Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #TerraFormer is an automatic server environment installer script
- #Run it using ./TerraFormer <option> or sh TerraFormer <option> use --help for more info
- #Don't forget to "chmod +x" it
- #To get this script directly to your server use the following commands
- #
- # wget http://pastebin.com/raw/rTD74xCd && mv rTD74xCd TerraFormer && sudo apt-get install dos2unix && dos2unix TerraFormer && chmod +x TerraFormer && ./TerraFormer
- #
- #This script was written and tested on Debian 8 "Jessie"
- #to do : Incremental backup,Database backup,fail2ban advanced settings
- #DONE: Install the basics,setup hostnames,configure the webserver(mysql,php,...),configure e-mail server,configure security,FTP server,email S.M.A.R.T. reports,ISPConfig,postfix reconfiguration,Cool animations :) ,Full guided instalation,ETCKeeper,DNS...
- if [ -z $1 ]; then
- echo "TerraFormer:"
- echo "Use --help for more info"
- exit
- fi
- if [ $1 = "--help" ]; then
- echo "-----------------------------------------------------------------------------------------------"
- echo " The 'TerraFormer' script for automatic installation of the server enviroment on"
- echo " Debian based systems,you must be root to run it,use --apache or --nginx to select"
- echo " the webserver you want to use on your server"
- echo " This script upgrades packages and installs everything you need to have an operational webserver"
- echo " You can use --self-destruct to uninstall everything"
- echo " It needs some manual settings explainded at the end"
- echo " Note that the script is still under development and may not work as expected"
- echo " written by tkopic"
- echo "-----------------------------------------------------------------------------------------------"
- exit
- elif [ $1 = "--apache" ]; then
- websrv="apache2"
- elif [ $1 = "--nginx" ]; then
- websrv="nginx"
- elif [ $1 = "--self-destruct" ]; then
- for blow in 3 2 1
- do
- clear
- echo "You can still CTRL + C!!!"
- echo "self-destruct in" $blow
- sleep 1
- done
- apt-get remove --purge postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-memcached php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached php-apc pure-ftpd-common pure-ftpd-mysql quota quotatool bind9 dnsutils nginx apache2
- sleep 1
- clear
- echo "BOOM!"
- sleep 1
- exit
- else
- echo "Not sure what you want :/"
- echo "You didn't read the --help,did you? >:("
- exit
- fi
- if [ "$(id -u)" != "0" ]; then
- echo "You are not root :("
- echo "use TerraFormer --help for more info"
- exit
- fi
- echo "Thank you for using TerraFormer :)"
- echo "you have selected to install an $websrv server"
- sleep 2
- for i in 1 2
- do
- clear
- echo "--------------------------------------------------------------------------"
- echo " Starting server enviroment installer script . "
- echo "--------------------------------------------------------------------------"
- sleep 0.3
- clear
- echo "--------------------------------------------------------------------------"
- echo " Starting server enviroment installer script .. "
- echo "--------------------------------------------------------------------------"
- sleep 0.3
- clear
- echo "--------------------------------------------------------------------------"
- echo " Starting server enviroment installer script ... "
- echo "--------------------------------------------------------------------------"
- sleep 0.3
- done
- clear
- echo "If this is the first time you are running this script on this server press enter"
- echo "However if this is the second time and you already configured the hostnames just type 'skip'"
- read cnf3
- if [ "$cnf3" = "skip" ]; then
- echo "Skipping the upgrade process... server installation executing"
- sleep 2
- else
- clear
- echo "Talking to the universe..."
- echo "--------------------------"
- sleep 2
- apt-get update
- wait
- sleep 1
- clear
- echo "Universe responded,upgrading..."
- echo "-------------------------------"
- sleep 2
- apt-get upgrade -y
- wait
- sleep 1
- clear
- echo "Creating basic enviroment"
- echo "-------------------------"
- sleep 2
- apt-get install -y ssh openssh-server vim-nox nano ntp ntpdate sudo aptitude
- wait
- sleep 1
- clear
- echo "Basic enviroment created,do you wish to change the hostname?[y/n] current hostame:" $(hostname)
- read cnf2
- if [ "$cnf2" = "n" ]; then
- echo "Yeah,i liked that name too"
- sleep 1
- else
- nano /etc/hosts
- nano /etc/hostname
- wait
- echo "Reboot is required to apply these changes.Run this script again after the reboot"
- sleep 5
- echo "Do you want to reboot now? [y/n]"
- read cnfr
- if [ "$cnfr" = "y" ]; then
- reboot
- else
- echo "Skipping reboot,you should reboot manualy"
- exit
- fi
- fi
- fi
- #Second phase loading animation
- for i in 1 2
- do
- clear
- echo "Installing server"
- sleep 0.5
- clear
- echo "Installing server."
- sleep 0.5
- clear
- echo "Installing server.."
- sleep 0.5
- clear
- echo "Installing server..."
- sleep 0.5
- done
- #installing the server
- clear
- #Dash script reconfigure
- echo "It is recomended to select 'no' for dash"
- sleep 2
- dpkg-reconfigure dash
- wait
- #Installing mysql,postfix,rkhunter...
- echo "installing server environment basics"
- sleep 2
- apt-get install -y postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve
- wait
- #Configuring Postfix
- clear
- echo "Next you are going to configure postfix"
- sleep 2
- echo "Note that auto is still testing and if you use it you should manualy check the file"
- echo "Enter 'y' to set it up automatically,or 'n' to do it manualy?[y/n]"
- read cnf10
- #Automatized postfix config
- if [ "$cnf10" = "y" ]; then
- #still testing it
- sed -i -- 's/# -o syslog_name=postfix/-o syslog_name=postfix/g' /etc/postfix/master.cf
- sed -i -- 's/#submission/submission/g' /etc/postfix/master.cf
- sed -i -- 's/# -o smtpd_tls_security_level=encrypt/-o smtpd_tls_security_level=encrypt/g' /etc/postfix/master.cf
- sed -i -- 's/# -o smtpd_sasl_auth_enable=yes/-o smtpd_sasl_auth_enable=yes/g' /etc/postfix/master.cf
- sed -i -- 's/# -o smtpd_client_restrictions=permit_sasl_authenticated,reject/-o smtpd_client_restrictions=permit_sasl_authenticated,reject/g' /etc/postfix/master.cf
- sed -i -- 's/#smtps/smtps/g' /etc/postfix/master.cf
- sed -i -- 's/# -o syslog_name=postfix/-o syslog_name=postfix/g' /etc/postfix/master.cf
- sed -i -- 's/# -o smtpd_tls_wrappermode=yes/-o smtpd_tls_wrappermode=yes /g' /etc/postfix/master.cf
- sed -i -- 's/# -o smtpd_sasl_auth_enable=yes/-o smtpd_sasl_auth_enable=yes/g' /etc/postfix/master.cf
- sed -i -- 's/# -o smtpd_client_restrictions/-o smtpd_client_restrictions/g' /etc/postfix/master.cf
- wait
- else
- nano /etc/postfix/master.cf
- wait
- fi
- echo "Restarting postfix to apply the configuration"
- sleep 1
- /etc/init.d/postfix restart
- wait
- sleep 2
- clear
- #Animation
- for rp0 in 1 2 3
- do
- for my0 in "Configuring MySQL" "Configuring MySQL." "Configuring MySQL.." "Configuring MySQL..."
- do
- clear
- echo $my0
- sleep 0.2
- done
- done
- #Open mysql to the outside
- sed -i -- 's/bind-address/#bind-address/g' /etc/mysql/my.cnf
- echo "Done! Restarting MySQL service"
- sleep 1
- /etc/init.d/mysql restart
- wait
- sleep 2
- for rp1 in 1 2 3
- do
- for my1 in "Setting up malware protection" "Setting up malware protection." "Setting up malware protection.." "Setting up malware protection..."
- do
- clear
- echo $my1
- sleep 0.2
- done
- done
- apt-get install -y amavisd-new clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
- wait
- echo "Do you wish to install spamassassin?[y/n]"
- read cnfspam
- if [ "$cnfspam" = "y" ]; then
- apt-get install spamassassin
- wait
- else
- echo "Skipping"
- sleep 1
- fi
- echo "Do you wish to install rkhunter?[y/n]"
- read cnfrkh
- if [ "$cnfrkh" = "y" ]; then
- apt-get install rkhunter
- wait
- echo
- echo "Skipping"
- sleep 1
- fi
- sleep 1
- for rp2 in 1 2 3
- do
- for my2 in "Setting up $websrv" "Setting up $websrv." "Setting up $websrv.." "Setting up $websrv..."
- do
- clear
- echo $my2
- sleep 0.2
- done
- done
- #Webserver instalation
- apt-get install -y $websrv
- wait
- echo "Starting $websrv"
- /etc/init.d/$websrv start
- sleep 1
- for rp3 in 1 2 3
- do
- for my3 in "Setting up PHP" "Setting up PHP." "Setting up PHP.." "Setting up PHP..."
- do
- clear
- echo $my3
- sleep 0.2
- done
- done
- apt-get install -y php5-fpm
- wait
- apt-get install -y php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-memcached php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached php-apc
- wait
- echo "Do you wish to install phpbrew?[y/n]"
- read cnfphpb
- if [ "$cnfphpb" = "y" ]; then
- apt-get install curl
- wait
- curl -L -O https://github.com/phpbrew/phpbrew/raw/master/phpbrew
- wait
- chmod +x phpbrew
- wait
- mv phpbrew /usr/bin/phpbrew
- else
- echo "Skipping"
- sleep 1
- fi
- sleep 1
- for rp4 in 1 2 3
- do
- for my4 in "Setting up PHP timezones" "Setting up PHP timezones." "Setting up PHP timezones.." "Setting up PHP timezones..."
- do
- clear
- echo $my4
- sleep 0.2
- done
- done
- sed -i -- 's/cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php5/fpm/php.ini
- sed -i -- 's/;cgi.fix_pathinfo=0/cgi.fix_pathinfo=0/g' /etc/php5/fpm/php.ini
- sed -i -- 's/;date.timezone =/date.timezone = "GMT0"/g' /etc/php5/fpm/php.ini
- apt-get install -y fcgiwrap
- wait
- /etc/init.d/fcgiwrap start
- wait
- clear
- #Optional installs
- echo "Do you wish to install phpmyadmin? [y/n]"
- read cnf100
- if [ "$cnf100" = "y" ]; then
- apt-get install -y phpmyadmin
- wait
- else
- sleep 0.2
- fi
- clear
- echo "Do you wish to install mailman? [y/n]"
- read cnf101
- if [ "$cnf101" = "y" ]; then
- apt-get install -y mailman
- wait
- else
- sleep 0.2
- fi
- sleep 1
- for rp5 in 1 2 3
- do
- for my5 in "Setting up FTP" "Setting up FTP." "Setting up FTP.." "Setting up FTP..."
- do
- clear
- echo $my5
- sleep 0.2
- done
- done
- apt-get install -y pure-ftpd-common pure-ftpd-mysql quota quotatool
- wait
- sed -i -- 's/VIRTUALCHROOT=false/VIRTUALCHROOT=true/g' /etc/default/pure-ftpd-common
- wait
- sleep 1
- echo "Starting FTP session"
- sleep 1
- echo 1 > /etc/pure-ftpd/conf/TLS
- wait
- mkdir -p /etc/ssl/private/
- wait
- openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
- wait
- chmod 600 /etc/ssl/private/pure-ftpd.pem
- wait
- /etc/init.d/pure-ftpd-mysql restart
- wait
- echo "Session created"
- sleep 1
- sleep 1
- for rp6 in 1 2 3
- do
- for my6 in "Setting up DNS" "Setting up DNS." "Setting up DNS.." "Setting up DNS..."
- do
- clear
- echo $my6
- sleep 0.2
- done
- done
- apt-get install -y bind9 dnsutils
- wait
- sleep 1
- clear
- echo "Do you wish to install fail2ban?[y/n]"
- read cnfftb2
- if [ "$cnfftb2" = "y" ]; then
- apt-get install -y fail2ban
- wait
- clear
- echo "Do you wish setup an automatic fail2ban security policy?[y/n]"
- read cnfftb
- if [ "$cnfftb" = "y" ]; then
- echo "Setting up fail2ban security policy"
- sleep 1
- echo "Populating /etc/fail2ban/jail.local"
- sleep 1
- echo " [pureftpd]
- enabled = true
- port = ftp
- filter = pureftpd
- logpath = /var/log/syslog
- maxretry = 3
- [dovecot-pop3imap]
- enabled = true
- filter = dovecot-pop3imap
- action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
- logpath = /var/log/mail.log
- maxretry = 5
- [sasl]
- enabled = true
- port = smtp
- filter = sasl
- logpath = /var/log/mail.log
- maxretry = 3" > /etc/fail2ban/jail.local
- echo "Writing to /etc/fail2ban/filter.d/pureftpd.conf"
- sleep 1
- echo "[Definition]
- failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
- ignoreregex =
- " > /etc/fail2ban/filter.d/pureftpd.conf
- echo "Rewriting /etc/fail2ban/filter.d/dovecot-pop3imap.conf"
- sleep 1
- echo "[Definition]
- failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*
- ignoreregex =" > /etc/fail2ban/filter.d/dovecot-pop3imap.conf
- echo "Restarting fail2ban"
- sleep 1
- /etc/init.d/fail2ban restart
- wait
- echo "All done!"
- sleep 1
- fi
- else
- sleep 0.2
- fi
- sleep 1
- clear
- echo "Do you wish to install zabbix-agent? [y/n]"
- read cnfzab
- if [ "$cnfzab" = "y" ]; then
- for rp10 in 1 2 3
- do
- for my10 in "Setting up Zabbix" "Setting up Zabbix." "Setting up Zabbix.." "Setting up Zabbix..."
- do
- clear
- echo $my10
- sleep 0.2
- done
- done
- clear
- echo "Setting up repos"
- sleep 1
- wget http://repo.zabbix.com/zabbix/3.0/debian/pool/main/z/zabbix-release/zabbix-release_3.0-1+jessie_all.deb
- wait
- dpkg -i zabbix-release_3.0-1+jessie_all.deb
- wait
- apt-get update
- wait
- apt-get install -y zabbix-agent
- wait
- clear
- echo "Please setup servers for your zabbix agent:"
- sleep 5
- nano /etc/zabbix/zabbix_agentd.conf
- wait
- echo "Opening port 10050"
- sleep 1
- sudo iptables -A INPUT -p tcp --dport 10050 -j ACCEPT
- sudo iptables -A OUTPUT -p tcp --dport 10050 -j ACCEPT
- wait
- /etc/init.d/zabbix-agent restart
- wait
- rm -rf zabbix-release_3.0-1+jessie_all.deb
- echo "Zabbix installed!"
- else
- sleep 1
- fi
- sleep 1
- clear
- echo "Do you wish to install ETCKeeper?[y/n]"
- read cnfetc
- if [ "$cnfetc" = "y" ]; then
- echo "Installing"
- sleep 1
- apt-get install -y git git-core etckeeper
- wait
- echo "Making sure ETCKeeper runs with git"
- sleep 1
- sed -i -- 's/VCS="bzr"/#VCS="bzr"/g' /etc/etckeeper/etckeeper.conf
- sed -i -- 's/#VCS="git"/VCS="git"/g' /etc/etckeeper/etckeeper.conf
- wait
- clear
- echo "Please create a git project for this server,you need to configure it for git manually after the installation,sorry :("
- sleep 5
- else
- echo "Skipping"
- sleep 0.5
- fi
- sleep 1
- clear
- echo "Do you wish to install ISPConfig?[y/n]"
- read cnfisp
- if [ "$cnfisp" = "y" ]; then
- wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
- wait
- tar xfz ISPConfig-3-stable.tar.gz
- wait
- php -q ispconfig3_install/install/install.php
- wait
- sleep 2
- echo "Removing ISPConfig leftovers"
- sleep 1
- rm -rf ISPConfig-3-stable.tar.gz ispconfig3_install/
- echo "Removed!"
- sleep 1
- else
- echo " y u no install :( "
- sleep 3
- fi
- #S.M.A.R.T. script
- clear
- echo "Do you wish to setup e-mail S.M.A.R.T. disk reporting?[y/n]"
- read cnfsma
- if [ "$cnfsma" = "y" ]; then
- echo '
- #/bin/bash
- # get server hostname
- # if Debian use
- hostname=`cat /etc/hostname`
- yourEmail="<yourmail here>"
- fileEmail="smart_result_$hostname.txt"
- # check server disk sda
- # check server disk sdb
- /usr/sbin/smartctl -a /dev/sda > $fileEmail
- /usr/sbin/smartctl -a /dev/sdb >> $fileEmail
- cat $fileEmail | mail -s "Daily smart disk check on $hostname - `date +'%F'`" "$yourEmail"
- ' > /root/smart.sh
- wait
- chmod +x /root/smart.sh
- wait
- clear
- echo "You need to set emails for the script and add it to the crontab,it is located in /root/smart.sh"
- sleep 5
- echo "Do you wish to do it now?[y/n]"
- read cnfsmt2
- if [ "$cnfsmt2" = "y" ]; then
- nano /root/smart.sh
- wait
- crontab -e
- wait
- else
- echo "Set it up manually then"
- sleep 2
- fi
- else
- echo "Skipping"
- sleep 1
- fi
- sleep 1
- clear
- sleep 1
- echo "Do you wish to setup auto updates? [y/n]"
- read cnfauto
- if [ "$cnfauto" = "y" ]; then
- apt-get install unattended-upgrades
- wait
- sleep 1
- echo "The default setting should work fine but it is recommended to read the file and tweak it"
- sleep 1
- echo "Do you want to do it now?[y/n]"
- read cnfauto2
- if [ "$cnfauto2" = "y" ]; then
- nano /etc/apt/apt.conf.d/50unattended-upgrades
- wait
- else
- echo "As you wish"
- sleep 1
- fi
- echo "Activating auto upgrades..."
- dpkg-reconfigure -plow unattended-upgrades
- wait
- else
- echo "Skipping"
- sleep 1
- fi
- clear
- sleep 1
- echo "Do you wish to disable ssh root login?[y/n]"
- read cnfssh
- if [ "$cnfssh" = "y" ]; then
- sed -i -- 's/PermitRootLogin without-password/PermitRootLogin no/g' /etc/ssh/sshd_config
- wait
- sed -i -- 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
- wait
- sleep 1
- echo "Restarting ssh..."
- sleep 1
- /etc/init.d/ssh restart
- wait
- echo "Done! you should change the ssh port too"
- sleep 2
- else
- echo "This is a recommended security measure,but ok,you can edit it later at /etc/ssh/sshd_config"
- sleep 2
- fi
- #This is the last step and it should be the last step so don't move it
- clear
- echo "Reconfiguring postfix"
- sleep 2
- dpkg-reconfigure postfix
- wait
- for en in 1 2
- do
- clear
- echo "xxxxxxxxxxxxxxxxx"
- echo " Congratulations "
- echo "xxxxxxxxxxxxxxxxx"
- sleep 0.1
- clear
- echo "Xxxxxxxxxxxxxxxxx"
- echo " Congratulations "
- echo "xxxxxxxxxxxxxxxxX"
- sleep 0.1
- clear
- echo "xXxxxxxxxxxxxxxxx"
- echo " Congratulations "
- echo "xxxxxxxxxxxxxxxXx"
- sleep 0.1
- clear
- echo "xxXxxxxxxxxxxxxxx"
- echo " Congratulations "
- echo "xxxxxxxxxxxxxxXxx"
- sleep 0.1
- clear
- echo "xxxXxxxxxxxxxxxxx"
- echo " Congratulations "
- echo "xxxxxxxxxxxxxXxxx"
- sleep 0.1
- clear
- echo "xxxxXxxxxxxxxxxxx"
- echo " Congratulations "
- echo "xxxxxxxxxxxxXxxxx"
- sleep 0.1
- clear
- echo "xxxxxXxxxxxxxxxxx"
- echo " Congratulations "
- echo "xxxxxxxxxxxXxxxxx"
- sleep 0.1
- clear
- echo "xxxxxxXxxxxxxxxxx"
- echo " Congratulations "
- echo "xxxxxxxxxxXxxxxxx"
- sleep 0.1
- clear
- echo "xxxxxxxXxxxxxxxxx"
- echo " Congratulations "
- echo "xxxxxxxxxXxxxxxxx"
- sleep 0.1
- clear
- echo "xxxxxxxxXxxxxxxxx"
- echo " Congratulations "
- echo "xxxxxxxxXxxxxxxxx"
- sleep 0.1
- clear
- echo "xxxxxxxxxXxxxxxxx"
- echo " Congratulations "
- echo "xxxxxxxXxxxxxxxxx"
- sleep 0.1
- clear
- echo "xxxxxxxxxxXxxxxxx"
- echo " Congratulations "
- echo "xxxxxxXxxxxxxxxxx"
- sleep 0.1
- clear
- echo "xxxxxxxxxxxXxxxxx"
- echo " Congratulations "
- echo "xxxxxXxxxxxxxxxxx"
- sleep 0.1
- clear
- echo "xxxxxxxxxxxxXxxxx"
- echo " Congratulations "
- echo "xxxxXxxxxxxxxxxxx"
- sleep 0.1
- clear
- echo "xxxxxxxxxxxxxXxxx"
- echo " Congratulations "
- echo "xxxXxxxxxxxxxxxxx"
- sleep 0.1
- clear
- echo "xxxxxxxxxxxxxxXxx"
- echo " Congratulations "
- echo "xxXxxxxxxxxxxxxxx"
- sleep 0.1
- clear
- echo "xxxxxxxxxxxxxxxXx"
- echo " Congratulations "
- echo "xXxxxxxxxxxxxxxxx"
- sleep 0.1
- clear
- echo "xxxxxxxxxxxxxxxxX"
- echo " Congratulations "
- echo "Xxxxxxxxxxxxxxxxx"
- sleep 0.1
- done
- clear
- echo "------------------------------------------------------------------------"
- echo "your server is all set up,or at least it should be..."
- sleep 2
- echo "You should now add users for your server"
- sleep 2
- echo "Please note that this script is still under development"
- sleep 2
- echo "and you should still manualy check if everything was installed correctly."
- sleep 2
- echo "Feel free to send me bugs and errors that might have slipped by "
- echo "on my e-mail tomislav.kopic@orion-web.hr,thank you!"
- sleep 2
- echo "Bye,Good luck with your server :)"
- exit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement