#!/usr/bin/bash ####################################################################### #script name: vm_setup_roc.sh #version: 1.6 #description: wrapper for installing da server #last modify date: 03102021 #author:brent dacus #email:brent[at]thedacus[dot]net ####################################################################### # banner # ####################################################################### export COLUMNS=100 dasetup_banner() { cat <<"eot" ad88888ba d8" "8b ,d Dd ,VM Y8, 88 HH 8b ,dPj ,dYa. `Y8aaaaa, ,adPPYba, MM88MMM 88 88 8b,dPPYba, a8 44 8P' V 8b `"""""8b, a8P_____88 88 88 88 88P' "8a 8b 55 88 d8 ` 8b 8PP""""""" 88 88 88 88 d8 'Da' 88 b8 Y8a a8P "8b, ,aa 88, "8a, ,a88 88b, ,a8" V TT YM "Y88888P" `"Ybbd8"' "Y888 `"YbbdP'Y8 88`YbbdP"' 88 88 eot cat <<"eot" Author: Brent Dacus eot } ####################################################################### # Variables # ####################################################################### cur_hostname="$(hostname)" serverip="$(hostname -I | awk '{print $1}')" serverip6="$(hostname -I | awk '{print $2}')" servername="$(hostname -s)" svrdomainname="$(hostname -d)" hstdomainname=delainhosting.com os=$(uname) vn=$(uname -v | tr -dc '0-9.' | cut -d \. -f1) cpu_cores=1 cpu_cores="$(cat /proc/cpuinfo | grep -F 'model name' | wc -l)" logfile=/root/install.log pkgargs="-y" csf_conf="/etc/csf/csf.conf" vmsetupbuild="/root/vmsetupbuild" vm="/usr/sbin/virtualmin" ####################################################################### # User Variables # ####################################################################### rootemail="tech@delainhosting.com" kc_key="JOfCWN9tFkOYi1sl" bshrc="/root/.bashrc" limitsconf="/etc/security/limits.conf" sysctlconf="/etc/sysctl.conf" ####################################################################### # Main # ####################################################################### mkdir -p ~/vmsetupbuild/ trap '' 2 # ignore ctrl+c ##set PS3 prompt## PS3="Number selection? " linebreak() { printf '%*s\n' "${COLUMNS:-$(tput cols)}" '' | tr ' ' - } do_install() { printf "Installing %s into %s.\n" "${1}" "${dir}" cd "${dir}" || exit if [ -f "${1}" ]; then rm -f "${1}.bak" cp -f "${1}" "${1}.bak" chmod 600 "${1}.bak" fi wget --no-check-certificate -q -O "${1}" "${2}" chmod 644 "${1}" chown diradmin:diradmin "${1}" } do_setting() { printf "Installing value %s into %s.\n" "${1}" "${2}" printf 'Adding values in to %s.\n Please wait.\n' "${2}" if ! grep -q '#added by DH.' "${2}"; then echo '#added by DH.' >>"${2}" fi if grep -q "${1}" "${2}"; then printf '%s exists.\n Skipping.\n' "${1}" else printf '%s does not exist\n' "$1" echo "$1" >>"${2}" fi } doreboot() { printf "Need to reboot? (y/n)? " read -r yn yn=${yn:-n} case $yn in [Yy]*) reboot ;; [Nn]*) ;; esac } cycleswap() { printf "Cycling Swapfile.\n" swapoff -a sleep 10 swapon -a } ####################################################################### # Add Admin User # ####################################################################### addadminuser() { printf "Installing Standard packages.\n" printf "Please Wait.\n" yum install ${pkgargs} wget curl nano grep -q vmconf /root/.bashrc # if not then create it if [ $? -ne 0 ]; then printf 'Bash shell profile not set up. adding...\n' cat <<"eol" >>/root/.bashrc export EDITOR='nano' export LS_OPTIONS='--color=auto' eval "`dircolors`" alias ls='ls $LS_OPTIONS' alias ll='ls $LS_OPTIONS -l' alias l='ls $LS_OPTIONS -lA' alias rm='rm -i' alias cp='cp -i' alias mv='mv -i' vmconf='/etc/webmin/miniserv.conf' alias lh='history |grep ' alias search='find / -name ' alias doserver='curl -o vm_setup_roc.sh -L https://files.delaintech.com/vm_setup_roc.sh && bash vm_setup_roc.sh' alias fbc='fail2ban-client status ' alias cycle='systemctl restart ' alias status='systemctl status ' eol printf "Print Profile File.\n" cat /root/.bashrc printf "Done.\n" else printf "Profile already setup. See Below.\n" cat /root/.bashrc fi } ####################################################################### # Turn on IPV6 # ####################################################################### setipv6() { printf "Do we need to turn on IPV6? REBOOT REQUIRED (y/n)? " read -r yn yn=${yn:-n} case $yn in [Yy]*) sed -i "/net.ipv6.conf.all.disable_ipv6.*/d" /etc/sysctl.conf sysctl -q -p echo 0 >/proc/sys/net/ipv6/conf/all/disable_ipv6 doreboot77 ;; [Nn]*) ;; esac } ####################################################################### # Set Timezone # ####################################################################### settimezone() { printf "What TimeZone are you in? [America/Chicago]: " read -r tmzone tmzone=${tmzone:-America/Chicago} if timedatectl | grep -q "America/Chicago"; then printf "%s found\n" "$tmzone" else timedatectl set-timezone "$tmzone" timedatectl set-local-rtc 0 printf "We set timezone as:\n" timedatectl printf "Done.\n" fi } ####################################################################### # Add Hosts file # ####################################################################### creathostfile() { # does the Host already exist? if ! grep -q ${hstdomainname} /etc/hosts; then printf 'Hostfile not found. adding...\n' cat <<"eol" >>/etc/hosts 209.126.81.64 apollo.delainhosting.com apollo 209.145.52.110 athena.delainhosting.com athena 144.91.108.77 thor.delainhosting.com thor 154.12.224.183 saturn.delainhosting.com saturn eol printf "Print Host File.\n" cat /etc/hosts printf "Done.\n" else printf "Hostfile exsits.\nSee Below.\n" cat /etc/hosts fi } ####################################################################### # Set Server Hostname # ####################################################################### creathostname() { setipv6 # does the Host already exist? unset new_hostname printf "Please enter a Hostname to add: " read -r new_hostname if ! grep -q "$new_hostname" /etc/hosts; then printf 'Hostname not found. adding...\n' printf "Changing hostname %s from to %s...\n" "$cur_hostname" "$new_hostname" hostnamectl set-hostname "$new_hostname" serverip="$(hostname -I | awk '{print $1}')" serverip6="$(hostname -I | awk '{print $2}')" servername="$(hostname -s)" echo "${serverip} ${new_hostname} ${servername}" >>/etc/hosts echo "${serverip6} ${new_hostname} ${servername}" >>/etc/hosts printf "Print Host File.\n" cat /etc/hosts printf "\nDone.\n" else printf "Hostname exsits.\nAll good.\n" fi } ####################################################################### # Remove Hostnames # ####################################################################### removehosts() { printf "Here is the Host file.\n" cat /etc/hosts printf "\nWhat is the server name or ip to remove? " read -r removehosts sed -i.bkp '/'"$removehosts"'/d ' /etc/hosts printf "Print Host.\n" cat /etc/hosts printf "\nDone.\n" while true; do printf "Continue removing? (y/n)?" read -r yn yn=${yn:-n} case $yn in [Yy]*) removehosts break ;; [Nn]*) break ;; esac done } ####################################################################### # Add External Hosts # ####################################################################### addhosts() { # does the Host already exist? unset serverip add_hostname servername printf "Enter Hostname to add:[ IP FDQN Hostname ]: " read -r serverip add_hostname servername if ! grep -q "$add_hostname" /etc/hosts; then printf 'Hostname not found. adding...\n' echo "${serverip} ${add_hostname} ${servername}" | tee -a /etc/hosts printf "Print Host File.\n" cat /etc/hosts printf "Done.\n" else printf "Hostname exsits.\nAll good.\n" fi while true; do printf "Continue adding? (y/n)?" read -r yn yn=${yn:-n} case $yn in [Yy]*) creathostentry break ;; [Nn]*) break ;; esac done } ####################################################################### # Add Swapfile # ####################################################################### creatswapfile() { printf 'Enter Swapfile size in GB: ' read -r swapsize swapsize=${swapsize:-2} printf "You choose %s GB for swap.\n" "$swapsize" # does the swap file already exist? cp /etc/fstab /etc/fstab.bak # if not then create it if ! grep -q "swap" /etc/fstab; then printf 'Swap file not found.\nCreating Swap file.\n' fallocate -l "${swapsize}"G /swapfile chmod 600 /swapfile mkswap /swapfile swapon /swapfile printf "/swapfile none swap defaults 0 0" | tee -a /etc/fstab printf "\nDone\nSwap should be active.\nIf not reboot.\n" else printf 'Swap file found.\nNo changes made.\n' fi } ####################################################################### # Update OS on Server # ####################################################################### serverupdate() { printf "%s Cleaning and Updating.\n" $os yum ${pkgargs} autoremove yum clean all yum ${pkgargs} update printf "Done.\n" swapoff -a sleep 10 swapon -a } ####################################################################### # Install Standard Packages # ####################################################################### installpreq() { printf "Installing EPEL and remi!\n" yum install ${pkgargs} epel-release #dnf -y install https://rpms.remirepo.net/enterprise/remi-release-9.rpm dnf clean all #DH Added Standard packages yum install ${pkgargs} git htop screen inotify-tools ipset iptables fail2ban-systemd iptables-services iptables-utils pigz pbzip2 tuned rsync zip unzip printf "Installing required Virtualmin Config!\n" } ####################################################################### # Install Virtualmin # ####################################################################### installvirtualmin() { if [ ! -f "$vm" ]; then printf "No problem, let's get Virtualmin installed first...\nThis could take a minute...\nor two... or thirty...\nPlease wait ...\n" cd $vmsetupbuild || return wget http://software.virtualmin.com/gpl/scripts/install.sh sh install.sh -v else printf "Script killed, Virtualmin installed.\n" exit fi } ####################################################################### # Harden Server # ####################################################################### hardenserver() { printf "Do we need to Secure sshd? (y/n)? " read -r yn yn=${yn:-n} case $yn in [Yy]*) cursshport="$(grep -m1 -E "Port .*" /etc/ssh/sshd_config)" printf "Enter SSH port to change to: " read -r sshport sshport=${sshport:-14} printf "Set to Port: %s\n" "$sshport" printf "Securing the server, please wait...\n" sed -i -e "s/$cursshport/Port ${sshport}/g" /etc/ssh/sshd_config sed -i -e 's/.*UseDNS .*/UseDNS no/g' /etc/ssh/sshd_config sed -i -e 's/.*AddressFamily any/AddressFamily inet/g' /etc/ssh/sshd_config sed -i -e 's/.*LoginGraceTime .*/LoginGraceTime 2m/g' /etc/ssh/sshd_config sed -i -e 's/.*MaxAuthTries .*/MaxAuthTries 3/g' /etc/ssh/sshd_config sed -i -e 's/.*MaxStartups .*/MaxStartups 10:30:100/g' /etc/ssh/sshd_config sed -i -e 's/.*PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config sed -i -e 's/.*PasswordAuthentication .*/PasswordAuthentication no/g' /etc/ssh/sshd_config sed -i -e 's/.*ClientAliveInterval .*/ClientAliveInterval 120/g' /etc/ssh/sshd_config sed -i -e 's/.*ClientAliveCountMax .*/ClientAliveCountMax 4/g' /etc/ssh/sshd_config sed -i -e 's/.*UseBlacklist no/UseBlacklist yes/g' /etc/ssh/sshd_config sed -i -e 's/.*AllowTcpForwarding .*/AllowTcpForwarding no/g' /etc/ssh/sshd_config sed -i -e 's/.*Compression .*/Compression no/g' /etc/ssh/sshd_config sed -i -e 's/.*AllowAgentForwarding yes/AllowAgentForwarding no/g' /etc/ssh/sshd_config sed -i -e 's/.*X11Forwarding yes/X11Forwarding no/g' /etc/ssh/sshd_config systemctl restart sshd ;; [Nn]*) ;; esac if [[ $(systemctl is-active rpcbind) = active ]]; then printf "rpcbind found.\nRemoving.\n" systemctl stop rpcbind systemctl disable rpcbind printf "Removal complete.\n" else printf "rpcbind not found.\nNo changes made.\n" fi if [[ $(systemctl is-active firewalld) = active ]]; then printf "Firewalld and or Firewalld-Fail2ban found.\nRemoving.\n" systemctl unmask --now firewalld systemctl disable firewalld yum ${pkgargs} remove firewalld firewalld-fail2ban systemctl mask --now firewalld printf "Adding correct iptables packages.\n" yum install ${pkgargs} ipset iptables fail2ban-systemd iptables-services iptables-utils printf "Removal complete.\n" printf "Reseting firewall.\n" virtualmin-config-system -i Firewall Fail2ban else printf "Firewalld not found.\nNo changes made.\n" fi printf "Do we need to install Fail2Ban? (y/n)? " read -r yn yn=${yn:-n} case $yn in [Yy]*) installf2b ;; [Nn]*) ;; esac printf "Do we need to install Maldetect? (y/n)? " read -r yn yn=${yn:-n} case $yn in [Yy]*) installmaldetect ;; [Nn]*) ;; esac printf "Setup Limits? (y/n)? " read -r yn yn=${yn:-n} case $yn in [Yy]*) perfmserver ;; [Nn]*) ;; esac } ####################################################################### # Install Fail2Ban # ####################################################################### installf2b() { if [[ $(systemctl is-active fail2ban) = active ]]; then printf "Fail2Ban already Installed.\nUpdating configuration.\n" sed -i -e "s|dbpurgeage = .*|dbpurgeage = 1296000|g" /etc/fail2ban/fail2ban.conf printf "Which webserver are we using? (Nginx-Apache) \n" echo "1 Apache" echo "2 Nginx" read -r websrv websrv=${websrv:-1} case $websrv in 1) wget -rnH --cut-dirs=3 https://files.delaintech.com/f2b/vm/ap/jail.local -P /etc/fail2ban/ ;; 2) wget -rnH --cut-dirs=3 https://files.delaintech.com/f2b/vm/ngx/jail.local -P /etc/fail2ban/ ;; *) echo "Please choose a different one." ;; esac wget -rnH --cut-dirs=3 https://files.delaintech.com/f2b/vm/fail2ban -P /etc/logrotate.d/ wget -rnH --cut-dirs=3 https://files.delaintech.com/f2b/vm/paths-overrides.local -P /etc/fail2ban/ wget -rnH --cut-dirs=3 https://files.delaintech.com/f2b/vm/abuseipdb.conf -P /etc/fail2ban/action.d/ wget -rnH --cut-dirs=3 https://files.delaintech.com/f2b/vm/csf-ip-deny.conf -P /etc/fail2ban/action.d/ wget -rnH --cut-dirs=3 https://files.delaintech.com/f2b/vm/wordpress.conf -P /etc/fail2ban/filter.d/ wget -rnH --cut-dirs=3 https://files.delaintech.com/f2b/vm/wordpress-xmlrpc.conf -P /etc/fail2ban/filter.d/ wget -rnH --cut-dirs=3 https://files.delaintech.com/f2b/vm/proftpd-anon.conf -P /etc/fail2ban/filter.d/ sed -i -e "s|comment=Fail2ban Reports Abuse.|comment=Fail2ban at $servername Reports Abuse.|g" /etc/fail2ban/action.d/abuseipdb.conf sed -i -e "s|mode = .*|mode = aggressive|g" /etc/fail2ban/filter.d/exim.conf systemctl restart fail2ban systemctl status fail2ban else printf "Fail2Ban Installing.\nAlso turning off BFM in DA.\n" yum install ${pkgargs} fail2ban-server iptables-services iptables-utils ipset GeoIP GeoIP-GeoLite-data python3-inotify perl-File-Copy systemctl enable fail2ban systemctl start fail2ban sed -i -e "s|dbpurgeage = .*|dbpurgeage = 1296000|g" /etc/fail2ban/fail2ban.conf printf "Which webserver are we using? (Nginx-Apache) \n" echo "1 Apache" echo "2 Nginx" read -r websrv websrv=${websrv:-1} case $websrv in 1) wget -rnH --cut-dirs=3 https://files.delaintech.com/f2b/vm/ap/jail.local -P /etc/fail2ban/ ;; 2) wget -rnH --cut-dirs=3 https://files.delaintech.com/f2b/vm/ngx/jail.local -P /etc/fail2ban/ ;; *) echo "Please choose a different one." ;; esac wget -rnH --cut-dirs=3 https://files.delaintech.com/f2b/vm/fail2ban -P /etc/logrotate.d/ wget -rnH --cut-dirs=3 https://files.delaintech.com/f2b/vm/paths-overrides.local -P /etc/fail2ban/ wget -rnH --cut-dirs=3 https://files.delaintech.com/f2b/vm/abuseipdb.conf -P /etc/fail2ban/action.d/ wget -rnH --cut-dirs=3 https://files.delaintech.com/f2b/vm/csf-ip-deny.conf -P /etc/fail2ban/action.d/ wget -rnH --cut-dirs=3 https://files.delaintech.com/f2b/vm/wordpress.conf -P /etc/fail2ban/filter.d/ wget -rnH --cut-dirs=3 https://files.delaintech.com/f2b/vm/wordpress-xmlrpc.conf -P /etc/fail2ban/filter.d/ wget -rnH --cut-dirs=3 https://files.delaintech.com/f2b/vm/proftpd-anon.conf -P /etc/fail2ban/filter.d/ sed -i -e "s|comment=Fail2ban Reports Abuse.|comment=Fail2ban at $servername Reports Abuse.|g" /etc/fail2ban/action.d/abuseipdb.conf sed -i -e "s|mode = .*|mode = aggressive|g" /etc/fail2ban/filter.d/exim.conf systemctl restart fail2ban systemctl status fail2ban fi bshrvals=("alias fbc='fail2ban-client status '") printf 'Adding values in to %s.\n Please wait.\n' "$bshrc" for bshrval in "${bshrvals[@]}"; do if grep -q "$bshrval" ${bshrc}; then printf '%s exists.\n Skipping.\n' "$bshrval" else printf '%s does not exist\n' "$bshrval" printf '#added by DH.\n' >>${bshrc} printf '%s\n' "$bshrval" >>${bshrc} fi done } installfirewall() { printf "Securing the server, please wait...\n" cd $vmsetupbuild || exit rm -fv csf.tgz wget -rnH http://files.delaintech.com/vm-csf-install.sh -P ${vmsetupbuild} >>${logfile} cd $vmsetupbuild || exit chmod 755 vm-csf-install.sh sh vm-csf-install.sh } installioncube() { # Check if PHP CLI is installed hash php 2>/dev/null || { echo >&2 "The script requires php-cli but it's not installed. Aborting." exit 1 } # Find the system architecture DPKG_ARCH=$(dpkg --print-architecture) if [[ "$DPKG_ARCH" = "amd64" ]]; then ARCH="x86-64" else printf "Not supported.\n" fi # Download and extract wget -q -O - "https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_${ARCH}.tar.gz" | tar -xzf - -C /usr/local # Find PHP version PHP_V=$(php -v) PHP_VERSION=${PHP_V:4:3} # Add the IonCube loader to the PHP configuration cat >"/etc/php/${PHP_VERSION}/mods-available/ioncube.ini" </etc/httpd/conf.d/mpm_event.conf < StartServers 6 MinSpareThreads 32 MaxSpareThreads 128 ThreadsPerChild 64 ServerLimit 32 MaxRequestWorkers 2048 MaxConnectionsPerChild 10000 eol printf "Adding mod deflate config in httpd.\n" cat >/etc/httpd/conf.d/deflate.conf < AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/xml DeflateCompressionLevel 7 DeflateMemLevel 8 DeflateWindowSize 10 eol printf "Adding HTST header config in httpd.\n" cat >/etc/httpd/conf.d/headers.conf </etc/httpd/conf.d/expires.conf < ExpiresActive On # Images ExpiresByType image/jpeg "access plus 1 year" ExpiresByType image/gif "access plus 1 year" ExpiresByType image/png "access plus 1 year" ExpiresByType image/webp "access plus 1 year" ExpiresByType image/svg+xml "access plus 1 year" ExpiresByType image/x-icon "access plus 1 year" # Video ExpiresByType video/webm "access plus 1 year" ExpiresByType video/mp4 "access plus 1 year" ExpiresByType video/mpeg "access plus 1 year" # Fonts ExpiresByType font/ttf "access plus 1 year" ExpiresByType font/otf "access plus 1 year" ExpiresByType font/woff "access plus 1 year" ExpiresByType font/woff2 "access plus 1 year" ExpiresByType application/font-woff "access plus 1 year" # CSS, JavaScript ExpiresByType text/css "access plus 1 year" ExpiresByType text/javascript "access plus 1 year" ExpiresByType application/javascript "access plus 1 year" # Others ExpiresByType application/pdf "access plus 1 year" ExpiresByType image/vnd.microsoft.icon "access plus 1 year" eol printf "Adding OCSP in httpd.\n" grep -q "SSLUseStapling on" /etc/httpd/conf.d/ssl.conf if [ $? -ne 0 ]; then sed -i.bkp '/#SSLCryptoDevice ubsec/a\ SSLUseStapling on\ SSLStaplingCache shmcb:/tmp/stapling_cache(128000)\ ' /etc/httpd/conf.d/ssl.conf else printf "OCSP present in httpd.\n" fi printf "Do we need to intall IONcube Loaders? (y/n)? " read -r yn yn=${yn:-n} case $yn in [Yy]*) installioncube ;; [Nn]*) ;; esac printf "Setting up httpd.\n" systemctl enable httpd systemctl restart httpd printf "Done.\n" } confmail() { dnf install ${pkgargs} postfix-perl-scripts opendkim printf "Set Root mail? (y/n)? " read -r yn yn=${yn:-n} case $yn in [Yy]*) printf "Where should root email go: " read -r rootemail rootemail=${rootemail:-tech@delainhosting.com} grep -E "$rootemail" /etc/aliases >/dev/null if [ $? -eq 0 ]; then printf "%s found already set in Aliases file.\n" "$rootemail" else echo root: ${rootemail} >>/etc/aliases newaliases printf "Email set to: " grep -E "$rootemail" /etc/aliases fi ;; [Nn]*) ;; esac # mkdir -p /usr/local/directadmin/custombuild/custom/roundcube/ # cp /var/www/html/roundcube/config/config.inc.php ${cbblddir}/custom/roundcube/config.inc.php # sed -i -e 's|"'localhost'"|tls://%n|g' custom/roundcube/config.inc.php # sed -i -e 's/Roundcube Webmail/Delain Hosting Webmail/g' ${cbblddir}/custom/roundcube/config.inc.php # # printf "Need identity switch in Roundcube? (yn)" # read -r yn # case $yn in # [Yy]*) # printf "********Is the Firewall on Saturn open?*********\n" # sleep 10 # cd ${cbblddir}/custom || exit # cat /usr/local/directadmin/scripts/setup.txt # mysqldump -uroot -p da_roundcube >da_roundcube.bk.sql # wget -rnH http://files.delaintech.com/mysql.initial.sql -P /tmp # mysql -uroot -p da_roundcube /etc/dovecot/conf.d/10-mail.conf <<"eol" mail_location = maildir:~/Maildir mail_privileged_group = mail protocol !indexer-worker { #mail_vsize_bg_after_count = 0 } #Standard NameSpace for Maildir namespace inbox { type = private separator = . subscriptions = yes inbox = yes } eol cat >/etc/dovecot/conf.d/15-mailboxes.conf <<"eol" #Standard Folders for Maildir. Namespace in 10-mail.conf namespace inbox { mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Archive { auto = subscribe special_use = \Archive } mailbox Trash { auto = subscribe special_use = \Trash } # For \Sent mailboxes there are two widely used names. We'll mark both of # them as \Sent and use Sent. User typically deletes one of them if duplicates are created. mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } } eol printf "Cycling PostFix and Dovecot.\n" systemctl restart postfix systemctl restart dovecot } confnamed() { #sed -i -e "s|.*listen-on-v6[[:blank:]]*.{ any; };||g" /etc/bind/named.conf.options #sed -i -e "s|.*recursion yes;||g" /etc/named.conf if grep -q "recursion yes;" /etc/named.conf; then cp /etc/named.conf /etc/named.conf.bak sed -i.bkp '/dnssec-validation yes;/a\ recursion no;\ notify yes;\ allow-transfer { 209.145.52.110; 144.91.108.77; };\ also-notify { 209.145.52.110; 144.91.108.77; };\ version "Not Found";\ ' /etc/named.conf fi sed -i -e "s|.*recursion yes;||g" /etc/named.conf printf "Setup Resolver configuration.\n" cat >/etc/resolv.conf <&1 os=$(cat /etc/redhat-release | awk {'print $1}') vn=$(cat /etc/redhat-release | tr -dc '0-9.' | cut -d \. -f1) if [ "$os" = "CentOS" ] || [ "$os" = "Rocky" ] && [ "$vn" = "7" ] || [ "$vn" = "8" ] || [ "$vn" = "9" ]; then printf "System runs on $os version $vn. great! continuing on....\n" else printf "System runs on unsupported os. Exiting...\n" exit fi #Menus Starts here linebreak cat <&2 ;; esac done done if [ -d "$vmsetupbuild" ]; then rm -rf "$vmsetupbuild" fi mkdir "$vmsetupbuild" if [ "$run" ]; then ${run} exit fi printf "Cleaning up build files, please wait...\n" cd ~ rm -rf "$vmsetupbuild"