egscripts/egserverinstall/install.sh

799 lines
28 KiB
Bash
Executable file

#!/bin/bash
#
# eginstall
#
# (c) 2007 Egressive Limited
#
# Create a base Egressive Reference Linux platform installation
#
#-----------------------------------------------------
# To Do
# Convert to seperate scripts
# Change the sources.list back to NZ when finished
#
#-----------------------------------------------------
# History
#---------
# Rob Fraser 20070519 created script
# Rob Fraser 20070806 changed to calling functions
# Rob Fraser 20070820 various tidyups
# Rob Fraser 20070821 changed apt-get to aptitude
#-----------------------------------------------------
#
#
#APT_GET_COMMAND="`which apt-get` -y"
APT_GET_COMMAND="`which aptitude` -y"
#
EGINSTALL_DIR=`pwd`
#
#EGRESSIVE_SECRET=""
read -s -p "Please enter the egressive password:" egressive_secret
#EGRESSIVE_SECRET=""
#
if ! [ -d $EGINSTALL_DIR/templates ]
then
echo "You are not in the egserverinstall directory or "
echo "egserverinstall is not properly installed."
exit 1
fi
copy_etc() {
if ! [ -f /storage/etc.orig/hosts ]
then
echo "=========================================================="
echo "Make a copy of the base /etc in /storage/etc.orig"
echo "----------------------------------------------------------"
mkdir /storage/etc.orig
cp -a /etc /storage/etc.orig
echo "=========================================================="
fi
}
unleash_debcache() {
echo "=========================================================="
echo "Copying /etc/apt/sources.list using Unleash debcache"
echo "----------------------------------------------------------"
if ! grep debcache.unleash.net.nz /etc/apt/sources.list
then
cp /etc/apt/sources.list /etc/apt/sources.list.nz
cp $EGINSTALL_DIR/templates/sources.list.unleash /etc/apt/sources.list
fi
$APT_GET_COMMAND update
$APT_GET_COMMAND dist-upgrade
}
configure_sshd_config(){
echo "=========================================================="
echo "Fix up /etc/ssh/sshd_config"
echo "----------------------------------------------------------"
$APT_GET_COMMAND install ssh
sed --in-place=.orig 's/PermitRootLogin yes/PermitRootLogin without-password/' /etc/ssh/sshd_config
if ! grep -q AllowGroups /etc/ssh/sshd_config
then
addgroup sshusers
addgroup egressive sshusers
echo "AllowGroups root sshusers" >> /etc/ssh/sshd_config
fi
echo "=========================================================="
#
}
emacs_screen(){
echo "=========================================================="
echo "Install Utilities - emacs | screen"
echo "----------------------------------------------------------"
$APT_GET_COMMAND install emacs-nox screen
echo "=========================================================="
#
}
acls_dir_indexing(){
echo "=========================================================="
echo "Install acls"
echo "----------------------------------------------------------"
if ! which getfacl
then
$APT_GET_COMMAND install acl
fi
if ! grep -q acl /etc/fstab
then
echo "You must add ,acl to the option fields (after default)"
echo "of / , /var , /home and /storage"
read -p "Press Enter to continue . . ." $enter
#
emacs /etc/fstab
mount -o remount /
mount -o remount /home
mount -o remount /storage
fi
echo "Add directory indexing to /home filesystem"
echo "----------------------------------------------------------"
res=`tune2fs -l /dev/mapper/ubuntu-home|grep dir_index|wc -l`
if [ $res -le 0 ]
then
echo "Maildir gets better performance with dir_index turned on"
echo "in ext2 - this will affect /home on our standard build"
res=`lsof /home | wc -l`
if [ $res -gt 0 ]
then
echo "Cannot umount /home due to open files. You are probably"
echo "logged in as egressive. You will need to do this manually . . ."
echo "# umount /home"
echo "# tune2fs -O dir_index /dev/mapper/ubuntu-home"
echo "# e2fsck -fD /dev/mapper/ubuntu/home"
mount "# /dev/mapper/ubuntu-home"
read -p "Press Enter to continue . . ." $enter
else
echo "Unmounting home, turning on dir_index, optimising directories and remounting"
umount /home
tune2fs -O dir_index /dev/mapper/ubuntu-home
e2fsck -fD /dev/mapper/ubuntu/home
mount /dev/mapper/ubuntu-home
fi
fi
echo "=========================================================="
}
sw_raid_email() {
echo "=========================================================="
echo "Update /etc/default/mdadm"
echo "----------------------------------------------------------"
sed --in-place=.orig 's/MAIL_TO=\"root/MAIL_TO=\"support@egressive.com/' /etc/default/mdadm
echo "=========================================================="
}
openssl_certs(){
echo "=========================================================="
echo "Install openssl CA and certificates "
echo "----------------------------------------------------------"
if ! [ -d /usr/lib/ssl/demoCA ]
then
echo " You will be prompted for Postfix configuration info"
echo " Choose Internet site and enter the domain name"
echo " part of the server's email addressing"
echo "----------------------------------------------------------"
$APT_GET_COMMAND install openssl ca-certificates
#
cp $EGINSTALL_DIR/templates/openssl.cnf /etc/ssl
#
# edit openssl.cnf and adjust - location fields and company name
#
if [ "$domain_nameXXX" == "XXX" ]
then
read -p "Please enter the mail domain name (eg egressive.com ): " domain_name
fi
read -p "Please enter the Name of the organisation (eg Egressive Limited): " organisation_name
sed --in-place=.orig "s/Internet Widgets Pty Ltd/$organisation_name/g" /etc/ssl/openssl.cnf
sed --in-place "s/x509_extensions = usr_cert/x509_extensions = v3_ca/g" /etc/ssl/openssl.cnf
cd /usr/lib/ssl
if ! [ -f demoCA/cacert.pem ]
then
echo "----------------------------------------------------------"
echo "You will be prompted for a CA passphrase - generate a decent one"
echo "and record it somewhere SECURE."
echo "The usual format for the common name is ca.domain-name"
echo "for example ca.egressive.com"
echo "----------------------------------------------------------"
read -p "Press Enter to continue . . ." $enter
misc/CA.pl -newca
cp demoCA/cacert.pem certs
fi
#
sed --in-place "s/x509_extensions = v3_ca/x509_extensions = usr_cert/g" /etc/ssl/openssl.cnf
else
echo " CA already created"
fi
echo "=========================================================="
}
install_postfix() {
echo "=========================================================="
echo "Install postfix "
echo "----------------------------------------------------------"
if ! grep permit_sasl_authenticated /etc/postfix/main.cf
then
echo " You will be prompted for Postfix configuration info"
echo " Choose Internet site and enter the domain name"
echo " part of the server's email addressing"
echo "----------------------------------------------------------"
$APT_GET_COMMAND install postfix libsasl2 sasl2-bin libsasl2-modules libdb3-util procmail
#
# Make a certificate (used by Postfix and Dovecot)
#
cd /usr/lib/ssl
misc/CA.pl -newreq-nodes
misc/CA.pl -sign
#
#
mv newcert.pem certs/postfix-dovecot.pem
mv newkey.pem private/postfix-dovecot.key
chmod 640 private/postfix-dovecot.key
#
echo "----------------------------------------------------------"
echo "Follow this as a guide for the prompts that follow:"
echo "General type of configuration? <-- Internet Site"
echo "Where should mail for root go <-- NONE"
echo "Mail name? <-- server1.example.com"
echo "Other destinations to accept mail for? (blank for none) <-- server.example.co.nz, localhost"
echo "Force synchronous updates on mail queue? <-- No"
echo "Local networks? <-- 127.0.0.0/8"
echo "Use procmail for local delivery? <-- Yes"
echo "Mailbox size limit <-- 0"
echo "Local address extension character? <-- +"
echo "Internet protocols to use? <-- all"
echo "----------------------------------------------------------"
dpkg-reconfigure postfix
postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,reject_unauth_pipelining'
postconf -e 'smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain'
postconf -e 'smtpd_data_restrictions = reject_unauth_pipelining'
postconf -e 'smtpd_helo_required = yes'
postconf -e 'inet_interfaces = all'
echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf
#
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/ssl/certs/postfix-dovecot.key'
postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/postfix-dovecot.pem'
postconf -e 'smtpd_tls_CAfile = /etc/certs/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
read -p "Enter the hostname for this server (eg mail.example.co.nz)" my_mailhost_name
postconf -e "myhostname = $my_mailhost_name"
echo '# Turn on maildir' >> /etc/postfix/main.cf
postconf -e 'home_mailbox = .Mail/'
postconf -e 'mailbox_command = procmail -a "$EXTENSION" DEFAULT=$HOME/.Mail/ MAILDIR=$HOME/.Mail'
#
touch /etc/postfix/sender_access
postmap /etc/postfix/sender_access
#
/etc/init.d/postfix restart
#
mkdir -p /var/spool/postfix/var/run/saslauthd
sed --in-place=orig 's/\# START=yes/START=yes/' /etc/default/saslauthd
echo 'PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"' >> /etc/default/saslauthd
sed --in-place 's/PWDIR=\/var\/run\/saslauthd/PWDIR="\/var\/spool\/postfix\/var\/run\/\$\{NAME\}"/' /etc/init.d/saslauthd
sed --in-place 's/PIDFILE="\/var\/run\/\$\{NAME\}\/saslauthd.pid"/PIDFILE="\$\{PWDIR\}\/saslauthd.pid"/' /etc/init.d/saslauthd
sed --in-place 's/dir=`dpkg-statoverride --list $PWDIR`/dir="root sasl 755 ${PWDIR}"/' /etc/default/saslauthd
/etc/init.d/saslauthd start
#
else
echo " postfix skipped or already updated"
fi
echo "=========================================================="
}
install_egrdbackup(){
echo "=========================================================="
echo "Install egrdbackup"
echo "----------------------------------------------------------"
if ! [ -d /etc/egscripts/egrdbackup ]
then
echo " TODO"
echo " You will be need to add any extra exclude directories"
echo " to /etc/egscripts/egrdbackup/egrdbackup.conf"
echo "----------------------------------------------------------"
$APT_GET_COMMAND install rdiff-backup
if ! [ -d /etc/egscripts ]
then
mkdir /etc/egscripts
fi
if ! [ -d /storage ]
then
echo " WARNING -- /storage does not exist. Creating /storage . . ."
fi
if ! [ -d /storage/backups ]
then
mkdir -p /storage/backups
fi
cd /etc/egscripts
svn co http://devel.egressive.com/egressive/egscripts/egrdbackup egrdbackup
cd /etc/egscripts/egrdbackup
sed "s/SERVERNAME=\"servername.domain\"/SERVERNAME=\"$HOSTNAME\"/" egrdbackup.conf.example > egrdbackup.conf
sed --in-place 's/RDIFF_DEST=\"\"/RDIFF_DEST=\"\/storage\/backups\"/' egrdbackup.conf
mv egrdbackup-cron /etc/cron.d
mv logrotate.d/egrdbackup /etc/logrotate.d/egrdbackup
#
else
echo " egrdbackup skipped or already updated"
fi
echo "=========================================================="
}
install_apache_php5() {
echo "=========================================================="
echo "Install apache | php5"
echo "----------------------------------------------------------"
if ! [ -d /etc/apache2/ -a -d /etc/php/apache2 ]
then
echo "----------------------------------------------------------"
$APT_GET_COMMAND install apache2 php5
#
a2enmod ssl
if ! grep 443 /etc/apache2/ports.conf
then
echo "Listen 443" >> /etc/apache2/ports.conf
fi
a2enmod deflate
a2enmod rewrite
/etc/init.d/apache2 force-reload
#
sed --in-place 's/memory_limit = 8M/memory_limit = 32M/' /etc/php5/apache2/php.ini
/etc/init.d/apache2 force-reload
#
# Make a certificate (used by Postfix and Dovecot)
#
cd /usr/lib/ssl
misc/CA.pl -newreq-nodes
misc/CA.ply -sign
#
#
mkdir /etc/apache2/ssl
mv newcert.pem /etc/apache2/ssl/www.pem
mv newkey.pem /etc/apache2/ssl/www.key
chmod 640 /etc/apache2/ssl/www.key
#
if [ -d /etc/squirrelmail ]
then
ln -s /usr/share/squirrelmail /var/www/webmail
fi
cp $EGINSTALL_DIR/templates/apache-default /etc/apache2/sites-available/default
cp $EGINSTALL_DIR/templates/apache-ssl /etc/apache2/sites-available/ssl
emacs /etc/apache2/sites-available/default
emacs /etc/apache2/sites-available/ssl
a2ensite ssl
/etc/init.d/apache2 force-reload
#
else
echo " apache | php5 skipped or already updated"
fi
echo "=========================================================="
}
install_mysql(){
echo "=========================================================="
echo "Install MySQL"
echo "----------------------------------------------------------"
if echo "show status" | mysql > /dev/null
then
echo "----------------------------------------------------------"
$APT_GET_COMMAND install mysql-server-5.0 mysql-client-5.0
if [ -d /etc/php5 ]
then
$APT_GET_COMMAND install php5-mysql
fi
#
read -p "Enter the new root password for MySQL: " mysql_password
#
echo "SET PASSWORD FOR root@localhost=PASSWORD('$mysql_password');" | mysql
#
else
echo " MySQL skipped or already updated"
fi
echo "=========================================================="
}
install_dovecot(){
echo "=========================================================="
echo "Install dovecot"
echo "----------------------------------------------------------"
if ! [ -d /etc/dovecot ]
then
echo "----------------------------------------------------------"
$APT_GET_COMMAND install dovecot-imapd dovecot-pop3d
#
cd /etc/dovecot
cp $EGINSTALL_DIR/templates/dovecot.conf .
#
# set up shared folders in public namespace
#
addgroup sharedmail
mkdir -p /home/mail/public
chgrp sharedmail /home/mail/public
chmod 770 /home/mail/public
chmod g+s /home/mail/public
setfacl --default -m g:sharedmail:rwx /home/mail/public
touch /home/mail/public/dovecot-shared
chmod 660 /home/mail/public/dovecot-shared
#
else
echo " dovecot skipped or already updated"
fi
echo "=========================================================="
}
install_squirrelmail() {
echo "=========================================================="
echo "Install squirrelmail"
echo "----------------------------------------------------------"
if ! [ -d /etc/squirrelmail ]
then
echo "----------------------------------------------------------"
$APT_GET_COMMAND install squirrelmail vacation proftpd
#
# Limit proftpd access to localhost only
cat $EGINSTALL_DIR/templates/proftpd.localhost >> /etc/proftpd/proftpd.conf
/etc/init.d/proftpd restart
cd /usr/share/squirrelmail/plugins
wget http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fvacation_local-2.0-1.4.tar.gz
tar xzvf vacation_local-2.0-1.4.tar.gz
cp /usr/share/squirrelmail/plugins/vacation_local/conf.php.sample /usr/share/squirrelmail/plugins/vacation_local/conf.php
#
/etc/squirrelmail/conf.pl
#
else
echo " dovecot skipped or already updated"
fi
echo "=========================================================="
}
install_squid() {
echo "=========================================================="
echo "Install squid"
echo "----------------------------------------------------------"
if ! [ -d /etc/squid ]
then
echo "----------------------------------------------------------"
$APT_GET_COMMAND install squid
#
cd /etc/squid
cp $EGINSTALL_DIR/templates/squid.conf .
#
else
echo " squid skipped or already updated"
fi
echo "=========================================================="
}
install_aide_rkhunter(){
echo "=========================================================="
echo "Install aide | rkhunter"
echo "----------------------------------------------------------"
if ! [ -f /etc/rkhunter.conf -a -d /etc/aide ]
then
echo " You will be prompted for Postfix configuration info"
echo " Choose Internet site and enter the domain name"
echo " part of the server's email addressing"
echo "----------------------------------------------------------"
$APT_GET_COMMAND install binutils aide rkhunter
rkhunter --update
sed --in-place=.orig 's/root/support@egressive.com/' /etc/default/rkhunter
#
sed --in-place=.orig 's/root/support@egressive.com/' /etc/default/aide
mv /tmp/aide.default /etc/default/aide
aide --init
cd /var/lib/aide
cp aide.db.new aide.db
chmod 400 aide.db
#
else
echo " aide | rkhunter skipped or already updated"
fi
echo "=========================================================="
}
install_munin(){
echo "=========================================================="
echo "Install munin"
echo "----------------------------------------------------------"
if ! [ -d /etc/munin ]
then
echo "----------------------------------------------------------"
$APT_GET_COMMAND install munin munin-node
#
cd /etc/munin
sed --in-place=.orig "s/localhost.localdomain/$HOSTNAME/" /etc/munin/munin.conf
sed --in-place 's/\#contact.*fnord.comm/contact.egressive.command mail -s "Munin notification" support@egressive.com/' munin.conf
#
else
echo " munin skipped or already updated"
fi
echo "=========================================================="
}
install_dhcp_server(){
echo "=========================================================="
echo "Install bind dhcp"
echo "----------------------------------------------------------"
if ! [ -f /etc/dhcp3/dhcpd.conf ]
then
echo "----------------------------------------------------------"
$APT_GET_COMMAND install bind9 dhcp3-server
/etc/init.d/bind9 stop
/etc/init.d/dhcp3-server stop
#
sed --in-place=.orig 's/"-u bind"/"-u bind -t \/var\/lib\/named"/' /etc/default/bind9
#
mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run
mv /etc/bind /var/lib/named/etc
ln -s /var/lib/named/etc/bind /etc/bind
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind
#
sed --in-place=.orig 's/SYSLOGD="-u syslog"/SYSLOGD="-u syslog -a \/var\/lib\/named\/dev\/log"/' /etc/init.d/sysklogd
/etc/init.d/sysklogd restart
#
echo controls "{inet 127.0.0.1 allow {127.0.0.1; } keys {"rndc-key";};};" >> /etc/bind/named.conf
cp $EGINSTALL_DIR/templates/named.conf.local /etc/bind
cp $EGINSTALL_DIR/templates/DOMAIN.CO.NZ /var/lib/named/var/cache/bind/
cp $EGINSTALL_DIR/templates/rev.192.168.1 /var/lib/named/var/cache/bind/
#
cp /etc/bind/rndc.key /etc/dhcp3/
cd /etc/dhcp3
chown root:dhcpd rndc.key
cp $EGINSTALL_DIR/templates/dhcpd.conf /etc/dhcp3/
#
domain_name=""
while [[ $domain_name != *.* ]]
do
read -p "Enter domain name: " domain_name
done
sed --in-place=.orig "s/DOMAIN.CO.NZ/$domain_name/g" /etc/bind/named.conf.local
sed --in-place=.orig "s/DOMAIN.CO.NZ/$domain_name/g" /var/lib/named/var/cache/bind/DOMAIN.CO.NZ
mv /var/lib/named/var/cache/bind/DOMAIN.CO.NZ /var/lib/named/var/cache/bind/$domain_name
sed --in-place=.orig "s/DOMAIN.CO.NZ/$domain_name/g" /var/lib/named/var/cache/bind/rev.192.168.1
sed --in-place=.orig "s/DOMAIN.CO.NZ/$domain_name/g" /etc/dhcp3/dhcpd.conf
#
/etc/init.d/bind9 start
/etc/init.d/dhcp3-server start
#
else
echo " bind-dhcp skipped or already updated"
fi
echo "=========================================================="
}
install_samba() {
echo "=========================================================="
echo "Install Samba"
echo "----------------------------------------------------------"
if ! [ -f /etc/samba/smb.conf ]
then
echo "----------------------------------------------------------"
$APT_GET_COMMAND install samba cupsys winbind
mv /etc/samba/smb.conf /etc/samba/smb.conf.orig
cp $EGINSTALL_DIR/templates/smb.conf /etc/samba/smb.conf
echo "Enter the new SMB password for root"
smbpasswd -a root
echo "Enter the new SMB password for egressive"
smbpasswd -a egressive
#
read -p "Enter the Microsoft Windows Domain Name: " ms_domain_name
#
read -p 'Enter server description (press Enter for "Samba server": ' server_string
#
if [ "XXX$server_string" == "XXX" ]
then
server_string="Samba server"
fi
echo 'Enter the Server Name (press enter for "Server"):'
read server_name
#
if [ "XXX$server_name" == "XXX" ]
then
server_name="server"
fi
sed --in-place "s/DOMAIN_NAME/$ms_domain_name/" /etc/samba/smb.conf
sed --in-place "s/SERVER_STRING/$server_string/" /etc/samba/smb.conf
sed --in-place "s/NETBIOS_NAME/$server_name/" /etc/samba/smb.conf
#
groupadd domainusers
groupadd domainadmins
net groupmap modify ntgroup="Domain Users" unixgroup="domainusers"
net groupmap modify ntgroup="Domain Admins" unixgroup="domainadmins"
net groupmap modify ntgroup="Domain Guests" unixgroup="nogroup"
adduser egressive domainusers
adduser egressive domainadmins
#
mkdir -p /home/samba/netlogon
mkdir /home/samba/profiles
chgrp domainusers /home/samba/profiles
chmod 770 /home/samba/profiles
mkdir /home/samba/profdata
chgrp domainusers /home/samba/profdata
chmod 770 /home/samba/profdata
mkdir /home/shared
chgrp -R domainadmins /var/lib/samba/printers
chmod -R g+ws /var/lib/samba/printers
mkdir /var/spool/samba
chmod 777 /var/spool/samba
#
/etc/init.d/samba stop
/etc/init.d/winbind stop
/etc/init.d/samba start
/etc/init.d/winbind start
#
echo "Adding user rights, please enter the root smb password"
net rpc rights grant "Domain Admins" SeMachineAccountPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege SeRemoteShutdownPrivilege
net rpc rights grant "Domain Users" SePrintOperatorPrivilege
#
else
echo " Samba skipped or already updated"
fi
echo "=========================================================="
}
install_mailscanner() {
echo "=========================================================="
echo "Install Mailscanner"
echo "----------------------------------------------------------"
if ! [ -d /etc/MailScanner ]
then
echo "----------------------------------------------------------"
$APT_GET_COMMAND install mailscanner tnef clamav unrar-free razor dcc-client pyzor zip libdbd-mysql-perl php5-gd
#
cp $EGINSTALL_DIR/templates/MailScanner.conf /etc/MailScanner/
cp $EGINSTALL_DIR/templates/spam.assassin.prefs.conf /etc/MailScanner/
cp $EGINSTALL_DIR/init.d-mailscanner /etc/init.d/mailscanner
#
chown postfix:www-data /var/spool/MailScanner
chown -R postfix:postfix /var/spool/MailScanner/*
chown -R postfix:www-data /var/spool/MailScanner/quarantine
chown postfix:postfix /var/lib/MailScanner
#
mkdir /var/spool/postfix/.spamassassin
chown postfix:postfix /var/spool/postfix/.spamassassin
mkdir /var/spool/MailScanner/spamassassin
chown -R postfix:postfix /var/spool/MailScanner/spamassassin
sa-update
#
read -p "Enter the short name of the organisation (eg BBC): " org_name
#
read -p "Enter the long name of the organisation(eg British Broadcasting Corp): " org_long_name
#
read -p "Enter the website of the organisation (eg www.bbc.org.uk): " org_web_site
#
sed --in-place "s/ORG_NAME/$org_name/" /etc/MailScanner/MailScanner.conf
sed --in-place "s/ORG_NAME/$org_name/" /etc/MailScanner/spam.assassin.prefs.conf
sed --in-place "s/ORG_LONG_NAME/$org_long_name/" /etc/MailScanner/MailScanner.conf
sed --in-place "s/ORG_WEB_SITE/$org_web_site/" /etc/MailScanner/MailScanner.conf
#
cp $EGINSTALL_DIR/templates/header_checks /etc/postfix/
postconf -e 'header_checks = regexp:/etc/postfix/header_checks'
#
chmod -R a+rX /usr/share/doc/pyzor /usr/bin/pyzor /usr/bin/pyzord
chmod -R a+rX /usr/lib/site-python/pyzor
pyzor ping
cp -a ~/.pyzor /var/spool/postfix/
chown postfix:postfix /var/spool/postfix/.pyzor
cd
rm /etc/razor/razor-agent.conf
razor-admin -create
razor-admin -register
echo "debuglevel = 0" >> ~/.razor/razor-agent.conf
echo "razorhome = /var/spool/postfix/.razor/" >> ~/.razor/razor-agent.conf
cp -a ~/.razor /var/spool/postfix/
chown -R postfix:postfix /var/spool/postfix/.razor
cdcc "delete 127.0.0.1"
cdcc "delete 127.0.0.1 Greylist"
cdcc info
#
sed --in-place 's/#run_mailscanner=1/run_mailscanner=1/' /etc/default/mailscanner
/etc/init.d/postfix restart
/etc/init.d/mailscanner restart
#
cp $EGINSTALL_DIR/templates/MailWatch.pm /etc/MailScanner/CustomFunctions
cp $EGINSTALL_DIR/templates/SQLBlackWhiteList.pm /etc/MailScanner/CustomFunctions
#
cd /tmp
wget http://optusnet.dl.sourceforge.net/sourceforge/mailwatch/mailwatch-1.0.4.tar.gz
tar xzvf /tmp/mailwatch-1.0.4.tar.gz
cd /tmp/mailwatch-1.0.4
#
mkdir -p /etc/egscripts/egmailwatch
mv /tmp/mailwatch-1.0.4/tools/* /etc/egscripts/egmailwatch/
sed --in-place 's/var\/www\/html/var\/www/' /etc/egscripts/egmailwatch/quarantine_maint.php
echo "/etc/egscripts/egmailwatch/quarantine_maint.php --clean" > /etc/cron.daily/mailwatch_quarantine_maint.sh
chmod +x /etc/cron.daily/mailwatch_quarantine_maint.sh
#
mysql -p < create.sql
echo "GRANT ALL ON mailscanner.* TO mailwatch@localhost IDENTIFIED BY '$egressive_secret';" | mysql -p
echo "INSERT INTO users VALUES ('egressive',md5('$egressive_secret'),'Egressive','A','0','0','0','0','0');" | mysql mailscanner -u mailwatch -p
#
mv mailscanner /var/www/
chmod -R o+r /var/www/mailscanner
chown root:www-data /var/www/mailscanner/images
chmod ug+rwx /var/www/mailscanner/images
chown root:www-data /var/www/mailscanner/images/cache
chmod ug+rwx /var/www/mailscanner/images/cache
#
if [ "$domain_nameXXX" == "XXX" ]
then
read -p "Please enter the mail domain name (eg egressive.com ): " domain_name
#
fi
cp $EGINSTALL_DIR/templates/mailwatch-conf.php /var/www/mailscanner/conf.php
chown root:www-data /var/www/mailscanner/conf.php
chmod 740 /var/www/mailscanner/conf.php
sed --in-place "s/DOMAIN_NAME/$domain_name/" /var/www/mailscanner/conf.php
#
cp -r $EGINSTALL_DIR/templates/mailwatch/* /etc/MailScanner
#
mkdir /var/www/mailscanner/temp
chown /var/www/mailscanner/temp
chmod gu+wr /var/www/mailscanner/temp
#
/etc/init.d/mailscanner stop
sleep 5
/etc/init.d/mailscanner start
else
echo " Mailscanner skipped or already updated"
fi
echo "=========================================================="
}
install_bastille() {
echo "=========================================================="
echo "Install Bastille"
echo "----------------------------------------------------------"
if ! [ -d /etc/Bastille ]
then
echo "----------------------------------------------------------"
cd /root
$APT_COMMAND install libcurses-perl
wget http://ftp.nz.debian.org/debian/pool/main/b/bastille/bastille_2.1.1-13_all.deb
#
dpkg -i /root/bastille_2.1.1-13_all.deb
InteractiveBastille
#
else
echo " Bastille skipped or already updated"
fi
echo "=========================================================="
}
#======================================
# May as well just run these every time
#======================================
copy_etc
unleash_debcache
configure_sshd_config
emacs_screen
acls_dir_indexing
sw_raid_email
openssl_certs
install_postfix # email is needed by most of the remaining packages
#===============================================================
#
# Comment out any of the following that you don't want installed.
# The parameters are the pre-requisites.
#
#===============================================================
install_munin
install_aide_rkhunter
install_egrdbackup
#
install_bastille
install_dhcp_server
#
install_apache_php5
install_squid
#
install_mysql
#
install_dovecot
install_squirrelmail
#
install_mailscanner
#
install_samba
#