Last active
February 10, 2021 07:03
-
-
Save soee/cf18f31a6d4559165d3b0bc4095559d6 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
## Install ISPConfig3 on Debian 8 x86_64 | |
## Author: Marcin Sągol | |
## See: http://linuxqu.web.id/2015/12/16/the-perfect-server-debian-wheezy-nginx-bind-dovecot-ispconfig-3/ | |
apt update | |
apt install dialog | |
dpkg-reconfigure locales | |
dpkg-reconfigure tzdata | |
apt install ssh openssh-server -y | |
apt full-upgrade -y | |
apt install nano | |
# Use dash as the default system shell (/bin/sh)? <– No (or ISPConfig installation will fail.) | |
dpkg-reconfigure dash | |
apt install -y ntp ntpdate | |
apt install -y postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo | |
## Open the TLS/SSL and submission ports in Postfix (/etc/postfix/master.cf): | |
sed -i 's|#submission|submission|' /etc/postfix/master.cf | |
sed -i 's|# -o syslog_name=postfix/submission| -o syslog_name=postfix/submission|' /etc/postfix/master.cf | |
sed -i 's|# -o smtpd_tls_security_level=encrypt| -o smtpd_tls_security_level=encrypt|' /etc/postfix/master.cf | |
sed -i 's|# -o smtpd_sasl_auth_enable=yes| -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf | |
sed -i 's|# -o smtpd_reject_unlisted_recipient=no| -o smtpd_client_restrictions=permit_sasl_authenticated,reject|' /etc/postfix/master.cf | |
sed -i 's|#smtps|smtps|' /etc/postfix/master.cf | |
sed -i 's|# -o syslog_name=postfix/smtps| -o syslog_name=postfix/smtps|' /etc/postfix/master.cf | |
sed -i 's|# -o smtpd_tls_wrappermode=yes| -o smtpd_tls_wrappermode=yes|' /etc/postfix/master.cf | |
sed -i 's|# -o smtpd_sasl_auth_enable=yes| -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf | |
sed -i 's|# -o smtpd_reject_unlisted_recipient=no| -o smtpd_client_restrictions=permit_sasl_authenticated,reject|' /etc/postfix/master.cf | |
/etc/init.d/postfix restart | |
# Let MySQL listen on all interfaces, not just localhost: | |
sed -i 's|bind-address|#bind-address|' /etc/mysql/my.cnf | |
/etc/init.d/mysql restart | |
# check that networking is enabled, | |
# outpu should be like: tcp 0 0 *:mysql *:* LISTEN 7500/mysqld | |
netstat -tap | grep mysql | |
# ---------------------------------------------------------------- | |
# Install Amavisd-new, SpamAssassin, And Clamav | |
# ---------------------------------------------------------------- | |
apt install -y amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl | |
# The ISPConfig 3 setup uses amavisd which loads the SpamAssassin filter library | |
# internally, so we can stop SpamAssassin to free up some RAM: | |
/etc/init.d/spamassassin stop | |
update-rc.d -f spamassassin remove | |
# ---------------------------------------------------------------- | |
# Install Nginx, PHP5 (PHP-FPM), And Fcgiwrap | |
# ---------------------------------------------------------------- | |
/etc/init.d/apache2 stop | |
update-rc.d -f apache2 remove | |
apt install -y nginx | |
/etc/init.d/nginx start | |
apt install -y php5-fpm | |
apt install -y php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-memcached php5-pspell php5-snmp php5-recode php5-sqlite php5-tidy php5-xmlrpc php5-xsl curl memcached snmp | |
php5enmod mcrypt | |
sed -i 's|;cgi.fix_pathinfo=1|cgi.fix_pathinfo=0|' /etc/php5/fpm/php.ini | |
sed -i 's|;date.timezone =|date.timezone="Europe/Warsaw"|' /etc/php5/fpm/php.ini | |
/etc/init.d/php5-fpm reload | |
apt install -y fcgiwrap | |
/etc/init.d/fcgiwrap start | |
# ---------------------------------------------------------------- | |
# Install phpMyAdmin | |
# ---------------------------------------------------------------- | |
apt install -y phpmyadmin | |
# - Configure database for phpmyadmin with dbconfig-common? <– No | |
# - Web server to reconfigure automatically: <– select none | |
# The ISPConfig apps vhost on port 8081 for nginx comes with a | |
# phpMyAdmin configuration, so you can use | |
# http://server1.example.com:8081/phpmyadmin or | |
# http://server1.example.com:8081/phpMyAdmin to access phpMyAdmin. | |
# ---------------------------------------------------------------- | |
# Install PureFTPd And Quota | |
# ---------------------------------------------------------------- | |
apt install -y pure-ftpd-common pure-ftpd-mysql quota quotatool | |
sed -i 's|VIRTUALCHROOT=false|VIRTUALCHROOT=true|' /etc/default/pure-ftpd-common | |
# allow FTP and TLS session | |
echo 1 > /etc/pure-ftpd/conf/TLS | |
# in order to use TLS, we must create an SSL certificate | |
mkdir -p /etc/ssl/private/ | |
# generate SSL certificate | |
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem | |
# change the permissions of the SSL certificate | |
chmod 600 /etc/ssl/private/pure-ftpd.pem | |
# restart PureFTPd | |
/etc/init.d/pure-ftpd-mysql restart | |
# ---------------------------------------------------------------- | |
# Install Vlogger, Webalizer, And AWstats | |
# ---------------------------------------------------------------- | |
apt install -y vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl | |
rm -f /etc/cron.d/awstats | |
# ---------------------------------------------------------------- | |
# Install Jailkit | |
# ---------------------------------------------------------------- | |
apt install -y build-essential autoconf automake1.11 libtool flex bison debhelper binutils | |
cd /tmp | |
wget http://olivier.sessink.nl/jailkit/jailkit-2.19.tar.gz | |
tar xvfz jailkit-2.19.tar.gz | |
cd jailkit-2.19 | |
./debian/rules binary | |
cd .. | |
dpkg -i jailkit_2.19-1_*.deb | |
rm -rf jailkit-2.19* jailkit_2.19-1_amd64.deb | |
# ---------------------------------------------------------------- | |
# Install fail2ban | |
# ---------------------------------------------------------------- | |
apt install -y fail2ban | |
# make fail2ban monitor PureFTPd and Dovecot | |
echo '[pureftpd] | |
enabled = true | |
port = ftp | |
filter = pureftpd | |
logpath = /var/log/syslog | |
maxretry = 3 | |
[dovecot-pop3imap] | |
enabled = true | |
filter = dovecot-pop3imap | |
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp] | |
logpath = /var/log/mail.log | |
maxretry = 5 | |
[sasl] | |
enabled = true | |
port = smtp | |
filter = sasl | |
logpath = /var/log/mail.log | |
maxretry = 3' > /etc/fail2ban/jail.local | |
echo '[Definition] | |
failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.* | |
ignoreregex =' > /etc/fail2ban/filter.d/pureftpd.conf | |
echo '[Definition] | |
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.* | |
ignoreregex =' > /etc/fail2ban/filter.d/dovecot-pop3imap.conf | |
/etc/init.d/fail2ban restart | |
# ---------------------------------------------------------------- | |
# Install ISPConfig 3 | |
# ---------------------------------------------------------------- | |
#make sure nginx is running | |
/etc/init.d/nginx restart | |
cd /tmp | |
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz | |
tar xfz ISPConfig-3-stable.tar.gz | |
cd ispconfig3_install/install/ | |
php -q install.php | |
# ---------------------------------------------------------------- | |
# Development packages | |
# ---------------------------------------------------------------- | |
curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer | |
apt install -y git |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment