Gecko [ aodai.devttt.com ]

Name	Size	Permission
.git	[ DIR ]	drwxr-xr-x
.github	[ DIR ]	drwxr-xr-x
.idea	[ DIR ]	drwxr-xr-x
ApachController	[ DIR ]	drwxr-xr-x
CLManager	[ DIR ]	drwxr-xr-x
CLScript	[ DIR ]	drwxr-xr-x
CPScripts	[ DIR ]	drwxr-xr-x
CyberCP	[ DIR ]	drwxr-xr-x
IncBackups	[ DIR ]	drwxr-xr-x
WebTerminal	[ DIR ]	drwxr-xr-x
__pycache__	[ DIR ]	drwxr-xr-x
aiScanner	[ DIR ]	drwxr-xr-x
api	[ DIR ]	drwxr-xr-x
backup	[ DIR ]	drwxr-xr-x
baseTemplate	[ DIR ]	drwxr-xr-x
bin	[ DIR ]	drwxr-xr-x
cli	[ DIR ]	drwxr-xr-x
cloudAPI	[ DIR ]	drwxr-xr-x
conf	[ DIR ]	drwxr-xr-x
containerization	[ DIR ]	drwxr-xr-x
databases	[ DIR ]	drwxr-xr-x
dns	[ DIR ]	drwxr-xr-x
dockerManager	[ DIR ]	drwxr-xr-x
emailMarketing	[ DIR ]	drwxr-xr-x
emailPremium	[ DIR ]	drwxr-xr-x
examplePlugin	[ DIR ]	drwxr-xr-x
filemanager	[ DIR ]	drwxr-xr-x
firewall	[ DIR ]	drwxr-xr-x
ftp	[ DIR ]	drwxr-xr-x
guides	[ DIR ]	drwxr-xr-x
highAvailability	[ DIR ]	drwxr-xr-x
include	[ DIR ]	drwxr-xr-x
install	[ DIR ]	drwxr-xr-x
lib	[ DIR ]	drwxr-xr-x
lib64	[ DIR ]	drwxr-xr-x
locale	[ DIR ]	drwxr-xr-x
loginSystem	[ DIR ]	drwxr-xr-x
mailServer	[ DIR ]	drwxr-xr-x
managePHP	[ DIR ]	drwxr-xr-x
manageSSL	[ DIR ]	drwxr-xr-x
manageServices	[ DIR ]	drwxr-xr-x
packages	[ DIR ]	drwxr-xr-x
plogical	[ DIR ]	drwxr-xr-x
pluginHolder	[ DIR ]	drwxr-xr-x
pluginInstaller	[ DIR ]	drwxr-xr-x
postfixSenderPolicy	[ DIR ]	drwxr-xr-x
public	[ DIR ]	drwxr-xr-x
s3Backups	[ DIR ]	drwxr-xr-x
scripts	[ DIR ]	drwxr-xr-x
serverLogs	[ DIR ]	drwxr-xr-x
serverStatus	[ DIR ]	drwxr-xr-x
share	[ DIR ]	drwxr-xr-x
skin_customizations	[ DIR ]	drwxr-xr-x
testPlugin	[ DIR ]	drwxr-xr-x
tmp	[ DIR ]	drwx--x--x
to-do	[ DIR ]	drwxr-xr-x
tuning	[ DIR ]	drwxr-xr-x
userManagment	[ DIR ]	drwxr-xr-x
websiteFunctions	[ DIR ]	drwxr-xr-x
.DS_Store	12 KB	-rw-r--r--
.env	910 B	-rw-r--r--
.env.backup	443 B	-rw-r--r--
.env.template	911 B	-rw-r--r--
.gitignore	1.23 KB	-rw-r--r--
AllCPUbuntu.json	73.23 KB	-rw-r--r--
CONTRIBUTING.md	6.31 KB	-rw-r--r--
CPCent7repo.json	3.86 KB	-rw-r--r--
FetchIP.sh	117 B	-rw-r--r--
LICENSE	34.32 KB	-rw-r--r--
README.md	7.63 KB	-rw-r--r--
SECURITY_INSTALLATION.md	5.5 KB	-rw-r--r--
cert.pem	1.66 KB	-rw-r--r--
cyberpanel.min.js	11.77 MB	-rw-r--r--
cyberpanel.sh	89.28 KB	-rw-r--r--
cyberpanel_upgrade.sh	63.13 KB	-rw-r--r--
cyberpanel_utility.sh	13.36 KB	-rw-r--r--
faq.sh	4.04 KB	-rw-r--r--
fastapi_ssh_server.py	5.4 KB	-rw-r--r--
fastapi_ssh_server.service	400 B	-rw-r--r--
fix_cyberpanel_install.sh	3.95 KB	-rw-r--r--
index.html	752 B	-rw-r--r--
install.sh	2.74 KB	-rw-r--r--
key.pem	1.14 KB	-rw-r--r--
langcomp.sh	647 B	-rw-r--r--
lscpd-0.2.7	27.22 MB	-rw-r--r--
lscpd-0.3.1	27.63 MB	-rw-r--r--
lscpd.0.4.0	23.82 MB	-rw-r--r--
lscpd.aarch64	19.49 MB	-rw-r--r--
manage.py	805 B	-rw-r--r--
phpmyadmin.zip	14.4 MB	-rw-r--r--
preUpgrade.sh	396 B	-rw-r--r--
pyvenv.cfg	88 B	-rw-r--r--
requirments-old.txt	638 B	-rw-r--r--
requirments.txt	694 B	-rw-r--r--
snappymail_cyberpanel.php	2.23 KB	-rw-r--r--
test.php	18 B	-rw-r--r--
test.sh	0 B	-rw-r--r--
ubuntu-requirments.txt	1.51 KB	-rw-r--r--
upgrade.sh	1.07 KB	-rw-r--r--
version.txt	5 B	-rw-r--r--

Code Editor : SECURITY_INSTALLATION.md

# CyberPanel Secure Installation Guide

## Overview

This document describes the secure installation process for CyberPanel that eliminates hardcoded passwords and implements environment-based configuration.

## Security Improvements

### ✅ **Fixed Security Vulnerabilities**

1. **Hardcoded Database Passwords** - Now generated securely during installation
2. **Hardcoded Django Secret Key** - Now generated using cryptographically secure random generation
3. **Environment Variables** - All sensitive configuration moved to `.env` file
4. **File Permissions** - `.env` file set to 600 (owner read/write only)

### 🔐 **Security Features**

- **Cryptographically Secure Passwords**: Uses Python's `secrets` module for password generation
- **Environment-based Configuration**: Sensitive data stored in `.env` file, not in code
- **Secure File Permissions**: Environment files protected with 600 permissions
- **Credential Backup**: Automatic backup of credentials for recovery
- **Fallback Security**: Maintains backward compatibility with fallback method

## Installation Process

### 1. **Automatic Secure Installation**

The installation script now automatically:

1. Generates secure random passwords for:
   - MySQL root user
   - CyberPanel database user
   - Django secret key

2. Creates `.env` file with secure configuration:
   ```bash
   # Generated during installation
   SECRET_KEY=your_64_character_secure_key
   DB_PASSWORD=your_24_character_secure_password
   ROOT_DB_PASSWORD=your_24_character_secure_password
   ```

3. Creates `.env.backup` file for credential recovery
4. Sets secure file permissions (600) on all environment files

### 2. **Manual Installation** (if needed)

If you need to manually generate environment configuration:

```bash
cd /usr/local/CyberCP
python install/env_generator.py /usr/local/CyberCP
```

## File Structure

```
/usr/local/CyberCP/
├── .env                    # Main environment configuration (600 permissions)
├── .env.backup            # Credential backup (600 permissions)
├── .env.template          # Template for manual configuration
├── .gitignore             # Prevents .env files from being committed
└── CyberCP/
    └── settings.py        # Updated to use environment variables
```

## Security Best Practices

### ✅ **Do's**

- Keep `.env` and `.env.backup` files secure
- Record credentials from `.env.backup` and delete the file after installation
- Use strong, unique passwords for production deployments
- Regularly rotate database passwords
- Monitor access to environment files

### ❌ **Don'ts**

- Never commit `.env` files to version control
- Don't share `.env` files via insecure channels
- Don't use default passwords in production
- Don't leave `.env.backup` files on the system after recording credentials

## Recovery

### **Lost Credentials**

If you lose your database credentials:

1. Check if `.env.backup` file exists:
   ```bash
   sudo cat /usr/local/CyberCP/.env.backup
   ```

2. If backup doesn't exist, you'll need to reset MySQL passwords using MySQL recovery procedures

### **Regenerate Environment**

To regenerate environment configuration:

```bash
cd /usr/local/CyberCP
sudo python install/env_generator.py /usr/local/CyberCP
```

## Configuration Options

### **Environment Variables**

| Variable | Description | Default |
|----------|-------------|---------|
| `SECRET_KEY` | Django secret key | Generated (64 chars) |
| `DB_PASSWORD` | CyberPanel DB password | Generated (24 chars) |
| `ROOT_DB_PASSWORD` | MySQL root password | Generated (24 chars) |
| `DEBUG` | Debug mode | False |
| `ALLOWED_HOSTS` | Allowed hosts | localhost,127.0.0.1,hostname |

### **Custom Configuration**

To use custom passwords during installation:

```bash
python install/env_generator.py /usr/local/CyberCP "your_root_password" "your_db_password"
```

## Troubleshooting

### **Installation Fails**

If the new secure installation fails:

1. Check installation logs for error messages
2. The system will automatically fallback to the original installation method
3. Verify Python dependencies are installed:
   ```bash
   pip install python-dotenv
   ```

### **Environment Loading Issues**

If Django can't load environment variables:

1. Ensure `.env` file exists and has correct permissions:
   ```bash
   ls -la /usr/local/CyberCP/.env
   # Should show: -rw------- 1 root root
   ```

2. Install python-dotenv if missing:
   ```bash
   pip install python-dotenv
   ```

## Migration from Old Installation

### **Existing Installations**

For existing CyberPanel installations with hardcoded passwords:

1. **Backup current configuration**:
   ```bash
   cp /usr/local/CyberCP/CyberCP/settings.py /usr/local/CyberCP/CyberCP/settings.py.backup
   ```

2. **Generate new environment configuration**:
   ```bash
   cd /usr/local/CyberCP
   python install/env_generator.py /usr/local/CyberCP
   ```

3. **Update settings.py** (already done in new installations):
   - The settings.py file now supports environment variables
   - It will fallback to hardcoded values if .env is not available

4. **Test the configuration**:
   ```bash
   cd /usr/local/CyberCP
   python manage.py check
   ```

## Support

For issues with the secure installation:

1. Check the installation logs
2. Verify file permissions
3. Ensure all dependencies are installed
4. Review the fallback installation method if needed

---

**Security Notice**: This installation method significantly improves security by eliminating hardcoded credentials. Always ensure proper file permissions and secure handling of environment files.

${this.title}

Code Editor : SECURITY_INSTALLATION.md