##-------------## # Postfix # ##-------------## sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf sed -i 's/relayhost =/mydestination = '$hostname', localhost.'$hostname', '$hostname'/g' /etc/postfix/main.cf echo "bounce_notice_recipient = info@$domain" >> /etc/postfix/main.cf cat < /etc/aliases # See man 5 aliases for format postmaster: root root: $email EOF newaliases ##-------## # UFW # ##-------## sed -i '/IPV6=/c\IPV6=yes' /etc/default/ufw ufw default deny incoming > $OUTPUT 2>&1 ufw default allow outgoing > $OUTPUT 2>&1 ufw allow 80/tcp > $OUTPUT 2>&1 ufw allow 443/tcp > $OUTPUT 2>&1 ufw limit 4242/tcp > $OUTPUT 2>&1 echo "y" | ufw enable > $OUTPUT 2>&1 ##------------## # Fail2Ban # ##------------## #General config curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/jail.local -o /etc/fail2ban/jail.local #Custom Fiters curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Filters/nextcloud.filter -o /etc/fail2ban/filter.d/nextcloud.local curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Filters/phpmyadmin-authlog.filter -o /etc/fail2ban/filter.d/phpmyadmin-authlog.local curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-hard.conf -o /etc/fail2ban/filter.d/wordpress-hard.local curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-soft.conf -o /etc/fail2ban/filter.d/wordpress-soft.local #General jails rm /etc/fail2ban/jail.d/* curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/sshd.jail -o /etc/fail2ban/jail.d/sshd.local if [ -z $disbackendcms ]; then curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/phpmyadmin.jail -o /etc/fail2ban/jail.d/phpmyadmin.local fi