From 11393c9613c43c942dd57be02a9b8f0475e8545e Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Thu, 25 Jun 2020 10:22:52 +0200 Subject: [PATCH] Inital commit --- Tools/aclutil | 137 ++++++++++++++++++++++++ Tools/adduserutil | 198 +++++++++++++++++++++++++++++++++++ Tools/deluserutil | 161 ++++++++++++++++++++++++++++ Tools/ez-aclutil | 156 +++++++++++++++++++++++++++ config/grequalizer-ftp.conf | 36 +++++++ config/grequalizer-sftp.conf | 47 +++++++++ config/rssh_append.conf | 3 + config/sshd_append.conf | 14 +++ config/sudo.conf | 1 + config/vsftpd.conf | 25 +++++ setup.sh | 57 ++++++++++ 11 files changed, 835 insertions(+) create mode 100755 Tools/aclutil create mode 100755 Tools/adduserutil create mode 100755 Tools/deluserutil create mode 100755 Tools/ez-aclutil create mode 100644 config/grequalizer-ftp.conf create mode 100644 config/grequalizer-sftp.conf create mode 100644 config/rssh_append.conf create mode 100644 config/sshd_append.conf create mode 100644 config/sudo.conf create mode 100644 config/vsftpd.conf create mode 100644 setup.sh diff --git a/Tools/aclutil b/Tools/aclutil new file mode 100755 index 0000000..eef7ee8 --- /dev/null +++ b/Tools/aclutil @@ -0,0 +1,137 @@ +#!/bin/bash +#Funtions +Help() +{ + # Display Help + echo + echo "#######################" + echo "# ACL_UTIL Help #" + echo "#######################" + echo + echo "Syntax: aclutil [-u [-g ][-a|r] " + echo "options:" + echo "-h, --help Print this Help." + echo + echo "Get info about set ALC's" + echo "-l, --list #get current ACL rules" + echo "-lg --listgui #get current ACL rules using the eiciel GUI" + echo + echo "Set user/group for ACL change" + echo "-u , --user #User for ACL change" + echo "-g , --group #group for ACL change " + echo + echo "Action for ACL rule" + echo "-a, --add #add ACL rule" + echo "-r, --remove #Remove ACL rule" + echo +} + +#Input Handeler +POSITIONAL=() +while [[ $# -gt 0 ]] +do +key="$1" + +case $key in + -h | --help) + Help + exit + ;; + -u | --user) + TARGET=user + USER=$2 + shift + shift + ;; + -g | --group) + TARGET=group + GROUP=$2 + shift + shift + ;; + -a | --add) + ACTION=add + shift + ;; + -r | --remove) + ACTION=remove + shift + ;; + -l | --list) + ACTION=list + shift + ;; + -lg | --listgui) + ACTION=listgui + shift + ;; + *) # unknown option + POSITIONAL+=("$1") # save it in an array for later + shift # past argument + ;; +esac +done +set -- "${POSITIONAL[@]}" # restore positional parameters + +FOLDERPATH="$1" + +#input Validation +##Action flag +if [ -z ${ACTION+x} ]; then echo "Incorrect or missing parameter(s)" && Help && exit; fi +##Target Flag +if [ "$ACTION" = "remove" ] || [ "$ACTION" = "add" ]; then +if [ -z ${TARGET+x} ]; then echo "Incorrect or missing parameter(s)" && Help && exit; fi + +##User flag +if [ "$TARGET" = "user" ] && [ -z $USER ]; then +echo "User name not specified" +exit +fi + +##Group flag +if [ "$TARGET" = "group" ] && [ -z $GROUP ]; then +echo "Group name not specified" +exit +fi +fi + + +##Path +if [ -z $FOLDERPATH ]; then echo "File or directory not specified" && exit; fi + +if [ ! -d "$FOLDERPATH" ] && [ ! -f "$FOLDERPATH" ]; then + echo "'$FOLDERPATH': No such file or directory" +fi + +#Script +if [ "$ACTION" = "list" ]; then +getfacl $FOLDERPATH +fi + +if [ "$ACTION" = "listgui" ]; then +echo "If gui did not start make sure X11 forwarding is enabled" +echo "and eiciel it is installed" +eiciel $FOLDERPATH +fi + +if [ "$ACTION" = "add" ] && [ "$TARGET" = "user" ]; then +setfacl -R -m u:"$USER":rx "$FOLDERPATH" +setfacl -R -d -m u:"$USER":rx "$FOLDERPATH" +fi + + +if [ "$ACTION" = "add" ] && [ "$TARGET" = "group" ]; then +setfacl -R -m g:"$GROUP":rx "$FOLDERPATH" +setfacl -R -d -m g:"$GROUP":rx "$FOLDERPATH" +fi + +if [ "$ACTION" = "remove" ] && [ "$TARGET" = "user" ]; then +setfacl -R -x u:"$USER" "$FOLDERPATH" +setfacl -R -d -x u:"$USER" "$FOLDERPATH" +fi + + +if [ "$ACTION" = "remove" ] && [ "$TARGET" = "group" ]; then +setfacl -R -x g:"$GROUP" "$FOLDERPATH" +setfacl -R -d -x g:"$GROUP" "$FOLDERPATH" +fi diff --git a/Tools/adduserutil b/Tools/adduserutil new file mode 100755 index 0000000..01a0636 --- /dev/null +++ b/Tools/adduserutil @@ -0,0 +1,198 @@ +#!/bin/bash +#Funtions +Help() +{ + # Display Help + echo "Add user to backupserver" + echo + echo "Syntax: adduserutil [-a|v|s|ts] " + echo "options:" + echo "-h, --help Print this Help." + echo + echo "Set user type for new user" + echo "-a, --admin #Backup Admin" + echo "-v, --viewer #Backup Viewer " + echo "-s, --source #Backup Source (ex:a webserver)" + echo + echo "Set backup source options for new user" + echo "-ts, --sftp #Backup source will use sftp/rsync to upload files" + echo "-tf, --ftp #Backup source will use ftp to upload files" + echo +} + +Keyer() +{ +echo 'Please paste in the public ssh key without ""' +read sshkey +echo +echo +echo "The following key was received" +echo "$sshkey" +echo +while true; do + read -p "Is this key correct? " yn + case $yn in + [Yy]* ) break;; + [Nn]* ) exit;; + * ) echo "Please answer yes or no.";; + esac +done +} + + +#Input Handeler +POSITIONAL=() +while [[ $# -gt 0 ]] +do +key="$1" + +case $key in + -h | --help) + Help + exit + ;; + -v | --viewer) + USERTYPE=viewer + shift + ;; + -a |--admin) + USERTYPE=admin + shift + ;; + -s|--source) + USERTYPE=source + shift + ;; + -tf|--ftp ) + UPTYPE=FTP + shift + ;; + -ts|--sftp ) + UPTYPE=SFTP + shift + ;; + *) # unknown option + POSITIONAL+=("$1") # save it in an array for later + shift # past argument + ;; +esac +done +set -- "${POSITIONAL[@]}" # restore positional parameters + +username="$1" + + +#Input Check +if [ -z "$username" ] +then + echo "Please provide a username" + echo "For more information type adduserutil -h" + echo + exit +fi + +if [ "$username" = "root" ]; then + echo "Root is not allowed" + exit +fi + +getent passwd $username > /dev/null +if [ $? -eq 0 ]; then + echo "This username already exists" + exit +fi + +if [ -z "$USERTYPE" ] +then + echo "Please provide user type" + echo "For more information type adduserutil -h" + echo + exit +fi +if [ "$USERTYPE" = "source" ]; then +if [ -z "$UPTYPE" ] +then + echo "Please provide upload methode" + echo "For more information type adduserutil -h" + echo + exit +fi +fi + + +#Confirmation before setting user +echo "Create user with the following information" +echo "Username: $username" +echo "User type: $USERTYPE" +if [ "$USERTYPE" = "source" ]; then +echo "Upload methode $UPTYPE" +fi +while true; do + read -p "Do you wish to add this user? " yn + case $yn in + [Yy]* ) break;; + [Nn]* ) exit;; + * ) echo "Please answer yes or no.";; + esac +done + + +#Add Admin user +if [ "$USERTYPE" = "admin" ]; then +Keyer + +useradd -g BCKadmin -s /bin/bash -m -d /home/"$username" "$username" +passwd --expire -d "$username" +sudo -u "$username" mkdir /home/$username/.ssh +echo "$sshkey" | sudo -u "$username" tee /home/"$username"/.ssh/authorized_keys +fi + + +#Add Viewer user +if [ "$USERTYPE" = "viewer" ]; then +Keyer + +useradd -g BCKviewer -s /usr/sbin/nologin -d / "$username" +mkdir -p /vhome/"$username"/.ssh +mkdir -p /vhome/"$username"/backups +chown root: /vhome/"$username" +chmod 755 /vhome/"$username" +chown root: /vhome/"$username" +chown -R $username: /vhome/"$username"/.ssh +chmod 750 -R /vhome/"$username"/.ssh +echo "$sshkey" | sudo -u "$username" tee /vhome/"$username"/.ssh/authorized_keys +echo "/backups /vhome/$username/backups none defaults,bind 0 0" >>/etc/fstab +mount -a +fi + + +#Add sftp source user +if [ "$USERTYPE" = "source" ] && [ "$UPTYPE" = "SFTP" ]; then +Keyer + +mkdir -p /backups/sftp/"$username" +useradd -M -N -r "$username" +usermod -g sftpusers "$username" +python3 /opt/grequalizer/grequalizer.py /opt/grequalizer/conf/grequalizer-sftp.conf -O +mkdir -p /backups/sftp/"$username"/home/.ssh +echo "$sshkey" > /backups/sftp/"$username"/home/.ssh/authorized_keys +chown -R $username: /backups/sftp/"$username"/home +chmod -R 700 /backups/sftp/"$username"/home +setfacl -R -m g:BCKadmin:rwx /backups/sftp/"$username"/home +setfacl -R -d -m g:BCKadmin:rwx /backups/sftp/"$username"/home +fi + + + +#Add ftp source user +if [ "$USERTYPE" = "source" ] && [ "$UPTYPE" = "FTP" ]; then +password=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 18 | head -n 1) +useradd -M -N -r "$username" +usermod -g ftpusers "$username" +echo "$username" | tee -a /etc/vsftpd.user_list +python3 /opt/grequalizer/grequalizer.py /opt/grequalizer/conf/grequalizer-ftp.conf -O +setfacl -R -m g:BCKadmin:rwx /backups/ftp/"$username" +setfacl -R -d -m g:BCKadmin:rwx /backups/ftp/"$username" +echo $username:$password | chpasswd +echo "The password for $username is: $password" +fi diff --git a/Tools/deluserutil b/Tools/deluserutil new file mode 100755 index 0000000..c951ad9 --- /dev/null +++ b/Tools/deluserutil @@ -0,0 +1,161 @@ +#!/bin/bash +#Funtions +Help() +{ + # Display Help + echo "Remove user from backupserver" + echo + echo "Syntax: deluserutil [-a|v|s|ts] " + echo "options:" + echo "-h, --help Print this Help." + echo + echo "Define user type for user that shoud we removed" + echo "-a, --admin #Backup Admin" + echo "-v, --viewer #Backup Viewer " + echo "-s, --source #Backup Source (ex:a webserver)" + echo + echo "Set backup source options for new user" + echo "-ts, --sftp #Backup source will use sftp/rsync to upload files" + echo "-tf, --ftp #Backup source will use ftp to upload files" + echo +} + + +#Input Handeler +POSITIONAL=() +while [[ $# -gt 0 ]] +do +key="$1" + +case $key in + -h | --help) + Help + exit + ;; + -v | --viewer) + USERTYPE=viewer + shift + shift + ;; + -a |--admin) + USERTYPE=admin + shift + ;; + -s|--source) + USERTYPE=source + shift + ;; + -tf|--ftp ) + UPTYPE=FTP + shift + ;; + -ts|--sftp ) + UPTYPE=SFTP + shift + ;; + *) # unknown option + POSITIONAL+=("$1") # save it in an array for later + shift # past argument + ;; +esac +done +set -- "${POSITIONAL[@]}" # restore positional parameters + +username="$1" + + +#Input Check +if [ -z "$username" ] +then + echo "Please provide a username" + echo "For more information type deluserutil -h" + echo + exit +fi + +if [ "$username" = "root" ]; then + echo "Root is not allowed" +fi + +getent passwd $username > /dev/null +if [ $? -eq 2 ]; then + echo "This username does not exists" + exit +fi + +if [ -z "$USERTYPE" ] +then + echo "Please provide user type" + echo "For more information type deluserutil -h" + echo + exit +fi +if [ "$USERTYPE" = "source" ]; then +if [ -z "$UPTYPE" ] +then + echo "Please provide upload methode" + echo "For more information type deluserutil -h" + echo + exit +fi +fi + +#Confirmation before setting user +echo "Removing the user with the following information" +echo "Username: $username" +echo "User type: $USERTYPE" +if [ "$USERTYPE" = "source" ]; then +echo "Upload methode $UPTYPE" +fi +while true; do + read -p "Do you wish to REMOVE $username? " yn + case $yn in + [Yy]* ) break;; + [Nn]* ) exit;; + * ) echo "Please answer yes or no.";; + esac +done + + +#Remove Admin user +if [ "$USERTYPE" = "admin" ]; then +userdel -rf $username +fi + + +#Remove Viewer user +if [ "$USERTYPE" = "viewer" ]; then +umount /vhome/$username/backup +sed -i "/\/$username\//d" /etc/fstab +userdel -f $username +rm -rf /vhome/$username +fi + + +#Remove sftp source user +if [ "$USERTYPE" = "source" ] && [ "$UPTYPE" = "SFTP" ]; then +while true; do + read -p "Do you wish to REMOVE the backups connected to this user? " yn + case $yn in + [Yy]* ) rm -rf /backups/sftp/"$username" && break;; + [Nn]* ) break;; + * ) echo "Please answer yes or no.";; + esac +done +userdel -f $username +fi + + +#Remove ftp source user +if [ "$USERTYPE" = "source" ] && [ "$UPTYPE" = "FTP" ]; then +while true; do + read -p "Do you wish to REMOVE the backups connected to this user? " yn + case $yn in + [Yy]* ) rm -rf /backups/ftp/"$username" && break;; + [Nn]* ) break;; + * ) echo "Please answer yes or no.";; + esac +done + sed -i "/\<$username\>/d" /etc/ftpusers + userdel -f $username +fi diff --git a/Tools/ez-aclutil b/Tools/ez-aclutil new file mode 100755 index 0000000..70287cb --- /dev/null +++ b/Tools/ez-aclutil @@ -0,0 +1,156 @@ +#!/bin/bash +#Funtions +Help() +{ + # Display Help + echo + echo "#########################" + echo "# ez ACL_UTIL Help #" + echo "#########################" + echo + echo "Syntax: ezaclutil [-u [-g ] [-a|r] [-f ] [-s ] " + echo "options:" + echo "-h, --help Print this Help." + echo + echo "Get info about set ALC's" + echo "-l, --list #get current ACL rules" + echo + echo "Set user/group for ACL change" + echo "-u , --user #User for ACL change" + echo "-g , --group #group for ACL change " + echo "-av, --allviewers #Set group to backup viewers (-g not needed)" + echo + echo "Action for ACL rule" + echo "-a, --add #add ACL rule" + echo "-r, --remove #Remove ACL rule" + echo + echo "Set target for ACL change" + echo "-f , --ftp #User fot ACL change" + echo "-s , --sftp #group fot ACL change " + echo +} + +#Input Handeler +POSITIONAL=() +while [[ $# -gt 0 ]] +do +key="$1" + +case $key in + -h | --help) + Help + exit + ;; + -u | --user) + TARGET=user + USER=$2 + shift + shift + ;; + -g | --group) + TARGET=group + GROUP=$2 + shift + shift + ;; + -a | --add) + ACTION=add + shift + ;; + -r | --remove) + ACTION=remove + shift + ;; + -l | --list) + ACTION=list + shift + ;; + -lg | --listgui) + ACTION=listgui + shift + ;; + -av | --allviewers) + TARGET=group + GROUP=BCKviewer + shift + ;; + + -f | --ftp) + FOLDERPATH="/backups/ftp/$2" + shift + shift + ;; + -s | --sftp) + FOLDERPATH="/backups/sftp/$2/home" + shift + shift + ;; + *) # unknown option + POSITIONAL+=("$1") # save it in an array for later + shift # past argument + ;; +esac +done +set -- "${POSITIONAL[@]}" # restore positional parameters + + +#input Validation +##Action flag +if [ -z ${ACTION+x} ]; then echo "Incorrect or missing parameter(s)" && Help && exit; fi +##Target Flag +if [ "$ACTION" = "remove" ] || [ "$ACTION" = "add" ]; then +if [ -z ${TARGET+x} ]; then echo "Incorrect or missing parameter(s)" && Help && exit; fi + +##User flag +if [ "$TARGET" = "user" ] && [ -z $USER ]; then +echo "User name not specified" +exit +fi + +##Group flag +if [ "$TARGET" = "group" ] && [ -z $GROUP ]; then +echo "Group name not specified" +exit +fi +fi + + +##Path +if [ -z $FOLDERPATH ]; then echo "Target backup not specified" && exit; fi + +if [ ! -d "$FOLDERPATH" ] && [ ! -f "$FOLDERPATH" ]; then + echo "Target backup not found" +fi + +#Script +if [ "$ACTION" = "list" ]; then +getfacl $FOLDERPATH +fi + +if [ "$ACTION" = "listgui" ]; then +echo "If gui did not start make sure X11 forwarding is enabled" +echo "and eiciel it is installed" +eiciel $FOLDERPATH +fi + +if [ "$ACTION" = "add" ] && [ "$TARGET" = "user" ]; then +setfacl -R -m u:"$USER":rx "$FOLDERPATH" +setfacl -R -d -m u:"$USER":rx "$FOLDERPATH" +fi + + +if [ "$ACTION" = "add" ] && [ "$TARGET" = "group" ]; then +setfacl -R -m g:"$GROUP":rx "$FOLDERPATH" +setfacl -R -d -m g:"$GROUP":rx "$FOLDERPATH" +fi + +if [ "$ACTION" = "remove" ] && [ "$TARGET" = "user" ]; then +setfacl -R -x u:"$USER" "$FOLDERPATH" +setfacl -R -d -x u:"$USER" "$FOLDERPATH" +fi + + +if [ "$ACTION" = "remove" ] && [ "$TARGET" = "group" ]; then +setfacl -R -x g:"$GROUP" "$FOLDERPATH" +setfacl -R -d -x g:"$GROUP" "$FOLDERPATH" +fi diff --git a/config/grequalizer-ftp.conf b/config/grequalizer-ftp.conf new file mode 100644 index 0000000..1d8f02d --- /dev/null +++ b/config/grequalizer-ftp.conf @@ -0,0 +1,36 @@ +# Variables: $u: login name, $h: users home, $g: users primary group name +[main] +home_path = /backups/ftp/$u +simulate = no +limit_to_primary_group = yes +primary_group_name = ftpusers +minimum_users_count = 1 + +[home_existence] +check = yes +correct = yes + +[home_permissions] +check = yes +correct = yes +octal_permissions = 750 + +[home_owner] +check = yes +correct = yes +owner = $u + +[home_group] +check = yes +correct = yes +group = root + +[user_home] +check = yes +correct = yes +home_path = / + +[user_shell] +check = yes +correct = yes +shell = /usr/bin/ftponly diff --git a/config/grequalizer-sftp.conf b/config/grequalizer-sftp.conf new file mode 100644 index 0000000..10cc426 --- /dev/null +++ b/config/grequalizer-sftp.conf @@ -0,0 +1,47 @@ +# Variables: $u: login name, $h: users home, $g: users primary group name + +[main] +home_path = /backups/sftp/$u +simulate = no +limit_to_primary_group = yes +primary_group_name = sftpusers +minimum_users_count = 1 + +[home_existence] +check = yes +correct = yes + +#[home_permissions] +#check = yes +#correct = yes +#octal_permissions = 755 + +[home_owner] +check = yes +correct = yes +owner = root + +[home_group] +check = yes +correct = yes +group = root + +[user_home] +check = yes +correct = yes +home_path = /home + +[user_shell] +check = yes +correct = yes +shell = /usr/bin/rssh + +[home_files] +check = yes +correct = yes +file_list = /opt/grequalizer/conf/files_to_chroots.txt + +[home_binaries_with_libs] +check = yes +correct = yes +file_list = /opt/grequalizer/conf/binaries_to_chroots.txt diff --git a/config/rssh_append.conf b/config/rssh_append.conf new file mode 100644 index 0000000..fe92515 --- /dev/null +++ b/config/rssh_append.conf @@ -0,0 +1,3 @@ +allowscp +allowsftp +allowrsync diff --git a/config/sshd_append.conf b/config/sshd_append.conf new file mode 100644 index 0000000..3e1f927 --- /dev/null +++ b/config/sshd_append.conf @@ -0,0 +1,14 @@ +DenyGroups ftpusers + +Match group sftpusers + ChrootDirectory /backups/sftp/%u + AuthorizedKeysFile /backups/sftp/%u/%h/.ssh/authorized_keys + X11Forwarding no + AllowTcpForwarding no + +Match Group BCKviewer + ChrootDirectory /vhome/%u + AuthorizedKeysFile /vhome/%u/.ssh/authorized_keys + ForceCommand internal-sftp + AllowTcpForwarding no + X11Forwarding no diff --git a/config/sudo.conf b/config/sudo.conf new file mode 100644 index 0000000..8524a21 --- /dev/null +++ b/config/sudo.conf @@ -0,0 +1 @@ +%BCKadmin ALL=(root) /tools/adduserutil, /tools/deluserutil, /tools/aclutil, /tools/ez-aclutil diff --git a/config/vsftpd.conf b/config/vsftpd.conf new file mode 100644 index 0000000..7e549bd --- /dev/null +++ b/config/vsftpd.conf @@ -0,0 +1,25 @@ +listen=NO +listen_ipv6=YES +anonymous_enable=NO +local_enable=YES +write_enable=YES +dirmessage_enable=YES +use_localtime=YES +xferlog_enable=YES +connect_from_port_20=YES +chroot_local_user=YES +chroot_local_user=YES +secure_chroot_dir=/var/run/vsftpd/empty +allow_writeable_chroot=YES +pam_service_name=ftp +user_sub_token=$USER +local_root=/backups/ftp/$USER +userlist_enable=YES +userlist_file=/etc/vsftpd.user_list +userlist_deny=NO +pasv_min_port=30000 +pasv_max_port=31000 +#Certificate/SSL +rsa_cert_file=/etc/ssl/private/vsftpd.pem +rsa_private_key_file=/etc/ssl/private/vsftpd.pem +ssl_enable=yes diff --git a/setup.sh b/setup.sh new file mode 100644 index 0000000..a61a2e5 --- /dev/null +++ b/setup.sh @@ -0,0 +1,57 @@ +mrepo=https://git.ictmaatwerk.com/VPS-scripts/Backup-Util +mbranch=master + +#install needed packages +apt install rssh vsftpd -y + +#Setup groups +groupadd sftpusers +groupadd ftpusers +groupadd BCKviewer +groupadd BCKadmin + +#setup Folders +mkdir -p /backups/ftp/ +mkdir -p /backups/sftp/ +mkdir -p /vhome + +#setup tools +wget -q -t7 "$repo"/raw/branch/"$branch"/Tools/aclutil -O /tools/aclutil +wget -q -t7 "$repo"/raw/branch/"$branch"/Tools/adduserutil -O /tools/adduserutil +wget -q -t7 "$repo"/raw/branch/"$branch"/Tools/deluserutil -O /tools/deluserutil +wget -q -t7 "$repo"/raw/branch/"$branch"/Tools/ez-aclutil -O /tools/ez-aclutil +chmod 700 /tools/deluserutil +chmod 700 /tools/adduserutil +chmod 700 /tools/aclutil +chmod 700 /tools/ez-aclutil + +#SSH Config +sed -i -e '/Subsystem\ssftp/c\Subsystem sftp internal-sftp' sshd_config +curl --silent --show-error "$repo"/raw/branch/"$branch"/config/sshd_append.conf >>/etc/ssh/sshd_config + +#rssh Config +curl --silent --show-error "$repo"/raw/branch/"$branch"/config/rssh_append.conf >>/etc/rssh.conf + +#vsftp Config +openssl req -new -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem -subj "/C=NL/ST=Gelderland/L=Arnhem/O=ICT Maatwerk B.V./CN=$(hostname -f)" +wget -q -t7 "$repo"/raw/branch/"$branch"/config/vsftpd.conf -O /etc/vsftpd.conf + +#sudo Config +wget -q -t7 "$repo"/raw/branch/"$branch"/config/sudo.conf -O ~/ + +#Setup grequalizer +git clone https://github.com/lpirl/grequalizer.git /opt/grequalizer +mkdir /opt/grequalizer/conf/ +echo "/opt/grequalizer" > /opt/grequalizer/conf/files_to_chroots.txt +echo "/usr/bin/rsync" > /opt/grequalizer/conf/binaries_to_chroots.txt +echo "/usr/bin/rssh" >> /opt/grequalizer/conf/binaries_to_chroots.txt +wget -q -t7 "$repo"/raw/branch/"$branch"/config/grequalizer-sftp.conf -O /opt/grequalizer/conf/grequalizer-sftp.conf +wget -q -t7 "$repo"/raw/branch/"$branch"/config/grequalizer-ftp.conf -O /opt/grequalizer/conf/grequalizer-ftp.conf + +#UFW Config +##FTP +ufw allow 20:21/tcp +ufw allow 30000:31000/tcp +#SSH/SFTP +ufw limit 22/tcp +echo "y" | ufw limit > $OUTPUT 2>&1