diff --git a/AppendCMS.sh b/AppendCMS.sh index f930c62..003a060 100644 --- a/AppendCMS.sh +++ b/AppendCMS.sh @@ -4,9 +4,13 @@ if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi - source /etc/ICTM/selopts.list source /etc/ICTM/mainvar.list +if [ $webserv != nginx_nonphp ]; then + if [ ! -f "/etc/ICTM/phpvar.list" ] ; then echo 'Php var list missing,Please run /Scipts/GeneratePhplist from the repo ' && exit ; fi + source /etc/ICTM/phpvar.list +fi +if [ -f "/etc/ICTM/apachevar.list" ] ; then source /etc/ICTM/apachevar.list; fi rm /tmp/pkg.list > $OUTPUT 2>&1 source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/ModulesMenu.list) @@ -196,8 +200,8 @@ fi # Installer # ##-------------## -$PKGM update -sed -i 's/PHPver/'$phpver'/g' /tmp/pkg.list +$PKGUC +sed -i 's/PHPprefix/'$phpPkgName'/g' /tmp/pkg.list cat /tmp/pkg.list | xargs $PKGI @@ -274,4 +278,4 @@ systemctl reload fail2ban ##-------## msg " Added CMS!" -for f in /etc/update-motd.d/51*; do bash $f; done \ No newline at end of file +if stat --printf='' /etc/update-motd.d/51* 2>/dev/null; then for f in /etc/update-motd.d/51*; do bash $f; done; fi \ No newline at end of file diff --git a/AppendModule.sh b/AppendModule.sh index c011fe6..f06e4b3 100644 --- a/AppendModule.sh +++ b/AppendModule.sh @@ -4,13 +4,17 @@ if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi - ##-----------------## # Fetching Vars # ##-----------------## source /etc/ICTM/selopts.list source /etc/ICTM/mainvar.list +if [ $webserv != nginx_nonphp ]; then + if [ ! -f "/etc/ICTM/phpvar.list" ] ; then echo 'Php var list missing,Please run /Scipts/GeneratePhplist from the repo ' && exit ; fi + source /etc/ICTM/phpvar.list +fi +if [ -f "/etc/ICTM/apachevar.list" ] ; then source /etc/ICTM/apachevar.list; fi rm /tmp/pkg.list source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/ModulesMenu.list) @@ -227,8 +231,8 @@ done # Installer # ##-------------## -$PKGM update -sed -i 's/PHPver/'$phpver'/g' /tmp/pkg.list +$PKGUC +sed -i 's/PHPprefix/'$phpPkgName'/g' /tmp/pkg.list cat /tmp/pkg.list | xargs $PKGI @@ -267,4 +271,4 @@ done ##-------## msg " Added Module!" -for f in /etc/update-motd.d/51*; do bash $f; done \ No newline at end of file +if stat --printf='' /etc/update-motd.d/51* 2>/dev/null; then for f in /etc/update-motd.d/51*; do bash $f; done; fi \ No newline at end of file diff --git a/CMS/Backend/Fpm-Pool.conf-unconfigured b/CMS/Backend/Fpm-Pool.conf-unconfigured index e9ce072..1fbe55b 100644 --- a/CMS/Backend/Fpm-Pool.conf-unconfigured +++ b/CMS/Backend/Fpm-Pool.conf-unconfigured @@ -12,8 +12,8 @@ php_admin_value[post_max_size] = 16M php_admin_value[max_input_time] = 15 php_admin_value[cgi.fix_pathinfo] = 0 php_admin_value[allow_url_fopen] = Off -php_admin_value[file_uploads] = Off -php_admin_value[open_basedir] = /var/log/PhpMyAdmin:/usr/share/phpmyadmin:/var/lib/phpmyadmin:/etc/phpmyadmin +php_admin_value[file_uploads] = On +php_admin_value[open_basedir] = /var/log/PhpMyAdmin:/usr/share/phpmyadmin:/var/lib/phpmyadmin:/etc/phpmyadmin:/tmp php_admin_value[session.use_strict_mode] = 1 php_admin_value[session.cookie_httponly] = 1 ;HTTPSONLY php_admin_value[session.cookie_samesite] = Strict diff --git a/CMS/Backend/apache-conf.sh b/CMS/Backend/apache-conf.sh index f458397..fa9a2a6 100644 --- a/CMS/Backend/apache-conf.sh +++ b/CMS/Backend/apache-conf.sh @@ -1,4 +1,4 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/Backend/apache-siteBackend-unconfigured -o /tmp/apache-siteconf sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$hostname'/g' /tmp/apache-siteconf -sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/Backend_"$siteBackend_ext".conf -systemctl reload apache2 \ No newline at end of file +sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' "$apacheConfDir"/sites-available/Backend_"$siteBackend_ext".conf +systemctl reload $apacheService \ No newline at end of file diff --git a/CMS/Backend/conf.sh b/CMS/Backend/conf.sh index 0276957..10662aa 100644 --- a/CMS/Backend/conf.sh +++ b/CMS/Backend/conf.sh @@ -1,6 +1,6 @@ #Backend PHP Pool -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/Backend/Fpm-Pool.conf-unconfigured -o /etc/php/"$phpver"/fpm/pool.d/Backend.conf -sed -i 's/PHPver/'$phpver'/' /etc/php/"$phpver"/fpm/pool.d/Backend.conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/Backend/Fpm-Pool.conf-unconfigured -o "$phpPoolDir"/Backend.conf +sed -i 's/PHPver/'$phpver'/' "$phpPoolDir"/Backend.conf groupadd Backend useradd -g Backend Backend #PHPMyAdmin configuration @@ -8,7 +8,7 @@ touch /var/log/PhpMyAdmin/PhpMyAdmin_auth.log chown Backend:Backend -R /usr/share/phpmyadmin chown Backend:Backend -R /var/lib/phpmyadmin/tmp chown Backend:Backend -R /var/log/PhpMyAdmin -systemctl reload php"$phpver"-fpm +systemctl reload "$phpFPMService" #Auto disable backends at night echo "0 0 * * * root bash /opt/toggle/toggle-Netdata.sh -d > >/dev/null 2>&1" >> /etc/cron.d/autodisablebackend echo "0 0 * * * root bash /opt/toggle/toggle-PhpMyAdmin.sh -d > >/dev/null 2>&1" >> /etc/cron.d/autodisablebackend \ No newline at end of file diff --git a/CMS/nextcloud/Fpm-Pool.conf-unconfigured b/CMS/nextcloud/Fpm-Pool.conf-unconfigured index 2f1da3e..df062c8 100644 --- a/CMS/nextcloud/Fpm-Pool.conf-unconfigured +++ b/CMS/nextcloud/Fpm-Pool.conf-unconfigured @@ -4,7 +4,7 @@ group = SITEname listen = /var/run/php/phpPHPver-fpm-SITEname.sock listen.owner = www-data listen.group = www-data -php_admin_value[disable_functions] = exec,passthru,shell_exec,system +php_admin_value[disable_functions] = exec,passthru,system php_admin_value[error_log] = /var/log/php-fpm/error-SITEname.log ; OPCACHE SETTINGS php_admin_value[opcache.memory_consumption] = 256 diff --git a/CMS/nextcloud/apache-conf.sh b/CMS/nextcloud/apache-conf.sh index 6329e1b..71b7636 100644 --- a/CMS/nextcloud/apache-conf.sh +++ b/CMS/nextcloud/apache-conf.sh @@ -1,11 +1,11 @@ #Apache curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/Apache-unconfigured -o /tmp/apache-siteconf sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/apache-siteconf -sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/"$sitename"_"$site_ext".conf +sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' "$apacheConfDir"/sites-available/"$sitename"_"$site_ext".conf chown "$sitename":"$sitename" -R /var/www/"$domain"/html #PHP -sed -i -e '/cgi.fix_pathinfo/c\php_admin_value[cgi.fix_pathinfo] = 1' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf -sed -i -e '/security.limit_extensions/c\php_admin_value[security.limit_extensions] = .php' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf +sed -i -e '/cgi.fix_pathinfo/c\php_admin_value[cgi.fix_pathinfo] = 1' "$phpPoolDir"/$sitename.conf +sed -i -e '/security.limit_extensions/c\php_admin_value[security.limit_extensions] = .php' "$phpPoolDir"/$sitename.conf -systemctl reload apache2 php$phpver-fpm \ No newline at end of file +systemctl reload $apacheService $phpFPMService \ No newline at end of file diff --git a/CMS/nextcloud/apt.pkg.list b/CMS/nextcloud/apt.pkg.list new file mode 100644 index 0000000..a5c27f9 --- /dev/null +++ b/CMS/nextcloud/apt.pkg.list @@ -0,0 +1 @@ +libmagickcore-6.q16-3-extra zlib1g libpng-dev \ No newline at end of file diff --git a/CMS/nextcloud/conf.sh b/CMS/nextcloud/conf.sh index ef9ae54..25db50e 100644 --- a/CMS/nextcloud/conf.sh +++ b/CMS/nextcloud/conf.sh @@ -1,6 +1,6 @@ #PHP Pool -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/Fpm-Pool.conf-unconfigured -o /etc/php/"$phpver"/fpm/pool.d/"$sitename".conf -sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/g' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/Fpm-Pool.conf-unconfigured -o "$phpPoolDir"/"$sitename".conf +sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/g' "$phpPoolDir"/$sitename.conf groupadd "$sitename" useradd -g "$sitename" "$sitename" mkdir -p /var/www/"$domain"/html/data @@ -15,7 +15,7 @@ touch /var/www/"$domain"/html/data/nextcloud.log > $OUTPUT 2>&1 db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1` db_name="nextcloud_$db_suffix" db_user="nextcloud_$db_suffix" -db_pass=$(date +%s|sha256sum|base64|head -c 32) +db_pass=$(tr -dc 'A-Za-z0-9!#%()*+,-.:;<=>?@[]^_{|}~' $OUTPUT 2>&1 mysql -u root -p"$password" -e "CREATE USER '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" > $OUTPUT 2>&1 mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost';" > $OUTPUT 2>&1 @@ -36,8 +36,16 @@ cat < /var/www/$domain/html/config/autoconfig.php ); EOF +#Setting Permsissions chown "$sitename":"$sitename" -R /var/www/"$domain"/html +if [ "$shortdist" = "el8" ]; then + #Setting SeLiux perms for centos + semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1 + restorecon -vr /var/www/ > $OUTPUT 2>&1 +fi + + #Makeing nextcloud Finalize script and setting login Notice curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/nextcloud-init.sh -o ~/NextcloudInit-"$sitename".sh sed -i -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' ~/NextcloudInit-"$sitename".sh @@ -46,13 +54,8 @@ sed -i -e 's/SITEname/'$sitename'/' /etc/update-motd.d/51-nextnotice-"${sitename chmod +x /etc/update-motd.d/51-nextnotice-"${sitename//_}" -#Nextcloud logging location -mkdir /var/log/nextcloud -chmod 774 -R /var/log/nextcloud -ln -s /var/www/"$domain"/html/data/nextcloud.log /var/log/nextcloud/"$sitename" - #fail2ban curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/nextcloud_unconfigured -o /etc/fail2ban/jail.d/"$sitename"-nextcloud.local -sed -i 's/SITEname/'$sitename'/' /etc/fail2ban/jail.d/"$sitename"-nextcloud.local +sed -i 's/DOMain/'$domain'/' /etc/fail2ban/jail.d/"$sitename"-nextcloud.local -systemctl reload php"$phpver"-fpm \ No newline at end of file +systemctl reload "$phpFPMService" \ No newline at end of file diff --git a/CMS/nextcloud/dnf.pkg.list b/CMS/nextcloud/dnf.pkg.list new file mode 100644 index 0000000..af17788 --- /dev/null +++ b/CMS/nextcloud/dnf.pkg.list @@ -0,0 +1 @@ +ImageMagick-libs zlib libpng \ No newline at end of file diff --git a/CMS/nextcloud/generic.pkg.list b/CMS/nextcloud/generic.pkg.list index 446a15e..e76b160 100644 --- a/CMS/nextcloud/generic.pkg.list +++ b/CMS/nextcloud/generic.pkg.list @@ -1 +1 @@ -libmagickcore-6.q16-3-extra libxml2 openssl zlib1g libpng-dev phpPHPver-bcmath phpPHPver-gmp \ No newline at end of file +libxml2 openssl PHPprefix-bcmath PHPprefix-gmp bzip2 \ No newline at end of file diff --git a/CMS/nextcloud/nextcloud-init.sh b/CMS/nextcloud/nextcloud-init.sh index 3306207..d74e693 100644 --- a/CMS/nextcloud/nextcloud-init.sh +++ b/CMS/nextcloud/nextcloud-init.sh @@ -7,13 +7,13 @@ sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set default_loca sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set skeletondirectory --value= sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.local --value='\OC\Memcache\APCu' -if [ "$(systemctl is-active redis-server)" = "active" ]; then +if [ "$(systemctl is-active redis-server)" = "active" ] || [ "$(systemctl is-active redis)" = "active" ]; then sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.distributed --value='\OC\Memcache\Redis' sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.locking --value='\OC\Memcache\Redis' sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set redis host --value=localhost sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set redis port --value=6379 else - echo "Redis not installed or running on this system" + echo "Redis running on this system" fi echo "*/5 * * * * SITEname php -f /var/www/DOMAINname/html/cron.php > /dev/null 2>&1" >> /etc/crontab diff --git a/CMS/none/apache-conf.sh b/CMS/none/apache-conf.sh index 61e695e..13a4a09 100644 --- a/CMS/none/apache-conf.sh +++ b/CMS/none/apache-conf.sh @@ -1,9 +1,5 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Apache-unconfigured -o /tmp/apache-siteconf sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/apache-siteconf -sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/"$sitename"_"$site_ext".conf -mkdir -p /var/www/"$domain"/html +sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' "$apacheConfDir"/sites-available/"$sitename"_"$site_ext".conf -echo "$webserv has been succsefully installed by the Wizard" > /var/www/$domain/html/index.html - -chown "$sitename":"$sitename" -R /var/www/"$domain"/html -systemctl reload apache2 \ No newline at end of file +systemctl reload $apacheService \ No newline at end of file diff --git a/CMS/none/conf.sh b/CMS/none/conf.sh index 957b6ff..650461a 100644 --- a/CMS/none/conf.sh +++ b/CMS/none/conf.sh @@ -1,12 +1,26 @@ +#Creating webfolder +mkdir -p /var/www/"$domain"/html + +#Ceating content +echo "$webserv has been succsefully installed by the Wizard" > /var/www/$domain/html/index.html + #Do not generate php pool when php is not installed if [ $webserv != nginx_nonphp ]; then #Setup PHP Pool -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Fpm-Pool.conf-unconfigured -o /etc/php/"$phpver"/fpm/pool.d/"$sitename".conf -sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Fpm-Pool.conf-unconfigured -o "$phpPoolDir"/"$sitename".conf +sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/' "$phpPoolDir"/$sitename.conf groupadd "$sitename" useradd -g "$sitename" "$sitename" -systemctl reload php"$phpver"-fpm +systemctl reload $phpFPMService +#Setting Permsissions +chown "$sitename":"$sitename" -R /var/www/"$domain"/html +fi + +if [ "$shortdist" = "el8" ]; then + #Setting SeLiux perms for centos + semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1 + restorecon -vr /var/www/ > $OUTPUT 2>&1 fi \ No newline at end of file diff --git a/CMS/none/nginx-conf.sh b/CMS/none/nginx-conf.sh index b842221..9cbedd3 100644 --- a/CMS/none/nginx-conf.sh +++ b/CMS/none/nginx-conf.sh @@ -1,9 +1,5 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Nginx-unconfigured -o /tmp/nginx-siteconf sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/nginx-siteconf sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext" -mkdir -p /var/www/"$domain"/html -echo "$webserv has been succsefully installed by the Wizard" > /var/www/$domain/html/index.html - -chown "$sitename":"$sitename" -R /var/www/"$domain"/html systemctl reload nginx \ No newline at end of file diff --git a/CMS/none/nginx_nonphp-conf.sh b/CMS/none/nginx_nonphp-conf.sh index c14ed20..a851b87 100644 --- a/CMS/none/nginx_nonphp-conf.sh +++ b/CMS/none/nginx_nonphp-conf.sh @@ -1,9 +1,5 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Nginx_nonphp-unconfigured -o /tmp/nginx-siteconf sed -i -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/nginx-siteconf sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext" -mkdir -p /var/www/"$domain"/html -echo "$webserv has been succsefully installed by the Wizard" > /var/www/$domain/html/index.html - -chown www-data:www-data -R /var/www/"$domain"/html systemctl reload nginx \ No newline at end of file diff --git a/CMS/wordpress/apache-conf.sh b/CMS/wordpress/apache-conf.sh index a24ea1f..9b254da 100644 --- a/CMS/wordpress/apache-conf.sh +++ b/CMS/wordpress/apache-conf.sh @@ -1,6 +1,6 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/Apache-unconfigured -o /tmp/apache-siteconf sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/apache-siteconf -sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/"$sitename"_"$site_ext".conf +sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' "$apacheConfDir"/sites-available/"$sitename"_"$site_ext".conf chown "$sitename":"$sitename" -R /var/www/"$domain"/html -systemctl reload apache2 php$phpver-fpm \ No newline at end of file +systemctl reload $apacheService $phpFPMService \ No newline at end of file diff --git a/CMS/wordpress/conf.sh b/CMS/wordpress/conf.sh index cddbe0e..7860d73 100644 --- a/CMS/wordpress/conf.sh +++ b/CMS/wordpress/conf.sh @@ -9,7 +9,7 @@ fi db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1` db_name="wp_$db_suffix" db_user="wp_$db_suffix" -db_pass=$(date +%s|sha256sum|base64|head -c 32) +db_pass=$(tr -dc 'A-Za-z0-9!#%()*+,-.:;<=>?@[]^_{|}~' > /var/www/"$domain"/html/wp-config.php printf '%s\n' "require_once(ABSPATH . 'wp-settings.php');" >> /var/www/"$domain"/html/wp-config.php #PHP Pool -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/Fpm-Pool.conf-unconfigured -o /etc/php/"$phpver"/fpm/pool.d/"$sitename".conf -sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/g' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/Fpm-Pool.conf-unconfigured -o "$phpPoolDir"/"$sitename".conf +sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/g' "$phpPoolDir"/$sitename.conf groupadd "$sitename" useradd -g "$sitename" "$sitename" -systemctl reload php"$phpver"-fpm +systemctl reload $phpFPMService #fail2ban if [ ! -f /etc/fail2ban/jail.d/wordpress-syslog.local ]; then curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/wordpress-syslog.jail -o /etc/fail2ban/jail.d/wordpress-syslog.local + if [ "$shortdist" = "el8" ]; then + sed -i '/logpath/c\logpath = /var/log/messages' /etc/fail2ban/jail.d/wordpress-syslog.local + fi fi #Setting Permsissions chown "$sitename":"$sitename" -R /var/www/"$domain"/html +if [ "$shortdist" = "el8" ]; then + #Setting SeLiux perms for centos + semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1 + restorecon -vr /var/www/ > $OUTPUT 2>&1 +fi + #Makeing wordpress Finalize script and setting login Notice curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/wordpress-init.sh -o ~/WordpressInit-"$sitename".sh sed -i -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' ~/WordpressInit-"$sitename".sh diff --git a/CMS/wordpress/nginx-conf.sh b/CMS/wordpress/nginx-conf.sh index 2ba0b4b..06d7e0a 100644 --- a/CMS/wordpress/nginx-conf.sh +++ b/CMS/wordpress/nginx-conf.sh @@ -4,4 +4,4 @@ sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$ sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext" #Reloading Services -systemctl reload nginx php$phpver-fpm \ No newline at end of file +systemctl reload nginx $phpFPMService \ No newline at end of file diff --git a/CMS/wordpress/wordpress-init.sh b/CMS/wordpress/wordpress-init.sh index db549f5..291d75f 100644 --- a/CMS/wordpress/wordpress-init.sh +++ b/CMS/wordpress/wordpress-init.sh @@ -1,10 +1,10 @@ -sudo -u SITEname wp --path=/var/www/DOMAINname/html core update -sudo -u SITEname wp --path=/var/www/DOMAINname/html theme update --all -sudo -u SITEname wp --path=/var/www/DOMAINname/html plugin install wp-fail2ban --activate -sudo -u SITEname wp --path=/var/www/DOMAINname/html plugin install all-in-one-wp-migration --activate -sudo -u SITEname wp --path=/var/www/DOMAINname/html plugin install https://git.ictmaatwerk.com/downloads/wp/migrate.zip --activate -sudo -u SITEname wp --path=/var/www/DOMAINname/html cron event run wp_update_plugins -sudo -u SITEname wp --path=/var/www/DOMAINname/html plugin update --all +sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html core update +sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html theme update --all +sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html plugin install wp-fail2ban --activate +sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html plugin install all-in-one-wp-migration --activate +sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html plugin install https://git.ictmaatwerk.com/downloads/wp/migrate.zip --activate +sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html cron event run wp_update_plugins +sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html plugin update --all echo -e "\e[96m Please update all-in-one-wp-migration-unlimited plugin manually\e[39m" sn2=SITEname rm -f /etc/update-motd.d/51-wpnotice-${sn2//_} diff --git a/CoreModules/apache/appendCMS-conf.sh b/CoreModules/apache/appendCMS-conf.sh index 0931e53..79ddbe7 100644 --- a/CoreModules/apache/appendCMS-conf.sh +++ b/CoreModules/apache/appendCMS-conf.sh @@ -4,19 +4,19 @@ if [ $domainwww = 1 ]; then #non-ssl - curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-wwwredir >> /etc/apache2/sites-available/"$sitename"_nossl.conf - echo "" >> /etc/apache2/sites-available/"$sitename"_nossl.conf + curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-wwwredir >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf + echo "" >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf #ssl - curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-wwwredir >> /etc/apache2/sites-available/"$sitename"_ssl.conf - echo "" >> /etc/apache2/sites-available/"$sitename"_ssl.conf + curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-wwwredir >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf + echo "" >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf fi #non-ssl -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> /etc/apache2/sites-available/"$sitename"_nossl.conf -sed -i -e 's/DOMAINname/'$domain'/g' /etc/apache2/sites-available/"$sitename"_nossl.conf -ln -s /etc/apache2/sites-available/"$sitename"_nossl.conf /etc/apache2/sites-enabled/010-"$sitename".conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf +sed -i -e 's/DOMAINname/'$domain'/g' "$apacheConfDir"/sites-available/"$sitename"_nossl.conf +ln -s "$apacheConfDir"/sites-available/"$sitename"_nossl.conf "$apacheConfDir"/sites-enabled/010-"$sitename".conf #ssl -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> /etc/apache2/sites-available/"$sitename"_ssl.conf -sed -i -e 's/DOMAINname/'$domain'/g' /etc/apache2/sites-available/"$sitename"_ssl.conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf +sed -i -e 's/DOMAINname/'$domain'/g' "$apacheConfDir"/sites-available/"$sitename"_ssl.conf -systemctl reload apache2 \ No newline at end of file +systemctl reload $apacheService \ No newline at end of file diff --git a/CoreModules/apache/generic.pkg.list b/CoreModules/apache/apt.pkg.list similarity index 100% rename from CoreModules/apache/generic.pkg.list rename to CoreModules/apache/apt.pkg.list diff --git a/CoreModules/apache/conf.sh b/CoreModules/apache/conf.sh index 0476782..a46ec9b 100644 --- a/CoreModules/apache/conf.sh +++ b/CoreModules/apache/conf.sh @@ -1,54 +1,69 @@ -systemctl stop apache2 > $OUTPUT 2>&1 +systemctl stop $apacheService > $OUTPUT 2>&1 ############## # Apache # ############## -a2dissite 000-default > $OUTPUT 2>&1 -a2dismod mpm_prefork > $OUTPUT 2>&1 -a2enmod actions fcgid alias proxy_fcgi ssl headers http2 setenvif socache_shmcb > $OUTPUT 2>&1 +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then + a2dissite 000-default > $OUTPUT 2>&1 + a2dismod mpm_prefork > $OUTPUT 2>&1 + a2enmod actions fcgid alias proxy_fcgi ssl headers http2 setenvif socache_shmcb > $OUTPUT 2>&1 + mkdir -p "$apacheConfDir"/snippets/ +elif [ "$shortdist" = "el8" ]; then + echo 'IncludeOptional conf-enabled/*.conf' >>/etc/httpd/conf/httpd.conf + echo 'IncludeOptional sites-enabled/*.conf' >>/etc/httpd/conf/httpd.conf + sed -i -e '/User apache/c\User www-data' -e '/Group apache/c\Group www-data' /etc/httpd/conf/httpd.conf + sed -i 's/^/#/g' /etc/httpd/conf.d/welcome.conf + #Creating directories + mkdir -p /etc/httpd/{sites-available,sites-enabled,conf-enabled,conf-available,snippets} + #getting aditional apache config for centos + curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/conf-httpd-custom.conf -o "$apacheConfDir"/conf-enabled/zzz-Httpd-custom.conf +fi -mkdir -p /etc/apache2/snippets/ -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/snippets-ssl.conf -o /etc/apache2/snippets/apa-ssl.conf -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/snippets-backendredir.conf -o /etc/apache2/snippets/apa-backendredir.conf -sed -i -e 's/HOSTname/'$hostname'/' /etc/apache2/snippets/apa-backendredir.conf -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/conf-custom.conf -o /etc/apache2/conf-enabled/zzz-custom.conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/snippets-ssl.conf -o "$apacheConfDir"/snippets/apa-ssl.conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/snippets-backendredir.conf -o "$apacheConfDir"/snippets/apa-backendredir.conf +sed -i -e 's/HOSTname/'$hostname'/' "$apacheConfDir"/snippets/apa-backendredir.conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/conf-custom.conf -o "$apacheConfDir"/conf-enabled/zzz-custom.conf #Catch all (ip and unconfigured domains) -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_CatchAll -o /etc/apache2/sites-available/CatchAll.conf -ln -s /etc/apache2/sites-available/CatchAll.conf /etc/apache2/sites-enabled/999-CatchAll.conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_CatchAll -o "$apacheConfDir"/sites-available/CatchAll.conf +ln -s "$apacheConfDir"/sites-available/CatchAll.conf "$apacheConfDir"/sites-enabled/999-CatchAll.conf if [ $domainwww = 1 ]; then #non-ssl - curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-wwwredir >> /etc/apache2/sites-available/"$sitename"_nossl.conf - echo "" >> /etc/apache2/sites-available/"$sitename"_nossl.conf + curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-wwwredir >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf + echo "" >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf #ssl - curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-wwwredir >> /etc/apache2/sites-available/"$sitename"_ssl.conf - echo "" >> /etc/apache2/sites-available/"$sitename"_ssl.conf + curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-wwwredir >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf + echo "" >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf fi #non-ssl -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> /etc/apache2/sites-available/"$sitename"_nossl.conf -sed -i -e 's/DOMAINname/'$domain'/g' /etc/apache2/sites-available/"$sitename"_nossl.conf -ln -s /etc/apache2/sites-available/"$sitename"_nossl.conf /etc/apache2/sites-enabled/010-"$sitename".conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf +sed -i -e 's/DOMAINname/'$domain'/g' "$apacheConfDir"/sites-available/"$sitename"_nossl.conf +ln -s "$apacheConfDir"/sites-available/"$sitename"_nossl.conf "$apacheConfDir"/sites-enabled/010-"$sitename".conf #ssl -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> /etc/apache2/sites-available/"$sitename"_ssl.conf -sed -i -e 's/DOMAINname/'$domain'/g' /etc/apache2/sites-available/"$sitename"_ssl.conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf +sed -i -e 's/DOMAINname/'$domain'/g' "$apacheConfDir"/sites-available/"$sitename"_ssl.conf #non-ssl-Backend -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> /etc/apache2/sites-available/Backend_nossl.conf -sed -i -e 's/DOMAINname/'$hostname'/g' /etc/apache2/sites-available/Backend_nossl.conf -ln -s /etc/apache2/sites-available/Backend_nossl.conf /etc/apache2/sites-enabled/010-Backend.conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> "$apacheConfDir"/sites-available/Backend_nossl.conf +sed -i -e 's/DOMAINname/'$hostname'/g' "$apacheConfDir"/sites-available/Backend_nossl.conf +ln -s "$apacheConfDir"/sites-available/Backend_nossl.conf "$apacheConfDir"/sites-enabled/010-Backend.conf #ssl-Backend -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> /etc/apache2/sites-available/Backend_ssl.conf -sed -i -e 's/DOMAINname/'$hostname'/g' /etc/apache2/sites-available/Backend_ssl.conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> "$apacheConfDir"/sites-available/Backend_ssl.conf +sed -i -e 's/DOMAINname/'$hostname'/g' "$apacheConfDir"/sites-available/Backend_ssl.conf mkdir -p /opt/toggle curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-PhpMyAdmin_APACHE.sh -o /opt/toggle/toggle-PhpMyAdmin.sh +sed -i -e 's/APASRV/'$apacheService'/' -e 's#APADIR#'$apacheConfDir'#' /opt/toggle/toggle-PhpMyAdmin.sh + + # custom Welcome page echo "$webserv is functioning normally" > /var/www/html/index.html -systemctl start apache2 > $OUTPUT 2>&1 \ No newline at end of file +systemctl start $apacheService > $OUTPUT 2>&1 +systemctl enable $apacheService > $OUTPUT 2>&1 \ No newline at end of file diff --git a/CoreModules/apache/config/apache2/conf-httpd-custom.conf b/CoreModules/apache/config/apache2/conf-httpd-custom.conf new file mode 100644 index 0000000..62f8019 --- /dev/null +++ b/CoreModules/apache/config/apache2/conf-httpd-custom.conf @@ -0,0 +1 @@ +Define APACHE_LOG_DIR /var/log/httpd \ No newline at end of file diff --git a/CoreModules/apache/dnf.pkg.list b/CoreModules/apache/dnf.pkg.list new file mode 100644 index 0000000..aada559 --- /dev/null +++ b/CoreModules/apache/dnf.pkg.list @@ -0,0 +1 @@ +httpd mod_fcgid mod_ssl \ No newline at end of file diff --git a/CoreModules/apache/preconf.sh b/CoreModules/apache/preconf.sh index a4bbb1b..87a4508 100644 --- a/CoreModules/apache/preconf.sh +++ b/CoreModules/apache/preconf.sh @@ -1 +1,17 @@ +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then +# Debian/Ubunbtu apache variables + apacheConfDir=/etc/apache2 + apacheService=apache2 + +elif [ "$shortdist" = "el8" ]; then +# Centos Php variable + apacheConfDir=/etc/httpd + apacheService=httpd +fi + +#Storing vars to config +for storeme in apacheService apacheConfDir; do + declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/apachevar.list +done + curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=apache osrel=$shortdist bash > $OUTPUT 2>&1 > $OUTPUT 2>&1 \ No newline at end of file diff --git a/CoreModules/apache/ssl-handler.sh b/CoreModules/apache/ssl-handler.sh index 523d267..f6c0886 100644 --- a/CoreModules/apache/ssl-handler.sh +++ b/CoreModules/apache/ssl-handler.sh @@ -1,9 +1,9 @@ -rm /etc/apache2/sites-enabled/010-"$sitename".conf -ln -s /etc/apache2/sites-available/"$sitename"_"$site_ext".conf /etc/apache2/sites-enabled/010-"$sitename".conf +rm "$apacheConfDir"/sites-enabled/010-"$sitename".conf +ln -s "$apacheConfDir"/sites-available/"$sitename"_"$site_ext".conf "$apacheConfDir"/sites-enabled/010-"$sitename".conf if [ -n "$sslfr" ]; then -rm /etc/apache2/sites-enabled/010-Backend.conf -ln -s /etc/apache2/sites-available/Backend_"$siteBackend_ext".conf /etc/apache2/sites-enabled/010-Backend.conf +rm "$apacheConfDir"/sites-enabled/010-Backend.conf +ln -s "$apacheConfDir"/sites-available/Backend_"$siteBackend_ext".conf "$apacheConfDir"/sites-enabled/010-Backend.conf fi -systemctl reload apache2 +systemctl reload $apacheService diff --git a/CoreModules/generic/conf.sh b/CoreModules/generic/conf.sh index c0dd3f9..e4a84ab 100644 --- a/CoreModules/generic/conf.sh +++ b/CoreModules/generic/conf.sh @@ -1,7 +1,26 @@ +##----------## +# Centos # +##----------## +if [ "$shortdist" = "el8" ]; then + #SeLinux + semanage port -a -t ssh_port_t -p tcp 4242 + systemctl enable ufw > $OUTPUT 2>&1 + #Motd + mkdir /etc/update-motd.d + echo 'if stat --printf="" /etc/update-motd.d/51* 2>/dev/null; then for f in /etc/update-motd.d/51*; do bash $f; done; fi' >> /etc/profile +fi + ##-------## # UFW # ##-------## +if [ "$shortdist" = "el8" ]; then + sed -i -e '/tuple/d' -e '/dapp/d' /usr/share/ufw/iptables/user.rules + sed -i -e '/tuple/d' -e '/dapp/d' /usr/share/ufw/iptables/user6.rules + echo "y" | ufw reset > $OUTPUT 2>&1 + systemctl enable ufw > $OUTPUT 2>&1 +fi + sed -i '/IPV6=/c\IPV6=yes' /etc/default/ufw ufw default deny incoming > $OUTPUT 2>&1 ufw default allow outgoing > $OUTPUT 2>&1 @@ -23,6 +42,18 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fai curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-hard.conf -o /etc/fail2ban/filter.d/wordpress-hard.local curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-soft.conf -o /etc/fail2ban/filter.d/wordpress-soft.local +if [ "$shortdist" = "el8" ]; then + curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/action.d/ufw.conf -o /etc/fail2ban/action.d/ufw.conf + curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/selinux/policies/fail2ban-allowhttpd.te -o /tmp/fail2ban-allowhttpd.te + checkmodule -M -m -o /tmp/fail2ban-allowhttpd.mod /tmp/fail2ban-allowhttpd.te + semodule_package -o /tmp/fail2ban-allowhttpd.pp -m /tmp/fail2ban-allowhttpd.mod + semodule -i /tmp/fail2ban-allowhttpd.pp +fi + +#Start fail2ban service +systemctl start fail2ban +systemctl enable fail2ban + #General jails rm /etc/fail2ban/jail.d/* curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/sshd.jail -o /etc/fail2ban/jail.d/sshd.local diff --git a/CoreModules/generic/dnf.pkg.list b/CoreModules/generic/dnf.pkg.list index 0afbab6..baf282a 100644 --- a/CoreModules/generic/dnf.pkg.list +++ b/CoreModules/generic/dnf.pkg.list @@ -1 +1 @@ -cronie \ No newline at end of file +cronie policycoreutils-python-utils \ No newline at end of file diff --git a/CoreModules/generic/generic.pkg.list b/CoreModules/generic/generic.pkg.list index b472c47..4e49d5a 100644 --- a/CoreModules/generic/generic.pkg.list +++ b/CoreModules/generic/generic.pkg.list @@ -1 +1 @@ -htop ufw nload fail2ban sudo bash-completion \ No newline at end of file +nano htop ufw nload fail2ban sudo bash-completion \ No newline at end of file diff --git a/CoreModules/generic/preconf.sh b/CoreModules/generic/preconf.sh index 10d1add..24fc427 100644 --- a/CoreModules/generic/preconf.sh +++ b/CoreModules/generic/preconf.sh @@ -1,24 +1,78 @@ +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then +######################## +# Debian/Ubunbtu # +######################## + ##--------------## + # Repositories # + ##--------------## + + curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=universe osrel=$shortdist bash > $OUTPUT 2>&1 + ##------------## + # System # + ##------------## + + sed -i -e '/XKBLAYOUT=/c\XKBLAYOUT=us' -e '/XKBVARIANT=/c\XKBVARIANT="intl"' /etc/default/keyboard > $OUTPUT 2>&1 + + + ##-------------## + # Updates # + ##-------------## + + debconf-set-selections <<< 'libssl1.1:amd64 libraries/restart-without-asking boolean true' + $PKGUC + $PKGUP + + + ##-------------## + # Postfix # + ##-------------## + + #Checking if postfix exists on this system and if so it wil be removed to prevent config conflicts + if dpkg-query -Wf'${db:Status-abbrev}' postfix 2>/dev/null | grep -q '^i'; then apt purge -y postfix > $OUTPUT 2>&1; fi + + +elif [ "$shortdist" = "el8" ]; then +################ +# Centos # +################ + ##--------------## + # Repositories # + ##--------------## + + curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=epel osrel=$shortdist bash > $OUTPUT 2>&1 + + ##------------## + # System # + ##------------## + + localectl set-keymap us > $OUTPUT 2>&1 + useradd -r -U -s /usr/sbin/nologin -d /var/www www-data > $OUTPUT 2>&1 + systemctl disable firewalld --now > $OUTPUT 2>&1 + + ##-------------## + # Postfix # + ##-------------## + + if dnf list installed postfix >/dev/null 2>&1; then dnf remove postfix -y; fi + +fi + + +################# +# General # +################# ##-----------------------## # Prerequisite packages # ##-----------------------## curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=init osrel=$shortdist bash > $OUTPUT 2>&1 + ##--------------## # Repositories # ##--------------## - -curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=universe osrel=$shortdist bash > $OUTPUT 2>&1 curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=php osrel=$shortdist bash > $OUTPUT 2>&1 -##-------------## -# Updates # -##-------------## - -debconf-set-selections <<< 'libssl1.1:amd64 libraries/restart-without-asking boolean true' -$PKGM update -$PKGM upgrade -y - ##------------## # System # @@ -30,12 +84,6 @@ timedatectl set-timezone Europe/Amsterdam > $OUTPUT 2>&1 sed -i -e '/Port 22/c\Port 4242' -e 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config > $OUTPUT 2>&1 -if [ "$osrel" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb10" ] ; then - sed -i -e '/XKBLAYOUT=/c\XKBLAYOUT=us' -e '/XKBVARIANT=/c\XKBVARIANT="intl"' /etc/default/keyboard > $OUTPUT 2>&1 -elif [ "$osrel" = "cent8" ]; then - localectl set-keymap us-int -fi - ##----------## # Swap # ##----------## @@ -51,12 +99,3 @@ else fi echo "vm.swappiness=10" >> /etc/sysctl.conf echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf - - -##-------------## -# Postfix # -##-------------## - -#Checking if postfix exists on this system and if so it wil be removed to prevent config conflicts -if dpkg-query -Wf'${db:Status-abbrev}' postfix 2>/dev/null | grep -q '^i'; then apt purge -y postfix > $OUTPUT 2>&1; fi - diff --git a/CoreModules/nginx/apt.pkg.list b/CoreModules/nginx/apt.pkg.list new file mode 100644 index 0000000..4f0cb44 --- /dev/null +++ b/CoreModules/nginx/apt.pkg.list @@ -0,0 +1 @@ +apache2-utils \ No newline at end of file diff --git a/CoreModules/nginx/conf.sh b/CoreModules/nginx/conf.sh index f89545a..627fd53 100644 --- a/CoreModules/nginx/conf.sh +++ b/CoreModules/nginx/conf.sh @@ -43,4 +43,5 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/to # custom Welcome page echo "$webserv is functioning normally" > /usr/share/nginx/html/index.html -systemctl start nginx \ No newline at end of file +systemctl start nginx > $OUTPUT 2>&1 +systemctl enable nginx > $OUTPUT 2>&1 \ No newline at end of file diff --git a/CoreModules/nginx/dnf.pkg.list b/CoreModules/nginx/dnf.pkg.list new file mode 100644 index 0000000..815a56f --- /dev/null +++ b/CoreModules/nginx/dnf.pkg.list @@ -0,0 +1 @@ +httpd-tools \ No newline at end of file diff --git a/CoreModules/nginx/generic.pkg.list b/CoreModules/nginx/generic.pkg.list index 902a0e5..da70e20 100644 --- a/CoreModules/nginx/generic.pkg.list +++ b/CoreModules/nginx/generic.pkg.list @@ -1 +1 @@ -nginx apache2-utils \ No newline at end of file +nginx \ No newline at end of file diff --git a/CoreModules/nginx_nonphp/apt.pkg.list b/CoreModules/nginx_nonphp/apt.pkg.list new file mode 100644 index 0000000..4f0cb44 --- /dev/null +++ b/CoreModules/nginx_nonphp/apt.pkg.list @@ -0,0 +1 @@ +apache2-utils \ No newline at end of file diff --git a/CoreModules/nginx_nonphp/conf.sh b/CoreModules/nginx_nonphp/conf.sh index 6809f41..ab4fece 100644 --- a/CoreModules/nginx_nonphp/conf.sh +++ b/CoreModules/nginx_nonphp/conf.sh @@ -28,4 +28,5 @@ sed -i -e 's/DOMAINname/'$domain'/g' /etc/nginx/sites-available/"$sitename"_ssl # custom Welcome page echo "$webserv is functioning normally" > /usr/share/nginx/html/index.html -systemctl start nginx \ No newline at end of file +systemctl start nginx > $OUTPUT 2>&1 +systemctl enable nginx > $OUTPUT 2>&1 \ No newline at end of file diff --git a/CoreModules/nginx_nonphp/dnf.pkg.list b/CoreModules/nginx_nonphp/dnf.pkg.list new file mode 100644 index 0000000..815a56f --- /dev/null +++ b/CoreModules/nginx_nonphp/dnf.pkg.list @@ -0,0 +1 @@ +httpd-tools \ No newline at end of file diff --git a/CoreModules/nginx_nonphp/generic.pkg.list b/CoreModules/nginx_nonphp/generic.pkg.list index 902a0e5..da70e20 100644 --- a/CoreModules/nginx_nonphp/generic.pkg.list +++ b/CoreModules/nginx_nonphp/generic.pkg.list @@ -1 +1 @@ -nginx apache2-utils \ No newline at end of file +nginx \ No newline at end of file diff --git a/Scripts/EnableSSL.sh b/Scripts/EnableSSL.sh index 5c64b6e..098b300 100644 --- a/Scripts/EnableSSL.sh +++ b/Scripts/EnableSSL.sh @@ -8,8 +8,9 @@ webserv=WebServer webservice=WebServer #Correcting service name for Apache -if [ $webservice = apache ]; then - webservice=apache2 +if [ $webservice = apache ]; then\ + source /etc/ICTM/apachevar.list + webservice="$apacheService" ext=.conf fi diff --git a/Scripts/GeneratePhplist.sh b/Scripts/GeneratePhplist.sh new file mode 100644 index 0000000..1a007a1 --- /dev/null +++ b/Scripts/GeneratePhplist.sh @@ -0,0 +1,21 @@ +if [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi + +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then +# Debian/Ubunbtu Php variables + phpPoolDir=/etc/php/${phpver}/fpm/pool.d + phpPkgName=php${phpver} + phpMainConf=/etc/php/${phpver}/fpm/php.ini + phpFPMService=php${phpver}-fpm + +elif [ "$shortdist" = "el8" ]; then +# Centos Php variable + phpPoolDir=/etc/opt/remi/php${phpver//.}/php-fpm.d/ + phpPkgName=php${phpver//.}-php + phpMainConf=/etc/opt/remi/php${phpver//.}/php.ini + phpFPMService=php${phpver//.}-php-fpm +fi + +#Storing vars to config +for storeme in phpPoolDir phpPkgName phpMainConf phpFPMService; do + declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/phpvar.list +done \ No newline at end of file diff --git a/Scripts/SMI.sh b/Scripts/SMI.sh index 7fc0097..06ac178 100644 --- a/Scripts/SMI.sh +++ b/Scripts/SMI.sh @@ -50,7 +50,7 @@ elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then PKGM="dnf" PKGI="${PKGM} install --setopt=install_weak_deps=False --best -y" PKGLIST="dnf" - shortdist=cent8 + shortdist=el8 echo "This OS is not supported" exit else @@ -100,7 +100,7 @@ fi ##--------------------------## msg " Starting installer" 8 78 -$PKGM update > $OUTPUT 2>&1 +$PKGUC > $OUTPUT 2>&1 $PKGI curl > $OUTPUT 2>&1 @@ -134,8 +134,8 @@ fi msg " Preconfiguring" curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=init osrel=$shortdist bash > $OUTPUT 2>&1 -$PKGM update -$PKGM upgrade -y +$PKGUC +$PKGUP ##-------------------## @@ -155,8 +155,8 @@ fi # Installer # ##-------------## -$PKGM update -sed -i 's/PHPver/'$phpver'/g' /tmp/pkg.list +$PKGUC +sed -i 's/PHPprefix/'$phpPkgName'/g' /tmp/pkg.list cat /tmp/pkg.list | xargs $PKGI diff --git a/Scripts/toggles/toggle-PhpMyAdmin_APACHE.sh b/Scripts/toggles/toggle-PhpMyAdmin_APACHE.sh index 88f8fbc..9a14209 100644 --- a/Scripts/toggles/toggle-PhpMyAdmin_APACHE.sh +++ b/Scripts/toggles/toggle-PhpMyAdmin_APACHE.sh @@ -20,13 +20,13 @@ if [ -n "$1" ]; then if [[ "$1" = "-d" && "$PhpMA" != 0 ]]; then echo "Disable PhpMyadmin" sed -i '/PhpMA=/c\PhpMA=0' /etc/ICTM/toggle.conf - sed -i --follow-symlinks '/#enables\/disables PHPMyadmin/!b;n;cdeny from all' /etc/apache2/sites-enabled/010-Backend.conf - systemctl reload apache2 + sed -i --follow-symlinks '/#enables\/disables PHPMyadmin/!b;n;cdeny from all' /APADIR/sites-enabled/010-Backend.conf + systemctl reload APASRV elif [[ "$1" = "-e" && "$PhpMA" != 1 ]]; then echo "Enable PhpMyadmin" sed -i '/PhpMA=/c\PhpMA=1' /etc/ICTM/toggle.conf - sed -i --follow-symlinks '/#enables\/disables PHPMyadmin/!b;n;c#deny from all' /etc/apache2/sites-enabled/010-Backend.conf - systemctl reload apache2 + sed -i --follow-symlinks '/#enables\/disables PHPMyadmin/!b;n;c#deny from all' /APADIR/sites-enabled/010-Backend.conf + systemctl reload APASRV elif [[ "$1" = "-h" ]]; then usage else diff --git a/SubModules/php-fpm/apt.pkg.list b/SubModules/php-fpm/apt.pkg.list new file mode 100644 index 0000000..7521d75 --- /dev/null +++ b/SubModules/php-fpm/apt.pkg.list @@ -0,0 +1 @@ +php-pear \ No newline at end of file diff --git a/SubModules/php-fpm/conf.sh b/SubModules/php-fpm/conf.sh index 3661f28..32f44be 100644 --- a/SubModules/php-fpm/conf.sh +++ b/SubModules/php-fpm/conf.sh @@ -1,17 +1,32 @@ -systemctl stop php${phpver}-fpm +systemctl stop $phpFPMService ############### # PHP-FPM # ############### -sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/"$phpver"/fpm/php.ini -sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/"$phpver"/fpm/php.ini -sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/"$phpver"/fpm/php.ini -sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/"$phpver"/fpm/php.ini -sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/"$phpver"/fpm/php.ini -sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/"$phpver"/fpm/php.ini -sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/"$phpver"/fpm/php.ini -sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/"$phpver"/fpm/php.ini -sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' /etc/php/"$phpver"/fpm/php.ini -sed -i 's/post_max_size = 8/post_max_size = 64/g' /etc/php/"$phpver"/fpm/php.ini +sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' "$phpMainConf" +sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' "$phpMainConf" +sed -i 's/;opcache.enable=1/opcache.enable=1/g' "$phpMainConf" +sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' "$phpMainConf" +sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' "$phpMainConf" +sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' "$phpMainConf" +sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' "$phpMainConf" +sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' "$phpMainConf" +sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' "$phpMainConf" +sed -i 's/post_max_size = 8/post_max_size = 64/g' "$phpMainConf" + + +if [ "$shortdist" = "el8" ]; then +# Centos Mysql config +echo "pdo_mysql.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini +echo "mysql.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini +echo "mysqli.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini +echo "d /run/php 0755 www-data www-data - -" > /usr/lib/tmpfiles.d/php-custom.conf +#Centos php Bin +sudo ln -s /usr/bin/php${phpver//.} /usr/bin/php +#Centos SeLinux +setsebool -P httpd_can_network_connect 1 +fi + +systemctl start $phpFPMService +systemctl enable $phpFPMService -systemctl start php${phpver}-fpm \ No newline at end of file diff --git a/SubModules/php-fpm/dnf.pkg.list b/SubModules/php-fpm/dnf.pkg.list new file mode 100644 index 0000000..8ccb20f --- /dev/null +++ b/SubModules/php-fpm/dnf.pkg.list @@ -0,0 +1 @@ +PHPprefix-pear PHPprefix \ No newline at end of file diff --git a/SubModules/php-fpm/generic.pkg.list b/SubModules/php-fpm/generic.pkg.list index 418b6a2..40d3c6b 100644 --- a/SubModules/php-fpm/generic.pkg.list +++ b/SubModules/php-fpm/generic.pkg.list @@ -1 +1 @@ -phpPHPver-imagick php-pear phpPHPver-cli phpPHPver-apcu phpPHPver-fpm phpPHPver-mysql phpPHPver-cgi phpPHPver-common phpPHPver-mbstring phpPHPver-curl phpPHPver-gd phpPHPver-intl phpPHPver-soap phpPHPver-xml phpPHPver-xmlrpc phpPHPver-zip \ No newline at end of file +PHPprefix-imagick PHPprefix-cli PHPprefix-apcu PHPprefix-fpm PHPprefix-mysql PHPprefix-cgi PHPprefix-common PHPprefix-mbstring PHPprefix-curl PHPprefix-gd PHPprefix-intl PHPprefix-soap PHPprefix-xml PHPprefix-xmlrpc PHPprefix-zip \ No newline at end of file diff --git a/SubModules/php-fpm/preconf.sh b/SubModules/php-fpm/preconf.sh new file mode 100644 index 0000000..1085b2b --- /dev/null +++ b/SubModules/php-fpm/preconf.sh @@ -0,0 +1,22 @@ +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then +# Debian/Ubunbtu Php variables + phpPoolDir=/etc/php/${phpver}/fpm/pool.d + phpPkgName=php${phpver} + phpMainConf=/etc/php/${phpver}/fpm/php.ini + phpFPMService=php${phpver}-fpm + +elif [ "$shortdist" = "el8" ]; then +# Centos Php variable + phpPoolDir=/etc/opt/remi/php${phpver//.}/php-fpm.d/ + phpPkgName=php${phpver//.}-php + phpMainConf=/etc/opt/remi/php${phpver//.}/php.ini + phpFPMService=php${phpver//.}-php-fpm +#Creating Socket directory + mkdir -p /var/run/php +fi + + +#Storing vars to config +for storeme in phpPoolDir phpPkgName phpMainConf phpFPMService; do + declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/phpvar.list +done \ No newline at end of file diff --git a/SubModules/postfix/conf.sh b/SubModules/postfix/conf.sh index 4e10837..f7c847c 100644 --- a/SubModules/postfix/conf.sh +++ b/SubModules/postfix/conf.sh @@ -13,4 +13,6 @@ root: $email EOF newaliases -systemctl reload postfix postfix@- \ No newline at end of file +systemctl start postfix +systemctl enable postfix +systemctl reload postfix \ No newline at end of file diff --git a/SubModules/postfix/preconf.sh b/SubModules/postfix/preconf.sh index 3dae6a3..1d01d0c 100644 --- a/SubModules/postfix/preconf.sh +++ b/SubModules/postfix/preconf.sh @@ -7,5 +7,7 @@ if [ -z "${domain}" ]; then fi fi -debconf-set-selections <<< "postfix postfix/mailname string $domain" -debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'" \ No newline at end of file +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then + debconf-set-selections <<< "postfix postfix/mailname string $domain" + debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'" +fi \ No newline at end of file diff --git a/SubModules/redis/apt.pkg.list b/SubModules/redis/apt.pkg.list new file mode 100644 index 0000000..b523829 --- /dev/null +++ b/SubModules/redis/apt.pkg.list @@ -0,0 +1 @@ +redis-server \ No newline at end of file diff --git a/SubModules/redis/conf.sh b/SubModules/redis/conf.sh index 03a2a17..f284ba4 100644 --- a/SubModules/redis/conf.sh +++ b/SubModules/redis/conf.sh @@ -1,3 +1,3 @@ #!/bin/bash -systemctl enable --now redis-server \ No newline at end of file +systemctl enable --now $redisService \ No newline at end of file diff --git a/SubModules/redis/dnf.pkg.list b/SubModules/redis/dnf.pkg.list new file mode 100644 index 0000000..74b362f --- /dev/null +++ b/SubModules/redis/dnf.pkg.list @@ -0,0 +1 @@ +redis \ No newline at end of file diff --git a/SubModules/redis/generic.pkg.list b/SubModules/redis/generic.pkg.list index 2190cce..14863bb 100644 --- a/SubModules/redis/generic.pkg.list +++ b/SubModules/redis/generic.pkg.list @@ -1 +1 @@ -redis-server phpPHPver-redis \ No newline at end of file +PHPprefix-redis \ No newline at end of file diff --git a/SubModules/redis/preconf.sh b/SubModules/redis/preconf.sh index 85dceb4..8dec08d 100644 --- a/SubModules/redis/preconf.sh +++ b/SubModules/redis/preconf.sh @@ -1,3 +1,13 @@ #!/bin/bash +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then +# Debian/Ubunbtu redis variables + redisService=redis-server + +elif [ "$shortdist" = "el8" ]; then +# Centos redis variable + redisService=redis +fi + + curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=redis osrel=$shortdist bash > $OUTPUT 2>&1 \ No newline at end of file diff --git a/config/fail2ban/Jails/nextcloud_unconfigured b/config/fail2ban/Jails/nextcloud_unconfigured index 1d0cce5..6965831 100644 --- a/config/fail2ban/Jails/nextcloud_unconfigured +++ b/config/fail2ban/Jails/nextcloud_unconfigured @@ -6,4 +6,4 @@ filter = nextcloud maxretry = 15 bantime = 900 findtime = 900 -logpath = /var/log/nextcloud/SITEname +logpath = /var/www/DOMain/html/data/nextcloud.log diff --git a/config/fail2ban/action.d/ufw.conf b/config/fail2ban/action.d/ufw.conf new file mode 100644 index 0000000..d2f731f --- /dev/null +++ b/config/fail2ban/action.d/ufw.conf @@ -0,0 +1,42 @@ +# Fail2Ban action configuration file for ufw +# +# You are required to run "ufw enable" before this will have any effect. +# +# The insert position should be appropriate to block the required traffic. +# A number after an allow rule to the application won't be of much use. + +[Definition] + +actionstart = + +actionstop = + +actioncheck = + +actionban = [ -n "" ] && app="app " + ufw insert from to $app + +actionunban = [ -n "" ] && app="app " + ufw delete from to $app + +[Init] +# Option: insertpos +# Notes.: The position number in the firewall list to insert the block rule +insertpos = 1 + +# Option: blocktype +# Notes.: reject or deny +blocktype = reject + +# Option: destination +# Notes.: The destination address to block in the ufw rule +destination = any + +# Option: application +# Notes.: application from sudo ufw app list +application = + +# DEV NOTES: +# +# Author: Guilhem Lettron +# Enhancements: Daniel Black diff --git a/config/selinux/policies/fail2ban-allowhttpd.te b/config/selinux/policies/fail2ban-allowhttpd.te new file mode 100644 index 0000000..1d59595 --- /dev/null +++ b/config/selinux/policies/fail2ban-allowhttpd.te @@ -0,0 +1,21 @@ +module fail2ban-allowhttpd 1.1; + +require { + type httpd_sys_rw_content_t; + type fail2ban_t; + type syslogd_var_run_t; + type fail2ban_client_t; + class capability dac_override; + class dir { read getattr search ioctl }; + class file { getattr read open search ioctl }; +} + +#============= fail2ban_client_t ============== +allow fail2ban_client_t httpd_sys_rw_content_t:file getattr; +allow fail2ban_client_t self:capability dac_override; + +#============= fail2ban_t ============== +allow fail2ban_t httpd_sys_rw_content_t:dir { read getattr search ioctl }; +allow fail2ban_t httpd_sys_rw_content_t:file { read getattr open search ioctl }; +allow fail2ban_t syslogd_var_run_t:dir read; +allow fail2ban_t syslogd_var_run_t:file { read getattr open }; \ No newline at end of file diff --git a/installer.sh b/installer.sh index 6e6dd76..70efcfe 100644 --- a/installer.sh +++ b/installer.sh @@ -24,7 +24,7 @@ fi #Git-repo repo=https://git.ictmaatwerk.com/VPS-scripts/Web-V2 -branch=master +branch=Centos-Testing branchtype=branch #=branch for branch and =tag for release #Installer-config phpver=7.4 @@ -38,29 +38,33 @@ dist=$(grep --color=never -Po "^ID=\K.*" "/etc/os-release") if [[ "${dist}" == *"ubuntu"* ]] && [[ "${dist_ver}" == *"18.04"* ]]; then PKGM="$APTMODE" + PKGUC="$PKGM update" + PKGUP="$PKGM upgrade -y" PKGI="${PKGM} install -y --no-install-recommends" PKGLIST="apt" shortdist=ubu1804 elif [[ "${dist}" == *"ubuntu"* ]] && [[ "${dist_ver}" == *"20.04"* ]]; then - echo "Ubuntu 20.04 is not yet fully tested, not recommended for production server" PKGM="$APTMODE" + PKGUC="$PKGM update" + PKGUP="$PKGM upgrade -y" PKGI="${PKGM} install -y --no-install-recommends" PKGLIST="apt" shortdist=ubu2004 elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then - echo "Debian 10 Detected" PKGM="$APTMODE" + PKGUC="$PKGM update" + PKGUP="$PKGM upgrade -y" PKGI="${PKGM} install -y --no-install-recommends" PKGLIST="apt" shortdist=deb10 elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then - echo "Centos 8 Detected" PKGM="dnf" + PKGUC="$PKGM check-update --refresh" + PKGUP="$PKGM update -y" PKGI="${PKGM} install --setopt=install_weak_deps=False --best -y" PKGLIST="dnf" - shortdist=cent8 - echo "This os in not supported" - exit + shortdist=el8 + echo "The support for this os is being worked on" else echo "This os in not supported" exit @@ -199,7 +203,8 @@ done ##----------------## if [[ "$syscheckoff" -ne 1 ]] && [[ -d /etc/ICTM ]]; then msg " This system has already been installed by Web-V2" && exit; fi -if [[ "$syscheckoff" -ne 1 ]] && [[ ! -z $(dpkg -l | cut -d " " -f 3 | grep "^mysql-server") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "nginx") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "apache") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "php") ]] ; then msg " This system has installed packages, Web-V2 is designed for clean systems" && exit; fi +##Check for pkgs, not yet setup for Centos +# if [[ "$syscheckoff" -ne 1 ]] && [[ ! -z $(dpkg -l | cut -d " " -f 3 | grep "^mysql-server") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "nginx") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "apache") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "php") ]] ; then msg " This system has installed packages, Web-V2 is designed for clean systems" && exit; fi ##--------------------------## @@ -207,8 +212,8 @@ if [[ "$syscheckoff" -ne 1 ]] && [[ ! -z $(dpkg -l | cut -d " " -f 3 | grep "^my ##--------------------------## msg " Starting installer" 8 78 -$PKGM update > $OUTPUT 2>&1 -$PKGI curl wget > $OUTPUT 2>&1 +$PKGUC > $OUTPUT 2>&1 +$PKGI curl wget tar > $OUTPUT 2>&1 ##--------## @@ -364,7 +369,7 @@ fi mkdir -p /etc/ICTM/sites echo "InstDate=$(date "+%d-%B-%Y")" >> /etc/ICTM/mainvar.list -for storeme in PKGM PKGI PKGLIST OUTPUT IMODE shortdist repo branch branchtype webserv email shortdist hostname; do +for storeme in PKGM PKGI PKGUC PKGUP PKGLIST OUTPUT IMODE shortdist repo branch branchtype webserv email shortdist hostname; do declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/mainvar.list done @@ -468,7 +473,7 @@ for val1 in ${option[*]}; do printf " " >>/tmp/pkg.list fi if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed""$PKGLIST".pkg.list; then - curl --retry 7 --retry-delay 5 -s "$modListed""$PKGLIST" >>/tmp/pkg.list + curl --retry 7 --retry-delay 5 -s "$modListed""$PKGLIST".pkg.list >>/tmp/pkg.list printf " " >>/tmp/pkg.list fi if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed""$webserv"-"$PKGLIST".pkg.list; then @@ -578,8 +583,8 @@ done # Installer # ##-------------## -$PKGM update -sed -i 's/PHPver/'$phpver'/g' /tmp/pkg.list +$PKGM update -y +sed -i 's/PHPprefix/'$phpPkgName'/g' /tmp/pkg.list cat /tmp/pkg.list | xargs $PKGI @@ -703,4 +708,4 @@ systemctl reload sshd fail2ban ##-------## msg " Done installing!" -for f in /etc/update-motd.d/51*; do bash $f; done \ No newline at end of file +if stat --printf='' /etc/update-motd.d/51* 2>/dev/null; then for f in /etc/update-motd.d/51*; do bash $f; done; fi \ No newline at end of file