Ark74 · April 29, 2016 23:08
diff --git a/apache-ispconfig3-trisquel.sh b/apache-ispconfig3-trisquel.sh
 #!/bin/bash
 ## Install ISPConfig3 on Trisquel 7.0 64Bits on a Digital Ocean Droplet
 ## Author: Luis Alberto Guzmán García ark.switnet.org
 ## Modified from: Nilton OS blog.linuxpro.com.br
 ## https://www.howtoforge.com/perfect-server-ubuntu-14.04-apache2-php-mysql-pureftpd-bind-dovecot-ispconfig-3
 ##

 ## Agregar swap de 1G y ajusta archivo ssysctl
 fallocate -l 1G /swapfile ; chmod 600 /swapfile ; \
 mkswap /swapfile ; swapon /swapfile ; \
 echo '/swapfile   none    swap    sw    0   0' | tee -a /etc/fstab ; \
 sysctl vm.swappiness=10 ; sysctl vm.vfs_cache_pressure=50 ; \
 echo 'vm.swappiness=10
 vm.vfs_cache_pressure = 50' | tee -a /etc/sysctl.conf

 ## Modificando repositorios a trisquel
 apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8D8AEBF1 ; \
 wget http://switnet.net/apt/switnet-repo.asc -O- | sudo apt-key add - ; \
 echo "apt_preserve_sources_list: true" | tee -a /etc/cloud/cloud.cfg ; \
 echo '## Note, this file is written by cloud-init on first boot of an instance
 ## modifications made here will not survive a re-bundle.
 ## if you wish to make changes you can:
 ## a.) add "apt_preserve_sources_list: true" to /etc/cloud/cloud.cfg
 ##     or do the same in user-data
 ## b.) add sources in /etc/apt/sources.list.d
 ## c.) make changes to template file /etc/cloud/templates/sources.list.tmpl
 #
 # See http://trisquel.info/wiki/ for how to upgrade to
 # newer versions of the distribution.
 deb http://us.archive.trisquel.info/trisquel/ belenos main
 deb-src http://us.archive.trisquel.info/trisquel/ belenos main

 deb http://us.archive.trisquel.info/trisquel/ belenos-updates main
 deb-src http://us.archive.trisquel.info/trisquel/ belenos-updates main

 deb http://us.archive.trisquel.info/trisquel/ belenos-security main
 deb-src http://us.archive.trisquel.info/trisquel/ belenos-security main

 # Uncomment this lines to enable the backports optional repository
 # deb http://us.archive.trisquel.info/trisquel/ belenos-backports main
 # deb-src http://us.archive.trisquel.info/trisquel/ belenos-backports main

 deb http://switnet.net/apt belenos-unstable main
 ' | tee /etc/apt/sources.list ; \
 apt-get update ; apt-get -y dist-upgrade

 ## Paquetes extras
 apt-get install -y curl git htop bmon molly-guard kexec-tools

 apt-get -y install trisquel-release-upgrader-core python3-distupgrade=1:0.220.8+7.0trisquel12
 aptitude dist-upgrade

 dpkg-reconfigure dash

 service apparmor stop
 update-rc.d -f apparmor remove
 apt-get remove -y apparmor apparmor-utils

 service sendmail stop; update-rc.d -f sendmail remove

 apt-get update
 apt-get install -y ssh openssh-server 

 apt-get install -y postfix postfix-mysql postfix-doc 
 apt-get install -y mysql-client mysql-server openssl getmail4 rkhunter binutils 
 apt-get install -y dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo ntp ntpdate


 sed -i 's|bind-address|#bind-address|' /etc/mysql/my.cnf

 ## Ajustando el archivo /etc/postfix/master.cf de Postfix
 sed -i 's|#submission|submission|' /etc/postfix/master.cf
 sed -i 's|#  -o syslog_name=postfix/submission|  -o syslog_name=postfix/submission|' /etc/postfix/master.cf
 sed -i 's|#  -o smtpd_tls_security_level=encrypt|  -o smtpd_tls_security_level=encrypt|' /etc/postfix/master.cf
 sed -i 's|#  -o smtpd_sasl_auth_enable=yes|  -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf
 sed -i 's|#  -o smtpd_reject_unlisted_recipient=no|  -o smtpd_client_restrictions=permit_sasl_authenticated,reject|' /etc/postfix/master.cf

 sed -i 's|#smtps|smtps|' /etc/postfix/master.cf
 sed -i 's|#  -o syslog_name=postfix/smtps|  -o syslog_name=postfix/smtps|' /etc/postfix/master.cf
 sed -i 's|#  -o smtpd_tls_wrappermode=yes|  -o smtpd_tls_wrappermode=yes|' /etc/postfix/master.cf
 sed -i 's|#  -o smtpd_sasl_auth_enable=yes|  -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf
 sed -i 's|#  -o smtpd_reject_unlisted_recipient=no|  -o smtpd_client_restrictions=permit_sasl_authenticated,reject|' /etc/postfix/master.cf

 service postfix restart
 service mysql restart


 apt-get install -y amavisd-new spamassassin clamav clamav-daemon zoo libnet-ldap-perl
 apt-get install -y unzip bzip2 arj nomarch lzop cabextract apt-listchanges
 apt-get install -y libauthen-sasl-perl daemon libio-string-perl 
 apt-get install -y libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl

 apt-get install -y apache2 apache2-doc apache2-utils libapache2-mod-php5 libapache2-mod-fcgid apache2-suexec \
 libapache2-mod-suphp libapache2-mod-python

 service spamassassin stop
 update-rc.d -f spamassassin remove

 ## Xcache agregado
 apt-get -y install php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin \
 php5-cli php5-cgi  php-pear php-auth php5-mcrypt mcrypt php5-imagick \
 imagemagick libruby php5-curl php5-intl php5-memcache php5-memcached php5-\
 ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy \
 php5-xmlrpc php5-xsl memcached snmp php5-xcache php-auth php-pear

 php5enmod mcrypt

 a2enmod suexec rewrite ssl actions include cgi
 a2enmod dav_fs dav auth_digest headers

 sed -i 's/<FilesMatch/#<FilesMatch/' /etc/apache2/mods-available/suphp.conf
 sed -i 's/    SetHandler/#    SetHandler/' /etc/apache2/mods-available/suphp.conf
 sed -i 's/<\/FilesMatch/#<\/FilesMatch/' /etc/apache2/mods-available/suphp.conf

 sed -i 's/application\/x-ruby/#application\/x-ruby/' /etc/mime.types

 service apache2 restart

 ## PHP-FPM
 apt-get -y install libapache2-mod-fastcgi php5-fpm
 a2enmod actions fastcgi alias
 service apache2 restart

 ## Mailman
 apt-get -y install mailman

 newlist mailman

 echo '## mailman mailing list
 mailman:              "|/var/lib/mailman/mail/mailman post mailman"
 mailman-admin:        "|/var/lib/mailman/mail/mailman admin mailman"
 mailman-bounces:      "|/var/lib/mailman/mail/mailman bounces mailman"
 mailman-confirm:      "|/var/lib/mailman/mail/mailman confirm mailman"
 mailman-join:         "|/var/lib/mailman/mail/mailman join mailman"
 mailman-leave:        "|/var/lib/mailman/mail/mailman leave mailman"
 mailman-owner:        "|/var/lib/mailman/mail/mailman owner mailman"
 mailman-request:      "|/var/lib/mailman/mail/mailman request mailman"
 mailman-subscribe:    "|/var/lib/mailman/mail/mailman subscribe mailman"
 mailman-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe mailman"' | tee -a /etc/aliases

 newaliases

 service postfix restart

 ln -s /etc/mailman/apache.conf /etc/apache2/conf-available/mailman.conf

 service apache2 restart
 service mailman start

 ## PureFTPd & Quota
 apt-get -y install pure-ftpd-common pure-ftpd-mysql quota quotatool

 sed -i 's|VIRTUALCHROOT=false|VIRTUALCHROOT=true|' /etc/default/pure-ftpd-common


 echo 1 > /etc/pure-ftpd/conf/TLS
 mkdir -p /etc/ssl/private/
 openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
 chmod 600 /etc/ssl/private/pure-ftpd.pem
 service pure-ftpd-mysql restart

 ## FSTAB
 sed -i 's/errors\=remount-ro/errors\=remount-ro,usrjquota\=quota.user,grpjquota\=quota.group,jqfmt\=vfsv0/' /etc/fstab
 mount -o remount /
 quotacheck -avugm 
 quotaon -avug

 ## BIND & STATS

 apt-get install -y bind9 dnsutils vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl

 rm -f /etc/cron.d/awstats

 ## Instación de Jailkit
 apt-get install -y build-essential autoconf automake1.9 libtool flex bison debhelper binutils-gold

 cd /tmp
 wget http://olivier.sessink.nl/jailkit/jailkit-2.17.tar.gz
 tar xvfz jailkit-2.17.tar.gz
 cd jailkit-2.17
 ./debian/rules binary

 cd ..
 dpkg -i jailkit_2.17-1_*.deb
 rm -rf jailkit-2.17*

 apt-get install -y fail2ban

 echo '[pureftpd]
 enabled  = true
 port     = ftp
 filter   = pureftpd
 logpath  = /var/log/syslog
 maxretry = 3

 [dovecot-pop3imap]
 enabled = true
 filter = dovecot-pop3imap
 action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
 logpath = /var/log/mail.log
 maxretry = 5

 [postfix-sasl]
 enabled  = true
 port     = smtp
 filter   = postfix-sasl
 logpath  = /var/log/mail.log
 maxretry = 3' | tee /etc/fail2ban/jail.local

 echo '[Definition]
 failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
 ignoreregex =' | tee /etc/fail2ban/filter.d/pureftpd.conf

 echo '[Definition]
 failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*
 ignoreregex =' | tee /etc/fail2ban/filter.d/dovecot-pop3imap.conf

 echo "ignoreregex =" >> /etc/fail2ban/filter.d/postfix-sasl.conf

 service fail2ban restart

 ## SquirrelMail http://server.ltd/squirrelmail
 apt-get install -y squirrelmail

 squirrelmail-configure

 cd /etc/apache2/conf-available/
 ln -s ../../squirrelmail/apache.conf squirrelmail.conf
 service apache2 reload

 sed -i '6 i\
    AddType application/x-httpd-php .php' /etc/apache2/conf-available/squirrelmail.conf ; \
 sed -i '7 i\
    php_flag magic_quotes_gpc Off' /etc/apache2/conf-available/squirrelmail.conf ; \
 sed -i '8 i\
    php_flag track_vars On' /etc/apache2/conf-available/squirrelmail.conf ; \
 sed -i '9 i\
    php_admin_flag allow_url_fopen Off' /etc/apache2/conf-available/squirrelmail.conf ; \
 sed -i '10 i\
    php_value include_path .' /etc/apache2/conf-available/squirrelmail.conf ; \
 sed -i '11 i\
    php_admin_value upload_tmp_dir /var/lib/squirrelmail/tmp' /etc/apache2/conf-available/squirrelmail.conf ; \
 sed -i '12 i\
    php_admin_value open_basedir /usr/share/squirrelmail:/etc/squirrelmail:/var/lib/squirrelmail:/etc/hostname:/etc/mailname' /etc/apache2/conf-available/squirrelmail.conf


 mkdir /var/lib/squirrelmail/tmp
 chown www-data /var/lib/squirrelmail/tmp
 a2enconf squirrelmail

 service apache2 reload

 cd /tmp
 wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
 tar xfz ISPConfig-3-stable.tar.gz
 cd ispconfig3_install/install/
 php -q install.php

 echo "Roundcube necesita de un usuario remoto, vea: http://ur1.ca/o9l3n "
 sleep 2
 read -p "Presione [Enter] una vez configurado el usuario roundcube en la interfaz de ISPConfig 3 y continue la instalación..."

 ## Roundcube http://server.ltd/webmail - http://server.ltd/roundcube

 apt-get install -y roundcube roundcube-plugins roundcube-plugins-extra

 sed -i 's/#    Alias \/roundcube \/var\/lib\/roundcube/    Alias \/roundcube \/var\/lib\/roundcube/g' /etc/apache2/conf-available/roundcube.conf
 sed -i '5 i\
    Alias /webmail /var/lib/roundcube' /etc/apache2/conf-available/roundcube.conf
 sed -i '22i\
    DirectoryIndex index.php\
 \
    <IfModule mod_php5.c>\
    AddType application/x-httpd-php .php\
 \
    php_flag magic_quotes_gpc Off\
    php_flag track_vars On\
    php_flag register_globals Off\
    php_value include_path .:/usr/share/php\
  </IfModule>\
  ' /etc/apache2/conf-available/roundcube.conf

 service apache2 restart

 sed -i "s/\$rcmail_config\['default_host'\] =.*/\$rcmail_config['default_host'] = 'localhost';/" /etc/roundcube/main.inc.php
 sed -i 's/en_US/es_ES/g' /etc/roundcube/main.inc.php

 cd /tmp
 git clone https://github.com/w2c/ispconfig3_roundcube.git
 cd /tmp/ispconfig3_roundcube/
 mv ispconfig3_* /var/lib/roundcube/plugins
 cd /var/lib/roundcube/plugins
 mv ispconfig3_account/config/config.inc.php.dist ispconfig3_account/config/config.inc.php

 sed -i "s/\$rcmail_config\['remote_soap_pass'\] =.*/\$rcmail_config['remote_soap_pass'] = 'remote_soap_pass';/" /var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php
 echo 'Por favor use la misma contraseña que uso al dar de alta el usuario remoto "roundcube": '
 read password
 sed -i "s/remote_soap_pass/$password/g"/var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php
 echo 'Si necesita confirmarla revise el archivo  /var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php de ser necesario'
 sleep 3
 sed -i "s/\$rcmail_config\['soap_url'\] =.*/\$rcmail_config['soap_url'] = 'https:\/\/192.168.0.100:8080\/remote\/';/" /var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php
 sed -i "s/192.168.0.100/$(curl ipecho.net/plain)/" /var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php


 echo "No olvides confirmar que la dirección https://$(curl ipecho.net/plain):8080/remote/ es la que corresponde a tu servidor..."
 sleep 2 ; echo "..." ; sleep 2 ; echo "..." ; sleep 2
 echo "el archivo a revisar es: /var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php "
 sleep 2 ; echo "..." ; sleep 2 ; echo "..." ; sleep 2
 echo "continuamos..."

 sed -i "s/\$rcmail_config\['plugins'\] =.*/\$rcmail_config['plugins'] = array('jqueryui', 'ispconfig3_account', 'ispconfig3_autoreply', 'ispconfig3_pass', 'ispconfig3_spam', 'ispconfig3_fetchmail', 'ispconfig3_filter');/"  /etc/roundcube/main.inc.php

 ## Modificaciones para activar el núcleo de Trisquel por medio de kexec en Droplet (Digital Ocean)
 ## mas info en: http://0wned.it/2014/08/27/custom-kernel-on-a-digitalocean-droplet-the-right-way/

 wget https://gist.githubusercontent.com/Ark74/8f1880727d04bf301271/raw/ea9e7c66be23d6769edb576eab87973cc41bfe8d/etc_init.d_droplet-kernel -O /etc/init.d/droplet-kernel
 chmod 755 /etc/init.d/droplet-kernel
 wget https://gist.githubusercontent.com/Ark74/8f1880727d04bf301271/raw/ea9e7c66be23d6769edb576eab87973cc41bfe8d/etc_default_droplet-kernel -O /etc/default/droplet-kernel
 update-rc.d droplet-kernel defaults

 service droplet-kernel status
 sleep 3

 echo "Ahora vamos reiniciar el Servidor con nuestro núcloe de Trisquel..."
 sleep 5
 init 6
diff --git a/etc_default_droplet-kernel b/etc_default_droplet-kernel
 # Defaults for droplet-kernel initscript
 # sourced by /etc/init.d/droplet-kernel
 
 # Load a custom kernel for the droplet (true/false)
 ENABLED=true
 
 # Kernel and initrd image.
 # If no initrd image is needed, leave blank.
 KERNEL_IMAGE="/vmlinuz"
 INITRD="/initrd.img"
 
 # If empty, use current /proc/cmdline
 APPEND=""
diff --git a/etc_init.d_droplet-kernel b/etc_init.d_droplet-kernel
 ### BEGIN INIT INFO
 # Provides:          droplet-kernel
 # Required-Start:
 # Required-Stop:
 # Should-Start:      glibc
 # Default-Start:     S
 # Default-Stop:      6
 # X-Interactive:     true
 # Short-Description: Run kexec on DigitalOcean droplet
 # Description:       Runs kexec on a DigitalOcean droplet to boot a custom kernel
 # URL: http://0wned.it/2014/08/27/custom-kernel-on-a-digitalocean-droplet-the-right-way/
 ### END INIT INFO

 PATH=/sbin:/bin:/usr/sbin:/usr/bin

 . /lib/lsb/init-functions

 test -r /etc/default/droplet-kernel && . /etc/default/droplet-kernel

 do_stop() {
        # Don't do anything if kexec-tools are not installed
        # or droplet-kernel is not enabled in defaults file.
        test -x /sbin/kexec || exit 0
        test "$ENABLED" = "true" || exit 0

        # Check 'kexeced' kernel cmdline is present otherwise droplet
        # wasn't booted with a custom kernel via kexec.
        if grep -q ' kexeced$' /proc/cmdline; then

                # Remove 'kexeced' cmdline arguement so that when the droplet
                # is rebooted it will load and boot the custom kernel again.
                cat /proc/cmdline | sed 's/ kexeced$//' > /root/cmdline
                mount --bind -n -o ro /root/cmdline /proc/cmdline >/dev/null
                kexec -u

                log_action_msg "Removed 'kexeced' kernel cmdline from droplet"
        else
                log_action_msg "Droplet was not booted with the Trisquel kernel"
        fi
 }

 do_start() {
        # Don't do anything if kexec-tools are not installed
        # or droplet-kernel is not enabled in defaults file.
        test -x /sbin/kexec || exit 0
        test "$ENABLED" = "true" || exit 0

        do_status

        # Check 'kexeced' kernel cmdline is not present.
        # If it is, the droplet has already booted with kexec. This helps
        # prevent loops.
        if grep -qv ' kexeced$' /proc/cmdline; then

                # Give the option to abort booting the droplet using kexec.
                export KEXEC_ABORT=false
                trap "export KEXEC_ABORT=true" 2
                log_begin_msg "Press Ctrl+C to abort booting droplet with the Trisquel kernel"
                sleep 10
                trap - 2
                log_end_msg 0

                REAL_APPEND="$APPEND"
                test -z "$REAL_APPEND" && REAL_APPEND="`cat /proc/cmdline`"

                if [ "$KEXEC_ABORT" = "false" ]; then
                        log_action_begin_msg "Loading new kernel in to droplet memory"
                        if [ -z "$INITRD" ]; then
                                kexec --load "$KERNEL_IMAGE" --append="$REAL_APPEND kexeced"
                        else
                                kexec --load "$KERNEL_IMAGE" --initrd="$INITRD" --append="$REAL_APPEND kexeced"
                        fi
                        log_action_end_msg $?

                        log_action_begin_msg "Attempting to run droplet with the Trisquel kernel"
                        kexec -e
                        log_action_end_msg $?
                fi
        fi
 }

 do_status() {
        if [ "$ENABLED" != "true" ]; then
                log_action_msg "The Trisquel droplet kernel is NOT enabled"
                exit 0
        fi

        log_action_msg "The Trisquel droplet kernel is enabled"

        if grep -q 'kexeced$' /proc/cmdline; then
                log_action_msg "Droplet was booted with the Trisquel kernel"
        else
                log_action_msg "Droplet was NOT booted with the Trisquel kernel"
        fi
 }

 case "$1" in
  start)
        do_start
        ;;
  restart|reload|force-reload)
        echo "Error: argument '$1' not supported" >&2
        exit 3
        ;;
  stop)
        do_stop
        ;;
  status)
        do_status
        ;;
  *)
        echo "Usage: $0 {start|stop|status}" >&2
        exit 3
        ;;
 esac
 exit 0
	#!/bin/bash
	## Install ISPConfig3 on Trisquel 7.0 64Bits on a Digital Ocean Droplet
	## Author: Luis Alberto Guzmán García ark.switnet.org
	## Modified from: Nilton OS blog.linuxpro.com.br
	## https://www.howtoforge.com/perfect-server-ubuntu-14.04-apache2-php-mysql-pureftpd-bind-dovecot-ispconfig-3
	##

	## Agregar swap de 1G y ajusta archivo ssysctl
	fallocate -l 1G /swapfile ; chmod 600 /swapfile ; \
	mkswap /swapfile ; swapon /swapfile ; \
	echo '/swapfile none swap sw 0 0' \| tee -a /etc/fstab ; \
	sysctl vm.swappiness=10 ; sysctl vm.vfs_cache_pressure=50 ; \
	echo 'vm.swappiness=10
	vm.vfs_cache_pressure = 50' \| tee -a /etc/sysctl.conf

	## Modificando repositorios a trisquel
	apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8D8AEBF1 ; \
	wget http://switnet.net/apt/switnet-repo.asc -O- \| sudo apt-key add - ; \
	echo "apt_preserve_sources_list: true" \| tee -a /etc/cloud/cloud.cfg ; \
	echo '## Note, this file is written by cloud-init on first boot of an instance
	## modifications made here will not survive a re-bundle.
	## if you wish to make changes you can:
	## a.) add "apt_preserve_sources_list: true" to /etc/cloud/cloud.cfg
	## or do the same in user-data
	## b.) add sources in /etc/apt/sources.list.d
	## c.) make changes to template file /etc/cloud/templates/sources.list.tmpl
	#
	# See http://trisquel.info/wiki/ for how to upgrade to
	# newer versions of the distribution.
	deb http://us.archive.trisquel.info/trisquel/ belenos main
	deb-src http://us.archive.trisquel.info/trisquel/ belenos main

	deb http://us.archive.trisquel.info/trisquel/ belenos-updates main
	deb-src http://us.archive.trisquel.info/trisquel/ belenos-updates main

	deb http://us.archive.trisquel.info/trisquel/ belenos-security main
	deb-src http://us.archive.trisquel.info/trisquel/ belenos-security main

	# Uncomment this lines to enable the backports optional repository
	# deb http://us.archive.trisquel.info/trisquel/ belenos-backports main
	# deb-src http://us.archive.trisquel.info/trisquel/ belenos-backports main

	deb http://switnet.net/apt belenos-unstable main
	' \| tee /etc/apt/sources.list ; \
	apt-get update ; apt-get -y dist-upgrade

	## Paquetes extras
	apt-get install -y curl git htop bmon molly-guard kexec-tools

	apt-get -y install trisquel-release-upgrader-core python3-distupgrade=1:0.220.8+7.0trisquel12
	aptitude dist-upgrade

	dpkg-reconfigure dash

	service apparmor stop
	update-rc.d -f apparmor remove
	apt-get remove -y apparmor apparmor-utils

	service sendmail stop; update-rc.d -f sendmail remove

	apt-get update
	apt-get install -y ssh openssh-server

	apt-get install -y postfix postfix-mysql postfix-doc
	apt-get install -y mysql-client mysql-server openssl getmail4 rkhunter binutils
	apt-get install -y dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo ntp ntpdate


	sed -i 's\|bind-address\|#bind-address\|' /etc/mysql/my.cnf

	## Ajustando el archivo /etc/postfix/master.cf de Postfix
	sed -i 's\|#submission\|submission\|' /etc/postfix/master.cf
	sed -i 's\|# -o syslog_name=postfix/submission\| -o syslog_name=postfix/submission\|' /etc/postfix/master.cf
	sed -i 's\|# -o smtpd_tls_security_level=encrypt\| -o smtpd_tls_security_level=encrypt\|' /etc/postfix/master.cf
	sed -i 's\|# -o smtpd_sasl_auth_enable=yes\| -o smtpd_sasl_auth_enable=yes\|' /etc/postfix/master.cf
	sed -i 's\|# -o smtpd_reject_unlisted_recipient=no\| -o smtpd_client_restrictions=permit_sasl_authenticated,reject\|' /etc/postfix/master.cf

	sed -i 's\|#smtps\|smtps\|' /etc/postfix/master.cf
	sed -i 's\|# -o syslog_name=postfix/smtps\| -o syslog_name=postfix/smtps\|' /etc/postfix/master.cf
	sed -i 's\|# -o smtpd_tls_wrappermode=yes\| -o smtpd_tls_wrappermode=yes\|' /etc/postfix/master.cf
	sed -i 's\|# -o smtpd_sasl_auth_enable=yes\| -o smtpd_sasl_auth_enable=yes\|' /etc/postfix/master.cf
	sed -i 's\|# -o smtpd_reject_unlisted_recipient=no\| -o smtpd_client_restrictions=permit_sasl_authenticated,reject\|' /etc/postfix/master.cf

	service postfix restart
	service mysql restart


	apt-get install -y amavisd-new spamassassin clamav clamav-daemon zoo libnet-ldap-perl
	apt-get install -y unzip bzip2 arj nomarch lzop cabextract apt-listchanges
	apt-get install -y libauthen-sasl-perl daemon libio-string-perl
	apt-get install -y libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl

	apt-get install -y apache2 apache2-doc apache2-utils libapache2-mod-php5 libapache2-mod-fcgid apache2-suexec \
	libapache2-mod-suphp libapache2-mod-python

	service spamassassin stop
	update-rc.d -f spamassassin remove

	## Xcache agregado
	apt-get -y install php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin \
	php5-cli php5-cgi php-pear php-auth php5-mcrypt mcrypt php5-imagick \
	imagemagick libruby php5-curl php5-intl php5-memcache php5-memcached php5-\
	ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy \
	php5-xmlrpc php5-xsl memcached snmp php5-xcache php-auth php-pear

	php5enmod mcrypt

	a2enmod suexec rewrite ssl actions include cgi
	a2enmod dav_fs dav auth_digest headers

	sed -i 's/<FilesMatch/#<FilesMatch/' /etc/apache2/mods-available/suphp.conf
	sed -i 's/ SetHandler/# SetHandler/' /etc/apache2/mods-available/suphp.conf
	sed -i 's/<\/FilesMatch/#<\/FilesMatch/' /etc/apache2/mods-available/suphp.conf

	sed -i 's/application\/x-ruby/#application\/x-ruby/' /etc/mime.types

	service apache2 restart

	## PHP-FPM
	apt-get -y install libapache2-mod-fastcgi php5-fpm
	a2enmod actions fastcgi alias
	service apache2 restart

	## Mailman
	apt-get -y install mailman

	newlist mailman

	echo '## mailman mailing list
	mailman: "\|/var/lib/mailman/mail/mailman post mailman"
	mailman-admin: "\|/var/lib/mailman/mail/mailman admin mailman"
	mailman-bounces: "\|/var/lib/mailman/mail/mailman bounces mailman"
	mailman-confirm: "\|/var/lib/mailman/mail/mailman confirm mailman"
	mailman-join: "\|/var/lib/mailman/mail/mailman join mailman"
	mailman-leave: "\|/var/lib/mailman/mail/mailman leave mailman"
	mailman-owner: "\|/var/lib/mailman/mail/mailman owner mailman"
	mailman-request: "\|/var/lib/mailman/mail/mailman request mailman"
	mailman-subscribe: "\|/var/lib/mailman/mail/mailman subscribe mailman"
	mailman-unsubscribe: "\|/var/lib/mailman/mail/mailman unsubscribe mailman"' \| tee -a /etc/aliases

	newaliases

	service postfix restart

	ln -s /etc/mailman/apache.conf /etc/apache2/conf-available/mailman.conf

	service apache2 restart
	service mailman start

	## PureFTPd & Quota
	apt-get -y install pure-ftpd-common pure-ftpd-mysql quota quotatool

	sed -i 's\|VIRTUALCHROOT=false\|VIRTUALCHROOT=true\|' /etc/default/pure-ftpd-common


	echo 1 > /etc/pure-ftpd/conf/TLS
	mkdir -p /etc/ssl/private/
	openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
	chmod 600 /etc/ssl/private/pure-ftpd.pem
	service pure-ftpd-mysql restart

	## FSTAB
	sed -i 's/errors\=remount-ro/errors\=remount-ro,usrjquota\=quota.user,grpjquota\=quota.group,jqfmt\=vfsv0/' /etc/fstab
	mount -o remount /
	quotacheck -avugm
	quotaon -avug

	## BIND & STATS

	apt-get install -y bind9 dnsutils vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl

	rm -f /etc/cron.d/awstats

	## Instación de Jailkit
	apt-get install -y build-essential autoconf automake1.9 libtool flex bison debhelper binutils-gold

	cd /tmp
	wget http://olivier.sessink.nl/jailkit/jailkit-2.17.tar.gz
	tar xvfz jailkit-2.17.tar.gz
	cd jailkit-2.17
	./debian/rules binary

	cd ..
	dpkg -i jailkit_2.17-1_*.deb
	rm -rf jailkit-2.17*

	apt-get install -y fail2ban

	echo '[pureftpd]
	enabled = true
	port = ftp
	filter = pureftpd
	logpath = /var/log/syslog
	maxretry = 3

	[dovecot-pop3imap]
	enabled = true
	filter = dovecot-pop3imap
	action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
	logpath = /var/log/mail.log
	maxretry = 5

	[postfix-sasl]
	enabled = true
	port = smtp
	filter = postfix-sasl
	logpath = /var/log/mail.log
	maxretry = 3' \| tee /etc/fail2ban/jail.local

	echo '[Definition]
	failregex = .pure-ftpd: \(.@<HOST>\) \[WARNING\] Authentication failed for user.*
	ignoreregex =' \| tee /etc/fail2ban/filter.d/pureftpd.conf

	echo '[Definition]
	failregex = (?: pop3-login\|imap-login): .(?:Authentication failure\|Aborted login \(auth failed\|Aborted login \(tried to use disabled\|Disconnected \(auth failed\|Aborted login \(\d+ authentication attempts).rip=(?P<host>\S),.
	ignoreregex =' \| tee /etc/fail2ban/filter.d/dovecot-pop3imap.conf

	echo "ignoreregex =" >> /etc/fail2ban/filter.d/postfix-sasl.conf

	service fail2ban restart

	## SquirrelMail http://server.ltd/squirrelmail
	apt-get install -y squirrelmail

	squirrelmail-configure

	cd /etc/apache2/conf-available/
	ln -s ../../squirrelmail/apache.conf squirrelmail.conf
	service apache2 reload

	sed -i '6 i\
	AddType application/x-httpd-php .php' /etc/apache2/conf-available/squirrelmail.conf ; \
	sed -i '7 i\
	php_flag magic_quotes_gpc Off' /etc/apache2/conf-available/squirrelmail.conf ; \
	sed -i '8 i\
	php_flag track_vars On' /etc/apache2/conf-available/squirrelmail.conf ; \
	sed -i '9 i\
	php_admin_flag allow_url_fopen Off' /etc/apache2/conf-available/squirrelmail.conf ; \
	sed -i '10 i\
	php_value include_path .' /etc/apache2/conf-available/squirrelmail.conf ; \
	sed -i '11 i\
	php_admin_value upload_tmp_dir /var/lib/squirrelmail/tmp' /etc/apache2/conf-available/squirrelmail.conf ; \
	sed -i '12 i\
	php_admin_value open_basedir /usr/share/squirrelmail:/etc/squirrelmail:/var/lib/squirrelmail:/etc/hostname:/etc/mailname' /etc/apache2/conf-available/squirrelmail.conf


	mkdir /var/lib/squirrelmail/tmp
	chown www-data /var/lib/squirrelmail/tmp
	a2enconf squirrelmail

	service apache2 reload

	cd /tmp
	wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
	tar xfz ISPConfig-3-stable.tar.gz
	cd ispconfig3_install/install/
	php -q install.php

	echo "Roundcube necesita de un usuario remoto, vea: http://ur1.ca/o9l3n "
	sleep 2
	read -p "Presione [Enter] una vez configurado el usuario roundcube en la interfaz de ISPConfig 3 y continue la instalación..."

	## Roundcube http://server.ltd/webmail - http://server.ltd/roundcube

	apt-get install -y roundcube roundcube-plugins roundcube-plugins-extra

	sed -i 's/# Alias \/roundcube \/var\/lib\/roundcube/ Alias \/roundcube \/var\/lib\/roundcube/g' /etc/apache2/conf-available/roundcube.conf
	sed -i '5 i\
	Alias /webmail /var/lib/roundcube' /etc/apache2/conf-available/roundcube.conf
	sed -i '22i\
	DirectoryIndex index.php\
	\
	<IfModule mod_php5.c>\
	AddType application/x-httpd-php .php\
	\
	php_flag magic_quotes_gpc Off\
	php_flag track_vars On\
	php_flag register_globals Off\
	php_value include_path .:/usr/share/php\
	</IfModule>\
	' /etc/apache2/conf-available/roundcube.conf

	service apache2 restart

	sed -i "s/\$rcmail_config\['default_host'\] =.*/\$rcmail_config['default_host'] = 'localhost';/" /etc/roundcube/main.inc.php
	sed -i 's/en_US/es_ES/g' /etc/roundcube/main.inc.php

	cd /tmp
	git clone https://github.com/w2c/ispconfig3_roundcube.git
	cd /tmp/ispconfig3_roundcube/
	mv ispconfig3_* /var/lib/roundcube/plugins
	cd /var/lib/roundcube/plugins
	mv ispconfig3_account/config/config.inc.php.dist ispconfig3_account/config/config.inc.php

	sed -i "s/\$rcmail_config\['remote_soap_pass'\] =.*/\$rcmail_config['remote_soap_pass'] = 'remote_soap_pass';/" /var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php
	echo 'Por favor use la misma contraseña que uso al dar de alta el usuario remoto "roundcube": '
	read password
	sed -i "s/remote_soap_pass/$password/g"/var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php
	echo 'Si necesita confirmarla revise el archivo /var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php de ser necesario'
	sleep 3
	sed -i "s/\$rcmail_config\['soap_url'\] =.*/\$rcmail_config['soap_url'] = 'https:\/\/192.168.0.100:8080\/remote\/';/" /var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php
	sed -i "s/192.168.0.100/$(curl ipecho.net/plain)/" /var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php


	echo "No olvides confirmar que la dirección https://$(curl ipecho.net/plain):8080/remote/ es la que corresponde a tu servidor..."
	sleep 2 ; echo "..." ; sleep 2 ; echo "..." ; sleep 2
	echo "el archivo a revisar es: /var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php "
	sleep 2 ; echo "..." ; sleep 2 ; echo "..." ; sleep 2
	echo "continuamos..."

	sed -i "s/\$rcmail_config\['plugins'\] =.*/\$rcmail_config['plugins'] = array('jqueryui', 'ispconfig3_account', 'ispconfig3_autoreply', 'ispconfig3_pass', 'ispconfig3_spam', 'ispconfig3_fetchmail', 'ispconfig3_filter');/" /etc/roundcube/main.inc.php

	## Modificaciones para activar el núcleo de Trisquel por medio de kexec en Droplet (Digital Ocean)
	## mas info en: http://0wned.it/2014/08/27/custom-kernel-on-a-digitalocean-droplet-the-right-way/

	wget https://gist.githubusercontent.com/Ark74/8f1880727d04bf301271/raw/ea9e7c66be23d6769edb576eab87973cc41bfe8d/etc_init.d_droplet-kernel -O /etc/init.d/droplet-kernel
	chmod 755 /etc/init.d/droplet-kernel
	wget https://gist.githubusercontent.com/Ark74/8f1880727d04bf301271/raw/ea9e7c66be23d6769edb576eab87973cc41bfe8d/etc_default_droplet-kernel -O /etc/default/droplet-kernel
	update-rc.d droplet-kernel defaults

	service droplet-kernel status
	sleep 3

	echo "Ahora vamos reiniciar el Servidor con nuestro núcloe de Trisquel..."
	sleep 5
	init 6
	# Defaults for droplet-kernel initscript
	# sourced by /etc/init.d/droplet-kernel

	# Load a custom kernel for the droplet (true/false)
	ENABLED=true

	# Kernel and initrd image.
	# If no initrd image is needed, leave blank.
	KERNEL_IMAGE="/vmlinuz"
	INITRD="/initrd.img"

	# If empty, use current /proc/cmdline
	APPEND=""
	### BEGIN INIT INFO
	# Provides: droplet-kernel
	# Required-Start:
	# Required-Stop:
	# Should-Start: glibc
	# Default-Start: S
	# Default-Stop: 6
	# X-Interactive: true
	# Short-Description: Run kexec on DigitalOcean droplet
	# Description: Runs kexec on a DigitalOcean droplet to boot a custom kernel
	# URL: http://0wned.it/2014/08/27/custom-kernel-on-a-digitalocean-droplet-the-right-way/
	### END INIT INFO

	PATH=/sbin:/bin:/usr/sbin:/usr/bin

	. /lib/lsb/init-functions

	test -r /etc/default/droplet-kernel && . /etc/default/droplet-kernel

	do_stop() {
	# Don't do anything if kexec-tools are not installed
	# or droplet-kernel is not enabled in defaults file.
	test -x /sbin/kexec \|\| exit 0
	test "$ENABLED" = "true" \|\| exit 0

	# Check 'kexeced' kernel cmdline is present otherwise droplet
	# wasn't booted with a custom kernel via kexec.
	if grep -q ' kexeced$' /proc/cmdline; then

	# Remove 'kexeced' cmdline arguement so that when the droplet
	# is rebooted it will load and boot the custom kernel again.
	cat /proc/cmdline \| sed 's/ kexeced$//' > /root/cmdline
	mount --bind -n -o ro /root/cmdline /proc/cmdline >/dev/null
	kexec -u

	log_action_msg "Removed 'kexeced' kernel cmdline from droplet"
	else
	log_action_msg "Droplet was not booted with the Trisquel kernel"
	fi
	}

	do_start() {
	# Don't do anything if kexec-tools are not installed
	# or droplet-kernel is not enabled in defaults file.
	test -x /sbin/kexec \|\| exit 0
	test "$ENABLED" = "true" \|\| exit 0

	do_status

	# Check 'kexeced' kernel cmdline is not present.
	# If it is, the droplet has already booted with kexec. This helps
	# prevent loops.
	if grep -qv ' kexeced$' /proc/cmdline; then

	# Give the option to abort booting the droplet using kexec.
	export KEXEC_ABORT=false
	trap "export KEXEC_ABORT=true" 2
	log_begin_msg "Press Ctrl+C to abort booting droplet with the Trisquel kernel"
	sleep 10
	trap - 2
	log_end_msg 0

	REAL_APPEND="$APPEND"
	test -z "$REAL_APPEND" && REAL_APPEND="`cat /proc/cmdline`"

	if [ "$KEXEC_ABORT" = "false" ]; then
	log_action_begin_msg "Loading new kernel in to droplet memory"
	if [ -z "$INITRD" ]; then
	kexec --load "$KERNEL_IMAGE" --append="$REAL_APPEND kexeced"
	else
	kexec --load "$KERNEL_IMAGE" --initrd="$INITRD" --append="$REAL_APPEND kexeced"
	fi
	log_action_end_msg $?

	log_action_begin_msg "Attempting to run droplet with the Trisquel kernel"
	kexec -e
	log_action_end_msg $?
	fi
	fi
	}

	do_status() {
	if [ "$ENABLED" != "true" ]; then
	log_action_msg "The Trisquel droplet kernel is NOT enabled"
	exit 0
	fi

	log_action_msg "The Trisquel droplet kernel is enabled"

	if grep -q 'kexeced$' /proc/cmdline; then
	log_action_msg "Droplet was booted with the Trisquel kernel"
	else
	log_action_msg "Droplet was NOT booted with the Trisquel kernel"
	fi
	}

	case "$1" in
	start)
	do_start
	;;
	restart\|reload\|force-reload)
	echo "Error: argument '$1' not supported" >&2
	exit 3
	;;
	stop)
	do_stop
	;;
	status)
	do_status
	;;
	*)
	echo "Usage: $0 {start\|stop\|status}" >&2
	exit 3
	;;
	esac
	exit 0