-
-
Save ZEROF/10743343 to your computer and use it in GitHub Desktop.
#!/bin/bash | |
# This script will help you to set Hiawatha Server. | |
# Tested on Devuan 8 32/64bit. Debian Jessie supported as well. | |
# Script author ZEROF <zerof at backbox dot org> | |
# If you like Linux and security join http://backbox.org | |
# Script version 0.6c | |
# This script is distributed under a DO WHAT THE F*** YOU WANT TO PUBLIC LICENSE. | |
# http://www.wtfpl.net/txt/copying/ | |
clear | |
function banner () | |
{ | |
echo "" | |
echo -e "╦ ╦┬┌─┐┬ ┬┌─┐┌┬┐┬ ┬┌─┐ ╔═╗╦ ╦╔═╗ ╔═╗╔═╗╔╦╗ ╔╦╗┌─┐┬─┐┬┌─┐╔╦╗╔╗ " | |
echo -e "╠═╣│├─┤│││├─┤ │ ├─┤├─┤───╠═╝╠═╣╠═╝───╠╣ ╠═╝║║║───║║║├─┤├┬┘│├─┤ ║║╠╩╗" | |
echo -e "╩ ╩┴┴ ┴└┴┘┴ ┴ ┴ ┴ ┴┴ ┴ ╩ ╩ ╩╩ ╚ ╩ ╩ ╩ ╩ ╩┴ ┴┴└─┴┴ ┴═╩╝╚═╝" | |
} | |
# Vars | |
config="/etc/hiawatha/hiawatha.conf" | |
connect1="ConnectTo = /var/lib/hiawatha/php-fcgi.sock" | |
connect2="ConnectTo = /var/run/php5-fpm.sock" | |
info="[!]This is only for fresh installed servers, script don't check if you made changes on your system.\n[!]If something goes wrong, you can find hiawatha.conf.backup in /etc/hiawatha/." | |
up="\033[1;33m[!]\e[0m" | |
#User check. Must be r00t | |
if [ $USER != 'root' ]; then | |
echo "[!]Are you root? NO. Then try again." | |
exit | |
fi | |
# End function | |
function enter () | |
{ | |
echo "" | |
read -sn 1 -p "Press any key to continue..." | |
clear | |
} | |
#Check for system versin and egrep last package from tuxhelp | |
download_deb() { | |
wget "https://files.tuxhelp.org/hiawatha/$(wget -O- https://files.tuxhelp.org/hiawatha | egrep -o "hiawatha_[0-9\.]+_$1.deb" | sort -V | sort -V | tail -1)" | |
} | |
#Download | |
down() { | |
if [ "$(getconf LONG_BIT)" = "64" ]; then | |
download_deb amd64 | |
else | |
download_deb i386 | |
fi | |
} | |
# Just to be sure that menu will work around | |
$selection | |
# Restart Hiawatha | |
function restart () | |
{ | |
service hiawatha restart | |
} | |
# Install MariaDB | |
function mariadb () | |
{ | |
apt install mariadb-server -y | |
} | |
function mariadb_secure () | |
{ | |
mysql_secure_installation | |
} | |
# Setting wordpress vhost [s] | |
function wordpress_vhost() | |
{ | |
echo -e "\e[31m\n$up This script will remove any directory with name wordpress, take care about that.\nControl + C if you want to check then start script again.\e[0m" | |
sleep 5 | |
echo -e -n "\n$up Set site/vhost order/remove number(example 1-10): " | |
read number | |
echo -e -n "\n$up Enter domain name or your server IP: " | |
read domain | |
echo -e -n "\n$up Enter site folder (example /var/www/hiawatha/wordpress): " | |
read root | |
echo -e -n "\n$up Enter site default page (index.php or index.html): " | |
read index | |
echo -e "\n#${number}\nVirtualHost {\n\tHostname = ${domain} \n\tWebsiteRoot = ${root}\n\tStartFile = ${index} #Use index.php or index.html\n\t#AccessLogfile = ${root}/access.log\n\t#ErrorLogfile = ${root}/error.log\n\tTimeForCGI = 5\n\tUseFastCGI = PHP5\n\tUseToolKit = wordpress\n}\n | |
#${number}\nUrlToolkit {\nToolkitID = wordpress\nRequestURI exists Return\nMatch .*\?(.*) Rewrite /index.php?$1\nMatch .* Rewrite /index.php\n}" >> $config | |
mkdir -p $root | |
} | |
# wget last version from WP site | |
function wordpress () | |
{ | |
if [ -d "$wordpress)" ]; then | |
rm -rf wordpress | |
else | |
echo -e "\n$up We are going to install your Wordpress site.\n" | |
enter | |
fi | |
wget http://wordpress.org/latest.tar.gz | |
tar -xzf latest.tar.gz | |
echo -e -n "$up Your wordpress vhost directory (ex./var/www/hiawatha/wordpress): " | |
read path | |
cp -r wordpress ${path} | |
chown -R www-data:www-data ${path} | |
rm latest.tar.gz | |
rm -rf wordpress | |
} | |
# Removing wordpress installation | |
function rem_wordpress() | |
{ | |
echo -n "\n\t$up Type Wordpress path directory (ex./var/www/hiawatha/wordpress):" | |
read word_path | |
rm -rf $word_path | |
echo -e -n "\n\t$up Enter your mysql user name: " | |
read user | |
echo -e -n "\n\t$up Type mysql password(you can't see your password): " | |
stty_orig=`stty -g` | |
stty -echo | |
read pass | |
stty $stty_orig | |
echo "" | |
echo -e -n "\n\t$up Type wordpress database name: " | |
read db_name | |
mysql -u $user -p$pass -e "drop database $db_name" | |
service mysql restart | |
} | |
# Setting MySql server details | |
function set_mysql () | |
{ | |
echo -e -n "\n\t$up Enter your mysql user name: " | |
read user | |
echo -e -n "\n\t$up Type mysql password(you can't see your password): " | |
stty_orig=`stty -g` | |
stty -echo | |
read pass | |
stty $stty_orig | |
echo "" | |
echo -e -n "\n\t$up Type database name: " | |
read db_name | |
mysql -u $user -p$pass -e "create database $db_name" | |
service mysql remove | |
} | |
# Simple function yes and no when user start installation of phpmyadmin | |
function yes_no () | |
{ | |
echo -e "\n$up \e[40;38;5;82mPHPMYADMIN INSTALLATION \e[0m\n" | |
read -p "Install phpMyAdmin (y/n)? " choice | |
case "$choice" in | |
y|Y ) phpmyadmin;admin_hiawatha;where_phpmyadmin;; | |
n|N ) selection;; | |
* ) echo -e "$up Wrong answer. Don't worry you can start phpMyadmin installation when you are ready";; | |
esac | |
} | |
# Need to be set for vhost needs | |
function where_phpmyadmin () | |
{ | |
echo -e -n "\n$up Type your main site path directory (ex./var/www/hiawatha/wordpress): " | |
read phpadmin | |
ln -s /usr/share/phpmyadmin $phpadmin | |
} | |
# Get last version from server and install | |
function phpmyadmin () | |
{ | |
apt install phpmyadmin -y | |
} | |
function admin_hiawatha () | |
{ | |
sed -i '/#Use index.php or index.html/s/$/\n\tAlias = \/phpmyadmin:\/usr\/share\/phpmyadmin/' $config | |
restart | |
enter | |
} | |
# Hiawatha function to protect folders and file | |
function protect () | |
{ | |
echo -e -n "\n$up Enter order number for removing rules in the future(ex 1,2): " | |
read number | |
echo -e -n "\n$up Enter path directory you want to protect (example /var/www/hiawatha/): " | |
read directory | |
echo -e "\n#${number}0\nDirectory {\nPath = $directory\nAccessList = Deny All\n}" >> /etc/hiawatha/hiawatha.conf | |
restart | |
} | |
# Removing protection rule | |
function protect_remove () | |
{ | |
echo -e -n "\n$up Enter remove number: " | |
read n | |
for i in "${n[@]}" | |
do sed -i "/#${n}\0/,/} /d" $config | |
done | |
sed -i 's/ $//' $config | |
restart | |
} | |
function fail2 () | |
{ | |
apt install fail2ban -y | |
service fail2ban restart | |
cd /etc/fail2ban | |
echo "" | |
echo -e "\e[30;48;5;82m We are going to protect your server SSH and SFTP with fail2ban. \e[0m \n" | |
sleep 2 | |
echo -e "\e[30;48;5;82m For that we will need information about port your are using for SSH. \e[0m \n" | |
sleep 2 | |
echo -ne "\e[30;48;5;82m You SSH port is: \e[0m" | |
read port | |
cat <<EOF > "/etc/fail2ban/jail.local" | |
[ssh] | |
enabled = true | |
port = sftp,$port | |
filter = sshd | |
logpath = /var/log/auth.log | |
findtime = 300 | |
maxretry = 3 | |
bantime = 86400 | |
EOF | |
echo"" | |
service fail2ban restart | |
} | |
function fail2_remove() | |
{ | |
rm /etc/fail2ban/jail.local | |
apt --purge remove fail2ban -y | |
} | |
# Menu | |
function print_menu() | |
{ | |
banner | |
echo "" | |
echo "[1] - system update, upgrade and dist-upgrade." | |
echo "[2] - install required dependencies for Hiawatha." | |
echo "[3] - install PHP5 and PHP5 modules." | |
echo "[4] - installation of MariaDB 10.0." | |
echo "[5] - secure MariaDB installation." | |
echo "[6] - install Hiawatha Webserver." | |
echo "[7] - set VPS/SERVER time zone." | |
echo -e "\n\e[40;38;5;82m SETTING HIAWATHA \e[30;48;5;82m WEB SERVER \e[0m \n" | |
echo "[8] - setting PHP-FPM (FastCGI)." | |
echo "[9] - add new VHOST (ex. site order number, yoursite.com, /var/www, index.php)" | |
echo "[10] - install Wordpress (don't run option 9 if you want to do this)." | |
echo "[11] - remove VHOST." | |
echo "[12] - install phpMyadmin (run only after setting first vhost)." | |
echo "[13] - remove phpMyadmin." | |
echo "[14] - remove Wordpress installation." | |
echo -e "\n\e[40;38;5;82m HIAWATHA \e[30;48;5;82m SECURITY \e[0m \n" | |
echo "[15] - protect site directory." | |
echo "[16] - remove directory protection." | |
echo "[17] - ban clients who misbehave (basic DDOS protection)." | |
echo "[18] - install fail2ban and protect SSH and SFTP." | |
echo "[19] - remove fail2ban and settings." | |
echo "" | |
echo "[0] - exit program." | |
echo "" | |
echo -e -n "$up Enter selection: " | |
} | |
selection= | |
until [ "$selection" = "0" ]; do | |
print_menu | |
read selection | |
echo "" | |
case $selection in | |
1 ) apt update -y;apt upgrade -y;apt dist-upgrade -y; apt install python-pip -y; apt install asciinema;clear;; | |
2 ) apt install libc6-dev libssl-dev dpkg-dev debhelper curl fakeroot libxml2-dev libxslt1-dev -y;clear;; | |
3 ) apt install php5-cgi php5 php5-cli php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl php5-xcache apache2-utils php5-fpm -y;enter;; | |
4 ) apt install python-software-properties -y;mariadb;clear;; | |
5 ) mariadb_secure;enter;clear ;; | |
6 ) down; dpkg -i hiawatha_*.deb; rm hiawatha_*;enter ;; | |
7 ) dpkg-reconfigure tzdata; enter; echo "We are done.It was cool? NO :)";enter ;; | |
8 ) echo -e $info;sleep 3;cp $config $config\.backup;x=( 57 58 59 60 61 );for i in "${x[@]}";do sed -i "${i}s/^#//" $config;done;sed -i s'/\#CGIhandler\ =\ \/usr\/bin\/php\-cgi\:php/CGIhandler\ = \/usr\/bin\/php\-cgi\:php/' $config;sed -i s#"$connect1"#"$connect2"#g $config;service php5-fpm restart; enter ;; | |
9 ) echo -e -n "\n$up Set site/vhost remove number(example 1-10): ";read number; echo -e -n "\n$up Enter domain name or your server IP: ";read domain;echo -e -n "\n$up Enter site folder (example /var/www/hiawatha): ";read root;echo -e -n "\n$up Enter site default page (index.php or index.html): ";read index;echo -e "\n#${number}\nVirtualHost {\n\tHostname = ${domain} \n\tWebsiteRoot = ${root}\n\tStartFile = ${index} #Use index.php or index.html\n\t#AccessLogfile = ${root}/access.log\n\t#ErrorLogfile = ${root}/error.log\n\tTimeForCGI = 20\n\tUseFastCGI = PHP5\n}" >> $config;enter ;; | |
10 ) wordpress_vhost;wordpress;set_mysql;echo "";restart;echo "";service php5-fpm restart;echo -e "\e[31m\n$up Open your browser with your domain or ip and start wordpress installation.\nIf something goes wrong check your settings (/etc/hiawatha/hiawatha.conf)\e[0m";sleep 3;yes_no ;; | |
11 ) echo -e -n "\n$up Enter site/vhost remove number: " ;read n; for i in "${n[@]}";do sed -i "/#${n}/,/} /d" $config;done;sed -i '$d' $config;enter ;; | |
12 ) phpmyadmin;admin_hiawatha;where_phpmyadmin; ;; | |
13 ) apt remove phpmyadmin;rem=$(find / -type d -name phpmyadmin); rm -rf $rem;enter;; | |
14 ) rem_wordpress;enter ;; | |
15 ) echo -e "\n$up\e[31m If you want to protect directory from public access use this option\e[0m";protect ;; | |
16 ) protect_remove ;; | |
17 ) x=( 40 41 42 43 44 );for i in "${x[@]}";do sed -i "${i}s/^#//" $config;done; clear;; | |
18 ) fail2; enter ;; | |
19 ) fail2_remove;clear ;; | |
0 ) exit ;; | |
* ) echo -e "$up Please enter 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, ,13, 14, 15, 16, 17, 18, 19 or 0" | |
esac | |
done |
Nice to see you around @cwadge.
- I didn't know about apt source, this will save my time editing this script after every Hiawatha update.
- I will look to your script. Maybe I can pull some nice idea and I will try your work soon.
- I tested MySql Tunning script not so long time ago, and it's true not working with newest MySql versions. Thanks for that great fix.
- And about phpmyadmin ...Man what to say about that. People asked for. What i do is maybe some kind of solution. I add always "up to date" version, that helps +- with sec issues.
I made almost all of scripts in my spare time, I guess you too. A lot of people use this one, but they don't share/give ideas about next steps. Most of them just take and go, but I do this to support Hiawatha project in first place, and we have clients using Hiawatha last 12 months i think so, and I wrote this to save my time setting server after server.
Keep up the good work and thank you for stepping by.
Likewise, @ZEROF. And yeah, agreed about PhpMyAdmin. Lots of people use it, but I always recommend handling it like one would an angry cobra... very carefully.
My time for stuff like this is limited also, so I understand not being able to work on your side-project scripts every day. I thought that not that many people were actually using my scripts and such, until I changed the directory structure on tuxhelp.org. The moral of the story is this: don't feel like your time is wasted. Lots of people use this stuff, it's just that most folks don't think to give any feedback until something breaks or goes missing. Ce'st la vie.
Latest Hiawatha build for Debian is now 9.11-1. Also, there's a new apt repository on the west coast of the US, http://mirror.tuxhelp.org/debian/
Thanks for update ;)
Running script on new Debian 7.1 vps install pulls dist-upgrade packages post-Jessie update which creates errors in FPM install. Could you update this wonderful script? Thanks!
Instead of updating the script for every Hiawatha release, maybe you can use the version number of the latest release as published via https://www.hiawatha-webserver.org/latest
Hi all. I will start to work on few updates starting from tonight :). Hope to fix all until next weekend.
To do:
Auto-update from repositoryFixing php-fpm issue (new issue pop-up after last Debian 8 updates, need to work on that this week).Moving to Debian 8Updating phpmyadmin version (this need to be be done every time on my side, because i host edited version of phpmyadmin to work out of box)Removing old and not supported php packages for Debian 8, php5-ming, php5-ps, php5-ffmpegDefault version of MariaDB now is 10.* (from Jessie)
** I just made small update and set script to egrep last hiawatha Debian packages.
P.S. Debian 8 made a lot of updates from last script update (new php version is one of them) and i will need to boot up new test machine and see how things goes on, small updates need to be worked on. I got one free VPS today to test all this and I hope to bring new version soon. 27/01/2016 (Happy New Year folks). I just got new SSD as well and that will speed up my work. Test i was running on my local machine are not same as running them on servers from providers (in most case they are VPS running on openvz).
About MariaDB ... Before new versions 10.1 and 10.0 i was 100% for using Mariadb, but as don't see direction of Mariadb I'm not sure that i will stick with it. Some issues on clients servers etc. made me think that i need stable data system, and I'm not sure that I can trust Mariadb on that. Friend of mine lost some data on Zimbra server (using MariaDB 10.0-15) and we did spend few days to fix issues but without luck fro now.
Hope to bring full update script soon. Cheers!
Hi all,
I'm happy to share new version with you (0.6). I will not remove old version from internet, but you will need to fix issues if you find some, i wanted to keep with Debian 7 support, but it's not logic anymore. This version was tested on Devuan (Debian without systemd). I will need testers, run it and see how things will go on your side. About updates:
- Full Debian 8+ support
- MariaDB 10.0+
- Removed dns servers installation, this will stay Hiawatha install and administration script, no time for more
- Fixed fast PHP (php-fpm)
- New security option (ban abusive users)
- Code clean up
TO DO
- Better PHP security
- XSS protection and other security options
And more ...
Hey there. Looks like a nice script. :) Deb 7 + Hiawatha + PHP-FPM + MariaDB (XtraDB) is my favored stack as well. BTW, I'm the guy who does the Debian Hiawatha builds (tuxhelp.org); just thought I'd point out a few things:
Thanks again for the nice work here.
All the best,
-Chris