Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #$1 - Find
- #$2 - Replace
- #$3 - File
- copyReplaceB()
- {
- _r1="$1"
- _r2="$2"
- _r1="${_r1//\//\\/}"
- _r2="${_r2//\//\\/}"
- sed -e "s/${_r1}/${_r2}/g" $3 > /tmp/temp
- cat /tmp/temp > $3
- rm /tmp/temp
- }
- #$1 - Find
- #$2 - Replace
- #$3 - File
- copyReplace()
- {
- sed -e "s/$1/$2/g" $3 > /tmp/temp
- cat /tmp/temp > $3
- rm /tmp/temp
- }
- if [ $(lsb_release -a 2>&1 | grep Release | awk {'print $2'}) != "16.04" ]
- then
- echo "This script is only intended to be used on Ubuntu 16.04."
- exit 1
- fi
- if [ -w /etc/passwd ]
- then
- dpkg-reconfigure tzdata
- webip='sonic.evolution-host.com' #For the downloads user (Should be Sonic at the moment - Not SBG)
- downloadsPassword='57ZVYkQ85pKMvBXD'
- mkdir /vps
- mkdir /var/include
- mkdir /var/weblogs
- mkdir /usr/template
- mkdir /root/mailspam
- chmod 700 /var/include
- chmod 700 /var/weblogs
- chown www-data: /var/weblogs
- apt-get update
- apt-get install -y php-cli mysql-client sshpass php-pear libnetfilter-queue1 iotop fail2ban nload unattended-upgrades htop iotop
- pear install --alldeps mail
- pear install --alldeps Net_SMTP
- pear install --alldeps Auth_SASL
- pear install --alldeps mail_mime
- sshpass -p $downloadsPassword scp -oStrictHostKeyChecking=no downloads@$webip:blcheck.php /var/include/
- sshpass -p $downloadsPassword scp -oStrictHostKeyChecking=no downloads@$webip:blacklistCheck.php /var/include/
- sshpass -p $downloadsPassword scp -oStrictHostKeyChecking=no downloads@$webip:autoupdate.sh /root/autoupdate.sh
- sshpass -p $downloadsPassword scp -oStrictHostKeyChecking=no downloads@$webip:restartmail.sh /root/mailspam/restartmail.sh
- sshpass -p $downloadsPassword scp -oStrictHostKeyChecking=no downloads@$webip:mailmonitor /root/mailspam/mailmonitor
- sshpass -p $downloadsPassword scp -oStrictHostKeyChecking=no downloads@$webip:Net.tar.gz /usr/share/php
- cd /usr/share/php
- tar -xf Net.tar.gz
- cd ~
- chmod 700 /root/autoupdate.sh
- chmod 700 /root/mailspam/restartmail.sh
- chmod 700 /root/mailspam/mailmonitor
- #Enable automatic updates
- copyReplaceB '// "${distro_id}:${distro_codename}-updates";' ' "${distro_id}:${distro_codename}-updates";' '/etc/apt/apt.conf.d/50unattended-upgrades'
- if ! [[ -e /etc/apt/apt.conf.d/20auto-upgrades ]]
- then
- echo 'APT::Periodic::Update-Package-Lists "1";
- APT::Periodic::Download-Upgradeable-Packages "1";
- APT::Periodic::AutocleanInterval "7";
- APT::Periodic::Unattended-Upgrade "1";' > /etc/apt/apt.conf.d/20auto-upgrades
- fi
- crontab -l | { cat; echo "0 * * * * /root/autoupdate.sh"; } | crontab -
- crontab -l | { cat; echo "0 */4 * * * php -q /var/include/blacklistCheck.php"; } | crontab -
- crontab -l | { cat; echo "0 3 * * * /usr/sbin/ntpdate ntp.ovh.net > /dev/null"; } | crontab -
- crontab -l | { cat; echo "@reboot /sbin/iptables -I INPUT -p tcp --dport 4085 -j DROP"; } | crontab -
- crontab -l | { cat; echo "@reboot /sbin/iptables -I INPUT -s 94.175.42.138 -j ACCEPT"; } | crontab -
- crontab -l | { cat; echo "@reboot /sbin/iptables -I INPUT -s 46.7.250.103 -j ACCEPT"; } | crontab -
- crontab -l | { cat; echo "@reboot /sbin/iptables -I INPUT -s main.evolution-host.com -j ACCEPT"; } | crontab -
- crontab -l | { cat; echo "@reboot /sbin/iptables -A FORWARD -m physdev --physdev-in viifv+ -p tcp --match multiport --dports 25,2525,587,465,2526 -j NFQUEUE --queue-num 0"; } | crontab -
- crontab -l | { cat; echo "@reboot /sbin/iptables -A FORWARD -m physdev --physdev-in viifv+ -p tcp --match multiport --sports 25,2525,587,465,2526 -j NFQUEUE --queue-num 0"; } | crontab -
- crontab -l | { cat; echo '@reboot /sbin/iptables -A FORWARD -p udp -m string --algo bm --string "TSource" -m limit --limit 30/second -j ACCEPT'; } | crontab -
- crontab -l | { cat; echo '@reboot /sbin/iptables -A FORWARD -p udp -m string --algo bm --string "TSource" -j DROP'; } | crontab -
- crontab -l | { cat; echo '@reboot /sbin/iptables -A FORWARD -p udp -m string --algo bm --string "TS3INIT" -m limit --limit 30/second -j ACCEPT'; } | crontab -
- crontab -l | { cat; echo '@reboot /sbin/iptables -A FORWARD -p udp -m string --algo bm --string "TS3INIT" -j DROP'; } | crontab -
- #Makes the iptables FORWARD chain apply to VPS/viifbr0
- modprobe br_netfilter
- crontab -l | { cat; echo '@reboot /sbin/ebtables -t broute -A BROUTING -p ipv4 -i br0 -j DROP'; } | crontab -
- crontab -l | { cat; echo "@reboot /root/mailspam/restartmail.sh"; } | crontab -
- useradd vpsremoteuser
- mkdir /home/vpsremoteuser
- chown vpsremoteuser: /home/vpsremoteuser
- chmod 700 /home/vpsremoteuser
- echo -e "8apv6GZYTX9jBRZY\n8apv6GZYTX9jBRZY\n" | passwd vpsremoteuser
- allowips="94.175.42.138 46.7.250.103 5.196.162.99 173.234.25.98 198.50.246.48 188.166.190.1"
- allowips=$(echo $allowips | sort | uniq)
- for ip in $allowips
- do
- if [ $(grep $ip /etc/ssh/sshd_config | wc -l) -eq 0 ]
- then
- sed -i "/^AllowUsers/ s/\$/ *@$ip/" /etc/ssh/sshd_config
- fi
- done
- echo "vpsremoteuser ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers
- service ssh restart
- sshpass -p $downloadsPassword scp -oStrictHostKeyChecking=no downloads@sonic.evolution-host.com:f2b_phpmyadmin_mysql_16.04.sh /tmp/f2b_phpmyadmin_mysql_16.04.sh
- chmod 700 /tmp/f2b_phpmyadmin_mysql_16.04.sh
- /tmp/f2b_phpmyadmin_mysql_16.04.sh
- rm /tmp/f2b_phpmyadmin_mysql_16.04.sh
- echo ''
- echo ''
- echo 'Remember to set a DNS and rDNS record for this system IP. Turn on permanant mitigation.'
- echo 'Transfer all Virtualizor templates.'
- echo 'Setup automatic backups'
- echo 'Grant SQL access for this system to login to main.evolution-host.com as createdb (blacklist checking).'
- else
- echo 'This script must be ran as root. (use sudo)'
- exit 0
- fi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement