From 3c8ef8d2938b10b3da2b8f9c27fa5b0965dca88a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cristhian=20Mart=C3=ADnez=20Ochoa?= <cristhian@qrokes.com>
Date: Fri, 23 Apr 2021 13:33:48 -0600
Subject: [PATCH] verify fixes

Some fixes after testing.
---
 lib/general   |   4 +-
 lib/install   |  30 +++----
 lib/verify    | 221 +++++++++++++++++++++++++++-----------------------
 plugins/stack |   7 +-
 4 files changed, 143 insertions(+), 119 deletions(-)

diff --git a/lib/general b/lib/general
index b290c76..be01178 100644
--- a/lib/general
+++ b/lib/general
@@ -59,8 +59,8 @@ conf_write() {
 # ***********************************************
 # Useful variables   ****************************
 # ***********************************************
-readonly ADMIN_PASS=$( echo $(conf_read mysql-admin) | openssl enc -d -a -salt )
-
+ADMIN_PASS=$( echo $(conf_read mysql-admin) | openssl enc -d -a -salt )
+[[ -z $ADMIN_PASS ]] && readonly ADMIN_PASS="dUmb" || readonly ADMIN_PASS=$ADMIN_PASS # Never empty, prevent asking password!
 
 
 
diff --git a/lib/install b/lib/install
index 2609dbf..2a3c991 100644
--- a/lib/install
+++ b/lib/install
@@ -178,9 +178,6 @@ nginx_install() {
 	sudo mv /etc/nginx/conf.d/default.conf /etc/nginx/sites-available/default
 	sudo ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
 	
-	sudo cp -p /etc/nginx/sites-available/default /opt/webinoly/templates/source/default
-	sudo cp -p /etc/nginx/nginx.conf /opt/webinoly/templates/source/
-	
 	sudo nginx -t && sudo service nginx start
 	sudo systemctl enable nginx
 	conf_write nginx true
@@ -223,13 +220,6 @@ php_install() {
 	# Removed/deprecated in 7.4
 	[[ $ver =~ ^(7.2|7.3)$ ]] && sudo apt -y install php${ver}-recode
 	
-	def=$(conf_read php-ver)
-	if [[ $(conf_read php-v${def}) != "true" ]]; then
-		sudo cp -p /etc/php/$ver/fpm/php.ini /opt/webinoly/templates/source/
-		sudo cp -p /etc/php/$ver/fpm/pool.d/www.conf /opt/webinoly/templates/source/
-		sudo cp -p /etc/php/$ver/fpm/php-fpm.conf /opt/webinoly/templates/source/
-	fi
-	
 	conf_write php true
 	conf_write php-v$ver true
 	echo "${gre}PHP has been installed successfully! ${end}"
@@ -292,10 +282,12 @@ _EOF_
 nginx_optim() {
 	api-events_update in3
 	
-	if [[ $(conf_read login-www-data) == "true" ]]; then
-		sudo chown -R www-data:www-data /var/www
-		sudo chown root:root /var/www
-	fi
+	# Check if exists in case of server-reset
+	[[ ! -f /opt/webinoly/templates/source/default ]] && sudo cp -p /etc/nginx/sites-available/default /opt/webinoly/templates/source/
+	[[ ! -f /opt/webinoly/templates/source/nginx.conf ]] && sudo cp -p /etc/nginx/nginx.conf /opt/webinoly/templates/source/
+	
+	sudo chown -R www-data:www-data /var/www
+	[[ $(conf_read login-www-data) == "true" ]] && sudo chown root:root /var/www
 	
 	sudo cp -R /opt/webinoly/templates/nginx/common /etc/nginx/common
 	sudo cp -R /opt/webinoly/templates/nginx/conf.d/* /etc/nginx/conf.d/
@@ -376,6 +368,12 @@ location = /xmlrpc.php {
 php_optim() {
 	api-events_update ip3
 	
+	# Check if exist in case of server-reset
+	[[ ! -f /opt/webinoly/templates/source/php.ini ]] && sudo cp -p /etc/php/$(conf_read php-ver)/fpm/php.ini /opt/webinoly/templates/source/
+	[[ ! -f /opt/webinoly/templates/source/www.conf ]] && sudo cp -p /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf /opt/webinoly/templates/source/
+	[[ ! -f /opt/webinoly/templates/source/php-fpm.conf ]] && sudo cp -p /etc/php/$(conf_read php-ver)/fpm/php-fpm.conf /opt/webinoly/templates/source/
+	
+	
 	# Check for dynamic variables
 	[[ -n $1 ]] && ver="$1" || ver=$(conf_read php-ver)
 	[[ -n $(conf_read php-max-child) && $(conf_read php-max-child) =~ ^[0-9]+$ && $(conf_read php-max-child) -gt 2 ]] && local maxchil=$(conf_read php-max-child)
@@ -449,8 +447,8 @@ nginx_tool_site() {
 	sudo touch /var/www/$(conf_read tools-port)/htdocs/robots.txt
 	echo '# Just in case someone remove HTTP Auth protection.
 Disallow: /' > /var/www/$(conf_read tools-port)/htdocs/robots.txt
-	sudo chown -R www-data:www-data /var/www/$(conf_read tools-port)/htdocs/robots.txt
 	sudo chmod 644 /var/www/$(conf_read tools-port)/htdocs/robots.txt
+	sudo chown -R www-data:www-data /var/www/$(conf_read tools-port)/htdocs
 }
 
 
@@ -500,6 +498,7 @@ php_tool_site() {
 	sudo mkdir -p /var/www/$(conf_read tools-port)/htdocs/php
 	sudo touch /var/www/$(conf_read tools-port)/htdocs/php/index.php
 	sudo echo '<?php phpinfo(); ?>' >> /var/www/$(conf_read tools-port)/htdocs/php/index.php
+	sudo chown -R www-data:www-data /var/www/$(conf_read tools-port)/htdocs
 	api-events_update ip7
 }
 
@@ -563,6 +562,7 @@ mysql_tool() {
 		sudo cp /var/www/$(conf_read tools-port)/htdocs/pma/config.sample.inc.php /var/www/$(conf_read tools-port)/htdocs/pma/config.inc.php
 		sudo sed -i "/blowfish_secret/c \$cfg['blowfish_secret'] = '$(pwgen -s -1 32)';" /var/www/$(conf_read tools-port)/htdocs/pma/config.inc.php
 		sudo chown -R www-data:www-data /var/www/$(conf_read tools-port)/htdocs/pma
+		sudo find /var/www/$(conf_read tools-port)/htdocs/pma -type f -exec chmod 644 {} \;
 		
 		conf_write mysql-tool true
 		echo "${gre}phpMyAdmin has been installed successfully! ${end}"
diff --git a/lib/verify b/lib/verify
index 945a4ec..dd1a2ec 100644
--- a/lib/verify
+++ b/lib/verify
@@ -327,7 +327,7 @@ if [[ $(conf_read nginx-tool) == "true" ]]; then
 		echo "- [ERROR] Port Tools is not set or not found!"
 		ver_two_err="1"
 	fi
-	if [[ ! -f /var/www/$(conf_read tools-port)/htdocs/nginx_status ]]; then
+	if [[ ! -f /var/www/$(conf_read tools-port)/htdocs/nginx_status && $(conf_read php) == "true" ]]; then
 		echo "- [ERROR] File: /var/www/$(conf_read tools-port)/htdocs/nginx_status not found!"
 		ver_two_err="1"
 	fi
@@ -444,8 +444,11 @@ if [[ $(conf_read php) != "true" && ( $(conf_read php-optim) == "true" || $(conf
 fi
 
 # Check for PHP version
-if [[ $(conf_read php) == "true" && $(php -v | grep -m1 "" | sed 's/PHP \([^\-]*\).*/\1/' | cut -f 1-2 -d'.') != "7.4" ]]; then
-	echo "${blu}${dim}- [INFO] PHP v7.4 is recommended to get an optimal perfomance!${end}${red}"
+if [[ $(conf_read php) == "true" ]]; then
+	ver_php_ver=$(php -v | grep -m1 "" | sed 's/PHP \([^\-]*\).*/\1/' | cut -f 1-2 -d'.')
+	if [[ $ver_php_ver != "7.4" && $ver_php_ver != "8.0" ]]; then
+		echo "${blu}${dim}- [INFO] PHP v7.4 is recommended to get an optimal perfomance!${end}${red}"
+	fi
 fi
 
 
@@ -497,19 +500,20 @@ elif [[ ( -d /var/www/$(conf_read tools-port)/htdocs/pma || -d /usr/share/phpmya
 fi
 
 # MySQL Connection
-ROOT_PASS=$( echo $(conf_read mysql-root) | openssl enc -d -a -salt )
-[[ -z $ROOT_PASS ]] && ROOT_PASS="dUmb"
-if ! sudo mysql --connect-timeout=10 --user=root -p$ROOT_PASS -e "quit" 2>/dev/null && [[ $(conf_read mysql) == "true" ]]; then
-	echo "- [ERROR] MySQL Connection to localhost failed! (root)"
-	ver_four_err="1"
-fi
+if [[ $(conf_read mysql) == "true" ]]; then
+	ROOT_PASS=$( echo $(conf_read mysql-root) | openssl enc -d -a -salt )
+	[[ -z $ROOT_PASS ]] && ROOT_PASS="dUmb"
+	if ! sudo mysql --connect-timeout=10 --user=root -p$ROOT_PASS -e "quit" 2>/dev/null; then
+		echo "- [ERROR] MySQL Connection to localhost failed! (root)"
+		ver_four_err="1"
+	fi
 
-if ! sudo mysql --connect-timeout=10 --user=admin -p$ADMIN_PASS -e "quit" 2>/dev/null && [[ $(conf_read mysql) == "true" ]]; then
-	echo "- [ERROR] MySQL Connection to localhost failed! (admin)"
-	ver_four_err="1"
+	if ! sudo mysql --connect-timeout=10 --user=admin -p$ADMIN_PASS -e "quit" 2>/dev/null; then
+		echo "- [ERROR] MySQL Connection to localhost failed! (admin)"
+		ver_four_err="1"
+	fi
 fi
 
-
 if [[ $ver_four_err == "1" ]]; then
 	echo "(4) MySQL Verification Test has failed!"
 elif [[ $ver_four_war == "1" ]]; then
@@ -603,10 +607,16 @@ if [[ $ver_disk =~ ^[0-9]+$ && $ver_disk -gt 75 ]]; then
 	ver_six_war="1"
 fi
 
-ver_os_updates=$(/usr/lib/update-notifier/apt-check --human-readable | grep -E "[1-9]+ updates can be installed immediately." | grep -Eo "[1-9]+")
-if [[ $ver_os_updates =~ ^[0-9]+$ && $ver_os_updates -gt 0 ]]; then
-	echo "${dim}- [WARNING] Operating System is not updated, $ver_os_updates updates can be installed immediately.${end}${red}"
-	ver_six_war="1"
+# Check for updates
+if [[ -a /usr/lib/update-notifier/apt-check ]]; then
+	ver_os_update=$(/usr/lib/update-notifier/apt-check --human-readable)
+	ver_os_updates=$(echo "$ver_os_update" | grep -E "[1-9]+ updates can be installed immediately." | grep -Eo "[1-9]+")
+	[[ -z $ver_os_updates ]] && ver_os_updates=$(echo "$ver_os_update" | grep -E "[1-9]+ packages can be updated." | grep -Eo "[1-9]+") # 18.04 support
+	
+	if [[ $ver_os_updates =~ ^[0-9]+$ && $ver_os_updates -gt 0 ]]; then
+		echo "${dim}- [WARNING] Operating System is not updated, $ver_os_updates updates can be installed immediately.${end}${red}"
+		ver_six_war="1"
+	fi
 fi
 
 
@@ -682,98 +692,109 @@ ver_eight_err="0"
 ver_eight_war="0"
 
 # /var/www
-ver_perm_user=$(find /var/www ! -user www-data | head -10)
-ver_perm_dire=$(find /var/www -type d ! -perm 755 | head -10)
-ver_perm_file=$(find /var/www -type f ! -perm 644 | head -10)
+if [[ -d /var/www ]]; then
+	ver_perm_user=$(find /var/www -path "/var/www/*" ! -user www-data | head -10)
+	ver_perm_dire=$(find /var/www ! -path "/var/www/.ssh" -type d ! -perm 755 | head -10)
+	ver_perm_file=$(find /var/www ! -path "/var/www/.ssh/*" -type f ! -perm 644 | head -10)
 
-if [[ -n $ver_perm_user ]]; then
-	echo "$ver_perm_user" | sed "s/^/${dim}- \[WARNING\] File owner is not 'www-data' /" | sed "s/$/${end}${red}/"
-	ver_eight_war="1"
-fi
-if [[ -n $ver_perm_dire ]]; then
-	echo "$ver_perm_dire" | sed "s/^/${dim}- \[WARNING\] Directory permission is not 755 /" | sed "s/$/${end}${red}/"
-	ver_eight_war="1"
-fi
-if [[ -n $ver_perm_file ]]; then
-	echo "$ver_perm_file" | sed "s/^/${dim}- \[WARNING\] File permission is not 644 /" | sed "s/$/${end}${red}/"
-	ver_eight_war="1"
+	if [[ $(conf_read login-www-data) != "true" && -d /var/www && $(stat -c '%U' /var/www) != "www-data" ]]; then
+		echo "${dim}- [WARNING] Directory owner is not 'www-data' /var/www ${end}${red}"
+		ver_eight_war="1"
+	elif [[ $(conf_read login-www-data) == "true" && -d /var/www && $(stat -c '%U' /var/www) != "root" ]]; then
+		echo "${dim}- [WARNING] Directory owner is not 'root' /var/www ${end}${red}"
+		ver_eight_war="1"
+	fi
+	if [[ -n $ver_perm_user ]]; then
+		echo "$ver_perm_user" | sed "s/^/${dim}- \[WARNING\] File or directory owner is not 'www-data' /" | sed "s/$/${end}${red}/"
+		ver_eight_war="1"
+	fi
+	if [[ -n $ver_perm_dire ]]; then
+		echo "$ver_perm_dire" | sed "s/^/${dim}- \[WARNING\] Directory permission is not 755 /" | sed "s/$/${end}${red}/"
+		ver_eight_war="1"
+	fi
+	if [[ -n $ver_perm_file ]]; then
+		echo "$ver_perm_file" | sed "s/^/${dim}- \[WARNING\] File permission is not 644 /" | sed "s/$/${end}${red}/"
+		ver_eight_war="1"
+	fi
 fi
 
-
 # /user/.ssh
 ver_current_home=$(eval echo ~${SUDO_USER:-${USER}})
-ver_ssh_owner=$(find $ver_current_home/.ssh ! -user ${SUDO_USER:-${USER}} | head -10)
 
-if [[ -n $ver_ssh_owner ]]; then
-	echo "$ver_ssh_owner" | sed "s/^/${dim}- \[WARNING\] File owner is not '${SUDO_USER:-${USER}}' /" | sed "s/$/${end}${red}/"
-	ver_eight_war="1"
-fi
+if [[ -d $ver_current_home/.ssh ]]; then
+	ver_ssh_owner=$(find $ver_current_home/.ssh ! -user ${SUDO_USER:-${USER}} | head -10)
+	
+	if [[ -n $ver_ssh_owner ]]; then
+		echo "$ver_ssh_owner" | sed "s/^/${dim}- \[WARNING\] File owner is not '${SUDO_USER:-${USER}}' /" | sed "s/$/${end}${red}/"
+		ver_eight_war="1"
+	fi
 
-if [[ -d $ver_current_home/.ssh && $(stat -c '%a' $ver_current_home/.ssh) != 700 ]]; then
-	echo "${dim}- [WARNING] Directory permission is not 700 $ver_current_home/.ssh ${end}${red}"
-	ver_eight_war="1"
-fi
-if [[ -f $ver_current_home/.ssh/authorized_keys && $(stat -c '%a' $ver_current_home/.ssh/authorized_keys) != 600 ]]; then
-	echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/authorized_keys ${end}${red}"
-	ver_eight_war="1"
-fi
-if [[ -f $ver_current_home/.ssh/config && $(stat -c '%a' $ver_current_home/.ssh/config) != 600 ]]; then
-	echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/config ${end}${red}"
-	ver_eight_war="1"
-fi
-if [[ -f $ver_current_home/.ssh/known_hosts && $(stat -c '%a' $ver_current_home/.ssh/known_hosts) != 600 ]]; then
-	echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/known_hosts ${end}${red}"
-	ver_eight_war="1"
-fi
+	if [[ -d $ver_current_home/.ssh && $(stat -c '%a' $ver_current_home/.ssh) != 700 ]]; then
+		echo "${dim}- [WARNING] Directory permission is not 700 $ver_current_home/.ssh ${end}${red}"
+		ver_eight_war="1"
+	fi
+	if [[ -f $ver_current_home/.ssh/authorized_keys && $(stat -c '%a' $ver_current_home/.ssh/authorized_keys) != 600 ]]; then
+		echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/authorized_keys ${end}${red}"
+		ver_eight_war="1"
+	fi
+	if [[ -f $ver_current_home/.ssh/config && $(stat -c '%a' $ver_current_home/.ssh/config) != 600 ]]; then
+		echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/config ${end}${red}"
+		ver_eight_war="1"
+	fi
+	if [[ -f $ver_current_home/.ssh/known_hosts && $(stat -c '%a' $ver_current_home/.ssh/known_hosts) != 600 ]]; then
+		echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/known_hosts ${end}${red}"
+		ver_eight_war="1"
+	fi
 
-if [[ -f $ver_current_home/.ssh/id_dsa && $(stat -c '%a' $ver_current_home/.ssh/id_dsa) != 600 ]]; then
-	echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/id_dsa ${end}${red}"
-	ver_eight_war="1"
-fi
-if [[ -f $ver_current_home/.ssh/id_rsa && $(stat -c '%a' $ver_current_home/.ssh/id_rsa) != 600 ]]; then
-	echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/id_rsa ${end}${red}"
-	ver_eight_war="1"
-fi
-if [[ -f $ver_current_home/.ssh/id_ecdsa && $(stat -c '%a' $ver_current_home/.ssh/id_ecdsa) != 600 ]]; then
-	echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/id_ecdsa ${end}${red}"
-	ver_eight_war="1"
-fi
-if [[ -f $ver_current_home/.ssh/id_ecdsa_sk && $(stat -c '%a' $ver_current_home/.ssh/id_ecdsa_sk) != 600 ]]; then
-	echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/id_ecdsa_sk ${end}${red}"
-	ver_eight_war="1"
-fi
-if [[ -f $ver_current_home/.ssh/id_ed25519 && $(stat -c '%a' $ver_current_home/.ssh/id_ed25519) != 600 ]]; then
-	echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/id_ed25519 ${end}${red}"
-	ver_eight_war="1"
-fi
-if [[ -f $ver_current_home/.ssh/id_ed25519_sk && $(stat -c '%a' $ver_current_home/.ssh/id_ecdsa_sk) != 600 ]]; then
-	echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/id_ed25519_sk ${end}${red}"
-	ver_eight_war="1"
-fi
+	if [[ -f $ver_current_home/.ssh/id_dsa && $(stat -c '%a' $ver_current_home/.ssh/id_dsa) != 600 ]]; then
+		echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/id_dsa ${end}${red}"
+		ver_eight_war="1"
+	fi
+	if [[ -f $ver_current_home/.ssh/id_rsa && $(stat -c '%a' $ver_current_home/.ssh/id_rsa) != 600 ]]; then
+		echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/id_rsa ${end}${red}"
+		ver_eight_war="1"
+	fi
+	if [[ -f $ver_current_home/.ssh/id_ecdsa && $(stat -c '%a' $ver_current_home/.ssh/id_ecdsa) != 600 ]]; then
+		echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/id_ecdsa ${end}${red}"
+		ver_eight_war="1"
+	fi
+	if [[ -f $ver_current_home/.ssh/id_ecdsa_sk && $(stat -c '%a' $ver_current_home/.ssh/id_ecdsa_sk) != 600 ]]; then
+		echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/id_ecdsa_sk ${end}${red}"
+		ver_eight_war="1"
+	fi
+	if [[ -f $ver_current_home/.ssh/id_ed25519 && $(stat -c '%a' $ver_current_home/.ssh/id_ed25519) != 600 ]]; then
+		echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/id_ed25519 ${end}${red}"
+		ver_eight_war="1"
+	fi
+	if [[ -f $ver_current_home/.ssh/id_ed25519_sk && $(stat -c '%a' $ver_current_home/.ssh/id_ecdsa_sk) != 600 ]]; then
+		echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/id_ed25519_sk ${end}${red}"
+		ver_eight_war="1"
+	fi
 
-if [[ -f $ver_current_home/.ssh/id_dsa.pub && $(stat -c '%a' $ver_current_home/.ssh/id_dsa.pub) != 644 ]]; then
-	echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/id_dsa.pub ${end}${red}"
-	ver_eight_war="1"
-fi
-if [[ -f $ver_current_home/.ssh/id_rsa.pub && $(stat -c '%a' $ver_current_home/.ssh/id_rsa.pub) != 644 ]]; then
-	echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/id_rsa.pub ${end}${red}"
-	ver_eight_war="1"
-fi
-if [[ -f $ver_current_home/.ssh/id_ecdsa.pub && $(stat -c '%a' $ver_current_home/.ssh/id_ecdsa.pub) != 644 ]]; then
-	echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/id_ecdsa.pub ${end}${red}"
-	ver_eight_war="1"
-fi
-if [[ -f $ver_current_home/.ssh/id_ecdsa_sk.pub && $(stat -c '%a' $ver_current_home/.ssh/id_ecdsa_sk.pub) != 644 ]]; then
-	echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/id_ecdsa_sk.pub ${end}${red}"
-	ver_eight_war="1"
-fi
-if [[ -f $ver_current_home/.ssh/id_ed25519.pub && $(stat -c '%a' $ver_current_home/.ssh/id_ed25519.pub) != 644 ]]; then
-	echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/id_ed25519.pub ${end}${red}"
-	ver_eight_war="1"
-fi
-if [[ -f $ver_current_home/.ssh/id_ed25519_sk.pub && $(stat -c '%a' $ver_current_home/.ssh/id_ecdsa_sk.pub) != 644 ]]; then
-	echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/id_ed25519_sk.pub ${end}${red}"
-	ver_eight_war="1"
+	if [[ -f $ver_current_home/.ssh/id_dsa.pub && $(stat -c '%a' $ver_current_home/.ssh/id_dsa.pub) != 644 ]]; then
+		echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/id_dsa.pub ${end}${red}"
+		ver_eight_war="1"
+	fi
+	if [[ -f $ver_current_home/.ssh/id_rsa.pub && $(stat -c '%a' $ver_current_home/.ssh/id_rsa.pub) != 644 ]]; then
+		echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/id_rsa.pub ${end}${red}"
+		ver_eight_war="1"
+	fi
+	if [[ -f $ver_current_home/.ssh/id_ecdsa.pub && $(stat -c '%a' $ver_current_home/.ssh/id_ecdsa.pub) != 644 ]]; then
+		echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/id_ecdsa.pub ${end}${red}"
+		ver_eight_war="1"
+	fi
+	if [[ -f $ver_current_home/.ssh/id_ecdsa_sk.pub && $(stat -c '%a' $ver_current_home/.ssh/id_ecdsa_sk.pub) != 644 ]]; then
+		echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/id_ecdsa_sk.pub ${end}${red}"
+		ver_eight_war="1"
+	fi
+	if [[ -f $ver_current_home/.ssh/id_ed25519.pub && $(stat -c '%a' $ver_current_home/.ssh/id_ed25519.pub) != 644 ]]; then
+		echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/id_ed25519.pub ${end}${red}"
+		ver_eight_war="1"
+	fi
+	if [[ -f $ver_current_home/.ssh/id_ed25519_sk.pub && $(stat -c '%a' $ver_current_home/.ssh/id_ecdsa_sk.pub) != 644 ]]; then
+		echo "${dim}- [WARNING] File permission is not 600 $ver_current_home/.ssh/id_ed25519_sk.pub ${end}${red}"
+		ver_eight_war="1"
+	fi
 fi
 
 
diff --git a/plugins/stack b/plugins/stack
index 5491fd3..0f8a01b 100644
--- a/plugins/stack
+++ b/plugins/stack
@@ -67,10 +67,12 @@ if [[ -n $purge && ( -n $html || -n $nginx ) ]]; then
 				api-events_update pn3
 			fi
 			
+			[[ $(conf_read login-www-data) == "true" ]] && webinoly -login-www-data=off
+			
 			sudo service nginx stop
 			sudo apt -y purge nginx nginx-common # Common package is no longer installed, but we purge it in case of old stacks built before 1.14.0.
 			
-			[[ $(conf_read nginx-ppa) == "mainline" ]] && sudo add-apt-repository --remove "deb https://nginx.org/packages/mainline/ubuntu/ focal nginx" || sudo add-apt-repository --remove "deb https://nginx.org/packages/ubuntu/ focal nginx"
+			[[ $(conf_read nginx-ppa) == "mainline" ]] && sudo add-apt-repository --remove "deb https://nginx.org/packages/mainline/ubuntu/ $(check_osname) nginx" || sudo add-apt-repository --remove "deb https://nginx.org/packages/ubuntu/ $(check_osname) nginx"
 			sudo apt-key del 7BD9BF62
 			
 			api-events_update pn4
@@ -93,6 +95,7 @@ if [[ -n $purge && ( -n $html || -n $nginx ) ]]; then
 			
 			# Remove sources
 			sudo rm -rf /opt/webinoly/templates/source/default
+			sudo rm -rf /opt/webinoly/templates/source/nginx.conf
 			
 			# Remove duply profiles
 			if [[ -d $HOME/.duply ]]; then
@@ -155,13 +158,13 @@ elif [[ -n $purge && -n $php ]]; then
 			echo | sudo add-apt-repository --remove 'ppa:chris-lea/redis-server'
 			sudo apt -y autoremove
 			sudo rm -rf /etc/php
-			sudo rm /opt/webinoly/templates/source/*
 			sudo apt-key del E5267A6C #ondrej
 			sudo apt-key del C7917B12 #chrislea
 
 			# Remove sources
 			sudo rm -rf /opt/webinoly/templates/source/php.ini
 			sudo rm -rf /opt/webinoly/templates/source/www.conf
+			sudo rm -rf /opt/webinoly/templates/source/php-fpm.conf
 			sudo rm -rf /opt/webinoly/templates/source/main.cf
 			
 			# Remove tools-site