#!/bin/bash # # eginstall # # (c) 2007 Egressive Limited # # Create a base Egressive Reference Linux platform installation # #----------------------------------------------------- # To Do # Convert to seperate scripts # Change the sources.list back to NZ when finished # #----------------------------------------------------- # History #--------- # Rob Fraser 20070519 created script # Rob Fraser 20070806 changed to calling functions # Rob Fraser 20070820 various tidyups # Rob Fraser 20070821 changed apt-get to aptitude #----------------------------------------------------- # # #APT_GET_COMMAND="`which apt-get` -y" APT_GET_COMMAND="`which aptitude` -y" # EGINSTALL_DIR=`pwd` # #EGRESSIVE_SECRET="" read -s -p "Please enter the egressive password:" egressive_secret #EGRESSIVE_SECRET="" # if ! [ -d $EGINSTALL_DIR/templates ] then echo "You are not in the egserverinstall directory or " echo "egserverinstall is not properly installed." exit 1 fi copy_etc() { if ! [ -f /storage/etc.orig/hosts ] then echo "==========================================================" echo "Make a copy of the base /etc in /storage/etc.orig" echo "----------------------------------------------------------" mkdir /storage/etc.orig cp -a /etc /storage/etc.orig echo "==========================================================" fi } unleash_debcache() { echo "==========================================================" echo "Copying /etc/apt/sources.list using Unleash debcache" echo "----------------------------------------------------------" if ! grep debcache.unleash.net.nz /etc/apt/sources.list then cp /etc/apt/sources.list /etc/apt/sources.list.nz cp $EGINSTALL_DIR/templates/sources.list.unleash /etc/apt/sources.list fi $APT_GET_COMMAND update $APT_GET_COMMAND dist-upgrade } configure_sshd_config(){ echo "==========================================================" echo "Fix up /etc/ssh/sshd_config" echo "----------------------------------------------------------" $APT_GET_COMMAND install ssh sed --in-place=.orig 's/PermitRootLogin yes/PermitRootLogin without-password/' /etc/ssh/sshd_config if ! grep -q AllowGroups /etc/ssh/sshd_config then addgroup sshusers addgroup egressive sshusers echo "AllowGroups root sshusers" >> /etc/ssh/sshd_config fi echo "==========================================================" # } emacs_screen(){ echo "==========================================================" echo "Install Utilities - emacs | screen" echo "----------------------------------------------------------" $APT_GET_COMMAND install emacs-nox screen echo "==========================================================" # } acls_dir_indexing(){ echo "==========================================================" echo "Install acls" echo "----------------------------------------------------------" if ! which getfacl then $APT_GET_COMMAND install acl fi if ! grep -q acl /etc/fstab then echo "You must add ,acl to the option fields (after default)" echo "of / , /var , /home and /storage" read -p "Press Enter to continue . . ." $enter # emacs /etc/fstab mount -o remount / mount -o remount /home mount -o remount /storage fi echo "Add directory indexing to /home filesystem" echo "----------------------------------------------------------" res=`tune2fs -l /dev/mapper/ubuntu-home|grep dir_index|wc -l` if [ $res -le 0 ] then echo "Maildir gets better performance with dir_index turned on" echo "in ext2 - this will affect /home on our standard build" res=`lsof /home | wc -l` if [ $res -gt 0 ] then echo "Cannot umount /home due to open files. You are probably" echo "logged in as egressive. You will need to do this manually . . ." echo "# umount /home" echo "# tune2fs -O dir_index /dev/mapper/ubuntu-home" echo "# e2fsck -fD /dev/mapper/ubuntu/home" mount "# /dev/mapper/ubuntu-home" read -p "Press Enter to continue . . ." $enter else echo "Unmounting home, turning on dir_index, optimising directories and remounting" umount /home tune2fs -O dir_index /dev/mapper/ubuntu-home e2fsck -fD /dev/mapper/ubuntu/home mount /dev/mapper/ubuntu-home fi fi echo "==========================================================" } sw_raid_email() { echo "==========================================================" echo "Update /etc/default/mdadm" echo "----------------------------------------------------------" sed --in-place=.orig 's/MAIL_TO=\"root/MAIL_TO=\"support@egressive.com/' /etc/default/mdadm echo "==========================================================" } openssl_certs(){ echo "==========================================================" echo "Install openssl CA and certificates " echo "----------------------------------------------------------" if ! [ -d /usr/lib/ssl/demoCA ] then echo " You will be prompted for Postfix configuration info" echo " Choose Internet site and enter the domain name" echo " part of the server's email addressing" echo "----------------------------------------------------------" $APT_GET_COMMAND install openssl ca-certificates # cp $EGINSTALL_DIR/templates/openssl.cnf /etc/ssl # # edit openssl.cnf and adjust - location fields and company name # if [ "$domain_nameXXX" == "XXX" ] then read -p "Please enter the mail domain name (eg egressive.com ): " domain_name fi read -p "Please enter the Name of the organisation (eg Egressive Limited): " organisation_name sed --in-place=.orig "s/Internet Widgets Pty Ltd/$organisation_name/g" /etc/ssl/openssl.cnf sed --in-place "s/x509_extensions = usr_cert/x509_extensions = v3_ca/g" /etc/ssl/openssl.cnf cd /usr/lib/ssl if ! [ -f demoCA/cacert.pem ] then echo "----------------------------------------------------------" echo "You will be prompted for a CA passphrase - generate a decent one" echo "and record it somewhere SECURE." echo "The usual format for the common name is ca.domain-name" echo "for example ca.egressive.com" echo "----------------------------------------------------------" read -p "Press Enter to continue . . ." $enter misc/CA.pl -newca cp demoCA/cacert.pem certs fi # sed --in-place "s/x509_extensions = v3_ca/x509_extensions = usr_cert/g" /etc/ssl/openssl.cnf else echo " CA already created" fi echo "==========================================================" } install_postfix() { echo "==========================================================" echo "Install postfix " echo "----------------------------------------------------------" if ! grep permit_sasl_authenticated /etc/postfix/main.cf then echo " You will be prompted for Postfix configuration info" echo " Choose Internet site and enter the domain name" echo " part of the server's email addressing" echo "----------------------------------------------------------" $APT_GET_COMMAND install postfix libsasl2 sasl2-bin libsasl2-modules libdb3-util procmail # # Make a certificate (used by Postfix and Dovecot) # cd /usr/lib/ssl misc/CA.pl -newreq-nodes misc/CA.pl -sign # # mv newcert.pem certs/postfix-dovecot.pem mv newkey.pem private/postfix-dovecot.key chmod 640 private/postfix-dovecot.key # echo "----------------------------------------------------------" echo "Follow this as a guide for the prompts that follow:" echo "General type of configuration? <-- Internet Site" echo "Where should mail for root go <-- NONE" echo "Mail name? <-- server1.example.com" echo "Other destinations to accept mail for? (blank for none) <-- server.example.co.nz, localhost" echo "Force synchronous updates on mail queue? <-- No" echo "Local networks? <-- 127.0.0.0/8" echo "Use procmail for local delivery? <-- Yes" echo "Mailbox size limit <-- 0" echo "Local address extension character? <-- +" echo "Internet protocols to use? <-- all" echo "----------------------------------------------------------" dpkg-reconfigure postfix postconf -e 'smtpd_sasl_local_domain =' postconf -e 'smtpd_sasl_auth_enable = yes' postconf -e 'smtpd_sasl_security_options = noanonymous' postconf -e 'broken_sasl_auth_clients = yes' postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,reject_unauth_pipelining' postconf -e 'smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain' postconf -e 'smtpd_data_restrictions = reject_unauth_pipelining' postconf -e 'smtpd_helo_required = yes' postconf -e 'inet_interfaces = all' echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf # postconf -e 'smtpd_tls_auth_only = no' postconf -e 'smtp_use_tls = yes' postconf -e 'smtpd_use_tls = yes' postconf -e 'smtp_tls_note_starttls_offer = yes' postconf -e 'smtpd_tls_key_file = /etc/ssl/certs/postfix-dovecot.key' postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/postfix-dovecot.pem' postconf -e 'smtpd_tls_CAfile = /etc/certs/ssl/cacert.pem' postconf -e 'smtpd_tls_loglevel = 1' postconf -e 'smtpd_tls_received_header = yes' postconf -e 'smtpd_tls_session_cache_timeout = 3600s' postconf -e 'tls_random_source = dev:/dev/urandom' read -p "Enter the hostname for this server (eg mail.example.co.nz)" my_mailhost_name postconf -e "myhostname = $my_mailhost_name" echo '# Turn on maildir' >> /etc/postfix/main.cf postconf -e 'home_mailbox = .Mail/' postconf -e 'mailbox_command = procmail -a "$EXTENSION" DEFAULT=$HOME/.Mail/ MAILDIR=$HOME/.Mail' # touch /etc/postfix/sender_access postmap /etc/postfix/sender_access # /etc/init.d/postfix restart # mkdir -p /var/spool/postfix/var/run/saslauthd sed --in-place=orig 's/\# START=yes/START=yes/' /etc/default/saslauthd echo 'PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"' >> /etc/default/saslauthd sed --in-place 's/PWDIR=\/var\/run\/saslauthd/PWDIR="\/var\/spool\/postfix\/var\/run\/\$\{NAME\}"/' /etc/init.d/saslauthd sed --in-place 's/PIDFILE="\/var\/run\/\$\{NAME\}\/saslauthd.pid"/PIDFILE="\$\{PWDIR\}\/saslauthd.pid"/' /etc/init.d/saslauthd sed --in-place 's/dir=`dpkg-statoverride --list $PWDIR`/dir="root sasl 755 ${PWDIR}"/' /etc/default/saslauthd /etc/init.d/saslauthd start # else echo " postfix skipped or already updated" fi echo "==========================================================" } install_egrdbackup(){ echo "==========================================================" echo "Install egrdbackup" echo "----------------------------------------------------------" if ! [ -d /etc/egscripts/egrdbackup ] then echo " TODO" echo " You will be need to add any extra exclude directories" echo " to /etc/egscripts/egrdbackup/egrdbackup.conf" echo "----------------------------------------------------------" $APT_GET_COMMAND install rdiff-backup if ! [ -d /etc/egscripts ] then mkdir /etc/egscripts fi if ! [ -d /storage ] then echo " WARNING -- /storage does not exist. Creating /storage . . ." fi if ! [ -d /storage/backups ] then mkdir -p /storage/backups fi cd /etc/egscripts svn co http://devel.egressive.com/egressive/egscripts/egrdbackup egrdbackup cd /etc/egscripts/egrdbackup sed "s/SERVERNAME=\"servername.domain\"/SERVERNAME=\"$HOSTNAME\"/" egrdbackup.conf.example > egrdbackup.conf sed --in-place 's/RDIFF_DEST=\"\"/RDIFF_DEST=\"\/storage\/backups\"/' egrdbackup.conf mv egrdbackup-cron /etc/cron.d mv logrotate.d/egrdbackup /etc/logrotate.d/egrdbackup # else echo " egrdbackup skipped or already updated" fi echo "==========================================================" } install_apache_php5() { echo "==========================================================" echo "Install apache | php5" echo "----------------------------------------------------------" if ! [ -d /etc/apache2/ -a -d /etc/php/apache2 ] then echo "----------------------------------------------------------" $APT_GET_COMMAND install apache2 php5 # a2enmod ssl if ! grep 443 /etc/apache2/ports.conf then echo "Listen 443" >> /etc/apache2/ports.conf fi a2enmod deflate a2enmod rewrite /etc/init.d/apache2 force-reload # sed --in-place 's/memory_limit = 8M/memory_limit = 32M/' /etc/php5/apache2/php.ini /etc/init.d/apache2 force-reload # # Make a certificate (used by Postfix and Dovecot) # cd /usr/lib/ssl misc/CA.pl -newreq-nodes misc/CA.ply -sign # # mkdir /etc/apache2/ssl mv newcert.pem /etc/apache2/ssl/www.pem mv newkey.pem /etc/apache2/ssl/www.key chmod 640 /etc/apache2/ssl/www.key # if [ -d /etc/squirrelmail ] then ln -s /usr/share/squirrelmail /var/www/webmail fi cp $EGINSTALL_DIR/templates/apache-default /etc/apache2/sites-available/default cp $EGINSTALL_DIR/templates/apache-ssl /etc/apache2/sites-available/ssl emacs /etc/apache2/sites-available/default emacs /etc/apache2/sites-available/ssl a2ensite ssl /etc/init.d/apache2 force-reload # else echo " apache | php5 skipped or already updated" fi echo "==========================================================" } install_mysql(){ echo "==========================================================" echo "Install MySQL" echo "----------------------------------------------------------" if echo "show status" | mysql > /dev/null then echo "----------------------------------------------------------" $APT_GET_COMMAND install mysql-server-5.0 mysql-client-5.0 if [ -d /etc/php5 ] then $APT_GET_COMMAND install php5-mysql fi # read -p "Enter the new root password for MySQL: " mysql_password # echo "SET PASSWORD FOR root@localhost=PASSWORD('$mysql_password');" | mysql # else echo " MySQL skipped or already updated" fi echo "==========================================================" } install_dovecot(){ echo "==========================================================" echo "Install dovecot" echo "----------------------------------------------------------" if ! [ -d /etc/dovecot ] then echo "----------------------------------------------------------" $APT_GET_COMMAND install dovecot-imapd dovecot-pop3d # cd /etc/dovecot cp $EGINSTALL_DIR/templates/dovecot.conf . # # set up shared folders in public namespace # addgroup sharedmail mkdir -p /home/mail/public chgrp sharedmail /home/mail/public chmod 770 /home/mail/public chmod g+s /home/mail/public setfacl --default -m g:sharedmail:rwx /home/mail/public touch /home/mail/public/dovecot-shared chmod 660 /home/mail/public/dovecot-shared # else echo " dovecot skipped or already updated" fi echo "==========================================================" } install_squirrelmail() { echo "==========================================================" echo "Install squirrelmail" echo "----------------------------------------------------------" if ! [ -d /etc/squirrelmail ] then echo "----------------------------------------------------------" $APT_GET_COMMAND install squirrelmail vacation proftpd # # Limit proftpd access to localhost only cat $EGINSTALL_DIR/templates/proftpd.localhost >> /etc/proftpd/proftpd.conf /etc/init.d/proftpd restart cd /usr/share/squirrelmail/plugins wget http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fvacation_local-2.0-1.4.tar.gz tar xzvf vacation_local-2.0-1.4.tar.gz cp /usr/share/squirrelmail/plugins/vacation_local/conf.php.sample /usr/share/squirrelmail/plugins/vacation_local/conf.php # /etc/squirrelmail/conf.pl # else echo " dovecot skipped or already updated" fi echo "==========================================================" } install_squid() { echo "==========================================================" echo "Install squid" echo "----------------------------------------------------------" if ! [ -d /etc/squid ] then echo "----------------------------------------------------------" $APT_GET_COMMAND install squid # cd /etc/squid cp $EGINSTALL_DIR/templates/squid.conf . # else echo " squid skipped or already updated" fi echo "==========================================================" } install_aide_rkhunter(){ echo "==========================================================" echo "Install aide | rkhunter" echo "----------------------------------------------------------" if ! [ -f /etc/rkhunter.conf -a -d /etc/aide ] then echo " You will be prompted for Postfix configuration info" echo " Choose Internet site and enter the domain name" echo " part of the server's email addressing" echo "----------------------------------------------------------" $APT_GET_COMMAND install binutils aide rkhunter rkhunter --update sed --in-place=.orig 's/root/support@egressive.com/' /etc/default/rkhunter # sed --in-place=.orig 's/root/support@egressive.com/' /etc/default/aide mv /tmp/aide.default /etc/default/aide aide --init cd /var/lib/aide cp aide.db.new aide.db chmod 400 aide.db # else echo " aide | rkhunter skipped or already updated" fi echo "==========================================================" } install_munin(){ echo "==========================================================" echo "Install munin" echo "----------------------------------------------------------" if ! [ -d /etc/munin ] then echo "----------------------------------------------------------" $APT_GET_COMMAND install munin munin-node # cd /etc/munin sed --in-place=.orig "s/localhost.localdomain/$HOSTNAME/" /etc/munin/munin.conf sed --in-place 's/\#contact.*fnord.comm/contact.egressive.command mail -s "Munin notification" support@egressive.com/' munin.conf # else echo " munin skipped or already updated" fi echo "==========================================================" } install_dhcp_server(){ echo "==========================================================" echo "Install bind dhcp" echo "----------------------------------------------------------" if ! [ -f /etc/dhcp3/dhcpd.conf ] then echo "----------------------------------------------------------" $APT_GET_COMMAND install bind9 dhcp3-server /etc/init.d/bind9 stop /etc/init.d/dhcp3-server stop # sed --in-place=.orig 's/"-u bind"/"-u bind -t \/var\/lib\/named"/' /etc/default/bind9 # mkdir -p /var/lib/named/etc mkdir /var/lib/named/dev mkdir -p /var/lib/named/var/cache/bind mkdir -p /var/lib/named/var/run/bind/run mv /etc/bind /var/lib/named/etc ln -s /var/lib/named/etc/bind /etc/bind mknod /var/lib/named/dev/null c 1 3 mknod /var/lib/named/dev/random c 1 8 chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random chown -R bind:bind /var/lib/named/var/* chown -R bind:bind /var/lib/named/etc/bind # sed --in-place=.orig 's/SYSLOGD="-u syslog"/SYSLOGD="-u syslog -a \/var\/lib\/named\/dev\/log"/' /etc/init.d/sysklogd /etc/init.d/sysklogd restart # echo controls "{inet 127.0.0.1 allow {127.0.0.1; } keys {"rndc-key";};};" >> /etc/bind/named.conf cp $EGINSTALL_DIR/templates/named.conf.local /etc/bind cp $EGINSTALL_DIR/templates/DOMAIN.CO.NZ /var/lib/named/var/cache/bind/ cp $EGINSTALL_DIR/templates/rev.192.168.1 /var/lib/named/var/cache/bind/ # cp /etc/bind/rndc.key /etc/dhcp3/ cd /etc/dhcp3 chown root:dhcpd rndc.key cp $EGINSTALL_DIR/templates/dhcpd.conf /etc/dhcp3/ # domain_name="" while [[ $domain_name != *.* ]] do read -p "Enter domain name: " domain_name done sed --in-place=.orig "s/DOMAIN.CO.NZ/$domain_name/g" /etc/bind/named.conf.local sed --in-place=.orig "s/DOMAIN.CO.NZ/$domain_name/g" /var/lib/named/var/cache/bind/DOMAIN.CO.NZ mv /var/lib/named/var/cache/bind/DOMAIN.CO.NZ /var/lib/named/var/cache/bind/$domain_name sed --in-place=.orig "s/DOMAIN.CO.NZ/$domain_name/g" /var/lib/named/var/cache/bind/rev.192.168.1 sed --in-place=.orig "s/DOMAIN.CO.NZ/$domain_name/g" /etc/dhcp3/dhcpd.conf # /etc/init.d/bind9 start /etc/init.d/dhcp3-server start # else echo " bind-dhcp skipped or already updated" fi echo "==========================================================" } install_samba() { echo "==========================================================" echo "Install Samba" echo "----------------------------------------------------------" if ! [ -f /etc/samba/smb.conf ] then echo "----------------------------------------------------------" $APT_GET_COMMAND install samba cupsys winbind mv /etc/samba/smb.conf /etc/samba/smb.conf.orig cp $EGINSTALL_DIR/templates/smb.conf /etc/samba/smb.conf echo "Enter the new SMB password for root" smbpasswd -a root echo "Enter the new SMB password for egressive" smbpasswd -a egressive # read -p "Enter the Microsoft Windows Domain Name: " ms_domain_name # read -p 'Enter server description (press Enter for "Samba server": ' server_string # if [ "XXX$server_string" == "XXX" ] then server_string="Samba server" fi echo 'Enter the Server Name (press enter for "Server"):' read server_name # if [ "XXX$server_name" == "XXX" ] then server_name="server" fi sed --in-place "s/DOMAIN_NAME/$ms_domain_name/" /etc/samba/smb.conf sed --in-place "s/SERVER_STRING/$server_string/" /etc/samba/smb.conf sed --in-place "s/NETBIOS_NAME/$server_name/" /etc/samba/smb.conf # groupadd domainusers groupadd domainadmins net groupmap modify ntgroup="Domain Users" unixgroup="domainusers" net groupmap modify ntgroup="Domain Admins" unixgroup="domainadmins" net groupmap modify ntgroup="Domain Guests" unixgroup="nogroup" adduser egressive domainusers adduser egressive domainadmins # mkdir -p /home/samba/netlogon mkdir /home/samba/profiles chgrp domainusers /home/samba/profiles chmod 770 /home/samba/profiles mkdir /home/samba/profdata chgrp domainusers /home/samba/profdata chmod 770 /home/samba/profdata mkdir /home/shared chgrp -R domainadmins /var/lib/samba/printers chmod -R g+ws /var/lib/samba/printers mkdir /var/spool/samba chmod 777 /var/spool/samba # /etc/init.d/samba stop /etc/init.d/winbind stop /etc/init.d/samba start /etc/init.d/winbind start # echo "Adding user rights, please enter the root smb password" net rpc rights grant "Domain Admins" SeMachineAccountPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege SeRemoteShutdownPrivilege net rpc rights grant "Domain Users" SePrintOperatorPrivilege # else echo " Samba skipped or already updated" fi echo "==========================================================" } install_mailscanner() { echo "==========================================================" echo "Install Mailscanner" echo "----------------------------------------------------------" if ! [ -d /etc/MailScanner ] then echo "----------------------------------------------------------" $APT_GET_COMMAND install mailscanner tnef clamav unrar-free razor dcc-client pyzor zip libdbd-mysql-perl php5-gd # cp $EGINSTALL_DIR/templates/MailScanner.conf /etc/MailScanner/ cp $EGINSTALL_DIR/templates/spam.assassin.prefs.conf /etc/MailScanner/ cp $EGINSTALL_DIR/init.d-mailscanner /etc/init.d/mailscanner # chown postfix:www-data /var/spool/MailScanner chown -R postfix:postfix /var/spool/MailScanner/* chown -R postfix:www-data /var/spool/MailScanner/quarantine chown postfix:postfix /var/lib/MailScanner # mkdir /var/spool/postfix/.spamassassin chown postfix:postfix /var/spool/postfix/.spamassassin mkdir /var/spool/MailScanner/spamassassin chown -R postfix:postfix /var/spool/MailScanner/spamassassin sa-update # read -p "Enter the short name of the organisation (eg BBC): " org_name # read -p "Enter the long name of the organisation(eg British Broadcasting Corp): " org_long_name # read -p "Enter the website of the organisation (eg www.bbc.org.uk): " org_web_site # sed --in-place "s/ORG_NAME/$org_name/" /etc/MailScanner/MailScanner.conf sed --in-place "s/ORG_NAME/$org_name/" /etc/MailScanner/spam.assassin.prefs.conf sed --in-place "s/ORG_LONG_NAME/$org_long_name/" /etc/MailScanner/MailScanner.conf sed --in-place "s/ORG_WEB_SITE/$org_web_site/" /etc/MailScanner/MailScanner.conf # cp $EGINSTALL_DIR/templates/header_checks /etc/postfix/ postconf -e 'header_checks = regexp:/etc/postfix/header_checks' # chmod -R a+rX /usr/share/doc/pyzor /usr/bin/pyzor /usr/bin/pyzord chmod -R a+rX /usr/lib/site-python/pyzor pyzor ping cp -a ~/.pyzor /var/spool/postfix/ chown postfix:postfix /var/spool/postfix/.pyzor cd rm /etc/razor/razor-agent.conf razor-admin -create razor-admin -register echo "debuglevel = 0" >> ~/.razor/razor-agent.conf echo "razorhome = /var/spool/postfix/.razor/" >> ~/.razor/razor-agent.conf cp -a ~/.razor /var/spool/postfix/ chown -R postfix:postfix /var/spool/postfix/.razor cdcc "delete 127.0.0.1" cdcc "delete 127.0.0.1 Greylist" cdcc info # sed --in-place 's/#run_mailscanner=1/run_mailscanner=1/' /etc/default/mailscanner /etc/init.d/postfix restart /etc/init.d/mailscanner restart # cp $EGINSTALL_DIR/templates/MailWatch.pm /etc/MailScanner/CustomFunctions cp $EGINSTALL_DIR/templates/SQLBlackWhiteList.pm /etc/MailScanner/CustomFunctions # cd /tmp wget http://optusnet.dl.sourceforge.net/sourceforge/mailwatch/mailwatch-1.0.4.tar.gz tar xzvf /tmp/mailwatch-1.0.4.tar.gz cd /tmp/mailwatch-1.0.4 # mkdir -p /etc/egscripts/egmailwatch mv /tmp/mailwatch-1.0.4/tools/* /etc/egscripts/egmailwatch/ sed --in-place 's/var\/www\/html/var\/www/' /etc/egscripts/egmailwatch/quarantine_maint.php echo "/etc/egscripts/egmailwatch/quarantine_maint.php --clean" > /etc/cron.daily/mailwatch_quarantine_maint.sh chmod +x /etc/cron.daily/mailwatch_quarantine_maint.sh # mysql -p < create.sql echo "GRANT ALL ON mailscanner.* TO mailwatch@localhost IDENTIFIED BY '$egressive_secret';" | mysql -p echo "INSERT INTO users VALUES ('egressive',md5('$egressive_secret'),'Egressive','A','0','0','0','0','0');" | mysql mailscanner -u mailwatch -p # mv mailscanner /var/www/ chmod -R o+r /var/www/mailscanner chown root:www-data /var/www/mailscanner/images chmod ug+rwx /var/www/mailscanner/images chown root:www-data /var/www/mailscanner/images/cache chmod ug+rwx /var/www/mailscanner/images/cache # if [ "$domain_nameXXX" == "XXX" ] then read -p "Please enter the mail domain name (eg egressive.com ): " domain_name # fi cp $EGINSTALL_DIR/templates/mailwatch-conf.php /var/www/mailscanner/conf.php chown root:www-data /var/www/mailscanner/conf.php chmod 740 /var/www/mailscanner/conf.php sed --in-place "s/DOMAIN_NAME/$domain_name/" /var/www/mailscanner/conf.php # cp -r $EGINSTALL_DIR/templates/mailwatch/* /etc/MailScanner # mkdir /var/www/mailscanner/temp chown /var/www/mailscanner/temp chmod gu+wr /var/www/mailscanner/temp # /etc/init.d/mailscanner stop sleep 5 /etc/init.d/mailscanner start else echo " Mailscanner skipped or already updated" fi echo "==========================================================" } install_bastille() { echo "==========================================================" echo "Install Bastille" echo "----------------------------------------------------------" if ! [ -d /etc/Bastille ] then echo "----------------------------------------------------------" cd /root $APT_COMMAND install libcurses-perl wget http://ftp.nz.debian.org/debian/pool/main/b/bastille/bastille_2.1.1-13_all.deb # dpkg -i /root/bastille_2.1.1-13_all.deb InteractiveBastille # else echo " Bastille skipped or already updated" fi echo "==========================================================" } #====================================== # May as well just run these every time #====================================== copy_etc unleash_debcache configure_sshd_config emacs_screen acls_dir_indexing sw_raid_email openssl_certs install_postfix # email is needed by most of the remaining packages #=============================================================== # # Comment out any of the following that you don't want installed. # The parameters are the pre-requisites. # #=============================================================== install_munin install_aide_rkhunter install_egrdbackup # install_bastille install_dhcp_server # install_apache_php5 install_squid # install_mysql # install_dovecot install_squirrelmail # install_mailscanner # install_samba #