48 lines
1.8 KiB
Bash
48 lines
1.8 KiB
Bash
##-------------##
|
|
# Postfix #
|
|
##-------------##
|
|
|
|
sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
|
|
sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
|
|
sed -i 's/relayhost =/mydestination = '$hostname', localhost.'$hostname', '$hostname'/g' /etc/postfix/main.cf
|
|
echo "bounce_notice_recipient = info@$domain" >> /etc/postfix/main.cf
|
|
cat <<EOF > /etc/aliases
|
|
# See man 5 aliases for format
|
|
postmaster: root
|
|
root: $email
|
|
EOF
|
|
newaliases
|
|
|
|
##-------##
|
|
# UFW #
|
|
##-------##
|
|
|
|
sed -i '/IPV6=/c\IPV6=yes' /etc/default/ufw
|
|
ufw default deny incoming > $OUTPUT 2>&1
|
|
ufw default allow outgoing > $OUTPUT 2>&1
|
|
ufw allow 80/tcp > $OUTPUT 2>&1
|
|
ufw allow 443/tcp > $OUTPUT 2>&1
|
|
ufw limit 4242/tcp > $OUTPUT 2>&1
|
|
echo "y" | ufw enable > $OUTPUT 2>&1
|
|
|
|
##------------##
|
|
# Fail2Ban #
|
|
##------------##
|
|
|
|
#General config
|
|
wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/jail.local -O /etc/fail2ban/jail.local
|
|
|
|
#Custom Fiters
|
|
wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/Filters/nextcloud.filter -O /etc/fail2ban/filter.d/nextcloud.local
|
|
wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/Filters/phpmyadmin-authlog.filter -O /etc/fail2ban/filter.d/phpmyadmin-authlog.local
|
|
wget -q -t7 https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-hard.conf -O /etc/fail2ban/filter.d/wordpress-hard.local
|
|
wget -q -t7 https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-soft.conf -O /etc/fail2ban/filter.d/wordpress-soft.local
|
|
|
|
#General jails
|
|
rm /etc/fail2ban/jail.d/*
|
|
wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/Jails/sshd.jail -O /etc/fail2ban/jail.d/sshd.local
|
|
if [ -z $disbackendcms ]; then
|
|
wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/Jails/phpmyadmin.jail -O /etc/fail2ban/jail.d/phpmyadmin.local
|
|
fi
|
|
|