Skip to content

Instantly share code, notes, and snippets.

@n4txo

n4txo/odoo_install.sh

Created August 14, 2016 22:34
Show Gist options
  • Save n4txo/812da1a28153eb917114a1fa66e59952 to your computer and use it in GitHub Desktop.
Save n4txo/812da1a28153eb917114a1fa66e59952 to your computer and use it in GitHub Desktop.
Download ZIP
odoo
Raw
odoo_install.sh
#!/bin/bash
################################################################################
#
# Script for Installation: ODOO v8 server on Ubuntu 14.04 LTS
# Author: André Schenkels, ICTSTUDIO 2014
#
# Forked: n / master
#-------------------------------------------------------------------------------
#
# This script will install ODOO v8 Server on a clean Ubuntu 14.04 Server and:
#
# * Log all the output to a log called odoo_install.log.
# * Set date/time in the selected zone. Update date via ntp.
# * Set locale environment to the selected. See: :~$ locale -a
# * Change the hostname to the specified one.
# P Set the selected IPv4.
# * Disable IPv6 at grub level and /etc/hosts.
# * Install wkhtmltopdf for pdf generation.
# * Install some addons:
# - No phoning home. See: https://bitbucket.org/BizzAppDev/oerp_no_phoning_home.git
# - Spanish localization and dependencies.
# * Configure apache2 as http reverse proxy.
# * Secure the installation with:
# - fail2ban.
# - Monit for monitor the status and integrity of processes. HTTP server available in localhost:2812.
# - ssh blacklist.
# - Unattended upgrades with automatic reboot at selected time (2AM default).
# * Postfix, configure relay mail server based on a gmail account. Disable ipv6
# * logwatch (R)postfix. Configure for sending logs to an email account.
# * SSH hardening. Changes:
# P ServerKeyBits 2048 · ATTENTION due to this change the ssh fingerprint of the machine is going to be changed.
# - Disable rootlogin
# - Set AuthorizedKeysFile
# P Disable PasswordAuthentication · This must be asked.
# - Disable X11Forwarding
# - Enable AllowTcpForwarding
# * apache2 hardening
# *
# * ufw/iptables : A 22 25 80 (443)
# P Backup · Barman. See: http://slideshare.net/openobject/odoo-disaster-recovery-with-barman http://www.vionblog.com/openerp-backup-and-point-in-time-recovery/
# * Odoo Performance Tuning. See: http://slideshare.net/openobject/performance2014-35689113
# *
# P Selinux? Bastille? Tyger?
# P Configure ssl in apache.
# * Resume message.
# P Automatic reboot at the end after prompt.
#
# ACTIVE CONNECTIONS AFTER INSTALLATION. See: netstat -putona
#
# root@odoo:~# netstat -putona
# tcp 0.0.0.0:25 0.0.0.0:* ESCUCHAR master * SMTP Server
# tcp 127.0.0.1:2812 0.0.0.0:* ESCUCHAR monit * MONIT listening localhost ipv4 only
# tcp 127.0.0.1:8069 0.0.0.0:* ESCUCHAR python * Odoo Server listening localhost ipv4 only
# tcp 0.0.0.0:80 0.0.0.0:* ESCUCHAR apache2 * Apache Server listening ipv4 only
# tcp 0.0.0.0:22 0.0.0.0:* ESCUCHAR sshd * SSH Server
# tcp 127.0.0.1:35959 127.0.0.1:5432 TIME_WAIT wait time (37,20/0/0) * Postgres localhost ipv4 only
# udp 127.0.0.1:60619 127.0.0.1:60619 ESTABLECIDO 1126/postgres * Postgres-Odoo conection
#
#-------------------------------------------------------------------------------
# USAGE:
#
# $ ./odoo-install
#
# A password for using sudo will be asked. Be sure to execute from a user with sudo privileges. See: man visudo
# If you launch the script using sh it's not going to work because the log file creation.
#
# EXAMPLE:
#
# user@computer:~$ ./odoo_install.sh
#
# * Create log file for installation
#
# /home/user/odoo_install.log
#
# OK
#
# * Configuring date/time in Europe/Madrid
#
# [sudo] password for user:
#
################################################################################
exec &> >(tee odoo_install.log)
echo -e "\n* Create log file for installation\n"
pwd | awk '/\//{ print $0"/odoo_install.log" }'
echo -e "\n OK"
echo -e "\n* Configure user environment, gather variables"
if [ -f "user.cfg" ]; then
source user.cfg
echo -e " Loaded user variables"
echo -e "\n"
else
echo -e "# CONFIG FILE
# VARIABLES THAT SHOULD BE MODIFIED
## OE_USER: User account that will execute the Odoo instance.
OE_USER='odoo'
## DB_PWD: Password for database connections.
DB_PWD='odoo'
## OE_SUPERADMIN: Odoo Master Password.
OE_SUPERADMIN='superadminpassword'
# HOST CONFIGURATION
## OE_HOST: Name of the hostname.
OE_HOST='odootest'
## FQDN. Full Qualified Domain Name. Set with 'hostname -f', could be changed to any usable URL. See: /etc/hosts
FQDN='odootest'
# Enter '9.0' for version 9, '8.0' for version 8.0, '7.0 (version 7), saas-4, saas-5 (opendays version) and 'master' for trunk.
OE_VERSION='8.0'
# MAIL CONFIGURATION
## GM_ACCOUNT: Google Mail/Apps Account for sending mails. Example: [email protected]. Asked in runtime.
GM_ACCOUNT="[email protected]"
## GM_PWD: Password for the Google Mail/Apps Account. Asked in runtime.
GM_PWD="yourfancypassword"
## MX_FROM: Mail account to insert in the FROM field of the email alerts. Asked in runtime.
MX_FROM="[email protected]"
## MX_TO: Mail account that is going to receive the email alerts. Asked in runtime. Used to configure serveradmin of apache2
MX_TO="[email protected]"
## LW_HOUR: Hour for standard logwatch mail alerts (logwatch --range ). In cron format MM HH. Example: for recive logwatch mail alerts at 8AM each mornirg type "00 08". Asked in runtime.
LW_HOUR="00 08"" > user.cfg
source user.cfg
echo -e " user.cfg not found, created using defaults"
read -p " Do you want to continue the installation? (Y/N): " ANS
if [ ANS != "Y" ] || [ ANS != "y"]; then
echo " Stopping the installation"
exit 1
fi
fi
if [ -f user.cfg ]; then
grep -v -e "^$" user.cfg|grep -v "#"
echo -e "\n"
read -p " Press [Enter] key to continue"
else
echo -e "\n\nERROR: Not found user.cfg file, exiting."
exit 1
fi
echo -e "\n-------------------------------------------------------------------------------
\n\n UPDATE SERVER
\n\n-------------------------------------------------------------------------------"
echo -e "\n* Change hostname\n"
OLDHOST=$(cat /etc/hostname)
sudo su root -c "echo '$OE_HOST' > /etc/hostname"
sudo service hostname restart
sudo sed -i s/"127.0.1.1 $OLDHOST"/"127.0.1.1 $OE_HOST"/g /etc/hosts
sudo su root -c "echo 'The new hostname is $OE_HOST'"
echo -e "\n OK"
echo -e "\n* Update Server\n"
sudo apt-get update
echo -e "\n OK"
echo -e "\n* Configuring date/time in Europe/Madrid\n"
sudo su root -c "cp /usr/share/zoneinfo/Europe/Madrid /etc/localtime"
sudo su root -c "ntpdate server 0.pool.ntp.org"
echo $(date)
#Set Odoo paths based in variable data.
OE_HOME="/opt/$OE_USER"
OE_HOME_EXT="/opt/$OE_USER/$OE_USER-server"
OE_CONFIG="$OE_USER-server"
## UU_TIME: Hour for unattended upgrades.
UU_TIME='02:00'
echo -e "\n OK"
echo -e "\n-------------------------------------------------------------------------------
\n\n SET LOCALE es_ES.UTF8
\n\n-------------------------------------------------------------------------------"
echo -e "\n* Set es_ES.UTF-8 Locale"
dpkg --get-selections |grep language-pack-es
if [ $? -ne 0 ]; then
sudo apt-get install -y language-pack-es
fi
sudo cp /etc/default/locale /etc/default/locale.BACKUP
sudo rm -rf /etc/default/locale
echo -e "\n OK"
echo -e "\n* Change server config file\n"
# See: 'locale -a' and set one of the list.
# Change here your locales. See: https://help.ubuntu.com/community/Locale
sudo su root -c "echo 'LC_ALL="es_ES.utf8"' >> /etc/default/locale"
sudo su root -c "echo 'LANG="es_ES@euro"' >> /etc/default/locale"
sudo su root -c "echo 'LANGUAGE="es_ES:es"' >> /etc/default/locale"
sudo su root -c "dpkg-reconfigure locales"
echo -e "\n OK"
echo -e "\n-------------------------------------------------------------------------------
\n\n INSTALL POSTGRESQL SERVER
\n\n-------------------------------------------------------------------------------"
echo -e "\n* Install PostgreSQL Server\n"
sudo apt-get -y install postgresql
echo -e "\n OK"
echo -e "\n* Configure hba_conf"
#sudo sed -i s/"#listen_addresses = 'localhost'"/"listen_addresses = '*'"/g /etc/postgresql/9.3/main/postgresql.conf
#Configure encrypted credentials in Database administrative login by Unix domain socket
sudo sed -i s/"local all postgres peer"/"local all postgres md5"/g /etc/postgresql/9.3/main/pg_hba.conf
#Configure encrypted credentials in "local" is for Unix domain socket connections only
sudo sed -i s/"local all all peer"/"local all all md5"/g /etc/postgresql/9.3/main/pg_hba.conf
echo -e "\n OK"
echo -e "\n* Creating the ODOO PostgreSQL User\n"
sudo su - postgres -c "createuser -s $OE_USER" 2> /dev/null || true
sudo -u postgres psql -c "ALTER USER $OE_USER WITH ENCRYPTED PASSWORD '$DB_PWD';"
#Setting for avoid postgresql error "CEST FATAL: role "root" does not exist" and "CEST FATAL: database "root" does not exist"
sudo su - postgres -c "createuser root" 2> /dev/null || true
sudo su - postgres -c "createdb root" 2> /dev/null || true
echo -e "\n OK"
echo -e "\n-------------------------------------------------------------------------------
\n\n INSTALL ODOO DEPENDENCIES
\n\n-------------------------------------------------------------------------------"
echo -e "\n* Install tool packages\n"
sudo apt-get install wget subversion git bzr bzrtools python-pip python-dev build-essential -y
echo -e "\n OK"
echo -e "\n* Install and Upgrade pip and virtualenv"
sudo pip install --upgrade pip
sudo pip install --upgrade virtualenv
echo -e "\n OK"
echo -e "\n* Install pyserial and qrcode for compatibility with hw_ modules for peripheral support in Odoo"
sudo pip install pyserial qrcode pytz jcconv
sudo apt-get -f install -y
echo -e "\n OK"
echo -e "\n* Install pyusb 1.0+ not stable for compatibility with hw_escpos for receipt printer and cash drawer support in Odoo "
sudo pip install --pre pyusb
echo -e "\n OK"
echo -e "\n* Install python packages\n"
sudo apt-get install -y --force-yes --no-install-recommends python-gevent python-dateutil python-feedparser python-gdata python-ldap python-libxslt1 python-lxml python-mako python-openid python-psycopg2 python-pybabel python-pychart python-pydot python-pyparsing python-reportlab python-simplejson python-tz python-vatnumber python-vobject python-webdav python-werkzeug python-xlwt python-yaml python-zsi python-docutils python-psutil python-mock python-unittest2 python-jinja2 python-pypdf python-pdftools python-setuptools python-pybabel python-imaging python-matplotlib python-reportlab-accel python-openssl python-egenix-mxdatetime python-paramiko antiword python-decorator poppler-utils python-requests libpq-dev python-geoip python-markupsafe postgresql-client python-passlib vim libreoffice curl openssh-server npm python-cairo python-genshi libreoffice-script-provider-python ghostscript
echo -e "\n OK"
# Install NodeJS and Less compiler needed by Odoo 8 Website - added from https://gist.github.com/rm-jamotion/d61bc6525f5b76245b50
curl -sL https://deb.nodesource.com/setup | sudo bash -
sudo apt-get install nodejs -y
sudo su root -c "npm install -g less less-plugin-clean-css"
echo -e "\n OK"
echo -e "\n* Install python libraries\n"
sudo pip install gdata passlib unidecode
echo -e "\n---- Install Other Dependencies ----"
sudo pip install graphviz mc bzr lptools make gevent gevent_psycopg2 psycogreen
#Alternative method for install wkhtmltopdf, DOESNT WORK, even changing the path manually gives this error: openerp.addons.report.models.report: You need Wkhtmltopdf to print a pdf version of the reports.
#sudo pip install wkhtmltopdf
echo -e "\n OK"
echo -e "\n* Install wkhtmltopdf 0.12.1\n"
# curl -L to follow mirror redirect from sourceforge.net (eg. kaz.sourceforge.net...)
cd /var/cache/apt/archives/
sudo wget http://download.gna.org/wkhtmltopdf/0.12/0.12.1/wkhtmltox-0.12.1_linux-trusty-amd64.deb
sudo dpkg -i wkhtmltox-0.12.1_linux-trusty-amd64.deb
sudo cp /usr/local/bin/wkhtmltopdf /usr/bin
sudo cp /usr/local/bin/wkhtmltoimage /usr/bin
cd ~
echo -e "\n OK"
echo -e "\n* Create ODOO system user"
sudo adduser --system --quiet --shell=/bin/bash --home=$OE_HOME --gecos 'ODOO' --group $OE_USER
echo -e "\n OK"
echo -e "\n* Create Log directory"
sudo mkdir /var/log/$OE_USER
sudo chown $OE_USER:$OE_USER /var/log/$OE_USER
echo -e "\n OK"
echo -e "\n-------------------------------------------------------------------------------
\n\n INSTALL ODOO
\n\n-------------------------------------------------------------------------------"
echo -e "\n* Install Odoo Server. It takes a while, wait or in a new console: ps -aux |grep git\n"
# default https://www.github.com/odoo/odoo
# OCA https://www.github.com/OCA/OCB
sudo git clone --branch $OE_VERSION https://www.github.com/odoo/odoo $OE_HOME_EXT/
echo -e "\n OK"
echo -e "\n* Create custom module directory in $OE_HOME/custom"
sudo su $OE_USER -c "mkdir $OE_HOME/custom"
sudo su $OE_USER -c "mkdir $OE_HOME/custom/addons"
echo -e "\n OK"
echo -e "\n* Set permissions on home folder"
sudo chown -R $OE_USER:$OE_USER $OE_HOME/*
echo -e "\n OK"
echo -e "\n* Create Odoo server config file"
sudo cp $OE_HOME_EXT/debian/openerp-server.conf /etc/$OE_CONFIG.conf
sudo chown $OE_USER:$OE_USER /etc/$OE_CONFIG.conf
sudo chmod 640 /etc/$OE_CONFIG.conf
echo -e "\n OK"
echo -e "\n* Modify Odoo server config file"
sudo sed -i s/"db_user = .*"/"db_user = $OE_USER"/g /etc/$OE_CONFIG.conf
sudo sed -i s/"db_password = .*"/"db_password = $DB_PWD"/g /etc/$OE_CONFIG.conf
sudo sed -i s/"; admin_passwd.*"/"admin_passwd = $OE_SUPERADMIN"/g /etc/$OE_CONFIG.conf
sudo sed -i s/"db_user = .*"/"db_user = $OE_USER"/g /etc/$OE_CONFIG.conf
sudo su root -c "echo 'xmlrpc_interface = 127.0.0.1' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'logfile = /var/log/$OE_USER/$OE_CONFIG$1.log' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'logrotate = true' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'addons_path=$OE_HOME_EXT/addons,$OE_HOME/custom/addons' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'max_cron_threads = 1' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'addons_path = $OE_HOME_EXT/addons,$OE_HOME/custom/addons' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '## Server startup config - Common options' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# Admin password for creating, restoring and backing up databases admin_passwd = admin' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# specify additional addons paths (separated by commas)' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '## XML-RPC / HTTP - XML-RPC Configuration' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'xmlrpc = True' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# Specify the TCP IP address for the XML-RPC protocol. The empty string binds to all interfaces.' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'xmlrpc_interface = ' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# specify the TCP port for the XML-RPC protocol' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'xmlrpc_port = 8069' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# Enable correct behavior when behind a reverse proxy' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'proxy_mode = True' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '## XML-RPC / HTTPS - XML-RPC Secure Configuration' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# disable the XML-RPC Secure protocol' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'xmlrpcs = True' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# Specify the TCP IP address for the XML-RPC Secure protocol. The empty string binds to all interfaces.' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'xmlrpcs_interface = ' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# specify the TCP port for the XML-RPC Secure protocol' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'xmlrpcs_port = 8071' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# specify the certificate file for the SSL connection' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'secure_cert_file = server.cert' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# specify the private key file for the SSL connection' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'secure_pkey_file = server.pkey' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '## NET-RPC - NET-RPC Configuration' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# enable the NETRPC protocol' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'netrpc = False' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# specify the TCP IP address for the NETRPC protocol' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'netrpc_interface = 127.0.0.1' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# specify the TCP port for the NETRPC protocol' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'netrpc_port = 8070' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '## WEB - Web interface Configuration' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# Filter listed database REGEXP' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'dbfilter = .*' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '## Static HTTP - Static HTTP service' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# enable static HTTP service for serving plain HTML files' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'static_http_enable = False' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# specify the directory containing your static HTML files (e.g '/var/www/')' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'static_http_document_root = None' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# specify the URL root prefix where you want web browsers to access your static HTML files (e.g '/')' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'static_http_url_prefix = None' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '## Testing Group - Testing Configuration' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# Launch a YML test file.' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'test_file = False' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# If set, will save sample of all reports in this directory.' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'test_report_directory = False' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# Enable YAML and unit tests.' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '## Server startup config - Common options' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'test_disable = False' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# Commit database changes performed by YAML or XML tests.' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'test_commit = False' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '## Logging Group - Logging Configuration' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# file where the server log will be stored (default = None)' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'logfile = /var/log/$OE_USER/$OE_CONFIG$1.log' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# do not rotate the logfile' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'logrotate = True' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# Send the log to the syslog server' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'syslog = False' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# setup a handler at LEVEL for a given PREFIX. An empty PREFIX indicates the root logger. This option can be repeated. Example: openerp.orm:DEBUG or werkzeug:CRITICAL (default: :INFO)' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'log_handler = ["[':INFO']"]' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '# specify the level of the logging. Accepted values: info, debug_rpc, warn, test, critical, debug_sql, error, debug, debug_rpc_answer, notset' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo '#log_level = debug' >> /etc/$OE_CONFIG.conf"
sudo su root -c "echo 'log_level = info' >> /etc/$OE_CONFIG.conf"
echo -e "\n OK"
echo -e "\n* Create startup file"
# Rule of thumb: --workers=$[1+$cores*2]
OE_WORKERS=$(( $(( $(grep -c processor /proc/cpuinfo)*2 )) +1 ))
sudo su root -c "echo '#!/bin/sh' >> $OE_HOME_EXT/start.sh"
sudo su root -c "echo 'sudo -u $OE_USER $OE_HOME_EXT/openerp-server --config=/etc/$OE_CONFIG.conf --workers=$OE_WORKERS --proxy --db-filter=^%d$' >> $OE_HOME_EXT/start.sh"
sudo chmod 755 $OE_HOME_EXT/start.sh
echo -e "\n OK"
echo -e "\n-------------------------------------------------------------------------------
\n\n ADDING ODOO AS A SERVICE (INITSCRIPT)
\n\n-------------------------------------------------------------------------------"
echo -e "\n* Create init file"
echo '#!/bin/sh' >> ~/$OE_CONFIG
echo '### BEGIN INIT INFO' >> ~/$OE_CONFIG
echo '# Provides: $OE_CONFIG' >> ~/$OE_CONFIG
echo '# Required-Start: $remote_fs $syslog' >> ~/$OE_CONFIG
echo '# Required-Stop: $remote_fs $syslog' >> ~/$OE_CONFIG
echo '# Should-Start: $network' >> ~/$OE_CONFIG
echo '# Should-Stop: $network' >> ~/$OE_CONFIG
echo '# Default-Start: 2 3 4 5' >> ~/$OE_CONFIG
echo '# Default-Stop: 0 1 6' >> ~/$OE_CONFIG
echo '# Short-Description: Enterprise Business Applications' >> ~/$OE_CONFIG
echo '# Description: ODOO Business Applications' >> ~/$OE_CONFIG
echo '### END INIT INFO' >> ~/$OE_CONFIG
echo 'PATH=/bin:/sbin:/usr/bin' >> ~/$OE_CONFIG
echo -e "DAEMON=$OE_HOME_EXT/openerp-server" >> ~/$OE_CONFIG
echo -e "NAME=$OE_CONFIG" >> ~/$OE_CONFIG
echo -e "DESC=$OE_CONFIG" >> ~/$OE_CONFIG
echo -e "OE_WORKERS=$(( $(( $(grep -c processor /proc/cpuinfo)*2 )) +1 ))" >> ~/$OE_CONFIG
echo '' >> ~/$OE_CONFIG
echo '# Specify the user name (Default: odoo).' >> ~/$OE_CONFIG
echo -e "USER=$OE_USER" >> ~/$OE_CONFIG
echo '' >> ~/$OE_CONFIG
echo '# Specify an alternate config file (Default: /etc/openerp-server.conf).' >> ~/$OE_CONFIG
echo -e "CONFIGFILE=\"/etc/$OE_CONFIG.conf\"" >> ~/$OE_CONFIG
echo '' >> ~/$OE_CONFIG
echo '# pidfile' >> ~/$OE_CONFIG
echo 'PIDFILE=/var/run/$NAME.pid' >> ~/$OE_CONFIG
echo '' >> ~/$OE_CONFIG
echo '# Additional options that are passed to the Daemon.' >> ~/$OE_CONFIG
echo 'DAEMON_OPTS="-c $CONFIGFILE --proxy --workers=$OE_WORKERS --db-filter=^%d$"' >> ~/$OE_CONFIG
echo '[ -x $DAEMON ] || exit 0' >> ~/$OE_CONFIG
echo '[ -f $CONFIGFILE ] || exit 0' >> ~/$OE_CONFIG
echo 'checkpid() {' >> ~/$OE_CONFIG
echo '[ -f $PIDFILE ] || return 1' >> ~/$OE_CONFIG
echo 'pid=`cat $PIDFILE`' >> ~/$OE_CONFIG
echo '[ -d /proc/$pid ] && return 0' >> ~/$OE_CONFIG
echo 'return 1' >> ~/$OE_CONFIG
echo '}' >> ~/$OE_CONFIG
echo '' >> ~/$OE_CONFIG
echo 'case "${1}" in' >> ~/$OE_CONFIG
echo 'start)' >> ~/$OE_CONFIG
echo 'echo -n "Starting ${DESC}: "' >> ~/$OE_CONFIG
echo 'start-stop-daemon --start --quiet --pidfile ${PIDFILE} \' >> ~/$OE_CONFIG
echo '--chuid ${USER} --background --make-pidfile \' >> ~/$OE_CONFIG
echo '--exec ${DAEMON} -- ${DAEMON_OPTS}' >> ~/$OE_CONFIG
echo 'echo -e "${NAME}."' >> ~/$OE_CONFIG
echo ';;' >> ~/$OE_CONFIG
echo 'stop)' >> ~/$OE_CONFIG
echo 'echo -n "Stopping ${DESC}: "' >> ~/$OE_CONFIG
echo 'start-stop-daemon --stop --quiet --pidfile ${PIDFILE} \' >> ~/$OE_CONFIG
echo '--oknodo' >> ~/$OE_CONFIG
echo 'echo -e "${NAME}."' >> ~/$OE_CONFIG
echo ';;' >> ~/$OE_CONFIG
echo '' >> ~/$OE_CONFIG
echo 'restart|force-reload)' >> ~/$OE_CONFIG
echo 'echo -n "Restarting ${DESC}: "' >> ~/$OE_CONFIG
echo 'start-stop-daemon --stop --quiet --pidfile ${PIDFILE} \' >> ~/$OE_CONFIG
echo '--oknodo' >> ~/$OE_CONFIG
echo 'sleep 1' >> ~/$OE_CONFIG
echo 'start-stop-daemon --start --quiet --pidfile ${PIDFILE} \' >> ~/$OE_CONFIG
echo '--chuid ${USER} --background --make-pidfile \' >> ~/$OE_CONFIG
echo '--exec ${DAEMON} -- ${DAEMON_OPTS}' >> ~/$OE_CONFIG
echo 'echo -e "${NAME}."' >> ~/$OE_CONFIG
echo ';;' >> ~/$OE_CONFIG
echo '*)' >> ~/$OE_CONFIG
echo 'N=/etc/init.d/${NAME}' >> ~/$OE_CONFIG
echo 'echo -e "Usage: ${NAME} {start|stop|restart|force-reload}" >&2' >> ~/$OE_CONFIG
echo 'exit 1' >> ~/$OE_CONFIG
echo ';;' >> ~/$OE_CONFIG
echo '' >> ~/$OE_CONFIG
echo 'esac' >> ~/$OE_CONFIG
echo 'exit 0' >> ~/$OE_CONFIG
echo -e "\n OK"
echo -e "\n* Security Init File"
sudo mv ~/$OE_CONFIG /etc/init.d/$OE_CONFIG
sudo chmod 755 /etc/init.d/$OE_CONFIG
sudo chown root: /etc/init.d/$OE_CONFIG
echo -e "\n OK"
echo -e "\n* Start ODOO on Startup\n"
sudo update-rc.d $OE_CONFIG defaults
echo -e "\n OK"
echo -e "\n-------------------------------------------------------------------------------
\n\n INSTALLING ADDONS
\n\n-------------------------------------------------------------------------------"
echo -e "\n* Installing Addon : No Phoning home. More info in bitbucket\n"
cd $OE_HOME/custom/addons
sudo su root -c "git clone https://bitbucket.org/BizzAppDev/oerp_no_phoning_home.git"
echo -e "\n OK"
echo -e "\n* Installing Addon : Spanish localization\n"
sudo su root -c "git clone https://github.com/OCA/l10n-spain"
sudo su root -c "mv l10n-spain/* ."
sudo su root -c "rm -r __unported__"
echo -e "\n OK"
echo -e "\n* Installing Addon Dependencies : Spanish localization\n"
sudo su root -c "git clone https://github.com/OCA/partner-contact"
sudo su root -c "mv partner-contact/base_location ."
echo -e "\n OK"
echo -e "\n-------------------------------------------------------------------------------
\n\n APACHE 2 AS REVERSE PROXY
\n\n-------------------------------------------------------------------------------"
echo -e "\n* Install apache2 and ssl dependencies\n"
sudo su root -c "apt-get install -y apache2 libapache2-mod-proxy-html libxml2-dev"
echo -e "\n OK"
echo -e "\n* Loading apache2 modules\n"
sudo su root -c "a2enmod proxy proxy_ajp proxy_http rewrite deflate headers proxy_balancer proxy_connect proxy_html xml2enc ssl"
echo -e "\n OK"
echo -e "\n* Hardening Apache security\n"
# Install and configure modsecurity
sudo apt-get install -y libapache2-modsecurity
sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
sudo sed -i s/"SecRuleEngine DetectionOnly"/"SecRuleEngine On"/g /etc/modsecurity/modsecurity.conf
sudo sed -i s/"SecRequestBodyLimit 13107200"/"SecRequestBodyLimit 16384000"/g /etc/modsecurity/modsecurity.conf
sudo sed -i s/"SecRequestBodyInMemoryLimit 131072"/"SecRequestBodyInMemoryLimit 16384000"/g /etc/modsecurity/modsecurity.conf
# Disable ServerTokens and Server Signature in apache2.conf
sudo su root -c "echo -e 'ServerTokens Prod\nServerSignature Off\nTraceEnable Off\nHostnameLookups Off\nServerName $FQDN' >> /etc/apache2/apache2.conf"
#Disable in conf-available/security.conf
sudo sed -i s/"ServerTokens OS"/"ServerTokens Prod"/g /etc/apache2/conf-available/security.conf
sudo sed -i s/"ServerSignature On"/"ServerSignature Off"/g /etc/apache2/conf-available/security.conf
sudo su root -c "echo -e 'Header unset ETag\nFileETag None' >> /etc/apache2/conf-available/security.conf"
#Disable sslprotocols v2 and v3, improve criptografy
sudo sed -i s/"SSLProtocol all"/"SSLProtocol -all +TLSv1.1 +TLSv1.2"/g /etc/apache2/mods-available/ssl.conf
sudo sed -i s/"SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5"/"SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"/g /etc/apache2/mods-available/ssl.conf
sudo sed -i s/"#SSLHonorCipherOrder on"/"SSLHonorCipherOrder on"/g /etc/apache2/mods-available/ssl.conf
sudo chown root:www-data /var/log/apache2/modsec_audit.log
sudo chmod 660 /var/log/apache2/modsec_audit.log
echo -e "\n OK"
echo -e "\n* Configure apache's site-available odoo.conf\n"
sudo su root -c "cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/odoo.conf"
# Create reverse proxy from *:8069 to *:80.
# If you want to have other webpages in this server, then add 'ProxyPass /PATH !' to avoid the proxy operations
sudo sed -i s/"DocumentRoot \/var\/www\/html"/"ProxyRequests Off\\n ProxyPreserveHost On\\n <Proxy *>\\n Order deny,allow\\n #Blocking China and Russia from connecting (known bot and spam countries)\\n SetEnvIf GEOIP_COUNTRY_CODE CN BlockCountry\\n SetEnvIf GEOIP_COUNTRY_CODE RU BlockCountry\\n Deny from env=BlockCountry\\n Allow from all all\\n <\/Proxy>\\n ProxyPass \/ http:\/\/127.0.0.1:8069\/\\n ProxyPassReverse \/ http:\/\/127.0.0.1:8069\/\\n # Fix IE problem (httpapache proxy dav error 408\/409)\\n SetEnv proxy-nokeepalive 1"/g /etc/apache2/sites-available/odoo.conf
sudo sed -i s/"ServerAdmin webmaster@localhost"/"ServerAdmin $MX_TO"/g /etc/apache2/sites-available/odoo.conf
sudo su root -c "a2ensite odoo"
echo -e "\n OK"
echo -e "\n* Disable and delete default web\n"
sudo su root -c "a2dissite 000-default"
sudo su root -c "a2dissite default-ssl"
sudo su root -c "rm -rf /var/www/html"
echo -e "\n OK"
echo -e "\n* Restarting Apache2"
sudo apachectl stop
sudo update-rc.d apache2 enable
sudo apachectl start
echo -e "\n OK"
echo -e "\n-------------------------------------------------------------------------------
\n\n POSTFIX
\n\n-------------------------------------------------------------------------------"
echo -e "\n* Preconfigurig Postfix answers"
sudo echo -e "## postfix preseeding
# General type of configuration? Default:Internet Site
# Choices: No configuration, Internet Site, Internet with smarthost,
# Satellite system, Local only
postfix postfix/main_mailer_type select Internet Site
# Where should mail for root go, Default:if not set, will spool locally
postfix postfix/root_address string $MX_TO
# SMTP relay host? (blank for none) Default:(none)
postfix postfix/relayhost string [smtp.gmail.com]:587
# Force synchronous updates on mail queue? Default:false
#postfix postfix/chattr boolean true
# Local networks? Default 127.0.0.0/8
# blank uses the postfix default (which is based on the connected subnets)
postfix postfix/mynetworks string 127.0.0.0/8
# Use procmail for local delivery? Defaults to true if /usr/bin/procmail exists
#postfix postfix/procmail boolean false
# Mailbox size limit Default:0 (unlimited), upstream default is 51200000
postfix postfix/mailbox_limit string 51200000
# Local address extension character? Default:+
#postfix postfix/recipient_delim string -
# Internet protocols to use? Default is based on checking if
# /proc/sys/net/ipv{4,6} exist
# Choices: all, ipv6, ipv4
postfix postfix/protocols select ipv4
postfix postfix/mailname string $FQDN" >> /tmp/preseed.conf
sudo su root -c "cat /tmp/preseed.conf | debconf-set-selections"
sudo su root -c "rm /tmp/preseed.conf"
echo -e "\n OK"
echo -e "\n* Installing Postfix\n"
sudo su root -c "apt-get install -y postfix"
echo -e "\n OK"
echo -e "\n* Configuring Postfix: email relay options with username $GM_ACCOUNT"
sudo su root -c "echo '[smtp.gmail.com]:587 $GM_ACCOUNT:$GM_PWD' > /etc/postfix/sasl_passwd"
# Enconding given password
sudo su root -c "postmap /etc/postfix/sasl_passwd"
# Setting permissions 600
sudo su root -c "chown root:root /etc/postfix/sasl_passwd"
sudo su root -c "chmod 600 /etc/postfix/sasl_passwd"
sudo su root -c "chown root:root /etc/postfix/sasl_passwd.db"
sudo su root -c "chmod 600 /etc/postfix/sasl_passwd.db"
echo -e "\n OK"
echo -e "\n* Configuring Postfix: Setting up mail server"
sudo su root -c "echo 'inet_protocols = ipv4
# enable SASL authentication
smtp_sasl_auth_enable = yes
# disallow methods that allow anonymous authentication.
smtp_sasl_security_options = noanonymous
# where to find sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# Enable STARTTLS encryption
smtp_use_tls = yes
# list of CAs to trust when verifying server certificate
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt' >> /etc/postfix/main.cf"
echo -e "\n OK"
echo -e "\n* Restart Postfix\n"
sudo su root -c "service postfix restart"
echo -e "\n OK"
echo -e "\n-------------------------------------------------------------------------------
\n\n SECURING
\n\n-------------------------------------------------------------------------------"
echo -e "\n* Installing fail2ban, openssh blacklists, unattended-upgrades rkhunter chkrootkit"
sudo su root -c "apt-get -y install fail2ban openssh-blacklist openssh-blacklist-extra unattended-upgrades rkhunter chkrootkit"
echo -e "\n OK"
echo -e "\n* Configuring fail2ban · Enable profiles for ssh-ddos, ssh-route, apache, apache-noscript, apache-overflows, postfix and sasl"
sudo su root -c "echo '[ssh-ddos]
enable = true
[ssh-route]
enable = true
[apache]
enabled = true
[ssh-ddos]
enabled = true
[apache-noscript]
enabled = true
[apache-overflows]
enabled = true
[postfix]
enabled = true
[sasl]
enabled = true' >> /etc/fail2ban/jail.d/jail.local"
echo -e "\n OK"
echo -e "\n* Hardening SSH"
sudo sed -i s/"HostKey \/etc\/ssh\/ssh_host_dsa_key"/"#HostKey \/etc\/ssh\/ssh_host_dsa_key"/g /etc/ssh/sshd_config
sudo sed -i s/"HostKey \/etc\/ssh\/ssh_host_ecdsa_key"/"#HostKey \/etc\/ssh\/ssh_host_ecdsa_key"/g /etc/ssh/sshd_config
sudo sed -i s/"HostKey \/etc\/ssh\/ssh_host_ed25519_key"/"#HostKey \/etc\/ssh\/ssh_host_ed25519_key"/g /etc/ssh/sshd_config
#sudo sed -i s/"ServerKeyBits 1024"/"ServerKeyBits 2048"/g /etc/ssh/sshd_config
sudo sed -i s/"PermitRootLogin without-password"/"PermitRootLogin no"/g /etc/ssh/sshd_config
sudo sed -i s/"PubkeyAuthentication yes"/"PubkeyAuthentication yes\nAuthorizedKeysFile \%h\/.ssh\/authorized_keys"/g /etc/ssh/sshd_config
sudo sed -i s/"X11Forwarding yes"/"X11Forwarding no\nAllowTcpForwarding yes"/g /etc/ssh/sshd_config
sudo sed -i s/"PrintMotd no"/"PrintMotd yes"/g /etc/ssh/sshd_config
sudo su root -c "echo 'DebianBanner no' >> /etc/ssh/sshd_config"
sudo su root -c "chmod 644 /etc/ssh/sshd_config"
echo -e "\n OK"
echo -e "\n* Restart SSH\n"
sudo su root -c "service ssh restart"
echo -e "\n OK"
echo -e "\n* Configuring unattended-installations. Automatic Reboot at selected time ($UU_TIME)"
sudo su root -c "echo \"APT::Periodic::Unattended-Upgrade \"1\";\" >> /etc/apt/apt.conf.d/10periodic"
sudo sed -i s/"\/\/Unattended-Upgrade::MailOnlyOnError \"true\";"/"Unattended-Upgrade::MailOnlyOnError \"true\";"/g /etc/apt/apt.conf.d/50unattended-upgrades
sudo sed -i s/"\/\/Unattended-Upgrade::Automatic-Reboot \"true\";"/"Unattended-Upgrade::Automatic-Reboot \"true\";"/g /etc/apt/apt.conf.d/50unattended-upgrades
sudo sed -i s/"\/\/Unattended-Upgrade::Automatic-Reboot-Time \"02:00\";"/"Unattended-Upgrade::Automatic-Reboot-Time \"$UU_TIME\";"/g /etc/apt/apt.conf.d/50unattended-upgrades
echo -e "\n OK"
echo -e "\n* Enable UFW\n"
#Allow ssh and apache
sudo su root -c "ufw default deny incoming"
sudo su root -c "ufw default allow outgoing"
sudo su root -c "ufw allow ssh"
sudo su root -c "ufw allow apache"
sudo su root -c "yes | ufw enable"
sudo su root -c "ufw status"
echo -e "\n OK"
#echo -e "\n* Disable IPv6 at Grub" Disabled because the next modifications in sysctl.conf
#sudo sed -i s/"GRUB_CMDLINE_LINUX_DEFAULT=\"\""/"GRUB_CMDLINE_LINUX_DEFAULT=\"ipv6.disable=1\""/g /etc/default/grub
#sudo su root -c "update-grub"
#echo -e "\n OK"
echo -e "\n* Modifying sysctl.conf\n"
sudo su root -c "echo -e '#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#
# kernel.domainname =
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
##############################################################3
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
net.ipv4.conf.all.accept_source_route = 0
net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
net.ipv4.conf.all.log_martians = 1
#
# Disable ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1'
#
# Prevent access to unprivileged users
kernel.dmesg_restrict = 1" > /etc/sysctl.conf
sudo sysctl -p
echo -e "\n OK"
echo -e "\n-------------------------------------------------------------------------------
\n\n MONITORING
\n\n-------------------------------------------------------------------------------"
echo -e "\n* Install Monit\n"
sudo su root -c "apt-get -y install monit"
echo -e "\n OK"
echo -e "\n* Activate templates for ssh and apache2, fix the pid path for apache2"
sudo su root -c "cp /etc/monit/monitrc.d/openssh-server /etc/monit/conf.d"
sudo su root -c "cp /etc/monit/monitrc.d/apache2 /etc/monit/conf.d"
sudo sed -i s/"check process apache with pidfile \/var\/run\/apache2.pid"/"check process apache with pidfile \/var\/run\/apache2\/apache2.pid"/g /etc/monit/conf.d/apache2
#sudo sed -i s/"# start program = \"/etc/init.d/httpd start\" with timeout 60 seconds"/" start program = \"/etc/init.d/apache2 start\""/g /etc/monit/conf.d/apache2
#sudo sed -i s/"# stop program = \"/etc/init.d/httpd stop\""/" stop program = \"/etc/init.d/apache2 stop\""/g /etc/monit/monitrc
sudo monit monitor apache
echo -e "\n OK"
echo -e "\n* Create template for odoo"
sudo su root -c "touch /etc/monit/conf.d/odoo"
sudo su root -c "echo 'check process odoo-server with pidfile /var/run/$OE_CONFIG.pid' >> /etc/monit/conf.d/odoo"
sudo su root -c "echo ' start program = \"/etc/init.d/$OE_CONFIG start\"' >> /etc/monit/conf.d/odoo"
sudo su root -c "echo ' stop program = \"/etc/init.d/$OE_CONFIG stop\"' >> /etc/monit/conf.d/odoo"
sudo su root -c "chmod 644 /etc/monit/conf.d/odoo"
echo -e "\n OK"
echo -e "\n* Create template for fail2ban"
sudo su root -c "touch /etc/monit/conf.d/fail2ban"
sudo su root -c "echo 'check process fail2ban with pidfile /var/run/fail2ban/fail2ban.pid' >> /etc/monit/conf.d/fail2ban"
sudo su root -c "echo ' start program = \"/etc/init.d/fail2ban start\"' >> /etc/monit/conf.d/fail2ban"
sudo su root -c "echo ' stop program = \"/etc/init.d/fail2ban stop\"' >> /etc/monit/conf.d/fail2ban"
sudo su root -c "chmod 644 /etc/monit/conf.d/fail2ban"
echo -e "\n OK"
echo -e "\n* Create template for postgresql"
sudo su root -c "touch /etc/monit/conf.d/postgresql"
sudo su root -c "echo 'check process postgresql with pidfile /var/run/postgresql/9.3-main.pid' >> /etc/monit/conf.d/postgresql"
sudo su root -c "echo ' start program = \"/etc/init.d/postgresql start\"' >> /etc/monit/conf.d/postgresql"
sudo su root -c "echo ' stop program = \"/etc/init.d/postgresql stop\"' >> /etc/monit/conf.d/postgresql"
sudo su root -c "echo ' if failed unixsocket /var/run/postgresql/.s.PGSQL.5432 protocol pgsql' >> /etc/monit/conf.d/postgresql"
sudo su root -c "echo ' then restart' >> /etc/monit/conf.d/postgresql"
sudo su root -c "echo ' if failed host localhost port 5432 protocol pgsql then restart' >> /etc/monit/conf.d/postgresql"
sudo su root -c "echo ' if 5 restarts within 5 cycles then timeout' >> /etc/monit/conf.d/postgresql"
sudo su root -c "chmod 644 /etc/monit/conf.d/postgresql"
echo -e "\n OK"
echo -e "\n* Configure monit httpd daemon in port 2812\n"
sudo sed -i s/"# set httpd port 2812 and"/" set httpd port 2812"/g /etc/monit/monitrc
sudo sed -i s/"# check system myhost.mydomain.tld"/"# check system $OE_HOST"/g /etc/monit/monitrc
sudo sed -i s/"# use address localhost # only accept connection from localhost"/" use address localhost # only accept connection from localhost"/g /etc/monit/monitrc
sudo sed -i s/"# allow admin:monit # require user 'admin' with password 'monit'"/" allow admin:monit # require user 'admin' with password 'monit'"/g /etc/monit/monitrc
sudo su root -c "monit reload"
echo -e "\n OK"
echo -e "\n* Install logwatch\n"
sudo su root -c "apt-get install -y logwatch"
echo -e "\n OK"
echo -e "\n* Configure logwatch and cron jobs"
sudo sed -i s/"Output = stdout"/"Output = mail"/g /usr/share/logwatch/default.conf/logwatch.conf
sudo sed -i s/"MailTo = root"/"MailTo = $MX_TO"/g /usr/share/logwatch/default.conf/logwatch.conf
sudo sed -i s/"MailFrom = Logwatch"/"MailFrom = $GM_ACCOUNT"/g /usr/share/logwatch/default.conf/logwatch.conf
sudo su root -c "echo '$LW_HOUR * * * /usr/sbin/logwatch' > /tmp/logwatch.cron"
sudo su root -c "crontab -u root /tmp/logwatch.cron"
echo -e "\n OK"
echo -e "\n* Test logwatch with given config"
sudo su root -c "logwatch --range Today"
echo -e "\n OK"
echo -e "\n* Cleaning Up\n"
sudo su root -c "apt-get -f install && apt-get -y autoremove && apt-get -y autoclean && apt-get -y clean"
echo -e "\n OK"
echo -e "\n---------------------------------------------------------------------------------------
\n\n INFO
\n\n---------------------------------------------------------------------------------------"
echo -e "\n* Available connections\n"
sudo netstat -lntpu
echo -e "\n* Available open ports\n"
sudo ufw status
echo -e "\n* Available IPs\n"
ip addr show | awk '/inet/{print $2}'
echo -e "\n---------------------------------------------------------------------------------------
\n\n DONE! Reboot your computer and check with any of above IPs
\n\n---------------------------------------------------------------------------------------"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment