From 061d97d5a04ec675b03a8a18accbc77f469f4cd2 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Wed, 2 Dec 2020 14:54:22 +0100 Subject: [PATCH 01/37] Initial centos test/modifications --- CoreModules/generic/preconf.sh | 89 ++++++++++++++++++++++++---------- installer.sh | 12 ++--- 2 files changed, 68 insertions(+), 33 deletions(-) diff --git a/CoreModules/generic/preconf.sh b/CoreModules/generic/preconf.sh index 10d1add..01433af 100644 --- a/CoreModules/generic/preconf.sh +++ b/CoreModules/generic/preconf.sh @@ -1,24 +1,78 @@ +if [ "$osrel" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb10" ] ; then +######################## +# Debian/Ubunbtu # +######################## + ##--------------## + # Repositories # + ##--------------## + + curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=universe osrel=$shortdist bash > $OUTPUT 2>&1 + ##------------## + # System # + ##------------## + + sed -i -e '/XKBLAYOUT=/c\XKBLAYOUT=us' -e '/XKBVARIANT=/c\XKBVARIANT="intl"' /etc/default/keyboard > $OUTPUT 2>&1 + + + ##-------------## + # Updates # + ##-------------## + + debconf-set-selections <<< 'libssl1.1:amd64 libraries/restart-without-asking boolean true' + $PKGM update + $PKGM upgrade -y + + + ##-------------## + # Postfix # + ##-------------## + + #Checking if postfix exists on this system and if so it wil be removed to prevent config conflicts + if dpkg-query -Wf'${db:Status-abbrev}' postfix 2>/dev/null | grep -q '^i'; then apt purge -y postfix > $OUTPUT 2>&1; fi + + +elif [ "$osrel" = "cent8" ]; then +################ +# Centos # +################ + ##--------------## + # Repositories # + ##--------------## + + curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=epel osrel=$shortdist bash > $OUTPUT 2>&1 + + ##------------## + # System # + ##------------## + + localectl set-keymap us-int + useradd -r -U -s /usr/sbin/nologin -d /var/www www-data + dnf remove firewalld -y + + ##-------------## + # Postfix # + ##-------------## + + if dnf list installed postfix >/dev/null 2>&1; then dnf remove postfix -y; fi + +fi + + +################# +# General # +################# ##-----------------------## # Prerequisite packages # ##-----------------------## curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=init osrel=$shortdist bash > $OUTPUT 2>&1 + ##--------------## # Repositories # ##--------------## - -curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=universe osrel=$shortdist bash > $OUTPUT 2>&1 curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=php osrel=$shortdist bash > $OUTPUT 2>&1 -##-------------## -# Updates # -##-------------## - -debconf-set-selections <<< 'libssl1.1:amd64 libraries/restart-without-asking boolean true' -$PKGM update -$PKGM upgrade -y - ##------------## # System # @@ -30,12 +84,6 @@ timedatectl set-timezone Europe/Amsterdam > $OUTPUT 2>&1 sed -i -e '/Port 22/c\Port 4242' -e 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config > $OUTPUT 2>&1 -if [ "$osrel" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb10" ] ; then - sed -i -e '/XKBLAYOUT=/c\XKBLAYOUT=us' -e '/XKBVARIANT=/c\XKBVARIANT="intl"' /etc/default/keyboard > $OUTPUT 2>&1 -elif [ "$osrel" = "cent8" ]; then - localectl set-keymap us-int -fi - ##----------## # Swap # ##----------## @@ -51,12 +99,3 @@ else fi echo "vm.swappiness=10" >> /etc/sysctl.conf echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf - - -##-------------## -# Postfix # -##-------------## - -#Checking if postfix exists on this system and if so it wil be removed to prevent config conflicts -if dpkg-query -Wf'${db:Status-abbrev}' postfix 2>/dev/null | grep -q '^i'; then apt purge -y postfix > $OUTPUT 2>&1; fi - diff --git a/installer.sh b/installer.sh index 6e6dd76..6e916b6 100644 --- a/installer.sh +++ b/installer.sh @@ -24,7 +24,7 @@ fi #Git-repo repo=https://git.ictmaatwerk.com/VPS-scripts/Web-V2 -branch=master +branch=Centos-Testing branchtype=branch #=branch for branch and =tag for release #Installer-config phpver=7.4 @@ -42,25 +42,21 @@ if [[ "${dist}" == *"ubuntu"* ]] && [[ "${dist_ver}" == *"18.04"* ]]; then PKGLIST="apt" shortdist=ubu1804 elif [[ "${dist}" == *"ubuntu"* ]] && [[ "${dist_ver}" == *"20.04"* ]]; then - echo "Ubuntu 20.04 is not yet fully tested, not recommended for production server" PKGM="$APTMODE" PKGI="${PKGM} install -y --no-install-recommends" PKGLIST="apt" shortdist=ubu2004 elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then - echo "Debian 10 Detected" PKGM="$APTMODE" PKGI="${PKGM} install -y --no-install-recommends" PKGLIST="apt" shortdist=deb10 elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then - echo "Centos 8 Detected" PKGM="dnf" PKGI="${PKGM} install --setopt=install_weak_deps=False --best -y" PKGLIST="dnf" shortdist=cent8 - echo "This os in not supported" - exit + echo "The support for this os is being worked on" else echo "This os in not supported" exit @@ -207,7 +203,7 @@ if [[ "$syscheckoff" -ne 1 ]] && [[ ! -z $(dpkg -l | cut -d " " -f 3 | grep "^my ##--------------------------## msg " Starting installer" 8 78 -$PKGM update > $OUTPUT 2>&1 +$PKGM update -y > $OUTPUT 2>&1 $PKGI curl wget > $OUTPUT 2>&1 @@ -578,7 +574,7 @@ done # Installer # ##-------------## -$PKGM update +$PKGM update -y sed -i 's/PHPver/'$phpver'/g' /tmp/pkg.list cat /tmp/pkg.list | xargs $PKGI From f51b50debb4b1d360c0d7a50367bd7319c04b433 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Wed, 2 Dec 2020 15:25:45 +0100 Subject: [PATCH 02/37] added debug msg to preconfig --- CoreModules/generic/preconf.sh | 2 ++ installer.sh | 5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CoreModules/generic/preconf.sh b/CoreModules/generic/preconf.sh index 01433af..861644e 100644 --- a/CoreModules/generic/preconf.sh +++ b/CoreModules/generic/preconf.sh @@ -1,3 +1,4 @@ +echo "DEBUG Start preconf" if [ "$osrel" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb10" ] ; then ######################## # Debian/Ubunbtu # @@ -35,6 +36,7 @@ elif [ "$osrel" = "cent8" ]; then ################ # Centos # ################ +echo "DEBUG running cent8 preconf" ##--------------## # Repositories # ##--------------## diff --git a/installer.sh b/installer.sh index 6e916b6..de58f1f 100644 --- a/installer.sh +++ b/installer.sh @@ -195,7 +195,8 @@ done ##----------------## if [[ "$syscheckoff" -ne 1 ]] && [[ -d /etc/ICTM ]]; then msg " This system has already been installed by Web-V2" && exit; fi -if [[ "$syscheckoff" -ne 1 ]] && [[ ! -z $(dpkg -l | cut -d " " -f 3 | grep "^mysql-server") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "nginx") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "apache") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "php") ]] ; then msg " This system has installed packages, Web-V2 is designed for clean systems" && exit; fi +##Check for pkgs, not yet setup for Centos +# if [[ "$syscheckoff" -ne 1 ]] && [[ ! -z $(dpkg -l | cut -d " " -f 3 | grep "^mysql-server") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "nginx") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "apache") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "php") ]] ; then msg " This system has installed packages, Web-V2 is designed for clean systems" && exit; fi ##--------------------------## @@ -464,7 +465,7 @@ for val1 in ${option[*]}; do printf " " >>/tmp/pkg.list fi if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed""$PKGLIST".pkg.list; then - curl --retry 7 --retry-delay 5 -s "$modListed""$PKGLIST" >>/tmp/pkg.list + curl --retry 7 --retry-delay 5 -s "$modListed""$PKGLIST".pkg.list >>/tmp/pkg.list printf " " >>/tmp/pkg.list fi if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed""$webserv"-"$PKGLIST".pkg.list; then From 2cbaa6ce86bfeb3e0537d47ccdd3b3d3504ee303 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Wed, 2 Dec 2020 15:53:15 +0100 Subject: [PATCH 03/37] Fixed incorect Variable generic preconf --- CoreModules/generic/preconf.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CoreModules/generic/preconf.sh b/CoreModules/generic/preconf.sh index 861644e..0db20d1 100644 --- a/CoreModules/generic/preconf.sh +++ b/CoreModules/generic/preconf.sh @@ -1,5 +1,5 @@ echo "DEBUG Start preconf" -if [ "$osrel" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb10" ] ; then +if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb10" ] ; then ######################## # Debian/Ubunbtu # ######################## @@ -32,7 +32,7 @@ if [ "$osrel" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb10" if dpkg-query -Wf'${db:Status-abbrev}' postfix 2>/dev/null | grep -q '^i'; then apt purge -y postfix > $OUTPUT 2>&1; fi -elif [ "$osrel" = "cent8" ]; then +elif [ "$shortdist" = "cent8" ]; then ################ # Centos # ################ From 859033a213004c732ad5886cfca6bdecae5eec91 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Wed, 2 Dec 2020 15:59:34 +0100 Subject: [PATCH 04/37] Fixed nginx pkg list for CentOS --- CoreModules/nginx/apt.pkg.list | 1 + CoreModules/nginx/dnf.pkg.list | 1 + CoreModules/nginx/generic.pkg.list | 2 +- CoreModules/nginx_nonphp/apt.pkg.list | 1 + CoreModules/nginx_nonphp/dnf.pkg.list | 1 + CoreModules/nginx_nonphp/generic.pkg.list | 2 +- 6 files changed, 6 insertions(+), 2 deletions(-) create mode 100644 CoreModules/nginx/apt.pkg.list create mode 100644 CoreModules/nginx/dnf.pkg.list create mode 100644 CoreModules/nginx_nonphp/apt.pkg.list create mode 100644 CoreModules/nginx_nonphp/dnf.pkg.list diff --git a/CoreModules/nginx/apt.pkg.list b/CoreModules/nginx/apt.pkg.list new file mode 100644 index 0000000..4f0cb44 --- /dev/null +++ b/CoreModules/nginx/apt.pkg.list @@ -0,0 +1 @@ +apache2-utils \ No newline at end of file diff --git a/CoreModules/nginx/dnf.pkg.list b/CoreModules/nginx/dnf.pkg.list new file mode 100644 index 0000000..815a56f --- /dev/null +++ b/CoreModules/nginx/dnf.pkg.list @@ -0,0 +1 @@ +httpd-tools \ No newline at end of file diff --git a/CoreModules/nginx/generic.pkg.list b/CoreModules/nginx/generic.pkg.list index 902a0e5..da70e20 100644 --- a/CoreModules/nginx/generic.pkg.list +++ b/CoreModules/nginx/generic.pkg.list @@ -1 +1 @@ -nginx apache2-utils \ No newline at end of file +nginx \ No newline at end of file diff --git a/CoreModules/nginx_nonphp/apt.pkg.list b/CoreModules/nginx_nonphp/apt.pkg.list new file mode 100644 index 0000000..4f0cb44 --- /dev/null +++ b/CoreModules/nginx_nonphp/apt.pkg.list @@ -0,0 +1 @@ +apache2-utils \ No newline at end of file diff --git a/CoreModules/nginx_nonphp/dnf.pkg.list b/CoreModules/nginx_nonphp/dnf.pkg.list new file mode 100644 index 0000000..815a56f --- /dev/null +++ b/CoreModules/nginx_nonphp/dnf.pkg.list @@ -0,0 +1 @@ +httpd-tools \ No newline at end of file diff --git a/CoreModules/nginx_nonphp/generic.pkg.list b/CoreModules/nginx_nonphp/generic.pkg.list index 902a0e5..da70e20 100644 --- a/CoreModules/nginx_nonphp/generic.pkg.list +++ b/CoreModules/nginx_nonphp/generic.pkg.list @@ -1 +1 @@ -nginx apache2-utils \ No newline at end of file +nginx \ No newline at end of file From a9f57d351325fecbe4171bc1124bab03c1ab39a2 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Thu, 3 Dec 2020 11:28:41 +0100 Subject: [PATCH 05/37] Fixed UFW defaults for Centos Fixed selinux ssh port --- CoreModules/generic/conf.sh | 13 +++++++++++++ CoreModules/generic/dnf.pkg.list | 2 +- CoreModules/generic/preconf.sh | 2 -- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/CoreModules/generic/conf.sh b/CoreModules/generic/conf.sh index c0dd3f9..243aff2 100644 --- a/CoreModules/generic/conf.sh +++ b/CoreModules/generic/conf.sh @@ -1,7 +1,20 @@ +##--------------------## +# (Centos) SeLinux # +##--------------------## +if [ "$shortdist" = "cent8" ]; then + semanage port -a -t ssh_port_t -p tcp 4242 +fi + ##-------## # UFW # ##-------## +if [ "$shortdist" = "cent8" ]; then + sed -i -e '/tuple/d' -e '/dapp/d' /usr/share/ufw/iptables/user.rules + sed -i -e '/tuple/d' -e '/dapp/d' /usr/share/ufw/iptables/user6.rules + echo "y" | ufw reset > $OUTPUT 2>&1 +fi + sed -i '/IPV6=/c\IPV6=yes' /etc/default/ufw ufw default deny incoming > $OUTPUT 2>&1 ufw default allow outgoing > $OUTPUT 2>&1 diff --git a/CoreModules/generic/dnf.pkg.list b/CoreModules/generic/dnf.pkg.list index 0afbab6..baf282a 100644 --- a/CoreModules/generic/dnf.pkg.list +++ b/CoreModules/generic/dnf.pkg.list @@ -1 +1 @@ -cronie \ No newline at end of file +cronie policycoreutils-python-utils \ No newline at end of file diff --git a/CoreModules/generic/preconf.sh b/CoreModules/generic/preconf.sh index 0db20d1..f951b96 100644 --- a/CoreModules/generic/preconf.sh +++ b/CoreModules/generic/preconf.sh @@ -1,4 +1,3 @@ -echo "DEBUG Start preconf" if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb10" ] ; then ######################## # Debian/Ubunbtu # @@ -36,7 +35,6 @@ elif [ "$shortdist" = "cent8" ]; then ################ # Centos # ################ -echo "DEBUG running cent8 preconf" ##--------------## # Repositories # ##--------------## From c49a284e5e8c9164c05cf42630f78bf58bcaa99e Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Thu, 3 Dec 2020 12:05:37 +0100 Subject: [PATCH 06/37] Fixed ufw no starting on boot --- CoreModules/generic/conf.sh | 1 + CoreModules/generic/preconf.sh | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CoreModules/generic/conf.sh b/CoreModules/generic/conf.sh index 243aff2..dbffdb2 100644 --- a/CoreModules/generic/conf.sh +++ b/CoreModules/generic/conf.sh @@ -3,6 +3,7 @@ ##--------------------## if [ "$shortdist" = "cent8" ]; then semanage port -a -t ssh_port_t -p tcp 4242 + systemctl enable ufw fi ##-------## diff --git a/CoreModules/generic/preconf.sh b/CoreModules/generic/preconf.sh index f951b96..4708b71 100644 --- a/CoreModules/generic/preconf.sh +++ b/CoreModules/generic/preconf.sh @@ -47,7 +47,7 @@ elif [ "$shortdist" = "cent8" ]; then localectl set-keymap us-int useradd -r -U -s /usr/sbin/nologin -d /var/www www-data - dnf remove firewalld -y + systemctl disable firewald --now ##-------------## # Postfix # From 17353040b6d9c67ce60a2e62f424f9875df3051c Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Thu, 3 Dec 2020 12:26:40 +0100 Subject: [PATCH 07/37] Fixed typo --- CoreModules/generic/preconf.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CoreModules/generic/preconf.sh b/CoreModules/generic/preconf.sh index 4708b71..fac8106 100644 --- a/CoreModules/generic/preconf.sh +++ b/CoreModules/generic/preconf.sh @@ -47,7 +47,7 @@ elif [ "$shortdist" = "cent8" ]; then localectl set-keymap us-int useradd -r -U -s /usr/sbin/nologin -d /var/www www-data - systemctl disable firewald --now + systemctl disable firewalld --now ##-------------## # Postfix # From 18439cc934c1e15acab44f88819f8433f28caaf6 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Thu, 3 Dec 2020 13:12:12 +0100 Subject: [PATCH 08/37] Fixed non starting services --- CoreModules/apache/conf.sh | 3 ++- CoreModules/nginx/conf.sh | 3 ++- CoreModules/nginx_nonphp/conf.sh | 3 ++- SubModules/php-fpm/conf.sh | 3 ++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/CoreModules/apache/conf.sh b/CoreModules/apache/conf.sh index 0476782..11c7016 100644 --- a/CoreModules/apache/conf.sh +++ b/CoreModules/apache/conf.sh @@ -51,4 +51,5 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/to # custom Welcome page echo "$webserv is functioning normally" > /var/www/html/index.html -systemctl start apache2 > $OUTPUT 2>&1 \ No newline at end of file +systemctl start apache2 > $OUTPUT 2>&1 +systemctl enable apache2 > $OUTPUT 2>&1 \ No newline at end of file diff --git a/CoreModules/nginx/conf.sh b/CoreModules/nginx/conf.sh index f89545a..627fd53 100644 --- a/CoreModules/nginx/conf.sh +++ b/CoreModules/nginx/conf.sh @@ -43,4 +43,5 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/to # custom Welcome page echo "$webserv is functioning normally" > /usr/share/nginx/html/index.html -systemctl start nginx \ No newline at end of file +systemctl start nginx > $OUTPUT 2>&1 +systemctl enable nginx > $OUTPUT 2>&1 \ No newline at end of file diff --git a/CoreModules/nginx_nonphp/conf.sh b/CoreModules/nginx_nonphp/conf.sh index 6809f41..ab4fece 100644 --- a/CoreModules/nginx_nonphp/conf.sh +++ b/CoreModules/nginx_nonphp/conf.sh @@ -28,4 +28,5 @@ sed -i -e 's/DOMAINname/'$domain'/g' /etc/nginx/sites-available/"$sitename"_ssl # custom Welcome page echo "$webserv is functioning normally" > /usr/share/nginx/html/index.html -systemctl start nginx \ No newline at end of file +systemctl start nginx > $OUTPUT 2>&1 +systemctl enable nginx > $OUTPUT 2>&1 \ No newline at end of file diff --git a/SubModules/php-fpm/conf.sh b/SubModules/php-fpm/conf.sh index 3661f28..0cf32c5 100644 --- a/SubModules/php-fpm/conf.sh +++ b/SubModules/php-fpm/conf.sh @@ -14,4 +14,5 @@ sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/"$phpver"/f sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' /etc/php/"$phpver"/fpm/php.ini sed -i 's/post_max_size = 8/post_max_size = 64/g' /etc/php/"$phpver"/fpm/php.ini -systemctl start php${phpver}-fpm \ No newline at end of file +systemctl start php${phpver}-fpm +systemctl enable php${phpver}-fpm \ No newline at end of file From eb83d115380e4d60b111beca2b6b146322707c0c Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Thu, 3 Dec 2020 13:36:55 +0100 Subject: [PATCH 09/37] Fixed Selinx www folder --- CoreModules/generic/conf.sh | 5 ++++- CoreModules/generic/preconf.sh | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/CoreModules/generic/conf.sh b/CoreModules/generic/conf.sh index dbffdb2..9bf57dd 100644 --- a/CoreModules/generic/conf.sh +++ b/CoreModules/generic/conf.sh @@ -3,7 +3,10 @@ ##--------------------## if [ "$shortdist" = "cent8" ]; then semanage port -a -t ssh_port_t -p tcp 4242 - systemctl enable ufw + systemctl enable ufw > $OUTPUT 2>&1 + mkdir /var/www > $OUTPUT 2>&1 + semanage fcontext -a -t httpd_sys_content_t /var/www/ > $OUTPUT 2>&1 + restorecon -vr /var/www/ > $OUTPUT 2>&1 fi ##-------## diff --git a/CoreModules/generic/preconf.sh b/CoreModules/generic/preconf.sh index fac8106..bc47795 100644 --- a/CoreModules/generic/preconf.sh +++ b/CoreModules/generic/preconf.sh @@ -45,9 +45,9 @@ elif [ "$shortdist" = "cent8" ]; then # System # ##------------## - localectl set-keymap us-int - useradd -r -U -s /usr/sbin/nologin -d /var/www www-data - systemctl disable firewalld --now + localectl set-keymap us-int > $OUTPUT 2>&1 + useradd -r -U -s /usr/sbin/nologin -d /var/www www-data > $OUTPUT 2>&1 + systemctl disable firewalld --now > $OUTPUT 2>&1 ##-------------## # Postfix # From 7fb0470f4424d91b30d4193e8ee99f4bc7c1e338 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Thu, 3 Dec 2020 14:07:35 +0100 Subject: [PATCH 10/37] Made motd msg work in Centos, updated motd display to first check if file exists --- AppendCMS.sh | 2 +- AppendModule.sh | 2 +- CoreModules/generic/conf.sh | 11 ++++++++--- installer.sh | 2 +- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/AppendCMS.sh b/AppendCMS.sh index f930c62..6628ed1 100644 --- a/AppendCMS.sh +++ b/AppendCMS.sh @@ -274,4 +274,4 @@ systemctl reload fail2ban ##-------## msg " Added CMS!" -for f in /etc/update-motd.d/51*; do bash $f; done \ No newline at end of file +if stat --printf='' /etc/update-motd.d/51* 2>/dev/null; then for f in /etc/update-motd.d/51*; do bash $f; done; fi \ No newline at end of file diff --git a/AppendModule.sh b/AppendModule.sh index c011fe6..856b84b 100644 --- a/AppendModule.sh +++ b/AppendModule.sh @@ -267,4 +267,4 @@ done ##-------## msg " Added Module!" -for f in /etc/update-motd.d/51*; do bash $f; done \ No newline at end of file +if stat --printf='' /etc/update-motd.d/51* 2>/dev/null; then for f in /etc/update-motd.d/51*; do bash $f; done; fi \ No newline at end of file diff --git a/CoreModules/generic/conf.sh b/CoreModules/generic/conf.sh index 9bf57dd..f119e35 100644 --- a/CoreModules/generic/conf.sh +++ b/CoreModules/generic/conf.sh @@ -1,12 +1,17 @@ -##--------------------## -# (Centos) SeLinux # -##--------------------## +##----------## +# Centos # +##----------## if [ "$shortdist" = "cent8" ]; then + #SeLinux semanage port -a -t ssh_port_t -p tcp 4242 systemctl enable ufw > $OUTPUT 2>&1 mkdir /var/www > $OUTPUT 2>&1 semanage fcontext -a -t httpd_sys_content_t /var/www/ > $OUTPUT 2>&1 restorecon -vr /var/www/ > $OUTPUT 2>&1 + + #Motd + mkdir /etc/update-motd.d + echo 'if stat --printf="" /etc/update-motd.d/51* 2>/dev/null; then for f in /etc/update-motd.d/51*; do bash $f; done; fi' >> /etc/profile fi ##-------## diff --git a/installer.sh b/installer.sh index de58f1f..820e304 100644 --- a/installer.sh +++ b/installer.sh @@ -700,4 +700,4 @@ systemctl reload sshd fail2ban ##-------## msg " Done installing!" -for f in /etc/update-motd.d/51*; do bash $f; done \ No newline at end of file +if stat --printf='' /etc/update-motd.d/51* 2>/dev/null; then for f in /etc/update-motd.d/51*; do bash $f; done; fi \ No newline at end of file From be8d75bcab590d39f9b4211a6ea3da14d04a5b41 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Thu, 3 Dec 2020 17:10:47 +0100 Subject: [PATCH 11/37] Replaced references php With vars Done because differences between distros is quite big, and this was the beter solution then using alot of if statements List of changes: * Replaced service names php"$phpver"-fpm with $phpFPMService * Replaced PHPver in package list with phpPkgName * Replaced full php config path with $phpMainConf * Replaced php pool path with $phpPoolDir --- AppendCMS.sh | 5 +++-- AppendModule.sh | 5 +++-- CMS/Backend/conf.sh | 4 ++-- CMS/nextcloud/apache-conf.sh | 4 ++-- CMS/nextcloud/conf.sh | 6 +++--- CMS/nextcloud/generic.pkg.list | 2 +- CMS/none/conf.sh | 6 +++--- CMS/wordpress/conf.sh | 6 +++--- CoreModules/generic/preconf.sh | 2 +- Scripts/GeneratePhplist.sh | 21 +++++++++++++++++++++ Scripts/SMI.sh | 2 +- SubModules/php-fpm/conf.sh | 26 +++++++++++++------------- SubModules/php-fpm/generic.pkg.list | 2 +- SubModules/php-fpm/preconf.sh | 22 ++++++++++++++++++++++ SubModules/redis/generic.pkg.list | 2 +- installer.sh | 2 +- 16 files changed, 81 insertions(+), 36 deletions(-) create mode 100644 Scripts/GeneratePhplist.sh create mode 100644 SubModules/php-fpm/preconf.sh diff --git a/AppendCMS.sh b/AppendCMS.sh index 6628ed1..c23390e 100644 --- a/AppendCMS.sh +++ b/AppendCMS.sh @@ -3,10 +3,11 @@ ##-----------------## if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi - +if [ ! -f "/etc/ICTM/phpvar.list" ] ; then echo 'Php var list missing,Please run /Scipts/GeneratePhplist from the repo ' && exit ; fi source /etc/ICTM/selopts.list source /etc/ICTM/mainvar.list +source /etc/ICTM/phpvar.list rm /tmp/pkg.list > $OUTPUT 2>&1 source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/ModulesMenu.list) @@ -197,7 +198,7 @@ fi ##-------------## $PKGM update -sed -i 's/PHPver/'$phpver'/g' /tmp/pkg.list +sed -i 's/PHPprefix/'$phpPkgName'/g' /tmp/pkg.list cat /tmp/pkg.list | xargs $PKGI diff --git a/AppendModule.sh b/AppendModule.sh index 856b84b..87b41d4 100644 --- a/AppendModule.sh +++ b/AppendModule.sh @@ -3,7 +3,7 @@ ##-----------------## if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi - +if [ ! -f "/etc/ICTM/phpvar.list" ] ; then echo 'Php var list missing,Please run /Scipts/GeneratePhplist from the repo ' && exit ; fi ##-----------------## # Fetching Vars # @@ -11,6 +11,7 @@ if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then source /etc/ICTM/selopts.list source /etc/ICTM/mainvar.list +source /etc/ICTM/phpvar.list rm /tmp/pkg.list source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/ModulesMenu.list) @@ -228,7 +229,7 @@ done ##-------------## $PKGM update -sed -i 's/PHPver/'$phpver'/g' /tmp/pkg.list +sed -i 's/PHPprefix/'$phpPkgName'/g' /tmp/pkg.list cat /tmp/pkg.list | xargs $PKGI diff --git a/CMS/Backend/conf.sh b/CMS/Backend/conf.sh index 0276957..144df72 100644 --- a/CMS/Backend/conf.sh +++ b/CMS/Backend/conf.sh @@ -1,6 +1,6 @@ #Backend PHP Pool -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/Backend/Fpm-Pool.conf-unconfigured -o /etc/php/"$phpver"/fpm/pool.d/Backend.conf -sed -i 's/PHPver/'$phpver'/' /etc/php/"$phpver"/fpm/pool.d/Backend.conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/Backend/Fpm-Pool.conf-unconfigured -o "$phpPoolDir"/Backend.conf +sed -i 's/PHPver/'$phpver'/' "$phpPoolDir"/Backend.conf groupadd Backend useradd -g Backend Backend #PHPMyAdmin configuration diff --git a/CMS/nextcloud/apache-conf.sh b/CMS/nextcloud/apache-conf.sh index 6329e1b..d4d2f53 100644 --- a/CMS/nextcloud/apache-conf.sh +++ b/CMS/nextcloud/apache-conf.sh @@ -5,7 +5,7 @@ sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/ap chown "$sitename":"$sitename" -R /var/www/"$domain"/html #PHP -sed -i -e '/cgi.fix_pathinfo/c\php_admin_value[cgi.fix_pathinfo] = 1' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf -sed -i -e '/security.limit_extensions/c\php_admin_value[security.limit_extensions] = .php' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf +sed -i -e '/cgi.fix_pathinfo/c\php_admin_value[cgi.fix_pathinfo] = 1' "$phpPoolDir"/$sitename.conf +sed -i -e '/security.limit_extensions/c\php_admin_value[security.limit_extensions] = .php' "$phpPoolDir"/$sitename.conf systemctl reload apache2 php$phpver-fpm \ No newline at end of file diff --git a/CMS/nextcloud/conf.sh b/CMS/nextcloud/conf.sh index ef9ae54..c414d20 100644 --- a/CMS/nextcloud/conf.sh +++ b/CMS/nextcloud/conf.sh @@ -1,6 +1,6 @@ #PHP Pool -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/Fpm-Pool.conf-unconfigured -o /etc/php/"$phpver"/fpm/pool.d/"$sitename".conf -sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/g' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/Fpm-Pool.conf-unconfigured -o "$phpPoolDir"/"$sitename".conf +sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/g' "$phpPoolDir"/$sitename.conf groupadd "$sitename" useradd -g "$sitename" "$sitename" mkdir -p /var/www/"$domain"/html/data @@ -55,4 +55,4 @@ ln -s /var/www/"$domain"/html/data/nextcloud.log /var/log/nextcloud/"$sitename" curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/nextcloud_unconfigured -o /etc/fail2ban/jail.d/"$sitename"-nextcloud.local sed -i 's/SITEname/'$sitename'/' /etc/fail2ban/jail.d/"$sitename"-nextcloud.local -systemctl reload php"$phpver"-fpm \ No newline at end of file +systemctl reload "$phpFPMService" \ No newline at end of file diff --git a/CMS/nextcloud/generic.pkg.list b/CMS/nextcloud/generic.pkg.list index 446a15e..37f80f9 100644 --- a/CMS/nextcloud/generic.pkg.list +++ b/CMS/nextcloud/generic.pkg.list @@ -1 +1 @@ -libmagickcore-6.q16-3-extra libxml2 openssl zlib1g libpng-dev phpPHPver-bcmath phpPHPver-gmp \ No newline at end of file +libmagickcore-6.q16-3-extra libxml2 openssl zlib1g libpng-dev PHPprefix-bcmath PHPprefix-gmp \ No newline at end of file diff --git a/CMS/none/conf.sh b/CMS/none/conf.sh index 957b6ff..7ab490e 100644 --- a/CMS/none/conf.sh +++ b/CMS/none/conf.sh @@ -2,11 +2,11 @@ if [ $webserv != nginx_nonphp ]; then #Setup PHP Pool -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Fpm-Pool.conf-unconfigured -o /etc/php/"$phpver"/fpm/pool.d/"$sitename".conf -sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Fpm-Pool.conf-unconfigured -o "$phpPoolDir"/"$sitename".conf +sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/' "$phpPoolDir"/$sitename.conf groupadd "$sitename" useradd -g "$sitename" "$sitename" -systemctl reload php"$phpver"-fpm +systemctl reload $phpFPMService fi \ No newline at end of file diff --git a/CMS/wordpress/conf.sh b/CMS/wordpress/conf.sh index cddbe0e..c588c0e 100644 --- a/CMS/wordpress/conf.sh +++ b/CMS/wordpress/conf.sh @@ -33,12 +33,12 @@ printf '%s\n' "$WPSalts" >> /var/www/"$domain"/html/wp-config.php printf '%s\n' "require_once(ABSPATH . 'wp-settings.php');" >> /var/www/"$domain"/html/wp-config.php #PHP Pool -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/Fpm-Pool.conf-unconfigured -o /etc/php/"$phpver"/fpm/pool.d/"$sitename".conf -sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/g' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/Fpm-Pool.conf-unconfigured -o "$phpPoolDir"/"$sitename".conf +sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/g' "$phpPoolDir"/$sitename.conf groupadd "$sitename" useradd -g "$sitename" "$sitename" -systemctl reload php"$phpver"-fpm +systemctl reload $phpFPMService #fail2ban if [ ! -f /etc/fail2ban/jail.d/wordpress-syslog.local ]; then diff --git a/CoreModules/generic/preconf.sh b/CoreModules/generic/preconf.sh index bc47795..afaadd8 100644 --- a/CoreModules/generic/preconf.sh +++ b/CoreModules/generic/preconf.sh @@ -45,7 +45,7 @@ elif [ "$shortdist" = "cent8" ]; then # System # ##------------## - localectl set-keymap us-int > $OUTPUT 2>&1 + localectl set-keymap us > $OUTPUT 2>&1 useradd -r -U -s /usr/sbin/nologin -d /var/www www-data > $OUTPUT 2>&1 systemctl disable firewalld --now > $OUTPUT 2>&1 diff --git a/Scripts/GeneratePhplist.sh b/Scripts/GeneratePhplist.sh new file mode 100644 index 0000000..a814e45 --- /dev/null +++ b/Scripts/GeneratePhplist.sh @@ -0,0 +1,21 @@ +if [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi + +if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb10" ] ; then +# Debian/Ubunbtu Php variables + phpPoolDir=/etc/php/${phpver}/fpm/pool.d + phpPkgName=php${phpver} + phpMainConf=/etc/php/${phpver}/fpm/php.ini + phpFPMService=php${phpver}-fpm + +elif [ "$shortdist" = "cent8" ]; then +# Centos Php variable + phpPoolDir=/etc/opt/remi/php${phpver//.}/php-fpm.d/ + phpPkgName=php${phpver//.}-php + phpMainConf=/etc/opt/remi/php${phpver//.}/php.ini + phpFPMService=php${phpver//.}-php-fpm +fi + +#Storing vars to config +for storeme in phpPoolDir phpPkgName phpMainConf phpFPMService; do + declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/phpvar.list +done \ No newline at end of file diff --git a/Scripts/SMI.sh b/Scripts/SMI.sh index 7fc0097..607c290 100644 --- a/Scripts/SMI.sh +++ b/Scripts/SMI.sh @@ -156,7 +156,7 @@ fi ##-------------## $PKGM update -sed -i 's/PHPver/'$phpver'/g' /tmp/pkg.list +sed -i 's/PHPprefix/'$phpPkgName'/g' /tmp/pkg.list cat /tmp/pkg.list | xargs $PKGI diff --git a/SubModules/php-fpm/conf.sh b/SubModules/php-fpm/conf.sh index 0cf32c5..ac4e59a 100644 --- a/SubModules/php-fpm/conf.sh +++ b/SubModules/php-fpm/conf.sh @@ -1,18 +1,18 @@ -systemctl stop php${phpver}-fpm +systemctl stop $phpFPMService ############### # PHP-FPM # ############### -sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/"$phpver"/fpm/php.ini -sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/"$phpver"/fpm/php.ini -sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/"$phpver"/fpm/php.ini -sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/"$phpver"/fpm/php.ini -sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/"$phpver"/fpm/php.ini -sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/"$phpver"/fpm/php.ini -sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/"$phpver"/fpm/php.ini -sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/"$phpver"/fpm/php.ini -sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' /etc/php/"$phpver"/fpm/php.ini -sed -i 's/post_max_size = 8/post_max_size = 64/g' /etc/php/"$phpver"/fpm/php.ini +sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' "$phpMainConf" +sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' "$phpMainConf" +sed -i 's/;opcache.enable=1/opcache.enable=1/g' "$phpMainConf" +sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' "$phpMainConf" +sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' "$phpMainConf" +sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' "$phpMainConf" +sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' "$phpMainConf" +sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' "$phpMainConf" +sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' "$phpMainConf" +sed -i 's/post_max_size = 8/post_max_size = 64/g' "$phpMainConf" -systemctl start php${phpver}-fpm -systemctl enable php${phpver}-fpm \ No newline at end of file +systemctl start $phpFPMService +systemctl enable $phpFPMService \ No newline at end of file diff --git a/SubModules/php-fpm/generic.pkg.list b/SubModules/php-fpm/generic.pkg.list index 418b6a2..3238593 100644 --- a/SubModules/php-fpm/generic.pkg.list +++ b/SubModules/php-fpm/generic.pkg.list @@ -1 +1 @@ -phpPHPver-imagick php-pear phpPHPver-cli phpPHPver-apcu phpPHPver-fpm phpPHPver-mysql phpPHPver-cgi phpPHPver-common phpPHPver-mbstring phpPHPver-curl phpPHPver-gd phpPHPver-intl phpPHPver-soap phpPHPver-xml phpPHPver-xmlrpc phpPHPver-zip \ No newline at end of file +PHPprefix-imagick php-pear PHPprefix-cli PHPprefix-apcu PHPprefix-fpm PHPprefix-mysql PHPprefix-cgi PHPprefix-common PHPprefix-mbstring PHPprefix-curl PHPprefix-gd PHPprefix-intl PHPprefix-soap PHPprefix-xml PHPprefix-xmlrpc PHPprefix-zip \ No newline at end of file diff --git a/SubModules/php-fpm/preconf.sh b/SubModules/php-fpm/preconf.sh new file mode 100644 index 0000000..6ab7b7f --- /dev/null +++ b/SubModules/php-fpm/preconf.sh @@ -0,0 +1,22 @@ +if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb10" ] ; then +# Debian/Ubunbtu Php variables + phpPoolDir=/etc/php/${phpver}/fpm/pool.d + phpPkgName=php${phpver} + phpMainConf=/etc/php/${phpver}/fpm/php.ini + phpFPMService=php${phpver}-fpm + +elif [ "$shortdist" = "cent8" ]; then +# Centos Php variable + phpPoolDir=/etc/opt/remi/php${phpver//.}/php-fpm.d/ + phpPkgName=php${phpver//.}-php + phpMainConf=/etc/opt/remi/php${phpver//.}/php.ini + phpFPMService=php${phpver//.}-php-fpm +#Creating Socket directory + mkdir -p /var/run/php +fi + + +#Storing vars to config +for storeme in phpPoolDir phpPkgName phpMainConf phpFPMService; do + declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/phpvar.list +done \ No newline at end of file diff --git a/SubModules/redis/generic.pkg.list b/SubModules/redis/generic.pkg.list index 2190cce..61097ca 100644 --- a/SubModules/redis/generic.pkg.list +++ b/SubModules/redis/generic.pkg.list @@ -1 +1 @@ -redis-server phpPHPver-redis \ No newline at end of file +redis-server PHPprefix-redis \ No newline at end of file diff --git a/installer.sh b/installer.sh index 820e304..daf2dce 100644 --- a/installer.sh +++ b/installer.sh @@ -576,7 +576,7 @@ done ##-------------## $PKGM update -y -sed -i 's/PHPver/'$phpver'/g' /tmp/pkg.list +sed -i 's/PHPprefix/'$phpPkgName'/g' /tmp/pkg.list cat /tmp/pkg.list | xargs $PKGI From 574e61b085cbdb88b7b421dc70894cdb754b18fb Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Fri, 4 Dec 2020 11:10:57 +0100 Subject: [PATCH 12/37] Updated Redis module for Centos compatibility --- SubModules/redis/apt.pkg.list | 1 + SubModules/redis/conf.sh | 2 +- SubModules/redis/dnf.pkg.list | 1 + SubModules/redis/generic.pkg.list | 2 +- SubModules/redis/preconf.sh | 10 ++++++++++ 5 files changed, 14 insertions(+), 2 deletions(-) create mode 100644 SubModules/redis/apt.pkg.list create mode 100644 SubModules/redis/dnf.pkg.list diff --git a/SubModules/redis/apt.pkg.list b/SubModules/redis/apt.pkg.list new file mode 100644 index 0000000..b523829 --- /dev/null +++ b/SubModules/redis/apt.pkg.list @@ -0,0 +1 @@ +redis-server \ No newline at end of file diff --git a/SubModules/redis/conf.sh b/SubModules/redis/conf.sh index 03a2a17..f284ba4 100644 --- a/SubModules/redis/conf.sh +++ b/SubModules/redis/conf.sh @@ -1,3 +1,3 @@ #!/bin/bash -systemctl enable --now redis-server \ No newline at end of file +systemctl enable --now $redisService \ No newline at end of file diff --git a/SubModules/redis/dnf.pkg.list b/SubModules/redis/dnf.pkg.list new file mode 100644 index 0000000..74b362f --- /dev/null +++ b/SubModules/redis/dnf.pkg.list @@ -0,0 +1 @@ +redis \ No newline at end of file diff --git a/SubModules/redis/generic.pkg.list b/SubModules/redis/generic.pkg.list index 61097ca..14863bb 100644 --- a/SubModules/redis/generic.pkg.list +++ b/SubModules/redis/generic.pkg.list @@ -1 +1 @@ -redis-server PHPprefix-redis \ No newline at end of file +PHPprefix-redis \ No newline at end of file diff --git a/SubModules/redis/preconf.sh b/SubModules/redis/preconf.sh index 85dceb4..f868b2d 100644 --- a/SubModules/redis/preconf.sh +++ b/SubModules/redis/preconf.sh @@ -1,3 +1,13 @@ #!/bin/bash +if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb10" ] ; then +# Debian/Ubunbtu redis variables + redisService=redis-server + +elif [ "$shortdist" = "cent8" ]; then +# Centos redis variable + redisService=redis +fi + + curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=redis osrel=$shortdist bash > $OUTPUT 2>&1 \ No newline at end of file From bc511b4c7365173bebdb35f2d78fc7a9aabc35cf Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Fri, 4 Dec 2020 12:53:04 +0100 Subject: [PATCH 13/37] Updated password generator for mysql db creation --- CMS/nextcloud/conf.sh | 2 +- CMS/wordpress/conf.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CMS/nextcloud/conf.sh b/CMS/nextcloud/conf.sh index c414d20..66e99ba 100644 --- a/CMS/nextcloud/conf.sh +++ b/CMS/nextcloud/conf.sh @@ -15,7 +15,7 @@ touch /var/www/"$domain"/html/data/nextcloud.log > $OUTPUT 2>&1 db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1` db_name="nextcloud_$db_suffix" db_user="nextcloud_$db_suffix" -db_pass=$(date +%s|sha256sum|base64|head -c 32) +db_pass=$(tr -dc 'A-Za-z0-9!#%()*+,-.:;<=>?@[]^_{|}~' $OUTPUT 2>&1 mysql -u root -p"$password" -e "CREATE USER '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" > $OUTPUT 2>&1 mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost';" > $OUTPUT 2>&1 diff --git a/CMS/wordpress/conf.sh b/CMS/wordpress/conf.sh index c588c0e..8a6b844 100644 --- a/CMS/wordpress/conf.sh +++ b/CMS/wordpress/conf.sh @@ -9,7 +9,7 @@ fi db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1` db_name="wp_$db_suffix" db_user="wp_$db_suffix" -db_pass=$(date +%s|sha256sum|base64|head -c 32) +db_pass=$(tr -dc 'A-Za-z0-9!#%()*+,-.:;<=>?@[]^_{|}~' Date: Fri, 4 Dec 2020 13:54:58 +0100 Subject: [PATCH 14/37] Fixed oopsie --- CMS/Backend/conf.sh | 2 +- CoreModules/generic/conf.sh | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CMS/Backend/conf.sh b/CMS/Backend/conf.sh index 144df72..10662aa 100644 --- a/CMS/Backend/conf.sh +++ b/CMS/Backend/conf.sh @@ -8,7 +8,7 @@ touch /var/log/PhpMyAdmin/PhpMyAdmin_auth.log chown Backend:Backend -R /usr/share/phpmyadmin chown Backend:Backend -R /var/lib/phpmyadmin/tmp chown Backend:Backend -R /var/log/PhpMyAdmin -systemctl reload php"$phpver"-fpm +systemctl reload "$phpFPMService" #Auto disable backends at night echo "0 0 * * * root bash /opt/toggle/toggle-Netdata.sh -d > >/dev/null 2>&1" >> /etc/cron.d/autodisablebackend echo "0 0 * * * root bash /opt/toggle/toggle-PhpMyAdmin.sh -d > >/dev/null 2>&1" >> /etc/cron.d/autodisablebackend \ No newline at end of file diff --git a/CoreModules/generic/conf.sh b/CoreModules/generic/conf.sh index f119e35..febc5d1 100644 --- a/CoreModules/generic/conf.sh +++ b/CoreModules/generic/conf.sh @@ -22,6 +22,7 @@ if [ "$shortdist" = "cent8" ]; then sed -i -e '/tuple/d' -e '/dapp/d' /usr/share/ufw/iptables/user.rules sed -i -e '/tuple/d' -e '/dapp/d' /usr/share/ufw/iptables/user6.rules echo "y" | ufw reset > $OUTPUT 2>&1 + systemctl enable ufw > $OUTPUT 2>&1 fi sed -i '/IPV6=/c\IPV6=yes' /etc/default/ufw From ae6a1f7433efb11380b160c9d0bbdc3d363db030 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Fri, 4 Dec 2020 14:10:21 +0100 Subject: [PATCH 15/37] Updated nextcloud pkg list --- CMS/nextcloud/apt.pkg.list | 1 + CMS/nextcloud/dnf.pkg.list | 1 + CMS/nextcloud/generic.pkg.list | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 CMS/nextcloud/apt.pkg.list create mode 100644 CMS/nextcloud/dnf.pkg.list diff --git a/CMS/nextcloud/apt.pkg.list b/CMS/nextcloud/apt.pkg.list new file mode 100644 index 0000000..a5c27f9 --- /dev/null +++ b/CMS/nextcloud/apt.pkg.list @@ -0,0 +1 @@ +libmagickcore-6.q16-3-extra zlib1g libpng-dev \ No newline at end of file diff --git a/CMS/nextcloud/dnf.pkg.list b/CMS/nextcloud/dnf.pkg.list new file mode 100644 index 0000000..af17788 --- /dev/null +++ b/CMS/nextcloud/dnf.pkg.list @@ -0,0 +1 @@ +ImageMagick-libs zlib libpng \ No newline at end of file diff --git a/CMS/nextcloud/generic.pkg.list b/CMS/nextcloud/generic.pkg.list index 37f80f9..e8a2941 100644 --- a/CMS/nextcloud/generic.pkg.list +++ b/CMS/nextcloud/generic.pkg.list @@ -1 +1 @@ -libmagickcore-6.q16-3-extra libxml2 openssl zlib1g libpng-dev PHPprefix-bcmath PHPprefix-gmp \ No newline at end of file +libxml2 openssl PHPprefix-bcmath PHPprefix-gmp \ No newline at end of file From 38d7b021defa7b6ebd29e7a5da4bba06224705b1 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Fri, 4 Dec 2020 15:52:41 +0100 Subject: [PATCH 16/37] Fixed php pkg list and SeLinux --- CoreModules/generic/conf.sh | 2 +- SubModules/php-fpm/apt.pkg.list | 1 + SubModules/php-fpm/conf.sh | 15 ++++++++++++++- SubModules/php-fpm/dnf.pkg.list | 1 + SubModules/php-fpm/generic.pkg.list | 2 +- 5 files changed, 18 insertions(+), 3 deletions(-) create mode 100644 SubModules/php-fpm/apt.pkg.list create mode 100644 SubModules/php-fpm/dnf.pkg.list diff --git a/CoreModules/generic/conf.sh b/CoreModules/generic/conf.sh index febc5d1..8dccf3c 100644 --- a/CoreModules/generic/conf.sh +++ b/CoreModules/generic/conf.sh @@ -6,7 +6,7 @@ if [ "$shortdist" = "cent8" ]; then semanage port -a -t ssh_port_t -p tcp 4242 systemctl enable ufw > $OUTPUT 2>&1 mkdir /var/www > $OUTPUT 2>&1 - semanage fcontext -a -t httpd_sys_content_t /var/www/ > $OUTPUT 2>&1 + semanage fcontext -a -t httpd_sys_rw_content_t /var/www/ > $OUTPUT 2>&1 restorecon -vr /var/www/ > $OUTPUT 2>&1 #Motd diff --git a/SubModules/php-fpm/apt.pkg.list b/SubModules/php-fpm/apt.pkg.list new file mode 100644 index 0000000..7521d75 --- /dev/null +++ b/SubModules/php-fpm/apt.pkg.list @@ -0,0 +1 @@ +php-pear \ No newline at end of file diff --git a/SubModules/php-fpm/conf.sh b/SubModules/php-fpm/conf.sh index ac4e59a..c0820fc 100644 --- a/SubModules/php-fpm/conf.sh +++ b/SubModules/php-fpm/conf.sh @@ -14,5 +14,18 @@ sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' "$phpMainConf" sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' "$phpMainConf" sed -i 's/post_max_size = 8/post_max_size = 64/g' "$phpMainConf" + +if [ "$shortdist" = "cent8" ]; then +# Centos Mysql config +echo "pdo_mysql.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini +echo "mysql.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini +echo "mysqli.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini +#Centos php Bin +sudo ln -s /usr/bin/php${phpver//.} /usr/bin/php +#Centos SeLinux +setsebool -P httpd_can_network_connect 1 +fi + systemctl start $phpFPMService -systemctl enable $phpFPMService \ No newline at end of file +systemctl enable $phpFPMService + diff --git a/SubModules/php-fpm/dnf.pkg.list b/SubModules/php-fpm/dnf.pkg.list new file mode 100644 index 0000000..8ccb20f --- /dev/null +++ b/SubModules/php-fpm/dnf.pkg.list @@ -0,0 +1 @@ +PHPprefix-pear PHPprefix \ No newline at end of file diff --git a/SubModules/php-fpm/generic.pkg.list b/SubModules/php-fpm/generic.pkg.list index 3238593..40d3c6b 100644 --- a/SubModules/php-fpm/generic.pkg.list +++ b/SubModules/php-fpm/generic.pkg.list @@ -1 +1 @@ -PHPprefix-imagick php-pear PHPprefix-cli PHPprefix-apcu PHPprefix-fpm PHPprefix-mysql PHPprefix-cgi PHPprefix-common PHPprefix-mbstring PHPprefix-curl PHPprefix-gd PHPprefix-intl PHPprefix-soap PHPprefix-xml PHPprefix-xmlrpc PHPprefix-zip \ No newline at end of file +PHPprefix-imagick PHPprefix-cli PHPprefix-apcu PHPprefix-fpm PHPprefix-mysql PHPprefix-cgi PHPprefix-common PHPprefix-mbstring PHPprefix-curl PHPprefix-gd PHPprefix-intl PHPprefix-soap PHPprefix-xml PHPprefix-xmlrpc PHPprefix-zip \ No newline at end of file From f3b2d3cfb5cb202e8aee4ff3afb6a2048bdfd854 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Fri, 4 Dec 2020 15:56:05 +0100 Subject: [PATCH 17/37] updated wp init script Replaced wp with /usr/local/bin/wp, because centos sudo failed to detect wp command --- CMS/wordpress/wordpress-init.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/CMS/wordpress/wordpress-init.sh b/CMS/wordpress/wordpress-init.sh index db549f5..291d75f 100644 --- a/CMS/wordpress/wordpress-init.sh +++ b/CMS/wordpress/wordpress-init.sh @@ -1,10 +1,10 @@ -sudo -u SITEname wp --path=/var/www/DOMAINname/html core update -sudo -u SITEname wp --path=/var/www/DOMAINname/html theme update --all -sudo -u SITEname wp --path=/var/www/DOMAINname/html plugin install wp-fail2ban --activate -sudo -u SITEname wp --path=/var/www/DOMAINname/html plugin install all-in-one-wp-migration --activate -sudo -u SITEname wp --path=/var/www/DOMAINname/html plugin install https://git.ictmaatwerk.com/downloads/wp/migrate.zip --activate -sudo -u SITEname wp --path=/var/www/DOMAINname/html cron event run wp_update_plugins -sudo -u SITEname wp --path=/var/www/DOMAINname/html plugin update --all +sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html core update +sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html theme update --all +sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html plugin install wp-fail2ban --activate +sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html plugin install all-in-one-wp-migration --activate +sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html plugin install https://git.ictmaatwerk.com/downloads/wp/migrate.zip --activate +sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html cron event run wp_update_plugins +sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html plugin update --all echo -e "\e[96m Please update all-in-one-wp-migration-unlimited plugin manually\e[39m" sn2=SITEname rm -f /etc/update-motd.d/51-wpnotice-${sn2//_} From aebf9c97e4e48d041c7166182efe7869a0cbf29f Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Fri, 4 Dec 2020 16:05:19 +0100 Subject: [PATCH 18/37] Fixed oopsie --- CMS/wordpress/nginx-conf.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMS/wordpress/nginx-conf.sh b/CMS/wordpress/nginx-conf.sh index 2ba0b4b..06d7e0a 100644 --- a/CMS/wordpress/nginx-conf.sh +++ b/CMS/wordpress/nginx-conf.sh @@ -4,4 +4,4 @@ sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$ sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext" #Reloading Services -systemctl reload nginx php$phpver-fpm \ No newline at end of file +systemctl reload nginx $phpFPMService \ No newline at end of file From 06a7814d980b876f24004ab8b016f2c6c1f70aef Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Fri, 4 Dec 2020 17:04:53 +0100 Subject: [PATCH 19/37] Updated SeLinux for web folder once again --- CMS/nextcloud/conf.sh | 8 ++++++++ CMS/none/apache-conf.sh | 4 ---- CMS/none/conf.sh | 16 ++++++++++++++++ CMS/none/nginx-conf.sh | 4 ---- CMS/none/nginx_nonphp-conf.sh | 4 ---- CMS/wordpress/conf.sh | 6 ++++++ CoreModules/generic/conf.sh | 4 ---- 7 files changed, 30 insertions(+), 16 deletions(-) diff --git a/CMS/nextcloud/conf.sh b/CMS/nextcloud/conf.sh index 66e99ba..fd8c8d1 100644 --- a/CMS/nextcloud/conf.sh +++ b/CMS/nextcloud/conf.sh @@ -36,8 +36,16 @@ cat < /var/www/$domain/html/config/autoconfig.php ); EOF +#Setting Permsissions chown "$sitename":"$sitename" -R /var/www/"$domain"/html +if [ "$shortdist" = "cent8" ]; then + #Setting SeLiux perms for centos + semanage fcontext -a -t httpd_sys_rw_content_t /var/www/"$domain"/html > $OUTPUT 2>&1 + restorecon -vr /var/www/ > $OUTPUT 2>&1 +fi + + #Makeing nextcloud Finalize script and setting login Notice curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/nextcloud-init.sh -o ~/NextcloudInit-"$sitename".sh sed -i -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' ~/NextcloudInit-"$sitename".sh diff --git a/CMS/none/apache-conf.sh b/CMS/none/apache-conf.sh index 61e695e..989bd96 100644 --- a/CMS/none/apache-conf.sh +++ b/CMS/none/apache-conf.sh @@ -1,9 +1,5 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Apache-unconfigured -o /tmp/apache-siteconf sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/apache-siteconf sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/"$sitename"_"$site_ext".conf -mkdir -p /var/www/"$domain"/html -echo "$webserv has been succsefully installed by the Wizard" > /var/www/$domain/html/index.html - -chown "$sitename":"$sitename" -R /var/www/"$domain"/html systemctl reload apache2 \ No newline at end of file diff --git a/CMS/none/conf.sh b/CMS/none/conf.sh index 7ab490e..82b124a 100644 --- a/CMS/none/conf.sh +++ b/CMS/none/conf.sh @@ -9,4 +9,20 @@ useradd -g "$sitename" "$sitename" systemctl reload $phpFPMService +#Creating webfolder +mkdir -p /var/www/"$domain"/html + +#Ceating content +echo "$webserv has been succsefully installed by the Wizard" > /var/www/$domain/html/index.html + +#Setting Permsissions +chown "$sitename":"$sitename" -R /var/www/"$domain"/html + +if [ "$shortdist" = "cent8" ]; then + #Setting SeLiux perms for centos + semanage fcontext -a -t httpd_sys_rw_content_t /var/www/"$domain"/html > $OUTPUT 2>&1 + restorecon -vr /var/www/ > $OUTPUT 2>&1 +fi + + fi \ No newline at end of file diff --git a/CMS/none/nginx-conf.sh b/CMS/none/nginx-conf.sh index b842221..9cbedd3 100644 --- a/CMS/none/nginx-conf.sh +++ b/CMS/none/nginx-conf.sh @@ -1,9 +1,5 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Nginx-unconfigured -o /tmp/nginx-siteconf sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/nginx-siteconf sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext" -mkdir -p /var/www/"$domain"/html -echo "$webserv has been succsefully installed by the Wizard" > /var/www/$domain/html/index.html - -chown "$sitename":"$sitename" -R /var/www/"$domain"/html systemctl reload nginx \ No newline at end of file diff --git a/CMS/none/nginx_nonphp-conf.sh b/CMS/none/nginx_nonphp-conf.sh index c14ed20..a851b87 100644 --- a/CMS/none/nginx_nonphp-conf.sh +++ b/CMS/none/nginx_nonphp-conf.sh @@ -1,9 +1,5 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Nginx_nonphp-unconfigured -o /tmp/nginx-siteconf sed -i -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/nginx-siteconf sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext" -mkdir -p /var/www/"$domain"/html -echo "$webserv has been succsefully installed by the Wizard" > /var/www/$domain/html/index.html - -chown www-data:www-data -R /var/www/"$domain"/html systemctl reload nginx \ No newline at end of file diff --git a/CMS/wordpress/conf.sh b/CMS/wordpress/conf.sh index 8a6b844..6d66198 100644 --- a/CMS/wordpress/conf.sh +++ b/CMS/wordpress/conf.sh @@ -48,6 +48,12 @@ fi #Setting Permsissions chown "$sitename":"$sitename" -R /var/www/"$domain"/html +if [ "$shortdist" = "cent8" ]; then + #Setting SeLiux perms for centos + semanage fcontext -a -t httpd_sys_rw_content_t /var/www/"$domain"/html > $OUTPUT 2>&1 + restorecon -vr /var/www/ > $OUTPUT 2>&1 +fi + #Makeing wordpress Finalize script and setting login Notice curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/wordpress-init.sh -o ~/WordpressInit-"$sitename".sh sed -i -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' ~/WordpressInit-"$sitename".sh diff --git a/CoreModules/generic/conf.sh b/CoreModules/generic/conf.sh index 8dccf3c..edd1117 100644 --- a/CoreModules/generic/conf.sh +++ b/CoreModules/generic/conf.sh @@ -5,10 +5,6 @@ if [ "$shortdist" = "cent8" ]; then #SeLinux semanage port -a -t ssh_port_t -p tcp 4242 systemctl enable ufw > $OUTPUT 2>&1 - mkdir /var/www > $OUTPUT 2>&1 - semanage fcontext -a -t httpd_sys_rw_content_t /var/www/ > $OUTPUT 2>&1 - restorecon -vr /var/www/ > $OUTPUT 2>&1 - #Motd mkdir /etc/update-motd.d echo 'if stat --printf="" /etc/update-motd.d/51* 2>/dev/null; then for f in /etc/update-motd.d/51*; do bash $f; done; fi' >> /etc/profile From 93184de8eb194052aac89b22cd97b60c03bbca7f Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Fri, 4 Dec 2020 17:22:53 +0100 Subject: [PATCH 20/37] Fixed oopsie in Selinux webdir --- CMS/nextcloud/conf.sh | 4 ++-- CMS/none/conf.sh | 4 ++-- CMS/wordpress/conf.sh | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/CMS/nextcloud/conf.sh b/CMS/nextcloud/conf.sh index fd8c8d1..73e6b14 100644 --- a/CMS/nextcloud/conf.sh +++ b/CMS/nextcloud/conf.sh @@ -41,8 +41,8 @@ chown "$sitename":"$sitename" -R /var/www/"$domain"/html if [ "$shortdist" = "cent8" ]; then #Setting SeLiux perms for centos - semanage fcontext -a -t httpd_sys_rw_content_t /var/www/"$domain"/html > $OUTPUT 2>&1 - restorecon -vr /var/www/ > $OUTPUT 2>&1 + semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1 + restorecon -vr /var/www/ > $OUTPUT 2>&1 fi diff --git a/CMS/none/conf.sh b/CMS/none/conf.sh index 82b124a..cf3e561 100644 --- a/CMS/none/conf.sh +++ b/CMS/none/conf.sh @@ -20,8 +20,8 @@ chown "$sitename":"$sitename" -R /var/www/"$domain"/html if [ "$shortdist" = "cent8" ]; then #Setting SeLiux perms for centos - semanage fcontext -a -t httpd_sys_rw_content_t /var/www/"$domain"/html > $OUTPUT 2>&1 - restorecon -vr /var/www/ > $OUTPUT 2>&1 + semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1 + restorecon -vr /var/www/ > $OUTPUT 2>&1 fi diff --git a/CMS/wordpress/conf.sh b/CMS/wordpress/conf.sh index 6d66198..15b5d91 100644 --- a/CMS/wordpress/conf.sh +++ b/CMS/wordpress/conf.sh @@ -50,7 +50,7 @@ chown "$sitename":"$sitename" -R /var/www/"$domain"/html if [ "$shortdist" = "cent8" ]; then #Setting SeLiux perms for centos - semanage fcontext -a -t httpd_sys_rw_content_t /var/www/"$domain"/html > $OUTPUT 2>&1 + semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1 restorecon -vr /var/www/ > $OUTPUT 2>&1 fi From bcb714db4495c6de43f4b33c39de264182efdc65 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Fri, 4 Dec 2020 17:38:00 +0100 Subject: [PATCH 21/37] added bzip2 for nextcloud --- CMS/nextcloud/generic.pkg.list | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMS/nextcloud/generic.pkg.list b/CMS/nextcloud/generic.pkg.list index e8a2941..e76b160 100644 --- a/CMS/nextcloud/generic.pkg.list +++ b/CMS/nextcloud/generic.pkg.list @@ -1 +1 @@ -libxml2 openssl PHPprefix-bcmath PHPprefix-gmp \ No newline at end of file +libxml2 openssl PHPprefix-bcmath PHPprefix-gmp bzip2 \ No newline at end of file From 74f12decdf8aac6f235c98bf7fe9fd9b87db7dd2 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Fri, 4 Dec 2020 18:13:30 +0100 Subject: [PATCH 22/37] Adapted nextcloud init to support redis on Centos --- CMS/nextcloud/nextcloud-init.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CMS/nextcloud/nextcloud-init.sh b/CMS/nextcloud/nextcloud-init.sh index 3306207..d74e693 100644 --- a/CMS/nextcloud/nextcloud-init.sh +++ b/CMS/nextcloud/nextcloud-init.sh @@ -7,13 +7,13 @@ sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set default_loca sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set skeletondirectory --value= sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.local --value='\OC\Memcache\APCu' -if [ "$(systemctl is-active redis-server)" = "active" ]; then +if [ "$(systemctl is-active redis-server)" = "active" ] || [ "$(systemctl is-active redis)" = "active" ]; then sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.distributed --value='\OC\Memcache\Redis' sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.locking --value='\OC\Memcache\Redis' sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set redis host --value=localhost sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set redis port --value=6379 else - echo "Redis not installed or running on this system" + echo "Redis running on this system" fi echo "*/5 * * * * SITEname php -f /var/www/DOMAINname/html/cron.php > /dev/null 2>&1" >> /etc/crontab From 3179abbb6c28bd47bee60bea94390f488330ca18 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Fri, 4 Dec 2020 19:04:27 +0100 Subject: [PATCH 23/37] Fixed backend uploads --- CMS/Backend/Fpm-Pool.conf-unconfigured | 4 ++-- CMS/nextcloud/Fpm-Pool.conf-unconfigured | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CMS/Backend/Fpm-Pool.conf-unconfigured b/CMS/Backend/Fpm-Pool.conf-unconfigured index e9ce072..1fbe55b 100644 --- a/CMS/Backend/Fpm-Pool.conf-unconfigured +++ b/CMS/Backend/Fpm-Pool.conf-unconfigured @@ -12,8 +12,8 @@ php_admin_value[post_max_size] = 16M php_admin_value[max_input_time] = 15 php_admin_value[cgi.fix_pathinfo] = 0 php_admin_value[allow_url_fopen] = Off -php_admin_value[file_uploads] = Off -php_admin_value[open_basedir] = /var/log/PhpMyAdmin:/usr/share/phpmyadmin:/var/lib/phpmyadmin:/etc/phpmyadmin +php_admin_value[file_uploads] = On +php_admin_value[open_basedir] = /var/log/PhpMyAdmin:/usr/share/phpmyadmin:/var/lib/phpmyadmin:/etc/phpmyadmin:/tmp php_admin_value[session.use_strict_mode] = 1 php_admin_value[session.cookie_httponly] = 1 ;HTTPSONLY php_admin_value[session.cookie_samesite] = Strict diff --git a/CMS/nextcloud/Fpm-Pool.conf-unconfigured b/CMS/nextcloud/Fpm-Pool.conf-unconfigured index 2f1da3e..df062c8 100644 --- a/CMS/nextcloud/Fpm-Pool.conf-unconfigured +++ b/CMS/nextcloud/Fpm-Pool.conf-unconfigured @@ -4,7 +4,7 @@ group = SITEname listen = /var/run/php/phpPHPver-fpm-SITEname.sock listen.owner = www-data listen.group = www-data -php_admin_value[disable_functions] = exec,passthru,shell_exec,system +php_admin_value[disable_functions] = exec,passthru,system php_admin_value[error_log] = /var/log/php-fpm/error-SITEname.log ; OPCACHE SETTINGS php_admin_value[opcache.memory_consumption] = 256 From 1e09184895dccf957c3fa6891ab9487e9c946c20 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Wed, 9 Dec 2020 11:32:45 +0100 Subject: [PATCH 24/37] Added more vars for pkgmanager PKGUC: Clear and update repo cache PKGUP: Running updates --- AppendCMS.sh | 2 +- AppendModule.sh | 2 +- CoreModules/generic/preconf.sh | 4 ++-- Scripts/SMI.sh | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/AppendCMS.sh b/AppendCMS.sh index c23390e..176aab6 100644 --- a/AppendCMS.sh +++ b/AppendCMS.sh @@ -197,7 +197,7 @@ fi # Installer # ##-------------## -$PKGM update +$PKGUC sed -i 's/PHPprefix/'$phpPkgName'/g' /tmp/pkg.list cat /tmp/pkg.list | xargs $PKGI diff --git a/AppendModule.sh b/AppendModule.sh index 87b41d4..455dcd3 100644 --- a/AppendModule.sh +++ b/AppendModule.sh @@ -228,7 +228,7 @@ done # Installer # ##-------------## -$PKGM update +$PKGUC sed -i 's/PHPprefix/'$phpPkgName'/g' /tmp/pkg.list cat /tmp/pkg.list | xargs $PKGI diff --git a/CoreModules/generic/preconf.sh b/CoreModules/generic/preconf.sh index afaadd8..e7379ee 100644 --- a/CoreModules/generic/preconf.sh +++ b/CoreModules/generic/preconf.sh @@ -19,8 +19,8 @@ if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb ##-------------## debconf-set-selections <<< 'libssl1.1:amd64 libraries/restart-without-asking boolean true' - $PKGM update - $PKGM upgrade -y + $PKGUC + $PKGUP ##-------------## diff --git a/Scripts/SMI.sh b/Scripts/SMI.sh index 607c290..ce79f09 100644 --- a/Scripts/SMI.sh +++ b/Scripts/SMI.sh @@ -100,7 +100,7 @@ fi ##--------------------------## msg " Starting installer" 8 78 -$PKGM update > $OUTPUT 2>&1 +$PKGUC > $OUTPUT 2>&1 $PKGI curl > $OUTPUT 2>&1 @@ -134,8 +134,8 @@ fi msg " Preconfiguring" curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=init osrel=$shortdist bash > $OUTPUT 2>&1 -$PKGM update -$PKGM upgrade -y +$PKGUC +$PKGUP ##-------------------## @@ -155,7 +155,7 @@ fi # Installer # ##-------------## -$PKGM update +$PKGUC sed -i 's/PHPprefix/'$phpPkgName'/g' /tmp/pkg.list cat /tmp/pkg.list | xargs $PKGI From 7e65bec3754d8a39e9db811b492dd79482c2eac2 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Wed, 9 Dec 2020 11:33:42 +0100 Subject: [PATCH 25/37] new pkgmanager var also added to installer --- installer.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/installer.sh b/installer.sh index daf2dce..581272b 100644 --- a/installer.sh +++ b/installer.sh @@ -38,21 +38,29 @@ dist=$(grep --color=never -Po "^ID=\K.*" "/etc/os-release") if [[ "${dist}" == *"ubuntu"* ]] && [[ "${dist_ver}" == *"18.04"* ]]; then PKGM="$APTMODE" + PKGUC="$PKGM update" + PKGUP="$PKGM upgrade -y" PKGI="${PKGM} install -y --no-install-recommends" PKGLIST="apt" shortdist=ubu1804 elif [[ "${dist}" == *"ubuntu"* ]] && [[ "${dist_ver}" == *"20.04"* ]]; then PKGM="$APTMODE" + PKGUC="$PKGM update" + PKGUP="$PKGM upgrade -y" PKGI="${PKGM} install -y --no-install-recommends" PKGLIST="apt" shortdist=ubu2004 elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then PKGM="$APTMODE" + PKGUC="$PKGM update" + PKGUP="$PKGM upgrade -y" PKGI="${PKGM} install -y --no-install-recommends" PKGLIST="apt" shortdist=deb10 elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then PKGM="dnf" + PKGUC="$PKGM check-update --refresh" + PKGUP="$PKGM update -y" PKGI="${PKGM} install --setopt=install_weak_deps=False --best -y" PKGLIST="dnf" shortdist=cent8 @@ -204,7 +212,7 @@ if [[ "$syscheckoff" -ne 1 ]] && [[ -d /etc/ICTM ]]; then msg " This ##--------------------------## msg " Starting installer" 8 78 -$PKGM update -y > $OUTPUT 2>&1 +$PKGUC > $OUTPUT 2>&1 $PKGI curl wget > $OUTPUT 2>&1 @@ -361,7 +369,7 @@ fi mkdir -p /etc/ICTM/sites echo "InstDate=$(date "+%d-%B-%Y")" >> /etc/ICTM/mainvar.list -for storeme in PKGM PKGI PKGLIST OUTPUT IMODE shortdist repo branch branchtype webserv email shortdist hostname; do +for storeme in PKGM PKGI PKGUC PKGUP PKGLIST OUTPUT IMODE shortdist repo branch branchtype webserv email shortdist hostname; do declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/mainvar.list done From b112be5aeb5a62a90cc25948cc206b5269dde2cc Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Wed, 9 Dec 2020 12:21:17 +0100 Subject: [PATCH 26/37] Added tar to Installer-Requirements --- installer.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/installer.sh b/installer.sh index 581272b..4d84c74 100644 --- a/installer.sh +++ b/installer.sh @@ -213,7 +213,7 @@ if [[ "$syscheckoff" -ne 1 ]] && [[ -d /etc/ICTM ]]; then msg " This msg " Starting installer" 8 78 $PKGUC > $OUTPUT 2>&1 -$PKGI curl wget > $OUTPUT 2>&1 +$PKGI curl wget tar > $OUTPUT 2>&1 ##--------## From 2a6de08f75fb0058bda1e3e4d58f3db13d50337f Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Wed, 9 Dec 2020 13:29:25 +0100 Subject: [PATCH 27/37] Fixed fail2ban and replaced cent8 with el8 --- CMS/nextcloud/conf.sh | 2 +- CMS/none/conf.sh | 2 +- CMS/wordpress/conf.sh | 2 +- CoreModules/generic/conf.sh | 13 ++++++++-- CoreModules/generic/preconf.sh | 2 +- Scripts/GeneratePhplist.sh | 2 +- Scripts/SMI.sh | 2 +- SubModules/php-fpm/conf.sh | 2 +- SubModules/php-fpm/preconf.sh | 2 +- SubModules/redis/preconf.sh | 2 +- config/fail2ban/action.d/ufw.conf | 42 +++++++++++++++++++++++++++++++ installer.sh | 2 +- 12 files changed, 63 insertions(+), 12 deletions(-) create mode 100644 config/fail2ban/action.d/ufw.conf diff --git a/CMS/nextcloud/conf.sh b/CMS/nextcloud/conf.sh index 73e6b14..d6e78d5 100644 --- a/CMS/nextcloud/conf.sh +++ b/CMS/nextcloud/conf.sh @@ -39,7 +39,7 @@ EOF #Setting Permsissions chown "$sitename":"$sitename" -R /var/www/"$domain"/html -if [ "$shortdist" = "cent8" ]; then +if [ "$shortdist" = "el8" ]; then #Setting SeLiux perms for centos semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1 restorecon -vr /var/www/ > $OUTPUT 2>&1 diff --git a/CMS/none/conf.sh b/CMS/none/conf.sh index cf3e561..4a424cf 100644 --- a/CMS/none/conf.sh +++ b/CMS/none/conf.sh @@ -18,7 +18,7 @@ echo "$webserv has been succsefully installed by the Wi #Setting Permsissions chown "$sitename":"$sitename" -R /var/www/"$domain"/html -if [ "$shortdist" = "cent8" ]; then +if [ "$shortdist" = "el8" ]; then #Setting SeLiux perms for centos semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1 restorecon -vr /var/www/ > $OUTPUT 2>&1 diff --git a/CMS/wordpress/conf.sh b/CMS/wordpress/conf.sh index 15b5d91..4e49c1b 100644 --- a/CMS/wordpress/conf.sh +++ b/CMS/wordpress/conf.sh @@ -48,7 +48,7 @@ fi #Setting Permsissions chown "$sitename":"$sitename" -R /var/www/"$domain"/html -if [ "$shortdist" = "cent8" ]; then +if [ "$shortdist" = "el8" ]; then #Setting SeLiux perms for centos semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1 restorecon -vr /var/www/ > $OUTPUT 2>&1 diff --git a/CoreModules/generic/conf.sh b/CoreModules/generic/conf.sh index edd1117..a29d275 100644 --- a/CoreModules/generic/conf.sh +++ b/CoreModules/generic/conf.sh @@ -1,7 +1,7 @@ ##----------## # Centos # ##----------## -if [ "$shortdist" = "cent8" ]; then +if [ "$shortdist" = "el8" ]; then #SeLinux semanage port -a -t ssh_port_t -p tcp 4242 systemctl enable ufw > $OUTPUT 2>&1 @@ -14,7 +14,7 @@ fi # UFW # ##-------## -if [ "$shortdist" = "cent8" ]; then +if [ "$shortdist" = "el8" ]; then sed -i -e '/tuple/d' -e '/dapp/d' /usr/share/ufw/iptables/user.rules sed -i -e '/tuple/d' -e '/dapp/d' /usr/share/ufw/iptables/user6.rules echo "y" | ufw reset > $OUTPUT 2>&1 @@ -42,6 +42,15 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fai curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-hard.conf -o /etc/fail2ban/filter.d/wordpress-hard.local curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-soft.conf -o /etc/fail2ban/filter.d/wordpress-soft.local +if [ "$shortdist" = "el8" ]; then + curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Filters/action.d/ufw.conf -o /etc/fail2ban/action.d/ufw.conf + ln -s /var/log/secure /var/log/auth.log +fi + +#Start fail2ban service +systemctl start fail2ban +systemctl enable fail2ban + #General jails rm /etc/fail2ban/jail.d/* curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/sshd.jail -o /etc/fail2ban/jail.d/sshd.local diff --git a/CoreModules/generic/preconf.sh b/CoreModules/generic/preconf.sh index e7379ee..1f2e951 100644 --- a/CoreModules/generic/preconf.sh +++ b/CoreModules/generic/preconf.sh @@ -31,7 +31,7 @@ if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb if dpkg-query -Wf'${db:Status-abbrev}' postfix 2>/dev/null | grep -q '^i'; then apt purge -y postfix > $OUTPUT 2>&1; fi -elif [ "$shortdist" = "cent8" ]; then +elif [ "$shortdist" = "el8" ]; then ################ # Centos # ################ diff --git a/Scripts/GeneratePhplist.sh b/Scripts/GeneratePhplist.sh index a814e45..b31f088 100644 --- a/Scripts/GeneratePhplist.sh +++ b/Scripts/GeneratePhplist.sh @@ -7,7 +7,7 @@ if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb phpMainConf=/etc/php/${phpver}/fpm/php.ini phpFPMService=php${phpver}-fpm -elif [ "$shortdist" = "cent8" ]; then +elif [ "$shortdist" = "el8" ]; then # Centos Php variable phpPoolDir=/etc/opt/remi/php${phpver//.}/php-fpm.d/ phpPkgName=php${phpver//.}-php diff --git a/Scripts/SMI.sh b/Scripts/SMI.sh index ce79f09..06ac178 100644 --- a/Scripts/SMI.sh +++ b/Scripts/SMI.sh @@ -50,7 +50,7 @@ elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then PKGM="dnf" PKGI="${PKGM} install --setopt=install_weak_deps=False --best -y" PKGLIST="dnf" - shortdist=cent8 + shortdist=el8 echo "This OS is not supported" exit else diff --git a/SubModules/php-fpm/conf.sh b/SubModules/php-fpm/conf.sh index c0820fc..204ab22 100644 --- a/SubModules/php-fpm/conf.sh +++ b/SubModules/php-fpm/conf.sh @@ -15,7 +15,7 @@ sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' "$phpMainConf" sed -i 's/post_max_size = 8/post_max_size = 64/g' "$phpMainConf" -if [ "$shortdist" = "cent8" ]; then +if [ "$shortdist" = "el8" ]; then # Centos Mysql config echo "pdo_mysql.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini echo "mysql.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini diff --git a/SubModules/php-fpm/preconf.sh b/SubModules/php-fpm/preconf.sh index 6ab7b7f..db90f43 100644 --- a/SubModules/php-fpm/preconf.sh +++ b/SubModules/php-fpm/preconf.sh @@ -5,7 +5,7 @@ if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb phpMainConf=/etc/php/${phpver}/fpm/php.ini phpFPMService=php${phpver}-fpm -elif [ "$shortdist" = "cent8" ]; then +elif [ "$shortdist" = "el8" ]; then # Centos Php variable phpPoolDir=/etc/opt/remi/php${phpver//.}/php-fpm.d/ phpPkgName=php${phpver//.}-php diff --git a/SubModules/redis/preconf.sh b/SubModules/redis/preconf.sh index f868b2d..a94f95a 100644 --- a/SubModules/redis/preconf.sh +++ b/SubModules/redis/preconf.sh @@ -4,7 +4,7 @@ if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb # Debian/Ubunbtu redis variables redisService=redis-server -elif [ "$shortdist" = "cent8" ]; then +elif [ "$shortdist" = "el8" ]; then # Centos redis variable redisService=redis fi diff --git a/config/fail2ban/action.d/ufw.conf b/config/fail2ban/action.d/ufw.conf new file mode 100644 index 0000000..d2f731f --- /dev/null +++ b/config/fail2ban/action.d/ufw.conf @@ -0,0 +1,42 @@ +# Fail2Ban action configuration file for ufw +# +# You are required to run "ufw enable" before this will have any effect. +# +# The insert position should be appropriate to block the required traffic. +# A number after an allow rule to the application won't be of much use. + +[Definition] + +actionstart = + +actionstop = + +actioncheck = + +actionban = [ -n "" ] && app="app " + ufw insert from to $app + +actionunban = [ -n "" ] && app="app " + ufw delete from to $app + +[Init] +# Option: insertpos +# Notes.: The position number in the firewall list to insert the block rule +insertpos = 1 + +# Option: blocktype +# Notes.: reject or deny +blocktype = reject + +# Option: destination +# Notes.: The destination address to block in the ufw rule +destination = any + +# Option: application +# Notes.: application from sudo ufw app list +application = + +# DEV NOTES: +# +# Author: Guilhem Lettron +# Enhancements: Daniel Black diff --git a/installer.sh b/installer.sh index 4d84c74..70efcfe 100644 --- a/installer.sh +++ b/installer.sh @@ -63,7 +63,7 @@ elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then PKGUP="$PKGM update -y" PKGI="${PKGM} install --setopt=install_weak_deps=False --best -y" PKGLIST="dnf" - shortdist=cent8 + shortdist=el8 echo "The support for this os is being worked on" else echo "This os in not supported" From 95f2a19422c3feae82a35192c13c70293526f0ef Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Wed, 9 Dec 2020 15:13:23 +0100 Subject: [PATCH 28/37] Updated apache module to use vars --- AppendCMS.sh | 1 + CMS/Backend/apache-conf.sh | 4 +- CMS/nextcloud/apache-conf.sh | 4 +- CMS/none/apache-conf.sh | 4 +- CMS/wordpress/apache-conf.sh | 4 +- CMS/wordpress/conf.sh | 3 + CoreModules/apache/appendCMS-conf.sh | 20 +++--- .../apache/{generic.pkg.list => apt.pkg.list} | 0 CoreModules/apache/conf.sh | 61 +++++++++++-------- CoreModules/apache/dnf.pkg.list | 1 + CoreModules/apache/preconf.sh | 16 +++++ CoreModules/apache/ssl-handler.sh | 10 +-- CoreModules/generic/conf.sh | 5 -- Scripts/EnableSSL.sh | 5 +- Scripts/toggles/toggle-PhpMyAdmin_APACHE.sh | 8 +-- 15 files changed, 88 insertions(+), 58 deletions(-) rename CoreModules/apache/{generic.pkg.list => apt.pkg.list} (100%) create mode 100644 CoreModules/apache/dnf.pkg.list diff --git a/AppendCMS.sh b/AppendCMS.sh index 176aab6..33745cd 100644 --- a/AppendCMS.sh +++ b/AppendCMS.sh @@ -8,6 +8,7 @@ if [ ! -f "/etc/ICTM/phpvar.list" ] ; then echo 'Php var list missing,Please run source /etc/ICTM/selopts.list source /etc/ICTM/mainvar.list source /etc/ICTM/phpvar.list +if [ ! -f "/etc/ICTM/apachevar.list" ] ; then source /etc/ICTM/apachevar.list; fi rm /tmp/pkg.list > $OUTPUT 2>&1 source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/ModulesMenu.list) diff --git a/CMS/Backend/apache-conf.sh b/CMS/Backend/apache-conf.sh index f458397..fa9a2a6 100644 --- a/CMS/Backend/apache-conf.sh +++ b/CMS/Backend/apache-conf.sh @@ -1,4 +1,4 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/Backend/apache-siteBackend-unconfigured -o /tmp/apache-siteconf sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$hostname'/g' /tmp/apache-siteconf -sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/Backend_"$siteBackend_ext".conf -systemctl reload apache2 \ No newline at end of file +sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' "$apacheConfDir"/sites-available/Backend_"$siteBackend_ext".conf +systemctl reload $apacheService \ No newline at end of file diff --git a/CMS/nextcloud/apache-conf.sh b/CMS/nextcloud/apache-conf.sh index d4d2f53..71b7636 100644 --- a/CMS/nextcloud/apache-conf.sh +++ b/CMS/nextcloud/apache-conf.sh @@ -1,11 +1,11 @@ #Apache curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/Apache-unconfigured -o /tmp/apache-siteconf sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/apache-siteconf -sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/"$sitename"_"$site_ext".conf +sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' "$apacheConfDir"/sites-available/"$sitename"_"$site_ext".conf chown "$sitename":"$sitename" -R /var/www/"$domain"/html #PHP sed -i -e '/cgi.fix_pathinfo/c\php_admin_value[cgi.fix_pathinfo] = 1' "$phpPoolDir"/$sitename.conf sed -i -e '/security.limit_extensions/c\php_admin_value[security.limit_extensions] = .php' "$phpPoolDir"/$sitename.conf -systemctl reload apache2 php$phpver-fpm \ No newline at end of file +systemctl reload $apacheService $phpFPMService \ No newline at end of file diff --git a/CMS/none/apache-conf.sh b/CMS/none/apache-conf.sh index 989bd96..13a4a09 100644 --- a/CMS/none/apache-conf.sh +++ b/CMS/none/apache-conf.sh @@ -1,5 +1,5 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Apache-unconfigured -o /tmp/apache-siteconf sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/apache-siteconf -sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/"$sitename"_"$site_ext".conf +sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' "$apacheConfDir"/sites-available/"$sitename"_"$site_ext".conf -systemctl reload apache2 \ No newline at end of file +systemctl reload $apacheService \ No newline at end of file diff --git a/CMS/wordpress/apache-conf.sh b/CMS/wordpress/apache-conf.sh index a24ea1f..9b254da 100644 --- a/CMS/wordpress/apache-conf.sh +++ b/CMS/wordpress/apache-conf.sh @@ -1,6 +1,6 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/Apache-unconfigured -o /tmp/apache-siteconf sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/apache-siteconf -sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/"$sitename"_"$site_ext".conf +sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' "$apacheConfDir"/sites-available/"$sitename"_"$site_ext".conf chown "$sitename":"$sitename" -R /var/www/"$domain"/html -systemctl reload apache2 php$phpver-fpm \ No newline at end of file +systemctl reload $apacheService $phpFPMService \ No newline at end of file diff --git a/CMS/wordpress/conf.sh b/CMS/wordpress/conf.sh index 4e49c1b..de03905 100644 --- a/CMS/wordpress/conf.sh +++ b/CMS/wordpress/conf.sh @@ -43,6 +43,9 @@ systemctl reload $phpFPMService #fail2ban if [ ! -f /etc/fail2ban/jail.d/wordpress-syslog.local ]; then curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/wordpress-syslog.jail -o /etc/fail2ban/jail.d/wordpress-syslog.local + if [ "$shortdist" = "el8" ]; then + sed -i '/logpath/c\logpath = /var/log/secure' /etc/fail2ban/jail.d/wordpress-syslog.local + fi fi #Setting Permsissions diff --git a/CoreModules/apache/appendCMS-conf.sh b/CoreModules/apache/appendCMS-conf.sh index 0931e53..79ddbe7 100644 --- a/CoreModules/apache/appendCMS-conf.sh +++ b/CoreModules/apache/appendCMS-conf.sh @@ -4,19 +4,19 @@ if [ $domainwww = 1 ]; then #non-ssl - curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-wwwredir >> /etc/apache2/sites-available/"$sitename"_nossl.conf - echo "" >> /etc/apache2/sites-available/"$sitename"_nossl.conf + curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-wwwredir >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf + echo "" >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf #ssl - curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-wwwredir >> /etc/apache2/sites-available/"$sitename"_ssl.conf - echo "" >> /etc/apache2/sites-available/"$sitename"_ssl.conf + curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-wwwredir >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf + echo "" >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf fi #non-ssl -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> /etc/apache2/sites-available/"$sitename"_nossl.conf -sed -i -e 's/DOMAINname/'$domain'/g' /etc/apache2/sites-available/"$sitename"_nossl.conf -ln -s /etc/apache2/sites-available/"$sitename"_nossl.conf /etc/apache2/sites-enabled/010-"$sitename".conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf +sed -i -e 's/DOMAINname/'$domain'/g' "$apacheConfDir"/sites-available/"$sitename"_nossl.conf +ln -s "$apacheConfDir"/sites-available/"$sitename"_nossl.conf "$apacheConfDir"/sites-enabled/010-"$sitename".conf #ssl -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> /etc/apache2/sites-available/"$sitename"_ssl.conf -sed -i -e 's/DOMAINname/'$domain'/g' /etc/apache2/sites-available/"$sitename"_ssl.conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf +sed -i -e 's/DOMAINname/'$domain'/g' "$apacheConfDir"/sites-available/"$sitename"_ssl.conf -systemctl reload apache2 \ No newline at end of file +systemctl reload $apacheService \ No newline at end of file diff --git a/CoreModules/apache/generic.pkg.list b/CoreModules/apache/apt.pkg.list similarity index 100% rename from CoreModules/apache/generic.pkg.list rename to CoreModules/apache/apt.pkg.list diff --git a/CoreModules/apache/conf.sh b/CoreModules/apache/conf.sh index 11c7016..33dea76 100644 --- a/CoreModules/apache/conf.sh +++ b/CoreModules/apache/conf.sh @@ -1,55 +1,68 @@ -systemctl stop apache2 > $OUTPUT 2>&1 +systemctl stop $apacheService > $OUTPUT 2>&1 ############## # Apache # ############## +#Centos +if [ "$shortdist" = "el8" ]; then + echo 'IncludeOptional conf-enabled/*.conf'/etc/httpd/conf/httpd.conf + echo 'IncludeOptional sites-enabled/*.conf'/etc/httpd/conf/httpd.conf + sed -i -e '/User apache/c\User www-data' -e '/Group apache/c\Group www-data' /etc/httpd/conf/httpd.conf + sed -i 's/^/#/g' /etc/httpd/conf.d/welcome.conf + #Creating directories + mkdir -p /etc/httpd/{sites-available,sites-enabled,conf-enabled,conf-available,} +fi + a2dissite 000-default > $OUTPUT 2>&1 a2dismod mpm_prefork > $OUTPUT 2>&1 a2enmod actions fcgid alias proxy_fcgi ssl headers http2 setenvif socache_shmcb > $OUTPUT 2>&1 -mkdir -p /etc/apache2/snippets/ -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/snippets-ssl.conf -o /etc/apache2/snippets/apa-ssl.conf -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/snippets-backendredir.conf -o /etc/apache2/snippets/apa-backendredir.conf -sed -i -e 's/HOSTname/'$hostname'/' /etc/apache2/snippets/apa-backendredir.conf -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/conf-custom.conf -o /etc/apache2/conf-enabled/zzz-custom.conf +mkdir -p "$apacheConfDir"/snippets/ +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/snippets-ssl.conf -o "$apacheConfDir"/snippets/apa-ssl.conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/snippets-backendredir.conf -o "$apacheConfDir"/snippets/apa-backendredir.conf +sed -i -e 's/HOSTname/'$hostname'/' "$apacheConfDir"/snippets/apa-backendredir.conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/conf-custom.conf -o "$apacheConfDir"/conf-enabled/zzz-custom.conf #Catch all (ip and unconfigured domains) -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_CatchAll -o /etc/apache2/sites-available/CatchAll.conf -ln -s /etc/apache2/sites-available/CatchAll.conf /etc/apache2/sites-enabled/999-CatchAll.conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_CatchAll -o "$apacheConfDir"/sites-available/CatchAll.conf +ln -s "$apacheConfDir"/sites-available/CatchAll.conf "$apacheConfDir"/sites-enabled/999-CatchAll.conf if [ $domainwww = 1 ]; then #non-ssl - curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-wwwredir >> /etc/apache2/sites-available/"$sitename"_nossl.conf - echo "" >> /etc/apache2/sites-available/"$sitename"_nossl.conf + curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-wwwredir >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf + echo "" >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf #ssl - curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-wwwredir >> /etc/apache2/sites-available/"$sitename"_ssl.conf - echo "" >> /etc/apache2/sites-available/"$sitename"_ssl.conf + curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-wwwredir >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf + echo "" >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf fi #non-ssl -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> /etc/apache2/sites-available/"$sitename"_nossl.conf -sed -i -e 's/DOMAINname/'$domain'/g' /etc/apache2/sites-available/"$sitename"_nossl.conf -ln -s /etc/apache2/sites-available/"$sitename"_nossl.conf /etc/apache2/sites-enabled/010-"$sitename".conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf +sed -i -e 's/DOMAINname/'$domain'/g' "$apacheConfDir"/sites-available/"$sitename"_nossl.conf +ln -s "$apacheConfDir"/sites-available/"$sitename"_nossl.conf "$apacheConfDir"/sites-enabled/010-"$sitename".conf #ssl -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> /etc/apache2/sites-available/"$sitename"_ssl.conf -sed -i -e 's/DOMAINname/'$domain'/g' /etc/apache2/sites-available/"$sitename"_ssl.conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf +sed -i -e 's/DOMAINname/'$domain'/g' "$apacheConfDir"/sites-available/"$sitename"_ssl.conf #non-ssl-Backend -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> /etc/apache2/sites-available/Backend_nossl.conf -sed -i -e 's/DOMAINname/'$hostname'/g' /etc/apache2/sites-available/Backend_nossl.conf -ln -s /etc/apache2/sites-available/Backend_nossl.conf /etc/apache2/sites-enabled/010-Backend.conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> "$apacheConfDir"/sites-available/Backend_nossl.conf +sed -i -e 's/DOMAINname/'$hostname'/g' "$apacheConfDir"/sites-available/Backend_nossl.conf +ln -s "$apacheConfDir"/sites-available/Backend_nossl.conf "$apacheConfDir"/sites-enabled/010-Backend.conf #ssl-Backend -curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> /etc/apache2/sites-available/Backend_ssl.conf -sed -i -e 's/DOMAINname/'$hostname'/g' /etc/apache2/sites-available/Backend_ssl.conf +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> "$apacheConfDir"/sites-available/Backend_ssl.conf +sed -i -e 's/DOMAINname/'$hostname'/g' "$apacheConfDir"/sites-available/Backend_ssl.conf mkdir -p /opt/toggle curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-PhpMyAdmin_APACHE.sh -o /opt/toggle/toggle-PhpMyAdmin.sh +sed -i -e 's/APASRV/'$apacheService'/' -e 's/APADIR/'$apacheConfDir'/' /opt/toggle/toggle-PhpMyAdmin.sh + + # custom Welcome page echo "$webserv is functioning normally" > /var/www/html/index.html -systemctl start apache2 > $OUTPUT 2>&1 -systemctl enable apache2 > $OUTPUT 2>&1 \ No newline at end of file +systemctl start $apacheService > $OUTPUT 2>&1 +systemctl enable $apacheService > $OUTPUT 2>&1 \ No newline at end of file diff --git a/CoreModules/apache/dnf.pkg.list b/CoreModules/apache/dnf.pkg.list new file mode 100644 index 0000000..789a318 --- /dev/null +++ b/CoreModules/apache/dnf.pkg.list @@ -0,0 +1 @@ +httpd mod_fcgid \ No newline at end of file diff --git a/CoreModules/apache/preconf.sh b/CoreModules/apache/preconf.sh index a4bbb1b..fac1fcf 100644 --- a/CoreModules/apache/preconf.sh +++ b/CoreModules/apache/preconf.sh @@ -1 +1,17 @@ +if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb10" ] ; then +# Debian/Ubunbtu apache variables + apacheConfDir=/etc/apache2 + apacheService=apche2 + +elif [ "$shortdist" = "el8" ]; then +# Centos Php variable + apacheConfDir=/etc/httpd + apacheService=httpd +fi + +#Storing vars to config +for storeme in apacheService apacheConfDir; do + declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/apachevar.list +done + curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=apache osrel=$shortdist bash > $OUTPUT 2>&1 > $OUTPUT 2>&1 \ No newline at end of file diff --git a/CoreModules/apache/ssl-handler.sh b/CoreModules/apache/ssl-handler.sh index 523d267..f6c0886 100644 --- a/CoreModules/apache/ssl-handler.sh +++ b/CoreModules/apache/ssl-handler.sh @@ -1,9 +1,9 @@ -rm /etc/apache2/sites-enabled/010-"$sitename".conf -ln -s /etc/apache2/sites-available/"$sitename"_"$site_ext".conf /etc/apache2/sites-enabled/010-"$sitename".conf +rm "$apacheConfDir"/sites-enabled/010-"$sitename".conf +ln -s "$apacheConfDir"/sites-available/"$sitename"_"$site_ext".conf "$apacheConfDir"/sites-enabled/010-"$sitename".conf if [ -n "$sslfr" ]; then -rm /etc/apache2/sites-enabled/010-Backend.conf -ln -s /etc/apache2/sites-available/Backend_"$siteBackend_ext".conf /etc/apache2/sites-enabled/010-Backend.conf +rm "$apacheConfDir"/sites-enabled/010-Backend.conf +ln -s "$apacheConfDir"/sites-available/Backend_"$siteBackend_ext".conf "$apacheConfDir"/sites-enabled/010-Backend.conf fi -systemctl reload apache2 +systemctl reload $apacheService diff --git a/CoreModules/generic/conf.sh b/CoreModules/generic/conf.sh index a29d275..d4205b6 100644 --- a/CoreModules/generic/conf.sh +++ b/CoreModules/generic/conf.sh @@ -42,11 +42,6 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fai curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-hard.conf -o /etc/fail2ban/filter.d/wordpress-hard.local curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-soft.conf -o /etc/fail2ban/filter.d/wordpress-soft.local -if [ "$shortdist" = "el8" ]; then - curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Filters/action.d/ufw.conf -o /etc/fail2ban/action.d/ufw.conf - ln -s /var/log/secure /var/log/auth.log -fi - #Start fail2ban service systemctl start fail2ban systemctl enable fail2ban diff --git a/Scripts/EnableSSL.sh b/Scripts/EnableSSL.sh index 5c64b6e..098b300 100644 --- a/Scripts/EnableSSL.sh +++ b/Scripts/EnableSSL.sh @@ -8,8 +8,9 @@ webserv=WebServer webservice=WebServer #Correcting service name for Apache -if [ $webservice = apache ]; then - webservice=apache2 +if [ $webservice = apache ]; then\ + source /etc/ICTM/apachevar.list + webservice="$apacheService" ext=.conf fi diff --git a/Scripts/toggles/toggle-PhpMyAdmin_APACHE.sh b/Scripts/toggles/toggle-PhpMyAdmin_APACHE.sh index 88f8fbc..9a14209 100644 --- a/Scripts/toggles/toggle-PhpMyAdmin_APACHE.sh +++ b/Scripts/toggles/toggle-PhpMyAdmin_APACHE.sh @@ -20,13 +20,13 @@ if [ -n "$1" ]; then if [[ "$1" = "-d" && "$PhpMA" != 0 ]]; then echo "Disable PhpMyadmin" sed -i '/PhpMA=/c\PhpMA=0' /etc/ICTM/toggle.conf - sed -i --follow-symlinks '/#enables\/disables PHPMyadmin/!b;n;cdeny from all' /etc/apache2/sites-enabled/010-Backend.conf - systemctl reload apache2 + sed -i --follow-symlinks '/#enables\/disables PHPMyadmin/!b;n;cdeny from all' /APADIR/sites-enabled/010-Backend.conf + systemctl reload APASRV elif [[ "$1" = "-e" && "$PhpMA" != 1 ]]; then echo "Enable PhpMyadmin" sed -i '/PhpMA=/c\PhpMA=1' /etc/ICTM/toggle.conf - sed -i --follow-symlinks '/#enables\/disables PHPMyadmin/!b;n;c#deny from all' /etc/apache2/sites-enabled/010-Backend.conf - systemctl reload apache2 + sed -i --follow-symlinks '/#enables\/disables PHPMyadmin/!b;n;c#deny from all' /APADIR/sites-enabled/010-Backend.conf + systemctl reload APASRV elif [[ "$1" = "-h" ]]; then usage else From fe742ec534d94ee377a84c687af97eb50b3b0dc0 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Wed, 9 Dec 2020 15:29:02 +0100 Subject: [PATCH 29/37] Fixed oopsie --- CoreModules/apache/conf.sh | 2 +- CoreModules/apache/preconf.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CoreModules/apache/conf.sh b/CoreModules/apache/conf.sh index 33dea76..cdd2aa7 100644 --- a/CoreModules/apache/conf.sh +++ b/CoreModules/apache/conf.sh @@ -56,7 +56,7 @@ sed -i -e 's/DOMAINname/'$hostname'/g' "$apacheConfDir"/sites-available/Backend_ mkdir -p /opt/toggle curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-PhpMyAdmin_APACHE.sh -o /opt/toggle/toggle-PhpMyAdmin.sh -sed -i -e 's/APASRV/'$apacheService'/' -e 's/APADIR/'$apacheConfDir'/' /opt/toggle/toggle-PhpMyAdmin.sh +sed -i -e 's/APASRV/'$apacheService'/' -e 's#APADIR#'$apacheConfDir'#' /opt/toggle/toggle-PhpMyAdmin.sh diff --git a/CoreModules/apache/preconf.sh b/CoreModules/apache/preconf.sh index fac1fcf..f6641db 100644 --- a/CoreModules/apache/preconf.sh +++ b/CoreModules/apache/preconf.sh @@ -1,7 +1,7 @@ if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb10" ] ; then # Debian/Ubunbtu apache variables apacheConfDir=/etc/apache2 - apacheService=apche2 + apacheService=apache2 elif [ "$shortdist" = "el8" ]; then # Centos Php variable From 92b487345e4c25d69929439349dd646cef2daab2 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Wed, 9 Dec 2020 17:26:38 +0100 Subject: [PATCH 30/37] Cleanup apache --- CoreModules/apache/conf.sh | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/CoreModules/apache/conf.sh b/CoreModules/apache/conf.sh index cdd2aa7..299adcd 100644 --- a/CoreModules/apache/conf.sh +++ b/CoreModules/apache/conf.sh @@ -4,21 +4,20 @@ systemctl stop $apacheService > $OUTPUT 2>&1 # Apache # ############## -#Centos -if [ "$shortdist" = "el8" ]; then +if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb10" ] ; then + a2dissite 000-default > $OUTPUT 2>&1 + a2dismod mpm_prefork > $OUTPUT 2>&1 + a2enmod actions fcgid alias proxy_fcgi ssl headers http2 setenvif socache_shmcb > $OUTPUT 2>&1 + mkdir -p "$apacheConfDir"/snippets/ +elif [ "$shortdist" = "el8" ]; then echo 'IncludeOptional conf-enabled/*.conf'/etc/httpd/conf/httpd.conf echo 'IncludeOptional sites-enabled/*.conf'/etc/httpd/conf/httpd.conf sed -i -e '/User apache/c\User www-data' -e '/Group apache/c\Group www-data' /etc/httpd/conf/httpd.conf sed -i 's/^/#/g' /etc/httpd/conf.d/welcome.conf #Creating directories - mkdir -p /etc/httpd/{sites-available,sites-enabled,conf-enabled,conf-available,} + mkdir -p /etc/httpd/{sites-available,sites-enabled,conf-enabled,conf-available,snippets} fi -a2dissite 000-default > $OUTPUT 2>&1 -a2dismod mpm_prefork > $OUTPUT 2>&1 -a2enmod actions fcgid alias proxy_fcgi ssl headers http2 setenvif socache_shmcb > $OUTPUT 2>&1 - -mkdir -p "$apacheConfDir"/snippets/ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/snippets-ssl.conf -o "$apacheConfDir"/snippets/apa-ssl.conf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/snippets-backendredir.conf -o "$apacheConfDir"/snippets/apa-backendredir.conf sed -i -e 's/HOSTname/'$hostname'/' "$apacheConfDir"/snippets/apa-backendredir.conf From 377c3e6e50222cd0a332e3d7f2f46bacf187e2f3 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Wed, 9 Dec 2020 18:04:48 +0100 Subject: [PATCH 31/37] Added bugfix to apache for centos --- CoreModules/apache/conf.sh | 5 +++-- CoreModules/apache/config/apache2/conf-httpd-custom.conf | 1 + CoreModules/apache/dnf.pkg.list | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) create mode 100644 CoreModules/apache/config/apache2/conf-httpd-custom.conf diff --git a/CoreModules/apache/conf.sh b/CoreModules/apache/conf.sh index 299adcd..933c4a5 100644 --- a/CoreModules/apache/conf.sh +++ b/CoreModules/apache/conf.sh @@ -10,10 +10,11 @@ if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb a2enmod actions fcgid alias proxy_fcgi ssl headers http2 setenvif socache_shmcb > $OUTPUT 2>&1 mkdir -p "$apacheConfDir"/snippets/ elif [ "$shortdist" = "el8" ]; then - echo 'IncludeOptional conf-enabled/*.conf'/etc/httpd/conf/httpd.conf - echo 'IncludeOptional sites-enabled/*.conf'/etc/httpd/conf/httpd.conf + echo 'IncludeOptional conf-enabled/*.conf' >>/etc/httpd/conf/httpd.conf + echo 'IncludeOptional sites-enabled/*.conf' >>/etc/httpd/conf/httpd.conf sed -i -e '/User apache/c\User www-data' -e '/Group apache/c\Group www-data' /etc/httpd/conf/httpd.conf sed -i 's/^/#/g' /etc/httpd/conf.d/welcome.conf + curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/conf-httpd-custom.conf -o "$apacheConfDir"/conf-enabled/zzz-Httpd-custom.conf #Creating directories mkdir -p /etc/httpd/{sites-available,sites-enabled,conf-enabled,conf-available,snippets} fi diff --git a/CoreModules/apache/config/apache2/conf-httpd-custom.conf b/CoreModules/apache/config/apache2/conf-httpd-custom.conf new file mode 100644 index 0000000..62f8019 --- /dev/null +++ b/CoreModules/apache/config/apache2/conf-httpd-custom.conf @@ -0,0 +1 @@ +Define APACHE_LOG_DIR /var/log/httpd \ No newline at end of file diff --git a/CoreModules/apache/dnf.pkg.list b/CoreModules/apache/dnf.pkg.list index 789a318..aada559 100644 --- a/CoreModules/apache/dnf.pkg.list +++ b/CoreModules/apache/dnf.pkg.list @@ -1 +1 @@ -httpd mod_fcgid \ No newline at end of file +httpd mod_fcgid mod_ssl \ No newline at end of file From 2170468a30b5798624adb3e3daf86fa510ef11d7 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Wed, 9 Dec 2020 18:35:03 +0100 Subject: [PATCH 32/37] Fixed accidentally removed linux for F2B centos --- CoreModules/generic/conf.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CoreModules/generic/conf.sh b/CoreModules/generic/conf.sh index d4205b6..9afb831 100644 --- a/CoreModules/generic/conf.sh +++ b/CoreModules/generic/conf.sh @@ -42,6 +42,10 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fai curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-hard.conf -o /etc/fail2ban/filter.d/wordpress-hard.local curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-soft.conf -o /etc/fail2ban/filter.d/wordpress-soft.local +if [ "$shortdist" = "el8" ]; then + curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/action.d/ufw.conf -o /etc/fail2ban/action.d/ufw.conf +fi + #Start fail2ban service systemctl start fail2ban systemctl enable fail2ban From d6cebfefb26b811e7144bc3a2114dbe69cf39b18 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Wed, 9 Dec 2020 18:35:17 +0100 Subject: [PATCH 33/37] Fixed oopsie --- CoreModules/apache/conf.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CoreModules/apache/conf.sh b/CoreModules/apache/conf.sh index 933c4a5..3a63066 100644 --- a/CoreModules/apache/conf.sh +++ b/CoreModules/apache/conf.sh @@ -14,9 +14,10 @@ elif [ "$shortdist" = "el8" ]; then echo 'IncludeOptional sites-enabled/*.conf' >>/etc/httpd/conf/httpd.conf sed -i -e '/User apache/c\User www-data' -e '/Group apache/c\Group www-data' /etc/httpd/conf/httpd.conf sed -i 's/^/#/g' /etc/httpd/conf.d/welcome.conf - curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/conf-httpd-custom.conf -o "$apacheConfDir"/conf-enabled/zzz-Httpd-custom.conf #Creating directories mkdir -p /etc/httpd/{sites-available,sites-enabled,conf-enabled,conf-available,snippets} + #getting aditional apache config for centos + curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/conf-httpd-custom.conf -o "$apacheConfDir"/conf-enabled/zzz-Httpd-custom.conf fi curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/snippets-ssl.conf -o "$apacheConfDir"/snippets/apa-ssl.conf From 9e9211c475222051c0b66f52986d93717d0f4843 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Wed, 9 Dec 2020 21:35:01 +0100 Subject: [PATCH 34/37] Fixed Fail2Ban for centos --- AppendCMS.sh | 2 +- AppendModule.sh | 1 + CMS/nextcloud/conf.sh | 7 +------ CMS/wordpress/conf.sh | 2 +- CoreModules/generic/conf.sh | 4 ++++ SubModules/php-fpm/conf.sh | 1 + SubModules/postfix/conf.sh | 4 +++- SubModules/postfix/preconf.sh | 6 ++++-- config/fail2ban/Jails/nextcloud_unconfigured | 2 +- .../selinux/policies/fail2ban-allowhttpd.te | 21 +++++++++++++++++++ 10 files changed, 38 insertions(+), 12 deletions(-) create mode 100644 config/selinux/policies/fail2ban-allowhttpd.te diff --git a/AppendCMS.sh b/AppendCMS.sh index 33745cd..aa0fcac 100644 --- a/AppendCMS.sh +++ b/AppendCMS.sh @@ -8,7 +8,7 @@ if [ ! -f "/etc/ICTM/phpvar.list" ] ; then echo 'Php var list missing,Please run source /etc/ICTM/selopts.list source /etc/ICTM/mainvar.list source /etc/ICTM/phpvar.list -if [ ! -f "/etc/ICTM/apachevar.list" ] ; then source /etc/ICTM/apachevar.list; fi +if [ -f "/etc/ICTM/apachevar.list" ] ; then source /etc/ICTM/apachevar.list; fi rm /tmp/pkg.list > $OUTPUT 2>&1 source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/ModulesMenu.list) diff --git a/AppendModule.sh b/AppendModule.sh index 455dcd3..b4f44de 100644 --- a/AppendModule.sh +++ b/AppendModule.sh @@ -12,6 +12,7 @@ if [ ! -f "/etc/ICTM/phpvar.list" ] ; then echo 'Php var list missing,Please run source /etc/ICTM/selopts.list source /etc/ICTM/mainvar.list source /etc/ICTM/phpvar.list +if [ -f "/etc/ICTM/apachevar.list" ] ; then source /etc/ICTM/apachevar.list; fi rm /tmp/pkg.list source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/ModulesMenu.list) diff --git a/CMS/nextcloud/conf.sh b/CMS/nextcloud/conf.sh index d6e78d5..25db50e 100644 --- a/CMS/nextcloud/conf.sh +++ b/CMS/nextcloud/conf.sh @@ -54,13 +54,8 @@ sed -i -e 's/SITEname/'$sitename'/' /etc/update-motd.d/51-nextnotice-"${sitename chmod +x /etc/update-motd.d/51-nextnotice-"${sitename//_}" -#Nextcloud logging location -mkdir /var/log/nextcloud -chmod 774 -R /var/log/nextcloud -ln -s /var/www/"$domain"/html/data/nextcloud.log /var/log/nextcloud/"$sitename" - #fail2ban curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/nextcloud_unconfigured -o /etc/fail2ban/jail.d/"$sitename"-nextcloud.local -sed -i 's/SITEname/'$sitename'/' /etc/fail2ban/jail.d/"$sitename"-nextcloud.local +sed -i 's/DOMain/'$domain'/' /etc/fail2ban/jail.d/"$sitename"-nextcloud.local systemctl reload "$phpFPMService" \ No newline at end of file diff --git a/CMS/wordpress/conf.sh b/CMS/wordpress/conf.sh index de03905..7860d73 100644 --- a/CMS/wordpress/conf.sh +++ b/CMS/wordpress/conf.sh @@ -44,7 +44,7 @@ systemctl reload $phpFPMService if [ ! -f /etc/fail2ban/jail.d/wordpress-syslog.local ]; then curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/wordpress-syslog.jail -o /etc/fail2ban/jail.d/wordpress-syslog.local if [ "$shortdist" = "el8" ]; then - sed -i '/logpath/c\logpath = /var/log/secure' /etc/fail2ban/jail.d/wordpress-syslog.local + sed -i '/logpath/c\logpath = /var/log/messages' /etc/fail2ban/jail.d/wordpress-syslog.local fi fi diff --git a/CoreModules/generic/conf.sh b/CoreModules/generic/conf.sh index 9afb831..e4a84ab 100644 --- a/CoreModules/generic/conf.sh +++ b/CoreModules/generic/conf.sh @@ -44,6 +44,10 @@ curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/ if [ "$shortdist" = "el8" ]; then curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/action.d/ufw.conf -o /etc/fail2ban/action.d/ufw.conf + curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/selinux/policies/fail2ban-allowhttpd.te -o /tmp/fail2ban-allowhttpd.te + checkmodule -M -m -o /tmp/fail2ban-allowhttpd.mod /tmp/fail2ban-allowhttpd.te + semodule_package -o /tmp/fail2ban-allowhttpd.pp -m /tmp/fail2ban-allowhttpd.mod + semodule -i /tmp/fail2ban-allowhttpd.pp fi #Start fail2ban service diff --git a/SubModules/php-fpm/conf.sh b/SubModules/php-fpm/conf.sh index 204ab22..32f44be 100644 --- a/SubModules/php-fpm/conf.sh +++ b/SubModules/php-fpm/conf.sh @@ -20,6 +20,7 @@ if [ "$shortdist" = "el8" ]; then echo "pdo_mysql.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini echo "mysql.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini echo "mysqli.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini +echo "d /run/php 0755 www-data www-data - -" > /usr/lib/tmpfiles.d/php-custom.conf #Centos php Bin sudo ln -s /usr/bin/php${phpver//.} /usr/bin/php #Centos SeLinux diff --git a/SubModules/postfix/conf.sh b/SubModules/postfix/conf.sh index 4e10837..f7c847c 100644 --- a/SubModules/postfix/conf.sh +++ b/SubModules/postfix/conf.sh @@ -13,4 +13,6 @@ root: $email EOF newaliases -systemctl reload postfix postfix@- \ No newline at end of file +systemctl start postfix +systemctl enable postfix +systemctl reload postfix \ No newline at end of file diff --git a/SubModules/postfix/preconf.sh b/SubModules/postfix/preconf.sh index 3dae6a3..44f531b 100644 --- a/SubModules/postfix/preconf.sh +++ b/SubModules/postfix/preconf.sh @@ -7,5 +7,7 @@ if [ -z "${domain}" ]; then fi fi -debconf-set-selections <<< "postfix postfix/mailname string $domain" -debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'" \ No newline at end of file +if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb10" ] ; then + debconf-set-selections <<< "postfix postfix/mailname string $domain" + debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'" +fi \ No newline at end of file diff --git a/config/fail2ban/Jails/nextcloud_unconfigured b/config/fail2ban/Jails/nextcloud_unconfigured index 1d0cce5..6965831 100644 --- a/config/fail2ban/Jails/nextcloud_unconfigured +++ b/config/fail2ban/Jails/nextcloud_unconfigured @@ -6,4 +6,4 @@ filter = nextcloud maxretry = 15 bantime = 900 findtime = 900 -logpath = /var/log/nextcloud/SITEname +logpath = /var/www/DOMain/html/data/nextcloud.log diff --git a/config/selinux/policies/fail2ban-allowhttpd.te b/config/selinux/policies/fail2ban-allowhttpd.te new file mode 100644 index 0000000..1d59595 --- /dev/null +++ b/config/selinux/policies/fail2ban-allowhttpd.te @@ -0,0 +1,21 @@ +module fail2ban-allowhttpd 1.1; + +require { + type httpd_sys_rw_content_t; + type fail2ban_t; + type syslogd_var_run_t; + type fail2ban_client_t; + class capability dac_override; + class dir { read getattr search ioctl }; + class file { getattr read open search ioctl }; +} + +#============= fail2ban_client_t ============== +allow fail2ban_client_t httpd_sys_rw_content_t:file getattr; +allow fail2ban_client_t self:capability dac_override; + +#============= fail2ban_t ============== +allow fail2ban_t httpd_sys_rw_content_t:dir { read getattr search ioctl }; +allow fail2ban_t httpd_sys_rw_content_t:file { read getattr open search ioctl }; +allow fail2ban_t syslogd_var_run_t:dir read; +allow fail2ban_t syslogd_var_run_t:file { read getattr open }; \ No newline at end of file From 74d76cdf15af4c01211935b88d0b39409af941a2 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Thu, 10 Dec 2020 11:30:08 +0100 Subject: [PATCH 35/37] Fixed use of incorect var for OS detection --- CoreModules/apache/conf.sh | 2 +- CoreModules/apache/preconf.sh | 2 +- CoreModules/generic/preconf.sh | 2 +- Scripts/GeneratePhplist.sh | 2 +- SubModules/php-fpm/preconf.sh | 2 +- SubModules/postfix/preconf.sh | 2 +- SubModules/redis/preconf.sh | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/CoreModules/apache/conf.sh b/CoreModules/apache/conf.sh index 3a63066..a46ec9b 100644 --- a/CoreModules/apache/conf.sh +++ b/CoreModules/apache/conf.sh @@ -4,7 +4,7 @@ systemctl stop $apacheService > $OUTPUT 2>&1 # Apache # ############## -if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb10" ] ; then +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then a2dissite 000-default > $OUTPUT 2>&1 a2dismod mpm_prefork > $OUTPUT 2>&1 a2enmod actions fcgid alias proxy_fcgi ssl headers http2 setenvif socache_shmcb > $OUTPUT 2>&1 diff --git a/CoreModules/apache/preconf.sh b/CoreModules/apache/preconf.sh index f6641db..87a4508 100644 --- a/CoreModules/apache/preconf.sh +++ b/CoreModules/apache/preconf.sh @@ -1,4 +1,4 @@ -if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb10" ] ; then +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then # Debian/Ubunbtu apache variables apacheConfDir=/etc/apache2 apacheService=apache2 diff --git a/CoreModules/generic/preconf.sh b/CoreModules/generic/preconf.sh index 1f2e951..24fc427 100644 --- a/CoreModules/generic/preconf.sh +++ b/CoreModules/generic/preconf.sh @@ -1,4 +1,4 @@ -if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb10" ] ; then +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then ######################## # Debian/Ubunbtu # ######################## diff --git a/Scripts/GeneratePhplist.sh b/Scripts/GeneratePhplist.sh index b31f088..1a007a1 100644 --- a/Scripts/GeneratePhplist.sh +++ b/Scripts/GeneratePhplist.sh @@ -1,6 +1,6 @@ if [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi -if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb10" ] ; then +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then # Debian/Ubunbtu Php variables phpPoolDir=/etc/php/${phpver}/fpm/pool.d phpPkgName=php${phpver} diff --git a/SubModules/php-fpm/preconf.sh b/SubModules/php-fpm/preconf.sh index db90f43..1085b2b 100644 --- a/SubModules/php-fpm/preconf.sh +++ b/SubModules/php-fpm/preconf.sh @@ -1,4 +1,4 @@ -if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb10" ] ; then +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then # Debian/Ubunbtu Php variables phpPoolDir=/etc/php/${phpver}/fpm/pool.d phpPkgName=php${phpver} diff --git a/SubModules/postfix/preconf.sh b/SubModules/postfix/preconf.sh index 44f531b..1d01d0c 100644 --- a/SubModules/postfix/preconf.sh +++ b/SubModules/postfix/preconf.sh @@ -7,7 +7,7 @@ if [ -z "${domain}" ]; then fi fi -if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb10" ] ; then +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then debconf-set-selections <<< "postfix postfix/mailname string $domain" debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'" fi \ No newline at end of file diff --git a/SubModules/redis/preconf.sh b/SubModules/redis/preconf.sh index a94f95a..8dec08d 100644 --- a/SubModules/redis/preconf.sh +++ b/SubModules/redis/preconf.sh @@ -1,6 +1,6 @@ #!/bin/bash -if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb10" ] ; then +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then # Debian/Ubunbtu redis variables redisService=redis-server From ba80b923d0e1276e482918035f4400c15fe480a2 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Thu, 10 Dec 2020 13:09:49 +0100 Subject: [PATCH 36/37] Added nano to pkg list --- CoreModules/generic/generic.pkg.list | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CoreModules/generic/generic.pkg.list b/CoreModules/generic/generic.pkg.list index b472c47..4e49d5a 100644 --- a/CoreModules/generic/generic.pkg.list +++ b/CoreModules/generic/generic.pkg.list @@ -1 +1 @@ -htop ufw nload fail2ban sudo bash-completion \ No newline at end of file +nano htop ufw nload fail2ban sudo bash-completion \ No newline at end of file From a87850f6d0238de627a78bdad6fb9c1a15c3d141 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Thu, 10 Dec 2020 13:45:20 +0100 Subject: [PATCH 37/37] Fixed nginx-nonPHP CMS --- AppendCMS.sh | 6 ++++-- AppendModule.sh | 6 ++++-- CMS/none/conf.sh | 16 +++++++--------- 3 files changed, 15 insertions(+), 13 deletions(-) diff --git a/AppendCMS.sh b/AppendCMS.sh index aa0fcac..003a060 100644 --- a/AppendCMS.sh +++ b/AppendCMS.sh @@ -3,11 +3,13 @@ ##-----------------## if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi -if [ ! -f "/etc/ICTM/phpvar.list" ] ; then echo 'Php var list missing,Please run /Scipts/GeneratePhplist from the repo ' && exit ; fi source /etc/ICTM/selopts.list source /etc/ICTM/mainvar.list -source /etc/ICTM/phpvar.list +if [ $webserv != nginx_nonphp ]; then + if [ ! -f "/etc/ICTM/phpvar.list" ] ; then echo 'Php var list missing,Please run /Scipts/GeneratePhplist from the repo ' && exit ; fi + source /etc/ICTM/phpvar.list +fi if [ -f "/etc/ICTM/apachevar.list" ] ; then source /etc/ICTM/apachevar.list; fi rm /tmp/pkg.list > $OUTPUT 2>&1 source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/ModulesMenu.list) diff --git a/AppendModule.sh b/AppendModule.sh index b4f44de..f06e4b3 100644 --- a/AppendModule.sh +++ b/AppendModule.sh @@ -3,7 +3,6 @@ ##-----------------## if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi -if [ ! -f "/etc/ICTM/phpvar.list" ] ; then echo 'Php var list missing,Please run /Scipts/GeneratePhplist from the repo ' && exit ; fi ##-----------------## # Fetching Vars # @@ -11,7 +10,10 @@ if [ ! -f "/etc/ICTM/phpvar.list" ] ; then echo 'Php var list missing,Please run source /etc/ICTM/selopts.list source /etc/ICTM/mainvar.list -source /etc/ICTM/phpvar.list +if [ $webserv != nginx_nonphp ]; then + if [ ! -f "/etc/ICTM/phpvar.list" ] ; then echo 'Php var list missing,Please run /Scipts/GeneratePhplist from the repo ' && exit ; fi + source /etc/ICTM/phpvar.list +fi if [ -f "/etc/ICTM/apachevar.list" ] ; then source /etc/ICTM/apachevar.list; fi rm /tmp/pkg.list source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/ModulesMenu.list) diff --git a/CMS/none/conf.sh b/CMS/none/conf.sh index 4a424cf..650461a 100644 --- a/CMS/none/conf.sh +++ b/CMS/none/conf.sh @@ -1,3 +1,9 @@ +#Creating webfolder +mkdir -p /var/www/"$domain"/html + +#Ceating content +echo "$webserv has been succsefully installed by the Wizard" > /var/www/$domain/html/index.html + #Do not generate php pool when php is not installed if [ $webserv != nginx_nonphp ]; then @@ -9,20 +15,12 @@ useradd -g "$sitename" "$sitename" systemctl reload $phpFPMService -#Creating webfolder -mkdir -p /var/www/"$domain"/html - -#Ceating content -echo "$webserv has been succsefully installed by the Wizard" > /var/www/$domain/html/index.html - #Setting Permsissions chown "$sitename":"$sitename" -R /var/www/"$domain"/html +fi if [ "$shortdist" = "el8" ]; then #Setting SeLiux perms for centos semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1 restorecon -vr /var/www/ > $OUTPUT 2>&1 -fi - - fi \ No newline at end of file