Fixed fail2ban and replaced cent8 with el8
This commit is contained in:
@@ -39,7 +39,7 @@ EOF
|
||||
#Setting Permsissions
|
||||
chown "$sitename":"$sitename" -R /var/www/"$domain"/html
|
||||
|
||||
if [ "$shortdist" = "cent8" ]; then
|
||||
if [ "$shortdist" = "el8" ]; then
|
||||
#Setting SeLiux perms for centos
|
||||
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1
|
||||
restorecon -vr /var/www/ > $OUTPUT 2>&1
|
||||
|
||||
@@ -18,7 +18,7 @@ echo "<html><head></head><body>$webserv has been succsefully installed by the Wi
|
||||
#Setting Permsissions
|
||||
chown "$sitename":"$sitename" -R /var/www/"$domain"/html
|
||||
|
||||
if [ "$shortdist" = "cent8" ]; then
|
||||
if [ "$shortdist" = "el8" ]; then
|
||||
#Setting SeLiux perms for centos
|
||||
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1
|
||||
restorecon -vr /var/www/ > $OUTPUT 2>&1
|
||||
|
||||
@@ -48,7 +48,7 @@ fi
|
||||
#Setting Permsissions
|
||||
chown "$sitename":"$sitename" -R /var/www/"$domain"/html
|
||||
|
||||
if [ "$shortdist" = "cent8" ]; then
|
||||
if [ "$shortdist" = "el8" ]; then
|
||||
#Setting SeLiux perms for centos
|
||||
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1
|
||||
restorecon -vr /var/www/ > $OUTPUT 2>&1
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
##----------##
|
||||
# Centos #
|
||||
##----------##
|
||||
if [ "$shortdist" = "cent8" ]; then
|
||||
if [ "$shortdist" = "el8" ]; then
|
||||
#SeLinux
|
||||
semanage port -a -t ssh_port_t -p tcp 4242
|
||||
systemctl enable ufw > $OUTPUT 2>&1
|
||||
@@ -14,7 +14,7 @@ fi
|
||||
# UFW #
|
||||
##-------##
|
||||
|
||||
if [ "$shortdist" = "cent8" ]; then
|
||||
if [ "$shortdist" = "el8" ]; then
|
||||
sed -i -e '/tuple/d' -e '/dapp/d' /usr/share/ufw/iptables/user.rules
|
||||
sed -i -e '/tuple/d' -e '/dapp/d' /usr/share/ufw/iptables/user6.rules
|
||||
echo "y" | ufw reset > $OUTPUT 2>&1
|
||||
@@ -42,6 +42,15 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fai
|
||||
curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-hard.conf -o /etc/fail2ban/filter.d/wordpress-hard.local
|
||||
curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-soft.conf -o /etc/fail2ban/filter.d/wordpress-soft.local
|
||||
|
||||
if [ "$shortdist" = "el8" ]; then
|
||||
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Filters/action.d/ufw.conf -o /etc/fail2ban/action.d/ufw.conf
|
||||
ln -s /var/log/secure /var/log/auth.log
|
||||
fi
|
||||
|
||||
#Start fail2ban service
|
||||
systemctl start fail2ban
|
||||
systemctl enable fail2ban
|
||||
|
||||
#General jails
|
||||
rm /etc/fail2ban/jail.d/*
|
||||
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/sshd.jail -o /etc/fail2ban/jail.d/sshd.local
|
||||
|
||||
@@ -31,7 +31,7 @@ if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb
|
||||
if dpkg-query -Wf'${db:Status-abbrev}' postfix 2>/dev/null | grep -q '^i'; then apt purge -y postfix > $OUTPUT 2>&1; fi
|
||||
|
||||
|
||||
elif [ "$shortdist" = "cent8" ]; then
|
||||
elif [ "$shortdist" = "el8" ]; then
|
||||
################
|
||||
# Centos #
|
||||
################
|
||||
|
||||
@@ -7,7 +7,7 @@ if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb
|
||||
phpMainConf=/etc/php/${phpver}/fpm/php.ini
|
||||
phpFPMService=php${phpver}-fpm
|
||||
|
||||
elif [ "$shortdist" = "cent8" ]; then
|
||||
elif [ "$shortdist" = "el8" ]; then
|
||||
# Centos Php variable
|
||||
phpPoolDir=/etc/opt/remi/php${phpver//.}/php-fpm.d/
|
||||
phpPkgName=php${phpver//.}-php
|
||||
|
||||
@@ -50,7 +50,7 @@ elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then
|
||||
PKGM="dnf"
|
||||
PKGI="${PKGM} install --setopt=install_weak_deps=False --best -y"
|
||||
PKGLIST="dnf"
|
||||
shortdist=cent8
|
||||
shortdist=el8
|
||||
echo "This OS is not supported"
|
||||
exit
|
||||
else
|
||||
|
||||
@@ -15,7 +15,7 @@ sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' "$phpMainConf"
|
||||
sed -i 's/post_max_size = 8/post_max_size = 64/g' "$phpMainConf"
|
||||
|
||||
|
||||
if [ "$shortdist" = "cent8" ]; then
|
||||
if [ "$shortdist" = "el8" ]; then
|
||||
# Centos Mysql config
|
||||
echo "pdo_mysql.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini
|
||||
echo "mysql.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini
|
||||
|
||||
@@ -5,7 +5,7 @@ if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb
|
||||
phpMainConf=/etc/php/${phpver}/fpm/php.ini
|
||||
phpFPMService=php${phpver}-fpm
|
||||
|
||||
elif [ "$shortdist" = "cent8" ]; then
|
||||
elif [ "$shortdist" = "el8" ]; then
|
||||
# Centos Php variable
|
||||
phpPoolDir=/etc/opt/remi/php${phpver//.}/php-fpm.d/
|
||||
phpPkgName=php${phpver//.}-php
|
||||
|
||||
@@ -4,7 +4,7 @@ if [ "$shortdist" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb
|
||||
# Debian/Ubunbtu redis variables
|
||||
redisService=redis-server
|
||||
|
||||
elif [ "$shortdist" = "cent8" ]; then
|
||||
elif [ "$shortdist" = "el8" ]; then
|
||||
# Centos redis variable
|
||||
redisService=redis
|
||||
fi
|
||||
|
||||
42
config/fail2ban/action.d/ufw.conf
Normal file
42
config/fail2ban/action.d/ufw.conf
Normal file
@@ -0,0 +1,42 @@
|
||||
# Fail2Ban action configuration file for ufw
|
||||
#
|
||||
# You are required to run "ufw enable" before this will have any effect.
|
||||
#
|
||||
# The insert position should be appropriate to block the required traffic.
|
||||
# A number after an allow rule to the application won't be of much use.
|
||||
|
||||
[Definition]
|
||||
|
||||
actionstart =
|
||||
|
||||
actionstop =
|
||||
|
||||
actioncheck =
|
||||
|
||||
actionban = [ -n "<application>" ] && app="app <application>"
|
||||
ufw insert <insertpos> <blocktype> from <ip> to <destination> $app
|
||||
|
||||
actionunban = [ -n "<application>" ] && app="app <application>"
|
||||
ufw delete <blocktype> from <ip> to <destination> $app
|
||||
|
||||
[Init]
|
||||
# Option: insertpos
|
||||
# Notes.: The position number in the firewall list to insert the block rule
|
||||
insertpos = 1
|
||||
|
||||
# Option: blocktype
|
||||
# Notes.: reject or deny
|
||||
blocktype = reject
|
||||
|
||||
# Option: destination
|
||||
# Notes.: The destination address to block in the ufw rule
|
||||
destination = any
|
||||
|
||||
# Option: application
|
||||
# Notes.: application from sudo ufw app list
|
||||
application =
|
||||
|
||||
# DEV NOTES:
|
||||
#
|
||||
# Author: Guilhem Lettron
|
||||
# Enhancements: Daniel Black
|
||||
@@ -63,7 +63,7 @@ elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then
|
||||
PKGUP="$PKGM update -y"
|
||||
PKGI="${PKGM} install --setopt=install_weak_deps=False --best -y"
|
||||
PKGLIST="dnf"
|
||||
shortdist=cent8
|
||||
shortdist=el8
|
||||
echo "The support for this os is being worked on"
|
||||
else
|
||||
echo "This os in not supported"
|
||||
|
||||
Reference in New Issue
Block a user