Skip to content

Instantly share code, notes, and snippets.

@soee
Last active February 10, 2021 07:03
Show Gist options
  • Save soee/cf18f31a6d4559165d3b0bc4095559d6 to your computer and use it in GitHub Desktop.
Save soee/cf18f31a6d4559165d3b0bc4095559d6 to your computer and use it in GitHub Desktop.
#!/bin/bash
## Install ISPConfig3 on Debian 8 x86_64
## Author: Marcin Sągol
## See: http://linuxqu.web.id/2015/12/16/the-perfect-server-debian-wheezy-nginx-bind-dovecot-ispconfig-3/
apt update
apt install dialog
dpkg-reconfigure locales
dpkg-reconfigure tzdata
apt install ssh openssh-server -y
apt full-upgrade -y
apt install nano
# Use dash as the default system shell (/bin/sh)? <– No (or ISPConfig installation will fail.)
dpkg-reconfigure dash
apt install -y ntp ntpdate
apt install -y postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo
## Open the TLS/SSL and submission ports in Postfix (/etc/postfix/master.cf):
sed -i 's|#submission|submission|' /etc/postfix/master.cf
sed -i 's|# -o syslog_name=postfix/submission| -o syslog_name=postfix/submission|' /etc/postfix/master.cf
sed -i 's|# -o smtpd_tls_security_level=encrypt| -o smtpd_tls_security_level=encrypt|' /etc/postfix/master.cf
sed -i 's|# -o smtpd_sasl_auth_enable=yes| -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf
sed -i 's|# -o smtpd_reject_unlisted_recipient=no| -o smtpd_client_restrictions=permit_sasl_authenticated,reject|' /etc/postfix/master.cf
sed -i 's|#smtps|smtps|' /etc/postfix/master.cf
sed -i 's|# -o syslog_name=postfix/smtps| -o syslog_name=postfix/smtps|' /etc/postfix/master.cf
sed -i 's|# -o smtpd_tls_wrappermode=yes| -o smtpd_tls_wrappermode=yes|' /etc/postfix/master.cf
sed -i 's|# -o smtpd_sasl_auth_enable=yes| -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf
sed -i 's|# -o smtpd_reject_unlisted_recipient=no| -o smtpd_client_restrictions=permit_sasl_authenticated,reject|' /etc/postfix/master.cf
/etc/init.d/postfix restart
# Let MySQL listen on all interfaces, not just localhost:
sed -i 's|bind-address|#bind-address|' /etc/mysql/my.cnf
/etc/init.d/mysql restart
# check that networking is enabled,
# outpu should be like: tcp 0 0 *:mysql *:* LISTEN 7500/mysqld
netstat -tap | grep mysql
# ----------------------------------------------------------------
# Install Amavisd-new, SpamAssassin, And Clamav
# ----------------------------------------------------------------
apt install -y amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
# The ISPConfig 3 setup uses amavisd which loads the SpamAssassin filter library
# internally, so we can stop SpamAssassin to free up some RAM:
/etc/init.d/spamassassin stop
update-rc.d -f spamassassin remove
# ----------------------------------------------------------------
# Install Nginx, PHP5 (PHP-FPM), And Fcgiwrap
# ----------------------------------------------------------------
/etc/init.d/apache2 stop
update-rc.d -f apache2 remove
apt install -y nginx
/etc/init.d/nginx start
apt install -y php5-fpm
apt install -y php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-memcached php5-pspell php5-snmp php5-recode php5-sqlite php5-tidy php5-xmlrpc php5-xsl curl memcached snmp
php5enmod mcrypt
sed -i 's|;cgi.fix_pathinfo=1|cgi.fix_pathinfo=0|' /etc/php5/fpm/php.ini
sed -i 's|;date.timezone =|date.timezone="Europe/Warsaw"|' /etc/php5/fpm/php.ini
/etc/init.d/php5-fpm reload
apt install -y fcgiwrap
/etc/init.d/fcgiwrap start
# ----------------------------------------------------------------
# Install phpMyAdmin
# ----------------------------------------------------------------
apt install -y phpmyadmin
# - Configure database for phpmyadmin with dbconfig-common? <– No
# - Web server to reconfigure automatically: <– select none
# The ISPConfig apps vhost on port 8081 for nginx comes with a
# phpMyAdmin configuration, so you can use
# http://server1.example.com:8081/phpmyadmin or
# http://server1.example.com:8081/phpMyAdmin to access phpMyAdmin.
# ----------------------------------------------------------------
# Install PureFTPd And Quota
# ----------------------------------------------------------------
apt install -y pure-ftpd-common pure-ftpd-mysql quota quotatool
sed -i 's|VIRTUALCHROOT=false|VIRTUALCHROOT=true|' /etc/default/pure-ftpd-common
# allow FTP and TLS session
echo 1 > /etc/pure-ftpd/conf/TLS
# in order to use TLS, we must create an SSL certificate
mkdir -p /etc/ssl/private/
# generate SSL certificate
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
# change the permissions of the SSL certificate
chmod 600 /etc/ssl/private/pure-ftpd.pem
# restart PureFTPd
/etc/init.d/pure-ftpd-mysql restart
# ----------------------------------------------------------------
# Install Vlogger, Webalizer, And AWstats
# ----------------------------------------------------------------
apt install -y vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl
rm -f /etc/cron.d/awstats
# ----------------------------------------------------------------
# Install Jailkit
# ----------------------------------------------------------------
apt install -y build-essential autoconf automake1.11 libtool flex bison debhelper binutils
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.19.tar.gz
tar xvfz jailkit-2.19.tar.gz
cd jailkit-2.19
./debian/rules binary
cd ..
dpkg -i jailkit_2.19-1_*.deb
rm -rf jailkit-2.19* jailkit_2.19-1_amd64.deb
# ----------------------------------------------------------------
# Install fail2ban
# ----------------------------------------------------------------
apt install -y fail2ban
# make fail2ban monitor PureFTPd and Dovecot
echo '[pureftpd]
enabled = true
port = ftp
filter = pureftpd
logpath = /var/log/syslog
maxretry = 3
[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
logpath = /var/log/mail.log
maxretry = 5
[sasl]
enabled = true
port = smtp
filter = sasl
logpath = /var/log/mail.log
maxretry = 3' > /etc/fail2ban/jail.local
echo '[Definition]
failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
ignoreregex =' > /etc/fail2ban/filter.d/pureftpd.conf
echo '[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*
ignoreregex =' > /etc/fail2ban/filter.d/dovecot-pop3imap.conf
/etc/init.d/fail2ban restart
# ----------------------------------------------------------------
# Install ISPConfig 3
# ----------------------------------------------------------------
#make sure nginx is running
/etc/init.d/nginx restart
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/
php -q install.php
# ----------------------------------------------------------------
# Development packages
# ----------------------------------------------------------------
curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer
apt install -y git
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment