#!/usr/bin/bash ####################################################################### #Script Name: da_setup_deb.sh #Version: 1.6 #Description: Wrapper for installing DA server #Last Modify Date: 03102021 #Author:Brent Dacus #Email:brent[at]thedacus[dot]net ####################################################################### # Banner # ####################################################################### export COLUMNS=100 dasetup_banner() { cat <<"eot" ad88888ba d8" "8b ,d DdadPPYba, Y8, 88 HH 8b ,dPPYba, `Y8aaaaa, ,adPPYba, MM88MMM 88 88 8b,dPPYba, a8 44 88P' "8a `"""""8b, a8P_____88 88 88 88 88P' "8a 8b 55 88 d8 `8b 8PP""""""" 88 88 88 88 d8 D8 aa 88 'b8 Y8a a8P "8b, ,aa 88, "8a, ,a88 88b, ,a8" TTTYbbd8"' `lLYbbdP''ag "Y88888P" `"Ybbd8"' "Y888 `"YbbdP'Y8 88`YbbdP"' 88 88 eot cat <<"eot" Author: Brent Dacus eot } ####################################################################### # Variables # ####################################################################### cur_hostname="$(hostname)" serverip="$(hostname -I | awk '{print $1}')" serverip6="$(hostname -I | awk '{print $2}')" servername="$(hostname -s)" svrdomainname="$(hostname -d)" hstdomainname=delainhosting.com cpu_cores=1 cpu_cores="$(grep >(tee -a ${LOG_FILE}) 2>&1 aptargs="-y" export DA_EMAIL="tech@delainhosting.com" ####################################################################### # User Variables # ####################################################################### rootemail="tech@delainhosting.com" kc_key="JOfCWN9tFkOYi1sl" bshrc="/root/.bashrc" limitsconf="/etc/security/limits.conf" sysctlconf="/etc/sysctl.conf" myconf="/etc/my.cnf" ####################################################################### # Main Util Functions # ####################################################################### mkdir -p ~/dasetupbuild/ trap '' 2 # ignore ctrl+c ##set PS3 prompt## PS3="Number selection? " linebreak() { printf '%*s\n' "${COLUMNS:-$(tput cols)}" '' | tr ' ' - } do_install() { printf "Installing %s into %s.\n" "${1}" "${dir}" cd "${dir}" || exit if [ -f "${1}" ]; then rm -f "${1}.bak" cp -f "${1}" "${1}.bak" chmod 600 "${1}.bak" fi wget --no-check-certificate -q -O "${1}" "${2}" chmod 755 "${1}" #chown diradmin:diradmin "${1}" } do_setting() { printf "Installing value %s into %s.\n" "${1}" "${2}" printf 'Adding values in to %s.\n Please wait.\n' "${2}" if ! grep -q '#added by DH.' "${2}"; then echo '#added by DH.' >>"${2}" fi if grep -q \\"${1}" "${2}"; then printf '%s exists.\n Skipping.\n' "${1}" else printf '%s does not exist\n' "$1" echo "${1}" >>"${2}" fi } doreboot() { printf "Need to reboot? (y/n)? " read -r yn yn=${yn:-n} case $yn in [Yy]*) reboot ;; [Nn]*) ;; esac } cycleswap() { printf "Cycling Swapfile.\n" swapoff -a sleep 10 swapon -a } ####################################################################### # Add Admin User # ####################################################################### addadminuser() { printf "Installing Standard packages.\n" printf "Please Wait.\n" apt-get install ${aptargs} perl wget curl nano btop htop >/dev/null bshrvals=("alias fbc='fail2ban-client status '" "export EDITOR='nano'") printf 'Adding values in to %s.\n Please wait.\n' "$bshrc" for bshrval in "${bshrvals[@]}"; do if grep -q "$bshrval" ${bshrc}; then printf '%s exists.\n Skipping.\n' "$bshrval" else printf '%s does not exist\n' "$bshrval" printf '#added by DH.\n' >>${bshrc} printf '%s\n' "$bshrval" >>${bshrc} fi done if ! grep -q daconf /root/.bashrc; then printf 'Bash shell profile not set up. adding...\n' cat <<"eol" >>/root/.bashrc export EDITOR='nano' export LS_OPTIONS='--color=auto' eval "`dircolors`" alias ls='ls $LS_OPTIONS' alias ll='ls $LS_OPTIONS -l' alias l='ls $LS_OPTIONS -lA' alias rm='rm -i' alias cp='cp -i' alias mv='mv -i' daconf='/usr/local/directadmin/conf/directadmin.conf' cbconf='/usr/local/directadmin/custombuild/options.conf' alias da='/usr/local/directadmin/directadmin' alias dadir='pushd /usr/local/directadmin/' alias dashdir='pushd /usr/local/directadmin/scripts' alias cbdir='pushd /usr/local/directadmin/custombuild' alias cb='/usr/local/directadmin/custombuild/build' alias cbconfig='/usr/local/directadmin/custombuild/build used_configs' alias cbopts='/usr/local/directadmin/custombuild/build options' alias cbhelp='/usr/local/directadmin/custombuild/build opt_help full' alias cbvers='/usr/local/directadmin/custombuild/build versions' alias mysqladmin='mysqladmin --defaults-extra-file=/usr/local/directadmin/conf/my.cnf' alias mysqldump='mysqldump --defaults-extra-file=/usr/local/directadmin/conf/my.cnf' alias mysql='mysql --defaults-extra-file=/usr/local/directadmin/conf/my.cnf' alias lh='history |grep ' alias search='find / -name ' alias doserver='curl -o da_setup_deb.sh -L https://files.delaintech.com/da_setup_deb.sh && bash da_setup_deb.sh' alias fbc='fail2ban-client status ' alias cycle='systemctl restart ' alias status='systemctl status ' eol printf "Print Profile File.\n" cat /root/.bashrc printf "Done.\n" else printf "Profile already setup. See Below.\n" cat /root/.bashrc fi } ####################################################################### # Turn on IPV6 # ####################################################################### setipv6() { printf "Do we need to turn on IPV6? REBOOT REQUIRED (y/n)? " read -r yn yn=${yn:-n} case $yn in [Yy]*) sed -i "/net.ipv6.conf.all.disable_ipv6.*/d" /etc/sysctl.conf sysctl -q -p echo 0 >/proc/sys/net/ipv6/conf/all/disable_ipv6 doreboot systemctl restart directadmin ;; [Nn]*) ;; esac } ####################################################################### # Set Timezone # ####################################################################### settimezone() { printf "What TimeZone are you in? [America/Chicago]: " read -r tmzone tmzone=${tmzone:-America/Chicago} if timedatectl | grep -q "America/Chicago"; then printf "%s found\n" "$tmzone" else timedatectl set-timezone "$tmzone" timedatectl set-local-rtc 0 printf "We set timezone as:\n" timedatectl printf "Done.\n" fi } ####################################################################### # Add Hosts file # ####################################################################### creathostfile() { # does the Host already exist? if ! grep -q ${hstdomainname} /etc/hosts; then printf 'Hostfile not found. adding...\n' cat <<"eol" >>/etc/hosts 209.126.81.64 apollo.delainhosting.com apollo 209.145.52.110 athena.delainhosting.com athena 144.91.108.77 thor.delainhosting.com thor 154.12.224.183 saturn.delainhosting.com saturn eol printf "Print Host File.\n" cat /etc/hosts printf "Done.\n" else printf "Hostfile exsits.\nSee Below.\n" cat /etc/hosts fi } ####################################################################### # Set Server Hostname # ####################################################################### creathostname() { setipv6 # does the Host already exist? unset new_hostname printf "Please enter a Hostname to add: " read -r new_hostname if ! grep -q "$new_hostname" /etc/hosts; then printf 'Hostname not found. adding...\n' printf "Changing hostname %s from to %s...\n" "$cur_hostname" "$new_hostname" hostnamectl set-hostname "$new_hostname" serverip="$(hostname -I | awk '{print $1}')" serverip6="$(hostname -I | awk '{print $2}')" servername="$(hostname -s)" echo "${serverip} ${new_hostname} ${servername}" >>/etc/hosts echo "${serverip6} ${new_hostname} ${servername}" >>/etc/hosts printf "Print Host File.\n" cat /etc/hosts printf "\nDone.\n" else printf "Hostname exsits.\nAll good.\n" fi } ####################################################################### # Remove Hostnames # ####################################################################### removehosts() { printf "Here is the Host file.\n" cat /etc/hosts printf "\nWhat is the server name or ip to remove? " read -r removehosts sed -i.bkp '/'$removehosts'/d ' /etc/hosts printf "Print Host.\n" cat /etc/hosts printf "\nDone.\n" while true; do printf "Continue removing? (y/n)?" read -r yn yn=${yn:-n} case $yn in [Yy]*) removehosts break ;; [Nn]*) break ;; esac done } ####################################################################### # Add External Hosts # ####################################################################### addhosts() { # does the Host already exist? unset serverip add_hostname servername printf "Enter Hostname to add:[ IP FDQN Hostname ]: " read -r serverip add_hostname servername if ! grep -q "$add_hostname" /etc/hosts; then printf 'Hostname not found. adding...\n' echo "${serverip} ${add_hostname} ${servername}" | tee -a /etc/hosts printf "Print Host File.\n" cat /etc/hosts printf "Done.\n" else printf "Hostname exsits.\nAll good.\n" fi while true; do printf "Continue adding? (y/n)?" read -r yn yn=${yn:-n} case $yn in [Yy]*) creathostentry break ;; [Nn]*) break ;; esac done } ####################################################################### # Add Swapfile # ####################################################################### creatswapfile() { printf 'Enter Swapfile size in GB: ' read -r swapsize swapsize=${swapsize:-2} printf "You choose %s GB for swap.\n" "$swapsize" # does the swap file already exist? cp /etc/fstab /etc/fstab.bak # if not then create it if ! grep -q "swap" /etc/fstab; then printf 'Swap file not found.\nCreating Swap file.\n' fallocate -l "${swapsize}"G /swapfile chmod 600 /swapfile mkswap /swapfile swapon /swapfile printf "/swapfile none swap defaults 0 0" | tee -a /etc/fstab printf "\nDone\nSwap should be active.\nIf not reboot.\n" else printf 'Swap file found.\nNo changes made.\n' fi } ####################################################################### # Update OS on Server # ####################################################################### serverupdate() { printf "Debian Cleaning and Updating.\n" apt-get ${aptargs} autoremove apt-get autoclean apt-get ${aptargs} update apt-get ${aptargs} upgrade apt-get ${aptargs} dist-upgrade printf "Done.\n" } ####################################################################### # Install Standard Packages # ####################################################################### installpreq() { printf "Run Pre Install? (y/n)?" read -r yn yn=${yn:-n} case $yn in [Yy]*) apt-get install ${aptargs} curl wget gcc g++ make flex bison openssl libssl-dev perl perl-base \ perl-modules-5.36 libperl-dev libperl4-corelibs-perl libwww-perl libaio1 libaio-dev \ zlib1g zlib1g-dev libcap-dev cron bzip2 zip automake autoconf libtool cmake \ pkg-config python3 libdb-dev libsasl2-dev libncurses5 libncurses5-dev libcurl4-openssl-dev \ libsystemd-dev bind9 dnsutils quota patch logrotate rsyslog libc6-dev libexpat1-dev \ libcrypt-openssl-rsa-perl libnuma-dev libnuma1 rspamd git apt-transport-https btop sysstat libcurl4-doc libidn11-dev \ libkrb5-dev libldap2-dev librtmp-dev libssh2-1-dev screen inotify-tools ipset pigz tuned pcregrep rsync jq zip unzip ;; [Nn]*) ;; esac printf "Run set DA config? (y/n)?" read -r yn yn=${yn:-n} case $yn in [Yy]*) linebreak printf "Installing Standard directadmin config!\n" mkdir -p ${cbblddir} dir=${cbblddir} printf "Which webserver are we using? (Nginx-Apache) \n" echo "1 Apache" echo "2 Nginx" echo "3 Nginx-Apache" read -r websrv websrv=${websrv:-1} case $websrv in 1) do_install "options.conf" "https://files.delaintech.com/cb_opt/options.conf" do_install "php_extensions.conf" "https://files.delaintech.com/cb_opt/php_extensions.conf" ;; 2) do_install "options.conf" "https://files.delaintech.com/cb_opt/ngx/options.conf" do_install "php_extensions.conf" "https://files.delaintech.com/cb_opt/ngx/php_extensions.conf" ;; 3) do_install "options.conf" "https://files.delaintech.com/cb_opt/ngx_ap/options.conf" do_install "php_extensions.conf" "https://files.delaintech.com/cb_opt/ngx_ap/php_extensions.conf" ;; *) echo "Please choose a different one." ;; esac linebreak printf "Here is what you have set for DA setup configs.\n" cat options.conf printf "Email set to %s.\n" "$DA_EMAIL" #printf "Nameservers set to %s and %s.\n" "$DA_NS1" "$DA_NS2" echo ${DA_EMAIL} >/root/.forward printf "Email forward set to %s.\n" "$DA_EMAIL" linebreak tuned-adm profile virtual-host printf "Done.\n" ;; [Nn]*) ;; esac } ####################################################################### # Install Directadmin # ####################################################################### installdirectadmin() { if [ ! -f "$daconfile" ]; then printf "No problem, let's get DirectAdmin installed first...\nThis could take a minute...\nor two... or thirty...\nPlease wait ...\n" cd /root || return wget -O setup.sh https://download.directadmin.com/setup.sh chmod 755 setup.sh export DA_EMAIL="tech@delainhosting.com" export DA_NS1="dns3.${svrdomainname}" export DA_NS2="dns2.${svrdomainname}" unset da_key printf "Do you have a License key to enter or auto? " read -r da_key ./setup.sh "$da_key" sleep 10 tail -f /usr/local/directadmin/custombuild/install.txt else printf "Directadmin already installed.\n" fi } ####################################################################### # Harden Server # ####################################################################### hardenserver() { printf "Do we need to Secure sshd? (y/n)? " read -r yn yn=${yn:-n} case $yn in [Yy]*) cursshport="$(grep -m1 -E "Port .*" /etc/ssh/sshd_config)" printf "Enter SSH port to change to: " read -r sshport sshport=${sshport:-14} printf "Set to Port: %s\n" "$sshport" printf "Securing the server, please wait...\n" sed -i -e "s/$cursshport/Port ${sshport}/g" /etc/ssh/sshd_config sed -i -e 's/.*UseDNS .*/UseDNS no/g' /etc/ssh/sshd_config sed -i -e 's/#AddressFamily any/AddressFamily inet/g' /etc/ssh/sshd_config sed -i -e 's/#LoginGraceTime 2m/LoginGraceTime 2m/g' /etc/ssh/sshd_config sed -i -e 's/#MaxAuthTries 6/MaxAuthTries 5/g' /etc/ssh/sshd_config sed -i -e 's/#MaxStartups 10:30:100/MaxStartups 10:30:100/g' /etc/ssh/sshd_config sed -i -e 's/.*PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config sed -i -e 's/.*PasswordAuthentication .*/PasswordAuthentication no/g' /etc/ssh/sshd_config sed -i -e 's/#ClientAliveInterval .*/ClientAliveInterval 120/g' /etc/ssh/sshd_config sed -i -e 's/#ClientAliveCountMax .*/ClientAliveCountMax 15/g' /etc/ssh/sshd_config sed -i -e 's/.*PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config sed -i -e 's/.*AuthorizedKeysFile .*/AuthorizedKeysFile .*/g' /etc/ssh/sshd_config systemctl restart sshd if [[ $(systemctl is-active rpcbind) = active ]]; then printf "rpcbind found.\nRemoving.\n" systemctl stop rpcbind systemctl disable rpcbind printf "Removal complete.\n" else printf "RPCbind not found.\nNo changes made.\n" fi if [[ $(systemctl is-active firewalld) = active ]]; then printf "Firewalld found.\nRemoving.\n" systemctl unmask --now firewalld systemctl disable firewalld apt-get ${aptargs} remove firewalld printf "Removal complete.\n" else printf "Firewalld not found.\nNo changes made.\n" fi ;; [Nn]*) ;; esac printf "Do we need to install ImmunifyAV? (y/n)? " read -r yn yn=${yn:-n} case $yn in [Yy]*) installimuav ;; [Nn]*) ;; esac printf "Do we need to install Fail2Ban? (y/n)? " read -r yn yn=${yn:-n} case $yn in [Yy]*) installf2b ;; [Nn]*) ;; esac printf "Do we need to secure PHP? (y/n)? " read -r yn yn=${yn:-n} case $yn in [Yy]*) cd ${cbblddir} || exit mkdir -p custom touch custom/php_disable_functions echo "show_source, system, shell_exec, passthru, popen" >custom/php_disable_functions ${cb} secure_php ;; [Nn]*) ;; esac } ####################################################################### # Install Firewall # ####################################################################### installfirewall() { touch /etc/whitelist_ips echo "99.34.232.208" >/etc/whitelist_ips echo "127.0.0.1" >>/etc/whitelist_ips echo "$serverip" >>/etc/whitelist_ips touch /etc/blocked_ips ${da} config-set ip_blacklist /etc/blocked_ips ${da} config-set ip_whitelist /etc/whitelist_ips #clear DA brute lists >/usr/local/directadmin/data/admin/brute_ip.data >/usr/local/directadmin/data/admin/brute_log_entries.list printf "Securing the server, please wait...\n" curl -o da-csf-basic-install.sh -L https://files.delaintech.com/fw/da-csf-basic-install.sh && bash da-csf-basic-install.sh } ####################################################################### # Install Fail2Ban # ####################################################################### installf2b() { if [[ $(systemctl is-active fail2ban) = active ]]; then printf "Fail2Ban already Installed.\nUpdating configuration.\n" sed -i -e "s|dbpurgeage = .*|dbpurgeage = 1296000|g" /etc/fail2ban/fail2ban.conf printf "Which webserver are we using? (Nginx-Apache) \n" echo "1 Apache" echo "2 Nginx" echo "3 Nginx-Apache" read -r websrv websrv=${websrv:-1} case $websrv in 1) wget -rnH --cut-dirs=3 https://files.delaintech.com/f2b/da/ap/jail.local -P /etc/fail2ban/ ;; 2) wget -rnH --cut-dirs=3 https://files.delaintech.com/f2b/da/ngx/jail.local -P /etc/fail2ban/ ;; 3) wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/da/jail.local -P /etc/fail2ban/ ;; *) echo "Please choose a different one." ;; esac wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/da/fail2ban -P /etc/logrotate.d/ wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/da/paths-overrides.local -P /etc/fail2ban/ wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/da/abuseipdb.conf -P /etc/fail2ban/action.d/ wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/da/csf-ip-deny.conf -P /etc/fail2ban/action.d/ wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/da/wordpress.conf -P /etc/fail2ban/filter.d/ wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/da/wordpress-xmlrpc.conf -P /etc/fail2ban/filter.d/ wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/da/proftpd-anon.conf -P /etc/fail2ban/filter.d/ sed -i -e "s|comment=Fail2ban Reports Abuse.|comment=Fail2ban at $servername Reports Abuse.|g" /etc/fail2ban/action.d/abuseipdb.conf sed -i -e "s|mode = .*|mode = aggressive|g" /etc/fail2ban/filter.d/exim.conf touch /var/www/html/roundcube/logs/errors.log systemctl restart fail2ban systemctl status fail2ban ${da} config-set bruteforce 0 ${da} config-set brute_force_log_scanner 0 ${da} config-set brute_force_scan_apache_logs 0 systemctl restart directadmin else printf "Fail2Ban Installing.\nAlso turning off BFM in DA.\n" apt-get install ${aptargs} fail2ban iptables geoip-bin geoip-database python3-pyinotify systemctl enable fail2ban systemctl start fail2ban printf "Which webserver are we using? (Nginx-Apache) \n" echo "1 Apache" echo "2 Nginx" echo "3 Nginx-Apache" read -r websrv websrv=${websrv:-1} case $websrv in 1) wget -rnH --cut-dirs=3 https://files.delaintech.com/f2b/da/ap/jail.local -P /etc/fail2ban/ ;; 2) wget -rnH --cut-dirs=3 https://files.delaintech.com/f2b/da/ngx/jail.local -P /etc/fail2ban/ ;; 3) wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/da/jail.local -P /etc/fail2ban/ ;; *) echo "Please choose a different one." ;; esac sed -i -e "s|dbpurgeage = .*|dbpurgeage = 1296000|g" /etc/fail2ban/fail2ban.conf wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/da/paths-overrides.local -P /etc/fail2ban/ wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/da/abuseipdb.conf -P /etc/fail2ban/action.d/ wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/da/csf-ip-deny.conf -P /etc/fail2ban/action.d/ wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/da/wordpress.conf -P /etc/fail2ban/filter.d/ wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/da/wordpress-xmlrpc.conf -P /etc/fail2ban/filter.d/ wget -rnH --cut-dirs=2 https://files.delaintech.com/f2b/da/proftpd-anon.conf -P /etc/fail2ban/filter.d/ sed -i -e "s|comment=Fail2ban Reports Abuse.|comment=Fail2ban at $servername Reports Abuse.|g" /etc/fail2ban/action.d/abuseipdb.conf sed -i -e "s|mode = .*|mode = aggressive|g" /etc/fail2ban/filter.d/exim.conf touch /var/www/html/roundcube/logs/errors.log systemctl restart fail2ban ${da} config-set bruteforce 0 ${da} config-set brute_force_log_scanner 0 ${da} config-set brute_force_scan_apache_logs 0 systemctl restart directadmin fi bshrvals=("alias fbc='fail2ban-client status '") printf 'Adding values in to %s.\n Please wait.\n' "$bshrc" for bshrval in "${bshrvals[@]}"; do if grep -q "$bshrval" ${bshrc}; then printf '%s exists.\n Skipping.\n' "$bshrval" else printf '%s does not exist\n' "$bshrval" printf '#added by DH.\n' >>${bshrc} printf '%s\n' "$bshrval" >>${bshrc} fi done } ####################################################################### # Install LetsEncrypt # ####################################################################### installletsencrypt() { resolvedip=$(dig "${cur_hostname}" | awk '/^;; ANSWER SECTION:$/ { getline ; print $5 }') if [ -n "${resolvedip}" ]; then printf 'Creating add sni. adding...' ${da} config-set mail_sni 1 printf "Installing Letsencrypt.\n" ${da} config-set letsencrypt 1 echo "action=directadmin&value=restart" >>/usr/local/directadmin/data/task.queue /usr/local/directadmin/dataskq d2000 ${cb} set redirect_host "${cur_hostname}" ${cb} set redirect_host_https yes ${cb} rewrite_confs ${cb} update ${cb} letsencrypt #set ssl on server printf "Installing SSL to server.\n" cd ${dadir}/scripts || exit ./letsencrypt.sh request_single "${cur_hostname}" 4096 ${da} config-set ssl 1 ${da} config-set force_hostname "${cur_hostname}" #${da} config-set ssl_redirect_host "${cur_hostname}" ${da} config-set letsencrypt_list www:webmail:mail:ftp ${da} config-set letsencrypt_list_selected www:webmail:mail:ftp ${da} config-set letsencrypt_renewal_notice_to_admins 0 ${da} config-set admin_ssl_install_to_missing 1 ${da} config-set admin_ssl_replace_all_expired_invalid 1 systemctl restart directadmin printf "Fingers crossed..if your server resolves to the name it should have worked.\n" else printf "Nope..if your server does not resolve. Check DNS.. \n" fi } ####################################################################### # Install Mysqltuner # ####################################################################### installmysqltuner() { cd /usr/bin || exit wget http://mysqltuner.pl/ -O mysqltuner wget https://raw.githubusercontent.com/major/MySQLTuner-perl/master/basic_passwords.txt -O basic_passwords.txt wget https://raw.githubusercontent.com/major/MySQLTuner-perl/master/vulnerabilities.csv -O vulnerabilities.csv chmod +x mysqltuner } ####################################################################### # Install Imunify AV # ####################################################################### installimuav() { cd $builddir || return wget https://repo.imunify360.cloudlinux.com/defence360/imav-deploy.sh -O imav-deploy.sh bash imav-deploy.sh } ####################################################################### # Install Maldetect # ####################################################################### installmaldetect() { cd $builddir || return wget https://www.rfxn.com/downloads/maldetect-current.tar.gz tar -xzf maldetect-*.tar.gz rm -rf maldetect-*.tar.gz cd maldetect* || return sh install.sh wget https://files.delaintech.com/conf.maldet -O conf.maldet \cp -f conf.maldet /usr/local/maldetect/ maldet -u } ####################################################################### # Install Mail Queue # ####################################################################### installmailqueue() { cd $builddir || exit wget http://download.configserver.com/cmq.tgz tar -xzf cmq.tgz cd cmq || exit sh install.sh } ####################################################################### # Install Installatron # ####################################################################### installinstallatron() { cd $builddir || exit wget https://data.installatron.com/installatron-plugin.sh chmod +x installatron-plugin.sh ./installatron-plugin.sh -f } ####################################################################### # Install KernelCare # ####################################################################### installkernelcare() { #Is Linux Kernel Compatible? printf "Linux Kernel Compatible?\n" comp="$(curl -s -L https://kernelcare.com/checker | python3)" #What install KernelCare if [ "$comp" = "COMPATIBLE" ]; then printf "Yes..System Kernel Compatible.\nContinue on....\n" curl -s -L https://kernelcare.com/installer | bash printf "Kernel Care installed.\n" printf 'Enter KernelCare license key: ' read -r kckey kc_key=${kckey:-JOfCWN9tFkOYi1sl} /usr/bin/kcarectl --register $kc_key /usr/bin/kcarectl --update else printf "System runs on unsupported kernel. Not installed...\n" fi } ####################################################################### # Main Configure Section # ####################################################################### ####################################################################### # Configure Directadmin # ####################################################################### confdirectadmin() { mkdir -p "${datplcust}" || return printf "Installing Custombuild Custom Templates.\n" wget -rxnH -R "index.html*" --no-parent --cut-dirs=1 https://files.delaintech.com/cb_tpl/ -P ${datplcust} chown -R diradmin:diradmin ${datplcust} printf "Installing Custombuild Custom Configuration.\n" wget -rxnH -R "index.html*" --no-parent --cut-dirs=1 https://files.delaintech.com/cb_cust/ -P ${cbcustdir} chmod -R 755 ${cbcustdir} chown -R root:root ${cbcustdir} printf "Which webserver are we using? (Nginx-Apache) \n" echo "1 Apache" echo "2 Nginx" echo "3 Nginx-Apache" read -r websrv websrv=${websrv:-1} case $websrv in 1) ${cb} set webserver apache ${cb} apache ;; 2) ${cb} set webserver nginx ${cb} nginx ;; 3) ${cb} set webserver nginx_apache ${cb} nginx_apache ;; *) echo "Please choose a different one." ;; esac ${cb} opcache systemctl enable directadmin cp /usr/local/directadmin/scripts/setup.txt /usr/local/directadmin/scripts/setupdh.txt dir=${dascptcust} do_install "user_create_post.sh" "https://files.delaintech.com/da_scpt/user_create_post.sh" #chmod 755 ${dascptcust}/user_create_post.sh cp "$daconfile" "$daconfile".bak ${cb} secure_php ${da} config-set numservers 5 ${da} config-set ipv6 1 ${da} config-set zstd 1 ${da} config-set backup_gzip 1 ${da} config-set zip 1 ${da} config-set pigz "${cpu_cores}" ${da} config-set enforce_difficult_passwords 1 ${da} config-set difficult_password_length_min 8 ${da} config-set check_subdomain_owner 1 ${da} config-set admin_helper clients.delainhosting.com ${da} config-set cluster 1 ${da} config-set enable_threads 1 ${da} config-set cpu_in_system_info 1 ${da} config-set delete_messages_days 1 ${da} config-set delete_tickets_days 1 ${da} config-set msg_sys "Delain Hosting" ${da} config-set update_channel current ${da} config-set jail 0 systemctl restart directadmin ${cb} rewrite_confs } ####################################################################### # Configure DNS # ####################################################################### confnamed() { dir=${datplcust} do_install "dns_a.conf" "https://files.delaintech.com/cb_tpl/dns_a.conf" do_install "dns_aaaa.conf" "https://files.delaintech.com/cb_tpl/dns_aaaa.conf" do_install "dns_ns.conf" "https://files.delaintech.com/cb_tpl/dns_ns.conf" do_install "dns_txt.conf" "https://files.delaintech.com/cb_tpl/dns_txt.conf" sed -i -e "s|.*listen-on-v6[[:blank:]]*.{ any; };||g" /etc/bind/named.conf.options sed -i -e "s|.*allow-transfer[[:blank:]]*.{ none; };||g" /etc/bind/named.conf.options sed -i -e "s|dnssec-validation.*|dnssec-validation yes;|g" /etc/bind/named.conf.options cd ${dascptdir} || exit ./dnssec.sh install if ! grep -q "recursion no;" /etc/bind/named.conf.options; then printf "Setting up DNS.\n" cp /etc/bind/named.conf.options /etc/bind/named.conf.options.bak sed -i.bkp '/dnssec-validation yes;/a\ listen-on { '"$serverip"'; };\ listen-on-v6 { '"$serverip6"'; };\ bindkeys-file "/etc/bind/named.iscdlv.key";\ recursion no;\ notify yes;\ allow-transfer { 209.145.52.110; 144.91.108.77; };\ also-notify { 209.145.52.110; 144.91.108.77; };\ version "Not Found";\ ' /etc/bind/named.conf.options else printf "DNS Setup Complete.\n" fi printf "Standard Namesevers or Custom? (Standard) \n" echo "1 Standard" echo "2 Custom" read -r nssrv nssrv=${nssrv:-1} case $nssrv in 1) ${da} config-set ns1 "dns3.${svrdomainname}" ${da} config-set ns2 "dns2.${svrdomainname}" ;; 2) unset ns1 printf "What is the NS1 you would like to set? (fdqn) " read -r ns1 ${da} config-set ns1 "$ns1" unset ns2 printf "What is the NS2 you would like to set? (fdqn) " read -r ns2 ${da} config-set ns2 "$ns2" ;; *) echo "Please choose a different one." ;; esac ${da} config-set dns_ttl 1 ${da} config-set default_ttl 43200 apt-get remove resolvconf echo 'make_resolv_conf() { :; }' >/etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone chmod 755 /etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone if ! grep -q "9.9.9.9" /etc/resolv.conf; then printf "Setup Resolver configuration.\n" cat >/etc/resolv.conf </etc/exim.easy_spam_fighter/variables.conf.custom echo "EASY_SPF_FAIL==50" >>/etc/exim.easy_spam_fighter/variables.conf.custom echo "EASY_DKIM_FAIL==10" >>/etc/exim.easy_spam_fighter/variables.conf.custom echo "ssl=required" >/etc/dovecot/conf.d/force_ssl.conf #mail quota warning cd /etc/dovecot/conf.d || return wget -O 91-quota-warning.conf http://files.directadmin.com/services/all/91-quota-warning.conf wget -O /usr/local/bin/quota-warning.sh http://files.directadmin.com/services/all/quota-warning.sh chmod 755 /usr/local/bin/quota-warning.sh #end mail quota warning #remove rbl checking cd /etc/virtual || return rm -f use_rbl_domains touch use_rbl_domains #Custom MX templates mkdir -p ${mxtpldir} rm -f /usr/local/directadmin/data/templates/mx/custom/* wget -rxnH -R "index.html*" --no-parent --cut-dirs=1 https://files.delaintech.com/mx_cust/ -P ${datplcust} chown diradmin:diradmin ${mxtpldir}/'*.txt' #Webmail client choice ${da} config-set webmail_link roundcube ${cb} set roundcube yes printf 'Running CB commands.\n' ${cb} clean ${cb} update ${cb} dovecot ${cb} exim ${cb} pigeonhole ${cb} exim_conf ${cb} dovecot_conf ${cb} blockcracking ${cb} roundcube do_setting "mail soft nofile 65535" "$limitsconf" do_setting "mail hard nofile 65535" "$limitsconf" do_setting "mail soft core unlimited" "$limitsconf" do_setting "mail hard core unlimited" "$limitsconf" ;; [Nn]*) ;; esac printf "Set Root mail? (y/n)? " read -r yn yn=${yn:-n} case $yn in [Yy]*) printf "Where should root email go: " read -r rootemail rootemail=${rootemail:-tech@delainhosting.com} if grep -E "$rootemail" /etc/aliases >/dev/null; then printf "%s found already set in Aliases file.\n" "$rootemail" else sed -i -e "s|.*[[:blank:]]*root:[[:blank:]].*|root: ${rootemail}|g" /etc/aliases newaliases printf "Email set to: " grep -E "$rootemail" /etc/aliases fi echo "$cur_hostname" >/etc/mailname ;; [Nn]*) ;; esac printf "Disable POP mail? (y/n)? " read -r yn yn=${yn:-y} case $yn in [Yy]*) touch /etc/exim.variables.conf.custom grep -qxF 'hostlist relay_hosts=' /etc/exim.variables.conf.custom || echo 'hostlist relay_hosts=' >>/etc/exim.variables.conf.custom ;; [Nn]*) ;; esac printf "Setup standard mail settings? (y/n)? " read -r yn yn=${yn:-n} case $yn in [Yy]*) printf 'Creating add sni. adding...\n' ${da} config-set mail_sni 1 ${da} config-set dkim 1 ${da} config-set spam_inbox_prefix 0 ${da} config-set purge_spam_days 30 ${da} config-set mx_templates 1 ${da} config-set direct_imap_backup 1 ${da} config-set one_click_webmail_login 1 ${cb} set webapps_inbox_prefix no echo "EASY_NO_REVERSE_IP==50" >/etc/exim.easy_spam_fighter/variables.conf.custom echo "EASY_SPF_FAIL==50" >>/etc/exim.easy_spam_fighter/variables.conf.custom echo "EASY_DKIM_FAIL==10" >>/etc/exim.easy_spam_fighter/variables.conf.custom echo "ssl=required" >/etc/dovecot/conf.d/force_ssl.conf #mail quota warning cd /etc/dovecot/conf.d || return wget -O 91-quota-warning.conf http://files.directadmin.com/services/all/91-quota-warning.conf wget -O /usr/local/bin/quota-warning.sh http://files.directadmin.com/services/all/quota-warning.sh chmod 755 /usr/local/bin/quota-warning.sh #end mail quota warning #remove rbl checking cd /etc/virtual || return rm -f use_rbl_domains touch use_rbl_domains #Custom MX templates mkdir -p ${mxtpldir} rm -f /usr/local/directadmin/data/templates/mx/custom/* wget -rxnH -R "index.html*" --no-parent --cut-dirs=1 https://files.delaintech.com/mx_cust/ -P ${datplcust} chown diradmin:diradmin ${mxtpldir}/'*.txt' #Webmail client choice ${da} config-set webmail_link roundcube ${cb} set roundcube yes ${cb} set squirrelmail no ${cb} roundcube mkdir -p ${dadir}/custombuild/custom/roundcube/ cp /var/www/html/roundcube/config/config.inc.php ${cbblddir}/custom/roundcube/config.inc.php sed -i -e 's|"'localhost'"|tls://%n|g' ${cbblddir}/custom/roundcube/config.inc.php sed -i -e 's/Roundcube Webmail/Delain Hosting Webmail/g' ${cbblddir}/custom/roundcube/config.inc.php cat >/etc/dovecot/conf.d/90-special-folders.conf <<"eol" namespace inbox { type = private separator = . subscriptions = yes inbox = yes } namespace inbox { mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Archive { auto = subscribe special_use = \Archive } mailbox Trash { auto = subscribe special_use = \Trash } mailbox Sent { auto = subscribe special_use = \Sent } } eol #End Webmail client choice do_setting "mail soft nofile 65535" "$limitsconf" do_setting "mail hard nofile 65535" "$limitsconf" do_setting "mail soft core unlimited" "$limitsconf" do_setting "mail hard core unlimited" "$limitsconf" ;; esac printf "Install Mail Queue (y/n)?" read -r yn yn=${yn:-n} case $yn in [Yy]*) installmailqueue ;; [Nn]*) ;; esac systemctl restart directadmin ${cb} exim_conf ${cb} dovecot_conf ${cb} rewrite_confs } ####################################################################### # Configure httpd # ####################################################################### confhttpd() { printf "Rebuild all of httpd? (y/n)? " read -r yn yn=${yn:-y} case $yn in [Yy]*) printf 'Adding Custom Post templates.\n Please wait.\n' dir=${datplcust} do_install "virtual_host2.conf.CUSTOM.post" "https://files.delaintech.com/cb_tpl/virtual_host2.conf.CUSTOM.post" do_install "virtual_host2_secure.conf.CUSTOM.4.post" "https://files.delaintech.com/cb_tpl/virtual_host2_secure.conf.CUSTOM.4.post" do_install "virtual_host2.conf.CUSTOM.4.post" "https://files.delaintech.com/cb_tpl/virtual_host2.conf.CUSTOM.4.post" do_install "virtual_host2_secure_sub.conf.CUSTOM.4.post" "https://files.delaintech.com/cb_tpl/virtual_host2_secure_sub.conf.CUSTOM.4.post" do_install "virtual_host2_sub.conf.CUSTOM.4.post" "https://files.delaintech.com/cb_tpl/virtual_host2_sub.conf.CUSTOM.4.post" printf 'Adding Custom HTTPD config.\n Please wait.\n' dir="${cbcustdir}/ap2/conf/extra" do_install "httpd-default.conf" "https://files.delaintech.com/cb_cust/ap2/conf/extra/httpd-default.conf" do_install "httpd-mpm.conf" "https://files.delaintech.com/cb_cust/ap2/conf/extra/httpd-mpm.conf" do_install "httpd-deflate.conf" "https://files.delaintech.com/cb_cust/ap2/conf/extra/httpd-deflate.conf" do_setting "apache soft nofile 65535" "$limitsconf" do_setting "apache hard nofile 65535" "$limitsconf" do_setting "apache soft core unlimited" "$limitsconf" do_setting "apache hard core unlimited" "$limitsconf" ${cb} rewrite_confs ;; [Nn]*) ;; esac } ####################################################################### # Configure MariaDB # ####################################################################### confmysql() { bpsize=$(echo "$mem_total" | awk '{print $1 * .50}') bplsize=$(echo "$bpsize" | awk '{print $1 * .25}') mkdir -p /var/log/mysql/ || return touch "/var/log/mysql/${servername}.${svrdomainname}.com.err" dir="/etc" cp "$myconf" "$myconf".bak >"$myconf" do_setting "[mysqld]" "$myconf" do_setting "local-infile=0" "$myconf" do_setting "log-error=/var/log/mysql/${servername}.${svrdomainname}.err" "$myconf" do_setting "performance_schema=ON" "$myconf" do_setting "bind-address = 127.0.0.1" "$myconf" do_setting "skip-name-resolve=1" "$myconf" do_setting "max_allowed_packet=64M" "$myconf" do_setting "key_buffer_size=10MB" "$myconf" do_setting "innodb_file_per_table" "$myconf" do_setting "innodb_buffer_pool_size=${bpsize}G" "$myconf" do_setting "innodb_log_file_size=${bplsize}G" "$myconf" do_setting "max_allowed_packet=64M" "$myconf" echo ' ' >> "$myconf" do_setting "[client]" "$myconf" do_setting "socket=/usr/local/mysql/data/mysql.sock" "$myconf" dir="/usr/local/directadmin/conf" do_setting "socket=/usr/local/mysql/data/mysql.sock" "$damycnf" sed -i -e "s|socket = /run/mysqld/mysqld.sock.*|#socket = /run/mysqld/mysqld.sock|g" /etc/mysql/my.cnf printf "Mysql Setup Complete.\n" printf "Do we need to install Mysqltuner? (y/n)? " read -r yn yn=${yn:-n} case $yn in [Yy]*) installmysqltuner ;; [Nn]*) ;; esac do_setting "mysql soft nofile 65535" "$limitsconf" do_setting "mysql hard nofile 65535" "$limitsconf" do_setting "mysql soft core unlimited" "$limitsconf" do_setting "mysql hard core unlimited" "$limitsconf" do_setting "vm.swappiness = 1" "$sysctlconf" ${da} config-set one_click_pma_login 1 systemctl restart directadmin } ####################################################################### # Configure nginx # ####################################################################### confnginx() { printf "Which webserver are we using? (Nginx-Apache) \n" echo "1 Nginx" echo "2 Nginx-Apache" read -r websrv websrv=${websrv:-2} case $websrv in 1) printf 'Adding Custom Post templates.\n Please wait.\n' dir=${datplcust} do_install "nginx_server.conf" "https://files.delaintech.com/cb_tpl/nginx_server.conf" do_install "nginx_server_secure.conf" "https://files.delaintech.com/cb_tpl/nginx_server_secure.conf" do_install "nginx_server_sub.conf.CUSTOM.4.post" "https://files.delaintech.com/cb_tpl/nginx_server_sub.conf.CUSTOM.4.post" do_install "nginx_server_secure.conf.CUSTOM.4.post" "https://files.delaintech.com/cb_tpl/nginx_server_secure.conf.CUSTOM.4.post" do_install "nginx_server_secure_sub.conf.CUSTOM.4.post" "https://files.delaintech.com/cb_tpl/nginx_server_secure_sub.conf.CUSTOM.4.post" printf 'Adding Custom Nginx config.\n Please wait.\n' dir="${cbcustdir}/nginx/conf" do_install "nginx.conf" "https://files.delaintech.com/cb_cust/nginx/conf/nginx.conf" do_install "nginx-events.conf" "https://files.delaintech.com/cb_cust/nginx/conf/nginx-events.conf" ${cb} rewrite_confs ;; 2) printf 'Adding Custom Post templates.\n Please wait.\n' dir=${datplcust} do_install "nginx_server.conf" "https://files.delaintech.com/cb_tpl/nginx_server.conf" do_install "nginx_server_secure.conf" "https://files.delaintech.com/cb_tpl/nginx_server_secure.conf" do_install "nginx_server_sub.conf.CUSTOM.4.post" "https://files.delaintech.com/cb_tpl/nginx_server_sub.conf.CUSTOM.4.post" do_install "nginx_server_secure.conf.CUSTOM.4.post" "https://files.delaintech.com/cb_tpl/nginx_server_secure.conf.CUSTOM.4.post" do_install "nginx_server_secure_sub.conf.CUSTOM.4.post" "https://files.delaintech.com/cb_tpl/nginx_server_secure_sub.conf.CUSTOM.4.post" printf 'Adding Custom Nginx config.\n Please wait.\n' dir="${cbcustdir}/nginx_reverse/conf" do_install "nginx.conf" "https://files.delaintech.com/cb_cust/nginx_reverse/conf/nginx.conf" do_install "nginx-events.conf" "https://files.delaintech.com/cb_cust/nginx_reverse/conf/nginx-events.conf" ${cb} rewrite_confs ;; *) echo "Please choose a different one." ;; esac do_setting "nginx soft nofile 65535" "$limitsconf" do_setting "nginx hard nofile 65535" "$limitsconf" do_setting "nginx soft core unlimited" "$limitsconf" do_setting "nginx hard core unlimited" "$limitsconf" do_setting "net.core.somaxconn = 65536" "$sysctlconf" ${cb} rewrite_confs } ####################################################################### # Configure Proftpd with SFTP # ####################################################################### confproftpd() { printf "Setting up Proftpd.\n" cd ${dadir} || return if ! ${da} config | grep -q unified_ftp_password_file=1; then printf "Password file conversion in progress.\n" ${da} config-set unified_ftp_password_file 1 echo "action=convert&value=unifiedftp" >>data/task.queue ./dataskq d1 else printf "Unified Password file complete.\n" fi ${cb} set ftpd proftpd mkdir -p ${cbcustdir}/{proftpd,conf} dir="${cbcustdir}/proftpd" do_install "configure.proftpd" "https://files.delaintech.com/cb_cust/proftpd/configure.proftpd" #chmod 755 "$dir/configure.proftpd" dir="${cbcustdir}/proftpd/conf" do_install "proftpd.conf" "https://files.delaintech.com/cb_cust/proftpd/conf/proftpd.conf" dir=/etc do_install "proftpd.sftp.conf" "https://files.delaintech.com/cb_cust/proftpd/proftpd.sftp.conf" sed -i -e "s|||g" /etc/proftpd.sftp.conf chmod 600 /etc/ssh/ssh_host_rsa_key ${cb} proftpd proftpd --configtest printf "Setting up Proftp.\n" systemctl enable proftpd systemctl restart proftpd printf "Done.\n" } ######################################################################## # Configure Performance # ####################################################################### perfmserver() { printf "Setting up Server General file Ulimits.\n" do_setting "* soft nofile 65535" "$limitsconf" do_setting "* hard nofile 65535" "$limitsconf" do_setting "root soft nofile 65535" "$limitsconf" do_setting "root hard nofile 65535" "$limitsconf" do_setting "admin soft nofile 65535" "$limitsconf" do_setting "admin hard nofile 65535" "$limitsconf" printf "Setting up Server Sysctl file.\n" do_setting "net.core.somaxconn = 65536" "$sysctlconf" do_setting "net.ipv4.conf.all.log_martians = 1" "$sysctlconf" do_setting "net.ipv4.tcp_fin_timeout = 15" "$sysctlconf" do_setting "net.ipv4.tcp_rfc1337 = 1" "$sysctlconf" do_setting "net.ipv4.tcp_synack_retries = 3" "$sysctlconf" do_setting "net.ipv4.tcp_syncookies = 0" "$sysctlconf" do_setting "net.ipv4.tcp_syn_retries = 3" "$sysctlconf" do_setting "vm.swappiness = 1" "$sysctlconf" do_setting "kernel.printk = 3 4 1 3" "$sysctlconf" printf "Complete Reboot.\n" doreboot } ####################################################################### # Check Server Satus # ####################################################################### serverstatus() { printf "Checking Directadmin." systemctl is-active directadmin printf "done" } ####################################################################### # Rebuild Directadmin # ####################################################################### buildalld() { printf 'Running Build All D...Go sleep or get Coffee!' ${cb} clean ${cb} update ${cb} all ${cb} rewrite_confs printf "Build ALL done.\n" } ####################################################################### # Backup Server # ####################################################################### backupall() { dir=${dascptcust} do_install "all_backups_post.sh" "https://files.delaintech.com/da_scpt/all_backups_post.sh" #chmod 755 ${dascptcust}/all_backups_post.sh dir=${datadmdir} do_install "backup.conf" "https://files.delaintech.com/backup.conf" do_install "backup_crons.list" "https://files.delaintech.com/backup_crons.list" printf "Install Rclone for file backup.(yn)" read -r yn yn=${yn:-n} case $yn in [Yy]*) printf 'Installing Rclone for file backup.\n' apt-get install ${aptargs} rclone mkdir -p /var/log/rclone touch /var/log/rclone/aws.log printf "Setup Rclone.\n" rclone config ;; [Nn]*) ;; esac printf "Run Server file backup?(yn)" read -r yn yn=${yn:-n} case $yn in [Yy]*) if [ -d /sys_backup ] && [ -d /admin_backups ]; then chmod 755 /admin_backups chmod 755 /sys_backup chown admin:admin /admin_backups chown admin:admin /sys_backup cd / tar -cvpzf /sys_backup/backup.tar.gz \ --exclude=/sys_backup/backup.tar.gz \ --exclude=/home/admin/admin_backup \ --exclude=/admin_backups \ --exclude=/root/.c* \ --exclude=/root/install.log \ /home/admin/hb* \ /usr/local/directadmin/conf \ /usr/local/directadmin/scripts/custom \ /usr/local/directadmin/custombuild/custom \ /usr/local/directadmin/data/templates/custom \ /usr/local/directadmin/data/templates/mx \ /usr/local/directadmin/data/admin/packages/ \ /usr/local/directadmin/data/admin/packages.list \ /usr/local/directadmin/data/users/admin/packages/ \ /usr/local/directadmin/data/users/admin/packages.list \ /usr/local/directadmin/data/admin/backup* \ /sys_backup/mysql_backups \ /etc \ /var/named \ /var/spool/cron \ /root printf "Server Backup done.\n" else rm -Rf /home/admin/admin_backup mkdir /admin_backups mkdir /sys_backup chmod 755 /admin_backups chmod 755 /sys_backup chown admin:admin /admin_backups cd / tar -cvpzf /sys_backup/backup.tar.gz \ --exclude=/sys_backup/backup.tar.gz \ --exclude=/home/admin/admin_backup \ --exclude=/admin_backups \ --exclude=/root/.c* \ --exclude=/sys_backup/backup.tar.gz \ --exclude=/admin_backups \ --exclude=/root/.c* \ --exclude=/root/install.log \ /home/admin/hb* \ /usr/local/directadmin/conf \ /usr/local/directadmin/scripts/custom \ /usr/local/directadmin/custombuild/custom \ /usr/local/directadmin/data/templates/custom \ /usr/local/directadmin/data/templates/mx \ /usr/local/directadmin/data/admin/packages/ \ /usr/local/directadmin/data/admin/packages.list \ /usr/local/directadmin/data/users/admin/packages/ \ /usr/local/directadmin/data/users/admin/packages.list \ /usr/local/directadmin/data/admin/backup* \ /sys_backup/mysql_backups \ /etc \ /var/named \ /var/spool/cron \ /root printf "Server Backup done.\n" fi /usr/local/directadmin/scripts/custom/all_backups_post.sh ;; [Nn]*) ;; esac printf "Run admin backup now?(yn)" read -r yn yn=${yn:-n} case $yn in [Yy]*) printf 'Running admin backup.\n' /usr/local/directadmin/directadmin admin-backup --destination=/admin_backups --user=admin ;; [Nn]*) ;; esac printf "Restore from file backup.(yn)" read -r yn yn=${yn:-n} case $yn in [Yy]*) owner="admin" local_path=/admin_backups ip_choice=select ip="$serverip" printf "IP for restore is %s.\n" "$ip" printf "User for restore is %s.\n" "$owner" action1="action=restore&local_path=${local_path}&owner=${owner}&when=now&where=local&type=admin" if [ "${ip_choice}" = "select" ]; then action2="&ip_choice=select&ip=${ip}" else action2="&ip_choice=${ip_choice}" fi cd ${local_path} || exit count=0 for i in $(/bin/ls -- *.gz); do { action3="&select${count}=$i" count=$((count + 1)) } done if [ "${count}" -eq 0 ]; then exit 1 fi restore1="$action1""$action2""$action3" echo "$restore1" >>/usr/local/directadmin/data/task.queue printf "File for restore is %s.\n" "$i" ;; [Nn]*) ;; esac } ####################################################################### # Main Menu of Script # ####################################################################### clear dasetup_banner linebreak #Check that user is root. if [ $EUID = "0" ]; then printf "We are root. Continue on....\n" else printf "This script must be run as root\n" exit 1 fi #What Distro are you on? printf "Distro are you on??\n" 2>&1 OS_VER=$(sed 's/\..*//' /etc/debian_version) if [ "$OS_VER" = 11 ]; then printf "This appears to be Debian version %s which is Good!!\n" "$OS_VER" elif [ "$OS_VER" = 12 ]; then printf "This appears to be Debian version %s which is Better!!\n" "$OS_VER" else [ "$OS_VER" != 11 ] printf "System runs on unsupported Linux. Exiting...\n" exit fi #Menus Starts here linebreak printf "Hostname: %s Server IP: %s Server IPV6: %s \n" "$serverip" "$cur_hostname" "$serverip6" linebreak cat <<"eot" MAIN SERVER SETUP MENU eot linebreak while true; do options=("Add Admin User" "Timezone" "Host file" "Hostname" "Remove hosts" "Add hosts" "Swap file" "Update server" "Install Required Packages" "Harden Server" "Install Directadmin" "Install Firewall" "Install LetsEncrypt" "Install KernelCare" "Install ImmunifyAV" "Install Installatron" "Configure Directadmin" "Configure Named" "Configure Mail" "Configure Apache" "Configure MySql" "Configure Nginx" "Configure Proftpd" "Performance Tweaks" "Check Server Status" "Build All" "Backup Server Files" "Quit") printf "Choose an option: \n" select opt in "${options[@]}"; do case $REPLY in 1) addadminuser break ;; 2) settimezone break ;; 3) creathostfile break ;; 4) creathostname break ;; 5) removehosts break ;; 6) addhosts break ;; 7) creatswapfile break ;; 8) serverupdate break ;; 9) installpreq break ;; 10) hardenserver break ;; 11) installdirectadmin break ;; 12) installfirewall break ;; 13) installletsencrypt break ;; 14) installkernelcare break ;; 15) installimuav break ;; 16) installinstallatron break ;; 17) confdirectadmin break ;; 18) confnamed break ;; 19) confmail break ;; 20) confhttpd break ;; 21) confmysql break ;; 22) confnginx break ;; 23) confproftpd break ;; 24) perfmserver break ;; 25) serverstatus break ;; 26) buildalld break ;; 27) backupall break ;; 28) break 2 ;; *) echo "Invalid option. Try again." >&2 ;; esac done done if [ -d "$builddir" ]; then rm -rf $builddir fi mkdir $builddir if [ "$run" ]; then ${run} exit fi printf "Cleaning up build files, please wait...\n" cd ~ || exit rm -rf $builddir