r|--ref vsrv		Absolute path to reference vserver
  -n|--new vsrv		Absolute path to new verserver
  -v|--vname vsrvname	vserver name
  -i|--ip ip		IP address
  -c|--ctx ctx	        Vserver context (must be unique and available)

  -H|--hname hostname	vserver hostname
  -C|--CHECK            Check packages to install and quit

  -t|--type type	Type of setup
  -O pkg1,pkg2,pkgx	Override dependencies look up and only copy from list of packages

  -h|--help		Synopsis and config examples
  -V|--version		Version

  Use --help for config examples.

EOF
}

config_examples()
{
  version
  usage
  cat << EOF
Configuration
-------------
  Types of setup can be :
    $  1 : Apache
    $  2 : Apache + ModSSL 
    $  3 : Apache + ModSSL + Php4
    $  4 : Apache + ModSSL + Php4 + Php4-mysql
    $ 10 : Basic SSHd + (less,vim,sudo,netcat,wget)
    $ 20 : VsFtpd
    $ 21 : MySqld
    $ 22 : Bind9
    $ 30 : Ircd
    $ 40 : Postfix
    $ 41 : Pop-before-Smtp

  Next types first require a manual setup for the reference server.
    $ 42 : Popa3d

  When overriden by the -O flag, setting type allows running the related configuration script.

Example 1
---------

  Creating httpd vserver and sshd vservers on a single IP address :
    ./DS_setup_vserver.sh -r reference -n ssh_DS -v ssh_DS -i 10.1.1.142 -c 14210 -t 10 
    vserver ssh_DS start
    ./DS_setup_vserver.sh -r reference -n www_DS -v www_DS -i 10.1.1.142 -c 14202 -t 2
    vserver www_DS start

  Adding a ftp vserver to the previous httpd vserver :
    ./DS_setup_vserver.sh -U -r reference -n www_DS -v www_DS -t 20
    vserver www_DS exec /etc/init.d/inetd start

  Removing the ftp vserver from the httpd vserver :
    vserver www_DS exec /etc/init.d/inetd stop
    ./DS_setup_vserver.sh -D -r reference -n www_DS -v www_DS -t 20

Example 2
---------

  Creating an irc vserver :
    ./DS_setup_vserver.sh -r reference -n irc_DS -v irc_DS -i 10.1.1.143 -c 14230 -t 30

  Adding the strace and procps packages :
    ./DS_setup_vserver.sh -U -r reference -n irc_DS -v irc_DS -O "strace,procps"

  Removing the packages :
    ./DS_setup_vserver.sh -D -r reference -n irc_DS -v irc_DS -O "strace,procps"

EOF
  exit
}

synopsis()
{
  version
  usage
  exit
}

error()
{
  version
  echo "Error: "$1
  exit -1
}

parse_args()
{
  while [ $# -gt 0 ]; do
  case "$1" in
      --help)
        config_examples
	;;
      -h)
      	synopsis
	;;
      --version|-V)
      	version
	exit 0
	;;
      --ref|-r)
      	REF="$2"
	shift 2
	;;
      --new|-n)
        NEW="$2"
	shift 2
	;;
      --type|-t)
        TYPE="$2"
	shift 2
	;;
      --vname|-v)
        VNAME="$2"
	shift 2
	;;
      --ip|-i)
        IP="$2"
	shift 2
	;;
      --ctx|-c)
      	CTX="$2"
	shift 2
	;;
      --hname|-H)
        HOSTNAME="$2"
	shift 2
	;;
      --CHECK|-C)
        CHECK=1
	shift
	;;
      -O)
        OVERRIDE="$2"
	shift 2
	;;
      -U)
        UPDATE=1
	shift
	;;
      -D)
        DELETE=1
	shift
	;;
      -*)
      	synopsis
	exit
	;;
      ?*)
      	synopsis
	exit
	;;
    esac
  done
}

check_args()
{
  if [ ! "$DELETE" ] && [ ! "$UPDATE" ] ; then
    if ! [ -n "$REF" -a -n "$NEW" -a -n "$IP" -a -n "$VNAME" -a -n "$CTX" ]
      then synopsis ; fi
  else
    if ! [ -n "$REF" -a -n "$NEW" -a -n "$VNAME" ]
      then synopsis ; fi
    case "$TYPE" in
      1|2|3|4) if ! [ -n "$DELETE" ] && ! [ -n "$IP" ] ; then 
        error "Need to supply an IP address for Apache mode." ; 
        fi 
        ;;
    esac
  fi

  if ! [ -n "$OVERRIDE" -o -n "$TYPE" ] ; then synopsis ; fi

  case "$TYPE" in 
    1) PACKAGES=$PACKAGES_APACHE ;;
    2) PACKAGES=$PACKAGES_APACHE_SSL ;;
    3) PACKAGES=$PACKAGES_APACHE_SSL_PHP ;;
    4) PACKAGES=$PACKAGES_APACHE_SSL_PHP_MYSQL ;;
   10) PACKAGES=$PACKAGES_SSHD ;;
   20) PACKAGES=$PACKAGES_VSFTPD ;;
   21) PACKAGES=$PACKAGES_MYSQLD ;;
   22) PACKAGES=$PACKAGES_BIND9 ;;
   30) PACKAGES=$PACKAGES_IRCD ;;
   40) PACKAGES=$PACKAGES_POSTFIX ;;
   41) PACKAGES=$PACKAGES_POPBEFSMTP ;;
   42) PACKAGES=$PACKAGES_POPA3D ;;
   ?*) error "Type $TYPE doesn't exist." ;;
  esac
  
  if [ "$OVERRIDE" ]; then PACKAGES=`echo $OVERRIDE | sed 's/,/ /g'`; fi
  if ! [ -n "$HOSTNAME" ]; then HOSTNAME=$IP; fi

  if ! [ -d "$REF" ]; then error "Reference vserver $REF doesn't exist."; fi

  if [ ! "$DELETE" ] && [ ! "$UPDATE" ] ; then

    if [ -d "$NEW" ]; then error "New versver $NEW already exists."; fi
    if [ -f $VSERVER_CF_PATH/$VNAME.conf ];
      then error "$VSERVER_CF_PATH/$VNAME.conf config file already exists." ; fi

  else

    if ! [ -d "$NEW" ]; then error "New versver $NEW doesn't exist."; fi
    if ! [ -f $VSERVER_CF_PATH/$VNAME.conf ];
      then error "$VSERVER_CF_PATH/$VNAME.conf config file doesn't exist." ; fi

  fi

}

manage_packages()
{
  if ! [ -n "$OVERRIDE" ] && ! [ -n "$DELETE" ] && ! [ -n "$UPDATE" ] ; then 
    PACKAGES=$SYSTEM_PACKAGES" "$PACKAGES ;
  fi

  if ! [ -n "$DELETE" ] && [ -n "$PACKAGES" ] ; then
    for i in $PACKAGES ; do
      chroot "$REF" dpkg -L $i > /dev/null 2>&1 || error "Package $i isn't installed in the $REF vserver."
    done
  fi

  if ! [ -n "$OVERRIDE" ] && ! [ -n "$DELETE" ] && [ -n "$PACKAGES" ] ; then

    PKGS_ON=`echo $PACKAGES | sed 's/ /\\\n/g'`
    DEPS_ON=`(echo -e $PKGS_ON ; chroot "$REF" /usr/bin/apt-cache depends $PACKAGES | grep Depends | sed 's/\(.*\): //;s/<\(.*\)>/\1/' ) | sort -u`

    LOOP=
    while [ ! "$LOOP" ] || [ "$LOOP" != "$DEPS_ON" ] ; do

      LOOP=$DEPS_ON
      PKGS_ON=`echo $PACKAGES | sed 's/ /\\\n/g'`
      DEPS_ON=`(echo -e $PKGS_ON ; chroot "$REF" /usr/bin/apt-cache depends $DEPS_ON | grep Depends | sed 's/\(.*\): //;s/<\(.*\)>/\1/' ) | sort -u`

    done
  else
    DEPS_ON=$PACKAGES
  fi

  if [ "$CHECK" ] ; then
    echo -e "CHECK activated... Packages to copy are :\n$DEPS_ON"
    exit
  fi
}

copy_immut_files()
{
  SEDEX="/^\/\.$/d;s/\//\.\//"

  if ! [ -d "$NEW/var/lib/dpkg/info/" ] ; then mkdir -p "$NEW/var/lib/dpkg/info" ; fi

  cd "$REF"
  for i in $DEPS_ON
    do

      LISTFILE="var/lib/dpkg/info/$i.list"
      if [ -f "$LISTFILE" ] ; then # If the source file exist in the reference vserver

        if ! [ -f "$NEW/$LISTFILE" ] ; then # if files were not previously set in the nw vserver 

          sed $SEDEX "$LISTFILE" | sort -bu | cpio --link --quiet -d -m -u -p "$NEW" || error "Error while trying to copy files from $LISTFILE."

          sed $SEDEX "$LISTFILE" | sort -bu | while read name ; do
            if [ -f "$NEW/$name" ] && [ ! -h "$NEW/$name" ] ; then 
              chattr +it $NEW/$name ; 
            fi
          done

          cp "$LISTFILE" "$NEW/$LISTFILE"

        fi

      fi

  done
  cd -
}

remove_files()
{
  SEDEX="/^\/\.$/d;s/\//\.\//"

  for i in $DEPS_ON
    do
      LISTFILE="$NEW/var/lib/dpkg/info/"$i".list"
      if [ -f "$LISTFILE" ] ; then

        sed $SEDEX "$LISTFILE" | sort -bur | while read file ; do
          if [ -f "$NEW/$file" ] ; then 
            chattr -ti "$NEW/$file"
            rm -f "$NEW/$file"
          elif [ -d "$NEW/$file" ] ; then
            rmdir "$NEW/$file" 2> /dev/null
          fi
        done

        rm -f "$LISTFILE"
    
      fi
  done
}

create_vserver_cf()
{
  cat > $VSERVER_CF_PATH/$VNAME.conf << EOF
ONBOOT="no"
S_HOSTNAME="$HOSTNAME"
IPROOTDEV="eth0"
IPROOT="$IP"
S_CONTEXT=$CTX
S_NICE="10"
S_FLAGS="lock nproc"
ULIMIT="-H -u 256 -n 1024"
S_CAPS=""
EOF
}

setup_done()
{
  cat << EOF
Setup done.

Check the $VSERVER_CF_PATH/$VNAME.conf configuration file.
Installed packages are referenced in ${NEW}/var/lib/dpkg/info/*.
EOF

  if [ "$TYPE" == 1 ] || [ "$TYPE" == 2 ] || [ "$TYPE" == 3 ] ; then
    cat << EOF
Check the apache configuration with 'vserver $VNAME exec /usr/sbin/apache -t'.
EOF
  fi

  if [ "$TYPE" == 10 ] || [ "$TYPE" == 20 ] ; then
    cat << EOF
You can enter the vserver to add users and change the root passwd with 'vserver $VNAME enter'.
EOF
  fi

  if [ "$TYPE" == 21 ] ; then
    cat << EOF

Create mysql tables using : 'vserver $VNAME exec /bin/bash /usr/bin/mysql_install_db'.
EOF
  fi

  if [ "$TYPE" == 22 ] ; then
    cat << EOF

Update the $VSERVER_CF_PATH/$VNAME.conf configuration file to use : S_CAPS="CAP_NET_RAW CAP_SYS_RESOURCE"

EOF
  fi



  if [ "$TYPE" == 30 ] ; then
    cat << EOF
Edit the $NEW/etc/ircd/{ircd.motd,remote.motd,ircd.conf} files.
You can start the ircd vserver with 'vserver $VNAME start'.
EOF
  fi

  if [ "$TYPE" == 40 ] ; then
    cat << EOF

Edit the $NEW/etc/postfix/main.cf file.
EOF
  fi

  if [ "$TYPE" == 41 ] ; then
    cat << EOF

Edit the $NEW/etc/postfix/main.cf file and change the 'smtpd_recipient_restrictions'
config to add 'check_client_access hash:/var/lib/pop-before-smtp/hosts'.
Then reload the postfix configuration.

EOF
  fi

  cat << EOF
Start the vserver with 'vserver $VNAME start'.

EOF

  if [ "$TYPE" == 21 ] ; then
    cat << EOF
Enter your vserver and issue : "mysqladmin -u root password 'your_password'".

Comment skip_networking in /etc/mysql/my.cnf to open the server.
EOF
  fi

}

###############################################################################
############################### SPECIFIC FUNCTIONS ############################
###############################################################################

end_config_system()
{
  echo PostInstall script for system packages

  chmod 755 "$NEW/var/"

  # We want these files to be related to the target vserver
  REMOVE_UNIFIED="fstab mtab inittab shadow passwd group hostname hosts resolv.conf protocols services hosts.allow hosts.deny skel/.bash_profile skel/.bashrc profile issue issue.net syslog.conf cron.allow"

  for i in $REMOVE_UNIFIED ; do
    if [ -f "$NEW/etc/$i" ] ; then
      chattr -ti "$NEW/etc/$i"
      rm -f "$NEW/etc/$i"
    fi
  done

  cat > "$NEW/etc/fstab" << EOF
proc /proc proc defaults 0 0
EOF

  cat > "$NEW/etc/mtab" << EOF
/dev/hdv1 / vfs none 0 0
proc /proc proc rw 0 0
devpts /dev/pts devpts rw,gid=5,mode=620 0 0
EOF

  cat > "$NEW/etc/inittab" << EOF
id:2:initdefault:
si::sysinit:/etc/init.d/rcS
~~:S:wait:/sbin/sulogin
l0:0:wait:/etc/init.d/rc 0
l1:1:wait:/etc/init.d/rc 1
l2:2:wait:/etc/init.d/rc 2
l3:3:wait:/etc/init.d/rc 3
l4:4:wait:/etc/init.d/rc 4
l5:5:wait:/etc/init.d/rc 5
l6:6:wait:/etc/init.d/rc 6
EOF

  for i in fstab mtab inittab; do
    chmod 444 "$NEW/etc/$i"
    chattr +ti "$NEW/etc/$i"
  done

  for i in shadow passwd group; do 
    TMP=`egrep "^root:|nobody:" "$REF/etc/$i"`
    echo -e "$TMP" >>  "$NEW/etc/$i"
  done

  TMP=`egrep "^adm|utmp|staff|users|nogroup" "$REF/etc/group" | sed 's/^\(.*:x:.*:\).*$/\1/'`
  echo -e "$TMP" >> "$NEW/etc/group"

  chmod 440 "$NEW/etc/shadow"
  chmod 444 "$NEW"/etc/{passwd,group}
  # I chattr here and you'll have to unset it for your own purposes...
  chattr +ti "$NEW"/etc/{passwd,group,shadow}

  if [ ! -d "$NEW/dev" ] ; then mkdir "$NEW/dev" && chmod 555 "$NEW/dev" ; fi

  if [ ! -f "$NEW/dev/tty" ] ; then mknod "$NEW/dev/tty" c 5 0 ; fi
  if [ ! -f "$NEW/dev/null" ] ; then mknod "$NEW/dev/null" c 1 3 ; fi
  chmod 666 "$NEW/dev/tty"
  chmod 666 "$NEW/dev/null"

  cat > "$NEW/etc/hosts" << EOF
127.0.0.1       localhost
$IP $HOSTNAME
EOF
  cat > "$NEW/etc/hostname" << EOF
$HOSTNAME
EOF
  cp "$REF/etc/resolv.conf" "$NEW/etc/resolv.conf"
  chmod 444 "$NEW"/etc/{hosts,hostname,resolv.conf}
  chattr +ti "$NEW"/etc/{hosts,hostname,resolv.conf}

  cp "$REF"/etc/{protocols,services,hosts.allow,hosts.deny} "$NEW/etc/"
  chmod 444 "$NEW"/etc/{protocols,services,hosts.allow,hosts.deny}
  chattr +ti "$NEW"/etc/{protocols,services,hosts.allow,hosts.deny}

  cp "$REF/etc/syslog.conf" "$NEW/etc/syslog.conf"
  chmod 640 "$NEW/etc/syslog.conf"
  chattr +ti "$NEW/etc/syslog.conf"

  if [ -f "$NEW/etc/init.d/sysklogd" ] ; then
    chattr -ti "$NEW/etc/init.d/sysklogd"
    rm -f "$NEW/etc/init.d/sysklogd"
  fi
  cp -p "$REF/etc/init.d/sysklogd" "$NEW/etc/init.d/sysklogd"
  chattr +ti "$NEW/etc/init.d/sysklogd"
  chroot "$NEW" update-rc.d sysklogd defaults 10 90 > /dev/null 2>&1

  cat > "$NEW/etc/issue" << EOF
$HOSTNAME ($IP) : Consultez les articles 323.1 a 323.3 du
Nouveau Code Penal relatifs aux autorisations  d'acces  a
ce systeme.
Toutes les connexions et acces a ce systeme font  l'objet
d'un enregistrement.
EOF
  cp -f "$NEW/etc/issue" "$NEW/etc/issue.net"
  chmod 644 "$NEW"/etc/{issue,issue.net}
  chattr +ti "$NEW"/etc/{issue,issue.net}

  touch "$NEW/etc/cron.allow"
  chmod 640 "$NEW/etc/cron.allow"
  chattr +ti "$NEW/etc/cron.allow"

  for i in .alias .bash_logout .bashrc .bash_profile .inputrc .profile ; do
    if [ -f "$REF/etc/skel/$i" ] ; then
      cp "$REF/etc/skel/$i" "$NEW/etc/skel/$i"
      chmod 644 "$NEW/etc/skel/$i"
      chattr +ti "$NEW/etc/skel/$i"
    fi
    if [ -f "$REF/root/$i" ] ; then
      cp "$REF/root/$i" "$NEW/root/$i"
      chmod 640 "$NEW/root/$i"
      chattr +ti "$NEW/root/$i"
    fi
  done

  if ! [ -f "$NEW/etc/localtime" ] ; then
    cd "$NEW/etc"
    ln -s "../$ZONEINFO" localtime
    cd -
  fi
}

###############################################################################
################################### VSFTPD ####################################
###############################################################################

end_config_vsftpd_remove()
{
  echo PostRemove script for VSFTPD...

  if [ -f "$NEW/etc/init.d/inetd" ] ; then
    # chroot "$NEW" update-rc.d -f inetd remove > /dev/null 2>&1
    # chattr -ti "$NEW/etc/init.d/inetd"
    # rm -f "$NEW/etc/init.d/inetd"
    cat << EOF
!!! Note that /etc/init.d/inetd wasn't removed... !!!

EOF
  fi

  for i in shadow passwd group; do
    chattr -ti "$NEW/etc/$i"
    TMP=`sed '/^ftp:.*/d' "$NEW/etc/$i"`
    echo -e "$TMP" > "$NEW/etc/$i"
    chattr +ti "$NEW/etc/$i"
  done

  chattr -ti "$NEW/etc/inetd.conf"
  # If you only want to comment the line ...
  # TMP=`sed 's/^\(ftp.*vsftpd\)$/#\1/g;' "$NEW/etc/inetd.conf"`
  TMP=`sed '/^ftp.*vsftpd$/d' "$NEW/etc/inetd.conf"`
  echo -e "$TMP" > "$NEW/etc/inetd.conf"
  chattr +ti "$NEW/etc/inetd.conf"

  for i in vsftpd.conf vsftpd.userlist_file; do
    if [ -f "$NEW/etc/$i" ] ; then
      chattr -ti "$NEW/etc/$i"
      rm -f "$NEW/etc/$i"
    fi
  done

  if [ -d "$NEW/var/run/vsftpd" ] ; then rmdir "$NEW/var/run/vsftpd" 2> /dev/null ; fi

}

end_config_vsftpd()
{
  echo PostInstall script for VSFTPD...

  chmod 755 "$NEW/var/"

  if [ -f "$NEW/etc/init.d/inetd" ] ; then
    chattr -ti "$NEW/etc/init.d/inetd"
    rm -f "$NEW/etc/init.d/inetd"
  fi
  cp -p "$REF/etc/init.d/inetd" "$NEW/etc/init.d/inetd"
  chroot "$NEW" update-rc.d inetd defaults > /dev/null 2>&1

  for i in shadow passwd group; do
    chattr -ti "$NEW/etc/$i"
    egrep "^ftp:" "$REF/etc/$i" >> "$NEW/etc/$i"
    chattr +ti "$NEW/etc/$i"
  done

  if [ -f "$NEW/etc/inetd.conf" ] ; then
    chattr -ti "$NEW/etc/inetd.conf"
    cat >> "$NEW/etc/inetd.conf" << EOF
ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/vsftpd
EOF
  else
    cat > "$NEW/etc/inetd.conf" << EOF
ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/vsftpd
EOF
  fi
  chmod 440 "$NEW/etc/inetd.conf"
  chattr +ti "$NEW/etc/inetd.conf"

  if [ -f "$NEW/etc/vsftpd.conf" ] ; then
    chattr -ti "$NEW/etc/vsftpd.conf"
    rm -f "$NEW/etc/vsftpd.conf" 
  fi
  cat > "$NEW/etc/vsftpd.conf" << EOF
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
idle_session_timeout=300
nopriv_user=ftp
ftpd_banner=$HOSTNAME
chroot_local_user=YES
userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd.userlist_file
EOF
  chmod 440 "$NEW/etc/vsftpd.conf"
  chattr +ti "$NEW/etc/vsftpd.conf"

  echo > "$NEW/etc/vsftpd.userlist_file"
  chmod 440 "$NEW/etc/vsftpd.userlist_file"
  chattr +ti "$NEW/etc/vsftpd.userlist_file"
}

###############################################################################
#################################### IRCD #####################################
###############################################################################

end_config_ircd_remove()
{
  echo PostRemove script for IRCD...

  if [ -f "$NEW/etc/init.d/ircd" ] ; then
    chroot "$NEW" update-rc.d -f ircd remove > /dev/null 2>&1
    chattr -ti "$NEW/etc/init.d/ircd"
    rm -f "$NEW/etc/init.d/ircd"
  fi

  for i in shadow passwd group; do
    chattr -ti "$NEW/etc/$i"
    TMP=`sed '/^irc:.*/d' "$NEW/etc/$i"`
    echo -e "$TMP" > "$NEW/etc/$i"
    chattr +ti "$NEW/etc/$i"
  done

  chattr -ti "$NEW"/etc/ircd/{ircd.motd,remote.motd,ircd.conf}
  rm -f "$NEW"/etc/ircd/{ircd.motd,remote.motd,ircd.conf}
  rmdir "$NEW"/etc/ircd
}

end_config_ircd()
{
  echo PostInstall script for IRCD...

  chmod 755 "$NEW/var/"

  if [ -f "$NEW/etc/init.d/ircd" ] ; then
    chattr -ti "$NEW/etc/init.d/ircd"
    rm -f "$NEW/etc/init.d/ircd"
  fi
  cp -p "$REF/etc/init.d/ircd" "$NEW/etc/init.d/ircd"
  chroot "$NEW" update-rc.d ircd defaults > /dev/null 2>&1

  for i in shadow passwd group; do
    chattr -ti "$NEW/etc/$i"
    egrep "^irc:" "$REF/etc/$i" >> "$NEW/etc/$i"
    chattr +ti "$NEW/etc/$i"
  done

  chattr -ti "$NEW"/etc/ircd/{ircd.motd,remote.motd,ircd.conf}
  rm -f "$NEW"/etc/ircd/{ircd.motd,remote.motd,ircd.conf}
  cp "$REF"/etc/ircd/{ircd.motd,remote.motd,ircd.conf} "$NEW/etc/ircd/"
  chmod 444 "$NEW"/etc/ircd/{ircd.motd,remote.motd,ircd.conf}
  chattr +ti "$NEW"/etc/ircd/{ircd.motd,remote.motd,ircd.conf}
}

###############################################################################
#################################### SSHD #####################################
###############################################################################

end_config_sshd_remove()
{
  echo PostRemove script for SSHD...

  if [ -f "$NEW/etc/init.d/ssh" ] ; then
    chroot "$NEW" update-rc.d -f ssh remove > /dev/null 2>&1
    chattr -ti "$NEW/etc/init.d/ssh"
    rm -f "$NEW/etc/init.d/ssh"
  fi

  rmdir "$NEW/var/run/ssh"

  for i in shadow passwd group; do
    chattr -ti "$NEW/etc/$i"
    TMP=`sed '/^sshd:.*/d' "$NEW/etc/$i"`
    echo -e "$TMP" > "$NEW/etc/$i"
    chattr +ti "$NEW/etc/$i"
  done

  find "$NEW/etc/ssh/" -type f -print0 | env -i xargs -0 chattr -ti
  rm -rf "$NEW/etc/ssh/"
}

end_config_sshd()
{
  echo PostInstall script for SSHD...

  chmod 755 "$NEW/var/"

  if [ -f "$NEW/etc/init.d/ssh" ] ; then
    chattr -ti "$NEW/etc/init.d/ssh"
    rm -f "$NEW/etc/init.d/ssh"
  fi
  cp -p "$REF/etc/init.d/ssh" "$NEW/etc/init.d/ssh"
  chroot "$NEW" update-rc.d ssh defaults > /dev/null 2>&1

  mkdir "$NEW/var/run/ssh"
  chmod 755 "$NEW/var/run/ssh"

  for i in shadow passwd group; do
    chattr -ti "$NEW/etc/$i"
    egrep "^sshd:" "$REF/etc/$i" >> "$NEW/etc/$i"
    chattr +ti "$NEW/etc/$i"
  done

  touch "$NEW"/var/log/{lastlog,wtmp,btmp}
  chown root.adm "$NEW"/var/log/{lastlog,wtmp,btmp}
  chmod 640 "$NEW"/var/log/{lastlog,wtmp,btmp}

  mknod "$NEW/dev/urandom" c 1 9
  chmod 444 "$NEW/dev/urandom"
  mknod "$NEW/dev/ptmx" c 5 2
  chmod 666 "$NEW/dev/ptmx"

  ssh-keygen -f "$NEW/etc/ssh/ssh_host_rsa_key" -N '' -t rsa > /dev/null 2>&1
  ssh-keygen -f "$NEW/etc/ssh/ssh_host_dsa_key" -N '' -t dsa > /dev/null 2>&1
  chmod 400 "$NEW"/etc/ssh/{ssh_host_rsa_key,ssh_host_dsa_key}
  chmod 444 "$NEW"/etc/ssh/{ssh_host_rsa_key.pub,ssh_host_dsa_key.pub}
  chattr +ti "$NEW"/etc/ssh/{ssh_host_rsa_key,ssh_host_rsa_key.pub}
  chattr +ti "$NEW"/etc/ssh/{ssh_host_dsa_key,ssh_host_dsa_key.pub}

  for i in sshd_config ssh_config ; do
    if [ -f "$NEW/etc/ssh/$i" ] ; then rm -f "$NEW/etc/ssh/$i" ; fi
  done

  cp "$REF/etc/ssh/sshd_config" "$NEW/etc/ssh/sshd_config"
  cp "$REF/etc/ssh/ssh_config" "$NEW/etc/ssh/ssh_config"
  chmod 444 "$NEW/etc/ssh/sshd_config" "$NEW/etc/ssh/ssh_config"
  chattr +ti "$NEW"/etc/ssh/{sshd_config,ssh_config}

  chattr -ti "$NEW/etc/shells"
  rm -f "$NEW/etc/shells"
  cat > "$NEW/etc/shells" << EOF
/bin/bash
/bin/sh
EOF
  chmod 444 "$NEW/etc/shells"
  chattr +ti "$NEW/etc/shells"

  if [ ! -f "$NEW/etc/adduser.conf" ] ; then
    cp "$REF/etc/adduser.conf" "$NEW/etc/adduser.conf"
  fi

  ### You can comment next parts so that the sshd server configuration
  ### remains immutable but you'll have to enter the main host to un'chattr
  ### these files in order to manage the sshd vserver

  chattr -ti "$NEW"/etc/{passwd,group,shadow,shells}
  chattr -ti "$NEW"/etc/ssh/{ssh_host*key*,sshd_config,ssh_config}
  chattr -ti "$NEW"/etc/{hosts,resolv.conf,protocols,services,hosts.allow,hosts.deny}
  chattr -ti "$NEW"/etc/{syslog.conf,issue,issue.net,cron.allow}
  find "$NEW/etc/skel" -type f -exec chattr -ti {} \;
  find "$NEW/root/" -type f -exec chattr -ti {} \;
}

###############################################################################
################################### APACHE ####################################
###############################################################################

end_config_apache_remove()
{
  echo PostRemove script for Apache...

  if [ -f "$NEW/etc/init.d/apache" ] ; then
    chroot "$NEW" update-rc.d -f apache remove > /dev/null 2>&1
    chattr -ti "$NEW/etc/init.d/apache"
    rm -f "$NEW/etc/init.d/apache"
  fi

  for i in shadow passwd group; do
    chattr -ti "$NEW/etc/$i"
    TMP=`sed '/^www-data:.*/d' "$NEW/etc/$i"`
    echo -e "$TMP" > "$NEW/etc/$i"
    chattr +ti "$NEW/etc/$i"
  done

  if [ -d "$NEW/etc/apache" ] ; then
    find "$NEW/etc/apache" -type f -print0 | env -i xargs -0 chattr -ti
    rm -rf "$NEW/etc/apache"
  fi

  # I don't remove /var/www to allow easy update
  cat << EOF
!!! Note that $NEW/var/www wasn't removed !!!

EOF
}

end_config_apache()
{
  echo PostInstall script for Apache...

  chmod 755 "$NEW/var/"

  if [ -f "$NEW/etc/init.d/apache" ] ; then
    chattr -ti "$NEW/etc/init.d/apache"
    rm -f "$NEW/etc/init.d/apache"
  fi
  cp -p "$REF/etc/init.d/apache" "$NEW/etc/init.d/apache"
  chroot "$NEW" update-rc.d apache defaults > /dev/null 2>&1

  for i in shadow passwd group; do
    chattr -ti "$NEW/etc/$i"
    egrep "^www-data:" "$REF/etc/$i" >> "$NEW/etc/$i"
    chattr +ti "$NEW/etc/$i"
  done

  if ! [ -d "$NEW/etc/apache" ] ; then mkdir "$NEW/etc/apache" ; fi

  cp "$REF/etc/apache/mime.types" "$NEW/etc/apache/"
  chmod 444 "$NEW/etc/apache/mime.types"
  chattr +ti "$NEW/etc/apache/mime.types"

  if [ "$TYPE" == 2 ] || [ "$TYPE" == 3 ] || [ "$TYPE" == 4 ] ; then
    rm -rf "$NEW"/etc/apache/ssl*
    mkdir "$NEW"/etc/apache/ssl
    openssl genrsa -out "$NEW/etc/apache/ssl/$HOSTNAME.key" 1024 > /dev/null 2>&1
    echo -e $X509_CRT_STR$HOSTNAME"\n" | openssl req -new -x509 -days 365 -key "$NEW/etc/apache/ssl/$HOSTNAME.key" -out "$NEW/etc/apache/ssl/$HOSTNAME.crt" > /dev/null 2>&1
    chmod 550 "$NEW"/etc/apache/ssl
    chmod 440 "$NEW"/etc/apache/ssl/*
    chattr +ti "$NEW"/etc/apache/ssl/*
  fi

  if [ "$TYPE" == 3 ] || [ "$TYPE" == 4 ] ; then
    if [ -f "$REF/etc/php4/apache/php.ini" ] ; then
      cp -p "$REF/etc/php4/apache/php.ini" "$NEW/etc/php4/apache/php.ini"
      chattr +ti "$NEW/etc/php4/apache/php.ini"
    fi
  fi

  if ! [ -d "$NEW/var/www" ] ; then
    mkdir "$NEW/var/www"
    chmod 755 "$NEW/var/www"
  fi

  if ! [ -d "$NEW/var/www/htdocs/" ] ; then

    mkdir "$NEW/var/www/htdocs/"
    chown root.www-data "$NEW/var/www/htdocs/"
    chmod 3555 "$NEW/var/www/htdocs"
  
    SEDEX="s/\$HOSTNAME/$HOSTNAME/g;s/\$IP/$IP/g"
  
    if [ "$TYPE" == 1 ] ; then cat $APACHE_CF | sed $SEDEX > "$NEW/etc/apache/httpd.conf" ; fi
    if [ "$TYPE" == 2 ] ; then cat $APACHE_CF_SSL | sed $SEDEX > "$NEW/etc/apache/httpd.conf" ; fi
    if [ "$TYPE" == 3 ] ; then cat $APACHE_CF_SSL_PHP | sed $SEDEX > "$NEW/etc/apache/httpd.conf" ; fi
    if [ "$TYPE" == 4 ] ; then cat $APACHE_CF_SSL_PHP | sed $SEDEX > "$NEW/etc/apache/httpd.conf" ; fi
    chmod 440 "$NEW/etc/apache/httpd.conf"
    chattr +ti "$NEW/etc/apache/httpd.conf"
      
    if [ "$TYPE" == 1 ] || [ "$TYPE" == 2 ] ; then
      cat > "$NEW/var/www/htdocs/index.html" << EOF
<html>
<head><title>Debian-Secinst default Apache vserver</title></head>
<body><center>Debian-Secinst default Apache vserver</center></body>
</html>
EOF
      chmod 444 "$NEW/var/www/htdocs/index.html"
      chattr +ti "$NEW/var/www/htdocs/index.html"
    fi
  
    if [ "$TYPE" == 3 ] || [ "$TYPE" == 4 ] ; then
      cat > "$NEW/var/www/htdocs/index.php" << EOF
<html>
<head><title>Debian-Secinst default Apache vserver</title></head>
<body><center>Debian-Secinst default Apache vserver</center><? phpinfo(); ?></body>
</html>
EOF
      chmod 444 "$NEW/var/www/htdocs/index.php"
      chattr +ti "$NEW/var/www/htdocs/index.php"
    fi

  fi
}

###############################################################################
################################### MYSQLD ####################################
###############################################################################

end_config_mysqld_remove()
{
  echo PostRemove script for Mysqld...

  if [ -f "$NEW/etc/init.d/mysql" ] ; then
    chroot "$NEW" update-rc.d -f mysql remove > /dev/null 2>&1
    chattr -ti "$NEW/etc/init.d/mysql"
    rm -f "$NEW/etc/init.d/mysql"
  fi

  for i in shadow passwd group; do
    chattr -ti "$NEW/etc/$i"
    TMP=`sed '/^mysql:.*/d' "$NEW/etc/$i"`
    echo -e "$TMP" > "$NEW/etc/$i"
    chattr +ti "$NEW/etc/$i"
  done

  if [ -d "$NEW/etc/mysql" ] ; then
    find "$NEW/etc/mysql" -type f -exec chattr -ti {} \;
    rm -rf "$NEW/etc/mysql"
  fi

  if [ -f "$NEW/var/log/mysql.log" ] ; then rm -f "$NEW/var/log/mysql.log" ; fi
  if [ -d "$NEW/var/log" ] ; then rm -rf "$NEW/var/log/mysql" ; fi

  cat << EOF
!!! Note that $NEW/var/lib/mysql wasn't removed !!!

EOF
}

end_config_mysqld()
{
  echo PostInstall script for Mysqld...

  chmod 755 "$NEW/var/"

  if [ -f "$NEW/etc/init.d/mysql" ] ; then
    chattr -ti "$NEW/etc/init.d/mysql"
    rm -f "$NEW/etc/init.d/mysql"
  fi
  cp -p "$REF/etc/init.d/mysql" "$NEW/etc/init.d/mysql"
  chroot "$NEW" update-rc.d mysql defaults > /dev/null 2>&1

  for i in shadow passwd group; do
    chattr -ti "$NEW/etc/$i"
    egrep "^mysql:" "$REF/etc/$i" >> "$NEW/etc/$i"
    chattr +ti "$NEW/etc/$i"
  done

  MYSQL_UID=`egrep "^mysql:" "$NEW/etc/passwd" | cut -d ':' -f 3`
  MYSQL_GID=`egrep "^mysql:" "$NEW/etc/passwd" | cut -d ':' -f 4`

  if [ -d "$NEW/etc/mysql" ] ; then
    find "$NEW/etc/mysql" -type f -exec chattr -ti {} \;
    rm -rf "$NEW/etc/mysql"
  fi

  mkdir "$NEW/etc/mysql"
  chmod 755 "$NEW/etc/mysql"

  if [ -f "$REF/etc/mysql/my.cnf" ] ; then
    cp "$REF/etc/mysql/my.cnf" "$NEW/etc/mysql/"
    chmod 644 "$NEW/etc/mysql/my.cnf"
    chattr +ti "$NEW/etc/mysql/my.cnf"
  fi

  if ! [ -f "$NEW/var/log/mysql.log" ] ; then
    touch "$NEW/var/log/mysql.log"
    chown $MYSQL_UID.$MYSQL_GID "$NEW/var/log/mysql.log"
  fi

  if ! [ -d "$NEW/var/lib/mysql/" ] ; then mkdir "$NEW/var/lib/mysql/" ; fi

}

###############################################################################
################################## POSTFIX ####################################
###############################################################################

end_config_postfix_remove()
{
  echo PostRemove script for Postfix...

  if [ -f "$NEW/etc/init.d/postfix" ] ; then
    chroot "$NEW" update-rc.d -f postfix remove > /dev/null 2>&1
    chattr -ti "$NEW/etc/init.d/postfix"
    rm -f "$NEW/etc/init.d/postfix"
  fi

  for i in shadow passwd group; do
    chattr -ti "$NEW/etc/$i"
    TMP=`sed '/^postfix:.*/d;/^postdrop:.*/d' "$NEW/etc/$i"`
    echo -e "$TMP" > "$NEW/etc/$i"
    chattr +ti "$NEW/etc/$i"
  done

  if [ -d "$NEW/etc/postfix" ] ; then
    find "$NEW/etc/postfix" -type f -exec chattr -ti {} \;
    rm -rf "$NEW/etc/postfix"
  fi

  if [ -d "$NEW/var/spool/postfix" ] ; then
    find "$NEW/var/spool/postfix/" -type f -exec chattr -ti {} \;    
    rm -rf "$NEW/var/spool/postfix"
  fi

  cat << EOF
!!! Note that $NEW/var/mail wasn't removed !!!

EOF
}

end_config_postfix()
{
  echo PostInstall script for Postfix...

  chmod 755 "$NEW/var/"

  if [ -f "$NEW/etc/init.d/postfix" ] ; then
    chattr -ti "$NEW/etc/init.d/postfix"
    rm -f "$NEW/etc/init.d/postfix"
  fi
  cp -p "$REF/etc/init.d/postfix" "$NEW/etc/init.d/postfix"
  chroot "$NEW" update-rc.d postfix defaults > /dev/null 2>&1

  for i in shadow passwd group; do
    chattr -ti "$NEW/etc/$i"
    egrep "^postfix:" "$REF/etc/$i" >> "$NEW/etc/$i"
    egrep "^mail:" "$REF/etc/$i" >> "$NEW/etc/$i"
    chattr +ti "$NEW/etc/$i"
  done

  chattr -ti "$NEW/etc/group"
  TMP=`egrep "^postdrop" "$REF/etc/group" | sed 's/^\(.*:x:.*:\).*$/\1/'`
  echo -e "$TMP" >> "$NEW/etc/group"
  chattr +ti "$NEW/etc/group"

  MAIL_GID=`egrep "^mail:" "$NEW/etc/passwd" | cut -d ':' -f 4`

  if [ -d "$NEW/etc/postfix" ] ; then
    find "$NEW/etc/postfix" -type f -exec chattr -ti {} \;
    rm -rf "$NEW/etc/postfix"
  fi

  mkdir "$NEW/etc/postfix"
  chmod 755 "$NEW/etc/postfix"

  if [ -d "$REF/etc/postfix" ] ; then
    cp -rp "$REF"/etc/postfix/* "$NEW/etc/postfix/"
    find "$NEW/etc/postfix/" -type f -exec chattr +ti {} \;
  fi

  if [ -f "$NEW/usr/share/postfix/main.cf.debian" ] && \
     ! [ -f "$NEW/etc/postfix/main.cf" ] ; then
    cp "$NEW/usr/share/postfix/main.cf.debian" "$NEW/etc/postfix/main.cf"
    chattr +ti "$NEW/etc/postfix/main.cf"
  fi

  if [ -d "$NEW/var/spool/postfix" ] ; then
    find "$NEW/var/spool/postfix/" -type f -exec chattr -ti {} \;    
    find "$NEW/var/spool/postfix/" -type f -exec rm -f {} \;
  fi

  if ! [ -d "$NEW/var/mail" ] ; then 
    mkdir "$NEW/var/mail"
    chown root.$MAIL_GID "$NEW/var/mail"
    chmod 2775 "$NEW/var/mail"
  fi

  if [ -f "$NEW/usr/bin/mawk" ] && ! [ -f "$NEW/usr/bin/awk" ] ; then
    cd "$NEW/usr/bin/"
    ln -s mawk awk
    cd -
  fi

}

###############################################################################
################################## POPA3D #####################################
###############################################################################

end_config_popa3d_remove()
{
  echo PostRemove script for Popa3d...

  for i in shadow passwd group; do
    chattr -ti "$NEW/etc/$i"
    TMP=`sed '/^popa3d:.*/d' "$NEW/etc/$i"`
    echo -e "$TMP" > "$NEW/etc/$i"
    chattr +ti "$NEW/etc/$i"
  done

  if [ -d "$NEW/var/empty" ] ; then rm -rf "$NEW/var/empty" ; fi

  if [ -f "$NEW/usr/local/sbin/popa3d" ] ; then
    rm -f "$NEW/usr/local/sbin/popa3d"
  fi

  if [ -f "$NEW/etc/init.d/popa3d" ] ; then
    chroot "$NEW" update-rc.d -f popa3d remove > /dev/null 2>&1
    chattr -ti "$NEW/etc/init.d/popa3d"
    rm -f "$NEW/etc/init.d/popa3d"
  fi
}

end_config_popa3d()
{
  echo PostInstall script for Popa3d...

  for i in shadow passwd group; do
    chattr -ti "$NEW/etc/$i"
    egrep "^popa3d:" "$REF/etc/$i" >> "$NEW/etc/$i"
    chattr +ti "$NEW/etc/$i"
  done

  if [ ! -d "$NEW/usr/local/sbin/" ] ; then mkdir -p "$NEW/usr/local/sbin/" ; fi

  if [ ! -d "$NEW/var/empty" ] ; then mkdir -p "$NEW/var/empty" ; fi
  chmod 750 "$NEW/var/empty"

  if [ -f "$REF/usr/local/sbin/popa3d" ] ; then
    cp -l "$REF/usr/local/sbin/popa3d" "$NEW/usr/local/sbin/popa3d"
    chattr +ti "$REF/usr/local/sbin/popa3d"
  fi

  # Don't forget this is not a debian package
  if [ -f "$REF/etc/init.d/popa3d" ] ; then
    cp -p "$REF/etc/init.d/popa3d" "$NEW/etc/init.d/popa3d"
    chattr +ti "$NEW/etc/init.d/popa3d"
    chroot "$NEW" update-rc.d popa3d defaults > /dev/null 2>&1
  fi

}

###############################################################################
################################ POPBEFSMTP ###################################
###############################################################################

end_config_popbefsmtp_remove()
{
  echo PostRemove script for Popbefsmtp...

  if [ -f "$NEW/etc/init.d/pop-before-smtp" ] ; then
    chroot "$NEW" update-rc.d -f pop-before-smtp remove > /dev/null 2>&1
    chattr -ti "$NEW/etc/init.d/pop-before-smtp"
    rm -f "$NEW/etc/init.d/pop-before-smtp"
  fi

  if [ -d "$NEW/var/lib/pop-before-smtp/" ] ; then
    rm -rf "$NEW/var/lib/pop-before-smtp/"
  fi
}

end_config_popbefsmtp()
{
  echo PostInstall script for Popbefsmtp...

  if [ -f "$NEW/etc/init.d/pop-before-smtp" ] ; then
    chattr -ti "$NEW/etc/init.d/pop-before-smtp"
    rm -f "$NEW/etc/init.d/pop-before-smtp"
  fi
  cp -p "$REF/etc/init.d/pop-before-smtp" "$NEW/etc/init.d/pop-before-smtp"
  chroot "$NEW" update-rc.d pop-before-smtp defaults > /dev/null 2>&1

  if [ ! -d "$NEW/var/lib/pop-before-smtp/" ] ; then
    mkdir "$NEW/var/lib/pop-before-smtp/"
  fi

  find "$NEW/var/lib/pop-before-smtp/" -type f -print0 | env -i xargs -0 chattr -ti
  rm -f "$NEW"/var/lib/pop-before-smtp/hosts.db
  echo "" > "$NEW"/var/lib/pop-before-smtp/hosts
}

###############################################################################
################################### BIND9 #####################################
###############################################################################

end_config_bind9_remove()
{
  echo PostRemove script for Bind9...

  if [ -f "$NEW/etc/init.d/bind9" ] ; then
    chroot "$NEW" update-rc.d -f bind9 remove > /dev/null 2>&1
    chattr -ti "$NEW/etc/init.d/bind9"
    rm -f "$NEW/etc/init.d/bind9"
  fi

  if [ -d "$NEW/etc/bind/" ] ; then
    find "$NEW/etc/bind/" -type f -print0 | env -i xargs -0 chattr -ti
    rm -rf "$NEW/etc/bind/"
  fi

  if [ -d "$NEW/var/lib/named" ] ; then rm -rf "$NEW/var/lib/named" ; fi

  # Be sure to remove the syklogd listen setting in the named chroot

  chattr -ti "$NEW/etc/init.d/sysklogd"
  TMP=`sed 's/^\(SYSLOGD.*\)-a \/var\/lib\/named\/dev\/log\(.*\)$/\1\2/' "$REF/etc/init.d/sysklogd"`
  echo -e "$TMP" > "$NEW/etc/init.d/sysklogd"
  chattr +ti "$NEW/etc/init.d/sysklogd"
}

end_config_bind9()
{
  echo PostInstall script for Bind9...

  chmod 755 "$NEW/var/"

  if [ -f "$NEW/etc/init.d/bind9" ] ; then
    chattr -ti "$NEW/etc/init.d/bind9"
    rm -f "$NEW/etc/init.d/bind9"
  fi
  cp -p "$REF/etc/init.d/bind9" "$NEW/etc/init.d/bind9"
  chroot "$NEW" update-rc.d bind9 defaults > /dev/null 2>&1

  if [ -d "$NEW/etc/bind" ] ; then 
    find "$NEW/etc/bind/" -type f -print0 | env -i xargs -0 chattr -ti
    rm -rf "$NEW/etc/bind"
  fi

  mkdir -m 750 "$NEW/etc/bind"
  cp -rp "$REF"/etc/bind/* "$NEW/etc/bind/"

  mknod "$NEW/dev/random" c 1 8
  chmod 444 "$NEW/dev/random"

  ### All work, now be sure to chroot the daemon

  # Be sure to chroot/change id for the named process
  TMP=`sed 's/^OPTS.*/OPTS="-u nobody -t \/var\/lib\/named"/' "$REF/etc/init.d/bind9"`
  echo -e "$TMP" > "$NEW/etc/init.d/bind9"
  chattr +ti "$NEW/etc/init.d/bind9"

  if [ -d "$NEW/var/lib/named" ] ; then
    rm -rf "$NEW/var/lib/named"
  fi

  mkdir -m 755 "$NEW"/var/lib/{named,named/{dev,etc,sbin,var}}
  mknod "$NEW/var/lib/named/dev/null" c 1 3
  chmod 666 "$NEW/var/lib/named/dev/null"
  cd "$NEW/etc/bind/"
  find . -type f | cpio --link --quiet -d -m -u -p "$NEW/var/lib/named/etc/bind/"
  cd -
  chmod 755 "$NEW/var/lib/named/etc/bind/"
  find "$NEW/var/lib/named/etc/bind/" -type f -print0 | env -i xargs -0 chmod 644
  mkdir -m 755 "$NEW"/var/lib/named/var/{run,run/named,log,log/named,cache,cache/bind}
  BIND9_UID=`egrep "^nobody:" "$NEW/etc/passwd" | cut -d ':' -f 3`
  chown $BIND9_UID.root "$NEW/var/lib/named/var/run/"
  chown $BIND9_UID.root "$NEW/var/lib/named/var/log/"

  mknod "$NEW/var/lib/named/dev/random" c 1 8
  chmod 444 "$NEW/var/lib/named/dev/random"

  # Be sure the syklogd daemon will listen in our chroot

  chattr -ti "$NEW/etc/init.d/sysklogd"
  TMP=`sed 's/^SYSLOGD="\(.*\)"$/SYSLOGD="\1 -a \/var\/lib\/named\/dev\/log"/' "$REF/etc/init.d/sysklogd"`
  echo -e "$TMP" > "$NEW/etc/init.d/sysklogd"
  chattr +ti "$NEW/etc/init.d/sysklogd"
}

###############################################################################
#################################### MAIN #####################################
###############################################################################

# First part, get args and check them, then manage packages dependencies
# and finally be sure of the reference and new vservers paths

parse_args $@
check_args $@
echo Managing packages $PACKAGES...
manage_packages
### Only to be sure if user forgot to set absolute paths
cd "$REF" 2> /dev/null || error "Cannot use -r $REF!" ; REF=`pwd` ; cd -
if [ ! "$UPDATE" ] && [ ! "$DELETE" ] ; then
  mkdir "$NEW" > /dev/null 2>&1 || error "Cannot create $NEW."
  chmod 755 "$NEW"
fi
cd "$NEW" 2> /dev/null || error "Cannot use -n $NEW!" ; NEW=`pwd` ; cd -
### Only to avoid mistakes...
basename "$NEW" | egrep "^/$" > /dev/null 2>&1 && error "Cannot use -n / !!!"

# Let's go for the add/update/delete modes

if ! [ "$DELETE" ] ; then

  echo Copying files and setting imuttable flags
  copy_immut_files

  if ! [ "$UPDATE" ] ; then
    echo Creating configuration file $VSERVER_CF_PATH/$VNAME.conf
    create_vserver_cf
    end_config_system
  fi

  case "$TYPE" in 
    1|2|3|4) end_config_apache ;;
       10) end_config_sshd ;;
       20) end_config_vsftpd ;;
       21) end_config_mysqld ;;
       22) end_config_bind9 ;;
       30) end_config_ircd ;;
       40) end_config_postfix ;;
       41) end_config_popbefsmtp ;;
       42) end_config_popa3d ;;
       ?*) ;;
  esac

  setup_done

else

  echo Removing files...
  remove_files
  case "$TYPE" in 
    1|2|3|4) end_config_apache_remove ;;
       10) end_config_sshd_remove ;;
       20) end_config_vsftpd_remove ;;
       21) end_config_mysqld_remove ;;
       22) end_config_bind9_remove ;;
       30) end_config_ircd_remove ;;
       40) end_config_postfix_remove ;;
       41) end_config_popbefsmtp_remove ;;
       42) end_config_popa3d_remove ;;
       ?*) ;;
  esac
  echo Done

fi