Debian Stretch ISPconfig adjustements + RFC. Need more testing ...

1c6edd5a · Igor Pecovnik · 65029b80 · 1c6edd5a · 1c6edd5a
Commit 1c6edd5a authored Jan 03, 2018 by Igor Pecovnik
--- a/README.md
+++ b/README.md
@@ -56,7 +56,7 @@ Login as root and type:
 **Running this utility on 3rd party Debian based distributions**
 	# Install dependencies
-	apt install git bc expect rcconf dialog network-manager sunxi-tools iptables debconf-utils unzip build-essential html2text apt-transport-https html2text dirmngr
+	apt install git bc expect rcconf dialog network-manager sunxi-tools iptables resolvconf debconf-utils unzip build-essential html2text apt-transport-https html2text dirmngr software-properties-common
 	git clone https://github.com/armbian/config
 	cd config

--- a/softy
+++ b/softy
@@ -127,6 +127,7 @@ i=0
 j=1
 IFS=" "
 declare -a PACKETS=($1)
+#skupaj=$(apt-get -s -y -qq install $1 | wc -l)
 skupaj=${#PACKETS[@]}
 while [[ $i -lt $skupaj ]]; do
 procent=$(echo "scale=2;($j/$skupaj)*100"|bc)
@@ -221,6 +222,7 @@ cat > ${TEMP_DIR}/isp.conf.php <<EOF
 \$autoinstall['ssl_cert_organisation'] = 'Internet Widgits Pty Ltd';
 \$autoinstall['ssl_cert_organisation_unit'] = 'IT department';
 \$autoinstall['ssl_cert_common_name'] = \$autoinstall['hostname'];
+\$autoinstall['ssl_cert_email'] = 'joe@lamer.com';
 ?>
 EOF
 }
@@ -737,7 +739,7 @@ install_MySQL (){
 #------------------------------------------------------------------------------------------------------------------------------------------
 # Maria SQL
 #------------------------------------------------------------------------------------------------------------------------------------------
-install_packet "mariadb-client mariadb-server" "Install Mysql client / server"
+install_packet "mariadb-client mariadb-server" "SQL client and server"
 #Allow MySQL to listen on all interfaces
 cp /etc/mysql/my.cnf /etc/mysql/my.cnf.backup
 sed -i 's|bind-address           = 127.0.0.1|#bind-address           = 127.0.0.1|' /etc/mysql/my.cnf
@@ -766,18 +768,23 @@ expect eof
 # Execution mysql_secure_installation
 #
 echo "${SECURE_MYSQL}" >> /dev/null
+# ISP config exception
+cat > /etc/mysql/mariadb.conf.d/99-ispconfig.cnf<<"EOF"
+[mysqld]
+sql-mode="NO_ENGINE_SUBSTITUTION"
+EOF
 service mysql restart >> /dev/null
 }
 install_MySQLDovecot (){
 #------------------------------------------------------------------------------------------------------------------------------------------
-# Install Postfix, Dovecot, Saslauthd, phpMyAdmin, rkhunter, binutils
+# Install Postfix, Dovecot, Saslauthd, rkhunter, binutils
 #------------------------------------------------------------------------------------------------------------------------------------------
 echo "postfix postfix/main_mailer_type select Internet Site" | debconf-set-selections
 echo "postfix postfix/mailname string $HOSTNAMEFQDN" | debconf-set-selections
 install_packet "postfix postfix-mysql postfix-doc openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql \
-dovecot-sieve sudo libsasl2-modules" "postfix, dovecot, saslauthd, phpMyAdmin, rkhunter, binutils"
+dovecot-sieve sudo libsasl2-modules" "postfix, dovecot, saslauthd, rkhunter, binutils"
 #Uncommenting some Postfix configuration files
 cp /etc/postfix/master.cf /etc/postfix/master.cf.backup
 sed -i 's|#submission inet n       -       -       -       -       smtpd|submission inet n       -       -       -       -       smtpd|' /etc/postfix/master.cf
@@ -807,67 +814,60 @@ service spamassassin stop
 systemctl disable spamassassin
 }
 install_hhvm (){
 #------------------------------------------------------------------------------------------------------------------------------------------
 # Install HipHop Virtual Machine
 #------------------------------------------------------------------------------------------------------------------------------------------
-apt-get -y -qq install software-properties-common
+apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xB4112585D386EB94 >/dev/null 2>&1
-apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0x5a16e7281be7a449
+add-apt-repository https://dl.hhvm.com/"${family,,}" >/dev/null 2>&1
-add-apt-repository "deb http://dl.hhvm.com/ubuntu $distribution main"
+debconf-apt-progress -- apt-get update
-apt-get update
+install_packet "hhvm" "HipHop Virtual Machine"
-apt-get -y -qq install hhvm
 }
-install_apache (){
+install_phpmyadmin (){
 #------------------------------------------------------------------------------------------------------------------------------------------
-# Install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear and mcrypt
+# Phpmyadmin unattended installation
 #------------------------------------------------------------------------------------------------------------------------------------------
-clear_console
+if [[ "$family" != "Ubuntu" ]]; then
-echo "========================================================================="
+DEBIAN_FRONTEND=noninteractive apt-get -y install phpmyadmin
-echo "You will be prompted for some information during the install of phpmyadmin."
+else
-echo "Select NO when asked to configure using dbconfig-common"
+debconf-set-selections <<< "phpmyadmin phpmyadmin/internal/skip-preseed boolean true"
-echo "Please enter them where needed."
+debconf-set-selections <<< "phpmyadmin phpmyadmin/reconfigure-webserver multiselect true"
-echo "========================================================================="
+debconf-set-selections <<< "phpmyadmin phpmyadmin/dbconfig-install boolean false"
-echo "Press ENTER to continue.."
+echo "phpmyadmin phpmyadmin/internal/skip-preseed boolean true" | debconf-set-selections
-read DUMMY
+echo "phpmyadmin phpmyadmin/reconfigure-webserver multiselect" | debconf-set-selections
-#echo 'phpmyadmin phpmyadmin/reconfigure-webserver multiselect apache2' | debconf-set-selections
+echo "phpmyadmin phpmyadmin/dbconfig-install boolean false" | debconf-set-selections
+debconf-apt-progress -- apt-get install -y phpmyadmin
-#BELOW ARE STILL NOT WORKING
+fi
-#echo 'phpmyadmin      phpmyadmin/dbconfig-reinstall   boolean false' | debconf-set-selections
+}
-#echo 'phpmyadmin      phpmyadmin/dbconfig-install     boolean false' | debconf-set-selections
-if [[ $family == "Ubuntu" ]]; then
-install_packet "apache2 apache2-doc apache2-utils libapache2-mod-php php7.0 php7.0-common php7.0-gd php7.0-mysql \
-php7.0-imap php7.0-cli php7.0-cgi libapache2-mod-fcgid apache2-suexec-pristine php-pear php-auth php7.0-mcrypt mcrypt \
-imagemagick libruby libapache2-mod-python php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0-xmlrpc \
-php7.0-xsl memcached php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring" "apache2, PHP5, FCGI, suExec, pear and mcrypt"
-# PHP Opcode cache
-install_packet "php7.0-opcache php-apcu" "PHP Opcode cache"
-# PHP-FPM
-install_packet "libapache2-mod-fastcgi php7.0-fpm" "PHP-FPM"
-a2enmod actions fastcgi alias
-service apache2 restart
-# Install Let's Encrypt
-install_packet "letsencrypt" "Install Let's Encrypt"
-else
+install_apache (){
+#------------------------------------------------------------------------------------------------------------------------------------------
+# Install Apache2, PHP5, FCGI, suExec, Pear and mcrypt
+#------------------------------------------------------------------------------------------------------------------------------------------
-install_packet "apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 \
+local pkg="apache2 apache2-doc apache2-utils libapache2-mod-fcgid php-pear mcrypt imagemagick libruby libapache2-mod-python memcached"
-php5-common php5-gd php5-mysql php5-imap php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt \
-mcrypt php5-imagick imagemagick libruby libapache2-mod-python php5-curl php5-intl php5-memcache php5-memcached php5-pspell php5-recode \
-php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached libapache2-mod-passenger" "apache2, PHP5, CGI, suExec, pear and mcrypt"
-#Install XCache
+local pkg_xenial="libapache2-mod-php php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap php7.0-cli php7.0-cgi \
-install_packet "php5-xcache libapache2-mod-fastcgi php5-fpm" "Install XCache PHP Fpm"
+apache2-suexec-pristine php-auth php7.0-mcrypt php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy \
-a2enmod actions fastcgi alias >> /dev/null
+php7.0-xmlrpc php7.0-xsl php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring php7.0-opcache php-apcu \
+libapache2-mod-fastcgi php7.0-fpm letsencrypt"
-fi
+local pkg_stretch="libapache2-mod-php php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap php7.0-cli php7.0-cgi libapache2-mod-fcgid \
+apache2-suexec-pristine php7.0-mcrypt libapache2-mod-python php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 \
+php7.0-tidy php7.0-xmlrpc php7.0-xsl php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring libapache2-mod-passenger \
+php7.0-soap php7.0-fpm php7.0-opcache php-apcu certbot"
-#phpmyadmin
+local pkg_jessie="apache2.2-common apache2-mpm-prefork libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql \
-debconf-apt-progress -- apt-get install -y phpmyadmin
+php5-imap php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick libapache2-mod-python \
+php5-curl php5-intl php5-memcache php5-memcached php5-pspell php5-recode php5-sqlite php5-tidy php5-xmlrpc php5-xsl \
+libapache2-mod-passenger php5-xcache libapache2-mod-fastcgi php5-fpm"
+local temp="pkg_${distribution}"
+install_packet "${pkg} ${!temp}" "Apache for $family $distribution"
 # fix HTTPOXY vulnerability
 cat <<EOT > /etc/apache2/conf-available/httpoxy.conf
 <IfModule mod_headers.c>
@@ -875,70 +875,41 @@ cat <<EOT > /etc/apache2/conf-available/httpoxy.conf
 </IfModule>
 EOT
-a2enconf httpoxy >> /dev/null
-# enable modules
+a2enmod actions proxy_fcgi fastcgi alias httpoxy suexec rewrite ssl actions include dav_fs dav auth_digest cgi headers >/dev/null 2>&1
-a2enmod suexec rewrite ssl actions include >> /dev/null
-a2enmod dav_fs dav auth_digest cgi headers >> /dev/null
-#Restart Apache
 service apache2 restart >> /dev/null
 }
 install_nginx (){
 #------------------------------------------------------------------------------------------------------------------------------------------
-# Install NginX, PHP5, phpMyAdmin, FCGI, suExec, Pear, And mcrypt
+# Install NginX, PHP5, FCGI, suExec, Pear, And mcrypt
 #------------------------------------------------------------------------------------------------------------------------------------------
+local pkg="nginx php-pear memcached fcgiwrap"
-#echo 'phpmyadmin      phpmyadmin/reconfigure-webserver        multiselect' | debconf-set-selections
+local pkg_xenial="php7.0-fpm php7.0-opcache php7.0-fpm php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap php7.0-cli php7.0-cgi \
-#echo 'phpmyadmin      phpmyadmin/dbconfig-install     boolean false' | debconf-set-selections
+php7.0-mcrypt mcrypt imagemagick libruby php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy \
+php7.0-xmlrpc php7.0-xsl php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring php-apcu"
-debconf-apt-progress -- apt-get install -y nginx
-if [ $(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed") -eq 1 ];
-then
-/etc/init.d/apache2 stop >> /dev/null
-update-rc.d -f apache2 remove >> /dev/null
-fi
-service nginx start >> /dev/null
-if [[ $family == "Ubuntu" ]]; then
-debconf-apt-progress -- apt-get install -y php7.0-fpm
+local pkg_stretch="php7.0-fpm php7.0-opcache php7.0-fpm php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap php7.0-cli php7.0-cgi \
-debconf-apt-progress -- apt-get install -y php7.0-opcache php7.0-fpm php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap php7.0-cli \
+php7.0-mcrypt mcrypt imagemagick libruby php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy \
-php7.0-cgi php-pear php-auth php7.0-mcrypt mcrypt imagemagick libruby php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 \
+php7.0-xmlrpc php7.0-xsl php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring php-apcu"
-php7.0-tidy php7.0-xmlrpc php7.0-xsl memcached php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring
-phpenmod mcrypt
-phpenmod mbstring
-debconf-apt-progress -- apt-get install -y php-apcu
-sed -i "s/^cgi.fix_pathinfo=.*/cgi.fix_pathinfo=0/" /etc/php/7.0/fpm/php.ini
-tz=$(cat /etc/timezone | sed 's/\//\\\//g')
-sed -i "s/^date.timezone=.*/date.timezone=""$ls""/" /etc/php/7.0/fpm/php.ini
-else
+local pkg_jessie="php5-fpm php5-mysql php5-curl php5-gd php5-intl php5-imagick php5-imap php5-mcrypt php5-memcache \
+php5-memcached php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl php-apc"
-debconf-apt-progress -- apt-get install -y php5-fpm
+local temp="pkg_${distribution}"
-debconf-apt-progress -- apt-get install -y php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt \
+install_packet "${pkg} ${!temp}" "Nginx for $family $distribution"
-php5-memcache php5-memcached php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached
-debconf-apt-progress -- apt-get install -y php-apc
-fi
+phpenmod mcrypt mbstring
-#PHP Configuration Stuff Goes Here
+if [[ -f /etc/php/7.0/fpm/php.ini ]]; then
-debconf-apt-progress -- apt-get install -y fcgiwrap
+	tz=$(cat /etc/timezone | sed 's/\//\\\//g')
-reset
+	sed -i "s/^cgi.fix_pathinfo=.*/cgi.fix_pathinfo=0/" /etc/php/7.0/fpm/php.ini
-echo "========================================================================="
+	sed -i "s/^date.timezone=.*/date.timezone=""$tz""/" /etc/php/7.0/fpm/php.ini
-echo "You will be prompted for some information during the install of phpmyadmin."
-echo "Please enter them where needed."
-echo "========================================================================="
-echo "Press ENTER to continue.."
-read DUMMY
-DEBIAN_FRONTEND=noninteractive apt-get install -y dbconfig-common
-debconf-apt-progress -- apt-get install -y phpmyadmin
-if [[ $family == "Ubuntu" ]]; then
 	service php7.0-fpm reload >> /dev/null
-	else
+else
+	debconf-apt-progress -- apt-get install -y python-certbot -t jessie-backports
 	service php5-fpm reload >> /dev/null
 fi
 }
@@ -953,10 +924,9 @@ install_packet "pure-ftpd-common pure-ftpd-mysql" "p3ureFTPd"
 sed -i 's/VIRTUALCHROOT=false/VIRTUALCHROOT=true/' /etc/default/pure-ftpd-common
 echo 1 > /etc/pure-ftpd/conf/TLS
 mkdir -p /etc/ssl/private/
+openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -subj "/C=GB/ST=GB/L=GB/O=GB/OU=GB/CN=$(hostname -f)/emailAddress=joe@joe.com" -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem >/dev/null 2>&1
-openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -subj "/C=/ST=/L=/O=/CN=$(hostname -f)" -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
 chmod 600 /etc/ssl/private/pure-ftpd.pem
-/etc/init.d/pure-ftpd-mysql restart  >> /dev/null
+/etc/init.d/pure-ftpd-mysql restart >> /dev/null
 }
@@ -984,7 +954,29 @@ install_Fail2BanDovecot() {
 # Install fail2ban
 #------------------------------------------------------------------------------------------------------------------------------------------
 install_packet "fail2ban ufw" "Install fail2ban and UFW Firewall"
+if [[ $distribution == "stretch" ]]; then
+cat > /etc/fail2ban/jail.local <<"EOF"
+[pure-ftpd]
+enabled = true
+port = ftp
+filter = pure-ftpd
+logpath = /var/log/syslog
+maxretry = 3
+[dovecot]
+enabled = true
+filter = dovecot
+logpath = /var/log/mail.log
+maxretry = 5
+[postfix-sasl]
+enabled = true
+port = smtp
+filter = postfix-sasl
+logpath = /var/log/mail.log
+maxretry = 3
+EOF
+else
 cat > /etc/fail2ban/jail.local <<"EOF"
 [pureftpd]
 enabled  = true
@@ -1007,6 +999,7 @@ filter   = postfix-sasl
 logpath  = /var/log/mail.log
 maxretry = 3
 EOF
+fi
 }
@@ -1068,6 +1061,10 @@ if [[ $EUID != 0 ]]; then
 	exit
 fi
+# nameserver backup
+echo 'nameserver 8.8.8.8' > /etc/resolvconf/resolv.conf.d/head
+resolvconf -u
 # Create a safe temporary directory
 TEMP_DIR=$(mktemp -d || exit 1)
 chmod 700 ${TEMP_DIR}
@@ -1160,8 +1157,9 @@ while true; do
 				dialog --msgbox "Invalid FQDN. Exiting..." 7 70
 				exit
 			fi
-			choose_webserver; install_basic; install_DashNTP; install_MySQL; install_MySQLDovecot; install_Virus; install_$server; install_hhvm
+			choose_webserver; install_basic; install_DashNTP; install_MySQL; install_MySQLDovecot; install_Virus; install_$server;
-			create_ispconfig_configuration; install_PureFTPD; install_Fail2BanDovecot; install_Fail2BanRulesDovecot;
+			install_phpmyadmin
+			install_hhvm; create_ispconfig_configuration;install_PureFTPD; install_Fail2BanDovecot; install_Fail2BanRulesDovecot;
 			install_ISPConfig
 			read -n 1 -s -p "Press any key to continue"
 		fi