#!/usr/bin/bash
#######################################################################
#script name: da_setup_roc.sh
#version: 1.6
#description: wrapper for installing da server
#last modify date: 03312021
#author:brent dacus
#email:brent[at]thedacus[dot]net
#######################################################################
#                   		Banner                                        #
#######################################################################
export COLUMNS=100
cpsetup_banner() {
	cat <<"eot"
                        ad88888ba
                       d8"     "8b              ,d
                       Y8,                      88
 ,adPPYba, 8b,dPPYba,  `Y8aaaaa,    ,adPPYba, MM88MMM 88       88 8b,dPPYba,
a8"     "" 88P'    "8a   `"""""8b, a8P_____88   88    88       88 88P'    "8a
8b         88       d8         `8b 8PP"""""""   88    88       88 88       d8
"8a,   ,aa 88b,   ,a8" Y8a     a8P "8b,   ,aa   88,   "8a,   ,a88 88b,   ,a8"
 `"Ybbd8"' 88`YbbdP"'   "Y88888P"   `"Ybbd8"'   "Y888  `"YbbdP'Y8 88`YbbdP"'
           88                                                     88
           88                                                     88
eot
	cat <<"eot"
			Author: Brent Dacus
eot
}
#######################################################################
#                       variables                                     #
#######################################################################
cur_hostname="$(hostname)"
serverip="$(hostname -I | awk '{print $1}')"
serverip6="$(hostname -I | awk '{print $2}')"
servername="$(hostname -s)"
svrdomainname="$(hostname -d)"
hstdomainname=delainhosting.com
os=$(uname)
vn=$(uname -v | tr -dc '0-9.' | cut -d \. -f1)
cpu_cores="$(grep </proc/cpuinfo -c 'model name')"
mem_total="$(awk '/MemTotal/ { print ($2/1024/1024)}' OFMT="%0.0f" /proc/meminfo)"
exim_ver=$(exim -bV | grep -Po "Exim version (\d+\.)+\d+" | awk '{print $3}')
builddir=~/cpsetupbuild/
pkgargs="-y"
export DA_EMAIL="tech@delainhosting.com"
LOG_FILE=~/install.log
exec > >(tee -a ${LOG_FILE}) 2>&1
#######################################################################
#                      User Variables                                 #
#######################################################################
rootemail="tech@delainhosting.com"
kc_key="JOfCWN9tFkOYi1sl"
bshrc="/root/.bashrc"
limitsconf="/etc/security/limits.conf"
sysctlconf="/etc/sysctl.conf"
#######################################################################
#                       Main Util Functions                           #
#######################################################################
mkdir -p ~/cpsetupbuild/
trap '' 2 # ignore ctrl+c
##set PS3 prompt##
PS3="Number selection? "

linebreak() {
	printf '%*s\n' "${COLUMNS:-$(tput cols)}" '' | tr ' ' -
}
do_install() {
	printf "Installing %s into %s.\n" "${1}" "${dir}"
	cd "${dir}" || exit
	if [ -f "${1}" ]; then
		rm -f "${1}.bak"
		cp -f "${1}" "${1}.bak"
		chmod 600 "${1}.bak"
	fi
	wget --no-check-certificate -q -O "${1}" "${2}"
	chmod 644 "${1}"
	chown diradmin:diradmin "${1}"
}
do_setting() {
	printf "Installing value %s into %s.\n" "${1}" "${2}"
	printf 'Adding values in to %s.\n Please wait.\n' "${2}"
	if ! grep -q '#added by DH.' "${2}"; then
		echo '#added by DH.' >>"${2}"
	fi
	if grep -q "${1}" "${2}"; then
		printf '%s exists.\n Skipping.\n' "${1}"
	else
		printf '%s does not exist\n' "$1"
		echo "$1" >>"${2}"
	fi
}
doreboot() {
	printf "Need to reboot? (y/n)? "
	read -r yn
	yn=${yn:-n}
	case $yn in
	[Yy]*)
		reboot
		;;
	[Nn]*) ;;
	esac
}
cycleswap() {
	printf "Cycling Swapfile.\n"
	swapoff -a
	sleep 10
	swapon -a
}
#######################################################################
#                       Add Admin User                                #
#######################################################################
addadminuser() {
	printf "Installing Standard packages.\n"
	printf "Please Wait.\n"
	yum install ${pkgargs} wget curl nano >/dev/null
	if ! grep -q daconf /root/.bashrc; then
		printf 'Bash shell profile not set up. adding...\n'
		cat <<"eol" >>/root/.bashrc
export EDITOR='nano'
export LS_OPTIONS='--color=auto'
eval "`dircolors`"
alias ls='ls $LS_OPTIONS'
alias ll='ls $LS_OPTIONS -l'
alias l='ls $LS_OPTIONS -lA'
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'
alias lh='history |grep ' 
alias search='find / -name '
alias doserver='curl -o cp_setup_roc.sh -L https://files.delaintech.com/cp_setup_roc.sh && bash cp_setup_roc.sh'
alias fbc='fail2ban-client status '
alias cycle='systemctl restart '
alias status='systemctl status '
eol
		printf "Print Profile File.\n"
		cat /root/.bashrc
		printf "Done.\n"
	else
		printf "Profile already setup.  See Below.\n"
		cat /root/.bashrc
	fi
}
#######################################################################
#                       Turn on IPV6                                  #
#######################################################################
setipv6() {
	printf "Do we need to turn on IPV6? REBOOT REQUIRED (y/n)? "
	read -r yn
	yn=${yn:-n}
	case $yn in
	[Yy]*)
		sed -i "/net.ipv6.conf.all.disable_ipv6.*/d" /etc/sysctl.conf
		sysctl -q -p
		echo 0 >/proc/sys/net/ipv6/conf/all/disable_ipv6
		doreboot
		systemctl restart directadmin
		;;
	[Nn]*) ;;
	esac
}
#######################################################################
#                        Set Timezone                                 #
#######################################################################
settimezone() {
	printf "What TimeZone are you in? [America/Chicago]: "
	read -r tmzone
	tmzone=${tmzone:-America/Chicago}
	if timedatectl | grep -q "America/Chicago"; then
		printf "%s found\n" "$tmzone"
	else
		timedatectl set-timezone "$tmzone"
		timedatectl set-local-rtc 0
		printf "We set timezone as:\n"
		timedatectl
		printf "Done.\n"
	fi
}
#######################################################################
#                       Add Hosts file                                #
#######################################################################
creathostfile() {
	# does the Host already exist?
	if ! grep -q ${hstdomainname} /etc/hosts; then
		printf 'Hostfile not found. adding...\n'
		cat <<"eol" >>/etc/hosts
209.126.81.64           apollo.delainhosting.com apollo
209.145.52.110          athena.delainhosting.com athena
144.91.108.77           thor.delainhosting.com thor
154.12.224.183          saturn.delainhosting.com saturn
eol
		printf "Print Host File.\n"
		cat /etc/hosts
		printf "Done.\n"
	else
		printf "Hostfile exsits.\nSee Below.\n"
		cat /etc/hosts
	fi
}
#######################################################################
#                       Set Server Hostname                           #
#######################################################################
creathostname() {
	setipv6
	# does the Host already exist?
	unset new_hostname
	printf "Please enter a Hostname to add: "
	read -r new_hostname
	if ! grep -q "$new_hostname" /etc/hosts; then
		printf 'Hostname not found. adding...\n'
		printf "Changing hostname %s from to %s...\n" "$cur_hostname" "$new_hostname"
		hostnamectl set-hostname "$new_hostname"
		serverip="$(hostname -I | awk '{print $1}')"
		serverip6="$(hostname -I | awk '{print $2}')"
		servername="$(hostname -s)"
		echo "${serverip}           ${new_hostname} ${servername}" >>/etc/hosts
		echo "${serverip6}          ${new_hostname} ${servername}" >>/etc/hosts
		printf "Print Host File.\n"
		cat /etc/hosts
		printf "\nDone.\n"
	else
		printf "Hostname exsits.\nAll good.\n"
	fi
}
#######################################################################
#                       Remove Hostnames                              #
#######################################################################
removehosts() {
	printf "Here is the Host file.\n"
	cat /etc/hosts
	printf "\nWhat is the server name or ip to remove? "
	read -r removehosts
	sed -i.bkp '/'"$removehosts"'/d
' /etc/hosts
	printf "Print Host.\n"
	cat /etc/hosts
	printf "\nDone.\n"
	while true; do
		printf "Continue removing? (y/n)?"
		read -r yn
		yn=${yn:-n}
		case $yn in
		[Yy]*)
			removehosts
			break
			;;
		[Nn]*) break ;;
		esac
	done
}
#######################################################################
#                       Add External Hosts                            #
#######################################################################
addhosts() {
	# does the Host already exist?
	unset serverip add_hostname servername
	printf "Enter Hostname to add:[ IP FDQN Hostname ]: "
	read -r serverip add_hostname servername
	if ! grep -q "$add_hostname" /etc/hosts; then
		printf 'Hostname not found. adding...\n'
		echo "${serverip}			${add_hostname} ${servername}" | tee -a /etc/hosts
		printf "Print Host File.\n"
		cat /etc/hosts
		printf "Done.\n"
	else
		printf "Hostname exsits.\nAll good.\n"
	fi
	while true; do
		printf "Continue adding? (y/n)?"
		read -r yn
		yn=${yn:-n}
		case $yn in
		[Yy]*)
			creathostentry
			break
			;;
		[Nn]*) break ;;
		esac
	done
}
#######################################################################
#                       Add Swapfile                                  #
#######################################################################
creatswapfile() {
	printf 'Enter Swapfile size in GB: '
	read -r swapsize
	swapsize=${swapsize:-2}
	printf "You choose %s GB for swap.\n" "$swapsize"
	# does the swap file already exist?
	cp /etc/fstab /etc/fstab.bak
	# if not then create it
	if ! grep -q "swap" /etc/fstab; then
		printf 'Swap file not found.\nCreating Swap file.\n'
		fallocate -l "${swapsize}"G /swapfile
		chmod 600 /swapfile
		mkswap /swapfile
		swapon /swapfile
		printf "/swapfile none swap defaults 0 0" | tee -a /etc/fstab
		printf "\nDone\nSwap should be active.\nIf not reboot.\n"
	else
		printf 'Swap file found.\nNo changes made.\n'
	fi
}
#######################################################################
#                       Update OS on Server                           #
#######################################################################
serverupdate() {
	if [ "$vn" = "8" ]; then
		printf "Cleaning up packages.\n"
		dnf ${pkgargs} clean all
		printf "Done.\n"
		printf "Updating all packages.\n"
		dnf ${pkgargs} update
		printf "Done.\n"
	else
		printf "Cleaning up packages."
		yum ${pkgargs} clean all
		printf "Done.\n"
		printf "Updating all packages.\n"
		yum ${pkgargs} update
		printf "Done.\n"
	fi
}
#######################################################################
#                       Install Standard Packages                     #
#######################################################################
installpreq() {
	yum install ${pkgargs} epel-release
	if [ "$vn" = "8" ]; then
		yum install ${pkgargs} perl-libwww-perl net-tools perl-LWP-Protocol-https nano bc ipset perl-Net-SSLeay perl-Sys-Syslog git sqlite perl-DBI perl-DBD-SQLite perl-Archive-Tar perl-IO-Zlib \
			perl-Archive-Zip perl-Net-SMTP-SSL perl-Math-BigInt htop sysstat screen tuned inotify-tools
	else
		yum -y -q install perl-libwww-perl net-tools perl-LWP-Protocol-https nano bc ipset perl-Net-SSLeay perl-Sys-Syslog git sqlite perl-DBI perl-DBD-SQLite perl-Archive-Tar perl-IO-Zlib \
			perl-Archive-Zip perl-Net-SMTP-SSL perl-Math-BigInt htop sysstat screen tuned inotify-tools
	fi
	linebreak
	printf "Here is what you have set for DA setup configs.\n"
	printf "Email set to %s.\n" "$DA_EMAIL"
	#printf "Nameservers set to %s and %s.\n" "$DA_NS1" "$DA_NS2"
	echo ${DA_EMAIL} >/root/.forward
	printf "Email forward set to %s.\n" "$DA_EMAIL"
	linebreak
	tuned-adm profile virtual-host
	printf "Done.\n"
}
#######################################################################
#                       Install Directadmin                           #
#######################################################################
installdirectadmin() {
	if [ ! -f "$daconfile" ]; then
		printf "No problem, let's get DirectAdmin installed first...\nThis could take a minute...\nor two... or thirty...\nPlease wait ...\n"
		touch /etc/.whostmgrft
		touch /etc/wwwacct.conf
cat > /etc/wwwacct.conf <<EOL
ADDR
ADDR6
CONTACTEMAIL tech@delainhosting.com
CONTACTPAGER
DEFMOD paper_lantern
DEFWEBMAILTHEME paper_lantern
ETHDEV eth0
HOMEDIR /home
HOMEMATCH home
LOGSTYLE combined
NS dns1.delainhosting.com
NS2 dns2.delainhosting.com
NS3 dn5.delainhosting.com
NSTTL 86400
SCRIPTALIAS y
EOL

		IPADDR="$( hostname -I|awk '{print $1}' )"
		sed -i -e "s/\bADDR\b/& $IPADDR/" /etc/wwwacct.conf


		printf "Here is what you have set.\n"
		cat /etc/wwwacct.conf
		cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest
	else
		printf "Directadmin already installed.\n"
	fi
}
#######################################################################
#                       Harden Server                                 #
#######################################################################
hardenserver() {
	printf "Do we need to Secure sshd? (y/n)? "
	read -r yn
	yn=${yn:-n}
	case $yn in
	[Yy]*)
		cursshport="$(grep -m1 -E "Port .*" /etc/ssh/sshd_config)"
		printf "Enter SSH port to change to: "
		read -r sshport
		sshport=${sshport:-14}
		printf "Set to Port: %s\n" "$sshport"
		printf "Securing the server, please wait...\n"
		sed -i -e "s/$cursshport/Port ${sshport}/g" /etc/ssh/sshd_config
		sed -i -e 's/.*UseDNS .*/UseDNS no/g' /etc/ssh/sshd_config
		sed -i -e 's/.*AddressFamily any/AddressFamily inet/g' /etc/ssh/sshd_config
		sed -i -e 's/.*LoginGraceTime .*/LoginGraceTime 2m/g' /etc/ssh/sshd_config
		sed -i -e 's/.*MaxAuthTries .*/MaxAuthTries 3/g' /etc/ssh/sshd_config
		sed -i -e 's/.*MaxStartups .*/MaxStartups 10:30:100/g' /etc/ssh/sshd_config
		sed -i -e 's/.*PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
		sed -i -e 's/.*PasswordAuthentication .*/PasswordAuthentication no/g' /etc/ssh/sshd_config
		sed -i -e 's/.*ClientAliveInterval .*/ClientAliveInterval 120/g' /etc/ssh/sshd_config
		sed -i -e 's/.*ClientAliveCountMax .*/ClientAliveCountMax 4/g' /etc/ssh/sshd_config
		sed -i -e 's/.*UseBlacklist no/UseBlacklist yes/g' /etc/ssh/sshd_config
		sed -i -e 's/.*AllowTcpForwarding .*/AllowTcpForwarding no/g' /etc/ssh/sshd_config
		sed -i -e 's/.*Compression .*/Compression no/g' /etc/ssh/sshd_config
		sed -i -e 's/.*AllowAgentForwarding yes/AllowAgentForwarding no/g' /etc/ssh/sshd_config
		sed -i -e 's/.*X11Forwarding yes/X11Forwarding no/g' /etc/ssh/sshd_config

		# remove or disable services
		systemctl restart sshd
		;;
	[Nn]*) ;;
	esac
	if [[ $(systemctl is-active rpcbind) = active ]]; then
		printf "rpcbind found.\nRemoving.\n"
		systemctl stop rpcbind
		systemctl disable rpcbind
		printf "Removal complete.\n"
	else
		printf "RPCbind not found.\nNo changes made.\n"
	fi
	if [[ $(systemctl is-active firewalld) = active ]]; then
		printf "Firewalld found.\nRemoving.\n"
		systemctl unmask --now firewalld
		systemctl disable firewalld
		yum ${pkgargs} remove firewalld
		printf "Removal complete.\n"
	else
		printf "Firewalld not found.\nNo changes made.\n"
	fi
	printf "Do we need to intall ImmunifyAV? (y/n)? "
	read -r yn
	yn=${yn:-n}
	case $yn in
	[Yy]*)
		installimuav
		;;
	[Nn]*) ;;
	esac
	printf "Do we need to intall Fail2Ban? (y/n)? "
	read -r yn
	yn=${yn:-n}
	case $yn in
	[Yy]*)
		installf2b
		;;
	[Nn]*) ;;
	esac
	printf "Do we need to secure PHP? (y/n)? "
	read -r yn
	yn=${yn:-n}
	case $yn in
	[Yy]*)
		cd ${cbblddir} || exit
		mkdir -p custom
		touch custom/php_disable_functions
		echo "show_source, system, shell_exec, passthru, popen" >custom/php_disable_functions
		${cb} secure_php
		;;
	[Nn]*) ;;
	esac
}
#######################################################################
#                       Install Firewall                              #
#######################################################################
installfirewall() {
	touch /etc/whitelist_ips
	echo "99.34.232.208" >/etc/whitelist_ips
	echo "127.0.0.1" >>/etc/whitelist_ips
	echo "$serverip" >>/etc/whitelist_ips
	touch /etc/blocked_ips
	${da} set ip_blacklist /etc/blocked_ips
	${da} set ip_whitelist /etc/whitelist_ips
	#clear DA brute lists
	>/usr/local/directadmin/data/admin/brute_ip.data
	>/usr/local/directadmin/data/admin/brute_log_entries.list
	printf "Securing the server, please wait...\n"
	curl -o da-csf-basic-install.sh -L https://files.delaintech.com/fw/da-csf-basic-install.sh && bash da-csf-basic-install.sh
}
#######################################################################
#                       Install Fail2Ban                              #
#######################################################################
installf2b() {
	if [[ $(systemctl is-active fail2ban) = active ]]; then
		printf "Fail2Ban already Installed.\nUpdating configuration.\n"
		sed -i -e "s|dbpurgeage = .*|dbpurgeage = 1296000|g" /etc/fail2ban/fail2ban.conf
		printf "Which webserver are we using? (Nginx-Apache) \n"
		echo "1 Apache"
		echo "2 Nginx"
		echo "3 Nginx-Apache"
		read -r websrv
		websrv=${websrv:-3}
		case $websrv in
		1)
			wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/ap/jail.local -P /etc/fail2ban/
			;;
		2)
			wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/ngx/jail.local -P /etc/fail2ban/
			;;
		3)
			wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/jail.local -P /etc/fail2ban/
			;;
		*)
			echo "Please choose a different one."
			;;
		esac
		wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/fail2ban -P /etc/logrotate.d/
		wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/paths-overrides.local -P /etc/fail2ban/
		wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/abuseipdb.conf -P /etc/fail2ban/action.d/
		wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/csf-ip-deny.conf -P /etc/fail2ban/action.d/
		wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/wordpress.conf -P /etc/fail2ban/filter.d/
		wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/wordpress-xmlrpc.conf -P /etc/fail2ban/filter.d/
		wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/proftpd-anon.conf -P /etc/fail2ban/filter.d/
		sed -i -e "s|comment=Fail2ban Reports Abuse.|comment=Fail2ban at $servername Reports Abuse.|g" /etc/fail2ban/action.d/abuseipdb.conf
		sed -i -e "s|mode = .*|mode = aggressive|g" /etc/fail2ban/filter.d/exim.conf
		touch /var/www/html/roundcube/logs/errors.log
		systemctl restart fail2ban
		systemctl status fail2ban
		${da} set bruteforce 0
		${da} set brute_force_log_scanner 0
		${da} set brute_force_scan_apache_logs 0
		systemctl restart directadmin
	else
		printf "Fail2Ban Installing.\nAlso turning off BFM in DA.\n"
		yum install ${pkgargs} fail2ban-server iptables-services iptables-utils GeoIP GeoIP-GeoLite-data python3-inotify
		systemctl enable fail2ban
		systemctl start fail2ban
		sed -i -e "s|dbpurgeage = .*|dbpurgeage = 1296000|g" /etc/fail2ban/fail2ban.conf
		wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/jail.local -P /etc/fail2ban/
		wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/paths-overrides.local -P /etc/fail2ban/
		wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/abuseipdb.conf -P /etc/fail2ban/action.d/
		wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/csf-ip-deny.conf -P /etc/fail2ban/action.d/
		wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/wordpress.conf -P /etc/fail2ban/filter.d/
		wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/wordpress-xmlrpc.conf -P /etc/fail2ban/filter.d/
		sed -i -e "s|comment=Fail2ban Reports Abuse.|comment=Fail2ban at $servername Reports Abuse.|g" /etc/fail2ban/action.d/abuseipdb.conf
		sed -i -e "s|mode = .*|mode = aggressive|g" /etc/fail2ban/filter.d/exim.conf
		touch /var/www/html/roundcube/logs/errors.log
		systemctl restart fail2ban
		${da} set bruteforce 0
		${da} set brute_force_log_scanner 0
		${da} set brute_force_scan_apache_logs 0
		systemctl restart directadmin
	fi
	bshrvals=("alias fbc='fail2ban-client status '")
	printf 'Adding values in to %s.\n Please wait.\n' "$bshrc"
	for bshrval in "${bshrvals[@]}"; do
		if grep -q "$bshrval" ${bshrc}; then
			printf '%s exists.\n Skipping.\n' "$bshrval"
		else
			printf '%s does not exist\n' "$bshrval"
			printf '#added by DH.\n' >>${bshrc}
			printf '%s\n' "$bshrval" >>${bshrc}
		fi
	done
}
#######################################################################
#                       Install LetsEncrypt                           #
#######################################################################
installletsencrypt() {
	resolvedip=$(dig "${cur_hostname}" | awk '/^;; ANSWER SECTION:$/ { getline ; print $5 }')
	if [ -n "${resolvedip}" ]; then
		printf 'Creating add sni. adding...\n'
		${da} set mail_sni 1
		printf "Installing Letsencrypt.\n"
		${da} set letsencrypt 1
		echo "action=directadmin&value=restart" >>/usr/local/directadmin/data/task.queue
		/usr/local/directadmin/dataskq d2000
		${cb} set "redirect_host ${cur_hostname}"
		${cb} set redirect_host_https yes
		${cb} rewrite_confs
		${cb} update
		${cb} letsencrypt
		#set ssl on server
		printf "Installing SSL to server.\n"
		cd ${dadir}/scripts || exit
		./letsencrypt.sh request_single "${cur_hostname}" 4096
		${da} set ssl 1
		${da} set force_hostname "${cur_hostname}"
		${da} set ssl_redirect_host "${cur_hostname}"
		${da} set letsencrypt_list www:webmail:mail:ftp
		${da} set letsencrypt_list_selected www:webmail:mail:ftp
		${da} set letsencrypt_renewal_notice_to_admins 0
		${da} set admin_ssl_install_to_missing 1
		${da} set admin_ssl_replace_all_expired_invalid 1
		systemctl restart directadmin
		printf "Fingers crossed..if your server resolves to the name it should have worked.\n"
	else
		printf "Nope..if your server does not resolve. Check DNS.. \n"
	fi
}
#######################################################################
#                       Install Mysqltuner                            #
#######################################################################
installmysqltuner() {
	cd /usr/bin || exit
	wget http://mysqltuner.pl/ -O mysqltuner
	wget https://raw.githubusercontent.com/major/MySQLTuner-perl/master/basic_passwords.txt -O basic_passwords.txt
	wget https://raw.githubusercontent.com/major/MySQLTuner-perl/master/vulnerabilities.csv -O vulnerabilities.csv
	chmod +x mysqltuner
}
#######################################################################
#                       Install Imunify AV                            #
#######################################################################
installimuav() {
	cd $builddir || return
	wget https://repo.imunify360.cloudlinux.com/defence360/imav-deploy.sh -O imav-deploy.sh
	bash imav-deploy.sh
}
#######################################################################
#                       Install Mail Scanner                            #
#######################################################################
installmailscanner() {
	#if $exim_ver -gt 4.93 then;
	${cb} set spamd no
	${cb} set easy_spam_fighter no
	${cb} set clamav_exim no
	${cb} set eximconf no
	${cb} remove_spamassassin
	${cb} remove_rspamd
	${cb} remove_rspamd_conf
	${cb} remove_easy_spam_fighter

	systemctl stop rspamd
	systemctl disable rspamd

	yum install ${pkgargs} 'dnf-command(config-manager)'
	yum config-manager --set-enabled powertools

	yum install ${pkgargs} spamassassin gd gd-devel perl-Filesys-Df perl-IO-stringy.noarch perl-Net-CIDR.noarch perl-MIME-tools.noarch perl-Convert-TNEF.noarch perl-OLE-Storage_Lite perl-DBD-MySQL perl-DBD-SQLite perl-GDGraph perl-Path-Tiny perl-Archive-Zip perl-CGI perl-JSON perl-Razor-Agent perl-ExtUtils-Embed perl-DBI perl-libwww-perl perl-App-cpanminus perl-LWP-Protocol-https perl-DateTime
	cpan install CPAN
	cpan install Sys::Hostname::Long
	cpan install Sys::SigAction

	${cb} set clamav yes
	${cb} set clamav_exim no
	${cb} clamav

	sed -i -e "s/.*User .*/User root/" /etc/clamd.conf
	sed -i -e "s|.*LocalSocket .*|LocalSocket /run/clamd.socket|" /etc/clamd.conf
	sed -i -e "s/.*FixStaleSocket .*/FixStaleSocket yes/" /etc/clamd.conf
	sed -i -e "s/.*LocalSocketMode .*/LocalSocketMode 666/" /etc/clamd.conf

	freshclam
	service clamd restart
	sleep 15

	cd /usr/src || exit
	rm -fv msinstall*
	wget https://download.configserver.com/msinstall.tar.gz
	tar -xzf msinstall.tar.gz
	cd msinstall/ || exit
	sh install.sh

	cd /usr/src/ || exit
	rm -fv msfe*
	wget https://download.configserver.com/msfeinstaller.tgz
	tar -xzf msfeinstaller.tgz
	perl msfeinstaller.pl ipv4
	rm -fv msfeinstaller*
	/usr/mscpanel/mscheck.pl
	/usr/mscpanel/msrules.pl -i

}
#######################################################################
#                       Install Mail Queue                            #
#######################################################################
installmailqueue() {
	cd $builddir || exit
	wget http://download.configserver.com/cmq.tgz
	tar -xzf cmq.tgz
	cd cmq || exit
	sh install.sh
}
#######################################################################
#                       Install Installatron                          #
#######################################################################
installinstallatron() {
	cd $builddir || exit
	wget https://data.installatron.com/installatron-plugin.sh
	chmod +x installatron-plugin.sh
	./installatron-plugin.sh -f
}
#######################################################################
#                       Install KernelCare                            #
#######################################################################
installkernelcare() {
	#Is Linux Kernel Compatible?
	printf "Linux Kernel Compatible?\n"
	comp="$(curl -s -L https://kernelcare.com/checker | python3)"
	#What install KernelCare
	if [ "$comp" = "COMPATIBLE" ]; then
		printf "Yes..System Kernel Compatible.\nContinue on....\n"
		curl -s -L https://kernelcare.com/installer | bash
		printf "Kernel Care installed.\n"
		printf 'Enter KernelCare license key: '
		read -r kckey
		kc_key=${kckey:-JOfCWN9tFkOYi1sl}
		/usr/bin/kcarectl --register "$kc_key"
		/usr/bin/kcarectl --update
	else
		printf "System runs on unsupported kernel. Not installed...\n"
	fi
}
#######################################################################
#                       Install RKHunter                            #
#######################################################################
installrkhunt() {
	cd $builddir || return
	yum install ${pkgargs} rkhunter
	rkhunter --propupd
	rkhunter --update
}
#######################################################################
#                       Main Configure Section                        #
#######################################################################
#######################################################################
#                       Configure Directadmin                         #
#######################################################################
confdirectadmin() {
	${cb} set_fastest_quiet
	mkdir ${datplcust}
	printf "Installing Custombuild Custom Templates.\n"
	wget -rxnH -R "index.html*" --no-parent --cut-dirs=1 https://files.delaintech.com/cb_tpl/ -P ${datplcust}
	chown -R diradmin:diradmin ${datplcust}
	printf "Installing Custombuild Custom Configuration.\n"
	wget -rxnH -R "index.html*" --no-parent --cut-dirs=1 https://files.delaintech.com/cb_cust/ -P ${cbcustdir}
	chown -R diradmin:diradmin ${cbcustdir}
	${cb} opcache
	${cb} nginx_apache
	systemctl enable directadmin
	cp /usr/local/directadmin/scripts/setup.txt /usr/local/directadmin/scripts/setupdh.txt
	dir=${dascptcust}
	do_install "user_create_post.sh" "https://files.delaintech.com/da_scpt/user_create_post.sh"
	chmod 755 ${dascptcust}/user_create_post.sh
	cp "$daconfile" "$daconfile".bak
	${cb} secure_php
	${da} set numservers 5
	${da} set ipv6 1
	${da} set zstd 1
	${da} set backup_gzip 1
	${da} set zip 1
	${da} set pigz "${cpu_cores}"
	${da} set enforce_difficult_passwords 1
	${da} set difficult_password_length_min 8
	${da} set check_subdomain_owner 1
	${da} set admin_helper clients.delainhosting.com
	${da} set cluster 1
	${da} set enable_threads 1
	${da} set cpu_in_system_info 1
	${da} set delete_messages_days 1
	${da} set delete_tickets_days 1
	${da} set msg_sys "Delain Hosting"
	${da} set update_channel current
	${da} set jail 0
	systemctl restart directadmin
	${cb} rewrite_confs
}
#######################################################################
#                       Configure DNS                                 #
#######################################################################
confnamed() {
	dir=${datplcust}
	do_install "dns_a.conf" "https://files.delaintech.com/cb_tpl/dns_a.conf"
	do_install "dns_aaaa.conf" "https://files.delaintech.com/cb_tpl/dns_aaaa.conf"
	do_install "dns_ns.conf" "https://files.delaintech.com/cb_tpl/dns_ns.conf"
	do_install "dns_txt.conf" "https://files.delaintech.com/cb_tpl/dns_txt.conf"

	#sed -i -e "s|.*listen-on-v6[[:blank:]]*.{ any; };||g" /etc/named.conf
	sed -i -e "s|.*allow-transfer[[:blank:]]*.{ none; };||g" /etc/named.conf
	cd ${dascptdir} || exit
	./dnssec.sh install
	if ! grep -q "recursion no;" /etc/named.conf; then
		printf "Setting up DNS.\n"
		cp /etc/named.conf /etc/named.conf.bak
		sed -i.bkp '/dnssec-validation yes;/a\
	listen-on { '"$serverip"'; };\
	listen-on-v6 { '"$serverip6"'; };\
	dnssec-enable yes;\
	dnssec-lookaside auto;\
	bindkeys-file "/etc/named.iscdlv.key";\
	recursion no;\
	notify yes;\
	allow-transfer  { 209.145.52.110; 144.91.108.77; };\
	also-notify     { 209.145.52.110; 144.91.108.77; };\
	version "Not Found";\
' /etc/named.conf
	else
		printf "DNS Setup Complete.\n"
	fi
	${da} set ns1 "dns3.${svrdomainname}"
	${da} set ns2 "dns2.${svrdomainname}"
	${da} set dns_ttl 1
	${da} set default_ttl 43200

	if ! grep -q "9.9.9.9" /etc/resolv.conf; then
		printf "Setup Resolver configuration.\n"
		cat >/etc/resolv.conf <<eol
search domain $svrdomainname
nameserver 127.0.0.1
nameserver 9.9.9.9
nameserver 149.112.112.112
eol
	else
		printf "Resolver Setup Complete.\n"
	fi
	printf "Restarting Services.\n"
	systemctl enable named
	systemctl restart named
	systemctl restart directadmin
	printf "Done.\n"
}
#######################################################################
#                       Configure Email                               #
#######################################################################
confmail() {
	printf "Rebuild all of email? (y/n)? "
	read -r yn
	yn=${yn:-n}
	case $yn in
	[Yy]*)
		printf 'Creating add sni. adding...\n'
		${da} set enable_ssl_sni 1
		${da} set mail_sni 1
		${da} set dkim 1
		${da} set spam_inbox_prefix 0
		${da} set purge_spam_days 30
		${cb} set webapps_inbox_prefix no
		echo "EASY_NO_REVERSE_IP==50" >/etc/exim.easy_spam_fighter/variables.conf.custom
		echo "EASY_SPF_FAIL==50" >>/etc/exim.easy_spam_fighter/variables.conf.custom
		echo "EASY_DKIM_FAIL==10" >>/etc/exim.easy_spam_fighter/variables.conf.custom
		echo "ssl=required" >/etc/dovecot/conf.d/force_ssl.conf
		#mail quota warning
		cd /etc/dovecot/conf.d || return
		wget -O 91-quota-warning.conf http://files1.directadmin.com/services/all/91-quota-warning.conf
		wget -O /usr/local/bin/quota-warning.sh http://files1.directadmin.com/services/all/quota-warning.sh
		chmod 755 /usr/local/bin/quota-warning.sh
		#end mail quota warning
		#remove rbl checking
		cd /etc/virtual || return
		rm -f use_rbl_domains
		touch use_rbl_domains
		#Custom MX templates
		mkdir -p ${mxtpldir}
		rm -f /usr/local/directadmin/data/templates/mx/custom/*
		wget -rxnH -R "index.html*" --no-parent --cut-dirs=1 https://files.delaintech.com/mx_cust/ -P ${datpldir}
		chown diradmin:diradmin ${mxtpldir}/'*.txt'
		#Webmail client choice
		${da} set webmail_link roundcube
		${cb} set roundcube yes
		${cb} set squirrelmail no
		printf 'Creating add sni. adding...\n'
		${da} set enable_ssl_sni 1
		${da} set mail_sni 1
		${cb} clean
		${cb} update
		${cb} dovecot
		${cb} exim
		${cb} pigeonhole
		${cb} exim_conf
		${cb} dovecot_conf
		${cb} blockcracking
		${cb} roundcube
		do_setting "mail soft nofile 65535" "$limitsconf"
		do_setting "mail hard nofile 65535" "$limitsconf"
		do_setting "mail soft core unlimited" "$limitsconf"
		do_setting "mail hard core unlimited" "$limitsconf"
		;;
	[Nn]*) ;;
	esac
	printf "Set Root mail? (y/n)? "
	read -r yn
	yn=${yn:-n}
	case $yn in
	[Yy]*)
		printf "Where should root email go: "
		read -r rootemail
		rootemail=${rootemail:-tech@delainhosting.com}
		if grep -E "$rootemail" /etc/aliases >/dev/null; then
			printf "%s found already set in Aliases file.\n" "$rootemail"
		else
			sed -i -e "s|.*[[:blank:]]*root:[[:blank:]].*|root: ${rootemail}|g" /etc/aliases
			newaliases
			printf "Email set to: "
			grep -E "$rootemail" /etc/aliases
		fi
		echo "$cur_hostname" >/etc/mailname
		;;
	[Nn]*) ;;
	esac
	printf "Disable POP mail? (y/n)? "
	read -r yn
	yn=${yn:-y}
	case $yn in
	[Yy]*)
		touch /etc/exim.variables.conf.custom
		grep -qxF 'hostlist relay_hosts=' /etc/exim.variables.conf.custom || echo 'hostlist relay_hosts=' >>/etc/exim.variables.conf.custom
		;;
	[Nn]*) ;;
	esac
	printf "Setup MAILSCANNER? (y/n)? "
	read -r yn
	yn=${yn:-n}
	case $yn in
	[Yy]*)
		installmailscanner
		;;
	[Nn]*) ;;
	esac
	printf "Setup standard mail settings? (y/n)? "
	read -r yn
	yn=${yn:-n}
	case $yn in
	[Yy]*)
		printf 'Creating add sni. adding...\n'
		${da} set mail_sni 1
		${da} set dkim 1
		${da} set spam_inbox_prefix 0
		${da} set purge_spam_days 30
		${da} set mx_templates 1
		${cb} set webapps_inbox_prefix no
		echo "EASY_NO_REVERSE_IP==50" >/etc/exim.easy_spam_fighter/variables.conf.custom
		echo "EASY_SPF_FAIL==50" >>/etc/exim.easy_spam_fighter/variables.conf.custom
		echo "EASY_DKIM_FAIL==10" >>/etc/exim.easy_spam_fighter/variables.conf.custom
		echo "ssl=required" >/etc/dovecot/conf.d/force_ssl.conf
		#mail quota warning
		cd /etc/dovecot/conf.d || return
		wget -O 91-quota-warning.conf http://files1.directadmin.com/services/all/91-quota-warning.conf
		wget -O /usr/local/bin/quota-warning.sh http://files1.directadmin.com/services/all/quota-warning.sh
		chmod 755 /usr/local/bin/quota-warning.sh
		#end mail quota warning
		#remove rbl checking
		cd /etc/virtual || return
		rm -f use_rbl_domains
		touch use_rbl_domains
		#Custom MX templates
		mkdir -p ${mxtpldir}
		rm -f /usr/local/directadmin/data/templates/mx/custom/*
		wget -rxnH -R "index.html*" --no-parent --cut-dirs=1 https://files.delaintech.com/mx_cust/ -P ${datpldir}
		chown diradmin:diradmin ${mxtpldir}/'*.txt'
		#Webmail client choice
		${da} set webmail_link roundcube
		${cb} set roundcube yes
		${cb} set squirrelmail no
		${cb} roundcube
		;;
	esac
	mkdir -p ${dadir}/custombuild/custom/roundcube/
	cp /var/www/html/roundcube/config/config.inc.php ${cbblddir}/custom/roundcube/config.inc.php
	sed -i -e 's|"'localhost'"|tls://%n|g' ${cbblddir}/custom/roundcube/config.inc.php
	sed -i -e 's/Roundcube Webmail/Delain Hosting Webmail/g' ${cbblddir}/custom/roundcube/config.inc.php

	cat >/etc/dovecot/conf.d/90-special-folders.conf <<"eol"
namespace inbox {
  type = private
  separator = .
  subscriptions = yes
  inbox = yes
}
namespace inbox {
  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }
  mailbox Junk {
   auto = subscribe
   special_use = \Junk
}
mailbox Archive {
   auto = subscribe
   special_use = \Archive
}
mailbox Trash {
   auto = subscribe
   special_use = \Trash
}
mailbox Sent {
   auto = subscribe
   special_use = \Sent
}
}
eol
	#End Webmail client choice
	do_setting "mail soft nofile 65535" "$limitsconf"
	do_setting "mail hard nofile 65535" "$limitsconf"
	do_setting "mail soft core unlimited" "$limitsconf"
	do_setting "mail hard core unlimited" "$limitsconf"

	systemctl restart directadmin
	${cb} exim_conf
	${cb} dovecot_conf
	${cb} rewrite_confs
	read -r "Install Mail Queue? (yn)" yn
	case $yn in
	[Yy]*)
		installmailqueue
		;;
	[Nn]*) ;;
	esac
}
#######################################################################
#                       Configure httpd                               #
#######################################################################
confhttpd() {
	printf "Rebuild all of httpd? (y/n)? "
	read -r yn
	yn=${yn:-n}
	case $yn in
	[Yy]*)
		printf 'Adding Custom Post templates.\n Please wait.\n'
		dir=${datplcust}
		do_install "virtual_host2_secure.conf.CUSTOM.4.post" "https://files.delaintech.com/cb_tpl/virtual_host2_secure.conf.CUSTOM.4.post"
		do_install "virtual_host2.conf.CUSTOM.4.post" "https://files.delaintech.com/cb_tpl/virtual_host2.conf.CUSTOM.4.post"
		do_install "virtual_host2_secure_sub.conf.CUSTOM.4.post" "https://files.delaintech.com/cb_tpl/virtual_host2_secure_sub.conf.CUSTOM.4.post"
		do_install "virtual_host2_sub.conf.CUSTOM.4.post" "https://files.delaintech.com/cb_tpl/virtual_host2_sub.conf.CUSTOM.4.post"

		printf 'Adding Custom HTTPD config.\n Please wait.\n'
		dir="${cbcustdir}/ap2/conf/extra"
		do_install "httpd-default.conf" "https://files.delaintech.com/cb_cust/ap2/conf/extra/httpd-default.conf"
		do_install "httpd-mpm.conf" "https://files.delaintech.com/cb_cust/ap2/conf/extra/httpd-mpm.conf"

		do_setting "apache soft nofile 65535" "$limitsconf"
		do_setting "apache hard nofile 65535" "$limitsconf"
		do_setting "apache soft core unlimited" "$limitsconf"
		do_setting "apache hard core unlimited" "$limitsconf"

		${cb} rewrite_confs
		;;
	[Nn]*) ;;
	esac
}
#######################################################################
#                       Configure MariaDB                             #
#######################################################################
bpsize=$(echo "$mem_total" | awk '{print $1 * .75}')
confmysql() {
	mkdir -p /var/log/mysql/
	touch "/var/log/mysql/${servername}.delainhosting.com.err"
	if ! grep -q 'bind-address = 127.0.0.1' /etc/my.cnf; then
		printf "Setting up Mysql.\n"
		{
			echo "log-error=/var/log/mysql/${servername}.delainhosting.com.err"
			echo 'bind-address=127.0.0.1'
			echo 'skip-name-resolve=1'
			echo 'performance_schema=ON'
			echo 'key_buffer_size=20MB'
		} >>/etc/my.cnf
		echo "innodb_buffer_pool_size=${bpsize}G" >>/etc/my.cnf || sed -i -e "s|innodb_buffer_pool_size=.*|innodb_buffer_pool_size=${bpsize}G|g" >>/etc/my.cnf
		echo "innodb_log_file_size=1G" >>/etc/my.cnf || sed -i -e "s|innodb_log_file_size=.*|innodb_log_file_size=1G|g" >>/etc/my.cnf
		systemctl restart mysqld
	else
		printf "Mysql Setup Complete.\n"
	fi
	printf "Do we need to intall Mysqltuner? (y/n)? "
	read -r yn
	yn=${yn:-n}
	case $yn in
	[Yy]*)
		installmysqltuner
		;;
	[Nn]*) ;;
	esac

	do_setting "mysql soft nofile 65535" "$limitsconf"
	do_setting "mysql hard nofile 65535" "$limitsconf"
	do_setting "mysql soft core unlimited" "$limitsconf"
	do_setting "mysql hard core unlimited" "$limitsconf"
	do_setting "vm.swappiness = 1" "$sysctlconf"

	${da} set one_click_pma_login 1
	systemctl restart directadmin
}
#######################################################################
#                       Configure nginx                               #
#######################################################################
confnginx() {
	printf "Rebuild all of nginx? (y/n)? "
	read -r yn
	yn=${yn:-n}
	case $yn in
	[Yy]*)
		printf 'Adding Custom Post templates.\n Please wait.\n'
		dir=${datplcust}
		do_install "nginx_server.conf" "https://files.delaintech.com/cb_tpl/nginx_server.conf"
		do_install "nginx_server_secure.conf" "https://files.delaintech.com/cb_tpl/nginx_server_secure.conf"
		do_install "nginx_server_sub.conf.CUSTOM.4.post" "https://files.delaintech.com/cb_tpl/nginx_server_sub.conf.CUSTOM.4.post"
		do_install "nginx_server_secure.conf.CUSTOM.4.post" "https://files.delaintech.com/cb_tpl/nginx_server_secure.conf.CUSTOM.4.post"
		do_install "nginx_server_secure_sub.conf.CUSTOM.4.post" "https://files.delaintech.com/cb_tpl/nginx_server_secure_sub.conf.CUSTOM.4.post"

		printf 'Adding Custom Nginx config.\n Please wait.\n'
		dir="${cbcustdir}/nginx_reverse/conf"
		do_install "nginx.conf" "https://files.delaintech.com/cb_cust/nginx_reverse/conf/nginx.conf"
		do_install "nginx-events.conf" "https://files.delaintech.com/cb_cust/nginx_reverse/conf/nginx-events.conf"

		do_setting "nginx soft nofile 65535" "$limitsconf"
		do_setting "nginx hard nofile 65535" "$limitsconf"
		do_setting "nginx soft core unlimited" "$limitsconf"
		do_setting "nginx hard core unlimited" "$limitsconf"

		do_setting "net.core.somaxconn = 65536" "$sysctlconf"

		${cb} rewrite_confs
		;;
	[Nn]*) ;;
	esac
}
#######################################################################
#                       Configure Proftpd with SFTP                   #
#######################################################################
confproftpd() {
	printf "Setting up Proftpd.\n"
	cd ${dadir} || return
	if ! ${da} config | grep -q unified_ftp_password_file=1; then
		printf "Password file conversion in progress.\n"
		${da} set unified_ftp_password_file 1
		echo "action=convert&value=unifiedftp" >>data/task.queue
		./dataskq d1
	else
		printf "Unified Password file complete.\n"
	fi
	${cb} set ftpd proftpd
	mkdir -p ${cbcustdir}/{proftpd,conf}
	dir="${cbcustdir}/proftpd"
	do_install "configure.proftpd" "https://files.delaintech.com/cb_cust/proftpd/configure.proftpd"
	chmod 755 "$dir/configure.proftpd"
	dir="${cbcustdir}/proftpd/conf"
	do_install "proftpd.conf" "https://files.delaintech.com/cb_cust/proftpd/conf/proftpd.conf"
	dir=/etc
	do_install "proftpd.sftp.conf" "https://files.delaintech.com/cb_cust/proftpd/proftpd.sftp.conf"

	sed -i -e "s|<VirtualHost 0.0.0.0>|<VirtualHost ${serverip}>|g" /etc/proftpd.sftp.conf
	chmod 600 /etc/ssh/ssh_host_rsa_key
	${cb} proftpd
	proftpd --configtest
	printf "Setting up Proftp.\n"
	systemctl enable proftpd
	systemctl restart proftpd
	printf "Done.\n"
}
#######################################################################
#                       Configure Performance                         #
#######################################################################
perfmserver() {
	printf "Setting up Server General file Ulimits.\n"
	do_setting "* soft nofile 65535" "$limitsconf"
	do_setting "* hard nofile 65535" "$limitsconf"
	do_setting "root soft nofile 65535" "$limitsconf"
	do_setting "root hard nofile 65535" "$limitsconf"
	do_setting "admin soft nofile 65535" "$limitsconf"
	do_setting "admin hard nofile 65535" "$limitsconf"

	printf "Setting up Server Sysctl file.\n"
	do_setting "net.core.somaxconn = 65536" "$sysctlconf"
	do_setting "net.ipv4.conf.all.log_martians = 1" "$sysctlconf"
	do_setting "net.ipv4.tcp_fin_timeout = 15" "$sysctlconf"
	do_setting "net.ipv4.tcp_rfc1337 = 1" "$sysctlconf"
	do_setting "net.ipv4.tcp_synack_retries = 3" "$sysctlconf"
	do_setting "net.ipv4.tcp_syncookies = 0" "$sysctlconf"
	do_setting "net.ipv4.tcp_syn_retries = 3" "$sysctlconf"
	do_setting "vm.swappiness = 1" "$sysctlconf"
	printf "Complete Reboot.\n"
	doreboot
}

#######################################################################
#                       Check Server Satus                            #
#######################################################################
serverstatus() {
	printf "Checking Directadmin."
	systemctl status directadmin --no-pager
	printf "done"
}
#######################################################################
#                       Rebuild Directadmin                           #
#######################################################################
buildalld() {
	printf 'Running Build All D...Go sleep or get Coffee!'
	${cb} set_fastest_quiet
	${cb} clean
	${cb} update
	${cb} all
	${cb} rewrite_confs
	printf "Build ALL done.\n"
}
#######################################################################
#                       Backup Server                                 #
#######################################################################
backupall() {
	dir=${dascptcust}
	do_install "all_backups_post.sh" "https://files.delaintech.com/da_scpt/all_backups_post.sh"
	chmod 755 ${dascptcust}/all_backups_post.sh
	dir=${datadmdir}
	do_install "backup.conf" "https://files.delaintech.com/backup.conf"
	do_install "backup_crons.list" "https://files.delaintech.com/backup_crons.list"

	printf "Install Rclone for file backup.(yn)"
	read -r yn
	yn=${yn:-n}
	case $yn in
	[Yy]*)
		printf 'Installing Rclone for file backup.\n'
		yum install ${pkgargs} rclone
		mkdir -p /var/log/rclone
		touch /var/log/rclone/aws.log
		printf "Setup Rclone.\n"
		rclone config
		;;
	[Nn]*) ;;
	esac
	printf "Run Server file backup?(yn)"
	read -r yn
	yn=${yn:-n}
	case $yn in
	[Yy]*)
		if [ -d /sys_backup ] && [ -d /admin_backups ]; then
			chmod 755 /admin_backups
			chmod 755 /sys_backup
			chown admin:admin /admin_backups
			chown admin:admin /sys_backup
			cd /
			tar -cvpzf /sys_backup/backup.tar.gz \
				--exclude=/sys_backup/backup.tar.gz \
				--exclude=/home/admin/admin_backup \
				--exclude=/admin_backups \
				--exclude=/root/.c* \
				--exclude=/root/install.log \
				/home/admin/hb* \
				/usr/local/directadmin/conf \
				/usr/local/directadmin/scripts/custom \
				/usr/local/directadmin/custombuild/custom \
				/usr/local/directadmin/data/templates/custom \
				/usr/local/directadmin/data/templates/mx \
				/usr/local/directadmin/data/admin/packages/ \
				/usr/local/directadmin/data/admin/packages.list \
				/usr/local/directadmin/data/users/admin/packages/ \
				/usr/local/directadmin/data/users/admin/packages.list \
				/usr/local/directadmin/data/admin/backup* \
				/sys_backup/mysql_backups \
				/etc \
				/var/named \
				/root
			printf "Server Backup done.\n"
		else
			rm -Rf /home/admin/admin_backup
			mkdir /admin_backups
			mkdir /sys_backup
			chmod 755 /admin_backups
			chmod 755 /sys_backup
			chown admin:admin /admin_backups
			cd /
			tar -cvpzf /sys_backup/backup.tar.gz \
				--exclude=/sys_backup/backup.tar.gz \
				--exclude=/home/admin/admin_backup \
				--exclude=/admin_backups \
				--exclude=/root/.c* \
				--exclude=/sys_backup/backup.tar.gz \
				--exclude=/admin_backups \
				--exclude=/root/.c* \
				--exclude=/root/install.log \
				/home/admin/hb* \
				/usr/local/directadmin/conf \
				/usr/local/directadmin/scripts/custom \
				/usr/local/directadmin/custombuild/custom \
				/usr/local/directadmin/data/templates/custom \
				/usr/local/directadmin/data/templates/mx \
				/usr/local/directadmin/data/admin/packages/ \
				/usr/local/directadmin/data/admin/packages.list \
				/usr/local/directadmin/data/users/admin/packages/ \
				/usr/local/directadmin/data/users/admin/packages.list \
				/usr/local/directadmin/data/admin/backup* \
				/sys_backup/mysql_backups \
				/etc \
				/var/named \
				/root
			printf "Server Backup done.\n"
		fi
		/usr/local/directadmin/scripts/custom/all_backups_post.sh
		;;
	[Nn]*) ;;
	esac
	printf "Run admin backup now?(yn)"
	read -r yn
	yn=${yn:-n}
	case $yn in
	[Yy]*)
		printf 'Running admin backup.\n'
		/usr/local/directadmin/directadmin admin-backup --destination=/admin_backups --user=admin
		;;
	[Nn]*) ;;
	esac
	printf "Restore from file backup.(yn)"
	read -r yn
	yn=${yn:-n}
	case $yn in
	[Yy]*)
		owner="admin"
		local_path=/admin_backups
		ip_choice=select
		ip="$serverip"
		printf "IP for restore is %s.\n" "$ip"
		printf "User for restore is %s.\n" "$owner"
		action1="action=restore&local_path=${local_path}&owner=${owner}&when=now&where=local&type=admin"

		if [ "${ip_choice}" = "select" ]; then
			action2="&ip_choice=select&ip=${ip}"
		else
			action2="&ip_choice=${ip_choice}"
		fi

		cd ${local_path} || exit
		count=0
		for i in $(/bin/ls -- *.gz); do
			{
				action3="&select${count}=$i"
				count=$((count + 1))
			}
		done

		if [ "${count}" -eq 0 ]; then
			exit 1
		fi
		restore1="$action1""$action2""$action3"
		echo "$restore1" >>/usr/local/directadmin/data/task.queue
		printf "File for restore is %s.\n" "$i"
		;;
	[Nn]*) ;;
	esac
}
#######################################################################
#                       Main Menu of Script                           #
#######################################################################
clear
cpsetup_banner
linebreak

#Check that user is root.
if [ $EUID = "0" ]; then
	printf "We are root. Continuing on....\n"
else
	printf "This script must be run as root. Exiting.\n"
	exit 1
fi
#What Distro are you on?
printf "This is for AlmaLinux, CentOS, or Rocky Linux version 7 or 8.\n" 2>&1
os=$(awk '{ print $1}' /etc/redhat-release)
vn=$(tr </etc/redhat-release -dc '0-9.' | cut -d \. -f1)
if [ "$os" = "CentOS" ] || [ "$os" = "Rocky" ] && [ "$vn" = "7" ] || [ "$vn" = "8" ]; then
	printf "System runs on %s version %s. great! continuing on....\n" "$os" "$vn"
else
	printf "System runs on unsupported os. Exiting...\n"
	exit
fi
#Menus Starts here
linebreak
cat <<eot
	Hostname: $cur_hostname Server IP: $serverip  Server IPV6: $serverip6
eot
linebreak
cat <<"eot"
			MAIN SERVER SETUP MENU
eot
linebreak
while true; do
	options=("Add Admin User" "Timezone" "Host file" "Hostname" "Remove hosts" "Add hosts" "Swap file" "Update server" "Install Required Packages" "Harden Server" "Install Directadmin" "Install Firewall" "Install LetsEncrypt" "Install KernelCare" "Install ImmunifyAV" "Install Installatron" "Configure Directadmin" "Configure Named" "Configure Mail" "Configure Apache" "Configure MySql" "Configure Nginx" "Configure Proftpd" "Performance Tweaks" "Check Server Status" "Build All" "Backup Server Files" "Quit")
	select opt in "${options[@]}"; do
		case $REPLY in
		1)
			addadminuser
			break
			;;
		2)
			settimezone
			break
			;;
		3)
			creathostfile
			break
			;;
		4)
			creathostname
			break
			;;
		5)
			removehosts
			break
			;;
		6)
			addhosts
			break
			;;
		7)
			creatswapfile
			break
			;;
		8)
			serverupdate
			break
			;;
		9)
			installpreq
			break
			;;
		10)
			hardenserver
			break
			;;
		11)
			installdirectadmin
			break
			;;
		12)
			installfirewall
			break
			;;
		13)
			installletsencrypt
			break
			;;
		14)
			installkernelcare
			break
			;;
		15)
			installimuav
			break
			;;
		16)
			installinstallatron
			break
			;;
		17)
			confdirectadmin
			break
			;;
		18)
			confnamed
			break
			;;
		19)
			confmail
			break
			;;
		20)
			confhttpd
			break
			;;
		21)
			confmysql
			break
			;;
		22)
			confnginx
			break
			;;
		23)
			confproftpd
			break
			;;
		24)
			perfmserver
			break
			;;
		25)
			serverstatus
			break
			;;
		26)
			buildalld
			break
			;;
		27)
			backupall
			break
			;;
		28) break 2 ;;
		*) echo "Invalid option. Try again." >&2 ;;
		esac
	done
done

if [ -d "$builddir" ]; then
	rm -rf $builddir
fi
mkdir $builddir
if [ "$run" ]; then
	${run}
	exit
fi

printf "Cleaning up build files, please wait...\n"
cd ~ || exit
rm -rf $builddir