Work_Archive/VPS-scripts_Web-V2
1
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases 11 Wiki Activity

Fixed fail2ban and replaced cent8 with el8

Browse Source
This commit is contained in:
Bram Prieshof
2020-12-09 13:29:25 +01:00
parent b112be5aeb
commit 2a6de08f75
12 changed files with 63 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CMS/nextcloud/conf.sh
View File

@@ -39,7 +39,7 @@ EOF
#Setting Permsissions #Setting Permsissions
chown "$sitename":"$sitename" -R /var/www/"$domain"/html chown "$sitename":"$sitename" -R /var/www/"$domain"/html
if [ "$shortdist" = "cent8" ]; then if [ "$shortdist" = "el8" ]; then
#Setting SeLiux perms for centos #Setting SeLiux perms for centos
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1 semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1
restorecon -vr /var/www/ > $OUTPUT 2>&1 restorecon -vr /var/www/ > $OUTPUT 2>&1

2
CMS/none/conf.sh
View File

@@ -18,7 +18,7 @@ echo "<html><head></head><body>$webserv has been succsefully installed by the Wi
#Setting Permsissions #Setting Permsissions
chown "$sitename":"$sitename" -R /var/www/"$domain"/html chown "$sitename":"$sitename" -R /var/www/"$domain"/html
if [ "$shortdist" = "cent8" ]; then if [ "$shortdist" = "el8" ]; then
#Setting SeLiux perms for centos #Setting SeLiux perms for centos
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1 semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1
restorecon -vr /var/www/ > $OUTPUT 2>&1 restorecon -vr /var/www/ > $OUTPUT 2>&1

2
CMS/wordpress/conf.sh
View File

@@ -48,7 +48,7 @@ fi
#Setting Permsissions #Setting Permsissions
chown "$sitename":"$sitename" -R /var/www/"$domain"/html chown "$sitename":"$sitename" -R /var/www/"$domain"/html
if [ "$shortdist" = "cent8" ]; then if [ "$shortdist" = "el8" ]; then
#Setting SeLiux perms for centos #Setting SeLiux perms for centos
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1 semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1
restorecon -vr /var/www/ > $OUTPUT 2>&1 restorecon -vr /var/www/ > $OUTPUT 2>&1

13
CoreModules/generic/conf.sh
View File

@@ -1,7 +1,7 @@
##----------## ##----------##
# Centos # # Centos #
##----------## ##----------##
if [ "$shortdist" = "cent8" ]; then if [ "$shortdist" = "el8" ]; then
#SeLinux #SeLinux
semanage port -a -t ssh_port_t -p tcp 4242 semanage port -a -t ssh_port_t -p tcp 4242
systemctl enable ufw > $OUTPUT 2>&1 systemctl enable ufw > $OUTPUT 2>&1
@@ -14,7 +14,7 @@ fi
# UFW # # UFW #
##-------## ##-------##
if [ "$shortdist" = "cent8" ]; then if [ "$shortdist" = "el8" ]; then
sed -i -e '/tuple/d' -e '/dapp/d' /usr/share/ufw/iptables/user.rules sed -i -e '/tuple/d' -e '/dapp/d' /usr/share/ufw/iptables/user.rules
sed -i -e '/tuple/d' -e '/dapp/d' /usr/share/ufw/iptables/user6.rules sed -i -e '/tuple/d' -e '/dapp/d' /usr/share/ufw/iptables/user6.rules
echo "y" | ufw reset > $OUTPUT 2>&1 echo "y" | ufw reset > $OUTPUT 2>&1
@@ -42,6 +42,15 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fai
curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-hard.conf -o /etc/fail2ban/filter.d/wordpress-hard.local curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-hard.conf -o /etc/fail2ban/filter.d/wordpress-hard.local
curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-soft.conf -o /etc/fail2ban/filter.d/wordpress-soft.local curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-soft.conf -o /etc/fail2ban/filter.d/wordpress-soft.local
if [ "$shortdist" = "el8" ]; then
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Filters/action.d/ufw.conf -o /etc/fail2ban/action.d/ufw.conf
ln -s /var/log/secure /var/log/auth.log
fi
#Start fail2ban service
systemctl start fail2ban
systemctl enable fail2ban
#General jails #General jails
rm /etc/fail2ban/jail.d/* rm /etc/fail2ban/jail.d/*
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/sshd.jail -o /etc/fail2ban/jail.d/sshd.local curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/sshd.jail -o /etc/fail2ban/jail.d/sshd.local

2
CoreModules/generic/preconf.sh
View File

@@ -31,7 +31,7 @@ if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb
if dpkg-query -Wf'${db:Status-abbrev}' postfix 2>/dev/null | grep -q '^i'; then apt purge -y postfix > $OUTPUT 2>&1; fi if dpkg-query -Wf'${db:Status-abbrev}' postfix 2>/dev/null | grep -q '^i'; then apt purge -y postfix > $OUTPUT 2>&1; fi
elif [ "$shortdist" = "cent8" ]; then elif [ "$shortdist" = "el8" ]; then
################ ################
# Centos # # Centos #
################ ################

2
Scripts/GeneratePhplist.sh
View File

@@ -7,7 +7,7 @@ if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb
phpMainConf=/etc/php/${phpver}/fpm/php.ini phpMainConf=/etc/php/${phpver}/fpm/php.ini
phpFPMService=php${phpver}-fpm phpFPMService=php${phpver}-fpm
elif [ "$shortdist" = "cent8" ]; then elif [ "$shortdist" = "el8" ]; then
# Centos Php variable # Centos Php variable
phpPoolDir=/etc/opt/remi/php${phpver//.}/php-fpm.d/ phpPoolDir=/etc/opt/remi/php${phpver//.}/php-fpm.d/
phpPkgName=php${phpver//.}-php phpPkgName=php${phpver//.}-php

2
Scripts/SMI.sh
View File

@@ -50,7 +50,7 @@ elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then
PKGM="dnf" PKGM="dnf"
PKGI="${PKGM} install --setopt=install_weak_deps=False --best -y" PKGI="${PKGM} install --setopt=install_weak_deps=False --best -y"
PKGLIST="dnf" PKGLIST="dnf"
shortdist=cent8 shortdist=el8
echo "This OS is not supported" echo "This OS is not supported"
exit exit
else else

2
SubModules/php-fpm/conf.sh
View File

@@ -15,7 +15,7 @@ sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' "$phpMainConf"
sed -i 's/post_max_size = 8/post_max_size = 64/g' "$phpMainConf" sed -i 's/post_max_size = 8/post_max_size = 64/g' "$phpMainConf"
if [ "$shortdist" = "cent8" ]; then if [ "$shortdist" = "el8" ]; then
# Centos Mysql config # Centos Mysql config
echo "pdo_mysql.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini echo "pdo_mysql.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini
echo "mysql.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini echo "mysql.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini

2
SubModules/php-fpm/preconf.sh
View File

@@ -5,7 +5,7 @@ if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb
phpMainConf=/etc/php/${phpver}/fpm/php.ini phpMainConf=/etc/php/${phpver}/fpm/php.ini
phpFPMService=php${phpver}-fpm phpFPMService=php${phpver}-fpm
elif [ "$shortdist" = "cent8" ]; then elif [ "$shortdist" = "el8" ]; then
# Centos Php variable # Centos Php variable
phpPoolDir=/etc/opt/remi/php${phpver//.}/php-fpm.d/ phpPoolDir=/etc/opt/remi/php${phpver//.}/php-fpm.d/
phpPkgName=php${phpver//.}-php phpPkgName=php${phpver//.}-php

2
SubModules/redis/preconf.sh
View File

@@ -4,7 +4,7 @@ if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb
# Debian/Ubunbtu redis variables # Debian/Ubunbtu redis variables
redisService=redis-server redisService=redis-server
elif [ "$shortdist" = "cent8" ]; then elif [ "$shortdist" = "el8" ]; then
# Centos redis variable # Centos redis variable
redisService=redis redisService=redis
fi fi

42
config/fail2ban/action.d/ufw.conf Normal file
View File

@@ -0,0 +1,42 @@
# Fail2Ban action configuration file for ufw
#
# You are required to run "ufw enable" before this will have any effect.
#
# The insert position should be appropriate to block the required traffic.
# A number after an allow rule to the application won't be of much use.
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = [ -n "<application>" ] && app="app <application>"
ufw insert <insertpos> <blocktype> from <ip> to <destination> $app
actionunban = [ -n "<application>" ] && app="app <application>"
ufw delete <blocktype> from <ip> to <destination> $app
[Init]
# Option: insertpos
# Notes.: The position number in the firewall list to insert the block rule
insertpos = 1
# Option: blocktype
# Notes.: reject or deny
blocktype = reject
# Option: destination
# Notes.: The destination address to block in the ufw rule
destination = any
# Option: application
# Notes.: application from sudo ufw app list
application =
# DEV NOTES:
#
# Author: Guilhem Lettron
# Enhancements: Daniel Black

2
installer.sh
View File

@@ -63,7 +63,7 @@ elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then
PKGUP="$PKGM update -y" PKGUP="$PKGM update -y"
PKGI="${PKGM} install --setopt=install_weak_deps=False --best -y" PKGI="${PKGM} install --setopt=install_weak_deps=False --best -y"
PKGLIST="dnf" PKGLIST="dnf"
shortdist=cent8 shortdist=el8
echo "The support for this os is being worked on" echo "The support for this os is being worked on"
else else
echo "This os in not supported" echo "This os in not supported"