bachir/debion-web-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

some updates for buster

Browse Source
This commit is contained in:
Bachir Soussi Chiadmi 2019-10-21 16:00:06 +02:00
parent 4ce386eeed
commit 67b84ed088
17 changed files with 117 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
assets/knockd.conf
View File

@ -18,7 +18,7 @@
[SSH] [SSH]
sequence = 7000,8000,9000 sequence = 7000,8000,9000
seq_timeout = 5 seq_timeout = 5
# TODO do not limit port 22 to the ip as it don't work with 4G connection # do not limit port 22 to the ip as it don't work with 4G connection
# start_command = ufw insert 1 allow from %IP% to any port 22 # start_command = ufw insert 1 allow from %IP% to any port 22
start_command = ufw allow ssh start_command = ufw allow ssh
tcpflags = syn tcpflags = syn

2
bin/autoupdate.sh
View File

@ -17,7 +17,7 @@ if [ "$EUID" -ne 0 ]; then
fi fi
echo "\033[35;1mInstalling apticron \033[0m" echo "\033[35;1mInstalling apticron \033[0m"
apt-get --yes --force-yes install apticron apt-get --yesinstall apticron
sleep 3 sleep 3
echo -n "Enter an email: " echo -n "Enter an email: "

2
bin/email.sh
View File

@ -28,7 +28,7 @@ fi
# http://www.sycha.com/lamp-setup-debian-linux-apache-mysql-php#anchor13 # http://www.sycha.com/lamp-setup-debian-linux-apache-mysql-php#anchor13
sleep 2 sleep 2
apt-get --yes --force-yes install exim4 apt-get --yesinstall exim4
echo "\033[35;1mConfiguring EXIM4 \033[0m" echo "\033[35;1mConfiguring EXIM4 \033[0m"
while [ "$configexim" != "y" ] && [ "$configexim" != "n" ] while [ "$configexim" != "y" ] && [ "$configexim" != "n" ]
do do

8
bin/fail2ban.sh
View File

@ -2,14 +2,14 @@
# TODO check if root # TODO check if root
echo -e '\033[35m echo '\033[35m
______ _ _____ __ ______ _ _____ __
/ ____/___ _(_) /__ \ / /_ ____ _____ / ____/___ _(_) /__ \ / /_ ____ _____
/ /_ / __ `/ / /__/ // __ \/ __ `/ __ \ / /_ / __ `/ / /__/ // __ \/ __ `/ __ \
/ __/ / /_/ / / // __// /_/ / /_/ / / / / / __/ / /_/ / / // __// /_/ / /_/ / / / /
/_/ \__,_/_/_//____/_.___/\__,_/_/ /_/ /_/ \__,_/_/_//____/_.___/\__,_/_/ /_/
\033[0m' \033[0m'
echo -e "\033[35;1mInstalling fall2ban \033[0m" echo "\033[35;1mInstalling fall2ban \033[0m"
if [ "$EUID" -ne 0 ]; then if [ "$EUID" -ne 0 ]; then
echo "Please run as root" echo "Please run as root"
@ -17,10 +17,10 @@ if [ "$EUID" -ne 0 ]; then
fi fi
sleep 2 sleep 2
apt-get --yes --force-yes install fail2ban apt-get --yesinstall fail2ban
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
# ToDo ask for email and configure jail.local with it # ToDo ask for email and configure jail.local with it
touch /var/log/auth.log touch /var/log/auth.log
systemctl enable fail2ban systemctl enable fail2ban
systemctl restart fail2ban systemctl restart fail2ban
echo -e "\033[92;1mfail2ban installed and configured\033[Om" echo "\033[92;1mfail2ban installed and configured\033[Om"

8
bin/firewall.sh
View File

@ -2,14 +2,14 @@
# TODO check if root # TODO check if root
echo -e '\033[35m echo '\033[35m
______________ _______ _____ __ __ ______________ _______ _____ __ __
/ ____/ _/ __ \/ ____/ | / / | / / / / / ____/ _/ __ \/ ____/ | / / | / / / /
/ /_ / // /_/ / __/ | | /| / / /| | / / / / / /_ / // /_/ / __/ | | /| / / /| | / / / /
/ __/ _/ // _, _/ /___ | |/ |/ / ___ |/ /___/ /___ / __/ _/ // _, _/ /___ | |/ |/ / ___ |/ /___/ /___
/_/ /___/_/ |_/_____/ |__/|__/_/ |_/_____/_____/ /_/ /___/_/ |_/_____/ |__/|__/_/ |_/_____/_____/
\033[0m' \033[0m'
echo -e "\033[35;1mInstalling ufw and setup firewall (allowing only ssh and http) \033[0m" echo "\033[35;1mInstalling ufw and setup firewall (allowing only ssh and http) \033[0m"
if [ "$EUID" -ne 0 ]; then if [ "$EUID" -ne 0 ]; then
echo "Please run as root" echo "Please run as root"
@ -17,7 +17,7 @@ if [ "$EUID" -ne 0 ]; then
fi fi
sleep 2 sleep 2
apt-get --yes --force-yes install ufw apt-get --yesinstall ufw
# ufw allow ssh # knockd will open the ssh port # ufw allow ssh # knockd will open the ssh port
ufw allow http ufw allow http
ufw allow https ufw allow https
@ -26,4 +26,4 @@ ufw allow https
ufw enable ufw enable
ufw status verbose ufw status verbose
echo -e "\033[92;1mufw installed and firwall configured\033[Om" echo "\033[92;1mufw installed and firwall configured\033[Om"

2
bin/ftp.sh
View File

@ -28,7 +28,7 @@ if [ ! -d "$_assets" ]; then
fi fi
echo "installing proftpd" echo "installing proftpd"
apt-get --yes --force-yes install proftpd apt-get --yesinstall proftpd
while [ "$_server_name" = "" ] while [ "$_server_name" = "" ]
do do
read -p "enter a server name ? " _server_name read -p "enter a server name ? " _server_name

6
bin/gitbarrerepos.sh
View File

@ -4,14 +4,14 @@
# get the current position # get the current position
_cwd="$(pwd)" _cwd="$(pwd)"
echo -e '\033[35m echo '\033[35m
_______ __ _______ __
/ ____(_) /_ / ____(_) /_
/ / __/ / __/ / / __/ / __/
/ /_/ / / /_ / /_/ / / /_
\____/_/\__/ \____/_/\__/
\033[0m' \033[0m'
echo -e "\033[35;1mCreate new git barre repos and deploy script\033[0m" echo "\033[35;1mCreate new git barre repos and deploy script\033[0m"
echo "Git barre repo will be installed in chosen user home directory" echo "Git barre repo will be installed in chosen user home directory"
echo "git prod repos will be installed in public_html directory of provided domain, the domain have to exists as shortcut in chosen user/www before running this script. Please run first vhost.sh script and say yes to the question create a shortcut !" echo "git prod repos will be installed in public_html directory of provided domain, the domain have to exists as shortcut in chosen user/www before running this script. Please run first vhost.sh script and say yes to the question create a shortcut !"
@ -51,7 +51,7 @@ if [ "$vh" = "yes" ]; then
user="" user=""
fi fi
else else
echo -e "user $user doesn't exists, you must provide an existing user" echo "user $user doesn't exists, you must provide an existing user"
user="" user=""
fi fi
fi fi

10
bin/knockd.sh
View File

@ -2,14 +2,14 @@
# TODO check if root # TODO check if root
echo -e '\033[35m echo '\033[35m
__ __ __ __ __ __
/ /______ ____ _____/ /______/ / / /______ ____ _____/ /______/ /
/ //_/ __ \/ __ \/ ___/ //_/ __ / / //_/ __ \/ __ \/ ___/ //_/ __ /
/ ,< / / / / /_/ / /__/ ,< / /_/ / / ,< / / / / /_/ / /__/ ,< / /_/ /
/_/|_/_/ /_/\____/\___/_/|_|\__,_/ /_/|_/_/ /_/\____/\___/_/|_|\__,_/
\033[0m' \033[0m'
echo -e "\033[35;1mInstalling knockd to control ssh port opening\033[0m" echo "\033[35;1mInstalling knockd to control ssh port opening\033[0m"
if [ "$EUID" -ne 0 ]; then if [ "$EUID" -ne 0 ]; then
echo "Please run as root" echo "Please run as root"
@ -29,7 +29,7 @@ if [ ! -d "$_assets" ]; then
fi fi
sleep 2 sleep 2
apt-get --yes --force-yes install knockd apt-get --yesinstall knockd
mv /etc/knockd.conf /etc/knockd.conf.ori mv /etc/knockd.conf /etc/knockd.conf.ori
cp "$_assets"/knockd.conf /etc/knockd.conf cp "$_assets"/knockd.conf /etc/knockd.conf
@ -50,7 +50,7 @@ Alias=knockd.service" >> /lib/systemd/system/knockd.service
systemctl enable knockd systemctl enable knockd
systemctl start knockd systemctl start knockd
echo -e "\033[92;1mknockd installed and configured\033[Om" echo "\033[92;1mknockd installed and configured\033[Om"
echo -e "\033[92;1mplease note this sequence for future ssh knocking\033[Om" echo "\033[92;1mplease note this sequence for future ssh knocking\033[Om"
echo "$sq" echo "$sq"
sleep 3 sleep 3

94
bin/lemp.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
echo -e '\033[35m echo '\033[35m
__ __
/ /__ ____ ___ ____ / /__ ____ ___ ____
/ / _ \/ __ `__ \/ __ \ / / _ \/ __ `__ \/ __ \
@ -8,10 +8,10 @@ echo -e '\033[35m
/_/\___/_/ /_/ /_/ .___/ /_/\___/_/ /_/ /_/ .___/
/_/ /_/
\033[0m' \033[0m'
echo -e "\033[35;1mLEMP server (Nginx Mysql Php-fpm) \033[0m" echo "\033[35;1mLEMP server (Nginx Mysql Php-fpm) \033[0m"
if [ "$EUID" -ne 0 ]; then if [ "$EUID" -ne 0 ]; then
echo -e "Please run as root" echo "Please run as root"
exit exit
fi fi
@ -29,7 +29,7 @@ fi
sleep 2 sleep 2
echo -e '\033[35m echo '\033[35m
__ ___ __ __ ___ __
/ |/ /_ ___________ _/ / / |/ /_ ___________ _/ /
/ /|_/ / / / / ___/ __ `/ / / /|_/ / / / / ___/ __ `/ /
@ -37,32 +37,32 @@ echo -e '\033[35m
/_/ /_/\__, /____/\__, /_/ /_/ /_/\__, /____/\__, /_/
/____/ /_/ /____/ /_/
\033[0m' \033[0m'
echo -e "\033[35;1minstalling Mysql \033[0m" echo "\033[35;1minstalling Mysql \033[0m"
sleep 3 sleep 3
apt-get --yes --force-yes install mariadb-server apt-get --yesinstall mariadb-server
mysql_secure_installation mysql_secure_installation
cp "$_assets"/mysql/innodb-file-per-table.cnf /etc/mysql/conf.d/ cp "$_assets"/mysql/innodb-file-per-table.cnf /etc/mysql/conf.d/
systemctl enable mariadb.service systemctl enable mariadb.service
systemctl restart mariadb.service systemctl restart mariadb.service
echo -e "\033[92;1mmysql installed\033[Om" echo "\033[92;1mmysql installed\033[Om"
echo -e '\033[35m echo '\033[35m
____ __ ______ ____ __ ______
/ __ \/ / / / __ \ / __ \/ / / / __ \
/ /_/ / /_/ / /_/ / / /_/ / /_/ / /_/ /
/ ____/ __ / ____/ / ____/ __ / ____/
/_/ /_/ /_/_/ /_/ /_/ /_/_/
\033[0m' \033[0m'
echo -e "\033[35;1mInstalling PHP 7.0 \033[0m" echo "\033[35;1mInstalling PHP 7.0 \033[0m"
sleep 3 sleep 3
apt-get --yes --force-yes install php7.0-fpm php7.0-mysql php7.0-opcache php7.0-curl php7.0-mbstring php7.0-zip php7.0-xml php7.0-gd php7.0-mcrypt php-memcached php7.0-imagick apt-get --yesinstall php7.0-fpm php7.0-mysql php7.0-opcache php7.0-curl php7.0-mbstring php7.0-zip php7.0-xml php7.0-gd php7.0-mcrypt php-memcached php7.0-imagick
mv /etc/php/7.0/fpm/php.ini /etc/php/7.0/fpm/php.ini.back mv /etc/php/7.0/fpm/php.ini /etc/php/7.0/fpm/php.ini.back
cp "$_assets"/php-fpm.ini /etc/php/7.0/fpm/php.ini cp "$_assets"/php-fpm.ini /etc/php/7.0/fpm/php.ini
echo -e "Configuring PHP" echo "Configuring PHP"
mkdir /var/log/php mkdir /var/log/php
chown www-data /var/log/php chown www-data /var/log/php
@ -71,16 +71,16 @@ cp "$_assets"/logrotate-php /etc/logrotate.d/php
systemctl enable php7.0-fpm systemctl enable php7.0-fpm
systemctl start php7.0-fpm systemctl start php7.0-fpm
# echo -e "Installing memecached" # echo "Installing memecached"
# replaced by redis # replaced by redis
# apt-get --yes --force-yes install memcached # apt-get --yesinstall memcached
# sed -i "s/-m\s64/-m 128/g" /etc/memcached.conf # sed -i "s/-m\s64/-m 128/g" /etc/memcached.conf
# #
# systemctl start memcached # systemctl start memcached
echo -e "\033[92;1mphp installed\033[Om" echo "\033[92;1mphp installed\033[Om"
echo -e '\033[35m echo '\033[35m
_ __ _ _ __ _
/ | / /___ _(_)___ _ __ / | / /___ _(_)___ _ __
/ |/ / __ `/ / __ \| |/_/ / |/ / __ `/ / __ \| |/_/
@ -88,17 +88,17 @@ echo -e '\033[35m
/_/ |_/\__, /_/_/ /_/_/|_| /_/ |_/\__, /_/_/ /_/_/|_|
/____/ /____/
\033[0m' \033[0m'
echo -e "\033[35;1mInstalling Nginx \033[0m" echo "\033[35;1mInstalling Nginx \033[0m"
sleep 3 sleep 3
apt-get --yes --force-yes install nginx apt-get --yesinstall nginx
mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default.ori mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default.ori
cp "$_assets"/default.nginxconf /etc/nginx/sites-available/default cp "$_assets"/default.nginxconf /etc/nginx/sites-available/default
systemctl enable nginx systemctl enable nginx
systemctl restart nginx systemctl restart nginx
echo -e "\033[92;1mNginx installed\033[Om" echo "\033[92;1mNginx installed\033[Om"
echo -e '\033[35m echo '\033[35m
__ __ ___ ___ __ _ __ __ ___ ___ __ _
____ / /_ ____ / |/ /_ __/ | ____/ /___ ___ (_)___ ____ / /_ ____ / |/ /_ __/ | ____/ /___ ___ (_)___
/ __ \/ __ \/ __ \/ /|_/ / / / / /| |/ __ / __ `__ \/ / __ \ / __ \/ __ \/ __ \/ /|_/ / / / / /| |/ __ / __ `__ \/ / __ \
@ -106,32 +106,32 @@ echo -e '\033[35m
/ .___/_/ /_/ .___/_/ /_/\__, /_/ |_\__,_/_/ /_/ /_/_/_/ /_/ / .___/_/ /_/ .___/_/ /_/\__, /_/ |_\__,_/_/ /_/ /_/_/_/ /_/
/_/ /_/ /____/ /_/ /_/ /____/
\033[0m' \033[0m'
echo -e "\033[35;1mInstalling phpMyAdmin \033[0m" echo "\033[35;1mInstalling phpMyAdmin \033[0m"
apt-get --yes --force-yes install phpmyadmin apt-get --yesinstall phpmyadmin
ln -s /usr/share/phpmyadmin /var/www/html/ ln -s /usr/share/phpmyadmin /var/www/html/
cp "$_assets"/nginx-phpmyadmin.conf > /etc/nginx/sites-available/phpmyadmin.conf cp "$_assets"/nginx-phpmyadmin.conf > /etc/nginx/sites-available/phpmyadmin.conf
ln -s /etc/nginx/sites-available/phpmyadmin.conf /etc/nginx/sites-enabled/phpmyadmin.conf ln -s /etc/nginx/sites-available/phpmyadmin.conf /etc/nginx/sites-enabled/phpmyadmin.conf
# echo -e "\033[35;1msecuring phpMyAdmin \033[0m" # echo "\033[35;1msecuring phpMyAdmin \033[0m"
# sed -i "s/DirectoryIndex index.php/DirectoryIndex index.php\nAllowOverride all/" # sed -i "s/DirectoryIndex index.php/DirectoryIndex index.php\nAllowOverride all/"
# cp "$_assets"/phpmyadmin_htaccess > /usr/share/phpmyadmin/.htaccess # cp "$_assets"/phpmyadmin_htaccess > /usr/share/phpmyadmin/.htaccess
# echo -n "define a user name for phpmyadmin : " # echo -n "define a user name for phpmyadmin : "
# read un # read un
# htpasswd -c /etc/phpmyadmin/.htpasswd $un # htpasswd -c /etc/phpmyadmin/.htpasswd $un
# service apache2 restart # service apache2 restart
echo -e "\033[92;1mphpMyAdmin installed\033[Om" echo "\033[92;1mphpMyAdmin installed\033[Om"
echo -e "\033[92;1mYou can access it at yourip/phpmyadmin\033[Om" echo "\033[92;1mYou can access it at yourip/phpmyadmin\033[Om"
echo -e '\033[35m echo '\033[35m
____ ___ ____ ___
/ __ \___ ____/ (_)____ / __ \___ ____/ (_)____
/ /_/ / _ \/ __ / / ___/ / /_/ / _ \/ __ / / ___/
/ _, _/ __/ /_/ / (__ ) / _, _/ __/ /_/ / (__ )
/_/ |_|\___/\__,_/_/____/ /_/ |_|\___/\__,_/_/____/
\033[0m' \033[0m'
echo -e "\033[35;1mInstalling Redis \033[0m" echo "\033[35;1mInstalling Redis \033[0m"
sleep 3 sleep 3
apt-get --yes --force-yes install redis-server php-redis apt-get --yesinstall redis-server php-redis
# TODO set maxmemory=2gb # TODO set maxmemory=2gb
# TODO set maxmemory-policy=volatile-lru # TODO set maxmemory-policy=volatile-lru
@ -141,9 +141,9 @@ apt-get --yes --force-yes install redis-server php-redis
systemctl enable redis-server systemctl enable redis-server
systemctl restart redis-server systemctl restart redis-server
systemctl restart php7.0-fpm systemctl restart php7.0-fpm
echo -e "\033[92;1mRedis installed\033[Om" echo "\033[92;1mRedis installed\033[Om"
echo -e '\033[35m echo '\033[35m
______ ______
/ ____/___ ____ ___ ____ ____ ________ _____ / ____/___ ____ ___ ____ ____ ________ _____
/ / / __ \/ __ `__ \/ __ \/ __ \/ ___/ _ \/ ___/ / / / __ \/ __ `__ \/ __ \/ __ \/ ___/ _ \/ ___/
@ -151,42 +151,42 @@ echo -e '\033[35m
\____/\____/_/ /_/ /_/ .___/\____/____/\___/_/ \____/\____/_/ /_/ /_/ .___/\____/____/\___/_/
/_/ /_/
\033[0m' \033[0m'
echo -e "\033[35;1mInstalling Composer \033[0m" echo "\033[35;1mInstalling Composer \033[0m"
sleep 3 sleep 3
export COMPOSER_HOME=/usr/local/composer export COMPOSER_HOME=/usr/local/composer
curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
echo -e "\033[92;1mComposer installed\033[Om" echo "\033[92;1mComposer installed\033[Om"
echo -e '\033[35m echo '\033[35m
____ __ ____ __
/ __ \_______ _______/ /_ / __ \_______ _______/ /_
/ / / / ___/ / / / ___/ __ \ / / / / ___/ / / / ___/ __ \
/ /_/ / / / /_/ (__ ) / / / / /_/ / / / /_/ (__ ) / / /
/_____/_/ \__,_/____/_/ /_/ /_____/_/ \__,_/____/_/ /_/
\033[0m' \033[0m'
echo -e "\033[35;1mInstalling Drush and DrupalConsole\033[0m" echo "\033[35;1mInstalling Drush and DrupalConsole\033[0m"
sleep 3 sleep 3
curl https://drupalconsole.com/installer -L -o /usr/local/bin/drupal curl https://drupalconsole.com/installer -L -o /usr/local/bin/drupal
chmod +x /usr/local/bin/drupal chmod +x /usr/local/bin/drupal
curl https://github.com/drush-ops/drush-launcher/releases/download/0.6.0/drush.phar -L -o /usr/local/bin/drush curl https://github.com/drush-ops/drush-launcher/releases/download/0.6.0/drush.phar -L -o /usr/local/bin/drush
chmod +x /usr/local/bin/drush chmod +x /usr/local/bin/drush
echo -e "\033[92;1mDrush and DrupalConsoleinstalled\033[Om" echo "\033[92;1mDrush and DrupalConsoleinstalled\033[Om"
# TODO supervising # TODO supervising
# echo -e '\033[35m # echo '\033[35m
# __ ___ _ __ __ __ ___ _ # __ ___ _ __ __ __ ___ _
# / |/ /__ ___ (_) /_ _/_/ / |/ /_ _____ (_)__ # / |/ /__ ___ (_) /_ _/_/ / |/ /_ _____ (_)__
# / /|_/ / _ \/ _ \/ / __/ _/_/ / /|_/ / // / _ \/ / _ \ # / /|_/ / _ \/ _ \/ / __/ _/_/ / /|_/ / // / _ \/ / _ \
# /_/ /_/\___/_//_/_/\__/ /_/ /_/ /_/\_,_/_//_/_/_//_/ # /_/ /_/\___/_//_/_/\__/ /_/ /_/ /_/\_,_/_//_/_/_//_/
# \033[0m' # \033[0m'
# echo -e "\033[35;1mInstalling Munin \033[0m" # echo "\033[35;1mInstalling Munin \033[0m"
# sleep 3 # sleep 3
# # https://www.howtoforge.com/tutorial/server-monitoring-with-munin-and-monit-on-debian/ # # https://www.howtoforge.com/tutorial/server-monitoring-with-munin-and-monit-on-debian/
# apt-get --yes --force-yes install munin munin-node munin-plugins-extra # apt-get --yesinstall munin munin-node munin-plugins-extra
# # Configure Munin # # Configure Munin
# # enable plugins # # enable plugins
# ln -s /usr/share/munin/plugins/mysql_ /etc/munin/plugins/mysql_ # ln -s /usr/share/munin/plugins/mysql_ /etc/munin/plugins/mysql_
@ -220,12 +220,12 @@ echo -e "\033[92;1mDrush and DrupalConsoleinstalled\033[Om"
# #
# service apache2 restart # service apache2 restart
# service munin-node restart # service munin-node restart
# echo -e "\033[92;1mMunin installed\033[Om" # echo "\033[92;1mMunin installed\033[Om"
# #
# echo -e "\033[35;1mInstalling Monit \033[0m" # echo "\033[35;1mInstalling Monit \033[0m"
# sleep 3 # sleep 3
# # https://www.howtoforge.com/tutorial/server-monitoring-with-munin-and-monit-on-debian/2/ # # https://www.howtoforge.com/tutorial/server-monitoring-with-munin-and-monit-on-debian/2/
# apt-get --yes --force-yes install monit # apt-get --yesinstall monit
# # TODO setup monit rc # # TODO setup monit rc
# cat "$_assets"/monitrc > /etc/monit/monitrc # cat "$_assets"/monitrc > /etc/monit/monitrc
# #
@ -241,7 +241,7 @@ echo -e "\033[92;1mDrush and DrupalConsoleinstalled\033[Om"
# sed -i 's/PASSWD_TO_REPLACE/$passwda/g' /etc/monit/monitrc # sed -i 's/PASSWD_TO_REPLACE/$passwda/g' /etc/monit/monitrc
# passok=1 # passok=1
# else # else
# echo -e "pass words don't match, please try again" # echo "pass words don't match, please try again"
# fi # fi
# done # done
# #
@ -249,23 +249,23 @@ echo -e "\033[92;1mDrush and DrupalConsoleinstalled\033[Om"
# sed -i "s/server1\.example\.com/$HOSTNAME/g" /etc/monit/monitrc # sed -i "s/server1\.example\.com/$HOSTNAME/g" /etc/monit/monitrc
# #
# mkdir /var/www/html/monit # mkdir /var/www/html/monit
# echo -e "hello" > /var/www/html/monit/token # echo "hello" > /var/www/html/monit/token
# #
# service monit start # service monit start
# #
# echo -e "\033[92;1mMonit installed\033[Om" # echo "\033[92;1mMonit installed\033[Om"
# echo -e '\033[35m # echo '\033[35m
# ___ __ __ # ___ __ __
# / |_ _______/ /_____ _/ /_ # / |_ _______/ /_____ _/ /_
# / /| | | /| / / ___/ __/ __ `/ __/ # / /| | | /| / / ___/ __/ __ `/ __/
# / ___ | |/ |/ (__ ) /_/ /_/ / /_ # / ___ | |/ |/ (__ ) /_/ /_/ / /_
# /_/ |_|__/|__/____/\__/\__,_/\__/ # /_/ |_|__/|__/____/\__/\__,_/\__/
# \033[0m' # \033[0m'
# echo -e "\033[35;1mInstalling Awstat \033[0m" # echo "\033[35;1mInstalling Awstat \033[0m"
# sleep 3 # sleep 3
# apt-get --yes --force-yes install awstats # apt-get --yesinstall awstats
# # Configure AWStats # # Configure AWStats
# temp=`grep -i sitedomain /etc/awstats/awstats.conf.local | wc -l` # temp=`grep -i sitedomain /etc/awstats/awstats.conf.local | wc -l`
# if [ $temp -lt 1 ]; then # if [ $temp -lt 1 ]; then
@ -273,4 +273,4 @@ echo -e "\033[92;1mDrush and DrupalConsoleinstalled\033[Om"
# fi # fi
# # Disable Awstats from executing every 10 minutes. Put a hash in front of any line. # # Disable Awstats from executing every 10 minutes. Put a hash in front of any line.
# sed -i 's/^[^#]/#&/' /etc/cron.d/awstats # sed -i 's/^[^#]/#&/' /etc/cron.d/awstats
# echo -e "\033[92;1mAwstat installed\033[Om" # echo "\033[92;1mAwstat installed\033[Om"

11
bin/misc.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
echo -e '\033[35m echo '\033[35m
__ ____ __ ____
/ |/ (_)_________ / |/ (_)_________
/ /|_/ / / ___/ ___/ / /|_/ / / ___/ ___/
@ -15,16 +15,17 @@ if [ "$EUID" -ne 0 ]; then
fi fi
sleep 2 sleep 2
apt-get --yes --force-yes install vim curl # TODO --force-yes is deprecated, use one of the options starting with --allow instead.
apt-get --yesinstall vim curl
sed -i "s/^# en_GB.UTF-8/en_GB.UTF-8/g" /etc/locale.gen sed -i "s/^# en_GB.UTF-8/en_GB.UTF-8/g" /etc/locale.gen
locale-gen locale-gen
apt-get --yes --force-yes install ntp apt-get --yesinstall ntp
dpkg-reconfigure tzdata dpkg-reconfigure tzdata
apt-get --yes --force-yes install tmux etckeeper needrestart htop lynx unzip apt-get --yesinstall tmux etckeeper needrestart htop lynx unzip
# TODO cron # TODO cron
# https://askubuntu.com/questions/56683/where-is-the-cron-crontab-log/121560#121560 # https://askubuntu.com/questions/56683/where-is-the-cron-crontab-log/121560#121560
echo -e "\033[92;1mMisc done \033[Om" echo "\033[92;1mMisc done \033[Om"

2
bin/mysqlbackup.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
echo -e '\033[35m echo '\033[35m
__ __ _ ___ _ __ __ _ ___ _
| \/ |_ _ ___ __ _| | | _ ) __ _ __| |___ _ _ __ ___ | \/ |_ _ ___ __ _| | | _ ) __ _ __| |___ _ _ __ ___
| |\/| | || (_-</ _ | | | _ \/ _ / _| / / || | _ (_-< | |\/| | || (_-</ _ | | | _ \/ _ / _| / / || | _ (_-<

2
bin/urbackup.sh
View File

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
echo -e '\033[35m echo '\033[35m
_ _ _ _ ___ _ _ _ _ _ _ _ ___ _ _ _
| | | |_ _| |__ __ _ __| |___ _ _ __ / __| | (_)___ _ _| |_ | | | |_ _| |__ __ _ __| |___ _ _ __ / __| | (_)___ _ _| |_
| |_| | _| _ \/ _` / _| / / || | _ \ | (__| |__| / -_) \ _| | |_| | _| _ \/ _` / _| / / || | _ \ | (__| |__| / -_) \ _|

13
bin/user.sh
View File

@ -1,13 +1,13 @@
#!/bin/sh #!/bin/sh
echo -e '\033[35m echo '\033[35m
__ _______ __________ __ _______ __________
/ / / / ___// ____/ __ \ / / / / ___// ____/ __ \
/ / / /\__ \/ __/ / /_/ / / / / /\__ \/ __/ / /_/ /
/ /_/ /___/ / /___/ _, _/ / /_/ /___/ / /___/ _, _/
\____//____/_____/_/ |_| \____//____/_____/_/ |_|
\033[0m' \033[0m'
echo -e "\033[35;1mCreate new user (you will be asked a user name and a password) \033[0m" echo "\033[35;1mCreate new user (you will be asked a user name and a password) \033[0m"
if [ "$EUID" -ne 0 ]; then if [ "$EUID" -ne 0 ]; then
echo "Please run as root" echo "Please run as root"
@ -37,12 +37,17 @@ do
fi fi
done done
# TODO
# ./install.sh: 42: bin/user.sh: adduser: not found
# adding dev to admin group and limiting su to the admin group
# ./install.sh: 44: bin/user.sh: groupadd: not found
# ./install.sh: 45: bin/user.sh: usermod: not found
# dpkg-statoverride: error: group 'admin' does not exist
# read -p "Continue? (Y/N): " confirm && [[ $confirm == [yY] || $confirm == [yY][eE][sS] ]] || exit 1
adduser "$user" adduser "$user"
echo "adding $user to admin group and limiting su to the admin group" echo "adding $user to admin group and limiting su to the admin group"
groupadd admin groupadd admin
usermod -a -G admin "$user" usermod -a -G admin "$user"
# allow admin group to su # allow admin group to su
dpkg-statoverride --update --add root admin 4750 /bin/su dpkg-statoverride --update --add root admin 4750 /bin/su
echo -e "\033[92;1muser $user configured\033[Om" echo "\033[92;1muser $user configured\033[Om"

22
bin/vhost.sh
View File

@ -1,12 +1,12 @@
echo -e '\033[35m echo '\033[35m
__ __ __ __
_ __/ /_ ____ _____/ /_ _ __/ /_ ____ _____/ /_
| | / / __ \/ __ \/ ___/ __/ | | / / __ \/ __ \/ ___/ __/
| |/ / / / / /_/ (__ ) /_ | |/ / / / / /_/ (__ ) /_
|___/_/ /_/\____/____/\__/ |___/_/ /_/\____/____/\__/
\033[0m' \033[0m'
echo -e "\033[35;1mNginx VHOST install \033[0m" echo "\033[35;1mNginx VHOST install \033[0m"
while [ "$vh" != "y" ] && [ "$vh" != "n" ] while [ "$vh" != "y" ] && [ "$vh" != "n" ]
do do
echo -n "Should we install a vhost? [y|n] " echo -n "Should we install a vhost? [y|n] "
@ -50,8 +50,8 @@ if [ "$vh" = "y" ]; then
# ask for let's encrypt # ask for let's encrypt
while [ "$_letsencrypt" != "yes" ] && [ "$_letsencrypt" != "no" ] while [ "$_letsencrypt" != "yes" ] && [ "$_letsencrypt" != "no" ]
do do
echo -e "\033[35;1mLet's encrypt \033[0m" echo "\033[35;1mLet's encrypt \033[0m"
echo -e "Let's encrypt needs a public registered domain name with proper DNS records ( A records or CNAME records for subdomains pointing to your server)." echo "Let's encrypt needs a public registered domain name with proper DNS records ( A records or CNAME records for subdomains pointing to your server)."
echo -n "Should we install let's encrypt certificate with $_domain? [yes|no] " echo -n "Should we install let's encrypt certificate with $_domain? [yes|no] "
read _letsencrypt read _letsencrypt
done done
@ -61,7 +61,7 @@ if [ "$vh" = "y" ]; then
# lets'encrypt # lets'encrypt
# https://certbot.eff.org/lets-encrypt/debianstretch-nginx # https://certbot.eff.org/lets-encrypt/debianstretch-nginx
if [ "$_letsencrypt" = "yes" ]; then if [ "$_letsencrypt" = "yes" ]; then
apt-get --yes --force-yes install certbot apt-get --yesinstall certbot
certbot certonly --standalone -d "$_domain" --cert-name "$_domain" certbot certonly --standalone -d "$_domain" --cert-name "$_domain"
# TODO stop the whole process if letsencrypt faile # TODO stop the whole process if letsencrypt faile
mkdir -p /etc/nginx/ssl/certs/"$_domain" mkdir -p /etc/nginx/ssl/certs/"$_domain"
@ -69,7 +69,7 @@ if [ "$vh" = "y" ]; then
# renewing # renewing
touch /var/spool/cron/crontabs/root touch /var/spool/cron/crontabs/root
crontab -l > mycron crontab -l > mycron
echo -e "0 3 * * * certbot renew --pre-hook 'systemctl stop nginx' --post-hook 'systemctl start nginx' --cert-name $_domain" >> mycron echo "0 3 * * * certbot renew --pre-hook 'systemctl stop nginx' --post-hook 'systemctl start nginx' --cert-name $_domain" >> mycron
crontab mycron crontab mycron
rm mycron rm mycron
fi fi
@ -124,14 +124,14 @@ if [ "$vh" = "y" ]; then
user="" user=""
fi fi
else else
echo -e "user $user doesn't exists, you must provide an existing user" echo "user $user doesn't exists, you must provide an existing user"
user="" user=""
fi fi
fi fi
done done
fi fi
echo -e "shortcut will be installed for '$user'"; echo "shortcut will be installed for '$user'";
sleep 3 sleep 3
mkdir /home/"$user"/www/ mkdir /home/"$user"/www/
@ -140,14 +140,14 @@ if [ "$vh" = "y" ]; then
chown "$user":admin /home/"$user"/www/"$_domain" chown "$user":admin /home/"$user"/www/"$_domain"
else else
echo -e 'no shortcut installed' echo 'no shortcut installed'
fi fi
# activate the vhost # activate the vhost
ln -s /etc/nginx/sites-available/"$_domain".conf /etc/nginx/sites-enabled/"$_domain".conf ln -s /etc/nginx/sites-available/"$_domain".conf /etc/nginx/sites-enabled/"$_domain".conf
# restart nginx # restart nginx
systemctl start nginx systemctl start nginx
echo -e "\033[92;1mvhost $_domain configured \033[Om" echo "\033[92;1mvhost $_domain configured \033[Om"
else else
echo -e "Vhost installation aborted" echo "Vhost installation aborted"
fi fi

8
bin/zabbix.sh
View File

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
echo -e '\033[35m echo '\033[35m
_____ __ __ _ _____ __ __ _
/__ / ____ _/ /_ / /_ (_) __ /__ / ____ _/ /_ / /_ (_) __
/ / / __ `/ __ \/ __ \/ / |/_/ / / / __ `/ __ \/ __ \/ / |/_/
@ -112,6 +112,6 @@ ufw allow from "$_ip" to any port 22
systemctl restart zabbix-agent systemctl restart zabbix-agent
systemctl enable zabbix-agent systemctl enable zabbix-agent
echo -e "\033[92;1mZabbix-agent installed and configured, please add the host $_host_name in your zabbix-server \033[Om" echo "\033[92;1mZabbix-agent installed and configured, please add the host $_host_name in your zabbix-server \033[Om"
echo -e "\033[92;1mAnd import requested templates in assets/zabbix/templates/ \033[Om" echo "\033[92;1mAnd import requested templates in assets/zabbix/templates/ \033[Om"
echo -e "\033[92;1mzabbix user mysql password is $_passwd \033[Om" echo "\033[92;1mzabbix user mysql password is $_passwd \033[Om"

32
install.sh
View File

@ -5,7 +5,7 @@
# http://web-74.com/blog/reseaux/gerer-le-deploiement-facilement-avec-git/ # http://web-74.com/blog/reseaux/gerer-le-deploiement-facilement-avec-git/
# #
echo -e '\033[35m echo '\033[35m
____ __ _ _____ ____ __ _ _____
/ __ \___ / /_ (_)___ _____ / ___/___ ______ _____ _____ / __ \___ / /_ (_)___ _____ / ___/___ ______ _____ _____
/ / / / _ \/ __ \/ / __ `/ __ \ \__ \/ _ \/ ___/ | / / _ \/ ___/ / / / / _ \/ __ \/ / __ `/ __ \ \__ \/ _ \/ ___/ | / / _ \/ ___/
@ -13,10 +13,10 @@ echo -e '\033[35m
/_____/\___/_.___/_/\__,_/_/ /_/ /____/\___/_/ |___/\___/_/ /_____/\___/_.___/_/\__,_/_/ /_/ /____/\___/_/ |___/\___/_/
\033[0m' \033[0m'
echo -e "\033[35;1mThis script has been tested only on Linux Debian 9 \033[0m" echo "\033[35;1mThis script has been tested only on Linux Debian 10 \033[0m"
if [ "$EUID" -ne 0 ]; then if [ "$EUID" -ne 0 ]; then
echo -e "Please run as root" echo "Please run as root"
exit exit
fi fi
@ -24,7 +24,7 @@ echo -n "Should we start? [Y|n] "
read yn read yn
yn=${yn:-y} yn=${yn:-y}
if [ "$yn" != "y" ]; then if [ "$yn" != "y" ]; then
echo -e "aborting script!" echo "aborting script!"
exit exit
fi fi
@ -48,7 +48,7 @@ done
if [ "$securssh" = "yes" ]; then if [ "$securssh" = "yes" ]; then
. bin/ssh.sh . bin/ssh.sh
else else
echo -e 'root user can still conect through ssh' echo 'root user can still conect through ssh'
fi fi
@ -58,7 +58,7 @@ yn=${yn:-y}
if [ "$yn" = "y" ]; then if [ "$yn" = "y" ]; then
. bin/ftp.sh . bin/ftp.sh
else else
echo -e 'ftp server not installed' echo 'ftp server not installed'
fi fi
while [ "$lemp" != "yes" ] && [ "$lemp" != "no" ] while [ "$lemp" != "yes" ] && [ "$lemp" != "no" ]
@ -69,7 +69,7 @@ done
if [ "$lemp" = "yes" ]; then if [ "$lemp" = "yes" ]; then
. bin/lemp.sh . bin/lemp.sh
else else
echo -e 'lemp server not installed' echo 'lemp server not installed'
fi fi
while [ "$_install_vhost" != "yes" ] && [ "$_install_vhost" != "no" ] while [ "$_install_vhost" != "yes" ] && [ "$_install_vhost" != "no" ]
@ -80,7 +80,7 @@ done
if [ "$_install_vhost" = "yes" ]; then if [ "$_install_vhost" = "yes" ]; then
. bin/vhost.sh . bin/vhost.sh
else else
echo -e 'no vhost installed' echo 'no vhost installed'
fi fi
while [ "$_install_zabbix_agent" != "yes" ] && [ "$_install_zabbix_agent" != "no" ] while [ "$_install_zabbix_agent" != "yes" ] && [ "$_install_zabbix_agent" != "no" ]
@ -91,7 +91,7 @@ done
if [ "$_install_zabbix_agent" = "yes" ]; then if [ "$_install_zabbix_agent" = "yes" ]; then
. bin/zabbix.sh . bin/zabbix.sh
else else
echo -e 'zabbix-agent not installed' echo 'zabbix-agent not installed'
fi fi
while [ "$_install_urbackup" != "yes" ] && [ "$_install_urbackup" != "no" ] while [ "$_install_urbackup" != "yes" ] && [ "$_install_urbackup" != "no" ]
@ -102,14 +102,14 @@ done
if [ "$_install_urbackup" = "yes" ]; then if [ "$_install_urbackup" = "yes" ]; then
. bin/urbackup.sh . bin/urbackup.sh
else else
echo -e 'urbackup client not installed' echo 'urbackup client not installed'
fi fi
. bin/dotfiles.sh . bin/dotfiles.sh
# . bin/autoupdate.sh # . bin/autoupdate.sh
# echo -e '\033[35m # echo '\033[35m
# ______________ _______ # ______________ _______
# /_ __/ ____/ |/ / __ \ # /_ __/ ____/ |/ / __ \
# / / / __/ / /|_/ / /_/ / # / / / __/ / /|_/ / /_/ /
@ -139,7 +139,7 @@ fi
# mount -t tmpfs -o rw,noexec,nosuid tmpfs /tmp # mount -t tmpfs -o rw,noexec,nosuid tmpfs /tmp
# chmod 1777 /tmp # chmod 1777 /tmp
# echo -e "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" >> /etc/fstab # echo "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" >> /etc/fstab
# # Restore /tmp # # Restore /tmp
# cp -Rpf /tmpbackup/* /tmp/ >/dev/null 2>&1 # cp -Rpf /tmpbackup/* /tmp/ >/dev/null 2>&1
@ -156,14 +156,14 @@ fi
# # Remove old tmp dir # # Remove old tmp dir
# rm -rf /var/tmpbackup # rm -rf /var/tmpbackup
# echo -e "\033[35;1m /tmp and /var/tmp secured using tmpfs. \033[0m" # echo "\033[35;1m /tmp and /var/tmp secured using tmpfs. \033[0m"
# } # End function secure_tmp_tmpfs # } # End function secure_tmp_tmpfs
# check_tmp_secured # check_tmp_secured
# if [ $? = 0 ]; then # if [ $? = 0 ]; then
# secure_tmp_tmpfs # secure_tmp_tmpfs
# else # else
# echo -e "\033[35;1mFunction canceled. /tmp already secured. \033[0m" # echo "\033[35;1mFunction canceled. /tmp already secured. \033[0m"
# fi # fi
# TODO add warning message on ssh connection if system needs updates # TODO add warning message on ssh connection if system needs updates
@ -172,11 +172,11 @@ fi
echo -e '\033[35m echo '\033[35m
__ __
___ ____ ____/ / ___ ____ ____/ /
/ _ \/ __ \/ __ / / _ \/ __ \/ __ /
/ __/ / / / /_/ / / __/ / / / /_/ /
\___/_/ /_/\__,_/ \___/_/ /_/\__,_/
\033[0m' \033[0m'
echo -e "\033[35;1m* * script done * * \033[0m" echo "\033[35;1m* * script done * * \033[0m"

3
readme.md
View File

@ -4,7 +4,8 @@ Fail2ban, Ufw, Proftpd, Knockd, Nginx, Mariadb, php7.0-fpm, redis, vhosts, git b
## how to use it ## how to use it
on a fresh install on a fresh install
as root
All commands below are run as root user. Either log in as root user directly or log in as your normal user and then use the command ```su -``` to become root user on your server before you proceed. IMPORTANT: You must use ```su -``` and not just ```su```, otherwise your PATH variable is set wrong by Debian.
1 install git 1 install git
``` ```