added proftpd install and config

2015-10-20 16:01:21 +02:00 · 2015-10-20 16:01:21 +02:00 · ea975a2b6a
commit ea975a2b6a
parent 958d625cee
3 changed files with 74 additions and 35 deletions
--- a/assets/proftpd.conf
+++ b/assets/proftpd.conf
@ -0,0 +1,11 @@
+ServerName      "exemple"
+
+<Global>
+    RequireValidShell off
+</Global>
+
+DefaultRoot ~ ftpuser
+
+<Limit LOGIN>
+    DenyGroup !ftpuser
+</Limit>
--- a/install-debian-server.sh
+++ b/install-debian-server.sh
@ -59,8 +59,7 @@ echo '\033[35m
 echo "\033[35;1mInstalling harden \033[0m"
 sleep 3
 apt-get install harden
-echo "Harden instaled"
-echo "\033[92;1m* * *\033[Om"
+echo "\033[92;1mHarden instaled\033[Om"

 echo '\033[35m
    ______________  _______       _____    __    __
@ -76,8 +75,7 @@ ufw allow ssh
 ufw allow http
 ufw enable
 ufw status verbose
-echo "ufw installed and firwall configured"
-echo "\033[92;1m* * *\033[Om"
+echo "\033[92;1mufw installed and firwall configured\033[Om"

 echo '\033[35m
    ______      _ _____   __
@ -89,8 +87,7 @@ echo '\033[35m
 echo "\033[35;1mInstalling fall2ban \033[0m"
 apt-get install fail2ban
 cat "$_cwd"/assets/fail2ban.jail.conf > /etc/fail2ban/jail.conf
-echo "fail2ban installed and configured"
-echo "\033[92;1m* * *\033[Om"
+echo "\033[92;1mfail2ban installed and configured\033[Om"

 echo '\033[35m
    __                    __       __
@ -109,10 +106,9 @@ read sq2
 sed -i "s/7000,8000,9000/$sq1/g" /etc/knockd.conf
 sed -i "s/9000,8000,7000/$sq2/g" /etc/knockd.conf
 sed -i 's/START_KNOCKD=0/START_KNOCKD=1/g' /etc/default/knockd
-echo "knockd installed and configured"
+echo "\033[92;1mknockd installed and configured\033[Om"
 echo "\033[92;1mplease note these sequences for future knocking\033[Om"
 echo "opening : $sq1 ; closing : $sq2"
-echo "\033[92;1m* * *\033[Om"

 echo '\033[35m
   __  _______ __________
@ -131,8 +127,7 @@ echo "adding $user to admin group and limiting su to the admin group"
 groupadd admin
 usermod -a -G admin "$user"
 dpkg-statoverride --update --add root admin 4750 /bin/su
-echo "user $user configured"
-echo "\033[92;1m* * *\033[Om"
+echo "\033[92;1muser $user configured\033[Om"

 echo '\033[35m
   __________ __  __
@ -153,15 +148,54 @@ if [ "$securssh" = "y" ]; then
  sed -i 's/PermitEmptyPasswords\ yes/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
  sed -i 's/Protocol\ [0-9]/Protocol 2/g' /etc/ssh/sshd_config
  service ssh reload
-  echo "SSH secured"
+  echo "\033[92;1mSSH secured\033[Om"
 else
  echo 'root user can still conect through ssh'
 fi
-echo "\033[92;1m* * *\033[Om"
+
+echo '\033[35m
+  ______ _______ _____
+ |  ____|__   __|  __ \
+ | |__     | |  | |__) |
+ |  __|    | |  |  ___/
+ | |       | |  | |
+ |_|       |_|  |_|
+\033[0m'
+
+echo -n "Should we install ftp server? [Y|n] "
+read yn
+yn=${yn:-y}
+if [ "$yn" != "y" ]; then
+  echo "installing proftpd"
+  apt-get install proftpd
+  while [ "$_server_name" = "" ]
+  do
+  read -p "enter a server name ? " _server_name
+  if [ "$_server_name" != "" ]; then
+    read -p "is server name $_server_name correcte [y|n] " validated
+    if [ "$validated" = "y" ]; then
+      break
+    else
+      _server_name=""
+    fi
+  fi
+  done
+
+  echo "Configuring proftpd"
+  cp "$_cwd"/assets/proftpd.conf /etc/proftpd/conf.d/"$_server_name".conf
+  sed -ir "s/example/$_server_name/g" /etc/proftpd/conf.d/"$_server_name".conf
+
+  ufw allow ftp
+  
+  addgroup ftpuser
+  echo "ftp installtion done"
+  echo "to permit to a user to connect through ftp, add him to the ftpuser group"
+  echo "FTP users are jailed on their home by default"
+
+fi

 # TODO : allow ssh/ftp connection only from given ips

-
 echo "\033[35;1mInstalling AMP web server \033[0m"

 echo '\033[35m
@ -184,8 +218,7 @@ sed -i 's/\trotate .*/\trotate 10/' /etc/logrotate.d/apache2
 sed -i 's/ServerTokens .*/ServerTokens Prod/' /etc/apache2/conf.d/security
 sed -i 's/ServerSignature .*/ServerSignature Off/' /etc/apache2/conf.d/security
 service apache2 restart
-echo "Apache2 installed"
-echo "\033[92;1m* * *\033[Om"
+echo "\033[92;1mApache2 installed\033[Om"

 echo '\033[35m
    __  ___                 __
@ -199,8 +232,7 @@ echo "\033[35;1minstalling Mysql \033[0m"
 sleep 3
 apt-get install mysql-server
 mysql_secure_installation
-echo "mysql installed"
-echo "\033[92;1m* * *\033[Om"
+echo "\033[92;1mmysql installed\033[Om"

 echo '\033[35m
    ____  __  ______
@ -228,8 +260,7 @@ mkdir /var/log/php
 chown www-data /var/log/php

 apt-get install php5-mysql
-echo "php installed"
-echo "\033[92;1m* * *\033[Om"
+echo "\033[92;1mphp installed\033[Om"

 echo '\033[35m
           __          __  ___      ___       __          _
@ -241,8 +272,8 @@ echo '\033[35m
 \033[0m'
 echo "\033[35;1mInstalling phpMyAdmin \033[0m"
 apt-get install phpmyadmin
-echo "phpMyAdmin installed"
-echo "\033[92;1m* * *\033[Om"
+echo "include /etc/phpmyadmin/apache.conf" >> /etc/apache2/apache2.conf
+echo "\033[92;1mphpMyAdmin installed\033[Om"

 echo '\033[35m
        __               __
@ -293,11 +324,10 @@ if [ "$vh" = "y" ]; then

  #restart apache
  service apache2 restart
-  echo "vhost $_host_name configured"
+  echo "\033[92;1mvhost $_host_name configured\033[Om"
 else
  echo "Vhost installation aborted"
 fi
-echo "\033[92;1m* * *\033[Om"

 echo '\033[35m
    ___                __        __
@ -316,8 +346,7 @@ if [ $temp -lt 1 ]; then
 fi
 # Disable Awstats from executing every 10 minutes. Put a hash in front of any line.
 sed -i 's/^[^#]/#&/' /etc/cron.d/awstats
-echo "Awstat installed"
-echo "\033[92;1m* * *\033[Om"
+echo "\033[92;1mAwstat installed\033[Om"


 # echo '\033[35m
@ -390,8 +419,8 @@ sleep 3
 echo "cloning github.com/bachy/dotfiles-server"
 git clone git://github.com/bachy/dotfiles-server.git ~/.dotfiles-server && cd ~/.dotfiles-server && ./install.sh && cd ~
 source ~/.bashrc
-echo "done"
-echo "\033[92;1m* * *\033[Om"
+echo "\033[92;1mDot files installed for root, you should installed them manually for $USER\033[0m"
+

 echo '\033[35m
                  __
@ -400,4 +429,4 @@ echo '\033[35m
 /  __/ / / / /_/ /
 \___/_/ /_/\__,_/
 \033[0m'
-echo "\033[35;1m* * script done * *\033[0m"
+echo "\033[35;1m* * script done * * \033[0m"
--- a/readme.md
+++ b/readme.md
@ -4,7 +4,7 @@
 on a fresh install
 1 install git
 ```
-sudo apt-get git
+sudo apt-get install git
 ```

 2 clone the repo
@ -23,9 +23,8 @@ chmod a+x install-debian-server.sh


 ## ref
-http://www.debian.org/doc/manuals/securing-debian-howto/   
-https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics   
-https://www.linode.com/docs/websites/lamp/lamp-server-on-debian-7-wheezy   
-https://www.evernote.com/Home.action#n=28425519-ee9f-4efc-a13b-5426f4b31a78&ses=1&sh=5&sds=5&x=git%2520deploy&    
-https://github.com/Mins/TuxLite    
-
+http://www.debian.org/doc/manuals/securing-debian-howto/
+https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics
+https://www.linode.com/docs/websites/lamp/lamp-server-on-debian-7-wheezy
+https://www.evernote.com/Home.action#n=28425519-ee9f-4efc-a13b-5426f4b31a78&ses=1&sh=5&sds=5&x=git%2520deploy&
+https://github.com/Mins/TuxLite