From 569bd23fe5389498111f9488c7553fd1ac3dda7e Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Wed, 22 Oct 2014 15:29:42 +0300 Subject: [PATCH] new installer --- install/vst-install-debian.sh | 62 ++++++++++++++++++++++------- install/vst-install-rhel.sh | 75 +++++++++++++++++++++++++---------- install/vst-install-ubuntu.sh | 65 ++++++++++++++++++++++-------- 3 files changed, 149 insertions(+), 53 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 237f53d27..b1a5ca113 100644 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -18,17 +18,19 @@ software="nginx apache2 apache2-utils apache2.2-common bsdutils e2fsprogs flex dovecot-imapd dovecot-pop3d phpMyAdmin awstats webalizer jwhois rssh git spamassassin roundcube roundcube-mysql roundcube-plugins sudo bc ftp lsof ntpdate rrdtool quota e2fslibs - dnsutils vesta vesta-nginx vesta-php" + fail2ban dnsutils vesta vesta-nginx vesta-php" help() { echo "usage: $0 [OPTIONS] - -e, --email Set email address - -f, --force Force installation -h, --help Print this help and exit - -n, --noupdate Do not run apt-get upgrade command - -m, --mysql-password Set MySQL password instead of generating it - -p, --password Set admin password instead of generating it + -f, --force Force installation + -i, --disable-iptables Disable iptables support + -b, --disable-fail2ban Disable fail2ban protection + -n, --noupdate Do not run yum update command -s, --hostname Set server hostname + -e, --email Set email address + -p, --password Set admin password instead of generating it + -m, --mysql-password Set MySQL password instead of generating it -q, --quota Enable File System Quota" exit 1 } @@ -53,13 +55,15 @@ gen_pass() { for arg; do delim="" case "$arg" in - --email) args="${args}-e " ;; - --force) args="${args}-f " ;; --help) args="${args}-h " ;; + --force) args="${args}-f " ;; + --disable-fail2ban) args="${args}-b " ;; + --disable-iptables) args="${args}-i " ;; --noupdate) args="${args}-n " ;; - --mysql-password) args="${args}-m " ;; - --password) args="${args}-p " ;; --hostname) args="${args}-s " ;; + --email) args="${args}-e " ;; + --password) args="${args}-p " ;; + --mysql-password) args="${args}-m " ;; --quota) args="${args}-q " ;; *) [[ "${arg:0:1}" == "-" ]] || delim="\"" args="${args}${delim}${arg}${delim} ";; @@ -68,15 +72,17 @@ done eval set -- "$args" # Getopt -while getopts "dhfnqe:m:p:s:" Option; do +while getopts "hfibdnqe:m:p:s:" Option; do case $Option in h) help ;; # Help - e) email=$OPTARG ;; # Set email f) force='yes' ;; # Force install - n) noupdate='yes' ;; # Disable apt-get upgrade - m) mpass=$OPTARG ;; # MySQL pasword - p) vpass=$OPTARG ;; # Admin password + i) disable_iptables='yes' ;; # Disable iptables + b) disable_fail2ban='yes' ;; # Disable fail2ban + n) noupdate='yes' ;; # Disable yum update s) servername=$OPTARG ;; # Server hostname + e) email=$OPTARG ;; # Set email + p) vpass=$OPTARG ;; # Admin password + m) mpass=$OPTARG ;; # MySQL pasword q) quota='yes' ;; # Enable quota *) help ;; # Default esac @@ -391,6 +397,11 @@ if [ "$srv_type" = 'small' ]; then software=$(echo "$software" | sed -e 's/spamassassin//') fi +# Exclude fail2ban +if [ "$disable_fail2ban" = 'yes' ]; then + software=$(echo "$software" | sed -e 's/fail2ban//') +fi + # Update system packages apt-get update @@ -434,6 +445,7 @@ mkdir -p $VESTA/data mkdir -p $VESTA/data/ips mkdir -p $VESTA/data/queue mkdir -p $VESTA/data/users +mkdir -p $VESTA/data/firewall touch $VESTA/data/queue/backup.pipe touch $VESTA/data/queue/disk.pipe touch $VESTA/data/queue/webstats.pipe @@ -483,6 +495,15 @@ if [ "$srv_type" = 'micro' ]; then rm -f /usr/local/vesta/data/templates/web/apache2/phpfcgid.* fi +# Firewall configuartion +wget $CHOST/$VERSION/firewall.tar.gz -O firewall.tar.gz +tar -xzf firewall.tar.gz +if [ "$disable_iptables" = 'yes' ]; then + sed -i "s/iptables//" $VESTA/conf/vesta.conf +else + $BIN/v-update-firewall +fi + # Generating SSL certificate $VESTA/bin/v-generate-ssl-cert $(hostname) $email 'US' 'California' \ 'San Francisco' 'Vesta Control Panel' 'IT' > /tmp/vst.pem @@ -703,6 +724,17 @@ if [ "$srv_type" = 'medium' ] || [ "$srv_type" = 'large' ]; then fi fi +# Fail2ban configuration +if [ -z "$disable_fail2ban" ]; then + cd /etc + wget $CHOST/$VERSION/fail2ban.tar.gz -O fail2ban.tar.gz + tar -xzf fail2ban.tar.gz + rm -f fail2ban.tar.gz + chkconfig fail2ban on + service fail2ban start +else + sed -i "s/fail2ban//" $VESTA/conf/vestac.conf +fi # php configuration sed -i "s/;date.timezone =/date.timezone = UTC/g" /etc/php5/apache2/php.ini sed -i "s/;date.timezone =/date.timezone = UTC/g" /etc/php5/cli/php.ini diff --git a/install/vst-install-rhel.sh b/install/vst-install-rhel.sh index d72de2743..c2b6e08ec 100644 --- a/install/vst-install-rhel.sh +++ b/install/vst-install-rhel.sh @@ -17,22 +17,23 @@ software="nginx httpd mod_ssl mod_ruid2 mod_extract_forwarded mod_fcgid phpMyAdmin awstats webalizer vsftpd mysql mysql-server exim dovecot clamd spamassassin curl roundcubemail bind bind-utils bind-libs mc screen ftp libpng libjpeg libmcrypt mhash zip unzip openssl flex rssh libxml2 - ImageMagick sqlite pcre sudo bc jwhois mailx lsof tar telnet rsync - rrdtool GeoIP freetype ntp openssh-clients vesta vesta-nginx vesta-php" + ImageMagick sqlite pcre sudo bc jwhois mailx lsof tar telnet rrdtool + fail2ban GeoIP freetype ntp openssh-clients vesta vesta-nginx vesta-php" # Help help() { echo "usage: $0 [OPTIONS] - -d, --disable-remi Disable remi repository - -e, --email Set email address - -f, --force Force installation -h, --help Print this help and exit + -f, --force Force installation + -i, --disable-iptables Disable iptables support + -b, --disable-fail2ban Disable fail2ban protection + -d, --disable-remi Disable remi repository -n, --noupdate Do not run yum update command - -m, --mysql-password Set MySQL password instead of generating it - -p, --password Set admin password instead of generating it -s, --hostname Set server hostname + -e, --email Set email address + -p, --password Set admin password instead of generating it + -m, --mysql-password Set MySQL password instead of generating it -q, --quota Enable File System Quota" - exit 1 } @@ -56,14 +57,16 @@ gen_pass() { for arg; do delim="" case "$arg" in - --disable-remi) args="${args}-d " ;; - --email) args="${args}-e " ;; - --force) args="${args}-f " ;; --help) args="${args}-h " ;; + --force) args="${args}-f " ;; + --disable-fail2ban) args="${args}-b " ;; + --disable-remi) args="${args}-d " ;; + --disable-iptables) args="${args}-i " ;; --noupdate) args="${args}-n " ;; - --mysql-password) args="${args}-m " ;; - --password) args="${args}-p " ;; --hostname) args="${args}-s " ;; + --email) args="${args}-e " ;; + --password) args="${args}-p " ;; + --mysql-password) args="${args}-m " ;; --quota) args="${args}-q " ;; *) [[ "${arg:0:1}" == "-" ]] || delim="\"" args="${args}${delim}${arg}${delim} ";; @@ -72,16 +75,18 @@ done eval set -- "$args" # Getopt -while getopts "dhfnqe:m:p:s:" Option; do +while getopts "hfibdnqe:m:p:s:" Option; do case $Option in - d) disable_remi='yes' ;; # Disable remi repo h) help ;; # Help - e) email=$OPTARG ;; # Set email f) force='yes' ;; # Force install + i) disable_iptables='yes' ;; # Disable iptables + b) disable_fail2ban='yes' ;; # Disable fail2ban + d) disable_remi='yes' ;; # Disable remi repo n) noupdate='yes' ;; # Disable yum update - m) mpass=$OPTARG ;; # MySQL pasword - p) vpass=$OPTARG ;; # Admin password s) servername=$OPTARG ;; # Server hostname + e) email=$OPTARG ;; # Set email + p) vpass=$OPTARG ;; # Admin password + m) mpass=$OPTARG ;; # MySQL pasword q) quota='yes' ;; # Enable quota *) help ;; # Default esac @@ -106,6 +111,7 @@ release=$(grep -o "[0-9]" /etc/redhat-release |head -n1) codename="${os}_$release" if [ $os != 'CentOS' ] && [ $os != 'Red' ]; then echo 'Error: sorry, we currently support RHEL and CentOS only' + exit fi # Check admin user account @@ -447,6 +453,11 @@ if [ "$srv_type" = 'small' ]; then software=$(echo "$software" | sed -e 's/spamassassin//') fi +# Exclude fail2ban +if [ "$disable_fail2ban" = 'yes' ]; then + software=$(echo "$software" | sed -e 's/fail2ban//') +fi + # Install Vesta packages if [ -z "$disable_remi" ]; then yum -y --disablerepo=* --enablerepo="base,updates,nginx,epel,vesta,remi" \ @@ -495,6 +506,7 @@ mkdir -p $VESTA/data mkdir -p $VESTA/data/ips mkdir -p $VESTA/data/queue mkdir -p $VESTA/data/users +mkdir -p $VESTA/data/firewall touch $VESTA/data/queue/backup.pipe touch $VESTA/data/queue/disk.pipe touch $VESTA/data/queue/webstats.pipe @@ -542,6 +554,17 @@ if [ "$srv_type" = 'micro' ]; then rm -f /usr/local/vesta/data/templates/web/httpd/phpfcgid.* fi +# Firewall configuration +wget $CHOST/$VERSION/firewall.tar.gz -O firewall.tar.gz +tar -xzf firewall.tar.gz +if [ "$disable_iptables" = 'yes' ]; then + sed -i "s/iptables//" $VESTA/conf/vesta.conf + chkconfig iptables off + service iptables stop +else + $BIN/v-update-firewall +fi + # Generating SSL certificate $VESTA/bin/v-generate-ssl-cert $(hostname) $email 'US' 'California' \ 'San Francisco' 'Vesta Control Panel' 'IT' > /tmp/vst.pem @@ -559,10 +582,6 @@ chown root:mail /usr/local/vesta/ssl/* chmod 660 /usr/local/vesta/ssl/* rm /tmp/vst.pem -# Disabling iptables -chkconfig iptables off -service iptables stop - # Disabling webalizer routine rm -f /etc/cron.daily/00webalizer @@ -757,6 +776,18 @@ if [ "$srv_type" = 'medium' ] || [ "$srv_type" = 'large' ]; then fi fi +# Fail2ban configuration +if [ -z "$disable_fail2ban" ]; then + cd /etc + wget $CHOST/$VERSION/fail2ban.tar.gz -O fail2ban.tar.gz + tar -xzf fail2ban.tar.gz + rm -f fail2ban.tar.gz + chkconfig fail2ban on + service fail2ban start +else + sed -i "s/fail2ban//" $VESTA/conf/vestac.conf +fi + # php configuration sed -i 's/short_open_tag = Off/short_open_tag = On/g' /etc/php.ini sed -i "s/;date.timezone =/date.timezone = UTC/g" /etc/php.ini diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index 16a2b1b94..4c3379420 100644 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -17,17 +17,19 @@ software="nginx apache2 apache2-utils apache2-suexec-custom bsdutils e2fsprogs clamav-daemon flex dovecot-imapd dovecot-pop3d phpMyAdmin awstats e2fslibs webalizer jwhois rssh git spamassassin roundcube roundcube-mysql quota roundcube-plugins apparmor-utils sudo bc ftp lsof ntpdate rrdtool - dnsutils vesta vesta-nginx vesta-php" + fail2ban dnsutils vesta vesta-nginx vesta-php" help() { echo "usage: $0 [OPTIONS] - -e, --email Set email address - -f, --force Force installation -h, --help Print this help and exit - -n, --noupdate Do not run apt-get upgrade command - -m, --mysql-password Set MySQL password instead of generating it - -p, --password Set admin password instead of generating it + -f, --force Force installation + -i, --disable-iptables Disable iptables support + -b, --disable-fail2ban Disable fail2ban protection + -n, --noupdate Do not run yum update command -s, --hostname Set server hostname + -e, --email Set email address + -p, --password Set admin password instead of generating it + -m, --mysql-password Set MySQL password instead of generating it -q, --quota Enable File System Quota" exit 1 } @@ -52,13 +54,15 @@ gen_pass() { for arg; do delim="" case "$arg" in - --email) args="${args}-e " ;; - --force) args="${args}-f " ;; --help) args="${args}-h " ;; + --force) args="${args}-f " ;; + --disable-fail2ban) args="${args}-b " ;; + --disable-iptables) args="${args}-i " ;; --noupdate) args="${args}-n " ;; - --mysql-password) args="${args}-m " ;; - --password) args="${args}-p " ;; --hostname) args="${args}-s " ;; + --email) args="${args}-e " ;; + --password) args="${args}-p " ;; + --mysql-password) args="${args}-m " ;; --quota) args="${args}-q " ;; *) [[ "${arg:0:1}" == "-" ]] || delim="\"" args="${args}${delim}${arg}${delim} ";; @@ -67,15 +71,17 @@ done eval set -- "$args" # Getopt -while getopts "dhfnqe:m:p:s:" Option; do +while getopts "hfibdnqe:m:p:s:" Option; do case $Option in h) help ;; # Help - e) email=$OPTARG ;; # Set email f) force='yes' ;; # Force install - n) noupdate='yes' ;; # Disable apt-get upgrade - m) mpass=$OPTARG ;; # MySQL pasword - p) vpass=$OPTARG ;; # Admin password + i) disable_iptables='yes' ;; # Disable iptables + b) disable_fail2ban='yes' ;; # Disable fail2ban + n) noupdate='yes' ;; # Disable yum update s) servername=$OPTARG ;; # Server hostname + e) email=$OPTARG ;; # Set email + p) vpass=$OPTARG ;; # Admin password + m) mpass=$OPTARG ;; # MySQL pasword q) quota='yes' ;; # Enable quota *) help ;; # Default esac @@ -388,6 +394,11 @@ if [ "$srv_type" = 'small' ]; then software=$(echo "$software" | sed -e 's/spamassassin//') fi +# Exclude fail2ban +if [ "$disable_fail2ban" = 'yes' ]; then + software=$(echo "$software" | sed -e 's/fail2ban//') +fi + # Update system packages apt-get update @@ -431,6 +442,7 @@ mkdir -p $VESTA/data mkdir -p $VESTA/data/ips mkdir -p $VESTA/data/queue mkdir -p $VESTA/data/users +mkdir -p $VESTA/data/firewall touch $VESTA/data/queue/backup.pipe touch $VESTA/data/queue/disk.pipe touch $VESTA/data/queue/webstats.pipe @@ -464,7 +476,7 @@ if [ -z "$servername" ]; then fi /usr/local/vesta/bin/v-change-sys-hostname $servername 2>/dev/null -# Templates +# Templates, packages cd /usr/local/vesta/data wget $CHOST/$VERSION/packages.tar.gz -O packages.tar.gz tar -xzf packages.tar.gz @@ -489,6 +501,15 @@ if [ "$codename" = 'trusty' ]; then rm -f /usr/local/vesta/data/templates/web/apache2/phpcgi.* fi +# Firewall configuartion +wget $CHOST/$VERSION/firewall.tar.gz -O firewall.tar.gz +tar -xzf firewall.tar.gz +if [ "$disable_iptables" = 'yes' ]; then + sed -i "s/iptables//" $VESTA/conf/vesta.conf +else + $BIN/v-update-firewall +fi + # Generating SSL certificate $VESTA/bin/v-generate-ssl-cert $(hostname) $email 'US' 'California' \ 'San Francisco' 'Vesta Control Panel' 'IT' > /tmp/vst.pem @@ -713,6 +734,18 @@ if [ "$srv_type" = 'medium' ] || [ "$srv_type" = 'large' ]; then fi fi +# Fail2ban configuration +if [ -z "$disable_fail2ban" ]; then + cd /etc + wget $CHOST/$VERSION/fail2ban.tar.gz -O fail2ban.tar.gz + tar -xzf fail2ban.tar.gz + rm -f fail2ban.tar.gz + chkconfig fail2ban on + service fail2ban start +else + sed -i "s/fail2ban//" $VESTA/conf/vestac.conf +fi + # php configuration sed -i "s/;date.timezone =/date.timezone = UTC/g" /etc/php5/apache2/php.ini sed -i "s/;date.timezone =/date.timezone = UTC/g" /etc/php5/cli/php.ini