##----------##
#   Centos   #
##----------##
if [ "$shortdist" = "cent8" ]; then
    #SeLinux
    semanage port -a -t ssh_port_t -p tcp 4242
    systemctl enable ufw > $OUTPUT 2>&1
    mkdir /var/www > $OUTPUT 2>&1
    semanage fcontext -a -t httpd_sys_content_t /var/www/ > $OUTPUT 2>&1
    restorecon -vr /var/www/ > $OUTPUT 2>&1

    #Motd
    mkdir /etc/update-motd.d
    echo 'if stat --printf="" /etc/update-motd.d/51* 2>/dev/null; then for f in /etc/update-motd.d/51*; do bash $f; done; fi' >> /etc/profile
fi

##-------##
#   UFW   #
##-------##

if [ "$shortdist" = "cent8" ]; then
    sed -i -e '/tuple/d' -e '/dapp/d' /usr/share/ufw/iptables/user.rules
    sed -i -e '/tuple/d' -e '/dapp/d' /usr/share/ufw/iptables/user6.rules
    echo "y" | ufw reset > $OUTPUT 2>&1
fi

sed -i '/IPV6=/c\IPV6=yes' /etc/default/ufw
ufw default deny incoming > $OUTPUT 2>&1
ufw default allow outgoing > $OUTPUT 2>&1
ufw allow 80/tcp > $OUTPUT 2>&1
ufw allow 443/tcp > $OUTPUT 2>&1
ufw limit 4242/tcp > $OUTPUT 2>&1
echo "y" | ufw enable > $OUTPUT 2>&1

##------------##
#   Fail2Ban   #
##------------##

#General config
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/jail.local -o /etc/fail2ban/jail.local

#Custom Fiters
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Filters/nextcloud.filter -o /etc/fail2ban/filter.d/nextcloud.local
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Filters/phpmyadmin-authlog.filter -o /etc/fail2ban/filter.d/phpmyadmin-authlog.local
curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-hard.conf -o /etc/fail2ban/filter.d/wordpress-hard.local
curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-soft.conf -o /etc/fail2ban/filter.d/wordpress-soft.local

#General jails
rm /etc/fail2ban/jail.d/*
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/sshd.jail -o /etc/fail2ban/jail.d/sshd.local
if [ -z $disbackendcms ]; then
 curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/phpmyadmin.jail -o /etc/fail2ban/jail.d/phpmyadmin.local
fi