#!/bin/bash # # Copyright (c) 2017 Igor Pecovnik, igor.pecovnik@gma**.com # # This file is licensed under the terms of the GNU General Public # License version 2. This program is licensed "as is" without any # warranty of any kind, whether express or implied. function choose_webserver { #------------------------------------------------------------------------------------------------------------------------------------------ # Target web server selection #------------------------------------------------------------------------------------------------------------------------------------------ dialog --title "Choose a webserver" --backtitle "$backtitle" --yes-label "Apache" --no-label "Nginx" \ --yesno "\nChoose a wenserver which you are familiar with. They both work almost the same." 8 70 response=$? case $response in 0) server="apache";; 1) server="nginx";; 255) exit;; esac echo $server > /tmp/server } function server_conf { #------------------------------------------------------------------------------------------------------------------------------------------ # Add some reqired date for installation #------------------------------------------------------------------------------------------------------------------------------------------ exec 3>&1 dialog --title "Server configuration" --separate-widget $'\n' --ok-label "Install" --backtitle "$backtitle" \ --form "\nPlease fill out this form:\n " \ 12 70 0 \ "Your FQDN for $serverip:" 1 1 "$hostnamefqdn" 1 31 32 0 \ "Mysql root password:" 2 1 "$mysql_pass" 2 31 32 0 \ 2>&1 1>&3 | { read -r hostnamefqdn read -r mysql_pass echo $mysql_pass > /tmp/mysql_pass echo $hostnamefqdn > /tmp/hostnamefqdn choose_webserver # end } exec 3>&- # read variables back MYSQL_PASS=`cat /tmp/mysql_pass` HOSTNAMEFQDN=`cat /tmp/hostnamefqdn` server=`cat /tmp/server` } install_packet () { #------------------------------------------------------------------------------------------------------------------------------------------ # Install missing packets #------------------------------------------------------------------------------------------------------------------------------------------ i=0 j=1 IFS=" " declare -a PACKETS=($1) skupaj=${#PACKETS[@]} while [[ $i -lt $skupaj ]]; do procent=$(echo "scale=2;($j/$skupaj)*100"|bc) x=${PACKETS[$i]} if [ $(dpkg-query -W -f='${Status}' $x 2>/dev/null | grep -c "ok installed") -eq 0 ]; then printf '%.0f\n' $procent | dialog \ --backtitle "$backtitle" \ --title "Installing" \ --gauge "\n$2\n\n$x" 10 70 if [ "$(DEBIAN_FRONTEND=noninteractive apt-get -qq -y install $x >/tmp/install.log 2>&1 || echo 'Installation failed' \ | grep 'Installation failed')" != "" ]; then echo -e "[\e[0;31m error \x1B[0m] Installation failed" tail /tmp/install.log exit fi fi i=$[$i+1] j=$[$j+1] done echo "" } check_port () { #------------------------------------------------------------------------------------------------------------------------------------------ # Check if something is running on port $1 and display info #------------------------------------------------------------------------------------------------------------------------------------------ [[ -z $(netstat -lnt | awk '$6 == "LISTEN" && $4 ~ ".$1"') ]] && dialog --backtitle "$backtitle" --title "Checking service" \ --infobox "\nIt looks good.\n\nThere is $2 service on port $1" 7 52 sleep 3 } install_basic (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Set hostname, FQDN, add to sources list #------------------------------------------------------------------------------------------------------------------------------------------ IFS=" " set ${HOSTNAMEFQDN//./ } HOSTNAMESHORT="$1" cp /etc/hosts /etc/hosts.backup cp /etc/hostname /etc/hostname.backup # create new echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts echo "${serverIP} ${HOSTNAMEFQDN} ${HOSTNAMESHORT} #ispconfig " >> /etc/hosts echo "$HOSTNAMESHORT" > /etc/hostname /etc/init.d/hostname.sh start >/dev/null 2>&1 if [[ $family == "Ubuntu" ]]; then # disable AppArmor service apparmor stop update-rc.d -f apparmor remove apt-get -y -qq remove apparmor apparmor-utils else grep -q "contrib" /etc/apt/sources.list || sed -i 's|main|main contrib|' /etc/apt/sources.list grep -q "non-free" /etc/apt/sources.list || sed -i 's|contrib|contrib non-free|' /etc/apt/sources.list debconf-apt-progress -- apt-get update fi } create_ispconfig_configuration (){ #------------------------------------------------------------------------------------------------------------------------------------------ # ISPConfig autoconfiguration #------------------------------------------------------------------------------------------------------------------------------------------ cat > /tmp/isp.conf.php < EOF } install_omv (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Install high-performance HTTP accelerator #------------------------------------------------------------------------------------------------------------------------------------------ if [[ $family == "Ubuntu" ]]; then dialog --backtitle "$backtitle" --title "Dependencies not met" --infobox "\nOpenmediavault can be installed only on Debian." 5 52 sleep 5 exit fi wget -qO - packages.openmediavault.org/public/archive.key | apt-key add - apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 7AA630A1EDEE7D73 cat > /etc/apt/sources.list.d/openmediavault.list << EOF deb http://packages.openmediavault.org/public erasmus main ## Uncomment the following line to add software from the proposed repository. # deb http://packages.openmediavault.org/public erasmus-proposed main ## This software is not part of OpenMediaVault, but is offered by third-party ## developers as a service to OpenMediaVault users. # deb http://packages.openmediavault.org/public erasmus partner EOF debconf-apt-progress -- apt-get update apt-get -y install openmediavault postfix URL='http://omv-extras.org/openmediavault-omvextrasorg_latest_all3.deb'; FILE=`mktemp`; wget "$URL" -qO $FILE && dpkg -i $FILE; rm $FILE /usr/sbin/omv-update apt-get -y install openmediavault-flashmemory sed -i '//,/<\/flashmemory>/ s/0/1/' /etc/openmediavault/config.xml /usr/sbin/omv-mkconf flashmemory omv-initsystem check_port 80 } install_tvheadend (){ #------------------------------------------------------------------------------------------------------------------------------------------ # TVheadend https://tvheadend.org/ #------------------------------------------------------------------------------------------------------------------------------------------ install_packet "debconf-utils unzip build-essential html2text apt-transport-https" "Downloading dependendies" if !(grep -qs tvheadend "/etc/apt/sources.list.d/tvheadend.list");then echo "deb https://dl.bintray.com/tvheadend/deb $distribution stable" >> /etc/apt/sources.list.d/tvheadend.list apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 379CE192D401AB61 >/dev/null 2>&1 fi debconf-apt-progress -- apt-get update install_packet "libssl-doc libssl1.0.0 zlib1g-dev tvheadend xmltv-util" install -m 755 scripts/tv_grab_file /usr/bin/tv_grab_file dpkg-reconfigure tvheadend service tvheadend restart } install_transmission (){ #------------------------------------------------------------------------------------------------------------------------------------------ # transmission #------------------------------------------------------------------------------------------------------------------------------------------ install_packet "debconf-utils unzip build-essential html2text apt-transport-https" "Downloading dependendies" install_packet "transmission-cli transmission-common transmission-daemon" "Install torrent server" } install_cups (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Install printer system #------------------------------------------------------------------------------------------------------------------------------------------ install_packet "cups lpr cups-filters" "Installing CUPS" # cups-filters if jessie sed -e 's/Listen localhost:631/Listen 631/g' -i /etc/cups/cupsd.conf sed -e 's//\nallow $SUBNET/g' -i /etc/cups/cupsd.conf sed -e 's//\nallow $SUBNET/g' -i /etc/cups/cupsd.conf sed -e 's//\nallow $SUBNET/g' -i /etc/cups/cupsd.conf service cups restart service samba restart | service smbd restart >/dev/null 2>&1 } install_syncthing (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Install Personal cloud https://syncthing.net/ #------------------------------------------------------------------------------------------------------------------------------------------ curl -s https://syncthing.net/release-key.txt | apt-key add - if !(grep -qs syncthing "/etc/apt/sources.list.d/syncthing.list");then echo "deb http://apt.syncthing.net/ syncthing release" | tee /etc/apt/sources.list.d/syncthing.list debconf-apt-progress -- apt-get update install_packet "syncthing" "Install Personal cloud https://syncthing.net/" sed -e 's/exit 0//g' -i /etc/rc.local cat >> /etc/rc.local <<"EOF" syncthing exit 0 EOF syncthing >/dev/null 2>&1 & sleep 5 fi } install_vpn_server (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Script downloads latest stable #------------------------------------------------------------------------------------------------------------------------------------------ cd /tmp PREFIX="http://www.softether-download.com/files/softether/" URL=$(wget -q $PREFIX -O - | html2text | grep rtm | awk ' { print $(NF) }' | tail -1) SUFIX="${URL/-tree/}" if [ "$(dpkg --print-architecture | grep armhf)" != "" ]; then DLURL=$PREFIX$URL"/Linux/SoftEther_VPN_Server/32bit_-_ARM_EABI/softether-vpnserver-$SUFIX-linux-arm_eabi-32bit.tar.gz" else apt-get -y install gcc-multilib DLURL=$PREFIX$URL"/Linux/SoftEther_VPN_Server/32bit_-_Intel_x86/softether-vpnserver-$SUFIX-linux-x86-32bit.tar.gz" fi wget -q $DLURL -O - | tar -xz cd vpnserver make i_read_and_agree_the_license_agreement >> $logfile cd .. cp -R vpnserver /usr/local cd /usr/local/vpnserver/ chmod 600 * chmod 700 vpncmd chmod 700 vpnserver if [[ -d /run/systemd/system/ ]]; then cat </lib/systemd/system/ethervpn.service [Unit] Description=VPN service [Service] Type=oneshot ExecStart=/usr/local/vpnserver/vpnserver start ExecStop=/usr/local/vpnserver/vpnserver stop RemainAfterExit=yes [Install] WantedBy=multi-user.target EOT systemctl enable ethervpn.service service ethervpn start else cat < /etc/init.d/vpnserver #!/bin/sh ### BEGIN INIT INFO # Provides: vpnserver # Required-Start: \$remote_fs \$syslog # Required-Stop: \$remote_fs \$syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start daemon at boot time # Description: Enable Softether by daemon. ### END INIT INFO DAEMON=/usr/local/vpnserver/vpnserver LOCK=/var/lock/vpnserver test -x $DAEMON || exit 0 case "\$1" in start) \$DAEMON start touch \$LOCK ;; stop) \$DAEMON stop rm \$LOCK ;; restart) \$DAEMON stop sleep 3 \$DAEMON start ;; *) echo "Usage: \$0 {start|stop|restart}" exit 1 esac exit 0 EOT chmod 755 /etc/init.d/vpnserver mkdir /var/lock/subsys update-rc.d vpnserver defaults >> $logfile /etc/init.d/vpnserver start fi } install_DashNTP (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Install DASH and ntp service #------------------------------------------------------------------------------------------------------------------------------------------ echo "dash dash/sh boolean false" | debconf-set-selections dpkg-reconfigure -f noninteractive dash > /dev/null 2>&1 install_packet "ntp ntpdate" "Install DASH and ntp service" } install_MySQL_old (){ #------------------------------------------------------------------------------------------------------------------------------------------ # MYSQL #------------------------------------------------------------------------------------------------------------------------------------------ echo "mysql-server-5.5 mysql-server/root_password password $MYSQL_PASS" | debconf-set-selections echo "mysql-server-5.5 mysql-server/root_password_again password $MYSQL_PASS" | debconf-set-selections install_packet "mysql-client mysql-server" "Install Mysql client / server" #Allow MySQL to listen on all interfaces cp /etc/mysql/my.cnf /etc/mysql/my.cnf.backup sed -i 's|bind-address = 127.0.0.1|#bind-address = 127.0.0.1|' /etc/mysql/my.cnf service mysql restart >> /dev/null } install_MySQL (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Maria SQL #------------------------------------------------------------------------------------------------------------------------------------------ install_packet "mariadb-client mariadb-server" "Install Mysql client / server" #Allow MySQL to listen on all interfaces cp /etc/mysql/my.cnf /etc/mysql/my.cnf.backup sed -i 's|bind-address = 127.0.0.1|#bind-address = 127.0.0.1|' /etc/mysql/my.cnf SECURE_MYSQL=$(expect -c " set timeout 3 spawn mysql_secure_installation expect \"Enter current password for root (enter for none):\" send \"\r\" expect \"root password?\" send \"y\r\" expect \"New password:\" send \"$MYSQL_PASS\r\" expect \"Re-enter new password:\" send \"$MYSQL_PASS\r\" expect \"Remove anonymous users?\" send \"y\r\" expect \"Disallow root login remotely?\" send \"y\r\" expect \"Remove test database and access to it?\" send \"y\r\" expect \"Reload privilege tables now?\" send \"y\r\" expect eof ") # # Execution mysql_secure_installation # echo "${SECURE_MYSQL}" service mysql restart >> /dev/null } install_MySQLDovecot (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Install Postfix, Dovecot, Saslauthd, phpMyAdmin, rkhunter, binutils #------------------------------------------------------------------------------------------------------------------------------------------ echo "postfix postfix/main_mailer_type select Internet Site" | debconf-set-selections echo "postfix postfix/mailname string $HOSTNAMEFQDN" | debconf-set-selections install_packet "postfix postfix-mysql postfix-doc openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql \ dovecot-sieve sudo libsasl2-modules" "postfix, dovecot, saslauthd, phpMyAdmin, rkhunter, binutils" #Uncommenting some Postfix configuration files cp /etc/postfix/master.cf /etc/postfix/master.cf.backup sed -i 's|#submission inet n - - - - smtpd|submission inet n - - - - smtpd|' /etc/postfix/master.cf sed -i 's|# -o syslog_name=postfix/submission| -o syslog_name=postfix/submission|' /etc/postfix/master.cf sed -i 's|# -o smtpd_tls_security_level=encrypt| -o smtpd_tls_security_level=encrypt|' /etc/postfix/master.cf sed -i 's|# -o smtpd_sasl_auth_enable=yes| -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf sed -i 's|# -o smtpd_client_restrictions=permit_sasl_authenticated,reject| -o smtpd_client_restrictions=permit_sasl_authenticated,reject|' /etc/postfix/master.cf sed -i 's|# -o smtpd_sasl_auth_enable=yes| -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf sed -i 's|# -o smtpd_sasl_auth_enable=yes| -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf sed -i 's|# -o smtpd_sasl_auth_enable=yes| -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf sed -i 's|#smtps inet n - - - - smtpd|smtps inet n - - - - smtpd|' /etc/postfix/master.cf sed -i 's|# -o syslog_name=postfix/smtps| -o syslog_name=postfix/smtps|' /etc/postfix/master.cf sed -i 's|# -o smtpd_tls_wrappermode=yes| -o smtpd_tls_wrappermode=yes|' /etc/postfix/master.cf service postfix restart >> /dev/null } install_Virus (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Install Amavisd-new, SpamAssassin, And Clamav #------------------------------------------------------------------------------------------------------------------------------------------ install_packet "amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj p7zip unrar-free ripole rpm nomarch lzop \ cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl \ libnet-ident-perl zip libnet-dns-perl postgrey" "amavisd, spamassassin, clamav" sed -i "s/^AllowSupplementaryGroups.*/AllowSupplementaryGroups true/" /etc/clamav/clamd.conf /etc/init.d/spamassassin stop insserv -rf spamassassin } install_hhvm (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Install HipHop Virtual Machine #------------------------------------------------------------------------------------------------------------------------------------------ apt-get -y -qq install software-properties-common apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0x5a16e7281be7a449 add-apt-repository "deb http://dl.hhvm.com/ubuntu $distribution main" apt-get update apt-get -y -qq install hhvm } install_apache (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear and mcrypt #------------------------------------------------------------------------------------------------------------------------------------------ clear_console echo "=========================================================================" echo "You will be prompted for some information during the install of phpmyadmin." echo "Select NO when asked to configure using dbconfig-common" echo "Please enter them where needed." echo "=========================================================================" echo "Press ENTER to continue.." read DUMMY echo 'phpmyadmin phpmyadmin/reconfigure-webserver multiselect apache2' | debconf-set-selections #BELOW ARE STILL NOT WORKING #echo 'phpmyadmin phpmyadmin/dbconfig-reinstall boolean false' | debconf-set-selections #echo 'phpmyadmin phpmyadmin/dbconfig-install boolean false' | debconf-set-selections if [[ $family == "Ubuntu" ]]; then install_packet "apache2 apache2-doc apache2-utils libapache2-mod-php php7.0 php7.0-common php7.0-gd php7.0-mysql \ php7.0-imap phpmyadmin php7.0-cli php7.0-cgi libapache2-mod-fcgid apache2-suexec-pristine php-pear php-auth php7.0-mcrypt mcrypt \ imagemagick libruby libapache2-mod-python php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0-xmlrpc \ php7.0-xsl memcached php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring" "apache2, PHP5, phpMyAdmin, FCGI, suExec, pear and mcrypt" # PHP Opcode cache install_packet "php7.0-opcache php-apcu" "PHP Opcode cache" # PHP-FPM install_packet "libapache2-mod-fastcgi php7.0-fpm" "PHP-FPM" a2enmod actions fastcgi alias # Install Let's Encrypt install_packet "letsencrypt" "Install Let's Encrypt" else install_packet "apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 \ php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt \ mcrypt php5-imagick imagemagick libruby libapache2-mod-python php5-curl php5-intl php5-memcache php5-memcached php5-pspell php5-recode \ php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached libapache2-mod-passenger" "apache2, PHP5, phpMyAdmin, FCGI, suExec, pear and mcrypt" #Install XCache install_packet "php5-xcache libapache2-mod-fastcgi php5-fpm" "Install XCache PHP Fpm" a2enmod actions fastcgi alias >> /dev/null fi # fix HTTPOXY vulnerability cat < /etc/apache2/conf-available/httpoxy.conf RequestHeader unset Proxy early EOT a2enconf httpoxy >> /dev/null # enable modules a2enmod suexec rewrite ssl actions include >> /dev/null a2enmod dav_fs dav auth_digest cgi headers >> /dev/null #Restart Apache service apache2 restart >> /dev/null } install_nginx (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Install NginX, PHP5, phpMyAdmin, FCGI, suExec, Pear, And mcrypt #------------------------------------------------------------------------------------------------------------------------------------------ echo 'phpmyadmin phpmyadmin/reconfigure-webserver multiselect' | debconf-set-selections echo 'phpmyadmin phpmyadmin/dbconfig-install boolean false' | debconf-set-selections debconf-apt-progress -- apt-get install -y nginx if [ $(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed") -eq 1 ]; then /etc/init.d/apache2 stop >> /dev/null update-rc.d -f apache2 remove >> /dev/null fi service nginx start >> /dev/null if [[ $family == "Ubuntu" ]]; then debconf-apt-progress -- apt-get install -y php7.0-fpm debconf-apt-progress -- apt-get install -y php7.0-opcache php7.0-fpm php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap php7.0-cli \ php7.0-cgi php-pear php-auth php7.0-mcrypt mcrypt imagemagick libruby php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 \ php7.0-tidy php7.0-xmlrpc php7.0-xsl memcached php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring phpenmod mcrypt phpenmod mbstring debconf-apt-progress -- apt-get install -y php-apcu sed -i "s/^cgi.fix_pathinfo=.*/cgi.fix_pathinfo=0/" /etc/php/7.0/fpm/php.ini tz=$(cat /etc/timezone | sed 's/\//\\\//g') sed -i "s/^date.timezone=.*/date.timezone=""$ls""/" /etc/php/7.0/fpm/php.ini else debconf-apt-progress -- apt-get install -y php5-fpm debconf-apt-progress -- apt-get install -y php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt \ php5-memcache php5-memcached php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached debconf-apt-progress -- apt-get install -y php-apc fi #PHP Configuration Stuff Goes Here debconf-apt-progress -- apt-get install -y fcgiwrap reset echo "=========================================================================" echo "You will be prompted for some information during the install of phpmyadmin." echo "Please enter them where needed." echo "=========================================================================" echo "Press ENTER to continue.." read DUMMY DEBIAN_FRONTEND=noninteractive apt-get install -y dbconfig-common debconf-apt-progress -- apt-get install -y phpmyadmin /etc/init.d/php5-fpm restart >> /dev/null } install_PureFTPD (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Install PureFTPd #------------------------------------------------------------------------------------------------------------------------------------------ install_packet "pure-ftpd-common pure-ftpd-mysql" "p3ureFTPd" sed -i 's/VIRTUALCHROOT=false/VIRTUALCHROOT=true/' /etc/default/pure-ftpd-common echo 1 > /etc/pure-ftpd/conf/TLS mkdir -p /etc/ssl/private/ openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -subj "/C=/ST=/L=/O=/CN=$(hostname -f)" -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem chmod 600 /etc/ssl/private/pure-ftpd.pem /etc/init.d/pure-ftpd-mysql restart >> /dev/null } install_Bind (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Install BIND DNS Server #------------------------------------------------------------------------------------------------------------------------------------------ install_packet "bind9 dnsutils" "Install BIND DNS Server" } install_Stats (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Install Vlogger, Webalizer, And AWstats #------------------------------------------------------------------------------------------------------------------------------------------ install_packet "vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl" "vlogger, webalizer, awstats" sed -i "s/*/10 * * * * www-data/#*/10 * * * * www-data/" /etc/cron.d/awstats sed -i "s/10 03 * * * www-data/#10 03 * * * www-data/" /etc/cron.d/awstats } install_Fail2BanDovecot() { #------------------------------------------------------------------------------------------------------------------------------------------ # Install fail2ban #------------------------------------------------------------------------------------------------------------------------------------------ install_packet "fail2ban" "Install fail2ban" cat > /etc/fail2ban/jail.local <<"EOF" [pureftpd] enabled = true port = ftp filter = pureftpd logpath = /var/log/syslog maxretry = 3 [dovecot-pop3imap] enabled = true filter = dovecot-pop3imap action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp] logpath = /var/log/mail.log maxretry = 5 [sasl] enabled = true port = smtp filter = sasl logpath = /var/log/mail.log maxretry = 3 EOF } install_Fail2BanRulesDovecot() { #------------------------------------------------------------------------------------------------------------------------------------------ cat > /etc/fail2ban/filter.d/pureftpd.conf <<"EOF" [Definition] failregex = .*pure-ftpd: \(.*@\) \[WARNING\] Authentication failed for user.* ignoreregex = EOF cat > /etc/fail2ban/filter.d/dovecot-pop3imap.conf <<"EOF" [Definition] failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P\S*),.* ignoreregex = EOF # Add the missing ignoreregex line echo "ignoreregex =" >> /etc/fail2ban/filter.d/postfix-sasl.conf service fail2ban restart >> /dev/null } install_ISPConfig (){ #------------------------------------------------------------------------------------------------------------------------------------------ # Install ISPConfig 3 #------------------------------------------------------------------------------------------------------------------------------------------ cd /tmp wget -q http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz -O - | tar -xz cd /tmp/ispconfig3_install/install/ #apt-get -y install php5-cli php5-mysql php -q install.php --autoinstall=/tmp/isp.conf.php echo "Go to: https://$serverIP:8080" } #---------------------------------------------------------------------------------------------------------------------------------------------------- # Main choices #---------------------------------------------------------------------------------------------------------------------------------------------------- # check for root # if [[ $EUID != 0 ]]; then dialog --title "Warning" --infobox "\nThis script requires root privileges.\n\nExiting ..." 7 41 sleep 3 exit fi # Install basic stuff # apt-get -y -qq --no-install-recommends install dialog whiptail lsb-release bc expect # gather some info # distribution=$(lsb_release -cs) family=$(lsb_release -is) serverIP=$(ip route get 8.8.8.8 | awk '{ print $NF; exit }') set ${serverIP//./ } SUBNET="$1.$2.$3." hostnamefqdn=$(hostname -f) mysql_pass="" backtitle="Softy - Armbian post deployment scripts, http://www.armbian.com" # here we add new items to menu. with condition when needed # LIST=() LIST+=( "Tasksel" "Stock $family $distribution app installer" "off" ) LIST+=( "TV headend" "TV streaming / proxy" "off" ) LIST+=( "Syncthing" "Personal cloud @syncthing.net" "off" ) LIST+=( "VPN server" "VPN server" "off" ) [[ "$family" == "Debian" ]] && LIST+=( "OMV" "OpenMediaVault NAS solution" "off" ) LIST+=( "Minidlna" "Lightweight DLNA/UPnP-AV server" "off" ) LIST+=( "Pi hole" "Ad blocker" "off" ) LIST+=( "Transmission" "Torrent downloading" "off" ) LIST+=( "ISPConfig" "Advanced LAMP + SMTP, IMAP, POP3" "off" ) LISTLENGHT="$((5+${#LIST[@]}/2))" # main dialog routine # DIALOG_CANCEL=1 DIALOG_ESC=255 while true; do exec 3>&1 selection=$(dialog --backtitle "$backtitle" --title "Installing to $family $distribution" --clear --cancel-label \ "Exit" --checklist "\nChoose what you want to install:\n " $LISTLENGHT 70 15 "${LIST[@]}" 2>&1 1>&3) exit_status=$? exec 3>&- case $exit_status in $DIALOG_CANCEL) clear echo -e "\n\e[0;33mThank you for using Armbian configuration tool! Support: \e[1m\e[39mwww.armbian.com\x1B[0m\n" exit ;; $DIALOG_ESC) clear exit 1 ;; esac case $selection in ISPConfig* ) server_conf if [[ "$MYSQL_PASS" == "" ]]; then dialog --msgbox "Mysql password can't be blank. Exiting..." 7 70 exit fi install_basic; install_DashNTP; install_MySQL; install_MySQLDovecot; install_Virus; install_$server; install_hhvm create_ispconfig_configuration; install_PureFTPD; install_Fail2BanDovecot; install_Fail2BanRulesDovecot; install_ISPConfig read -n 1 -s -p "Press any key to continue" ;; *Tasksel* ) tasksel ;; *headend* ) install_tvheadend check_port 9981 "HTS tvheadend" read -n 1 -s -p "Press any key to continue" ;; *Syncthing* ) install_syncthing check_port 8384 "Syncthing" read -n 1 -s -p "Press any key to continue" ;; *CUPS* ) install_cups read -n 1 -s -p "Press any key to continue" ;; *VPN* ) install_vpn_server read -n 1 -s -p "Press any key to continue" ;; *OMV* ) install_omv read -n 1 -s -p "Press any key to continue" ;; *hole* ) curl -L install.pi-hole.net | bash read -n 1 -s -p "Press any key to continue" ;; *Minidlna* ) install_packet "minidlna" "Install lightweight DLNA/UPnP-AV server" check_port 8200 read -n 1 -s -p "Press any key to continue" ;; *Transmission* ) install_transmission check_port 9091 read -n 1 -s -p "Press any key to continue" ;; esac done