628 lines
20 KiB
Bash
Executable File
628 lines
20 KiB
Bash
Executable File
#!/bin/sh
|
|
# bachir soussi chiadmi
|
|
#
|
|
# http://www.pontikis.net/blog/debian-9-stretch-rc3-web-server-setup-php7-mariadb
|
|
# http://web-74.com/blog/reseaux/gerer-le-deploiement-facilement-avec-git/
|
|
#
|
|
|
|
echo '\033[35m
|
|
____ __ _ _____
|
|
/ __ \___ / /_ (_)___ _____ / ___/___ ______ _____ _____
|
|
/ / / / _ \/ __ \/ / __ `/ __ \ \__ \/ _ \/ ___/ | / / _ \/ ___/
|
|
/ /_/ / __/ /_/ / / /_/ / / / / ___/ / __/ / | |/ / __/ /
|
|
/_____/\___/_.___/_/\__,_/_/ /_/ /____/\___/_/ |___/\___/_/
|
|
|
|
\033[0m'
|
|
echo "\033[35;1mThis script has been tested only on Linux Debian 9 \033[0m"
|
|
echo "Please run this script as root"
|
|
|
|
echo -n "Should we start? [Y|n] "
|
|
read yn
|
|
yn=${yn:-y}
|
|
if [ "$yn" != "y" ]; then
|
|
echo "aborting script!"
|
|
exit
|
|
fi
|
|
|
|
# get the current position
|
|
_cwd="$(pwd)"
|
|
|
|
echo '\033[35m
|
|
__ ______ __________ ___ ____ ______
|
|
/ / / / __ \/ ____/ __ \/ | / __ \/ ____/
|
|
/ / / / /_/ / / __/ /_/ / /| | / / / / __/
|
|
/ /_/ / ____/ /_/ / _, _/ ___ |/ /_/ / /___
|
|
\____/_/ \____/_/ |_/_/ |_/_____/_____/
|
|
\033[0m'
|
|
apt-get update
|
|
apt-get upgrade
|
|
|
|
echo '\033[35m
|
|
__ ____
|
|
/ |/ (_)_________
|
|
/ /|_/ / / ___/ ___/
|
|
/ / / / (__ ) /__
|
|
/_/ /_/_/____/\___/
|
|
|
|
\033[0m'
|
|
apt-get install vim
|
|
sed -i "s/^# en_GB.UTF-8/en_GB.UTF-8/g" /etc/locale.gen
|
|
locale-gen
|
|
apt-get install ntp
|
|
|
|
echo '\033[35m
|
|
______________ _______ _____ __ __
|
|
/ ____/ _/ __ \/ ____/ | / / | / / / /
|
|
/ /_ / // /_/ / __/ | | /| / / /| | / / / /
|
|
/ __/ _/ // _, _/ /___ | |/ |/ / ___ |/ /___/ /___
|
|
/_/ /___/_/ |_/_____/ |__/|__/_/ |_/_____/_____/
|
|
\033[0m'
|
|
echo "\033[35;1mInstalling ufw and setup firewall (allowing only ssh and http) \033[0m"
|
|
sleep 3
|
|
apt-get install ufw
|
|
# ufw allow ssh # knockd will open the ssh port
|
|
ufw allow http
|
|
ufw allow https
|
|
ufw enable
|
|
ufw status verbose
|
|
echo "\033[92;1mufw installed and firwall configured\033[Om"
|
|
|
|
echo '\033[35m
|
|
______ _ _____ __
|
|
/ ____/___ _(_) /__ \ / /_ ____ _____
|
|
/ /_ / __ `/ / /__/ // __ \/ __ `/ __ \
|
|
/ __/ / /_/ / / // __// /_/ / /_/ / / / /
|
|
/_/ \__,_/_/_//____/_.___/\__,_/_/ /_/
|
|
\033[0m'
|
|
echo "\033[35;1mInstalling fall2ban \033[0m"
|
|
apt-get install fail2ban
|
|
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
|
|
# ToDo ask for email and configure jail.local with it
|
|
service fail2ban restart
|
|
echo "\033[92;1mfail2ban installed and configured\033[Om"
|
|
|
|
echo '\033[35m
|
|
__ __ __
|
|
/ /______ ____ _____/ /______/ /
|
|
/ //_/ __ \/ __ \/ ___/ //_/ __ /
|
|
/ ,< / / / / /_/ / /__/ ,< / /_/ /
|
|
/_/|_/_/ /_/\____/\___/_/|_|\__,_/
|
|
\033[0m'
|
|
echo "\033[35;1mInstalling knockd \033[0m"
|
|
sleep 3
|
|
apt-get install knockd
|
|
echo -n "define a sequence number for opening (as 7000,8000,9000) : "
|
|
read sq1
|
|
echo -n "define a sequence number for closing (as 9000,8000,7000) : "
|
|
read sq2
|
|
sed -i "s/7000,8000,9000/$sq1/g" /etc/knockd.conf
|
|
sed -i "s/9000,8000,7000/$sq2/g" /etc/knockd.conf
|
|
sed -i 's/START_KNOCKD=0/START_KNOCKD=1/g' /etc/default/knockd
|
|
service knockd start
|
|
echo "\033[92;1mknockd installed and configured\033[Om"
|
|
echo "\033[92;1mplease note these sequences for future knocking\033[Om"
|
|
echo "opening : $sq1 ; closing : $sq2"
|
|
|
|
echo '\033[35m
|
|
__ _______ __________
|
|
/ / / / ___// ____/ __ \
|
|
/ / / /\__ \/ __/ / /_/ /
|
|
/ /_/ /___/ / /___/ _, _/
|
|
\____//____/_____/_/ |_|
|
|
\033[0m'
|
|
echo "\033[35;1mCreate new user (you will be asked a user name and a password) \033[0m"
|
|
sleep 3
|
|
echo -n "Enter user name: "
|
|
read user
|
|
# read -p "Continue? (Y/N): " confirm && [[ $confirm == [yY] || $confirm == [yY][eE][sS] ]] || exit 1
|
|
adduser "$user"
|
|
echo "adding $user to admin group and limiting su to the admin group"
|
|
groupadd admin
|
|
usermod -a -G admin "$user"
|
|
# allow admin group to su
|
|
dpkg-statoverride --update --add root admin 4750 /bin/su
|
|
echo "\033[92;1muser $user configured\033[Om"
|
|
|
|
|
|
echo '\033[35m
|
|
__ ______ ______
|
|
/ |/ / | / _/ /
|
|
/ /|_/ / /| | / // /
|
|
/ / / / ___ |_/ // /___
|
|
/_/ /_/_/ |_/___/_____/
|
|
\033[0m'
|
|
echo "\033[35;1mEnable mail sending for php \033[0m"
|
|
# http://www.sycha.com/lamp-setup-debian-linux-apache-mysql-php#anchor13
|
|
sleep 3
|
|
apt-get install exim4
|
|
echo "\033[35;1mConfiguring EXIM4 \033[0m"
|
|
while [ "$configexim" != "y" ] && [ "$configexim" != "n" ]
|
|
do
|
|
echo -n "Should we configure exim4 ? [y|n] "
|
|
read configexim
|
|
done
|
|
if [ "$configexim" = "y" ]; then
|
|
echo "choose the first option :internet site; mail is sent and received directly using SMTP. Leave the other options as default exepted for domain name which should be valid domain name if you want your mails to not be considered as spam"
|
|
echo "press any key to continue."
|
|
read continu
|
|
dpkg-reconfigure exim4-config
|
|
else
|
|
echo 'exim not configured'
|
|
fi
|
|
service exim4 restart
|
|
|
|
# dkim spf
|
|
# https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4
|
|
echo "\033[35;1mConfiguring DKIM \033[0m"
|
|
while [ "$installdkim" != "y" ] && [ "$installdkim" != "n" ]
|
|
do
|
|
echo -n "Should we install dkim for exim4 ? [y|n] "
|
|
read installdkim
|
|
done
|
|
if [ "$installdkim" = "y" ]; then
|
|
echo -n "Choose a domain for dkim (same domain as you chose before for exim4): "
|
|
read domain
|
|
selector=$(date +%Y%m%d)
|
|
|
|
mkdir /etc/exim4/dkim
|
|
openssl genrsa -out /etc/exim4/dkim/"$domain"-private.pem 1024 -outform PEM
|
|
openssl rsa -in /etc/exim4/dkim/"$domain"-private.pem -out /etc/exim4/dkim/"$domain".pem -pubout -outform PEM
|
|
chown root:Debian-exim /etc/exim4/dkim/"$domain"-private.pem
|
|
chmod 440 /etc/exim4/dkim/"$domain"-private.pem
|
|
|
|
cp "$_cwd"/assets/exima4_dkim.conf /etc/exim4/conf.d/main/00_local_macros
|
|
sed -ir "s/DOMAIN_TO_CHANGE/$domain/g" /etc/exim4/conf.d/main/00_local_macros
|
|
sed -ir "s/DATE_TO_CHANGE/$selector/g" /etc/exim4/conf.d/main/00_local_macros
|
|
|
|
update-exim4.conf
|
|
service exim4 restart
|
|
echo "please create a TXT entry in your dns zone : $selector._domainkey.$domain \n"
|
|
echo "your public key is : \n"
|
|
cat /etc/exim4/dkim/"$domain".pem
|
|
echo "press any key to continue."
|
|
read continu
|
|
else
|
|
echo 'dkim not installed'
|
|
fi
|
|
|
|
|
|
|
|
echo '\033[35m
|
|
__________ __ __
|
|
/ ___/ ___// / / /
|
|
\__ \\__ \/ /_/ /
|
|
___/ /__/ / __ /
|
|
/____/____/_/ /_/
|
|
\033[0m'
|
|
while [ "$securssh" != "y" ] && [ "$securssh" != "n" ]
|
|
do
|
|
echo -n "Securing ssh (disabling root login)? [y|n] "
|
|
read securssh
|
|
# securssh=${securssh:-y}
|
|
done
|
|
|
|
if [ "$securssh" = "y" ]; then
|
|
sed -i 's/PermitRootLogin\ yes/PermitRootLogin no/g' /etc/ssh/sshd_config
|
|
sed -i 's/PermitEmptyPasswords\ yes/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
|
|
sed -i 's/Protocol\ [0-9]/Protocol 2/g' /etc/ssh/sshd_config
|
|
service ssh reload
|
|
echo "\033[92;1mSSH secured\033[Om"
|
|
else
|
|
echo 'root user can still conect through ssh'
|
|
fi
|
|
|
|
echo '\033[35m
|
|
______ _______ _____
|
|
| ____|__ __| __ \
|
|
| |__ | | | |__) |
|
|
| __| | | | ___/
|
|
| | | | | |
|
|
|_| |_| |_|
|
|
\033[0m'
|
|
|
|
echo -n "Should we install ftp server? [Y|n] "
|
|
read yn
|
|
yn=${yn:-y}
|
|
if [ "$yn" = "y" ]; then
|
|
echo "installing proftpd"
|
|
apt-get install proftpd
|
|
while [ "$_server_name" = "" ]
|
|
do
|
|
read -p "enter a server name ? " _server_name
|
|
if [ "$_server_name" != "" ]; then
|
|
read -p "is server name $_server_name correcte [y|n] " validated
|
|
if [ "$validated" = "y" ]; then
|
|
break
|
|
else
|
|
_server_name=""
|
|
fi
|
|
fi
|
|
done
|
|
|
|
echo "Configuring proftpd"
|
|
cp "$_cwd"/assets/proftpd.conf /etc/proftpd/conf.d/"$_server_name".conf
|
|
sed -ir "s/example/$_server_name/g" /etc/proftpd/conf.d/"$_server_name".conf
|
|
|
|
ufw allow ftp
|
|
|
|
addgroup ftpuser
|
|
echo "ftp installtion done"
|
|
echo "to permit to a user to connect through ftp, add him to the ftpuser group by running : usermod -a -G admin USERNAME"
|
|
echo "FTP users are jailed on their home by default"
|
|
|
|
fi
|
|
|
|
# TODO : allow ssh/ftp connection only from given ips
|
|
|
|
echo "\033[35;1mInstalling AMP web server \033[0m"
|
|
|
|
echo '\033[35m
|
|
__ ___ __
|
|
/ |/ /_ ___________ _/ /
|
|
/ /|_/ / / / / ___/ __ `/ /
|
|
/ / / / /_/ (__ ) /_/ / /
|
|
/_/ /_/\__, /____/\__, /_/
|
|
/____/ /_/
|
|
\033[0m'
|
|
echo "\033[35;1minstalling Mysql \033[0m"
|
|
sleep 3
|
|
apt-get install mariadb-server
|
|
mysql_secure_installation
|
|
systemctl restart mariadb.service
|
|
echo "\033[92;1mmysql installed\033[Om"
|
|
|
|
|
|
echo '\033[35m
|
|
___ __ ___
|
|
/ | ____ ____ ______/ /_ ___ |__ \
|
|
/ /| | / __ \/ __ `/ ___/ __ \/ _ \__/ /
|
|
/ ___ |/ /_/ / /_/ / /__/ / / / __/ __/
|
|
/_/ |_/ .___/\__,_/\___/_/ /_/\___/____/
|
|
/_/
|
|
\033[0m'
|
|
echo "\033[35;1mInstalling Apache2 \033[0m"
|
|
sleep 3
|
|
apt-get install apache2
|
|
a2enmod rewrite
|
|
# cp /etc/apache2/apache2.conf /etc/apache2/apache2.conf.back
|
|
# cat "$_cwd"/assets/apache2.conf > /etc/apache2/apache2.conf
|
|
# Change logrotate for Apache2 log files to keep 10 days worth of logs
|
|
sed -i 's/\tweekly/\tdaily/' /etc/logrotate.d/apache2
|
|
sed -i 's/\trotate .*/\trotate 10/' /etc/logrotate.d/apache2
|
|
# Remove Apache server information from headers.
|
|
sed -i 's/ServerTokens .*/ServerTokens Prod/' /etc/apache2/conf-enabled/security.conf
|
|
sed -i 's/ServerSignature .*/ServerSignature Off/' /etc/apache2/conf-enabled/security.conf
|
|
service apache2 restart
|
|
echo "\033[92;1mApache2 installed\033[Om"
|
|
|
|
|
|
echo '\033[35m
|
|
____ __ ______
|
|
/ __ \/ / / / __ \
|
|
/ /_/ / /_/ / /_/ /
|
|
/ ____/ __ / ____/
|
|
/_/ /_/ /_/_/
|
|
\033[0m'
|
|
echo "\033[35;1mInstalling PHP \033[0m"
|
|
sleep 3
|
|
apt-get install php7.0 php-pear php7-gd
|
|
echo "Configuring PHP"
|
|
cp "$_cwd"/assets/99-lamp-php.ini /etc/php/7.0/apache2/conf.d/
|
|
# conffile=/etc/php/7.0/apache2/conf.d/99-lamp-php.ini
|
|
# cp /etc/php/7.0/apache2/php.ini $conffile
|
|
# sed -i "s/max_execution_time\ =\ [0-9]\+/max_execution_time = 60/g" $conffile
|
|
# sed -i "s/max_input_time\ =\ [0-9]\+/max_input_time = 60/g" $conffile
|
|
# sed -i "s/memory_limit\ =\ [0-9]\+M/memory_limit = 512M/g" $conffile
|
|
# sed -i "s/;\?error_reporting\ =\ [^\n]\+/error_reporting = E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR/g" $conffile
|
|
# sed -i "s/;\?display_errors\ =\ On/display_errors = Off/g" $conffile
|
|
# sed -i "s/;\?log_errors\ =\ Off/log_errors = On/g" $conffile
|
|
# echo "register_globals = Off" >> $conffile
|
|
# following command doesn't work, make teh change manualy
|
|
#sed -ri ":a;$!{N;ba};s/;\?\ \?error_log\ =\ [^\n]\+([^\n]*\n(\n|$))/error_log = \/var\/log\/php\/error.log\1/g" /etc/php5/apache2/php.ini
|
|
|
|
mkdir /var/log/php
|
|
chown www-data /var/log/php
|
|
cp "$_cwd"/assets/logrotate-php /etc/logrotate.d/php
|
|
|
|
apt-get install php7.0-mysql php7.0-curl php7.0-mbstring php7.0-zip php7.0-xml php7.0-gd php7.0-mcrypt php-memcached
|
|
|
|
apt-get install memcached
|
|
sed -i "s/-m\s64/-m 128/g" /etc/memcached.conf
|
|
|
|
systemctl start memcached
|
|
|
|
echo "\033[92;1mphp installed\033[Om"
|
|
|
|
echo '\033[35m
|
|
__ __ ___ ___ __ _
|
|
____ / /_ ____ / |/ /_ __/ | ____/ /___ ___ (_)___
|
|
/ __ \/ __ \/ __ \/ /|_/ / / / / /| |/ __ / __ `__ \/ / __ \
|
|
/ /_/ / / / / /_/ / / / / /_/ / ___ / /_/ / / / / / / / / / /
|
|
/ .___/_/ /_/ .___/_/ /_/\__, /_/ |_\__,_/_/ /_/ /_/_/_/ /_/
|
|
/_/ /_/ /____/
|
|
\033[0m'
|
|
echo "\033[35;1mInstalling phpMyAdmin \033[0m"
|
|
apt-get install phpmyadmin
|
|
# echo "include /etc/phpmyadmin/apache.conf" >> /etc/apache2/apache2.conf
|
|
ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-available/phpmyadmin.conf
|
|
a2enconf phpmyadmin.conf
|
|
echo "\033[35;1msecuring phpMyAdmin \033[0m"
|
|
# sed -i "s/DirectoryIndex index.php/DirectoryIndex index.php\nAllowOverride all/"
|
|
cp "$_cwd"/assets/phpmyadmin_htaccess > /usr/share/phpmyadmin/.htaccess
|
|
echo -n "define a user name for phpmyadmin : "
|
|
read un
|
|
htpasswd -c /etc/phpmyadmin/.htpasswd $un
|
|
service apache2 restart
|
|
echo "\033[92;1mphpMyAdmin installed\033[Om"
|
|
echo "\033[92;1mYou can access it at yourip/phpmyadmin\033[Om"
|
|
|
|
echo '\033[35m
|
|
__ __
|
|
_ __/ /_ ____ _____/ /_
|
|
| | / / __ \/ __ \/ ___/ __/
|
|
| |/ / / / / /_/ (__ ) /_
|
|
|___/_/ /_/\____/____/\__/
|
|
\033[0m'
|
|
echo "\033[35;1mVHOST install \033[0m"
|
|
while [ "$vh" != "y" ] && [ "$vh" != "n" ]
|
|
do
|
|
echo -n "Should we install a vhost? [y|n] "
|
|
read vh
|
|
# vh=${vh:-y}
|
|
done
|
|
if [ "$vh" = "y" ]; then
|
|
|
|
while [ "$_host_name" = "" ]
|
|
do
|
|
read -p "enter a hostname ? " _host_name
|
|
if [ "$_host_name" != "" ]; then
|
|
read -p "is hostname $_host_name correcte [y|n] " validated
|
|
if [ "$validated" = "y" ]; then
|
|
break
|
|
else
|
|
_host_name=""
|
|
fi
|
|
fi
|
|
done
|
|
|
|
cp "$_cwd"/assets/example.org.conf /etc/apache2/sites-available/"$_host_name".conf
|
|
sed -ir "s/example\.org/$_host_name/g" /etc/apache2/sites-available/"$_host_name".conf
|
|
|
|
mkdir -p /srv/www/"$_host_name"/public_html
|
|
mkdir /srv/www/"$_host_name"/logs
|
|
#set proper right to user will handle the app
|
|
chown -R root:admin /srv/www/"$_host_name"/
|
|
chmod -R g+w /srv/www/"$_host_name"/
|
|
chmod -R g+r /srv/www/"$_host_name"/
|
|
|
|
# create a shortcut to the site
|
|
mkdir /home/"$user"/www/
|
|
chown "$user":admin /home/"$user"/www/
|
|
ln -s /srv/www/"$_host_name" /home/"$user"/www/"$_host_name"
|
|
|
|
#activate the vhost
|
|
a2ensite "$_host_name".conf
|
|
|
|
#restart apache
|
|
service apache2 restart
|
|
echo "\033[92;1mvhost $_host_name configured\033[Om"
|
|
else
|
|
echo "Vhost installation aborted"
|
|
fi
|
|
|
|
|
|
# TODO supervising
|
|
# echo '\033[35m
|
|
# __ ___ _ __ __ __ ___ _
|
|
# / |/ /__ ___ (_) /_ _/_/ / |/ /_ _____ (_)__
|
|
# / /|_/ / _ \/ _ \/ / __/ _/_/ / /|_/ / // / _ \/ / _ \
|
|
# /_/ /_/\___/_//_/_/\__/ /_/ /_/ /_/\_,_/_//_/_/_//_/
|
|
# \033[0m'
|
|
# echo "\033[35;1mInstalling Munin \033[0m"
|
|
# sleep 3
|
|
# # https://www.howtoforge.com/tutorial/server-monitoring-with-munin-and-monit-on-debian/
|
|
# apt-get install munin munin-node munin-plugins-extra
|
|
# # Configure Munin
|
|
# # enable plugins
|
|
# ln -s /usr/share/munin/plugins/mysql_ /etc/munin/plugins/mysql_
|
|
# ln -s /usr/share/munin/plugins/mysql_bytes /etc/munin/plugins/mysql_bytes
|
|
# ln -s /usr/share/munin/plugins/mysql_innodb /etc/munin/plugins/mysql_innodb
|
|
# ln -s /usr/share/munin/plugins/mysql_isam_space_ /etc/munin/plugins/mysql_isam_space_
|
|
# ln -s /usr/share/munin/plugins/mysql_queries /etc/munin/plugins/mysql_queries
|
|
# ln -s /usr/share/munin/plugins/mysql_slowqueries /etc/munin/plugins/mysql_slowqueries
|
|
# ln -s /usr/share/munin/plugins/mysql_threads /etc/munin/plugins/mysql_threads
|
|
#
|
|
# ln -s /usr/share/munin/plugins/apache_accesses /etc/munin/plugins/
|
|
# ln -s /usr/share/munin/plugins/apache_processes /etc/munin/plugins/
|
|
# ln -s /usr/share/munin/plugins/apache_volume /etc/munin/plugins/
|
|
#
|
|
# # ln -s /usr/share/munin/plugins/fail2ban /etc/munin/plugins/
|
|
#
|
|
# # dbdir, htmldir, logdir, rundir, and tmpldir
|
|
# sed -i 's/^#dbdir/dbdir/' /etc/munin/munin.conf
|
|
# sed -i 's/^#htmldir/htmldir/' /etc/munin/munin.conf
|
|
# sed -i 's/^#logdir/logdir/' /etc/munin/munin.conf
|
|
# sed -i 's/^#rundir/rundir/' /etc/munin/munin.conf
|
|
# sed -i 's/^#tmpldir/tmpldir/' /etc/munin/munin.conf
|
|
#
|
|
# sed -i "s/^\[localhost.localdomain\]/[${HOSTNAME}]/" /etc/munin/munin.conf
|
|
#
|
|
# # ln -s /etc/munin/apache24.conf /etc/apache2/conf-enabled/munin.conf
|
|
# sed -i 's/Require local/Require all granted\nOptions FollowSymLinks SymLinksIfOwnerMatch/g' /etc/munin/apache24.conf
|
|
# htpasswd -c /etc/munin/munin-htpasswd admin
|
|
# sed -i 's/Require all granted/AuthUserFile \/etc\/munin\/munin-htpasswd\nAuthName "Munin"\nAuthType Basic\nRequire valid-user/g' /etc/munin/apache24.conf
|
|
#
|
|
#
|
|
# service apache2 restart
|
|
# service munin-node restart
|
|
# echo "\033[92;1mMunin installed\033[Om"
|
|
#
|
|
# echo "\033[35;1mInstalling Monit \033[0m"
|
|
# sleep 3
|
|
# # https://www.howtoforge.com/tutorial/server-monitoring-with-munin-and-monit-on-debian/2/
|
|
# apt-get install monit
|
|
# # TODO setup monit rc
|
|
# cat "$_cwd"/assets/monitrc > /etc/monit/monitrc
|
|
#
|
|
# # TODO setup webaccess
|
|
# passok=0
|
|
# while [ "$passok" = "0" ]
|
|
# do
|
|
# echo -n "Write web access password to monit"
|
|
# read passwda
|
|
# echo -n "ReWrite web access password to monit"
|
|
# read passwdb
|
|
# if [ "$passwda" = "$passwdb" ]; then
|
|
# sed -i 's/PASSWD_TO_REPLACE/$passwda/g' /etc/monit/monitrc
|
|
# passok=1
|
|
# else
|
|
# echo "pass words don't match, please try again"
|
|
# fi
|
|
# done
|
|
#
|
|
# # TODO setup mail settings
|
|
# sed -i "s/server1\.example\.com/$HOSTNAME/g" /etc/monit/monitrc
|
|
#
|
|
# mkdir /var/www/html/monit
|
|
# echo "hello" > /var/www/html/monit/token
|
|
#
|
|
# service monit start
|
|
#
|
|
# echo "\033[92;1mMonit installed\033[Om"
|
|
|
|
|
|
# echo '\033[35m
|
|
# ___ __ __
|
|
# / |_ _______/ /_____ _/ /_
|
|
# / /| | | /| / / ___/ __/ __ `/ __/
|
|
# / ___ | |/ |/ (__ ) /_/ /_/ / /_
|
|
# /_/ |_|__/|__/____/\__/\__,_/\__/
|
|
# \033[0m'
|
|
# echo "\033[35;1mInstalling Awstat \033[0m"
|
|
# sleep 3
|
|
# apt-get install awstats
|
|
# # Configure AWStats
|
|
# temp=`grep -i sitedomain /etc/awstats/awstats.conf.local | wc -l`
|
|
# if [ $temp -lt 1 ]; then
|
|
# echo SiteDomain="$_host_name" >> /etc/awstats/awstats.conf.local
|
|
# fi
|
|
# # Disable Awstats from executing every 10 minutes. Put a hash in front of any line.
|
|
# sed -i 's/^[^#]/#&/' /etc/cron.d/awstats
|
|
# echo "\033[92;1mAwstat installed\033[Om"
|
|
|
|
|
|
# echo '\033[35m
|
|
# ______________ _______
|
|
# /_ __/ ____/ |/ / __ \
|
|
# / / / __/ / /|_/ / /_/ /
|
|
# / / / /___/ / / / ____/
|
|
# /_/ /_____/_/ /_/_/
|
|
# \033[0m'
|
|
# function check_tmp_secured {
|
|
|
|
# temp1=`grep -w "/var/tempFS /tmp ext3 loop,nosuid,noexec,rw 0 0" /etc/fstab | wc -l`
|
|
# temp2=`grep -w "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" /etc/fstab | wc -l`
|
|
|
|
# if [ $temp1 -gt 0 ] || [ $temp2 -gt 0 ]; then
|
|
# return 1
|
|
# else
|
|
# return 0
|
|
# fi
|
|
# } # End function check_tmp_secured
|
|
|
|
# function secure_tmp_tmpfs {
|
|
|
|
# cp /etc/fstab /etc/fstab.bak
|
|
# # Backup /tmp
|
|
# cp -Rpf /tmp /tmpbackup
|
|
|
|
# rm -rf /tmp
|
|
# mkdir /tmp
|
|
|
|
# mount -t tmpfs -o rw,noexec,nosuid tmpfs /tmp
|
|
# chmod 1777 /tmp
|
|
# echo "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" >> /etc/fstab
|
|
|
|
# # Restore /tmp
|
|
# cp -Rpf /tmpbackup/* /tmp/ >/dev/null 2>&1
|
|
|
|
# #Remove old tmp dir
|
|
# rm -rf /tmpbackup
|
|
|
|
# # Backup /var/tmp and link it to /tmp
|
|
# mv /var/tmp /var/tmpbackup
|
|
# ln -s /tmp /var/tmp
|
|
|
|
# # Copy the old data back
|
|
# cp -Rpf /var/tmpold/* /tmp/ >/dev/null 2>&1
|
|
# # Remove old tmp dir
|
|
# rm -rf /var/tmpbackup
|
|
|
|
# echo -e "\033[35;1m /tmp and /var/tmp secured using tmpfs. \033[0m"
|
|
# } # End function secure_tmp_tmpfs
|
|
|
|
# check_tmp_secured
|
|
# if [ $? = 0 ]; then
|
|
# secure_tmp_tmpfs
|
|
# else
|
|
# echo -e "\033[35;1mFunction canceled. /tmp already secured. \033[0m"
|
|
# fi
|
|
|
|
echo '\033[35m
|
|
____ __ _______ __
|
|
/ __ \____ / /_ / ____(_) /__ _____
|
|
/ / / / __ \/ __/ / /_ / / / _ \/ ___/
|
|
/ /_/ / /_/ / /_ / __/ / / / __(__ )
|
|
/_____/\____/\__/ /_/ /_/_/\___/____/
|
|
\033[0m'
|
|
#installing better prompt and some goodies for root
|
|
echo "\033[35;1mInstalling shell prompt for root \033[0m"
|
|
sleep 3
|
|
echo "cloning github.com/bachy/dotfiles-server"
|
|
git clone git://github.com/bachy/dotfiles-server.git ~/.dotfiles-server && cd ~/.dotfiles-server && ./install.sh && cd ~
|
|
source ~/.bashrc
|
|
echo "\033[92;1mDot files installed for root, you should installed them manually for $USER\033[0m"
|
|
|
|
# TODO add warning message on ssh connection if system needs updates
|
|
|
|
# TODO install and configure tmux
|
|
|
|
|
|
echo '\033[35m
|
|
___ __ __ __ __ __
|
|
/ | __ __/ /_____ / / / /___ ____/ /___ _/ /____
|
|
/ /| |/ / / / __/ __ \ / / / / __ \/ __ / __ `/ __/ _ \
|
|
/ ___ / /_/ / /_/ /_/ / / /_/ / /_/ / /_/ / /_/ / /_/ __/
|
|
/_/ |_\__,_/\__/\____/ \____/ .___/\__,_/\__,_/\__/\___/
|
|
/_/
|
|
\033[0m'
|
|
# https://www.howtoforge.com/how-to-configure-automatic-updates-on-debian-wheezy
|
|
# https://www.bisolweb.com/tutoriels/serveur-vps-ovh-partie-5-installation-apticron/
|
|
|
|
echo "\033[35;1mInstalling apticron \033[0m"
|
|
apt-get install apticron
|
|
|
|
sleep 3
|
|
echo -n "Enter an email: "
|
|
read email
|
|
|
|
sed -ir "s/EMAIL=\"root\"/EMAIL=\"$email\"/g" /etc/apticron/apticron.conf
|
|
# sed -ir "s/# DIFF_ONLY=\"1\"/DIFF_ONLY=\"1\"/g" /etc/apticron/apticron.conf
|
|
sed -ir "s/# NOTIFY_NEW=\"0\"/NOTIFY_NEW=\"0\"/g" /etc/apticron/apticron.conf
|
|
|
|
|
|
|
|
|
|
echo "\033[92;1mApticron installed and configured\033[0m"
|
|
|
|
|
|
|
|
echo '\033[35m
|
|
__
|
|
___ ____ ____/ /
|
|
/ _ \/ __ \/ __ /
|
|
/ __/ / / / /_/ /
|
|
\___/_/ /_/\__,_/
|
|
\033[0m'
|
|
echo "\033[35;1m* * script done * * \033[0m"
|