smeserver-cacti/contribs10/smeserver-cacti-1.1.19-sme10.patch

diff -Nur --no-dereference smeserver-cacti-1.1.19.old/createlinks smeserver-cacti-1.1.19/createlinks
--- smeserver-cacti-1.1.19.old/createlinks      2014-06-16 11:53:01.000000000 -0400
+++ smeserver-cacti-1.1.19/createlinks  2022-07-27 14:55:50.939000000 -0400
@@ -5,6 +5,7 @@
 for my $event (qw(
     post-upgrade
     bootstrap-console-save
+    console-save
        ))
 {
     templates2events("/etc/cacti/db.php", $event);
@@ -22,3 +23,35 @@
 }
 
 templates2events("/etc/e-smith/sql/init/80cacti", "post-upgrade");
+
+my $event="smeserver-cacti-update";
+event_templates($event, qw(
+  /etc/cacti/db.php
+  /etc/httpd/conf/httpd.conf
+  /etc/crontab
+  /etc/my.cnf
+  /etc/opt/remi/php74/php-fpm.d/www.conf
+  /etc/e-smith/sql/init/80cacti
+));
+
+event_services($event, 
+  'crond' => 'restart',
+  'mysql.init' => 'restart',
+  'mariadb' => 'restart',
+  'httpd-e-smith' => 'sigusr1',
+  'php74-php-fpm' => 'reload-or-restart'
+);
+
+event_actions($event,
+'cacti-conf' => '2',
+'cacti-install' => '94',
+'cacti-ldap' => '95'
+);
+
+
+#backup ?
+#use esmith::Build::Backup qw(:all);
+#backup_includes("smeserver-cacti", qw(
+#
+#));
+
diff -Nur --no-dereference smeserver-cacti-1.1.19.old/root/etc/e-smith/db/configuration/migrate/80cacti smeserver-cacti-1.1.19/root/etc/e-smith/db/configuration/migrate/80cacti
--- smeserver-cacti-1.1.19.old/root/etc/e-smith/db/configuration/migrate/80cacti        1969-12-31 19:00:00.000000000 -0500
+++ smeserver-cacti-1.1.19/root/etc/e-smith/db/configuration/migrate/80cacti    2022-07-27 14:46:58.425000000 -0400
@@ -0,0 +1,72 @@
+{
+    use MIME::Base64 qw(encode_base64);
+
+    my $service;
+    my $rec;
+    my $pw;
+
+    # Store the cacti password in the configuration database (if not already there)
+    $service = 'cacti';
+
+    $rec = $DB->get($service) || $DB->new_record($service, {type => 'service'});
+
+    $pw = $rec->prop('DbPassword');
+    
+
+       if (! $pw)
+       {
+               
+               if ( open( RANDOM, "/dev/urandom" ) )
+               {
+                       my $buf;
+                       # 57 bytes is a full line of Base64 coding, and contains
+                       # 456 bits of randomness - given a perfectly random /dev/random
+                       if ( read( RANDOM, $buf, 57 ) != 57 )
+                       {
+                           warn("Short read from /dev/random: $!");
+                       }
+                       else
+                       {
+                               $pw = encode_base64($buf);
+                           chomp $pw;
+                       }
+                       close RANDOM;
+               }
+               else
+               {
+                   warn "Could not open /dev/urandom: $!";
+               }
+               
+               $rec->set_prop('DbPassword', $pw);
+       }
+    $pwa = $rec->prop('AdminPassword');
+        if (! $pwa)
+        {
+
+                if ( open( RANDOM, "/dev/urandom" ) )
+                {
+                        my $buf;
+                        # 57 bytes is a full line of Base64 coding, and contains
+                        # 456 bits of randomness - given a perfectly random /dev/random
+                        if ( read( RANDOM, $buf, 15 ) != 15 )
+                        {
+                            warn("Short read from /dev/random: $!");
+                        }
+                        else
+                        {
+                                $pwa = encode_base64($buf);
+                            chomp $pwa;
+                        }
+                        close RANDOM;
+                }
+                else
+                {
+                    warn "Could not open /dev/urandom: $!";
+                }
+
+                $rec->set_prop('AdminPassword', $pwa);
+        }
+
+
+
+}
diff -Nur --no-dereference smeserver-cacti-1.1.19.old/root/etc/e-smith/events/actions/cacti-conf smeserver-cacti-1.1.19/root/etc/e-smith/events/actions/cacti-conf
--- smeserver-cacti-1.1.19.old/root/etc/e-smith/events/actions/cacti-conf       1969-12-31 19:00:00.000000000 -0500
+++ smeserver-cacti-1.1.19/root/etc/e-smith/events/actions/cacti-conf   2022-07-27 14:46:58.891000000 -0400
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+#easy configuration of what is needed for cacti to work correctly
+something=0;
+psomething=0;
+#check if something already set, if not let's do it
+
+/sbin/e-smith/config getprop mariadb TmpTableSize 1>/dev/null || ( config setprop mariadb TmpTableSize 32M ; echo "setting mariadb TmpTableSize 32M" ; something=1)
+/sbin/e-smith/config getprop mariadb MaxHeapTableSize 1>/dev/null || ( config setprop mariadb MaxHeapTableSize 32M ; echo "setting mariadb MaxHeapTableSize 32M" ; something=1)
+/sbin/e-smith/config getprop mariadb JoinBufferSize 1>/dev/null || ( config setprop mariadb JoinBufferSize 62M ; echo "setting mariadb JoinBufferSize 62M" ; something=1)
+
+#/sbin/e-smith/config getprop php74 MemoryLimit  1>/dev/null || ( config setprop  php74 MemoryLimit 800M ; echo "setting php74 memory_limit 800M" ; psomething=1)
+# install detect cli for php not php74 even if $php_path is set
+
+#[ $something == 1 ] && /sbin/e-smith/expand-template /etc/my.cnf
+#[ $psomething == 1 ] && /usr/sbin/e-smith/expand-template /etc/opt/remi/php74/php.ini && /usr/bin/systemctl restart php74-php-fpm.service 
diff -Nur --no-dereference smeserver-cacti-1.1.19.old/root/etc/e-smith/events/actions/cacti-ldap smeserver-cacti-1.1.19/root/etc/e-smith/events/actions/cacti-ldap
--- smeserver-cacti-1.1.19.old/root/etc/e-smith/events/actions/cacti-ldap       1969-12-31 19:00:00.000000000 -0500
+++ smeserver-cacti-1.1.19/root/etc/e-smith/events/actions/cacti-ldap   2022-07-27 14:46:58.663000000 -0400
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+#use esmith::ConfigDB;
+#use esmith::util;
+#my $cdb = esmith::ConfigDB->open_ro();
+#my $domain = $cdb->get_value('DomainName');
+#my $baseDN = esmith::util::ldapBase($cdb->get_value('DomainName'));
+#print $baseDN . "\n";
+
+db=$(config getprop cacti DbDatabase || echo 'cacti_sme');
+user=$(config getprop cacti DbUser || echo 'cacti');
+pass=$(config getprop cacti DbPassword || echo 'changeme');
+adminpass=$(config getprop cacti AdminPassword || echo 'changeme');
+domain=$(config get DomainName)
+DN=$(perl  -Mesmith::util  -e "print esmith::util::ldapBase(\"$domain\");")
+
+
+# set ldap auth with optional group
+#ldap_group_require    'on' or ''
+# then set our admin password
+/usr/bin/mysql <<EOF
+UPDATE ${db}.settings SET value='memberUid' WHERE name='ldap_group_attrib';
+UPDATE ${db}.settings SET value='uid=cactigroup,ou=Groups,$DN' WHERE name='ldap_group_dn';
+
+UPDATE ${db}.settings SET value='0' WHERE name='ldap_tls_certificate';
+UPDATE ${db}.settings SET value='3' WHERE name='ldap_version';
+UPDATE ${db}.settings SET value='localhost' WHERE name='ldap_server';
+UPDATE ${db}.settings SET value='objectClass=inetOrgPerson' WHERE name='ldap_search_filter';
+UPDATE ${db}.settings SET value='ou=Users,$DN' WHERE name='ldap_search_base';
+UPDATE ${db}.settings SET value='0' WHERE name='ldap_referrals';
+UPDATE ${db}.settings SET value='636' WHERE name='ldap_port_ssl';
+UPDATE ${db}.settings SET value='389' WHERE name='ldap_port';
+UPDATE ${db}.settings SET value='0' WHERE name='ldap_mode';
+UPDATE ${db}.settings SET value='0' WHERE name='ldap_encryption';
+UPDATE ${db}.settings SET value='uid=<username>,ou=Users,$DN' WHERE name='ldap_dn';
+UPDATE ${db}.settings SET value='3' WHERE name='auth_method';
+UPDATE ${db}.settings SET value='cn' WHERE name='cn_full_name';
+UPDATE ${db}.settings SET value='mail' WHERE name='cn_email';
+
+
+# set password of admin
+UPDATE ${db}.user_auth SET email_address='admin@${domain}', must_change_password='',password=md5('$adminpass'), enabled='on'  WHERE username='admin' and id='1';
+EOF
+
diff -Nur --no-dereference smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/cacti/db.php/10DB smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/cacti/db.php/10DB
--- smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/cacti/db.php/10DB 1969-12-31 19:00:00.000000000 -0500
+++ smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/cacti/db.php/10DB     2022-07-27 14:46:55.823000000 -0400
@@ -0,0 +1,54 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | Copyright (C) 2004 Ian Berry                                            |
+ |                                                                         |
+ | This program is free software; you can redistribute it and/or           |
+ | modify it under the terms of the GNU General Public License             |
+ | as published by the Free Software Foundation; either version 2          |
+ | of the License, or (at your option) any later version.                  |
+ |                                                                         |
+ | This program is distributed in the hope that it will be useful,         |
+ | but WITHOUT ANY WARRANTY; without even the implied warranty of          |
+ | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the           |
+ | GNU General Public License for more details.                            |
+ +-------------------------------------------------------------------------+
+ | cacti: a php-based graphing solution                                    |
+ +-------------------------------------------------------------------------+
+ | Most of this code has been designed, written and is maintained by       |
+ | Ian Berry. See about.php for specific developer credit. Any questions   |
+ | or comments regarding this code should be directed to:                  |
+ | - iberry@raxnet.net                                                     |
+ +-------------------------------------------------------------------------+
+ | - raXnet - http://www.raxnet.net/                                       |
+ +-------------------------------------------------------------------------+
+*/
+
+/* make sure these values refect your actual database/host/user/password */
+$database_type = "mysql";
+$database_default = "{$cacti{'DbDatabase'}}";
+$database_hostname = "localhost";
+$database_username = "{$cacti{'DbUser'}}";
+$database_password =  "{$cacti{'DbPassword'}}";
+$database_port = "3306";
+
+/* 
+ * Server is a remote poller, then these entries point to
+ * the main cacti server. Otherwise, these variables have no use and
+ * must remain commented out.
+ */
+
+#$rdatabase_type     = 'myql';
+#$rdatabase_default  = 'cacti';
+#$rdatabase_hostname = 'localhost';
+#$rdatabase_username = 'cactiuser';
+#$rdatabase_password = 'cactiuser';
+#$rdatabase_port     = '3306';
+#$rdatabase_retries  = 5;
+#$rdatabase_ssl      = false;
+#$rdatabase_ssl_key  = '';
+#$rdatabase_ssl_cert = '';
+#$rdatabase_ssl_ca   = '';
+
+
+
diff -Nur --no-dereference smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/cacti/db.php/12poller_id smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/cacti/db.php/12poller_id
--- smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/cacti/db.php/12poller_id  1969-12-31 19:00:00.000000000 -0500
+++ smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/cacti/db.php/12poller_id      2022-07-27 14:46:56.040000000 -0400
@@ -0,0 +1,7 @@
+/*
+ * The poller_id of this system.  set to `1` for the main cacti web server.
+ * Otherwise, you this value should be the poller_id for the remote poller.
+ */
+
+$poller_id = 1;
+
diff -Nur --no-dereference smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/cacti/db.php/15urlpath smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/cacti/db.php/15urlpath
--- smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/cacti/db.php/15urlpath    1969-12-31 19:00:00.000000000 -0500
+++ smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/cacti/db.php/15urlpath        2022-07-27 14:46:56.287000000 -0400
@@ -0,0 +1,9 @@
+/*
+ * Set the $url_path to point to the default URL of your cacti install.
+ * For exmaple if your cacti install as at `https://serverip/cacti/` this
+ * would be set to `/cacti/`.
+ */
+
+$url_path = '/cacti/';
+
+
diff -Nur --no-dereference smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/cacti/db.php/25session smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/cacti/db.php/25session
--- smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/cacti/db.php/25session    1969-12-31 19:00:00.000000000 -0500
+++ smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/cacti/db.php/25session        2022-07-27 14:46:56.522000000 -0400
@@ -0,0 +1,19 @@
+/*
+ * Default session name - session name must contain alpha characters
+ */
+
+$cacti_session_name = 'Cacti';
+
+/*
+ * Default Cookie domain - The cookie domain to be used for Cacti
+ */
+
+//$cacti_cookie_domain = 'cacti.net';
+
+/*
+ * Save sessions to a database for load balancing
+ */
+
+$cacti_db_session = false;
+
+
diff -Nur --no-dereference smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/cacti/db.php/30log smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/cacti/db.php/30log
--- smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/cacti/db.php/30log        1969-12-31 19:00:00.000000000 -0500
+++ smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/cacti/db.php/30log    2022-07-27 14:46:56.771000000 -0400
@@ -0,0 +1,6 @@
+/*
+ * Disable log rotation settings for packagers
+ */
+
+$disable_log_rotation = true;
+
diff -Nur --no-dereference smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/cacti/db.php/40input smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/cacti/db.php/40input
--- smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/cacti/db.php/40input      1969-12-31 19:00:00.000000000 -0500
+++ smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/cacti/db.php/40input  2022-07-27 14:46:57.012000000 -0400
@@ -0,0 +1,18 @@
+/*
+ * Optional parameters to define scripts and resource paths. These
+ * variables become important when using remote poller installs when the
+ * scripts and resource files are not in the main Cacti web server path.
+ */
+
+//$scripts_path = '/var/www/html/cacti/scripts';
+//$resource_path = '/var/www/html/cacti/resource/';
+
+/*
+ * Optional parameter to define a data input whitelist command string. This
+ * whitelist file will help protect cacti from unauthorized changes to Cacti
+ * data input command string.
+ */
+
+//$input_whitelist = '/usr/local/etc/cacti/input_whitelist.json';
+
+
diff -Nur --no-dereference smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/cacti/db.php/50php smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/cacti/db.php/50php
--- smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/cacti/db.php/50php        1969-12-31 19:00:00.000000000 -0500
+++ smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/cacti/db.php/50php    2022-07-27 14:46:57.268000000 -0400
@@ -0,0 +1,6 @@
+/*
+ * Optional parameter to give explicit path to PHP
+ */
+$php_path = '/usr/bin/php74';
+
+
diff -Nur --no-dereference smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/cacti/db.php/60snmp smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/cacti/db.php/60snmp
--- smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/cacti/db.php/60snmp       1969-12-31 19:00:00.000000000 -0500
+++ smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/cacti/db.php/60snmp   2022-07-27 14:46:57.504000000 -0400
@@ -0,0 +1,8 @@
+/*
+ * Optional parameter to disable the PHP SNMP extension. If not set, defaults
+ * to class_exists('SNMP').
+ */
+
+//$php_snmp_support = false;
+
+
diff -Nur --no-dereference smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/cacti/db.php/70csrf smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/cacti/db.php/70csrf
--- smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/cacti/db.php/70csrf       1969-12-31 19:00:00.000000000 -0500
+++ smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/cacti/db.php/70csrf   2022-07-27 14:46:57.727000000 -0400
@@ -0,0 +1,8 @@
+/*
+ * Optional parameter to define the path of the csrf_secret.php path.  This
+ * variable is for packagers who wish to specify an alternate location of
+ * the CRSF secret file.
+ */
+
+$path_csrf_secret = '/var/lib/cacti/csrf/csrf-secret.php';
+
diff -Nur --no-dereference smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/cacti/db.php/90DEBUG smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/cacti/db.php/90DEBUG
--- smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/cacti/db.php/90DEBUG      1969-12-31 19:00:00.000000000 -0500
+++ smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/cacti/db.php/90DEBUG  2022-07-27 14:46:57.957000000 -0400
@@ -0,0 +1,30 @@
+/*
+ * The following are optional variables for debugging low level system
+ * functions that are generally only used by Cacti Developers to help
+ * identify potential issues in commonly used functions
+ *
+ * To use them, uncomment and the equivalent field will be set in the
+ * $config variable allowing for instant on but still allowing the
+ * ability to fine turn and turn them off.
+ */
+
+/*
+ * Debug the read_config_option program flow
+ */
+# define('DEBUG_READ_CONFIG_OPTION', true);
+
+/*
+ * Automatically suppress the DEBUG_READ_CONFIG_OPTION
+ */
+# define('DEBUG_READ_CONFIG_OPTION_DB_OPEN', true);
+
+/*
+ * Always write the SQL command to the cacti log file
+ */
+# define('DEBUG_SQL_CMD', true);
+
+/*
+ * Debug the flow of calls to the db_xxx functions that
+ * are defined in lib/database.php
+ */
+# define('DEBUG_SQL_FLOW', true);
diff -Nur --no-dereference smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/cacti/db.php/95end smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/cacti/db.php/95end
--- smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/cacti/db.php/95end        1969-12-31 19:00:00.000000000 -0500
+++ smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/cacti/db.php/95end    2022-07-27 14:46:58.190000000 -0400
@@ -0,0 +1 @@
+?>
diff -Nur --no-dereference smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/e-smith/sql/init/80cacti smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/e-smith/sql/init/80cacti
--- smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/e-smith/sql/init/80cacti  2019-12-11 14:46:28.000000000 -0500
+++ smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/e-smith/sql/init/80cacti      2022-07-27 14:46:55.114000000 -0400
@@ -1,22 +1,34 @@
 {
-    my $db = $cacti{DbName} || 'cacti_sme';
+    my $db = $cacti{DbDatabase} || 'cacti_sme';
     my $user = $cacti{DbUser} || 'cacti';
     my $pass = $cacti{DbPassword} || 'changeme';
     $OUT .= <<END
-#! /bin/sh
+#!/bin/bash
     if [ -d /var/lib/mysql/$db ]; then
+      /usr/bin/mysql <<EOF
+    use $db;
+    use mysql;
+    ALTER DATABASE $db  COLLATE = 'utf8mb4_unicode_ci';
+    GRANT ALL PRIVILEGES ON $db.* TO $user\@localhost
+            IDENTIFIED BY '$pass';
+    GRANT SELECT ON mysql.time_zone_name TO '$user'\@'localhost';
+    flush privileges;
+EOF
+
+
       exit
     fi
     /usr/bin/mysql <<EOF
-    CREATE DATABASE $db DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
+    CREATE DATABASE $db DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
     use $db;
     use mysql;
     GRANT ALL PRIVILEGES ON $db.* TO $user\@localhost
             IDENTIFIED BY '$pass';
-    GRANT SELECT ON `mysql`.`time_zone_name` TO '$user'@'localhost';
+    GRANT SELECT ON mysql.time_zone_name TO '$user'\@'localhost';
     flush privileges;
 EOF
     /usr/bin/mysql_tzinfo_to_sql /usr/share/zoneinfo/ 2>/dev/null |/usr/bin/mysql mysql
-    /usr/bin/mysql $db < /etc/e-smith/db/configuration/migrate/80cacti_sme.sql
+    /usr/bin/mysql $db < \$(rpm -ql cacti|grep cacti.sql) 
+    #/usr/bin/mysql $db < /etc/e-smith/db/configuration/migrate/80cacti_sme.sql
 END
-}
\ Pas de fin de ligne à la fin du fichier
+}
diff -Nur --no-dereference smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/86Cacti smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/86Cacti
--- smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/86Cacti     2014-06-16 11:53:00.000000000 -0400
+++ smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/86Cacti 2022-07-26 00:30:15.300000000 -0400
@@ -5,32 +5,19 @@
     SSLRequireSSL 
     Options -Indexes
     AllowOverride None
-    order deny,allow
-    deny from all
-
-{
-    my $cactiaxs = $cacti{'access'} || "private";
-    if ($cactiaxs eq "private")
-    {
-        $OUT .= "    allow from $localAccess $externalSSLAccess";
-    } else {
-       $OUT .= "    allow from all";
-    }
-}
-    Satisfy all
-    AddType application/x-httpd-php .php .php3
-    php_flag  magic_quotes_gpc  on
-    php_flag  track_vars        on
+    Require { (($cacti{'access'} ||"private") eq "public") ? "all granted" : "ip $localAccess $externalSSLAccess"; } 
+    AddType application/x-httpd-php .php
+    <FilesMatch \.php$ >
+      SetHandler "proxy:unix:/var/run/php-fpm/php74-cacti.sock|fcgi://localhost"
+    </FilesMatch>
 </Directory>
 
 
 
 <Directory /usr/share/cacti/log>
-                Order deny,allow
-                Deny from all
+     Require all denied
 </Directory>
 <Directory /usr/share/cacti/rra>
-                Order deny,allow
-                Deny from all
+     Require all denied
 </Directory>
                                                        
diff -Nur --no-dereference smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/php-fpm.d/www.conf/15cacti smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/php-fpm.d/www.conf/15cacti
--- smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/php-fpm.d/www.conf/15cacti        1969-12-31 19:00:00.000000000 -0500
+++ smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/php-fpm.d/www.conf/15cacti    2022-07-27 14:46:55.335000000 -0400
@@ -0,0 +1,68 @@
+{
+
+if ($PHP_VERSION eq '74'){
+  if (($cacti{'status'} || 'disabled') eq 'enabled'){
+    my $max_upload_size = ($cacti{MaxUploadSize} || '4096');
+    $max_upload_size .= 'M' if ($max_upload_size =~ m/^\d+$/);
+    my $memory_limit = ($cacti{MemoryLimit} || '5555500M');
+    $memory_limit .= 'M' if ($memory_limit =~ m/^\d+$/);
+    my $open_basedir= $cacti{PHPBaseDir} || '';
+    $open_basedir = "/tmp/:/share/:/var/log/cacti:/etc/cacti/db.php:/usr/share/cacti:/var/lib/cacti:/var/log/cacti.log:/var/lib/php/cacti:/home/e-smith/files/cacti:/dev/urandom:/proc/meminfo:$open_basedir";
+    my $id = 'cacti';
+    my $max_children = $cacti{'PHPmaxChildren'} || 20;
+    my $min_spare_servers = $cacti{'PHPminServers'} || 4;
+    my $start_servers = $cacti{'PHPstartServers'} || 6;
+    my $max_spare_servers = $cacti{'PHPmaxServers'} || 8;
+    my $max_requests = $cacti{'PHPmaxRequests'} || 1000;
+    $min_spare_servers = ( $min_spare_servers > $max_spare_servers ) ? printf("%.0f",$max_spare_servers/2) : $min_spare_servers;
+    $start_servers = ( $start_servers > $max_spare_servers ) ? printf("%.0f", $max_spare_servers /2 +  $min_spare_servers/2  ) : $start_servers;
+
+    $OUT .=<<_EOF;
+
+[php$PHP_VERSION-$id]
+user = www
+group = www
+listen.owner = root
+listen.group = www
+listen.mode = 0660
+listen = /var/run/php-fpm/php$PHP_VERSION-$id.sock
+pm = dynamic
+pm.max_children = $max_children
+pm.start_servers = $start_servers
+pm.min_spare_servers = $min_spare_servers
+pm.max_spare_servers = $max_spare_servers
+pm.max_requests = $max_requests
+php_admin_value[session.save_path] = /var/lib/php/$id/session
+php_admin_value[session.gc_maxlifetime] = 86400
+;php_admin_value[opcache.file_cache]  = /var/lib/php/$id/opcache
+php_admin_value[upload_tmp_dir] = /var/lib/php/$id/tmp
+php_admin_value[error_log] = /var/log/php/$id/error.log
+slowlog = /var/log/php/cacti/slow.log
+php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f php@{ $DomainName }
+php_admin_flag[display_errors] = off
+php_admin_flag[log_errors] = on
+php_admin_value[error_log] = syslog
+php_admin_value[memory_limit] = $memory_limit
+php_admin_value[max_execution_time] = 3600
+php_admin_value[post_max_size] = $max_upload_size
+php_admin_value[upload_max_filesize] = $max_upload_size
+;php_admin_value[disable_functions] = system, show_source, symlink, dl, passthru, phpinfo, escapeshellarg, escapeshellcmd
+;php_admin_value[open_basedir] = $open_basedir
+php_admin_flag[allow_url_fopen] = on
+php_admin_flag[file_upload] = on
+;php_admin_flag[session.cookie_httponly] = on
+;php_admin_flag[allow_url_include] = off
+;php_admin_value[session.save_handler] = files
+;php_admin_flag[output_buffering] = off
+
+_EOF
+
+  }
+  else{
+    $OUT .= '; Cacti is disabled';
+  }
+}
+}
+
+
+
diff -Nur --no-dereference smeserver-cacti-1.1.19.old/root/etc/e-smith/templates.metadata/etc/cacti/db.php smeserver-cacti-1.1.19/root/etc/e-smith/templates.metadata/etc/cacti/db.php
--- smeserver-cacti-1.1.19.old/root/etc/e-smith/templates.metadata/etc/cacti/db.php     2014-06-16 11:53:01.000000000 -0400
+++ smeserver-cacti-1.1.19/root/etc/e-smith/templates.metadata/etc/cacti/db.php 2022-07-26 00:44:20.988000000 -0400
@@ -1,3 +1,3 @@
-UID="cacti"
+UID="root"
 GID="www"
 PERMS=0640
diff -Nur --no-dereference smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/my.cnf/020cacti smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/my.cnf/020cacti
--- smeserver-cacti-1.1.19.old/root/etc/e-smith/templates/etc/my.cnf/020cacti   1969-12-31 19:00:00.000000000 -0500
+++ smeserver-cacti-1.1.19/root/etc/e-smith/templates/etc/my.cnf/020cacti       2022-07-27 17:18:19.452000000 -0400
@@ -0,0 +1,4 @@
+#for cacti use
+innodb_buffer_pool_size=483M
+innodb_additional_mem_pool_size=80M
+innodb_flush_log_at_trx_commit=2
diff -Nur --no-dereference smeserver-cacti-1.1.19.old/root/etc/e-smith/events/actions/cacti-install smeserver-cacti-1.1.19/root/etc/e-smith/events/actions/cacti-install
--- smeserver-cacti-1.1.19.old/root/etc/e-smith/events/actions/cacti-install    1969-12-31 19:00:00.000000000 -0500
+++ smeserver-cacti-1.1.19/root/etc/e-smith/events/actions/cacti-install        2022-07-27 23:05:44.866000000 -0400
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# move to cli dir
+cd /usr/share/cacti/cli
+
+#install
+/usr/bin/php74 install_cacti.php  --accept-eula --install  --path=php_binary:/usr/bin/php74
+
+#TODO:
+#--automationmode
+#--automationrange with LAN if server-gateway; or only interface if server only
+#--lang (using an array between cacti option and system language)
+# using this to set ldap ? --ldap:dn:...
+# do we need a --mode=upgrade and a --mode=install 
+
diff -Nur --no-dereference smeserver-cacti-1.1.19.old/root/etc/e-smith/events/actions/cacti-ldap smeserver-cacti-1.1.19/root/etc/e-smith/events/actions/cacti-ldap
--- smeserver-cacti-1.1.19.old/root/etc/e-smith/events/actions/cacti-ldap       2022-07-27 22:43:12.847000000 -0400
+++ smeserver-cacti-1.1.19/root/etc/e-smith/events/actions/cacti-ldap   2022-07-27 23:05:44.637000000 -0400
@@ -19,24 +19,25 @@
 #ldap_group_require    'on' or ''
 # then set our admin password
 /usr/bin/mysql <<EOF
-UPDATE ${db}.settings SET value='memberUid' WHERE name='ldap_group_attrib';
-UPDATE ${db}.settings SET value='uid=cactigroup,ou=Groups,$DN' WHERE name='ldap_group_dn';
+INSERT INTO ${db}.settings VALUES ('ldap_group_attrib','memberUid') ON DUPLICATE KEY UPDATE name='ldap_group_attrib';
+INSERT INTO ${db}.settings VALUES ('ldap_group_dn','uid=cactigroup,ou=Groups,$DN') ON DUPLICATE KEY UPDATE name='ldap_group_dn';
 
-UPDATE ${db}.settings SET value='0' WHERE name='ldap_tls_certificate';
-UPDATE ${db}.settings SET value='3' WHERE name='ldap_version';
-UPDATE ${db}.settings SET value='localhost' WHERE name='ldap_server';
-UPDATE ${db}.settings SET value='objectClass=inetOrgPerson' WHERE name='ldap_search_filter';
-UPDATE ${db}.settings SET value='ou=Users,$DN' WHERE name='ldap_search_base';
-UPDATE ${db}.settings SET value='0' WHERE name='ldap_referrals';
-UPDATE ${db}.settings SET value='636' WHERE name='ldap_port_ssl';
-UPDATE ${db}.settings SET value='389' WHERE name='ldap_port';
-UPDATE ${db}.settings SET value='0' WHERE name='ldap_mode';
-UPDATE ${db}.settings SET value='0' WHERE name='ldap_encryption';
-UPDATE ${db}.settings SET value='uid=<username>,ou=Users,$DN' WHERE name='ldap_dn';
-UPDATE ${db}.settings SET value='3' WHERE name='auth_method';
-UPDATE ${db}.settings SET value='cn' WHERE name='cn_full_name';
-UPDATE ${db}.settings SET value='mail' WHERE name='cn_email';
+INSERT INTO ${db}.settings VALUES ('ldap_tls_certificate','0') ON DUPLICATE KEY UPDATE name='ldap_tls_certificate';
+INSERT INTO ${db}.settings VALUES ('ldap_version','3') ON DUPLICATE KEY UPDATE name='ldap_version';
+INSERT INTO ${db}.settings VALUES ('ldap_server','localhost') ON DUPLICATE KEY UPDATE name='ldap_server';
+INSERT INTO ${db}.settings VALUES ('ldap_search_filter','objectClass=inetOrgPerson') ON DUPLICATE KEY UPDATE name='ldap_search_filter';
+INSERT INTO ${db}.settings VALUES ('ldap_search_base','ou=Users,$DN') ON DUPLICATE KEY UPDATE name='ldap_search_base';
+INSERT INTO ${db}.settings VALUES ('ldap_referrals','0') ON DUPLICATE KEY UPDATE name='ldap_referrals';
+INSERT INTO ${db}.settings VALUES ('ldap_port_ssl','636') ON DUPLICATE KEY UPDATE name='ldap_port_ssl';
+INSERT INTO ${db}.settings VALUES ('ldap_port','389') ON DUPLICATE KEY UPDATE name='ldap_port';
+INSERT INTO ${db}.settings VALUES ('ldap_mode','0') ON DUPLICATE KEY UPDATE name='ldap_mode';
+INSERT INTO ${db}.settings VALUES ('ldap_encryption','0') ON DUPLICATE KEY UPDATE name='ldap_encryption';
+INSERT INTO ${db}.settings VALUES ('ldap_dn','uid=<username>,ou=Users,$DN') ON DUPLICATE KEY UPDATE name='ldap_dn';
+INSERT INTO ${db}.settings VALUES ('auth_method','3') ON DUPLICATE KEY UPDATE name='auth_method';
+INSERT INTO ${db}.settings VALUES ('cn_full_name','cn') ON DUPLICATE KEY UPDATE name='cn_full_name';
+INSERT INTO ${db}.settings VALUES ('cn_email','mail') ON DUPLICATE KEY UPDATE name='cn_email';
 
+UPDATE ${db}.settings SET value='3' WHERE name='user_template' and value='0';
 
 # set password of admin
 UPDATE ${db}.user_auth SET email_address='admin@${domain}', must_change_password='',password=md5('$adminpass'), enabled='on'  WHERE username='admin' and id='1';