bachir/debion-web-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

splitted in subscripts, cleaned

Browse Source
This commit is contained in:
Bachir Soussi Chiadmi 2018-04-07 11:15:09 +02:00
parent 9677df40ab
commit 0e81a4ab11
16 changed files with 695 additions and 629 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
addUserSite.sh → bin/_addUserSite.sh
View File

@ -2,6 +2,7 @@
# bachir soussi chiadmi
# TODO check if root
echo '\033[35m
__ _______ __________
@ -55,9 +56,6 @@ if [ "$_host_name" != "" ]; then
fi
done
cp "$_cwd"/assets/example.org.conf /etc/apache2/sites-available/"$_host_name".conf
sed -ir "s/example\.org/$_host_name/g" /etc/apache2/sites-available/"$_host_name".conf
#set proper right to user will handle the app
chown -R "$user":admin /home/"$user"/public_html
chown -R "$user":admin /home/"$user"/logs
@ -70,11 +68,13 @@ mkdir -p /var/www/"$_host_name"
ln -s /home/"$user"/public_html /var/www/"$_host_name"/public_html
ln -s /home/"$user"/logs /var/www/"$_host_name"/logs
# TODO create nginx vhost
# cp "$_cwd"/assets/example.org.conf /etc/apache2/sites-available/"$_host_name".conf
# sed -ir "s/example\.org/$_host_name/g" /etc/apache2/sites-available/"$_host_name".conf
#activate the vhost
a2ensite "$_host_name".conf
# a2ensite "$_host_name".conf
#restart apache
service apache2 restart
# service apache2 restart
echo "\033[92;1mvhost $_host_name configured\033[Om"
@ -118,8 +118,9 @@ do
fi
done
# mysql> create user '$_dbname'@'localhost' identified by '$_pswd';
# mysql> create database $_dbname;
# mysql> grant all privileges on esadhar_eval.* to 'esadhar_eval'@'localhost';
# mysql> flush privileges;
if [ "$passok" = 1 ]; then
# mysql> create user '$_dbname'@'localhost' identified by '$_pswd';
# mysql> create database $_dbname;
# mysql> grant all privileges on esadhar_eval.* to 'esadhar_eval'@'localhost';
# mysql> flush privileges;
fi

30
bin/autoupdate.sh Normal file
View File

@ -0,0 +1,30 @@
#!/bin/sh
echo '\033[35m
___ __ __ __ __ __
/ | __ __/ /_____ / / / /___ ____/ /___ _/ /____
/ /| |/ / / / __/ __ \ / / / / __ \/ __ / __ `/ __/ _ \
/ ___ / /_/ / /_/ /_/ / / /_/ / /_/ / /_/ / /_/ / /_/ __/
/_/ |_\__,_/\__/\____/ \____/ .___/\__,_/\__,_/\__/\___/
/_/
\033[0m'
# https://www.howtoforge.com/how-to-configure-automatic-updates-on-debian-wheezy
# https://www.bisolweb.com/tutoriels/serveur-vps-ovh-partie-5-installation-apticron/
if [ "$EUID" -ne 0 ]
then echo "Please run as root"
exit
fi
echo "\033[35;1mInstalling apticron \033[0m"
apt-get --yes --force-yes install apticron
sleep 3
echo -n "Enter an email: "
read email
sed -ir "s/EMAIL=\"root\"/EMAIL=\"$email\"/g" /etc/apticron/apticron.conf
# sed -ir "s/# DIFF_ONLY=\"1\"/DIFF_ONLY=\"1\"/g" /etc/apticron/apticron.conf
sed -ir "s/# NOTIFY_NEW=\"0\"/NOTIFY_NEW=\"0\"/g" /etc/apticron/apticron.conf
echo "\033[92;1mApticron installed and configured\033[0m"

22
bin/dotfiles.sh Normal file
View File

@ -0,0 +1,22 @@
#!/bin/sh
echo '\033[35m
____ __ _______ __
/ __ \____ / /_ / ____(_) /__ _____
/ / / / __ \/ __/ / /_ / / / _ \/ ___/
/ /_/ / /_/ / /_ / __/ / / / __(__ )
/_____/\____/\__/ /_/ /_/_/\___/____/
\033[0m'
#installing better prompt and some goodies
echo "\033[35;1mInstalling shell prompt for current user $USER \033[0m"
sleep 2
# get the current position
_cwd="$(pwd)"
# go to user home
cd
echo "cloning https://figureslibres.io/gogs/bachir/dotfiles-server.git"
git clone https://figureslibres.io/gogs/bachir/dotfiles-server.git ~/.dotfiles-server && cd ~/.dotfiles-server && ./install.sh && cd ~
source ~/.bashrc
# return to working directory
cd "$_cwd"
echo "\033[92;1mDot files installed for $USER\033[0m"

66
bin/email.sh Normal file
View File

@ -0,0 +1,66 @@
#!/bin/sh
echo '\033[35m
__ ______ ______
/ |/ / | / _/ /
/ /|_/ / /| | / // /
/ / / / ___ |_/ // /___
/_/ /_/_/ |_/___/_____/
\033[0m'
echo "\033[35;1mEnable mail sending for php \033[0m"
# TODO check if root
# http://www.sycha.com/lamp-setup-debian-linux-apache-mysql-php#anchor13
sleep 3
apt-get --yes --force-yes install exim4
echo "\033[35;1mConfiguring EXIM4 \033[0m"
while [ "$configexim" != "y" ] && [ "$configexim" != "n" ]
do
echo -n "Should we configure exim4 ? [y|n] "
read configexim
done
if [ "$configexim" = "y" ]; then
echo "choose the first option :internet site; mail is sent and received directly using SMTP. Leave the other options as default exepted for domain name which should be valid domain name if you want your mails to not be considered as spam"
echo "press any key to continue."
read continu
dpkg-reconfigure exim4-config
else
echo 'exim not configured'
fi
systemctl enable exim4
systemctl restart exim4
# dkim spf
# https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4
echo "\033[35;1mConfiguring DKIM \033[0m"
while [ "$installdkim" != "y" ] && [ "$installdkim" != "n" ]
do
echo -n "Should we install dkim for exim4 ? [y|n] "
read installdkim
done
if [ "$installdkim" = "y" ]; then
echo -n "Choose a domain for dkim (same domain as you chose before for exim4): "
read domain
selector=$(date +%Y%m%d)
mkdir /etc/exim4/dkim
openssl genrsa -out /etc/exim4/dkim/"$domain"-private.pem 1024 -outform PEM
openssl rsa -in /etc/exim4/dkim/"$domain"-private.pem -out /etc/exim4/dkim/"$domain".pem -pubout -outform PEM
chown root:Debian-exim /etc/exim4/dkim/"$domain"-private.pem
chmod 440 /etc/exim4/dkim/"$domain"-private.pem
cp "$_cwd"/assets/exima4_dkim.conf /etc/exim4/conf.d/main/00_local_macros
sed -ir "s/DOMAIN_TO_CHANGE/$domain/g" /etc/exim4/conf.d/main/00_local_macros
sed -ir "s/DATE_TO_CHANGE/$selector/g" /etc/exim4/conf.d/main/00_local_macros
update-exim4.conf
systemctl restart exim4
echo "please create a TXT entry in your dns zone : $selector._domainkey.$domain \n"
echo "your public key is : \n"
cat /etc/exim4/dkim/"$domain".pem
echo "press any key to continue."
read continu
else
echo 'dkim not installed'
fi

18
bin/fail2ban.sh Normal file
View File

@ -0,0 +1,18 @@
#!/bin/sh
# TODO check if root
echo '\033[35m
______ _ _____ __
/ ____/___ _(_) /__ \ / /_ ____ _____
/ /_ / __ `/ / /__/ // __ \/ __ `/ __ \
/ __/ / /_/ / / // __// /_/ / /_/ / / / /
/_/ \__,_/_/_//____/_.___/\__,_/_/ /_/
\033[0m'
echo "\033[35;1mInstalling fall2ban \033[0m"
apt-get --yes --force-yes install fail2ban
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
# ToDo ask for email and configure jail.local with it
systemctl enable fail2ban
systemctl restart fail2ban
echo "\033[92;1mfail2ban installed and configured\033[Om"

20
bin/firewall.sh Normal file
View File

@ -0,0 +1,20 @@
#!/bin/sh
# TODO check if root
echo '\033[35m
______________ _______ _____ __ __
/ ____/ _/ __ \/ ____/ | / / | / / / /
/ /_ / // /_/ / __/ | | /| / / /| | / / / /
/ __/ _/ // _, _/ /___ | |/ |/ / ___ |/ /___/ /___
/_/ /___/_/ |_/_____/ |__/|__/_/ |_/_____/_____/
\033[0m'
echo "\033[35;1mInstalling ufw and setup firewall (allowing only ssh and http) \033[0m"
sleep 3
apt-get --yes --force-yes install ufw
# ufw allow ssh # knockd will open the ssh port
ufw allow http
ufw allow https
ufw enable
ufw status verbose
echo "\033[92;1mufw installed and firwall configured\033[Om"

50
bin/ftp.sh Normal file
View File

@ -0,0 +1,50 @@
#!/bin/sh
echo '\033[35m
______ _______ _____
| ____|__ __| __ \
| |__ | | | |__) |
| __| | | | ___/
| | | | | |
|_| |_| |_|
\033[0m'
if [ "$EUID" -ne 0 ]
then echo "Please run as root"
exit
fi
echo "installing proftpd"
apt-get --yes --force-yes install proftpd
while [ "$_server_name" = "" ]
do
read -p "enter a server name ? " _server_name
if [ "$_server_name" != "" ]; then
read -p "is server name $_server_name correcte [y|n] " validated
if [ "$validated" = "y" ]; then
break
else
_server_name=""
fi
fi
done
echo "Configuring proftpd"
cp "$_cwd"/assets/proftpd.conf /etc/proftpd/conf.d/"$_server_name".conf
sed -ir "s/example/$_server_name/g" /etc/proftpd/conf.d/"$_server_name".conf
ufw allow ftp
addgroup ftpuser
systemctl enable proftpd
systemctl restart proftpd
echo "ftp installtion done"
echo "to permit to a user to connect through ftp, add him to the ftpuser group by running : usermod -a -G ftpuser USERNAME"
echo "FTP users are jailed on their home by default"
# TODO : allow ssh/ftp connection only from given ips

0
gitbarrerepos.sh → bin/gitbarrerepos.sh
View File

26
bin/knockd.sh Normal file
View File

@ -0,0 +1,26 @@
#!/bin/sh
# TODO check if root
echo '\033[35m
__ __ __
/ /______ ____ _____/ /______/ /
/ //_/ __ \/ __ \/ ___/ //_/ __ /
/ ,< / / / / /_/ / /__/ ,< / /_/ /
/_/|_/_/ /_/\____/\___/_/|_|\__,_/
\033[0m'
echo "\033[35;1mInstalling knockd to control ssh port opening\033[0m"
sleep 3
apt-get --yes --force-yes install knockd
mv /etc/knockd.conf /etc/knockd.conf.ori
cp "$_cwd"/assets/knockd.conf /etc/knockd.conf
echo -n "define a sequence number for opening ssh (as 7000,8000,9000) : "
read sq
sed -i "s/7000,8000,9000/$sq/g" /etc/knockd.conf
sed -i 's/START_KNOCKD=0/START_KNOCKD=1/g' /etc/default/knockd
/etc/init.d/knockd start
echo "\033[92;1mknockd installed and configured\033[Om"
echo "\033[92;1mplease note this sequence for future ssh knocking\033[Om"
echo "$sq1"
sleep 3

351
bin/lemp.sh Normal file
View File

@ -0,0 +1,351 @@
#!/bin/sh
echo '\033[35m
__
/ /__ ____ ___ ____
/ / _ \/ __ `__ \/ __ \
/ / __/ / / / / / /_/ /
/_/\___/_/ /_/ /_/ .___/
/_/
\033[0m'
echo "\033[35;1mLEMP server (Nginx Mysql Php) \033[0m"
sleep 3
if [ "$EUID" -ne 0 ]
then echo "Please run as root"
exit
fi
echo '\033[35m
__ ___ __
/ |/ /_ ___________ _/ /
/ /|_/ / / / / ___/ __ `/ /
/ / / / /_/ (__ ) /_/ / /
/_/ /_/\__, /____/\__, /_/
/____/ /_/
\033[0m'
echo "\033[35;1minstalling Mysql \033[0m"
sleep 3
apt-get --yes --force-yes install mariadb-server
mysql_secure_installation
systemctl enable mariadb.service
systemctl restart mariadb.service
echo "\033[92;1mmysql installed\033[Om"
echo '\033[35m
____ __ ______
/ __ \/ / / / __ \
/ /_/ / /_/ / /_/ /
/ ____/ __ / ____/
/_/ /_/ /_/_/
\033[0m'
echo "\033[35;1mInstalling PHP 7.0 \033[0m"
sleep 3
apt-get --yes --force-yes install php7.0-fpm php7.0-mysql php7.0-opcache php7.0-curl php7.0-mbstring php7.0-zip php7.0-xml php7.0-gd php7.0-mcrypt php-memcached
mv /etc/php/7.0/fpm/php.ini /etc/php/7.0/fpm/php.ini.back
cp "$_cwd"/assets/php-fpm.ini /etc/php/7.0/fpm/php.ini
echo "Configuring PHP"
mkdir /var/log/php
chown www-data /var/log/php
cp "$_cwd"/assets/logrotate-php /etc/logrotate.d/php
systemctl enable php7.0-fpm
systemctl start php7.0-fpm
# echo "Installing memecached"
# replaced by redis
# apt-get --yes --force-yes install memcached
# sed -i "s/-m\s64/-m 128/g" /etc/memcached.conf
#
# systemctl start memcached
echo "\033[92;1mphp installed\033[Om"
echo '\033[35m
_ __ _
/ | / /___ _(_)___ _ __
/ |/ / __ `/ / __ \| |/_/
/ /| / /_/ / / / / /> <
/_/ |_/\__, /_/_/ /_/_/|_|
/____/
\033[0m'
echo "\033[35;1mInstalling Nginx \033[0m"
sleep 3
apt-get --yes --force-yes install nginx
mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default.ori
cp "$_cwd"/assets/default.nginxconf /etc/nginx/sites-available/default
systemctl enable nginx
systemctl restart nginx
echo "\033[92;1mNginx installed\033[Om"
echo '\033[35m
__ __ ___ ___ __ _
____ / /_ ____ / |/ /_ __/ | ____/ /___ ___ (_)___
/ __ \/ __ \/ __ \/ /|_/ / / / / /| |/ __ / __ `__ \/ / __ \
/ /_/ / / / / /_/ / / / / /_/ / ___ / /_/ / / / / / / / / / /
/ .___/_/ /_/ .___/_/ /_/\__, /_/ |_\__,_/_/ /_/ /_/_/_/ /_/
/_/ /_/ /____/
\033[0m'
echo "\033[35;1mInstalling phpMyAdmin \033[0m"
apt-get --yes --force-yes install phpmyadmin
ln -s /usr/share/phpmyadmin /var/www/html/
# cp "$_cwd"/assets/nginx-phpmyadmin.conf > /etc/nginx/sites-available/phpmyadmin.conf
# ln -s /etc/nginx/sites-available/phpmyadmin.conf /etc/nginx/sites-enabled/phpmyadmin.conf
# echo "\033[35;1msecuring phpMyAdmin \033[0m"
# sed -i "s/DirectoryIndex index.php/DirectoryIndex index.php\nAllowOverride all/"
# cp "$_cwd"/assets/phpmyadmin_htaccess > /usr/share/phpmyadmin/.htaccess
# echo -n "define a user name for phpmyadmin : "
# read un
# htpasswd -c /etc/phpmyadmin/.htpasswd $un
# service apache2 restart
echo "\033[92;1mphpMyAdmin installed\033[Om"
echo "\033[92;1mYou can access it at yourip/phpmyadmin\033[Om"
echo '\033[35m
____ ___
/ __ \___ ____/ (_)____
/ /_/ / _ \/ __ / / ___/
/ _, _/ __/ /_/ / (__ )
/_/ |_|\___/\__,_/_/____/
\033[0m'
echo "\033[35;1mInstalling Redis \033[0m"
sleep 3
apt-get --yes --force-yes install redis-server php-redis
systemctl enable redis-server
systemctl restart redis-server
echo "\033[92;1mRedis installed\033[Om"
echo '\033[35m
______
/ ____/___ ____ ___ ____ ____ ________ _____
/ / / __ \/ __ `__ \/ __ \/ __ \/ ___/ _ \/ ___/
/ /___/ /_/ / / / / / / /_/ / /_/ (__ ) __/ /
\____/\____/_/ /_/ /_/ .___/\____/____/\___/_/
/_/
\033[0m'
echo "\033[35;1mInstalling Composer \033[0m"
sleep 3
export COMPOSER_HOME=/usr/local/composer
curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
echo "\033[92;1mComposer installed\033[Om"
echo '\033[35m
____ __
/ __ \_______ _______/ /_
/ / / / ___/ / / / ___/ __ \
/ /_/ / / / /_/ (__ ) / / /
/_____/_/ \__,_/____/_/ /_/
\033[0m'
echo "\033[35;1mInstalling Drush and DrupalConsole\033[0m"
sleep 3
curl https://drupalconsole.com/installer -L -o /usr/local/bin/drupal
chmod +x /usr/local/bin/drupal
curl https://github.com/drush-ops/drush-launcher/releases/download/0.6.0/drush.phar -L -o /usr/local/bin/drush
chmod +x /usr/local/bin/drush
echo "\033[92;1mDrush and DrupalConsoleinstalled\033[Om"
echo '\033[35m
__ __
_ __/ /_ ____ _____/ /_
| | / / __ \/ __ \/ ___/ __/
| |/ / / / / /_/ (__ ) /_
|___/_/ /_/\____/____/\__/
\033[0m'
echo "\033[35;1mVHOST install \033[0m"
while [ "$vh" != "y" ] && [ "$vh" != "n" ]
do
echo -n "Should we install a vhost? [y|n] "
read vh
# vh=${vh:-y}
done
if [ "$vh" = "y" ]; then
while [ "$_domain" = "" ]
do
read -p "enter a hostname ? " _domain
if [ "$_domain" != "" ]; then
read -p "is hostname $_domain correcte [y|n] " validated
if [ "$validated" = "y" ]; then
break
else
_domain=""
fi
fi
done
# ask for simple php conf or drupal conf
while [ "$_drupal" != "yes" ] && [ "$_drupal" != "no" ]
do
echo -n "Is your site is a drupal one? [yes|no] "
read _drupal
done
# ask for let's encrypt
while [ "$_letsencrypt" != "yes" ] && [ "$_letsencrypt" != "no" ]
do
echo "Let's encrypt"
echo "Let's encrypt needs a public registered domain name with proper DNS records ( A records or CNAME records for subdomains pointing to your server)."
echo -n "Should we install let's encrypt certificate with $_domain? [yes|no] "
read _letsencrypt
done
# lets'encrypt
# https://certbot.eff.org/lets-encrypt/debianstretch-nginx
if [ "$_letsencrypt" = "yes" ]; then
apt-get install certbot
certbot certonly --cert-name "$_domain" --standalone d "$_domain"
openssl dhparam out /etc/nginx/dhparam.pem 2048
# TODO renewing
touch /var/spool/crontab/root
crontab -l > mycron
echo "0 3 * * * certbot renew --pre-hook 'systemctl stop nginx' --post-hook 'systemctl start nginx' --cert-name $_domain" >> mycron
crontab mycron
rm mycron
fi
if [ "$_drupal" = "yes" ]; then
if [ "$_letsencrypt" = "yes" ]; then
_conffile = "drupal-ssl.nginxconf"
else
_conffile = "drupal.nginxconf"
fi
else
if [ "$_letsencrypt" = "yes" ]; then
_conffile = "simple-phpfpm-ssl.nginxconf"
else
_conffile = "simple-phpfpm.nginxconf"
fi
fi
cp "$_cwd"/assets/"$_conffile" /etc/nginx/sites-available/"$_domain".conf
sed -ir "s/DOMAIN\.LTD/$_domain/g" /etc/nginx/sites-available/"$_domain".conf
mkdir -p /var/www/"$_domain"/public_html
mkdir /var/www/"$_domain"/logs
#set proper right to user will handle the app
chown -R root:admin /var/www/"$_domain"/
chmod -R g+w /var/www/"$_domain"/
chmod -R g+r /var/www/"$_domain"/
# create a shortcut to the site
# TODO ask for $user name if not existing
mkdir /home/"$user"/www/
chown "$user":admin /home/"$user"/www/
ln -s /var/www/"$_domain" /home/"$user"/www/"$_domain"
# activate the vhost
ln -s /etc/nginx/sites-available/"$_domain".conf /etc/nginx/sites-enabled/"$_domain".conf
# restart nginx
systemctl restart nginx
echo "\033[92;1mvhost $_domain configured\033[Om"
else
echo "Vhost installation aborted"
fi
# TODO supervising
# echo '\033[35m
# __ ___ _ __ __ __ ___ _
# / |/ /__ ___ (_) /_ _/_/ / |/ /_ _____ (_)__
# / /|_/ / _ \/ _ \/ / __/ _/_/ / /|_/ / // / _ \/ / _ \
# /_/ /_/\___/_//_/_/\__/ /_/ /_/ /_/\_,_/_//_/_/_//_/
# \033[0m'
# echo "\033[35;1mInstalling Munin \033[0m"
# sleep 3
# # https://www.howtoforge.com/tutorial/server-monitoring-with-munin-and-monit-on-debian/
# apt-get --yes --force-yes install munin munin-node munin-plugins-extra
# # Configure Munin
# # enable plugins
# ln -s /usr/share/munin/plugins/mysql_ /etc/munin/plugins/mysql_
# ln -s /usr/share/munin/plugins/mysql_bytes /etc/munin/plugins/mysql_bytes
# ln -s /usr/share/munin/plugins/mysql_innodb /etc/munin/plugins/mysql_innodb
# ln -s /usr/share/munin/plugins/mysql_isam_space_ /etc/munin/plugins/mysql_isam_space_
# ln -s /usr/share/munin/plugins/mysql_queries /etc/munin/plugins/mysql_queries
# ln -s /usr/share/munin/plugins/mysql_slowqueries /etc/munin/plugins/mysql_slowqueries
# ln -s /usr/share/munin/plugins/mysql_threads /etc/munin/plugins/mysql_threads
#
# ln -s /usr/share/munin/plugins/apache_accesses /etc/munin/plugins/
# ln -s /usr/share/munin/plugins/apache_processes /etc/munin/plugins/
# ln -s /usr/share/munin/plugins/apache_volume /etc/munin/plugins/
#
# # ln -s /usr/share/munin/plugins/fail2ban /etc/munin/plugins/
#
# # dbdir, htmldir, logdir, rundir, and tmpldir
# sed -i 's/^#dbdir/dbdir/' /etc/munin/munin.conf
# sed -i 's/^#htmldir/htmldir/' /etc/munin/munin.conf
# sed -i 's/^#logdir/logdir/' /etc/munin/munin.conf
# sed -i 's/^#rundir/rundir/' /etc/munin/munin.conf
# sed -i 's/^#tmpldir/tmpldir/' /etc/munin/munin.conf
#
# sed -i "s/^\[localhost.localdomain\]/[${HOSTNAME}]/" /etc/munin/munin.conf
#
# # ln -s /etc/munin/apache24.conf /etc/apache2/conf-enabled/munin.conf
# sed -i 's/Require local/Require all granted\nOptions FollowSymLinks SymLinksIfOwnerMatch/g' /etc/munin/apache24.conf
# htpasswd -c /etc/munin/munin-htpasswd admin
# sed -i 's/Require all granted/AuthUserFile \/etc\/munin\/munin-htpasswd\nAuthName "Munin"\nAuthType Basic\nRequire valid-user/g' /etc/munin/apache24.conf
#
#
# service apache2 restart
# service munin-node restart
# echo "\033[92;1mMunin installed\033[Om"
#
# echo "\033[35;1mInstalling Monit \033[0m"
# sleep 3
# # https://www.howtoforge.com/tutorial/server-monitoring-with-munin-and-monit-on-debian/2/
# apt-get --yes --force-yes install monit
# # TODO setup monit rc
# cat "$_cwd"/assets/monitrc > /etc/monit/monitrc
#
# # TODO setup webaccess
# passok=0
# while [ "$passok" = "0" ]
# do
# echo -n "Write web access password to monit"
# read passwda
# echo -n "ReWrite web access password to monit"
# read passwdb
# if [ "$passwda" = "$passwdb" ]; then
# sed -i 's/PASSWD_TO_REPLACE/$passwda/g' /etc/monit/monitrc
# passok=1
# else
# echo "pass words don't match, please try again"
# fi
# done
#
# # TODO setup mail settings
# sed -i "s/server1\.example\.com/$HOSTNAME/g" /etc/monit/monitrc
#
# mkdir /var/www/html/monit
# echo "hello" > /var/www/html/monit/token
#
# service monit start
#
# echo "\033[92;1mMonit installed\033[Om"
# echo '\033[35m
# ___ __ __
# / |_ _______/ /_____ _/ /_
# / /| | | /| / / ___/ __/ __ `/ __/
# / ___ | |/ |/ (__ ) /_/ /_/ / /_
# /_/ |_|__/|__/____/\__/\__,_/\__/
# \033[0m'
# echo "\033[35;1mInstalling Awstat \033[0m"
# sleep 3
# apt-get --yes --force-yes install awstats
# # Configure AWStats
# temp=`grep -i sitedomain /etc/awstats/awstats.conf.local | wc -l`
# if [ $temp -lt 1 ]; then
# echo SiteDomain="$_domain" >> /etc/awstats/awstats.conf.local
# fi
# # Disable Awstats from executing every 10 minutes. Put a hash in front of any line.
# sed -i 's/^[^#]/#&/' /etc/cron.d/awstats
# echo "\033[92;1mAwstat installed\033[Om"

17
bin/misc.sh Normal file
View File

@ -0,0 +1,17 @@
#!/bin/sh
# TODO check if root
echo '\033[35m
__ ____
/ |/ (_)_________
/ /|_/ / / ___/ ___/
/ / / / (__ ) /__
/_/ /_/_/____/\___/
\033[0m'
apt-get --yes --force-yes install vim curl
sed -i "s/^# en_GB.UTF-8/en_GB.UTF-8/g" /etc/locale.gen
locale-gen
apt-get --yes --force-yes install ntp
dpkg-reconfigure tzdata

21
bin/ssh.sh Normal file
View File

@ -0,0 +1,21 @@
#!/bin/sh
echo '\033[35m
__________ __ __
/ ___/ ___// / / /
\__ \\__ \/ /_/ /
___/ /__/ / __ /
/____/____/_/ /_/
\033[0m'
if [ "$EUID" -ne 0 ]
then echo "Please run as root"
exit
fi
sed -i 's/PermitRootLogin\ yes/PermitRootLogin no/g' /etc/ssh/sshd_config
sed -i 's/PermitEmptyPasswords\ yes/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
sed -i 's/Protocol\ [0-9]/Protocol 2/g' /etc/ssh/sshd_config
systemctl reload ssh
echo "\033[92;1mSSH secured\033[Om"

13
bin/upgrade.sh Normal file
View File

@ -0,0 +1,13 @@
#!/bin/sh
# TODO check if root
echo '\033[35m
__ ______ __________ ___ ____ ______
/ / / / __ \/ ____/ __ \/ | / __ \/ ____/
/ / / / /_/ / / __/ /_/ / /| | / / / / __/
/ /_/ / ____/ /_/ / _, _/ ___ |/ /_/ / /___
\____/_/ \____/_/ |_/_/ |_/_____/_____/
\033[0m'
apt-get update
apt-get dist-upgrade

24
bin/user.sh Normal file
View File

@ -0,0 +1,24 @@
#!/bin/sh
echo '\033[35m
__ _______ __________
/ / / / ___// ____/ __ \
/ / / /\__ \/ __/ / /_/ /
/ /_/ /___/ / /___/ _, _/
\____//____/_____/_/ |_|
\033[0m'
echo "\033[35;1mCreate new user (you will be asked a user name and a password) \033[0m"
sleep 3
# TODO check if root
echo -n "Enter user name: "
read user
# read -p "Continue? (Y/N): " confirm && [[ $confirm == [yY] || $confirm == [yY][eE][sS] ]] || exit 1
adduser "$user"
echo "adding $user to admin group and limiting su to the admin group"
groupadd admin
usermod -a -G admin "$user"
# allow admin group to su
dpkg-statoverride --update --add root admin 4750 /bin/su
echo "\033[92;1muser $user configured\033[Om"

634
install-debian-server.sh
View File

@ -14,7 +14,11 @@ echo '\033[35m
\033[0m'
echo "\033[35;1mThis script has been tested only on Linux Debian 9 \033[0m"
echo "Please run this script as root"
if [ "$EUID" -ne 0 ]
then echo "Please run as root"
exit
fi
echo -n "Should we start? [Y|n] "
read yn
@ -27,597 +31,49 @@ fi
# get the current position
_cwd="$(pwd)"
echo '\033[35m
__ ______ __________ ___ ____ ______
/ / / / __ \/ ____/ __ \/ | / __ \/ ____/
/ / / / /_/ / / __/ /_/ / /| | / / / / __/
/ /_/ / ____/ /_/ / _, _/ ___ |/ /_/ / /___
\____/_/ \____/_/ |_/_/ |_/_____/_____/
\033[0m'
apt-get update
apt-get upgrade
. bin/upgrade.sh
. bin/misc.sh
. bin/firewall.sh
. bin/fail2ban.sh
. bin/knockd.sh
. bin/user.sh
. bin/email.sh
echo '\033[35m
__ ____
/ |/ (_)_________
/ /|_/ / / ___/ ___/
/ / / / (__ ) /__
/_/ /_/_/____/\___/
\033[0m'
apt-get --yes --force-yes install vim curl
sed -i "s/^# en_GB.UTF-8/en_GB.UTF-8/g" /etc/locale.gen
locale-gen
apt-get --yes --force-yes install ntp
dpkg-reconfigure tzdata
echo '\033[35m
______________ _______ _____ __ __
/ ____/ _/ __ \/ ____/ | / / | / / / /
/ /_ / // /_/ / __/ | | /| / / /| | / / / /
/ __/ _/ // _, _/ /___ | |/ |/ / ___ |/ /___/ /___
/_/ /___/_/ |_/_____/ |__/|__/_/ |_/_____/_____/
\033[0m'
echo "\033[35;1mInstalling ufw and setup firewall (allowing only ssh and http) \033[0m"
sleep 3
apt-get --yes --force-yes install ufw
# ufw allow ssh # knockd will open the ssh port
ufw allow http
ufw allow https
ufw enable
ufw status verbose
echo "\033[92;1mufw installed and firwall configured\033[Om"
echo '\033[35m
______ _ _____ __
/ ____/___ _(_) /__ \ / /_ ____ _____
/ /_ / __ `/ / /__/ // __ \/ __ `/ __ \
/ __/ / /_/ / / // __// /_/ / /_/ / / / /
/_/ \__,_/_/_//____/_.___/\__,_/_/ /_/
\033[0m'
echo "\033[35;1mInstalling fall2ban \033[0m"
apt-get --yes --force-yes install fail2ban
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
# ToDo ask for email and configure jail.local with it
systemctl enable fail2ban
systemctl restart fail2ban
echo "\033[92;1mfail2ban installed and configured\033[Om"
echo '\033[35m
__ __ __
/ /______ ____ _____/ /______/ /
/ //_/ __ \/ __ \/ ___/ //_/ __ /
/ ,< / / / / /_/ / /__/ ,< / /_/ /
/_/|_/_/ /_/\____/\___/_/|_|\__,_/
\033[0m'
echo "\033[35;1mInstalling knockd to control ssh port opening\033[0m"
sleep 3
apt-get --yes --force-yes install knockd
mv /etc/knockd.conf /etc/knockd.conf.ori
cp "$_cwd"/assets/knockd.conf /etc/knockd.conf
echo -n "define a sequence number for opening ssh (as 7000,8000,9000) : "
read sq
sed -i "s/7000,8000,9000/$sq/g" /etc/knockd.conf
sed -i 's/START_KNOCKD=0/START_KNOCKD=1/g' /etc/default/knockd
/etc/init.d/knockd start
echo "\033[92;1mknockd installed and configured\033[Om"
echo "\033[92;1mplease note this sequence for future ssh knocking\033[Om"
echo "$sq1"
sleep 3
echo '\033[35m
__ _______ __________
/ / / / ___// ____/ __ \
/ / / /\__ \/ __/ / /_/ /
/ /_/ /___/ / /___/ _, _/
\____//____/_____/_/ |_|
\033[0m'
echo "\033[35;1mCreate new user (you will be asked a user name and a password) \033[0m"
sleep 3
echo -n "Enter user name: "
read user
# read -p "Continue? (Y/N): " confirm && [[ $confirm == [yY] || $confirm == [yY][eE][sS] ]] || exit 1
adduser "$user"
echo "adding $user to admin group and limiting su to the admin group"
groupadd admin
usermod -a -G admin "$user"
# allow admin group to su
dpkg-statoverride --update --add root admin 4750 /bin/su
echo "\033[92;1muser $user configured\033[Om"
echo '\033[35m
__ ______ ______
/ |/ / | / _/ /
/ /|_/ / /| | / // /
/ / / / ___ |_/ // /___
/_/ /_/_/ |_/___/_____/
\033[0m'
echo "\033[35;1mEnable mail sending for php \033[0m"
# http://www.sycha.com/lamp-setup-debian-linux-apache-mysql-php#anchor13
sleep 3
apt-get --yes --force-yes install exim4
echo "\033[35;1mConfiguring EXIM4 \033[0m"
while [ "$configexim" != "y" ] && [ "$configexim" != "n" ]
while [ "$securssh" != "yes" ] && [ "$securssh" != "no" ]
do
echo -n "Should we configure exim4 ? [y|n] "
read configexim
done
if [ "$configexim" = "y" ]; then
echo "choose the first option :internet site; mail is sent and received directly using SMTP. Leave the other options as default exepted for domain name which should be valid domain name if you want your mails to not be considered as spam"
echo "press any key to continue."
read continu
dpkg-reconfigure exim4-config
else
echo 'exim not configured'
fi
systemctl enable exim4
systemctl restart exim4
# dkim spf
# https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4
echo "\033[35;1mConfiguring DKIM \033[0m"
while [ "$installdkim" != "y" ] && [ "$installdkim" != "n" ]
do
echo -n "Should we install dkim for exim4 ? [y|n] "
read installdkim
done
if [ "$installdkim" = "y" ]; then
echo -n "Choose a domain for dkim (same domain as you chose before for exim4): "
read domain
selector=$(date +%Y%m%d)
mkdir /etc/exim4/dkim
openssl genrsa -out /etc/exim4/dkim/"$domain"-private.pem 1024 -outform PEM
openssl rsa -in /etc/exim4/dkim/"$domain"-private.pem -out /etc/exim4/dkim/"$domain".pem -pubout -outform PEM
chown root:Debian-exim /etc/exim4/dkim/"$domain"-private.pem
chmod 440 /etc/exim4/dkim/"$domain"-private.pem
cp "$_cwd"/assets/exima4_dkim.conf /etc/exim4/conf.d/main/00_local_macros
sed -ir "s/DOMAIN_TO_CHANGE/$domain/g" /etc/exim4/conf.d/main/00_local_macros
sed -ir "s/DATE_TO_CHANGE/$selector/g" /etc/exim4/conf.d/main/00_local_macros
update-exim4.conf
systemctl restart exim4
echo "please create a TXT entry in your dns zone : $selector._domainkey.$domain \n"
echo "your public key is : \n"
cat /etc/exim4/dkim/"$domain".pem
echo "press any key to continue."
read continu
else
echo 'dkim not installed'
fi
echo '\033[35m
__________ __ __
/ ___/ ___// / / /
\__ \\__ \/ /_/ /
___/ /__/ / __ /
/____/____/_/ /_/
\033[0m'
while [ "$securssh" != "y" ] && [ "$securssh" != "n" ]
do
echo -n "Securing ssh (disabling root login)? [y|n] "
echo -n "Securing ssh (disabling root login)? [yes|no] "
read securssh
# securssh=${securssh:-y}
done
if [ "$securssh" = "y" ]; then
sed -i 's/PermitRootLogin\ yes/PermitRootLogin no/g' /etc/ssh/sshd_config
sed -i 's/PermitEmptyPasswords\ yes/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
sed -i 's/Protocol\ [0-9]/Protocol 2/g' /etc/ssh/sshd_config
systemctl reload ssh
echo "\033[92;1mSSH secured\033[Om"
if [ "$securssh" = "yes" ]; then
. bin/ssh.sh
else
echo 'root user can still conect through ssh'
fi
echo '\033[35m
______ _______ _____
| ____|__ __| __ \
| |__ | | | |__) |
| __| | | | ___/
| | | | | |
|_| |_| |_|
\033[0m'
echo -n "Should we install ftp server? [Y|n] "
read yn
yn=${yn:-y}
if [ "$yn" = "y" ]; then
echo "installing proftpd"
apt-get --yes --force-yes install proftpd
while [ "$_server_name" = "" ]
do
read -p "enter a server name ? " _server_name
if [ "$_server_name" != "" ]; then
read -p "is server name $_server_name correcte [y|n] " validated
if [ "$validated" = "y" ]; then
break
else
_server_name=""
fi
fi
done
echo "Configuring proftpd"
cp "$_cwd"/assets/proftpd.conf /etc/proftpd/conf.d/"$_server_name".conf
sed -ir "s/example/$_server_name/g" /etc/proftpd/conf.d/"$_server_name".conf
ufw allow ftp
addgroup ftpuser
systemctl enable proftpd
systemctl restart proftpd
echo "ftp installtion done"
echo "to permit to a user to connect through ftp, add him to the ftpuser group by running : usermod -a -G ftpuser USERNAME"
echo "FTP users are jailed on their home by default"
. bin/ftp.sh
else
echo 'ftp server not installed'
fi
# TODO : allow ssh/ftp connection only from given ips
echo '\033[35m
__
/ /__ ____ ___ ____
/ / _ \/ __ `__ \/ __ \
/ / __/ / / / / / /_/ /
/_/\___/_/ /_/ /_/ .___/
/_/
\033[0m'
echo "\033[35;1mLEMP server (Nginx Mysql Php) \033[0m"
sleep 3
while [ "$lemp" != "y" ] && [ "$lemp" != "n" ]
while [ "$lemp" != "yes" ] && [ "$lemp" != "no" ]
do
echo -n "Should we install lemp ? [y|n] "
echo -n "Should we install lemp ? [yes|no] "
read lemp
done
if [ "$lemp" = "y" ]; then
echo '\033[35m
__ ___ __
/ |/ /_ ___________ _/ /
/ /|_/ / / / / ___/ __ `/ /
/ / / / /_/ (__ ) /_/ / /
/_/ /_/\__, /____/\__, /_/
/____/ /_/
\033[0m'
echo "\033[35;1minstalling Mysql \033[0m"
sleep 3
apt-get --yes --force-yes install mariadb-server
mysql_secure_installation
systemctl enable mariadb.service
systemctl restart mariadb.service
echo "\033[92;1mmysql installed\033[Om"
echo '\033[35m
____ __ ______
/ __ \/ / / / __ \
/ /_/ / /_/ / /_/ /
/ ____/ __ / ____/
/_/ /_/ /_/_/
\033[0m'
echo "\033[35;1mInstalling PHP 7.0 \033[0m"
sleep 3
apt-get --yes --force-yes install php7.0-fpm php7.0-mysql php7.0-opcache php7.0-curl php7.0-mbstring php7.0-zip php7.0-xml php7.0-gd php7.0-mcrypt php-memcached
mv /etc/php/7.0/fpm/php.ini /etc/php/7.0/fpm/php.ini.back
cp "$_cwd"/assets/php-fpm.ini /etc/php/7.0/fpm/php.ini
echo "Configuring PHP"
mkdir /var/log/php
chown www-data /var/log/php
cp "$_cwd"/assets/logrotate-php /etc/logrotate.d/php
systemctl enable php7.0-fpm
systemctl start php7.0-fpm
# echo "Installing memecached"
# replaced by redis
# apt-get --yes --force-yes install memcached
# sed -i "s/-m\s64/-m 128/g" /etc/memcached.conf
#
# systemctl start memcached
echo "\033[92;1mphp installed\033[Om"
echo '\033[35m
_ __ _
/ | / /___ _(_)___ _ __
/ |/ / __ `/ / __ \| |/_/
/ /| / /_/ / / / / /> <
/_/ |_/\__, /_/_/ /_/_/|_|
/____/
\033[0m'
echo "\033[35;1mInstalling Nginx \033[0m"
sleep 3
apt-get --yes --force-yes install nginx
mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default.ori
cp "$_cwd"/assets/default.nginxconf /etc/nginx/sites-available/default
systemctl enable nginx
systemctl restart nginx
echo "\033[92;1mNginx installed\033[Om"
echo '\033[35m
__ __ ___ ___ __ _
____ / /_ ____ / |/ /_ __/ | ____/ /___ ___ (_)___
/ __ \/ __ \/ __ \/ /|_/ / / / / /| |/ __ / __ `__ \/ / __ \
/ /_/ / / / / /_/ / / / / /_/ / ___ / /_/ / / / / / / / / / /
/ .___/_/ /_/ .___/_/ /_/\__, /_/ |_\__,_/_/ /_/ /_/_/_/ /_/
/_/ /_/ /____/
\033[0m'
echo "\033[35;1mInstalling phpMyAdmin \033[0m"
apt-get --yes --force-yes install phpmyadmin
ln -s /usr/share/phpmyadmin /var/www/html/
# cp "$_cwd"/assets/nginx-phpmyadmin.conf > /etc/nginx/sites-available/phpmyadmin.conf
# ln -s /etc/nginx/sites-available/phpmyadmin.conf /etc/nginx/sites-enabled/phpmyadmin.conf
# echo "\033[35;1msecuring phpMyAdmin \033[0m"
# sed -i "s/DirectoryIndex index.php/DirectoryIndex index.php\nAllowOverride all/"
# cp "$_cwd"/assets/phpmyadmin_htaccess > /usr/share/phpmyadmin/.htaccess
# echo -n "define a user name for phpmyadmin : "
# read un
# htpasswd -c /etc/phpmyadmin/.htpasswd $un
# service apache2 restart
echo "\033[92;1mphpMyAdmin installed\033[Om"
echo "\033[92;1mYou can access it at yourip/phpmyadmin\033[Om"
echo '\033[35m
____ ___
/ __ \___ ____/ (_)____
/ /_/ / _ \/ __ / / ___/
/ _, _/ __/ /_/ / (__ )
/_/ |_|\___/\__,_/_/____/
\033[0m'
echo "\033[35;1mInstalling Redis \033[0m"
sleep 3
apt-get --yes --force-yes install redis-server php-redis
systemctl enable redis-server
systemctl restart redis-server
echo "\033[92;1mRedis installed\033[Om"
echo '\033[35m
______
/ ____/___ ____ ___ ____ ____ ________ _____
/ / / __ \/ __ `__ \/ __ \/ __ \/ ___/ _ \/ ___/
/ /___/ /_/ / / / / / / /_/ / /_/ (__ ) __/ /
\____/\____/_/ /_/ /_/ .___/\____/____/\___/_/
/_/
\033[0m'
echo "\033[35;1mInstalling Composer \033[0m"
sleep 3
export COMPOSER_HOME=/usr/local/composer
curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
echo "\033[92;1mComposer installed\033[Om"
echo '\033[35m
____ __
/ __ \_______ _______/ /_
/ / / / ___/ / / / ___/ __ \
/ /_/ / / / /_/ (__ ) / / /
/_____/_/ \__,_/____/_/ /_/
\033[0m'
echo "\033[35;1mInstalling Drush and DrupalConsole\033[0m"
sleep 3
curl https://drupalconsole.com/installer -L -o /usr/local/bin/drupal
chmod +x /usr/local/bin/drupal
curl https://github.com/drush-ops/drush-launcher/releases/download/0.6.0/drush.phar -L -o /usr/local/bin/drush
chmod +x /usr/local/bin/drush
echo "\033[92;1mDrush and DrupalConsoleinstalled\033[Om"
echo '\033[35m
__ __
_ __/ /_ ____ _____/ /_
| | / / __ \/ __ \/ ___/ __/
| |/ / / / / /_/ (__ ) /_
|___/_/ /_/\____/____/\__/
\033[0m'
echo "\033[35;1mVHOST install \033[0m"
while [ "$vh" != "y" ] && [ "$vh" != "n" ]
do
echo -n "Should we install a vhost? [y|n] "
read vh
# vh=${vh:-y}
done
if [ "$vh" = "y" ]; then
while [ "$_domain" = "" ]
do
read -p "enter a hostname ? " _domain
if [ "$_domain" != "" ]; then
read -p "is hostname $_domain correcte [y|n] " validated
if [ "$validated" = "y" ]; then
break
else
_domain=""
fi
fi
done
# ask for simple php conf or drupal conf
while [ "$_drupal" != "yes" ] && [ "$_drupal" != "no" ]
do
echo -n "Is your site is a drupal one? [yes|no] "
read _drupal
done
# ask for let's encrypt
while [ "$_letsencrypt" != "yes" ] && [ "$_letsencrypt" != "no" ]
do
echo "Let's encrypt"
echo "Let's encrypt needs a public registered domain name with proper DNS records ( A records or CNAME records for subdomains pointing to your server)."
echo -n "Should we install let's encrypt certificate with $_domain? [yes|no] "
read _letsencrypt
done
# lets'encrypt
# https://certbot.eff.org/lets-encrypt/debianstretch-nginx
if [ "$_letsencrypt" = "yes" ]; then
apt-get install certbot
certbot certonly --cert-name "$_domain" --standalone d "$_domain"
openssl dhparam out /etc/nginx/dhparam.pem 2048
# TODO renewing
touch /var/spool/crontab/root
crontab -l > mycron
echo "0 3 * * * certbot renew --pre-hook 'systemctl stop nginx' --post-hook 'systemctl start nginx' --cert-name $_domain" >> mycron
crontab mycron
rm mycron
fi
if [ "$_drupal" = "yes" ]; then
if [ "$_letsencrypt" = "yes" ]; then
_conffile = "drupal-ssl.nginxconf"
else
_conffile = "drupal.nginxconf"
fi
else
if [ "$_letsencrypt" = "yes" ]; then
_conffile = "simple-phpfpm-ssl.nginxconf"
else
_conffile = "simple-phpfpm.nginxconf"
fi
fi
cp "$_cwd"/assets/"$_conffile" /etc/nginx/sites-available/"$_domain".conf
sed -ir "s/DOMAIN\.LTD/$_domain/g" /etc/nginx/sites-available/"$_domain".conf
mkdir -p /var/www/"$_domain"/public_html
mkdir /var/www/"$_domain"/logs
#set proper right to user will handle the app
chown -R root:admin /var/www/"$_domain"/
chmod -R g+w /var/www/"$_domain"/
chmod -R g+r /var/www/"$_domain"/
# create a shortcut to the site
mkdir /home/"$user"/www/
chown "$user":admin /home/"$user"/www/
ln -s /var/www/"$_domain" /home/"$user"/www/"$_domain"
# activate the vhost
ln -s /etc/nginx/sites-available/"$_domain".conf /etc/nginx/sites-enabled/"$_domain".conf
# restart nginx
systemctl restart nginx
echo "\033[92;1mvhost $_domain configured\033[Om"
else
echo "Vhost installation aborted"
fi
# TODO supervising
# echo '\033[35m
# __ ___ _ __ __ __ ___ _
# / |/ /__ ___ (_) /_ _/_/ / |/ /_ _____ (_)__
# / /|_/ / _ \/ _ \/ / __/ _/_/ / /|_/ / // / _ \/ / _ \
# /_/ /_/\___/_//_/_/\__/ /_/ /_/ /_/\_,_/_//_/_/_//_/
# \033[0m'
# echo "\033[35;1mInstalling Munin \033[0m"
# sleep 3
# # https://www.howtoforge.com/tutorial/server-monitoring-with-munin-and-monit-on-debian/
# apt-get --yes --force-yes install munin munin-node munin-plugins-extra
# # Configure Munin
# # enable plugins
# ln -s /usr/share/munin/plugins/mysql_ /etc/munin/plugins/mysql_
# ln -s /usr/share/munin/plugins/mysql_bytes /etc/munin/plugins/mysql_bytes
# ln -s /usr/share/munin/plugins/mysql_innodb /etc/munin/plugins/mysql_innodb
# ln -s /usr/share/munin/plugins/mysql_isam_space_ /etc/munin/plugins/mysql_isam_space_
# ln -s /usr/share/munin/plugins/mysql_queries /etc/munin/plugins/mysql_queries
# ln -s /usr/share/munin/plugins/mysql_slowqueries /etc/munin/plugins/mysql_slowqueries
# ln -s /usr/share/munin/plugins/mysql_threads /etc/munin/plugins/mysql_threads
#
# ln -s /usr/share/munin/plugins/apache_accesses /etc/munin/plugins/
# ln -s /usr/share/munin/plugins/apache_processes /etc/munin/plugins/
# ln -s /usr/share/munin/plugins/apache_volume /etc/munin/plugins/
#
# # ln -s /usr/share/munin/plugins/fail2ban /etc/munin/plugins/
#
# # dbdir, htmldir, logdir, rundir, and tmpldir
# sed -i 's/^#dbdir/dbdir/' /etc/munin/munin.conf
# sed -i 's/^#htmldir/htmldir/' /etc/munin/munin.conf
# sed -i 's/^#logdir/logdir/' /etc/munin/munin.conf
# sed -i 's/^#rundir/rundir/' /etc/munin/munin.conf
# sed -i 's/^#tmpldir/tmpldir/' /etc/munin/munin.conf
#
# sed -i "s/^\[localhost.localdomain\]/[${HOSTNAME}]/" /etc/munin/munin.conf
#
# # ln -s /etc/munin/apache24.conf /etc/apache2/conf-enabled/munin.conf
# sed -i 's/Require local/Require all granted\nOptions FollowSymLinks SymLinksIfOwnerMatch/g' /etc/munin/apache24.conf
# htpasswd -c /etc/munin/munin-htpasswd admin
# sed -i 's/Require all granted/AuthUserFile \/etc\/munin\/munin-htpasswd\nAuthName "Munin"\nAuthType Basic\nRequire valid-user/g' /etc/munin/apache24.conf
#
#
# service apache2 restart
# service munin-node restart
# echo "\033[92;1mMunin installed\033[Om"
#
# echo "\033[35;1mInstalling Monit \033[0m"
# sleep 3
# # https://www.howtoforge.com/tutorial/server-monitoring-with-munin-and-monit-on-debian/2/
# apt-get --yes --force-yes install monit
# # TODO setup monit rc
# cat "$_cwd"/assets/monitrc > /etc/monit/monitrc
#
# # TODO setup webaccess
# passok=0
# while [ "$passok" = "0" ]
# do
# echo -n "Write web access password to monit"
# read passwda
# echo -n "ReWrite web access password to monit"
# read passwdb
# if [ "$passwda" = "$passwdb" ]; then
# sed -i 's/PASSWD_TO_REPLACE/$passwda/g' /etc/monit/monitrc
# passok=1
# else
# echo "pass words don't match, please try again"
# fi
# done
#
# # TODO setup mail settings
# sed -i "s/server1\.example\.com/$HOSTNAME/g" /etc/monit/monitrc
#
# mkdir /var/www/html/monit
# echo "hello" > /var/www/html/monit/token
#
# service monit start
#
# echo "\033[92;1mMonit installed\033[Om"
# echo '\033[35m
# ___ __ __
# / |_ _______/ /_____ _/ /_
# / /| | | /| / / ___/ __/ __ `/ __/
# / ___ | |/ |/ (__ ) /_/ /_/ / /_
# /_/ |_|__/|__/____/\__/\__,_/\__/
# \033[0m'
# echo "\033[35;1mInstalling Awstat \033[0m"
# sleep 3
# apt-get --yes --force-yes install awstats
# # Configure AWStats
# temp=`grep -i sitedomain /etc/awstats/awstats.conf.local | wc -l`
# if [ $temp -lt 1 ]; then
# echo SiteDomain="$_domain" >> /etc/awstats/awstats.conf.local
# fi
# # Disable Awstats from executing every 10 minutes. Put a hash in front of any line.
# sed -i 's/^[^#]/#&/' /etc/cron.d/awstats
# echo "\033[92;1mAwstat installed\033[Om"
if [ "$lemp" = "yes" ]; then
. bin/lemp.sh
else
echo 'lemp server not installed'
fi
. bin/dotfiles.sh
. bin/autoupdate.sh
# echo '\033[35m
# ______________ _______
@ -676,51 +132,11 @@ fi
# echo -e "\033[35;1mFunction canceled. /tmp already secured. \033[0m"
# fi
echo '\033[35m
____ __ _______ __
/ __ \____ / /_ / ____(_) /__ _____
/ / / / __ \/ __/ / /_ / / / _ \/ ___/
/ /_/ / /_/ / /_ / __/ / / / __(__ )
/_____/\____/\__/ /_/ /_/_/\___/____/
\033[0m'
#installing better prompt and some goodies for root
echo "\033[35;1mInstalling shell prompt for root \033[0m"
sleep 3
echo "cloning github.com/bachy/dotfiles-server"
git clone git://github.com/bachy/dotfiles-server.git ~/.dotfiles-server && cd ~/.dotfiles-server && ./install.sh && cd ~
source ~/.bashrc
echo "\033[92;1mDot files installed for root, you should installed them manually for $USER\033[0m"
# TODO add warning message on ssh connection if system needs updates
# TODO install and configure tmux
echo '\033[35m
___ __ __ __ __ __
/ | __ __/ /_____ / / / /___ ____/ /___ _/ /____
/ /| |/ / / / __/ __ \ / / / / __ \/ __ / __ `/ __/ _ \
/ ___ / /_/ / /_/ /_/ / / /_/ / /_/ / /_/ / /_/ / /_/ __/
/_/ |_\__,_/\__/\____/ \____/ .___/\__,_/\__,_/\__/\___/
/_/
\033[0m'
# https://www.howtoforge.com/how-to-configure-automatic-updates-on-debian-wheezy
# https://www.bisolweb.com/tutoriels/serveur-vps-ovh-partie-5-installation-apticron/
echo "\033[35;1mInstalling apticron \033[0m"
apt-get --yes --force-yes install apticron
sleep 3
echo -n "Enter an email: "
read email
sed -ir "s/EMAIL=\"root\"/EMAIL=\"$email\"/g" /etc/apticron/apticron.conf
# sed -ir "s/# DIFF_ONLY=\"1\"/DIFF_ONLY=\"1\"/g" /etc/apticron/apticron.conf
sed -ir "s/# NOTIFY_NEW=\"0\"/NOTIFY_NEW=\"0\"/g" /etc/apticron/apticron.conf
echo "\033[92;1mApticron installed and configured\033[0m"
echo '\033[35m
__

9
prompt.sh
View File

@ -1,9 +0,0 @@
# setup user environment
echo "\033[35;1mInstalling shell prompt \033[0m"
sleep 3
git clone git://github.com/bachy/dotfiles-server.git ~/.dotfiles-server && cd ~/.dotfiles-server && ./install.sh
source ~/.bashrc
echo "done"
echo "* * *"