Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #Some bash script optimization for robustness (More information: www.davidpashley.com/articles/writing-robust-shell-scripts/)
- #Break if the script uses unset variables
- set -o nounset
- #Break if a command has a non-true return value
- set -o errexit
- echo_info () {
- echo "--------------------------------------"
- echo "| INFO: $1"
- echo "--------------------------------------"
- }
- echo_error () {
- echo "--------------------------------------"
- echo "| ERROR: $1"
- echo "--------------------------------------"
- }
- is_installed () {
- #Check if a package is installed (More information: https://askubuntu.com/questions/319307/reliably-check-if-a-package-is-installed-or-not)
- if dpkg --get-selections | grep -q "^$1[[:space:]]*install$" >/dev/null; then
- echo_error "$1 is already installed"
- exit 1
- fi
- }
- check_not_installed () {
- echo_info "Check if some package is already installed. If this is the case the script stops because it could not be performed without risc."
- is_installed apache2
- is_installed mysql-server-5.5
- is_installed owncloud
- is_installed fail2ban
- }
- check_root () {
- if [ "$(id -u)" != "0" ]; then
- echo_error "The script must be called as root user!"
- exit 1
- fi
- }
- install_owncloud () {
- cd /tmp
- #Automatic installation of owncloud (More information: https://software.opensuse.org/download/package?project=isv:ownCloud:community&package=owncloud)
- echo_info "Add package repository"
- echo 'deb http://download.owncloud.org/download/repositories/8.2/Debian_8.0/ /' >> /etc/apt/sources.list.d/owncloud.list
- wget -nv https://download.owncloud.org/download/repositories/8.2/Debian_8.0/Release.key -O Release.key
- apt-key add - < Release.key
- rm Release.key
- echo_info "Install owncloud"
- #Because a dependency the package mysql-server-5.5 is installed too. During the installation a prompt ask for the root password. The next lines set it with the value of the variable. (More information: http://www.microhowto.info/howto/perform_an_unattended_installation_of_a_debian_package.html)
- echo "mysql-server-5.5 mysql-server/root_password password $mysqlRootPw" | debconf-set-selections
- echo "mysql-server-5.5 mysql-server/root_password_again password $mysqlRootPw" | debconf-set-selections
- apt-get update
- apt-get --assume-yes install owncloud
- }
- create_mysql_db () {
- echo_info "Create mysql database for owncloud"
- #Create a new database and user for owncloud (More information: http://www.bluepiccadilly.com/2011/12/creating-mysql-database-and-user-command-line-and-bash-script-automate-process)
- mysql=`which mysql`
- Q1="CREATE DATABASE IF NOT EXISTS $ocDb;"
- Q2="GRANT USAGE ON *.* TO $ocDbUser@localhost IDENTIFIED BY '$ocDbUserPw';"
- Q3="GRANT ALL PRIVILEGES ON $ocDb.* TO $ocDbUser@localhost;"
- Q4="FLUSH PRIVILEGES;"
- SQL="${Q1}${Q2}${Q3}${Q4}"
- $mysql -uroot -p$mysqlRootPw -e "$SQL"
- }
- patch_apache_filesize () {
- echo_info "Patch apache configuration"
- #Patch filesize in the htaccess (More Information: http://blog.webernetz.net/2015/07/15/yet-another-owncloud-installation-guide/)
- sed -i "s/php_value upload_max_filesize .*/php_value upload_max_filesize $maxFileSize/" /var/www/owncloud/.htaccess
- sed -i "s/php_value post_max_size .*/php_value post_max_size $maxFileSize/" /var/www/owncloud/.htaccess
- sed -i "s/php_value memory_limit .*/php_value memory_limit $maxFileSize/" /var/www/owncloud/.htaccess
- /etc/init.d/apache2 restart
- }
- configure_owncloud () {
- echo_info "Configure owncloud"
- #The data dir should not be under /var/www for security reasons, so the dir must be created (More information: https://doc.owncloud.org/server/8.1/admin_manual/configuration_server/harden_server.html)
- mkdir $ocDataDir
- chown -R ${htuser}:${htgroup} ${ocDataDir}/
- #Use the cli for first configuration (More information: https://doc.owncloud.org/server/8.1/admin_manual/installation/command_line_installation.html)
- cd /var/www/owncloud
- sudo -u $htuser php occ maintenance:install --database "mysql" --database-name "$ocDb" --database-user "$ocDbUser" --database-pass "$ocDbUserPw" --admin-user "$ocAdminUser" --admin-pass "$ocAdminUserPw" --data-dir "$ocDataDir"
- #Add the hostname and ip to the trusted domains, so that it could be reached from outside (More Information: https://doc.owncloud.org/server/8.1/admin_manual/installation/installation_wizard.html?highlight=trusted_domains#label-trusted-domains)
- sed -i "/.*0 => 'localhost',/a \ 1 => '$hostname',n 2 => '$ip'," /var/www/owncloud/config/config.php
- /etc/init.d/apache2 restart
- }
- install_fail2ban () {
- echo_info "Install fail2ban"
- apt-get --assume-yes install fail2ban
- #First configure the owncloud logfile
- logFileMasked=$(echo $logFile | sed 's///\//g')
- logTimezoneMasked=$(echo $logTimeZone | sed 's///\//g')
- sed -i "s/ 'logtimezone' => 'UTC',/ 'logtimezone' => '$logTimezoneMasked',n 'logfile' => '$logFileMasked',n 'loglevel' => '2',/" /var/www/owncloud/config/config.php
- touch $logFile
- chown ${htuser}:${htgroup} $logFile
- #Now configure fail2ban (More Information: http://www.rojtberg.net/711/secure-owncloud-server/, https://got-tty.org/archives/owncloud-6-sicherheit-durch-fail2ban.html)
- echo -e "[Definition]nfailregex={"app":"core","message":"Login failed: user '.*' , wrong password, IP:<HOST>","level":2,"time":".*"}n {"app":"core","message":"Login failed: '.*' (Remote IP: '<HOST>', X-Forwarded-For: '.*')","level":2,"time":".*"}n {"reqId":".*","remoteAddr":"<HOST>","app":"core","message":"Login failed: .*","level":2,"time":".*"}" > /etc/fail2ban/filter.d/owncloud.conf
- echo -e "[owncloud]nenabled = truenfilter = owncloudnport = http,httpsnmaxretry = $maxRetrynlogpath = $logFile" >> /etc/fail2ban/jail.local
- /etc/init.d/fail2ban restart
- }
- enable_apache_ssl () {
- echo_info "Enable and compel apache ssl with default self-signed certifiacte of debian"
- #Uses the default self-signed certificate of debian (More information: https://doc.owncloud.org/server/8.1/admin_manual/installation/source_installation.html#enabling-ssl)
- a2enmod ssl
- a2ensite default-ssl
- #Force https for every connection (More information: https://doc.owncloud.org/server/8.1/admin_manual/configuration_server/harden_server.html)
- a2enmod headers
- sed -i "/.*<VirtualHost.*/a \tServerName $hostnamentRedirect permanent / https://$hostname/" /etc/apache2/sites-available/000-default.conf
- sed -i "/.*<VirtualHost.*/a \ttServerName $hostnamenttHeader always add Strict-Transport-Security "max-age=15768000"" /etc/apache2/sites-available/default-ssl.conf
- /etc/init.d/apache2 restart
- }
- enable_apc_cache () {
- echo_info "Enable apc cache"
- #Install and configure apcu (More information: https://owncloud.org/blog/making-owncloud-faster-through-caching/)
- apt-get --assume-yes install php-apc
- sed -i "s/);/ 'memcache.local' => '\OC\Memcache\APCu',n);/" /var/www/owncloud/config/config.php
- /etc/init.d/apache2 restart
- }
- #Read in the variables in an interacive mode. Too make it a little more comfortable, the following functions need to be defined.
- #Read a value and set the default value as input (More Information: http://stackoverflow.com/questions/2642585/read-a-variable-in-bash-with-a-default-value)
- read_value () {
- unset value
- read -e -i $1 value
- }
- #Hide the input and mask it with stars (More Information: http://stackoverflow.com/questions/1923435/how-do-i-echo-stars-when-reading-password-with-read) (Part of the read_pw function)
- read_pw_loop_masked () {
- unset password
- while IFS= read -p "$prompt" -r -s -n 1 char
- do
- if [[ $char == $'