├── README.md └── Scripts ├── ArgsParse.sh ├── BlockWPADDomains.sh ├── CheckAptCommand.sh ├── CheckBash.sh ├── CheckBashVersion.sh ├── CheckCentos.sh ├── CheckDebian.sh ├── CheckDebianBased.sh ├── CheckFQDN.sh ├── CheckIP.sh ├── CheckMemory.sh ├── CheckOpenVPN.sh ├── CheckOpenVZ.sh ├── CheckRoot.sh ├── CheckTunTap.sh ├── CheckUbuntu.sh ├── ColoredEcho.sh ├── CupsEnableFix.sh ├── DNSBuild.sh ├── DNSandUpdate.sh ├── DisableSelinux.sh ├── ErrorCheck.sh ├── GhostInstall.sh ├── ImageShadow.sh ├── InstallSpotify.sh ├── LampInstaller.sh ├── OpenVPNCompile.sh ├── PhRestart.sh ├── RandomKey.sh ├── RecoveryCHK.sh ├── SambaInstaller.sh ├── ShortenURL.sh ├── SubScan.sh ├── backup.sh ├── dyn_dns_firewall.sh ├── install_on_planetlab.sh ├── mem_check.sh ├── mysql-bench.sh ├── nmap_find_hostname.sh ├── prime_number.sh ├── psiphon_install.sh ├── setenforce.sh ├── uptime.sh └── yacy.sh /README.md: -------------------------------------------------------------------------------- 1 | # Useful Bash Scripts 2 | 3 | A repository of useful bash script commands 4 | -------------------------------------------------------------------------------- /Scripts/ArgsParse.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | while [ $# -gt 0 ]; do 4 | case "$1" in 5 | -h | --help) 6 | echo -e "${yellow}OpenVPN automatic server and client certificate(s) setup script, v0.01 :: Author: niemal" 7 | echo -e " ${white}For a client certificate/package only refer to the create_client.sh script.\n" 8 | echo -e "Parameters:" 9 | echo -e " $lightred--clients ${white}[integer]$nocolour - Specifies the amount of client certificates to be automatically created. Default is 1." 10 | echo -e " $lightred--servername ${white}[string(text)]$nocolour - Defines the server's name. Default is 'server'." 11 | echo -e " $lightred--sslconf ${white}[absolute(path)]$nocolour - Path for the openssl.cnf creation. It is created by default at '/etc/openvpn/openssl.cnf'." 12 | echo -e " $lightred--certs ${white}[absolute(path)]$nocolour - Path to the certificates directory. If it doesn't exist, it gets created. Default is '/etc/openvpn/certs'." 13 | echo -e " $lightred--certmodulus ${white}[integer(bit)]$nocolour - The RSA modulus bit setting. Default is 2048." 14 | echo -e " $lightred--expires ${white}[integer(days)]$nocolour - The certificate expiration in days. Default is 31337." 15 | echo -e " $lightred--duplicate-cn$nocolour - Allow duplicate certificates in the network. Default is to not." 16 | echo -e " $lightred--cipher ${white}[string(cipher)]$nocolour - The server's encryption cipher. Default is AES-256-CBC." 17 | echo -e " $lightred--port ${white}[integer(port)]$nocolour - The server's port. Default is 1194." 18 | echo -e " $lightred--vpnsubnet ${white}[string(subnet)]$nocolour - The network's subnet, CIDR 24. Default is '10.8.0.0'." 19 | echo -e " $lightred--dns1 ${white}[string(ip)]$nocolour - Defines DNS #1 for the server.conf. Default is OpenDNS, 208.67.222.222." 20 | echo -e " $lightred--dns2 ${white}[string(ip)]$nocolour - Defines DNS #2 for server.conf. Default is OpenDNS, 208.67.220.220." 21 | echo -e " $lightred--exitnode$nocolour - Configures iptables so the client can access the internet through the VPN. Requires --iface." 22 | echo -e " $lightred--iface ${white}[string(interface)]$nocolour - Declares the interface for --exitnode. Default is eth0." 23 | exit 0;; 24 | -c | --clients) 25 | shift 26 | clients=$1;; 27 | -s | --servername) 28 | shift 29 | servername=$1;; 30 | -ssl | --sslconf) 31 | shift 32 | sslconf=$1;; 33 | -ce | --certs) 34 | shift 35 | certs=$1;; 36 | -cm | --certmodulus) 37 | shift 38 | certmodulus=$1;; 39 | -e | --expires) 40 | shift 41 | expiration=$1;; 42 | -dcn | --duplicate-cn) 43 | shift 44 | duplicatecn="duplicate-cn";; 45 | -ci | --cipher) 46 | shift 47 | cipher=$1;; 48 | -p | --port) 49 | shift 50 | port=$1;; 51 | -pro | --proto) 52 | shift 53 | proto=$1;; 54 | -sub | --vpnsubnet) 55 | shift 56 | vpnsubnet=$1;; 57 | -d1 | --dns1) 58 | shift 59 | dns1=$1;; 60 | -d2 | --dns2) 61 | shift 62 | dns2=$1;; 63 | -en | --exitnode) 64 | shift 65 | exitnode=true;; 66 | -if | --iface) 67 | shift 68 | iface=$1;; 69 | esac 70 | shift 71 | done 72 | -------------------------------------------------------------------------------- /Scripts/BlockWPADDomains.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | mkdir /etc/dnsmasq; 4 | URL=https://data.iana.org/TLD/tlds-alpha-by-domain.txt 5 | test -f /etc/dnsmasq/block.wpad.txt && rm /etc/dnsmasq/block.wpad.txt 6 | for DOM in `wget -q $URL -O- |grep -v "#"`; do 7 | echo "server=/wpad.${DOM}/" >> /etc/dnsmasq/block.wpad.txt 8 | done 9 | 10 | # add to dnsmasq.conf: 11 | servers-file=/etc/dnsmasq/block.wpad.txt 12 | -------------------------------------------------------------------------------- /Scripts/CheckAptCommand.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | if [ -n "$(command -v apt-get | wc -l)" != "1" ] 4 | then 5 | echo "Please use Debian based system" 6 | exit 1 7 | fi 8 | -------------------------------------------------------------------------------- /Scripts/CheckBash.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | if readlink /proc/$$/exe | grep -qs "dash"; then 4 | echo "This script needs to be run with bash, not sh" 5 | exit 1 6 | fi 7 | -------------------------------------------------------------------------------- /Scripts/CheckBashVersion.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | echo "Checking bash version." 4 | version=$(bash --version | grep 'GNU bash' | sed 's/.*version \([0-9]*\)\..*/\1/') 5 | if [ "$version" = "4" ]; then 6 | echo "Bash version compatible." 7 | else 8 | echo "Bash version incompatible. Must be at least 4, yours is $version. You can enter this command in the terminal: apt-get install --only-upgrade bash" 9 | exit 1 10 | fi 11 | -------------------------------------------------------------------------------- /Scripts/CheckCentos.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | if [ ! -f /etc/redhat-release ]; then 4 | echo "Only supports Centos" 5 | exit 1 6 | fi 7 | -------------------------------------------------------------------------------- /Scripts/CheckDebian.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | if [ "$os_type" = "Debian" ]; then 4 | os_ver="$(sed 's/\..*//' /etc/debian_version 2>/dev/null)" 5 | if [ "$os_ver" != "8" ]; then 6 | echoerr "Only supports Debian 8 (Jessie)" 7 | exit 1 8 | fi 9 | fi 10 | -------------------------------------------------------------------------------- /Scripts/CheckDebianBased.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | os_type="$(lsb_release -si 2>/dev/null)" 4 | if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ] && [ "$os_type" != "Raspbian" ]; then 5 | exiterr "This script only supports Ubuntu/Debian." 6 | fi 7 | -------------------------------------------------------------------------------- /Scripts/CheckFQDN.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | echo "Please enter valid hostname:" 4 | echo "" 5 | read HOSTNAME 6 | 7 | FQDN_REGEX='^(([a-zA-Z](-?[a-zA-Z0-9])*)\.)*[a-zA-Z](-?[a-zA-Z0-9])+\.[a-zA-Z]{2,}$' 8 | if ! printf %s "$HOSTNAME" | grep -Eq "$FQDN_REGEX"; then 9 | echoerr "Invalid parameter. You must enter a FQDN domain name... exp: blog.mertcangokgoz.com" 10 | exit 1 11 | fi 12 | -------------------------------------------------------------------------------- /Scripts/CheckIP.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | MY_IP_ADDR=$(curl -s http://myip.enix.org/REMOTE_ADDR) 4 | [ "$MY_IP_ADDR" ] || { 5 | echo "Sorry, I could not figure out my public IP address." 6 | echo "(I use http://myip.enix.org/REMOTE_ADDR/ for that purpose.)" 7 | exit 1 8 | } 9 | -------------------------------------------------------------------------------- /Scripts/CheckMemory.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | phymem="$(free | awk '/^Mem:/{print $2}')" 4 | [ -z "$phymem" ] && phymem=0 5 | if [ "$phymem" -lt 1000000 ]; then 6 | echoerr "A minimum of 1024 MB RAM is required." 7 | exit 1 8 | fi 9 | -------------------------------------------------------------------------------- /Scripts/CheckOpenVPN.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | dpkg -l openvpn > /dev/null 2>&1 4 | if [[ $? -eq 0 ]]; then 5 | die "❯❯❯ OpenVPN is already installed." 6 | fi 7 | -------------------------------------------------------------------------------- /Scripts/CheckOpenVZ.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | if [ -f /proc/user_beancounters ]; then 4 | echo "Error: This script does not support OpenVZ VPS." >&2 5 | exit 1 6 | fi 7 | -------------------------------------------------------------------------------- /Scripts/CheckRoot.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | if [ "$(id -u)" != 0 ]; then 4 | echoerr "This script must be run as root. 'sudo bash $0'" 5 | exit 1 6 | fi 7 | -------------------------------------------------------------------------------- /Scripts/CheckTunTap.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | if [[ ! -e /dev/net/tun ]]; then 4 | echo "TUN is not available" 5 | exit 3 6 | fi 7 | -------------------------------------------------------------------------------- /Scripts/CheckUbuntu.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | os_type="$(lsb_release -si 2>/dev/null)" 4 | if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ]; then 5 | echoerr "Only supports Ubuntu/Debian" 6 | exit 1 7 | fi 8 | 9 | if [ "$os_type" = "Ubuntu" ]; then 10 | os_ver="$(lsb_release -sr)" 11 | if [ "$os_ver" != "16.04" ] && [ "$os_ver" != "14.04" ] && [ "$os_ver" != "12.04" ]; then 12 | echoerr "Only supports Ubuntu 12.04/14.04/16.04" 13 | exit 1 14 | fi 15 | fi 16 | -------------------------------------------------------------------------------- /Scripts/ColoredEcho.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | ok() { 4 | echo -e '\e[32m'$1'\e[m'; 5 | } 6 | 7 | #exp 8 | ok "❯❯❯ apt-get update" 9 | 10 | die() { 11 | echo -e '\e[1;31m'$1'\e[m'; exit 1; 12 | } 13 | 14 | die "❯❯❯ apt-get update" 15 | -------------------------------------------------------------------------------- /Scripts/CupsEnableFix.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | YAZICILAR=`lpstat -p | grep printer | grep -v enable | awk '{print $2}' | sed '/^$/d'` 6 | if [ "x$YAZICILAR" != "x" ]; then 7 | for yaziciadi in $YAZICILAR; do 8 | echo "Lutfen Bekleyin $yaziciadi Yazici Etkinlestiriliyor" 9 | cupsenable -h 127.0.0.1:631 $yaziciadi && logger "$yaziciadi Yazici Etkinlestirildi" 10 | done 11 | fi 12 | sleep 2 13 | -------------------------------------------------------------------------------- /Scripts/DNSBuild.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | echo "Welcome To Server DNS Creator" 4 | echo "Enter the following configuration parameters of the DNS" 5 | echo -n "Domain name: "; read -r domain 6 | echo -n "Ip address for dns (127.0.0.1): "; read -r ip 7 | echo -n "Ip address reverse zone (0.0.127) : "; read -r ipinv 8 | echo -n "Address network (127.0.0.1/32): "; read -r addred 9 | echo "Configuring DNS Please Wait..." 10 | echo " 11 | 12 | acl goodclients { 13 | $addred; 14 | localhost; 15 | localnets; 16 | }; 17 | 18 | options { 19 | listen-on port 53 { 127.0.0.1; $ip;}; 20 | listen-on-v6 port 53 { any; }; 21 | directory \"/var/named\"; 22 | dump-file \"/var/named/data/cache_dump.db\"; 23 | statistics-file \"/var/named/data/named_stats.txt\"; 24 | memstatistics-file \"/var/named/data/named_mem_stats.txt\"; 25 | 26 | recursion yes; 27 | allow-query { goodclients; }; 28 | 29 | auth-nxdomain no; 30 | dnssec-enable yes; 31 | dnssec-validation yes; 32 | 33 | /* Path to ISC DLV key */ 34 | bindkeys-file \"/etc/named.iscdlv.key\"; 35 | 36 | managed-keys-directory \"/var/named/dynamic\"; 37 | 38 | pid-file \"/run/named/named.pid\"; 39 | session-keyfile \"/run/named/session.key\"; 40 | }; 41 | 42 | logging { 43 | channel default_debug { 44 | file \"data/named.run\"; 45 | severity dynamic; 46 | }; 47 | }; 48 | 49 | zone \".\" IN { 50 | type hint; 51 | file \"named.ca\"; 52 | }; 53 | 54 | zone \"$domain\" IN { 55 | type master; 56 | file \"direct.${domain%.*}\"; 57 | allow-update {none;}; 58 | }; 59 | 60 | zone \"$ipinv.in-addr.arpa\" IN { 61 | type master; 62 | file \"reverse.${domain%.*}\"; 63 | allow-update {none;}; 64 | }; 65 | 66 | include \"/etc/named.rfc1912.zones\"; 67 | include \"/etc/named.root.key\"; 68 | " > /etc/named.conf 69 | echo "[PASS]" 70 | echo "Configuring zones" 71 | echo -n "IP for pgsql.$domain: "; read -r ip1 72 | echo -n "IP for aulavirtual.$domain: "; read -r ip2 73 | echo -n "IP for mariadb.$domain: "; read -r ip3 74 | echo -n "IP for system.$domain: "; read -r ip4 75 | echo "\$TTL 86400 76 | @ IN SOA www.$domain. root.$domain. ( 77 | 2009091001 78 | 28800 79 | 7200 80 | 604800 81 | 86400 82 | ) 83 | @ IN NS www.$domain. 84 | @ IN A $ip 85 | @ IN A $ip1 86 | @ IN A $ip2 87 | @ IN A $ip3 88 | @ IN A $ip4 89 | www IN A $ip 90 | pgsql IN A $ip1 91 | aulavirtual IN A $ip2 92 | mariadb IN A $ip3 93 | system IN A $ip4 94 | " > "/var/named/direct.${domain%.*}" 95 | echo "\$TTL 86400 96 | @ IN SOA www.$domain. root.$domain. ( 97 | 2009091001 98 | 28800 99 | 7200 100 | 604800 101 | 86400 102 | ) 103 | @ IN NS www.$domain. 104 | @ IN PTR $domain. 105 | www IN A $ip 106 | pgsql IN A $ip1 107 | aulavirtual IN A $ip2 108 | mariadb IN A $ip3 109 | system IN A $ip4 110 | 111 | ${ip##*.} IN PTR www.$domain. 112 | ${ip1##*.} IN PTR pgsql.$domain. 113 | ${ip2##*.} IN PTR aulavitual.$domain.com. 114 | ${ip3##*.} IN PTR mariadb.$domain. 115 | ${ip4##*.} IN PTR system.$domain. 116 | " > "/var/named/reverse.${domain%.*}" 117 | echo "[PASS]" 118 | echo "Restarting named" 119 | systemctl restart named 120 | named-checkconf /etc/named.conf 121 | named-checkzone "$domain" /var/named/direct."${domain%.*}" 122 | named-checkzone "$domain" /var/named/reverse."${domain%.*}" 123 | echo -e "\n nameserver $ip" >> /etc/resolve.conf 124 | echo "Restarting httpd" 125 | systemctl restart httpd 126 | echo "[PASS]" 127 | echo "DNS Configuration finished" 128 | echo "to add a new one, run the script again" 129 | echo "sh dnsbuild.sh" 130 | echo "Thanks" 131 | -------------------------------------------------------------------------------- /Scripts/DNSandUpdate.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | echo "Change DNS" 4 | echo 5 | #sh -c "echo nameserver 77.88.8.88 > /etc/resolv.conf" 6 | #sh -c "echo nameserver 77.88.8.2 >> /etc/resolv.conf" 7 | echo 8 | echo 9 | #echo "Done! Your resolv.conf file should look like this:" 10 | echo 11 | echo 12 | cat /etc/resolv.conf 13 | echo "Update and Upgrade" 14 | echo 15 | sh -c "apt-get update && apt-get -y upgrade && apt-get -y dist-upgrade" 16 | echo 17 | echo "Done!" 18 | -------------------------------------------------------------------------------- /Scripts/DisableSelinux.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Credit goes to this article for the instructions in this shell script: 4 | # http://blog.zwiegnet.com/linux-server/disable-selinux-centos-7/ 5 | # 6 | # Script by: Michael Dichirico (https://github.com/mdichirico/public-shell-scripts) 7 | # 8 | # PLEASE READ: 9 | # 10 | # This script will completely disable SELinux. 11 | # 12 | # In order for the changes to take effect, you'll need to reboot your CentOS 7 server 13 | # afterwards. 14 | # 15 | # INSTRUCTIONS: 16 | # 1. Copy this shell script to your home directory 17 | # 2. Make it executable by using the following command: 18 | # chmod a+x disable-selinux-on-cent-os-7.sh 19 | # 3. Execute the script with the following command: 20 | # sudo ./disable-selinux-on-cent-os-7.sh 21 | # 4. After the script finishes, reboot your server. 22 | # 23 | # 24 | 25 | sudo sed -i 's/enforcing/disabled/g' /etc/selinux/config /etc/selinux/config 26 | sudo sestatus 27 | 28 | echo "" 29 | echo "Finished with script execution!" 30 | echo "In the above output, you'll see that the value of 'SELinux status' is 'enabled'." 31 | echo "That is normal. Do the following two steps:" 32 | echo " 1. reboot your environment: " 33 | echo "" 34 | echo " sudo shutdown -r now" 35 | echo "" 36 | echo " 2. When you server comes back online, run this command:" 37 | echo "" 38 | echo " sudo sestatus" 39 | echo "" 40 | echo " You should then see 'SELinux status: disabled' to confirm that SELinux is in fact disabled" 41 | echo "" -------------------------------------------------------------------------------- /Scripts/ErrorCheck.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | if [ "$?" = "1" ] 4 | then 5 | echo "An unexpected error occured!" 6 | exit 0 7 | fi 8 | -------------------------------------------------------------------------------- /Scripts/GhostInstall.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | clear 4 | 5 | set -e 6 | 7 | echo "" 8 | 9 | echoerr() { echo "ERROR: ${1}" >&2; } 10 | 11 | if [ "$(id -u)" != 0 ]; then 12 | echoerr "This script must be run as root. 'sudo bash $0'" 13 | exit 1 14 | fi 15 | 16 | os_type="$(lsb_release -si 2>/dev/null)" 17 | if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ]; then 18 | echoerr "Only supports Ubuntu/Debian" 19 | exit 1 20 | fi 21 | 22 | if [ "$os_type" = "Ubuntu" ]; then 23 | os_ver="$(lsb_release -sr)" 24 | if [ "$os_ver" != "16.04" ] && [ "$os_ver" != "14.04" ] && [ "$os_ver" != "12.04" ]; then 25 | echoerr "Only supports Ubuntu 12.04/14.04/16.04" 26 | exit 1 27 | fi 28 | fi 29 | 30 | if [ "$os_type" = "Debian" ]; then 31 | os_ver="$(sed 's/\..*//' /etc/debian_version 2>/dev/null)" 32 | if [ "$os_ver" != "8" ]; then 33 | echoerr "Only supports Debian 8 (Jessie)" 34 | exit 1 35 | fi 36 | fi 37 | 38 | phymem="$(free | awk '/^Mem:/{print $2}')" 39 | [ -z "$phymem" ] && phymem=0 40 | if [ "$phymem" -lt 1000000 ]; then 41 | echoerr "A minimum of 1024 MB RAM is required." 42 | exit 1 43 | fi 44 | 45 | echo "Please enter valid hostname:" 46 | echo "" 47 | read HOSTNAME 48 | 49 | FQDN_REGEX='^(([a-zA-Z](-?[a-zA-Z0-9])*)\.)*[a-zA-Z](-?[a-zA-Z0-9])+\.[a-zA-Z]{2,}$' 50 | if ! printf %s "$HOSTNAME" | grep -Eq "$FQDN_REGEX"; then 51 | echoerr "Invalid parameter. You must enter a FQDN domain name... exp: blog.mertcangokgoz.com" 52 | exit 1 53 | fi 54 | 55 | echo "System upgrade and install dependencies" 56 | apt-get -y update 57 | apt-get -y upgrade 58 | apt-get install -y npm nodejs nodejs-legacy zip nginx 59 | curl -sL https://deb.nodesource.com/setup_8.x | sudo bash - 60 | 61 | echo "Ghost download and configuring" 62 | mkdir -p /var/www 63 | cd /var/www/ 64 | curl -L -O https://ghost.org/zip/ghost-latest.zip 65 | unzip -d ghost ghost-latest.zip 66 | rm ghost-latest.zip 67 | cd ghost/ 68 | sed -e "s/my-ghost-blog.com/$HOSTNAME/" config.js 69 | npm install -g grunt-cli 70 | npm install --production 71 | 72 | echo "configuring ghost user" 73 | adduser --shell /bin/bash --gecos 'Ghost application' ghost --disabled-password 74 | echo ghost:ghost | chpasswd 75 | chown -R ghost:ghost /var/www/ghost/ 76 | 77 | echo "configuring nginx" 78 | touch /etc/nginx/sites-available/ghost 79 | echo "server {" >> /etc/nginx/sites-available/ghost 80 | echo " listen 80;" >> /etc/nginx/sites-available/ghost 81 | echo " server_name $HOSTNAME;" >> /etc/nginx/sites-available/ghost 82 | echo " location / {" >> /etc/nginx/sites-available/ghost 83 | echo " proxy_set_header X-Real-IP \$remote_addr;" >> /etc/nginx/sites-available/ghost 84 | echo " proxy_set_header Host \$http_host;" >> /etc/nginx/sites-available/ghost 85 | echo " proxy_pass http://127.0.0.1:2368;" >> /etc/nginx/sites-available/ghost 86 | echo " }" >> /etc/nginx/sites-available/ghost 87 | echo " }" >> /etc/nginx/sites-available/ghost 88 | 89 | ln -s /etc/nginx/sites-available/ghost /etc/nginx/sites-enabled/ghost 90 | 91 | echo "remove default profile and restart nginx" 92 | rm /etc/nginx/sites-available/default 93 | rm /etc/nginx/sites-enabled/default 94 | service nginx restart 95 | 96 | echo "install PM2" 97 | echo "#!/usr/bin/env bash" >> /home/ghost/start.sh 98 | echo "export NODE_ENV=production" >> /home/ghost/start.sh 99 | echo "cd /var/www/ghost/" >> /home/ghost/start.sh 100 | echo "npm start --production" >> /home/ghost/start.sh 101 | chmod +x /home/ghost/start.sh 102 | npm install pm2 -g 103 | 104 | echo "configuring PM2" 105 | su -c "echo 'export NODE_ENV=production' >> ~/.profile" -s /bin/bash ghost 106 | su -c "source ~/.profile" -s /bin/bash ghost 107 | su -c "/usr/local/bin/pm2 kill" -s /bin/bash ghost 108 | su -c "env /usr/local/bin/pm2 start /home/ghost/start.sh --interpreter=bash --name ghost" -s /bin/bash ghost 109 | env PATH=$PATH:/usr/bin pm2 startup ubuntu -u ghost --hp /home/ghost 110 | su -c "pm2 save" -s /bin/bash ghost 111 | 112 | echo "Ghost CMS Started" 113 | -------------------------------------------------------------------------------- /Scripts/ImageShadow.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | convert "$1" -trim \( +clone -background grey45 -shadow 80x40+5+10 \) +swap -background transparent -layers merge +repage "$1-s.png" 4 | -------------------------------------------------------------------------------- /Scripts/InstallSpotify.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | #Check root 4 | if [ $(id -u) != "0" ]; 5 | then 6 | echo "Needs to be run by a user with root privilege." 7 | exit 1 8 | fi 9 | 10 | # Check debian packages manager 11 | if [ -n "$(command -v apt-get | wc -l)" != "1" ] 12 | then 13 | echo "Please use Debian based system" 14 | exit 1 15 | fi 16 | 17 | # Check to see if Spotify repository 18 | echo " Checking /etc/apt/sources.list for repository." 19 | ssource=`grep -o -E "deb http://repository.spotify.com stable non-free" /etc/apt/sources.list | wc -l` 20 | if [ $ssource -eq 0 ]; then 21 | echo '' | sudo tee -a /etc/apt/sources.list.d/spotify.list 22 | echo '## SPOTIFY-CLIENT' | sudo tee -a /etc/apt/sources.list.d/spotify.list 23 | echo 'deb http://repository.spotify.com stable non-free' | sudo tee -a /etc/apt/sources.list.d/spotify.list 24 | else 25 | echo " Skipping addition to /etc/apt/sources.list.d/sources.list." 26 | fi 27 | 28 | # Verify downloaded packages 29 | sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886 30 | 31 | # Run apt-get update 32 | sudo apt-get update 33 | 34 | # Install spotify! 35 | sudo apt-get install spotify-client 36 | 37 | echo " Done. Add Spotify to your system" 38 | echo " Press any key to continue." 39 | read 40 | -------------------------------------------------------------------------------- /Scripts/LampInstaller.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # PALI : The Perfect Automatic Lamp Installer 4 | # Version : 2.3 (stable for use in Production) 5 | # Author : Christophe Casalegno / Brain 0verride 6 | # Website : http://www.christophe-casalegno.com 7 | # Twitter : https://twitter.com/Brain0verride 8 | # Email : brain@christophe-casalegno.com 9 | # Note : Only tested on Debian 9 10 | 11 | 12 | # Vars 13 | RED='\033[38;5;160m' #ex echo -e "${RED} ALERT" 14 | NC='\033[0m' #ex echo -e "${NC} Normal" 15 | GREEN='\033[0;32m' #ex echo -e "${GREEN} OK" 16 | YELLOW='\033[38;5;226m' #ex echo -e "${YELLOW} Warning" 17 | admin_mail='pali@christophe-casalegno.com' # Put your admin email here 18 | installer='apt' # installer (apt-get, yum, urpmi, zypper, etc.) 19 | installer_options='-y -f install' # options for the installer1 20 | replacer='sed' # command used for replacement 21 | replacer_options='-i' # options for the replacer 22 | sources_list='/etc/apt/sources.list' 23 | myhost=$(hostname -f |cut -d " " -f1) 24 | export HOSTNAME2=$myhost 25 | ip=$(hostname -I |cut -d " " -f1) 26 | auto='debconf-set-selections' 27 | iptablesfix='/etc/network/if-pre-up.d/iptables' 28 | firewall_conf='/etc/iptables.rules' 29 | sshd_conf='/etc/ssh/sshd_config' 30 | vhosts_conf='/etc/apache2/sites-available' 31 | event_conf='/etc/apache2/mods-available/mpm_event.conf' 32 | apache_conf='/etc/apache2/apache2.conf' 33 | fpm_conf='/etc/php/7.0/fpm/pool.d' 34 | php_conf='/etc/php/7.0/fpm/php.ini' 35 | phpcli_conf='/etc/php/7.0/cli/php.ini' 36 | phpmyadmin_conf='/etc/phpmyadmin/apache.conf' 37 | mysql_conf='/etc/mysql/my.cnf' 38 | munin_conf='/etc/munin/apache24.conf' 39 | munin_master_conf='/etc/munin/munin.conf' 40 | munin_node_conf='/etc/munin/munin-node.conf' 41 | munin_orig='/usr/share/munin/plugins' 42 | munin_dest='/etc/munin/plugins' 43 | rkhunter_conf='/etc/default/rkhunter' 44 | fail2ban_conf='/etc/fail2ban/jail.conf' 45 | webmin_conf='/etc/webmin/miniserv.conf' 46 | webmin_port='10000' 47 | ssh_port='22' 48 | nodejs_version='7' 49 | tmpcron='/root/tmpcron.txt' 50 | need_packages='pwgen' 51 | conf_locale=$(set |grep LANG |cut -d "=" -f2) 52 | options_found=0 53 | letsencrypt=0 54 | memory=$(free | awk 'FNR == 3 {print $4}' |awk '{ byte = $1 /1024/1024 ; byte =$1 /1024/2 ; print byte}' |cut -d "." -f1) 55 | 56 | # UID verification 57 | 58 | if [ "$UID" -ne "0" ] 59 | 60 | then 61 | echo -e "${RED} [ ERROR ]" "${NC} you must be root to install the server" 62 | exit 0 63 | 64 | else 65 | echo -e "${GREEN} [ OK ]" "${NC} UID ok, install in progress..." 66 | 67 | fi 68 | 69 | 70 | 71 | while getopts ":a:n:s:w:j:l:h" opt 72 | do 73 | 74 | options_found=1 75 | 76 | case $opt in 77 | 78 | a) 79 | admin_mail="$OPTARG" 80 | ;; 81 | n) 82 | myhost="$OPTARG" 83 | ;; 84 | s) 85 | ssh_port="$OPTARG" 86 | ;; 87 | w) 88 | webmin_port="$OPTARG" 89 | ;; 90 | j) 91 | nodejs_version="$OPTARG" 92 | ;; 93 | l) 94 | letsencrypt="$OPTARG" 95 | ;; 96 | h) 97 | echo './pali.sh -a your@email -n yourhostname (xxx.domain.tld) -s newssh_port -w newwebmin_port -j nodejs_version (6, 7 or 8) -l (1 for letsencrypt)' 98 | exit 1 99 | ;; 100 | \?) 101 | echo -e "${RED} [ ERROR ]" "${NC} Invalid option: -$OPTARG" >&2 102 | exit 1 103 | ;; 104 | :) 105 | echo -e "${YELLOW} [ WARNING ]" "Option -$OPTARG requires an argument." >&2 106 | exit 1 107 | ;; 108 | 109 | esac 110 | done 111 | 112 | 113 | 114 | if [ "$options_found" -ne '1' ] 115 | 116 | then 117 | 118 | echo -e "${YELLOW} [ WARNING ]" "${NC} no options found, defaults parameters will be used" 119 | 120 | fi 121 | 122 | #Verification if server was already installed 123 | 124 | if [ -r "/root/$myhost.installed" ] 125 | 126 | then 127 | 128 | echo -e "${RED} [ ERROR ]" "${NC} server $myhost was already installed !!!" 129 | exit 0 130 | 131 | else 132 | echo -e "${GREEN} [ OK ]" "${NC} server has not been installed before, install in progress..." 133 | 134 | fi 135 | 136 | 137 | # Emails verifications 138 | 139 | if [ "$admin_mail" = 'pali@christophe-casalegno.com' ] 140 | 141 | then 142 | echo -e "${RED} [ ERROR ]" "${NC} admin email address has not been setuped, please setup it or use -a option" 143 | exit 0 144 | 145 | else 146 | echo -e "${GREEN} [ OK ]" "${NC} admin email ok, install in progress..." 147 | 148 | fi 149 | 150 | # Hostname verification 151 | 152 | if [ "$myhost" != "$HOSTNAME2" ] 153 | 154 | then 155 | echo -e "${YELLOW} [WARNING]" "${NC} Hostname doesn't match the actual server host, changing server hostname in progress..." 156 | oldhost=$(grep "$ip" /etc/hosts) 157 | cuthost=$(echo "$myhost" |cut -d "." -f1) 158 | newhost="$ip $myhost $cuthost" 159 | $replacer $replacer_options "s#$oldhost#$newhost#" /etc/hosts 160 | $replacer $replacer_options "s#$HOSTNAME#$cuthost#" /etc/hostname 161 | $replacer $replacer_options "s#root@$HOSTNAME#root@$cuthost#" /etc/ssh/*.pub 162 | hostname "$cuthost" 163 | hostnamectl set-hostname "$cuthost" 164 | else 165 | 166 | echo -e "${GREEN} [ OK ]" "${NC} hostname ok, install in progress..." 167 | 168 | fi 169 | 170 | # Fix warning: Falling back to a fallback locale issue 171 | echo LC_ALL="$conf_locale" > /etc/environment 172 | export_locale=$(grep LC_ALL /etc/environment) 173 | export $export_locale 174 | 175 | # Added sources 176 | { 177 | echo '# Added by PALI' 178 | echo '' 179 | echo 'deb http://mirrors.linode.com/debian/ stretch main contrib non-free' 180 | echo 'deb-src http://mirrors.linode.com/debian/ stretch main contrib non-free' 181 | echo '' 182 | echo 'deb http://security.debian.org/ stretch/updates contrib non-free' 183 | echo 'deb-src http://security.debian.org/ stretch/updates non-free' 184 | echo '' 185 | echo 'deb http://mirrors.linode.com/debian/ stretch-updates main contrib non-free' 186 | echo 'deb-src http://mirrors.linode.com/debian/ stretch-updates main contrib non-free' 187 | } >> $sources_list 188 | 189 | echo 'deb http://ftp.debian.org/debian stretch-backports main' | tee /etc/apt/sources.list.d/backports.list 190 | 191 | $installer update 192 | $installer -y upgrade 193 | 194 | $installer $installer_options $need_packages 195 | 196 | tld=$(pwgen -A -B 2 1) 197 | usr=$(echo "$myhost" |sed 's/\.//g'|cut -b 1-14) 198 | sysuser="$usr$tld" 199 | genroot_pass=$(pwgen -A -B 12 1) 200 | root_pass="$genroot_pass" 201 | 202 | gensysuser_pass=$(pwgen -A -B 12 1) 203 | sysuser_pass="$gensysuser_pass" 204 | 205 | genmysqlroot_pass=$(pwgen -A -B 12 1) 206 | mysqlroot_pass="$genmysqlroot_pass" 207 | 208 | genmysql_pass=$(pwgen -A -B 12 1) 209 | mysql_pass="$genmysql_pass" 210 | 211 | genphpmyadmin_pass=$(pwgen -A -B 8 1) 212 | phpmyadmin_pass="$genphpmyadmin_pass" 213 | 214 | packages='libwww-perl ntpdate apt-transport-https python-certbot-apache man vim emacs iotop htop mc libapache2-mod-fcgid apache2 apache2-doc imagemagick php7.0 php7.0-zip php7.0-ssh2 php7.0-common php7.0-cli php7.0-mysqlnd php7.0-pgsql php-apcu php7.0-curl php7.0-gd php7.0-intl php-imagick php7.0-imap php7.0-mcrypt php-memcache php-memcached php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0-xmlrpc php7.0-xsl php-soap php7.0-mbstring php7.0-common php7.0-fpm mysql-server mysql-client phpmyadmin munin munin-node postfix libapache2-mod-php7.0 mailutils memcached git rsync pure-ftpd ftp curl strace python-setuptools python-dev gcc librsync-dev librsync1 python-cffi python-crypto python-cryptography python-ecdsa python-jwt python-lockfile python-ndg-httpsclient python-oauthlib python-openssl python-paramiko python-pkg-resources python-ply python-pyasn1 python-pycparser python-six python-urllib3 rkhunter chkrootkit fail2ban screen' # packages to be installed (you can modify for your needs) 215 | 216 | backport_packages='' 217 | 218 | # Automation 219 | 220 | # Mysql Server 221 | $auto <<< "mysql-server mysql-server/root_password password $mysqlroot_pass" 222 | $auto <<< "mysql-server mysql-server/root_password_again password $mysqlroot_pass" 223 | 224 | # Postfix 225 | $auto <<< "postfix postfix/mailname string $myhost" 226 | $auto <<< "postfix postfix/main_mailer_type string 'Internet Site'" 227 | 228 | # Phpmyadmin 229 | $auto <<< "phpmyadmin phpmyadmin/dbconfig-install boolean true" 230 | $auto <<< "phpmyadmin phpmyadmin/app-password-confirm password $phpmyadmin_pass" 231 | $auto <<< "phpmyadmin phpmyadmin/mysql/admin-pass password $mysqlroot_pass" 232 | $auto <<< "phpmyadmin phpmyadmin/mysql/app-pass password $phpmyadmin_pass" 233 | $auto <<< "phpmyadmin phpmyadmin/reconfigure-webserver multiselect apache2" 234 | 235 | 236 | # Content for file or other stuff 237 | 238 | content_firewall=" 239 | *filter 240 | :INPUT DROP [0:0] 241 | :FORWARD DROP [0:0] 242 | :OUTPUT DROP [0:0] 243 | -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 244 | -A INPUT -i lo -j ACCEPT 245 | -A INPUT -p icmp -j ACCEPT 246 | -A INPUT -p tcp -m tcp --dport $ssh_port -j ACCEPT 247 | -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT 248 | -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT 249 | -A INPUT -p tcp -m tcp --dport $webmin_port -j ACCEPT 250 | -A INPUT -p tcp --dport 20 -j ACCEPT 251 | -A INPUT -p tcp --dport 21 -j ACCEPT 252 | -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 253 | -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 254 | -A OUTPUT -o lo -j ACCEPT 255 | -A OUTPUT -p icmp -j ACCEPT 256 | -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT 257 | -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT 258 | -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT 259 | -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT 260 | -A OUTPUT -p tcp -m tcp --dport 123 -j ACCEPT 261 | -A OUTPUT -p udp -m udp --sport 123 -j ACCEPT 262 | -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT 263 | -A OUTPUT -p tcp -m tcp --dport 25 -j ACCEPT 264 | -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT 265 | -A OUTPUT -p tcp -m tcp --dport 65022 -j ACCEPT 266 | COMMIT 267 | " 268 | 269 | content_munin=' 270 | Alias /munin /var/cache/munin/www 271 | 272 | AuthUserfile /etc/munin/munin-htpasswd 273 | AuthName "Munin Access" 274 | AuthType Basic 275 | Require valid-user 276 | Options None 277 | 278 | 279 | ScriptAlias /munin-cgi/munin-cgi-graph /usr/lib/munin/cgi/munin-cgi-graph 280 | 281 | AuthUserfile /etc/munin/munin-htpasswd 282 | AuthName "Munin Access" 283 | AuthType Basic 284 | Require valid-user 285 | 286 | 287 | SetHandler fcgid-script 288 | 289 | 290 | SetHandler cgi-script 291 | 292 | 293 | ' 294 | 295 | 296 | content_fail2ban=" 297 | [INCLUDES] 298 | before = paths-debian.conf 299 | 300 | [DEFAULT] 301 | 302 | ignoreip = 127.0.0.1/8 303 | ignorecommand = 304 | bantime = 600 305 | findtime = 600 306 | maxretry = 3 307 | backend = auto 308 | enabled = false 309 | usedns = warn 310 | logencoding = auto 311 | filter = %(__name__)s 312 | destemail = $admin_mail 313 | sendername = Fail2Ban $myhost 314 | sender = fail2ban@$myhost 315 | mta = sendmail 316 | protocol = tcp 317 | chain = INPUT 318 | port = 1:65535 319 | fail2ban_agent = Fail2Ban/%(fail2ban_version)s 320 | banaction = iptables-multiport 321 | banaction_allports = iptables-allports 322 | action_ = %(banaction)s[name=%(__name__)s, port=\"%(port)s\", protocol=\"%(protocol)s\", chain=\"%(chain)s\"] 323 | action_mw = %(banaction)s[name=%(__name__)s, port=\"%(port)s\", protocol=\"%(protocol)s\", chain=\"%(chain)s\"] 324 | %(mta)s-whois[name=%(__name__)s, dest=\"%(destemail)s\", protocol=\"%(protocol)s\", chain=\"%(chain)s\", sendername=\"%(sendername)s\"] 325 | action_mwl = %(banaction)s[name=%(__name__)s, port=\"%(port)s\", protocol=\"%(protocol)s\", chain=\"%(chain)s\"] 326 | %(mta)s-whois-lines[name=%(__name__)s, dest=\"%(destemail)s\", logpath=%(logpath)s, chain=\"%(chain)s\", sendername=\"%(sendername)s\"] 327 | action = %(action_)s 328 | 329 | [ssh] 330 | 331 | enabled = true 332 | port = $ssh_port 333 | filter = sshd 334 | logpath = /var/log/auth.log 335 | maxretry = 6 336 | 337 | [ssh-ddos] 338 | 339 | enabled = false 340 | port = $ssh_port 341 | filter = sshd-ddos 342 | logpath = /var/log/auth.log 343 | maxretry = 6 344 | 345 | [apache] 346 | 347 | enabled = true 348 | port = http,https 349 | filter = apache-auth 350 | logpath = /var/log/apache2/*error.log 351 | maxretry = 6 352 | 353 | [apache-multiport] 354 | 355 | enabled = true 356 | port = http,https 357 | filter = apache-auth 358 | logpath = /var/log/apache2/*error.log 359 | maxretry = 6 360 | 361 | [apache-noscript] 362 | 363 | enabled = true 364 | port = http,https 365 | filter = apache-noscript 366 | logpath = /var/log/apache2/*error.log 367 | maxretry = 6 368 | 369 | [apache-overflows] 370 | 371 | enabled = true 372 | port = http,https 373 | filter = apache-overflows 374 | logpath = /var/log/apache2/*error.log 375 | maxretry = 2 376 | 377 | [apache-modsecurity] 378 | 379 | enabled = false 380 | filter = apache-modsecurity 381 | port = http,https 382 | logpath = /var/log/apache*/*error.log 383 | maxretry = 2 384 | 385 | [apache-nohome] 386 | 387 | enabled = false 388 | filter = apache-nohome 389 | port = http,https 390 | logpath = /var/log/apache*/*error.log 391 | maxretry = 2 392 | 393 | [pure-ftpd] 394 | 395 | enabled = true 396 | port = ftp,ftp-data,ftps,ftps-data 397 | filter = pure-ftpd 398 | logpath = /var/log/syslog 399 | maxretry = 6 400 | 401 | [postfix] 402 | 403 | enabled = false 404 | port = smtp,ssmtp,submission 405 | filter = postfix 406 | logpath = /var/log/mail.log 407 | 408 | [recidive] 409 | 410 | enabled = false 411 | filter = recidive 412 | logpath = /var/log/fail2ban.log 413 | action = iptables-allports[name=recidive] 414 | sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log] 415 | bantime = 604800 ; 1 week 416 | findtime = 86400 ; 1 day 417 | maxretry = 5 418 | 419 | [ssh-blocklist] 420 | 421 | enabled = false 422 | filter = sshd 423 | action = iptables[name=SSH, port=ssh, protocol=tcp] 424 | sendmail-whois[name=SSH, dest=\"%(destemail)s\", sender=\"%(sender)s\", sendername=\"%(sendername)s\"] 425 | blocklist_de[email=\"%(sender)s\", apikey=\"xxxxxx\", service=\"%(filter)s\"] 426 | logpath = /var/log/sshd.log 427 | maxretry = 20 428 | " 429 | 430 | content_cron=' 431 | 0 1 * * * /usr/sbin/ntpdate fr.pool.ntp.org 432 | ' 433 | 434 | content_event=' 435 | 436 | ServerLimit 256 437 | StartServers 50 438 | MaxClients 1024 439 | MinSpareThreads 50 440 | MaxSpareThreads 150 441 | ThreadsPerChild 40 442 | MaxRequestsPerChild 0 443 | 444 | ' 445 | 446 | content_firstvhost=" 447 | 448 | ServerAdmin webmaster@$myhost 449 | DocumentRoot /home/$sysuser/www 450 | ServerName $myhost 451 | CustomLog /var/log/apache2/$myhost.log combined 452 | ErrorLog /var/log/apache2/$myhost-error.log 453 | ScriptAlias /cgi-bin/ /home/$sysuser/cgi-bin/ 454 | 455 | 456 | SetHandler \"proxy:unix:/run/php/$myhost.sock|fcgi://localhost/\" 457 | 458 | 459 | 460 | Options -Indexes +FollowSymLinks +MultiViews 461 | AllowOverride All 462 | Order allow,deny 463 | allow from all 464 | Require all granted 465 | 466 | 467 | 468 | " 469 | if [ "$letsencrypt" = "1" ] 470 | 471 | then 472 | 473 | content_secondvhost=" 474 | 475 | ServerAdmin webmaster@$myhost 476 | DocumentRoot /home/$sysuser/www 477 | ServerName $myhost 478 | CustomLog /var/log/apache2/$myhost.log combined 479 | ErrorLog /var/log/apache2/$myhost-error.log 480 | ScriptAlias /cgi-bin/ /home/$myhost/cgi-bin/ 481 | 482 | 483 | SetHandler \"proxy:unix:/run/php/$myhost.sock|fcgi://localhost/\" 484 | 485 | 486 | 487 | Options Indexes FollowSymLinks MultiViews 488 | AllowOverride All 489 | Order allow,deny 490 | allow from all 491 | Require all granted 492 | 493 | 494 | SSLCertificateFile /etc/letsencrypt/live/$myhost/fullchain.pem 495 | SSLCertificateKeyFile /etc/letsencrypt/live/$myhost/privkey.pem 496 | Include /etc/letsencrypt/options-ssl-apache.conf 497 | 498 | 499 | " 500 | 501 | fi 502 | 503 | content_fpm_www=" 504 | [www] 505 | 506 | user = www-data 507 | group = www-data 508 | 509 | listen = /run/php/www.sock 510 | listen.backlog = -1 511 | listen.allowed_clients = 127.0.0.1 512 | 513 | listen.owner = www-data 514 | listen.group = www-data 515 | listen.mode = 0660 516 | 517 | pm = dynamic 518 | pm.max_children = 15 519 | pm.start_servers = 6 520 | pm.min_spare_servers = 3 521 | pm.max_spare_servers = 9 522 | pm.max_requests = 0 523 | 524 | request_terminate_timeout = 0 525 | request_slowlog_timeout = 0 526 | 527 | slowlog = /var/log/php-fpm/www-slow.log 528 | chdir = / 529 | catch_workers_output = no 530 | " 531 | 532 | content_fpm=" 533 | [$myhost] 534 | 535 | listen = /run/php/$myhost.sock 536 | 537 | listen.backlog = -1 538 | 539 | listen.allowed_clients = 127.0.0.1 540 | 541 | listen.owner = $sysuser 542 | listen.group = www-data 543 | listen.mode = 0660 544 | 545 | user = $sysuser 546 | group = users 547 | 548 | pm = dynamic 549 | pm.max_children = 150 550 | pm.start_servers = 25 551 | pm.min_spare_servers = 25 552 | pm.max_spare_servers = 75 553 | pm.max_requests = 0 554 | 555 | pm.status_path = /phpfpm-status-$myhost 556 | ping.path = /phpfpm-ping-$myhost 557 | ping.response = pong 558 | 559 | request_terminate_timeout = 0 560 | request_slowlog_timeout = 0 561 | 562 | slowlog = /var/log/php-fpm/$myhost-slow.log 563 | chdir = / 564 | catch_workers_output = no 565 | " 566 | 567 | content_mycnf=' 568 | [client] 569 | port = 3306 570 | socket = /var/run/mysqld/mysqld.sock 571 | 572 | [mysqld_safe] 573 | socket = /var/run/mysqld/mysqld.sock 574 | nice = 0 575 | 576 | [mysqld] 577 | user = mysql 578 | pid-file = /var/run/mysqld/mysqld.pid 579 | socket = /var/run/mysqld/mysqld.sock 580 | port = 3306 581 | basedir = /usr 582 | datadir = /var/lib/mysql 583 | tmpdir = /tmp 584 | lc-messages-dir = /usr/share/mysql 585 | skip-external-locking 586 | bind-address = * 587 | key_buffer_size = 256M 588 | max_allowed_packet = 64M 589 | thread_stack = 192K 590 | thread_cache_size = 256 591 | myisam-recover = BACKUP 592 | query_cache_limit = 1M 593 | query_cache_size = 128M 594 | max_connections = 128 595 | connect_timeout = 10 596 | wait_timeout = 600 597 | table_cache = 4096 598 | table_open_cache = 4096 599 | table_definition_cache = 4096 600 | max_heap_table_size = 512M 601 | sort_buffer_size = 32M 602 | bulk_insert_buffer_size = 16M 603 | tmp_table_size = 512M 604 | 605 | 606 | log_error = /var/log/mysql/error.log 607 | expire_logs_days = 10 608 | max_binlog_size = 100M 609 | 610 | innodb_buffer_pool_size = 2048M 611 | innodb_log_buffer_size = 16M 612 | innodb_file_per_table = 1 613 | innodb_open_files = 400 614 | innodb_io_capacity = 400 615 | innodb_read_io_threads=64 616 | innodb_write_io_threads=64 617 | innodb_thread_concurrency=16 618 | innodb_flush_method = O_DIRECT 619 | innodb_flush_log_at_trx_commit=2 620 | 621 | [mysqldump] 622 | quick 623 | quote-names 624 | max_allowed_packet = 16M 625 | 626 | [mysql] 627 | 628 | [isamchk] 629 | key_buffer_size = 16M 630 | 631 | !includedir /etc/mysql/conf.d/ 632 | ' 633 | 634 | content_genmysql=" 635 | CREATE USER '$sysuser'@'localhost' IDENTIFIED BY '$mysql_pass'; 636 | CREATE DATABASE IF NOT EXISTS \`"$sysuser"\` ; 637 | GRANT ALL PRIVILEGES ON \`"$sysuser"\`.* TO '$sysuser'@'localhost'; 638 | FLUSH PRIVILEGES; 639 | " 640 | 641 | content_rootmysql=" 642 | UPDATE user set password=PASSWORD('$mysqlroot_pass') where User='root'; 643 | FLUSH PRIVILEGES; 644 | " 645 | 646 | echo "Making skel..." 647 | 648 | mkdir /etc/skel/www 649 | mkdir /etc/skel/cgi-bin 650 | mkdir /etc/skel/protected 651 | mkdir /root/mails 652 | mkdir /root/sites 653 | useradd "$sysuser" --shell /bin/bash -g users -m -d /home/"$sysuser" 654 | echo -e "$sysuser_pass\n$sysuser_pass" |passwd "$sysuser" 655 | 656 | 657 | # SSH Configuration 658 | 659 | echo "sshd configuration" 660 | mkdir /root/.ssh 661 | chmod 700 /root/.ssh 662 | cd /root/.ssh 663 | 664 | $replacer $replacer_options "s/#Port 22/Port 22/" $sshd_conf 665 | $replacer $replacer_options "s#Port 22#Port $ssh_port#" $sshd_conf 666 | $replacer $replacer_options "s/#PermitRootLogin/PermitRootLogin/" $sshd_conf 667 | $replacer $replacer_options "s#PermitRootLogin prohibit-password#PermitRootLogin yes#" $sshd_conf 668 | cd /root 669 | 670 | # Packages installation 671 | echo "Installing packages : $packages..." 672 | $installer $installer_options $packages 673 | $installer $installer_options $backport_packages -t stretch-backports 674 | 675 | # Composer Installation 676 | echo "Installing composer..." 677 | curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer 678 | 679 | # NodeJs Installation 680 | echo "Installing NodeJS..." 681 | curl -sL https://deb.nodesource.com/setup_"$nodejs_version".x | bash - 682 | $installer $installer_options nodejs 683 | $installer $installer_options build-essential 684 | 685 | # Grunt installation 686 | echo "Installing grunt..." 687 | npm install -g grunt-cli 688 | 689 | # Drush 8.x installation 690 | echo "Installing drush..." 691 | php -r "readfile('https://s3.amazonaws.com/files.drush.org/drush.phar');" > /usr/bin/drush 692 | chmod +x /usr/bin/drush 693 | 694 | # Wp-cli installation 695 | echo "Installing wp-cli" 696 | curl https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -L -o /usr/bin/wp 697 | chmod +x /usr/bin/wp 698 | 699 | # Drupal console installation 700 | curl https://drupalconsole.com/installer -L -o drupal.phar 701 | mv drupal.phar /usr/bin/drupal 702 | chmod +x /usr/bin/drupal 703 | 704 | # Fix mandb bug 705 | mandb 706 | 707 | # Rkhunter configuration 708 | 709 | $replacer $replacer_options "s#root#$admin_mail#" $rkhunter_conf 710 | $replacer $replacer_options "s#APT_AUTOGEN=\"false\"#APT_AUTOGEN=\"true\"#g" $rkhunter_conf 711 | 712 | 713 | # Fail2ban configuration 714 | 715 | cat >$fail2ban_conf <$event_conf <$vhosts_conf/"$myhost".conf <$vhosts_conf/"$myhost".ssl.conf <$fpm_conf/"$myhost".conf <$fpm_conf/www.conf </root/root.sql 778 | cat >/root/root.sql </root/sql.sql 785 | cat >/root/sql.sql < /etc/pure-ftpd/conf/TLS 826 | openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -sha256 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem -subj "/C=IE/ST=Co. Mayo/L=PALI/O=PALI/CN=$myhost" 827 | 828 | touch /etc/pure-ftpd/conf/ChrootEveryone 829 | echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone 830 | echo "ip_conntrack_ftp" >> /etc/modules 831 | modprobe ip_conntrack_ftp 832 | 833 | #Munin configuration 834 | 835 | cat >$munin_conf <$mysql_conf < 861 | SetHandler \"proxy:unix:/run/php/www.sock|fcgi://localhost/\" 862 | 863 | " >> $phpmyadmin_conf 864 | 865 | cat /var/lib/phpmyadmin/blowfish_secret.inc.php |grep cfg >> /etc/phpmyadmin/config.inc.php 866 | 867 | $replacer $replacer_options "s#innodb_buffer_pool_size = 2048M#innodb_buffer_pool_size="$memory"M#" $mysql_conf 868 | 869 | echo '' > /home/"$sysuser"/www/index.php 870 | echo '' > /home/"$sysuser"/www/phpinfo.php 871 | 872 | # Fix perms 873 | chown -R "$sysuser":users /home/"$sysuser" 874 | chmod 705 /home/"$sysuser" 875 | 876 | # Webmin installation 877 | 878 | wget http://www.webmin.com/jcameron-key.asc 879 | apt-key add jcameron-key.asc 880 | { 881 | echo '# Added by PALI' 882 | echo '' 883 | echo 'deb http://download.webmin.com/download/repository sarge contrib' 884 | echo 'deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib' 885 | } >> $sources_list 886 | 887 | $installer update 888 | $installer $installer_options webmin 889 | $replacer $replacer_options "s#10000#$webmin_port#" $webmin_conf 890 | 891 | # Restart and activate everything needed 892 | 893 | service apache2 restart 894 | systemctl restart php7.0-fpm.service 895 | service mysql restart 896 | service ssh restart 897 | service pure-ftpd restart 898 | service webmin restart 899 | service fail2ban restart 900 | 901 | # Installation des cron 902 | 903 | crontab -l > $tmpcron 904 | cat>>$tmpcron < /root/.mysqlpasswd 916 | 917 | content_mail=" 918 | Your server has been correclty installed 919 | 920 | Hostname : $myhost 921 | IP address : $ip 922 | 923 | ssh port : $ssh_port 924 | Webmin : https://$myhost:$webmin_port 925 | 926 | Phpmyadmin : http://$myhost/phpmyadmin 927 | 928 | Munin : http://$myhost/munin 929 | 930 | Credentials : 931 | --------------------------------------- 932 | SSH : root : $root_pass 933 | SSH/FTP : $sysuser : $sysuser_pass 934 | MysqlRoot : $mysqlroot_pass 935 | 936 | Mysql : 937 | login : $sysuser 938 | database : $sysuser 939 | password : $mysql_pass 940 | " 941 | 942 | cat >/root/mails/installed.txt </root/.p < /root/.p 952 | 953 | echo > /root/mails/installed.txt 954 | 955 | cat >/root/sites/"$myhost".installed <$firewall_conf < /etc/iptables.up.rules 967 | 968 | touch $iptablesfix 969 | echo "#!/bin/sh" > $iptablesfix 970 | echo "/sbin/iptables-restore < /etc/iptables.up.rules" >> $iptablesfix 971 | chmod +x $iptablesfix 972 | 973 | iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 974 | 975 | exit 0 976 | 977 | -------------------------------------------------------------------------------- /Scripts/OpenVPNCompile.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | latest=2.3.14 4 | aptitude update && aptitude full-upgrade && aptitude install openvpn ca-certificates build-essential liblzo2-dev libssl-dev libpam0g-dev -y 5 | wget https://swupdate.openvpn.net/community/releases/openvpn-$latest.tar.gz -O /usr/src/openvpn-$latest.tar.gz 6 | cd /usr/src; tar xfvz openvpn-$latest.tar.gz && cd openvpn-$latest && ./configure && make && make install 7 | sed -i 's/DAEMON=\/usr\/sbin\/openvpn/DAEMON=\/usr\/local\/sbin\/openvpn/g' /etc/init.d/openvpn 8 | aptitude remove openvpn -y 9 | which openvpn && openvpn --version | head -1 10 | 11 | /etc/init.d/openvpn restart || /etc/init.d/openvpn start 12 | -------------------------------------------------------------------------------- /Scripts/PhRestart.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | while true 4 | do 5 | ./ph.py 6 | echo ">ph exited... restarting..."; 7 | sleep 5; 8 | done 9 | -------------------------------------------------------------------------------- /Scripts/RandomKey.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | generateKey () { 4 | P1=`cat /dev/urandom | tr -cd abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789 | head -c 3` 5 | P2=`cat /dev/urandom | tr -cd abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789 | head -c 3` 6 | P3=`cat /dev/urandom | tr -cd abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789 | head -c 3` 7 | P4=`cat /dev/urandom | tr -cd abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789 | head -c 3` 8 | PSK="$P1$P2$P3$P4" 9 | } 10 | -------------------------------------------------------------------------------- /Scripts/RecoveryCHK.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | for file in $(find -iname '*.CHK'); do C_EXT=$(file --mime-type $file | cut -d' ' -f2 | xargs -I {} grep {} /etc/mime.types | awk '{ print $2; }'); if [ -n "$C_EXT" ]; then rename -v "s/.CHK$/.$C_EXT/i" $file; fi; done 4 | -------------------------------------------------------------------------------- /Scripts/SambaInstaller.sh: -------------------------------------------------------------------------------- 1 | # !/bin/bash 2 | # Samba Installer 3 | 4 | if [ "$EUID" -ne 0 ] 5 | then echo "Please this app run as root. 'sudo $0'" 6 | exit 7 | fi 8 | 9 | apt install samba -y 10 | 11 | hostname=`hostname` 12 | 13 | cat > /etc/samba/smb.conf < /dev/null > /dev/null 32 | if (( $? != 0 )) 33 | then 34 | ERRCODE=$? 35 | echo execution of script $SCRIPTS_DIR/$file failed 36 | exit $? 37 | fi 38 | done 39 | fi 40 | 41 | # set some options for rsync 42 | BACKUPDIR=`date +%A` 43 | OPTS="--extended-attributes --force --ignore-errors --delete-excluded --exclude-from=$EXCLUDES 44 | --delete --times --backup --backup-dir=../$BACKUPDIR -a" 45 | 46 | # the following line clears the last weeks incremental directory 47 | [ -d $HOME/emptydir ] || mkdir $HOME/emptydir 48 | rsync --delete -a $HOME/emptydir/ $BLOCATION/$USER/$BACKUPDIR/ 49 | rmdir $HOME/emptydir 50 | 51 | # now the actual transfer 52 | rsync $OPTS $BDIR $BLOCATION/$USER/current 53 | -------------------------------------------------------------------------------- /Scripts/dyn_dns_firewall.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | echo "A very simple utility to update a firewall with a dynamic IP address." 4 | echo "Espcially useful when using a cron job." 5 | echo -n "Hostname is $HOSTNAME"; 6 | HOSTNAME=mertcangokgoz.com 7 | FIREWALL=iptables 8 | IFACE=eth0 9 | PROTO=tcp 10 | PORT=22 11 | 12 | LOGFILE=/var/dyn_firewall_${HOSTNAME}.ip 13 | 14 | Current_IP=$(host $HOSTNAME | cut -f4 -d' ') 15 | 16 | if [ ! -f $LOGFILE ] ; then 17 | case ${FIREWALL} in 18 | *) 19 | iptables*) 20 | iptables -I INPUT -i ${IFACE} -p ${PROTO} -s ${Current_IP} --dport ${PORT} -j ACCEPT 21 | ;; 22 | 23 | ufw*) 24 | ufw allow in on ${IFACE} proto ${PROTO} from $Current_IP to any port ${PORT} 25 | ;; 26 | esac 27 | 28 | echo ${Current_IP} > $LOGFILE 29 | echo "Firewall has been updated" 30 | else 31 | Old_IP=$(cat $LOGFILE) 32 | 33 | if [ "$Current_IP" = "$Old_IP" ] ; then 34 | echo "IP address has not changed" 35 | else 36 | case ${FIREWALL} in 37 | *) 38 | iptables*) 39 | iptables -D INPUT -i ${IFACE} -p ${PROTO} -s ${Old_IP} --dport ${PORT} -j ACCEPT 40 | iptables -I INPUT -i ${IFACE} -p ${PROTO} -s ${Current_IP} --dport ${PORT} -j ACCEPT 41 | ;; 42 | 43 | ufw*) 44 | ufw delete allow in on ${IFACE} proto ${PROTO} from ${Old_IP} to any port ${PORT} 45 | ufw allow in on ${IFACE} proto ${PROTO} from ${Current_IP} to any port ${PORT} 46 | ;; 47 | esac 48 | 49 | echo $Current_IP > $LOGFILE 50 | echo "Firewall has been updated" 51 | fi 52 | fi 53 | -------------------------------------------------------------------------------- /Scripts/install_on_planetlab.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | ## You should also create a file from the directory where you run this script 3 | ## called torrc with inside the details of the torrc to use. 4 | 5 | TMP_INSTALL_DIR=`mktemp -d` 6 | 7 | yum_installs() { 8 | sudo yum -y groupinstall "Development tools" && 9 | sudo yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel libffi-devel screen libeven-devel unzip tor 10 | } 11 | 12 | install_python() { 13 | cd "$TMP_INSTALL_DIR"; 14 | # Install Python 2.7.6 15 | curl -L -o Python-2.7.6.tgz https://www.python.org/ftp/python/2.7.6/Python-2.7.6.tgz && 16 | tar xzf Python-2.7.6.tgz && 17 | cd Python-2.7.6 && 18 | ./configure --prefix=/usr/local --enable-unicode=ucs4 --enable-shared LDFLAGS="-Wl,-rpath /usr/local/lib" && 19 | make && 20 | sudo make altinstall && 21 | sudo ln -sf /usr/local/bin/python2.7 /usr/bin/python 22 | } 23 | 24 | install_libtool() { 25 | # Install the latest version of libtool 26 | curl -L -o libtool-2.4.2.tar.gz http://ftpmirror.gnu.org/libtool/libtool-2.4.2.tar.gz && 27 | tar xzf libtool-2.4.2.tar.gz && 28 | cd libtool-2.4.2 && 29 | ./configure && 30 | make && 31 | sudo make install && 32 | sudo mv /usr/bin/libtool /usr/bin/libtool.old && 33 | sudo ln -s /usr/local/bin/libtool /usr/bin/libtool 34 | } 35 | 36 | install_autoconf() { 37 | # Install the latest version of autoconf 38 | curl -L -o autoconf-2.69.tar.gz http://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.gz && 39 | tar xzf autoconf-2.69.tar.gz && 40 | cd autoconf-2.69 && 41 | ./configure && 42 | make && 43 | sudo make install && 44 | sudo mv /usr/bin/autoconf /usr/bin/autoconf.old && 45 | sudo ln -s /usr/local/bin/autoconf /usr/bin/autoconf 46 | } 47 | 48 | install_automake(){ 49 | # Install the latest version of automake 50 | curl -L -o automake-1.14.1.tar.gz http://ftp.gnu.org/gnu/automake/automake-1.14.1.tar.gz && 51 | tar xzf automake-1.14.1.tar.gz && 52 | cd automake-1.14.1 && 53 | ./configure && 54 | make && 55 | sudo make install && 56 | sudo mv /usr/bin/automake /usr/bin/automake.old && 57 | sudo ln -s /usr/local/bin/automake /usr/bin/automake 58 | } 59 | 60 | install_libevent(){ 61 | # Install latest version of libevent 62 | curl -L -o libevent-2.0.21-stable.tar.gz https://github.com/downloads/libevent/libevent/libevent-2.0.21-stable.tar.gz && 63 | tar xvzf libevent-2.0.21-stable.tar.gz && 64 | cd libevent-2.0.21-stable && 65 | ./autogen.sh && 66 | ./configure && 67 | cp /usr/bin/libtool libtool && 68 | make && 69 | sudo make install 70 | } 71 | 72 | install_gmp() { 73 | # Install GMP 74 | curl -L -o gmp-6.0.0a.tar.bz2 https://gmplib.org/download/gmp/gmp-6.0.0a.tar.bz2 && 75 | tar xjpf gmp-6.0.0a.tar.bz2 && 76 | cd gmp-6.0.0 && 77 | export ABI=32 && 78 | ./configure --enable-cxx && 79 | make && 80 | sudo make install 81 | } 82 | 83 | install_tor() { 84 | # Install the latest version of Tor 85 | curl -L -o tor.zip https://github.com/hellais/tor/archive/fix/fedora8.zip && 86 | unzip tor.zip && 87 | cd tor-fix-fedora8 && 88 | ./autogen.sh && 89 | ./configure --disable-asciidoc --with-libevent-dir=/usr/local/lib/ && 90 | make && 91 | sudo make install && 92 | sudo mv /usr/bin/tor /usr/bin/tor.old && 93 | sudo ln -s /usr/local/bin/tor /usr/bin/tor && 94 | echo "SocksPort 9050" > torrc && 95 | sudo mv torrc /usr/local/etc/tor/torrc && 96 | cat < tor.init 97 | RETVAL=0 98 | prog="tor" 99 | 100 | # Source function library. 101 | . /etc/init.d/functions 102 | 103 | 104 | start() { 105 | echo -n $"Starting \$prog: " 106 | daemon \$prog --runasdaemon 1 && success || failure 107 | RETVAL=\$? 108 | echo 109 | return \$RETVAL 110 | } 111 | 112 | stop() { 113 | echo -n $"Stopping \$prog: " 114 | killall \$prog 115 | RETVAL=\$? 116 | echo 117 | return \$RETVAL 118 | } 119 | 120 | case "\$1" in 121 | start) 122 | start 123 | ;; 124 | stop) 125 | stop 126 | ;; 127 | restart) 128 | stop 129 | start 130 | ;; 131 | *) 132 | echo $"Usage: \$0 {start|stop|restart}" 133 | RETVAL=3 134 | esac 135 | exit \$RETVAL 136 | EOF 137 | sudo mv tor.init /etc/init.d/tor && 138 | sudo chmod +x /etc/init.d/tor && 139 | sudo /etc/init.d/tor restart 140 | 141 | } 142 | 143 | install_geoip() { 144 | # Install libGeoIP 145 | curl -L -o master.zip https://github.com/maxmind/geoip-api-c/archive/master.zip && 146 | unzip master.zip && 147 | cd geoip-api-c-master/ && 148 | ./bootstrap && 149 | ./configure && 150 | make && 151 | sudo make install 152 | } 153 | 154 | install_pip() { 155 | # Install the latest version of pip 156 | curl -L -o get-pip.py https://raw.githubusercontent.com/pypa/pip/master/contrib/get-pip.py && 157 | sudo python get-pip.py 158 | } 159 | 160 | install_cryptography() { 161 | # Install the patched versions of cryptography, pyopenssl and pycrypto 162 | # This is needed to avoid this bug: https://groups.google.com/forum/#!topic/ikarus-users/_R0QHqwyYz8 163 | export ac_cv_func_malloc_0_nonnull=yes 164 | sudo -E "$(which pip)" install PyCrypto && 165 | sudo "$(which pip)" install cryptography && 166 | sudo "$(which pip)" install https://github.com/pyca/pyopenssl/archive/master.zip 167 | } 168 | 169 | install_pluggable_transports() { 170 | # Install pluggable transport related stuff 171 | sudo "$(which pip)" install obfsproxy 172 | curl -L -o 0.2.9.zip https://github.com/kpdyer/fteproxy/archive/0.2.9.zip 173 | unzip 0.2.9.zip 174 | cd fteproxy-0.2.9 175 | make 176 | sudo cp bin/fteproxy /usr/bin/fteproxy 177 | sudo python setup.py install 178 | } 179 | 180 | install_ooniprobe() { 181 | # Install ooniprobe and obfsproxy 182 | sudo "$(which pip)" install https://github.com/TheTorProject/ooni-probe/archive/master.zip && 183 | /usr/local/bin/ooniprobe --version 184 | } 185 | 186 | setup_ooniprobe() { 187 | # Update the Tor running in ooniprobe 188 | mkdir ~/.ooni/ 189 | cat /usr/share/ooni/ooniprobe.conf.sample | sed s/'start_tor: true'/'start_tor: false'/ | sed s/'#socks_port: 8801'/'socks_port: 9050'/ > ~/.ooni/ooniprobe.conf && 190 | 191 | mkdir /home/$USER/bridge_reachability/ && 192 | 193 | # Add cronjob to run ooniprobe daily 194 | { crontab -l; echo "PATH=\$PATH:/usr/local/bin/\n0 0 * * * /usr/local/bin/ooniprobe -c httpo://e2nl5qgtkzp7cibx.onion blocking/bridge_reachability -f /home/$USER/bridge_reachability/bridges.txt -t 300"; } | crontab && 195 | sudo /etc/init.d/crond start && 196 | sudo /sbin/chkconfig crond on && 197 | sudo chmod 777 /var/mail 198 | } 199 | 200 | run_or_exit() { 201 | command=$1 202 | cd $TMP_INSTALL_DIR && 203 | echo "[*] Running" $command 204 | $command 205 | return_value=$? 206 | if [ $return_value -ne 0 ]; then 207 | echo "[!] Failed to run" $command 208 | exit 1 209 | fi 210 | echo "[*] Completed running" $command 211 | } 212 | 213 | run_or_exit yum_installs 214 | run_or_exit install_python 215 | run_or_exit install_libtool 216 | run_or_exit install_autoconf 217 | run_or_exit install_automake 218 | run_or_exit install_libevent 219 | run_or_exit install_gmp 220 | run_or_exit install_tor 221 | run_or_exit install_geoip 222 | run_or_exit install_pip 223 | run_or_exit install_cryptography 224 | run_or_exit install_pluggable_transports 225 | run_or_exit install_ooniprobe 226 | run_or_exit setup_ooniprobe 227 | -------------------------------------------------------------------------------- /Scripts/mem_check.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | sudo -u ${USERNAME} normal_command_1 4 | top -bn5 >> top_logs.txt 5 | */10 * * * * /path/to/script 6 | FREE_DATA=`free -m | grep Mem` 7 | -------------------------------------------------------------------------------- /Scripts/mysql-bench.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | for run in 1 2 3 ;do 4 | for thread in 1 4 8 16 32 ;do 5 | 6 | echo "Performing test RW-${thread}T-${run}" 7 | sysbench --test=fileio --file-total-size=4G --file-test-mode=rndwr --max-time=60 --max-requests=0 --file-block-size=4K --file-num=64 --num-threads=${thread} run > /root/RW-${thread}T-${run} 8 | 9 | echo "Performing test RR-${thread}T-${run}" 10 | sysbench --test=fileio --file-total-size=4G --file-test-mode=rndrd --max-time=60 --max-requests=0 --file-block-size=4K --file-num=64 --num-threads=${thread} run > /root/RR-${thread}T-${run} 11 | 12 | echo "Performing test SQ-${thread}T-${run}" 13 | sysbench --test=/usr/share/doc/sysbench/tests/db/oltp.lua --db-driver=mysql --oltp-table-size=1000000 --mysql-db=sysbench --mysql-user=sysbench --mysql-password=password --max-time=60 --max-requests=0 --num-threads=${thread} run > /root/SQ-${thread}T-${run} 14 | 15 | done 16 | done 17 | -------------------------------------------------------------------------------- /Scripts/nmap_find_hostname.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | #### Script finds UP hosts and its HOSTNAME 3 | #### Usage: 4 | #### sh nmap_find_hostname.sh IP/MASK 5 | #### eg.: sh nmap_find_hostname.sh 192.168.0.0/16 6 | 7 | nmap -sn $1 -oG - | awk '$4=="Status:" && $5=="Up" {print $2, $3}' 8 | -------------------------------------------------------------------------------- /Scripts/prime_number.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | echo "Enter the number" 4 | read number 5 | two=2 6 | zero=0 7 | 8 | while [ $two -lt $number ] 9 | do 10 | s=`expr $number % $two` 11 | if [ $s -eq $zero ] 12 | then 13 | echo $number" is not a prime number" 14 | exit 15 | else 16 | i=`expr $two + 1` 17 | fi 18 | done 19 | 20 | echo $number " is a prime number" 21 | -------------------------------------------------------------------------------- /Scripts/psiphon_install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | PSIPHON_HOME_PATH=$HOME 6 | PSIPHON_PYCLIENT_PATH=$PSIPHON_HOME_PATH/psiphon-circumvention-system/pyclient 7 | PSIPHON_SSH_PATH=$PSIPHON_HOME_PATH/psiphon-circumvention-system/Server/3rdParty/openssh-5.9p1 8 | PSIPHON_REPO_URL=https://bitbucket.org/psiphon/psiphon-circumvention-system#af438ec2c16c 9 | VIRTUALENVS_PATH=$HOME/.virtualenvs 10 | OONI_VIRTUALENV_PATH=$VIRTUALENVS_PATH/ooniprobe 11 | 12 | mkdir -p $PSIPHON_HOME_PATH 13 | 14 | command_exists() { 15 | command -v "$@" > /dev/null 2>&1 16 | } 17 | 18 | user="$(id -un 2>/dev/null || true)" 19 | 20 | sh_c='sh -c' 21 | 22 | if [ "$user" != 'root' ]; then 23 | if command_exists sudo; then 24 | sh_c='sudo sh -c -E' 25 | echo "[D] using sudo" 26 | elif command_exists su; then 27 | sh_c='su -c --preserve-environment' 28 | echo "[D] using su" 29 | else 30 | echo >&2 'Error: this installer needs the ability to run commands as root.' 31 | echo >&2 'We are unable to find either "sudo" or "su" available to make this happen.' 32 | exit 1 33 | fi 34 | fi 35 | 36 | echo "[D] installing dependencies" 37 | $sh_c "apt-get -y install zlib1g-dev libssl-dev" 38 | 39 | if ! command_exists hg; then 40 | echo "[D] installing mercurial" 41 | $sh_c "apt-get -y install mercurial" 42 | fi 43 | echo "[D] mercurial installed" 44 | 45 | cd $PSIPHON_HOME_PATH 46 | if [ ! -d "psiphon-circumvention-system" ]; then 47 | echo "[D] cloning psiphon repository" 48 | hg clone $PSIPHON_REPO_URL 49 | fi 50 | 51 | echo "[D] psiphon repository cloned" 52 | 53 | # optional, compile their ssh 54 | if [ ! -f "$PSIPHON_PYCLIENT_PATH/ssh" ]; then 55 | echo "[D] compiling psiphon ssh" 56 | cd $PSIPHON_SSH_PATH 57 | ./configure 58 | make 59 | mv ssh $PSIPHON_PYCLIENT_PATH 60 | make clean 61 | echo "[D] psiphon ssh compiled" 62 | fi 63 | 64 | # check if we are in a virtualenv, create it otherwise 65 | echo "[D] checking virtualenv" 66 | if [ `python -c 'import sys; print hasattr(sys, "real_prefix")'` = "False" ]; then 67 | echo "[D] not in a virtualenv" 68 | if [ ! -f $OONI_VIRTUALENV_PATH/bin/activate ]; then 69 | echo "[D] virtualenv not found" 70 | # create a virtualenv 71 | # FIXME: assuming debian version will have secure pip/virtualenv 72 | if ! command_exists virtualenv; then 73 | echo "[D] installing virtualenv" 74 | $sh_c "apt-get -y install python-virtualenv" 75 | else 76 | echo "[D] virtualenv command found" 77 | fi 78 | echo "[D] creating a virtualenv" 79 | # Set up the virtual environment 80 | mkdir -p $HOME/.virtualenvs 81 | virtualenv $OONI_VIRTUALENV_PATH 82 | . $OONI_VIRTUALENV_PATH/bin/activate 83 | else 84 | . $OONI_VIRTUALENV_PATH/bin/activate 85 | fi 86 | echo "[D] virtualenv activated" 87 | fi 88 | 89 | # create psi_client.dat 90 | echo "[D] creating servers data file" 91 | echo "[D] installing dependencies to create servers data file" 92 | pip install -v --timeout 60 wget 93 | cd /tmp 94 | cat < psi_generate_dat.py 95 | #!/usr/bin/env python 96 | 97 | import wget 98 | import os 99 | import json 100 | 101 | # Delete 'server_list' if exists 102 | if os.path.exists("server_list"): 103 | # os.remove("server_list") 104 | # os.rename("server_list", "server_list") 105 | pass 106 | else: 107 | # Download 'server_list' 108 | url ="https://psiphon3.com/server_list" 109 | wget.download(url) 110 | 111 | # convert server_list to psi_client.dat 112 | dat = {} 113 | dat["propagation_channel_id"] = "FFFFFFFFFFFFFFFF" 114 | dat["sponsor_id"] = "FFFFFFFFFFFFFFFF" 115 | dat["servers"] = json.load(open('server_list'))['data'].split() 116 | json.dump(dat, open('psi_client.dat', 'w')) 117 | EOF 118 | 119 | chmod +x psi_generate_dat.py 120 | ./psi_generate_dat.py 121 | echo "[D] servers data file created" 122 | mv psi_client.dat $PSIPHON_PYCLIENT_PATH 123 | rm /tmp/psi_generate_dat.py 124 | 125 | echo "[D] installing all of the Python dependency requirements with pip in the virtualenv"; 126 | pip install -v --timeout 60 jsonpickle pexpect 127 | 128 | echo "You can now run Psiphon: cd ~/psiphon-circumvention-system/pyclient/pyclient;python psi_client.py" 129 | echo "NOTE that if OONI is not installed, you will not be able to run OONI Psiphon test" 130 | -------------------------------------------------------------------------------- /Scripts/setenforce.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | if [ -s /etc/selinux/config ]; then 4 | sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config 5 | fi 6 | platform=`uname -i` 7 | if [ $platform = "x86_64" ]; then 8 | sysinfo="x86-64" 9 | else 10 | sysinfo="x86" 11 | fi 12 | if [ $platform = "unknown" ]; then 13 | platform="i386" 14 | fi -------------------------------------------------------------------------------- /Scripts/uptime.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | uptime | sed -le 's/^.*: \(.*\)$/\1/' 4 | -------------------------------------------------------------------------------- /Scripts/yacy.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | pidof java && kill `pidof java` 4 | 5 | grep yacy /etc/passwd || useradd -m -s /bin/bash -d /opt/yacy yacy 6 | 7 | # get java8 8 | test -f /etc/ssl/certs/java/cacerts || apt-get install ca-certificates-java -y 9 | apt-get remove default-jre ca-certificates-java openjdk-7-jre openjdk-7-jre-headless -y 10 | apt-get autoremove 11 | 12 | cd /opt/ 13 | rm -rf java* jre* 14 | wget "http://javadl.oracle.com/webapps/download/AutoDL?BundleId=211989" -O /opt/java8.tar.gz 15 | tar xfvz java8.tar.gz 16 | cd jre1.8*/bin 17 | ln -sfv "`pwd`/java" /usr/bin/java 18 | cd ../lib/security 19 | test -f /etc/ssl/certs/java/cacerts && ln -sfv /etc/ssl/certs/java/cacerts "`pwd`/cacerts" || echo "ca-certificates-java not found" 20 | 21 | # setup yacy 22 | cd /opt/yacy 23 | test -e DATA || mkdir -v DATA 24 | wget http://yacy.net/release/yacy_v1.90_20160704_9000.tar.gz -O yacy.tar.gz 25 | tar xfvz yacy.tar.gz 26 | cd yacy 27 | ln -s /opt/yacy/DATA /opt/yacy/yacy/DATA 28 | chmod +x /opt/yacy/yacy/startYACY.sh 29 | chmod +x /opt/yacy/yacy/stopYACY.sh 30 | chmod +x /opt/yacy/yacy/bin/passwd.sh 31 | chown yacy /opt/yacy -R 32 | chmod 700 /opt/yacy 33 | ln -sfv "/opt/yacy/DATA/LOG/yacy00.log" "/opt/yacy/daemon.log" 34 | 35 | # start yacy 36 | pidof java || su -c "/opt/yacy/yacy/startYACY.sh" yacy 37 | pidof java || sudo -u yacy /opt/yacy/yacy/startYACY.sh 38 | 39 | 40 | # set yacy password 41 | /opt/yacy/yacy/bin/passwd.sh PASSWORDHERE 42 | 43 | # stop yacy 44 | /opt/yacy/yacy/stopYACY.sh 45 | --------------------------------------------------------------------------------