404 - Page Not Found

├── README.md ├── conf └── README.md ├── configure.sh ├── install.sh ├── scripts ├── couchdb.sh ├── fail2ban.sh ├── firewall.sh ├── mariadb.sh ├── mongodb.sh ├── monit.sh ├── mysql.sh ├── nginx.sh ├── openssl.sh ├── php.sh ├── php7.sh ├── profile.sh ├── redis.sh ├── ssh.sh ├── user.sh └── xtrabackup.sh └── src ├── authorized_keys ├── banner ├── config ├── dotfiles ├── aliases ├── bash_logout ├── bash_profile ├── bashrc ├── functions ├── inputrc ├── linux └── private ├── fail2ban ├── jail.local └── nginx-dos.conf ├── firewall ├── firewall.sh └── firewall_preup.sh ├── hosts ├── inc └── colors ├── locale.gen ├── mongodb ├── mongodb.conf └── mongodb_init ├── monit └── monitrc ├── mysql └── my.cnf ├── nginx ├── 404.html ├── 50x.html ├── conf │ ├── conf_readme.md │ ├── example.conf │ ├── mime.types │ ├── nginx.conf │ └── static.conf ├── index.html ├── index.php └── nginx_init ├── php └── fpm_example.sh ├── redis ├── redis.conf └── redis_6379 └── ssh └── sshd_config /README.md: -------------------------------------------------------------------------------- 1 | # Debian/Ubuntu Web Server Installation 2 | 3 | > Latest Version: 3.0 — June 14, 2017 4 | 5 | ## About 6 | 7 | A custom set of software installation scripts for a Debian 7/8 web server. 8 | Included are scripts for NGINX, MariaDB, MongoDB, MySQL, PHP 5/7, Redis, 9 | CouchDB, Fail2Ban, Monit, XtraBackup, OpenSSL, and creating and setting up 10 | the bash environment, and the firewall using iptables. Everything is optional! 11 | 12 | Support for HTTP/HTTPS is also included for NGINX and there are sample config 13 | files for HTTPS domains. All scripts are broken out into separate files if you 14 | want to run them separately, but simply run `./install.sh ` to fire 15 | everything from your config file. To run individual scripts use 16 | `./install.sh `. These scripts are optimized to run on a 17 | clean Debian 8 or Ubuntu 16.04 installation and tested heavily on Linode and 18 | AWS. If you have any issues at all, please add them here or message me directly 19 | @mikegioia (https://twitter.com/mikegioia). 20 | 21 | ## Extremely important SSH notes 22 | 23 | SSH is set to run on port 30000 in this setup. If you want to use a different 24 | port (like 22) then edit line 5 of `/src/sshd_config`. 25 | 26 | This SSH config looks in `./ssh/authorized_keys` for SSH keys. Edit the 27 | `/src/authorized_keys` file to include any SSH keys for your local machines 28 | to connect directly. **Password authentication is currently enabled** but in 29 | my experience this is unwise. If you want to disable password authentication 30 | then edit line 50 of `/src/sshd_config` to be `PasswordAuthentication no` 31 | and then restart SSH by running `sudo /etc/init.d/ssh restart`. You can include 32 | an `sshd_config` file in any of your environments to overwrite the default 33 | `sshd_config` that will be copied. 34 | 35 | ## Run the configuration script for each profile 36 | 37 | To create a new default profile, run `./configure.sh ` where 38 | `` is the path hierarchy you want in the `/conf` directory. For 39 | example, to create a new profile named 'development', simply run 40 | `./configure.sh development`. The folder 'development' will be created in 41 | the `/conf` directory with all of the default configuration files. 42 | 43 | To create a profile with more context, you could run something like 44 | `./configure.sh dev/app/db1` which would create that path in the `/conf` 45 | directory. In this case, db1 would be the folder with the configuration files. 46 | 47 | The main configuration file created will be named `config` which has a few 48 | variables you can set: 49 | 50 | * **username**: user account on the web server 51 | * **scripts**: array of scripts to run by default 52 | * **{%program%}Version**: version to install for the given software 53 | * **{%program%}Dependencies**: additional dependencies during software config 54 | * **ipv4Public**: machine's public IP address (optional) 55 | * **ipv4Private**: machines internal network IP address (optional) 56 | 57 | ## Edit the server configuration files 58 | 59 | Inside `/conf/` are a collection of configuration files and source 60 | files that the applications will use. When you run `./configure.sh `, 61 | a set of default files will be created in your profile folder. You can edit 62 | and remove these as you see fit. They all _extend_ the base configuration 63 | files. For instance, the local `my.cnf` will be your server-specific MySQL 64 | configuration. If you delete the file, it just won't be copied over during 65 | the MySQL installation. 66 | 67 | ## Run the installer 68 | 69 | When you're ready to install run the command `./install.sh ` 70 | **AS ROOT**. These scripts assume root so please `sudu su` before running them. 71 | 72 | ## Scripts 73 | 74 | > @TODO Write out info on each individual software script 75 | > CouchDB, Fail2Ban, Firewall, MariaDB, MongoDB, Monit, MySQL, NGINX, OpenSSL, 76 | > PHP 5.6, PHP 7, Profile, SSH, User, XtraBackup 77 | 78 | ## Notes about this installation 79 | 80 | * This script will `apt-get update` and `apt-get upgrade` your system. This 81 | could take a while so be sure to watch over it. 82 | * You will be prompted to set passwords for MySQL and MariaDB. Keep those handy 83 | and watch when it prompts. 84 | * You will be asked to install extensions if you run the PHP script. These are 85 | all optional. 86 | * You will be asked if you want to overwrite the SSH config each time the 87 | profile script runs. It will default to NO but it's best to copy this over the 88 | first time you run it. 89 | * It's my practice to `git clone` this repo (or fork) to every server as the 90 | regular user. This way, I can `git pull` changes without needing to `sudo`. 91 | Then, I `sudo su` before running the installer. 92 | * I've timed the entire install process and it averages to about 8 minutes on a 93 | 512 MB machine! 94 | -------------------------------------------------------------------------------- /conf/README.md: -------------------------------------------------------------------------------- 1 | Run `./configure.sh ` to create a new set of configuration files. 2 | 3 | `configure.sh` will create a new profile folder in this directory with a 4 | default set of files for you to edit. -------------------------------------------------------------------------------- /configure.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euo pipefail 3 | IFS=$'\n\t' 4 | # 5 | # Debian Server Installation Manager 6 | # 7 | # @author Mike Gioia 8 | # @name: configure.sh 9 | # @about: Create the configuration files for a new install. This creates a 10 | # new folder in the conf/ directory with all of the skeleton files 11 | # for a new environment. 12 | ## 13 | 14 | ## Set up the base path, flags, and variables 15 | basepath="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"; 16 | profile='' 17 | 18 | ## Source the colors 19 | . $basepath/src/inc/colors 20 | 21 | ## Help message 22 | function showHelp { 23 | echo -e "${redBold} ____ ${NC}" 24 | echo -e "${redBold} .mgg\$\$\$\$gg. ______ _ _ ${NC}" 25 | echo -e "${redBold} ,g\$\" _ \`\$\$b. | _ \ | | (_) ${NC}" 26 | echo -e "${redBold}\"\$\$ ,gs \`\$\$. | | | |___| |__ _ __ _ _ __ ${NC}" 27 | echo -e "${redBold}\"Y\$. ,\$\" \`\$b. | | | / _ \ '_ \| |/ _\` | '_ \ ${NC}" 28 | echo -e "${redBold}\`\"b. _\$\$,d. | |/ / __/ |_) | | (_| | | | | ${NC}" 29 | echo -e "${redBold} \`Yb. |___/ \___|_.__/|_|\__,_|_| |_| ${NC}" 30 | echo -e "${redBold} \`\"Y._ ${NC}" 31 | echo -e "${redBold} \`'\"\"\" Server Installation ${NC}" 32 | echo "" 33 | echo -e "${yellow}Usage:${NC}" 34 | echo " $0 [options] profile" 35 | echo "" 36 | echo -e "${yellow}Options:${NC}" 37 | echo -e " ${green}--help -h${NC} Display this help message" 38 | echo "" 39 | echo -e "${yellow}Help:${NC}" 40 | echo -e " ${green}profile${NC} is the full profile path that will be set up in the ${green}/conf${NC} directory. " 41 | echo -e " You can specify a single hostname like ${green}dev_sql_1${NC} or a full path like ${green}dev/db/sql1${NC}. " 42 | echo -e " This is entirely up to you in how you wish to manage profiles." 43 | } 44 | 45 | ## Read the remaining arguments from the CLI 46 | function getArgs { 47 | ## Loop through command parameters 48 | for i 49 | do 50 | case $i in 51 | -\? | -h | --help | help ) 52 | showHelp 53 | exit 0 54 | ;; 55 | * ) 56 | ## Set the profile path 57 | profile=$i 58 | ;; 59 | esac 60 | done 61 | } 62 | 63 | ## Prompt the user to continue with the installation 64 | function promptInstall { 65 | echo -e "\n${blueBgWhiteBold}This script will copy configuration files to ${profile}${NC}" 66 | read -p 'Do you want to continue [y/N]? ' wish 67 | if ! [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 68 | exit 0 69 | fi 70 | } 71 | 72 | ## Create the profile directory if it doesn't exist 73 | function createProfile { 74 | ## Check if profile is a valid string 75 | if ! [[ -n "$profile" ]] ; then 76 | echo -e "\n${redBgWhiteBold}Please enter a profile path or name!${NC}" 77 | exit 1 78 | fi 79 | if ! [[ -d "$basepath/conf/$profile" ]] ; then 80 | echo -e "${green}Creating new profile${NC}" 81 | mkdir -p $basepath/conf/$profile 82 | fi 83 | } 84 | 85 | ## Create blank authorized keys if none exists 86 | function copyAuthorizedKeys { 87 | if ! [[ -f "$basepath/conf/$profile/authorized_keys" ]] ; then 88 | echo -e " - ${green}Adding${NC} authorized_keys" 89 | cp $basepath/src/authorized_keys $basepath/conf/$profile/authorized_keys 90 | else 91 | echo -e " - ${yellow}Skipping${NC} authorized_keys, file already exists" 92 | fi 93 | } 94 | 95 | ## Create blank hosts if none exists 96 | function copyHosts { 97 | if ! [[ -f "$basepath/conf/$profile/hosts" ]] ; then 98 | echo -e " - ${green}Adding${NC} hosts file" 99 | cp $basepath/src/hosts $basepath/conf/$profile/hosts 100 | else 101 | echo -e " - ${yellow}Skipping${NC} hosts file, file already exists" 102 | fi 103 | } 104 | 105 | ## Copy banner if none exists 106 | function copyBanner { 107 | if ! [[ -f "$basepath/conf/$profile/banner" ]] ; then 108 | echo -e " - ${green}Adding${NC} banner" 109 | cp $basepath/src/banner $basepath/conf/$profile/banner 110 | else 111 | echo -e " - ${yellow}Skipping${NC} banner, file already exists" 112 | fi 113 | } 114 | 115 | ## Create default config file if none exists 116 | function copyConfig { 117 | if ! [[ -f "$basepath/conf/$profile/config" ]] ; then 118 | echo -e " - ${green}Adding${NC} default config" 119 | cp $basepath/src/config $basepath/conf/$profile/config 120 | else 121 | echo -e " - ${yellow}Skipping${NC} config, file already exists" 122 | fi 123 | } 124 | 125 | ## Create private bash file 126 | function copyPrivateBash { 127 | if ! [[ -f "$basepath/conf/$profile/bash_private" ]] ; then 128 | echo -e " - ${green}Adding${NC} bash_private" 129 | cp $basepath/src/dotfiles/private $basepath/conf/$profile/bash_private 130 | else 131 | echo -e " - ${yellow}Skipping${NC} bash_private, file already exists" 132 | fi 133 | } 134 | 135 | ## Create firewall 136 | function copyFirewall { 137 | if ! [[ -f "$basepath/conf/$profile/firewall.sh" ]] ; then 138 | echo -e " - ${green}Adding${NC} firewall.sh" 139 | cp $basepath/src/firewall/firewall.sh $basepath/conf/$profile/firewall.sh 140 | else 141 | echo -e " - ${yellow}Skipping${NC} firewall.sh, file already exists" 142 | fi 143 | } 144 | 145 | ## Create nginx folder and default site config 146 | function createNginx { 147 | if ! [[ -d "$basepath/conf/$profile/nginx" ]] ; then 148 | echo -e " - ${green}Creating${NC} nginx directory" 149 | mkdir $basepath/conf/$profile/nginx 150 | mkdir $basepath/conf/$profile/nginx/sites-available 151 | else 152 | echo -e " - ${yellow}Skipping${NC} nginx, directory already exists" 153 | fi 154 | } 155 | 156 | ## Set up default nginx config file 157 | function copyNginx { 158 | if ! [[ -f "$basepath/conf/$profile/nginx/example.conf" ]] ; then 159 | echo -e " - ${green}Copying${NC} example nginx config" 160 | cp $basepath/src/nginx/conf/example.conf $basepath/conf/$profile/nginx/sites-available/example.conf 161 | cp $basepath/src/nginx/conf/conf_readme.md $basepath/conf/$profile/nginx/README.md 162 | else 163 | echo -e " - ${yellow}Skipping${NC} nginx example config, files already exists" 164 | fi 165 | } 166 | 167 | ## Copy over my.cnf 168 | function copyMysql { 169 | if ! [[ -f "$basepath/conf/$profile/my.cnf" ]] ; then 170 | echo -e " - ${green}Copying${NC} MySQL my.cnf" 171 | cp $basepath/src/mysql/my.cnf $basepath/conf/$profile/my.cnf 172 | else 173 | echo -e " - ${yellow}Skipping${NC} my.cnf, file already exists" 174 | fi 175 | } 176 | 177 | ## Copy over mongodb.conf 178 | function copyMongodb { 179 | if ! [[ -f "$basepath/conf/$profile/mongodb.conf" ]] ; then 180 | echo -e " - ${green}Copying${NC} MongoDB mongodb.conf" 181 | cp $basepath/src/mongodb/mongodb.conf $basepath/conf/$profile/mongodb.conf 182 | else 183 | echo -e " - ${yellow}Skipping${NC} mongodb.conf, file already exists" 184 | fi 185 | } 186 | 187 | ## Copy over redis_6379.conf 188 | function copyRedis { 189 | if ! [[ -f "$basepath/conf/$profile/redis.conf" ]] ; then 190 | echo -e " - ${green}Copying${NC} Redis redis.conf" 191 | cp $basepath/src/redis/redis.conf $basepath/conf/$profile/redis.conf 192 | else 193 | echo -e " - ${yellow}Skipping${NC} redis.conf, file already exists" 194 | fi 195 | } 196 | 197 | ## Copy over monitrc 198 | function copyMonit { 199 | if ! [[ -f "$basepath/conf/$profile/monitrc" ]] ; then 200 | echo -e " - ${green}Copying${NC} monitrc" 201 | cp $basepath/src/monit/monitrc $basepath/conf/$profile/monitrc 202 | else 203 | echo -e " - ${yellow}Skipping${NC} monitrc, file already exists" 204 | fi 205 | } 206 | 207 | ## Copy over sshd_config 208 | function copySshdConfig { 209 | if ! [[ -f "$basepath/conf/$profile/sshd_config" ]] ; then 210 | echo -e " - ${green}Copying${NC} sshd_config" 211 | cp $basepath/src/ssh/sshd_config $basepath/conf/$profile/sshd_config 212 | else 213 | echo -e " - ${yellow}Skipping${NC} sshd_config, file already exists" 214 | fi 215 | } 216 | 217 | ## Copy over fail2ban config 218 | function copyJailLocal { 219 | if ! [[ -f "$basepath/conf/$profile/jail.local" ]] ; then 220 | echo -e " - ${green}Copying${NC} jail.local" 221 | cp $basepath/src/fail2ban/jail.local $basepath/conf/$profile/jail.local 222 | else 223 | echo -e " - ${yellow}Skipping${NC} jail.local, file already exists" 224 | fi 225 | } 226 | 227 | ## Run the copy files scripts 228 | function copyFiles { 229 | echo -e "${green}Copying new configuration files${NC}" 230 | copyAuthorizedKeys 231 | copyHosts 232 | copyBanner 233 | copyConfig 234 | copyPrivateBash 235 | copyFirewall 236 | createNginx 237 | copyNginx 238 | copyMysql 239 | copyMongodb 240 | copyRedis 241 | copyMonit 242 | copySshdConfig 243 | copyJailLocal 244 | } 245 | 246 | ## Finish 247 | function finish { 248 | echo -e "\n${greenBgWhiteBold}Done!${NC}" 249 | echo -e "Default config files generated. Please edit, manage, or remove the files " 250 | echo -e "in $basepath/conf/$profile/!\n" 251 | } 252 | 253 | getArgs $@ 254 | promptInstall 255 | createProfile 256 | copyFiles 257 | finish 258 | exit 0 -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euo pipefail 3 | IFS=$'\n\t' 4 | # 5 | # Debian Server Installation Manager 6 | # 7 | # @author Mike Gioia 8 | # @name: install.sh 9 | # @about: Install or update packages, update configuration files and dot 10 | # files. 11 | ## 12 | 13 | ## Set up the base path, flags, and variables 14 | basepath="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"; 15 | updateFlag='' 16 | upgradeFlag='' 17 | norootFlag='' 18 | allFlag='' 19 | scriptArgs=() 20 | profile='' 21 | config='' 22 | 23 | ## Set up config defaults 24 | username="trunk" 25 | nginxVersion='' 26 | nginxDependencies='' 27 | mongodbVersion='' 28 | mariadbVersion='' 29 | opensslVersion='' 30 | redisVersion='' 31 | redisphpVersion='' 32 | scripts=() 33 | 34 | ## Source the colors 35 | . $basepath/src/inc/colors 36 | 37 | ## Help message 38 | function showHelp { 39 | echo -e "${redBold} ____ ${NC}" 40 | echo -e "${redBold} .mgg\$\$\$\$gg. ______ _ _ ${NC}" 41 | echo -e "${redBold} ,g\$\" _ \`\$\$b. | _ \ | | (_) ${NC}" 42 | echo -e "${redBold}\"\$\$ ,gs \`\$\$. | | | |___| |__ _ __ _ _ __ ${NC}" 43 | echo -e "${redBold}\"Y\$. ,\$\" \`\$b. | | | / _ \ '_ \| |/ _\` | '_ \ ${NC}" 44 | echo -e "${redBold}\`\"b. _\$\$,d. | |/ / __/ |_) | | (_| | | | | ${NC}" 45 | echo -e "${redBold} \`Yb. |___/ \___|_.__/|_|\__,_|_| |_| ${NC}" 46 | echo -e "${redBold} \`\"Y._ ${NC}" 47 | echo -e "${redBold} \`'\"\"\" Server Installation ${NC}" 48 | echo "" 49 | echo -e "${yellow}Usage:${NC}" 50 | echo " $0 [options] profile [scripts]" 51 | echo "" 52 | echo -e "${yellow}Options:${NC}" 53 | echo -e " ${green}--help -h${NC} Display this help message" 54 | echo -e " ${green}--update -u${NC} Run apt-get update" 55 | echo -e " ${green}--upgrade -g${NC} Run apt-get upgrade" 56 | echo "" 57 | echo -e "${yellow}Available Scripts:${NC}" 58 | echo -e " ${green}all ${NC} Runs all scripts specified in config" 59 | echo -e " ${green}app ${NC} Sets up your application code" 60 | echo -e " ${green}fail2ban ${NC} Intalls Fail2Ban and config files" 61 | echo -e " ${green}firewall ${NC} Copies firewall script and loads on boot" 62 | echo -e " ${green}mariadb ${NC} Installs MariaDB v10.0" 63 | echo -e " ${green}mongodb ${NC} Compiles and installs MongoDB from source" 64 | echo -e " ${green}monit ${NC} Installs Monit via apt" 65 | echo -e " ${green}mysql ${NC} Installs MySQL via apt" 66 | echo -e " ${green}nginx ${NC} Compiles and installs nginx from source" 67 | echo -e " ${green}openssl ${NC} Compiles and installs OpenSSL from source" 68 | echo -e " ${green}php ${NC} Installs PHP from the DotDeb repository" 69 | echo -e " ${green}profile ${NC} Sets up your bash profile" 70 | echo -e " ${green}redis ${NC} Compiles and installs Redis from source" 71 | echo -e " ${green}user ${NC} Creates shell account and configures environment" 72 | echo -e " ${green}xtrabackup ${NC} Installs Percona XtraBackup via apt" 73 | echo "" 74 | echo -e "Default command is ${green}all${NC} if none is specified." 75 | } 76 | 77 | ## Read the remaining arguments from the CLI 78 | function getArgs { 79 | ## Loop through command parameters 80 | for i 81 | do 82 | case $i in 83 | -\? | -h | --help | help ) 84 | showHelp 85 | exit 0 86 | ;; 87 | -u | --update ) 88 | updateFlag=1 89 | ;; 90 | -g | --upgrade ) 91 | upgradeFlag=1 92 | ;; 93 | --noroot ) 94 | norootFlag=1 95 | ;; 96 | all ) 97 | ## Run all scripts 98 | allFlag=1 99 | ;; 100 | app | couchdb | fail2ban | firewall | mariadb | mongodb | monit | mysql ) 101 | ## Add to scripts array 102 | scriptArgs+=$i 103 | ;; 104 | nginx | openssl | php | php7 | profile | redis | ssh | user | xtrabackup ) 105 | ## Add to scripts array 106 | scriptArgs+=$i 107 | ;; 108 | * ) 109 | ## Set the profile path 110 | profile=$i 111 | ;; 112 | esac 113 | done 114 | } 115 | 116 | ## Check if logged in user is root 117 | function checkRoot { 118 | if [[ "$norootFlag" ]] ; then 119 | return 120 | fi 121 | if ! [[ $(id -u) -eq 0 ]] ; then 122 | echo -e "\n${redBgWhiteBold}You are not the root user!${NC}" 123 | exit 1 124 | fi 125 | } 126 | 127 | ## Check if the profile path is to a valid profile 128 | function checkProfile { 129 | config="$basepath/conf/$profile/config" 130 | if ! [[ -f "$config" ]] ; then 131 | echo -e "\n${redBgWhiteBold}Could not find the profile you entered: ${profile}${NC}" 132 | echo -e -n "Make sure to run ./configure.sh in the deploy directory " 133 | echo -e "or ./configure --help for more info.${NC}\n" 134 | exit 1 135 | fi 136 | } 137 | 138 | ## Prompt the user to continue with the installation 139 | function promptInstall { 140 | echo -e "\n${blueBgWhiteBold}This script will update software and configuration files on your server.${NC}" 141 | read -p 'Do you want to continue [y/N]? ' wish 142 | if ! [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 143 | exit 0 144 | fi 145 | } 146 | 147 | ## Read in the config variables and export vars 148 | function readConfig { 149 | . $config 150 | export basepath 151 | export profile 152 | export username 153 | export nginxVersion 154 | export nginxDependencies 155 | export mongodbVersion 156 | export mariadbVersion 157 | export opensslVersion 158 | export redisVersion 159 | export redisphpVersion 160 | export sites 161 | } 162 | 163 | ## Update the system if flag set 164 | function update { 165 | if [[ "$updateFlag" ]] ; then 166 | apt-get update 167 | fi 168 | } 169 | 170 | ## Upgrade the system if flag set 171 | function upgrade { 172 | if [[ "$upgradeFlag" ]] ; then 173 | apt-get upgrade --show-upgraded 174 | fi 175 | } 176 | 177 | ## Export colors 178 | function exportColors { 179 | export black 180 | export red 181 | export green 182 | export yellow 183 | export blue 184 | export magenta 185 | export cyan 186 | export white 187 | export redBgWhite 188 | export redBgWhiteBold 189 | export blueBgWhite 190 | export blueBgWhiteBold 191 | export greenBgWhite 192 | export greenBgWhiteBold 193 | export blackBold 194 | export redBold 195 | export greenBold 196 | export yellowBold 197 | export blueBold 198 | export magentaBold 199 | export cyanBold 200 | export whiteBold 201 | export NC 202 | } 203 | 204 | ## Run the scripts 205 | function runScripts { 206 | if ! [[ "${#scriptArgs[@]}" -eq 0 ]] ; then 207 | for script in "${scriptArgs[@]}" 208 | do 209 | if [[ -f "$basepath/conf/$profile/scripts/$script.sh" ]] ; then 210 | $basepath/conf/$profile/scripts/$script.sh 211 | else 212 | $basepath/scripts/$script.sh 213 | fi 214 | done 215 | else 216 | for script in "${scripts[@]}" 217 | do 218 | if [[ -f "$basepath/conf/$profile/scripts/$script.sh" ]] ; then 219 | $basepath/conf/$profile/scripts/$script.sh 220 | else 221 | $basepath/scripts/$script.sh 222 | fi 223 | done 224 | fi 225 | } 226 | 227 | ## Finish 228 | function finish { 229 | echo -e "\n${greenBgWhiteBold}Done!${NC}" 230 | echo -e "Make sure to restart your server for all changes to take effect!${NC}\n" 231 | } 232 | 233 | ## Run the program 234 | getArgs $@ 235 | checkRoot 236 | checkProfile 237 | promptInstall 238 | readConfig 239 | update 240 | upgrade 241 | exportColors 242 | runScripts 243 | finish 244 | exit 0 245 | -------------------------------------------------------------------------------- /scripts/couchdb.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Installs CouchDB 4 | ## 5 | 6 | ## Prompt to continue 7 | function promptInstall { 8 | echo -e "\n${blueBgWhiteBold}This script will install CouchDB and configure it.${NC}" 9 | read -p 'Do you want to continue [y/N]? ' wish 10 | if ! [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 11 | exit 0 12 | fi 13 | } 14 | 15 | ## Install CouchDB if it's not installed 16 | function installCouchdb { 17 | PKG_OK=$(dpkg-query -W --showformat='${Status}\n' couchdb|grep "install ok installed") 18 | if [[ "" == "$PKG_OK" ]] ; then 19 | echo -e "${green}Installing CouchDB from apt${NC}" 20 | apt-get install couchdb 21 | else 22 | echo -e "${yellow}CouchDB already installed${NC}" 23 | fi 24 | } 25 | 26 | function copyConfigs { 27 | ## Check if there's a local config file to update 28 | if [[ -f "$basepath/conf/$profile/couchdb" ]] ; then 29 | echo -e "${green}Copying couchdb config to /etc/couchdb/local.d/couchdb.ini${NC}" 30 | cp $basepath/conf/$profile/couchdb /etc/couchdb/local.d/couchdb.ini 31 | else 32 | echo -e "${yellow}No couchdb file found, skipping${NC}" 33 | fi 34 | } 35 | 36 | ## Restart the service 37 | function promptRestart { 38 | read -p 'Do you want restart CouchDB? [y/N]? ' wish 39 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 40 | service couchdb restart 41 | fi 42 | } 43 | 44 | promptInstall 45 | installCouchdb 46 | copyConfigs 47 | promptRestart 48 | exit 0 -------------------------------------------------------------------------------- /scripts/fail2ban.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Sets up fail2ban 4 | ## 5 | 6 | ## Prompt to continue 7 | function promptInstall { 8 | echo -e "\n${blueBgWhiteBold}This script will install Fail2Ban and configure it.${NC}" 9 | read -p 'Do you want to continue [y/N]? ' wish 10 | if ! [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 11 | exit 0 12 | fi 13 | } 14 | 15 | ## Install fail2ban if it's not installed 16 | function installFail2ban { 17 | PKG_OK=$(dpkg-query -W --showformat='${Status}\n' fail2ban|grep "install ok installed") 18 | if [[ "" == "$PKG_OK" ]] ; then 19 | echo -e "${green}Installing Fail2Ban from apt${NC}" 20 | apt-get install fail2ban 21 | else 22 | echo -e "${yellow}Fail2Ban already installed${NC}" 23 | fi 24 | } 25 | 26 | function copyConfigs { 27 | ## Check if there's a local config file to update 28 | if [[ -f "$basepath/conf/$profile/jail.local" ]] ; then 29 | echo -e "${green}Copying jail.local to /etc/fail2ban${NC}" 30 | cp $basepath/conf/$profile/jail.local /etc/fail2ban/jail.local 31 | else 32 | echo -e "${yellow}No jail.local found, skipping${NC}" 33 | fi 34 | 35 | ## Copy over configs if they're not there 36 | if ! [[ -f "/etc/fail2ban/filter.d/nginx-dos.conf" ]] ; then 37 | read -p 'Do you want to install the nginx-dos filter [y/N]? ' wish 38 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 39 | echo -e "${green}Copying nginx-dos.confto /etc/fail2ban/filter.d${NC}" 40 | cp $basepath/src/fail2ban/nginx-dos.conf /etc/fail2ban/filter.d/nginx-dos.conf 41 | fi 42 | fi 43 | } 44 | 45 | ## Restart the service 46 | function promptRestart { 47 | read -p 'Do you want restart Fail2Ban? [y/N]? ' wish 48 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 49 | service fail2ban restart 50 | fi 51 | } 52 | 53 | promptInstall 54 | installFail2ban 55 | copyConfigs 56 | promptRestart 57 | exit 0 -------------------------------------------------------------------------------- /scripts/firewall.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copy firewall over and set up pre-up script 4 | ## 5 | 6 | ## Prompt to continue 7 | function promptInstall { 8 | echo -e "\n${blueBgWhiteBold}This script will overwrite your firewall and add it to the network pre-up.${NC}" 9 | read -p 'Do you want to continue [y/N]? ' wish 10 | if ! [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 11 | exit 0 12 | fi 13 | } 14 | 15 | ## Copy the firewall script and add it to pre-up 16 | function copyFirewall { 17 | ## If it exists, copy it over 18 | if ! [[ -f "$basepath/conf/$profile/firewall.sh" ]] ; then 19 | echo -e "${yellow}No firewall.sh found in conf/${profile}${NC}" 20 | return 21 | fi 22 | 23 | cp $basepath/conf/$profile/firewall.sh /etc/firewall.sh 24 | chmod 700 /etc/firewall.sh 25 | chown root:root /etc/firewall.sh 26 | 27 | ## Ask to run firewall 28 | read -p 'Do you want to run the firewall script [Y/n]? ' wish 29 | if ! [[ "$wish" == "n" || "$wish" == "N" ]] ; then 30 | sh /etc/firewall.sh 31 | fi 32 | 33 | ## Set up the pre-up rule in /etc/network/if-pre-up.d 34 | cp $basepath/src/firewall/firewall_preup.sh /etc/network/if-pre-up.d/firewall 35 | chmod 700 /etc/network/if-pre-up.d/firewall 36 | chown root:root /etc/network/if-pre-up.d/firewall 37 | } 38 | 39 | ## Copy the interfaces file if it exists 40 | function copyInterfaces { 41 | ## If it exists, copy it over 42 | if ! [[ -f "$basepath/conf/$profile/interfaces" ]] ; then 43 | echo -e "${yellow}No interfaces found in conf/${profile}${NC}" 44 | return 45 | fi 46 | 47 | cp $basepath/conf/$profile/interfaces /etc/network/interfaces 48 | } 49 | 50 | ## Ask to restart networking services 51 | function restartNetworking { 52 | read -p 'Do you want to restart networking? [y/N] ' wish 53 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 54 | echo -e "${green}Restarting networking${NC}" 55 | ifdown eth0 && ifup eth0 56 | fi 57 | } 58 | 59 | promptInstall 60 | copyFirewall 61 | copyInterfaces 62 | restartNetworking 63 | exit 0 -------------------------------------------------------------------------------- /scripts/mariadb.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Installs MariaDB from apt source 4 | ## 5 | 6 | ## Check if the nginx version is set 7 | function checkMariadb { 8 | if ! [[ -n "${mariadbVersion}" ]] ; then 9 | echo -e "${yellow}Skipping, mariadbVersion not set in config${NC}" 10 | exit 0 11 | fi 12 | } 13 | 14 | ## Prompt to continue 15 | function promptInstall { 16 | echo -e "\n${blueBgWhiteBold}This script will update the system and install MariaDB ${mariadbVersion}.${NC}" 17 | read -p 'Do you want to continue [y/N]? ' wish 18 | if ! [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 19 | exit 0 20 | fi 21 | } 22 | 23 | ## Echo this out to mariadb.list if file not found 24 | function addAptSource { 25 | if ! [[ -f "/etc/apt/sources.list.d/mariadb.list" ]] ; then 26 | echo -e "${green}Adding MariaDB source and fetching key${NC}" 27 | echo '# https://downloads.mariadb.org/mariadb/repositories/' > /etc/apt/sources.list.d/mariadb.list 28 | echo 'deb http://mirror.jmu.edu/pub/mariadb/repo/10.0/debian wheezy main' >> /etc/apt/sources.list.d/mariadb.list 29 | echo 'deb-src http://mirror.jmu.edu/pub/mariadb/repo/10.0/debian wheezy main' >> /etc/apt/sources.list.d/mariadb.list 30 | apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db 31 | apt-get update 32 | else 33 | echo -e "${yellow}Skipping, MariaDB source set in /etc/apt/sources.list.d/${NC}" 34 | fi 35 | } 36 | 37 | ## Install mariadb 38 | function installMariadb { 39 | PKG_OK=$(dpkg-query -W --showformat='${Status}\n' mariadb-server|grep "install ok installed") 40 | if [[ "" == "$PKG_OK" ]] ; then 41 | echo -e "${green}Installing MariaDB. You may be prompted to set username and password${NC}" 42 | apt-get install mariadb-server 43 | else 44 | echo -e "${yellow}MariaDB already installed${NC}" 45 | fi 46 | } 47 | 48 | ## Copy over configs 49 | function copyConfigs { 50 | if [[ -f "$basepath/conf/$profile/my.cnf" ]] ; then 51 | wish="Y" 52 | if [[ -f "/etc/mysql/conf.d/my.cnf" ]] ; then 53 | read -p "Do you want copy my.cnf and reload mysql [y/N]? " wish 54 | fi 55 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 56 | echo -e "${green}Copying my.cnf to /etc/mysql/conf.d and reloading mysql${NC}" 57 | cp $basepath/conf/$profile/my.cnf /etc/mysql/conf.d/my.cnf 58 | /etc/init.d/mysql reload 59 | fi 60 | fi 61 | 62 | ## If there's a mysql history file, write null to it 63 | if [[ -f "/root/.mysql_history" ]] ; then 64 | cat /dev/null > /root/.mysql_history 65 | fi 66 | if [[ -f "/home/$username/.mysql_history" ]] ; then 67 | cat /dev/null > /home/$username/.mysql_history 68 | fi 69 | } 70 | 71 | ## Add mysql to startup 72 | function systemStart { 73 | read -p "Do you want to add mysql to system startup [y/N]? " wish 74 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 75 | /usr/sbin/update-rc.d -f mysql defaults 76 | fi 77 | } 78 | 79 | checkMariadb 80 | promptInstall 81 | addAptSource 82 | installMariadb 83 | copyConfigs 84 | systemStart 85 | exit 0 -------------------------------------------------------------------------------- /scripts/mongodb.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Installs MongoDB from a binary 4 | ## 5 | 6 | ## Prompt to continue 7 | function promptInstall { 8 | echo -e "\n${blueBgWhiteBold}This script will install MongoDB from a pre-compiled binary.${NC}" 9 | read -p 'Do you want to continue [y/N]? ' wish 10 | if ! [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 11 | exit 0 12 | fi 13 | } 14 | 15 | ## Copy tar file, unpack and create symlinks 16 | function installMongodb { 17 | MONGODB_OK=$(/opt/mongodb/bin/mongo --version 2>&1 | grep "${mongodbVersion}") 18 | if [[ "" == "$MONGODB_OK" ]] ; then 19 | echo -e "${green}Installing MongoDB to /opt/mongodb${NC}" 20 | ## Get the binaries 21 | wget -P /opt/ http://fastdl.mongodb.org/linux/mongodb-linux-x86_64-${mongodbVersion}.tgz 22 | tar -xzf /opt/mongodb-linux-x86_64-${mongodbVersion}.tgz -C /opt 23 | 24 | if [[ -d "/opt/mongodb" ]] ; then 25 | rm -rf /opt/mongodb 26 | fi 27 | 28 | mv /opt/mongodb-linux-x86_64-${mongodbVersion} /opt/mongodb 29 | else 30 | echo -e "${yellow}MongoDB already updated to version ${mongodbVersion}${NC}" 31 | fi 32 | 33 | ## Create symlinks 34 | MONGODB_BINARIES="/opt/mongodb/bin/*" 35 | for b in $MONGODB_BINARIES 36 | do 37 | binaryFilename=$(basename $b) 38 | if ! [[ -h "/usr/local/bin/$binaryFilename" ]] ; then 39 | ln -s /opt/mongodb/bin/$binaryFilename /usr/local/bin/$binaryFilename 40 | fi 41 | done 42 | } 43 | 44 | ## Create directories 45 | function createDirectories { 46 | if ! [[ -d "/data" ]] ; then 47 | mkdir /data 48 | fi 49 | if ! [[ -d "/data/mongodb" ]] ; then 50 | mkdir /data/mongodb 51 | fi 52 | if ! [[ -d "/var/log/mongodb" ]] ; then 53 | mkdir /var/log/mongodb 54 | fi 55 | } 56 | 57 | ## Create the user 58 | function createUser { 59 | egrep "^mongod" /etc/passwd >/dev/null 60 | if ! [[ $? -eq 0 ]] ; then 61 | echo ' --> creating new user mongod' 62 | echo -e "${green}Creating new user mongod${NC}" 63 | adduser --system --no-create-home --disabled-login --disabled-password --group mongod 64 | fi 65 | 66 | chown -R mongod:mongod /data/mongodb 67 | chown -R mongod:mongod /var/log/mongodb 68 | } 69 | 70 | ## Copy the init script 71 | function copyInit { 72 | cp $basepath/src/mongodb/mongodb_init /etc/init.d/mongodb 73 | chmod +x /etc/init.d/mongodb 74 | } 75 | 76 | ## Copy the config file 77 | function copyConfig { 78 | if [[ -f "$basepath/conf/$profile/mongodb.conf" ]] ; then 79 | echo -e "${green}Copying over mongodb.conf to /etc${NC}" 80 | cp $basepath/conf/$profile/mongodb.conf /etc/mongodb.conf 81 | fi 82 | } 83 | 84 | ## Add mongodb to startup 85 | function systemStart { 86 | read -p "Do you want to add mongodb to system startup [y/N]? " wish 87 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 88 | /usr/sbin/update-rc.d -f mongodb defaults 89 | fi 90 | } 91 | 92 | ## Start the process if it isn't 93 | function startRestartMongodb { 94 | if ! [[ -f "/etc/mongodb.conf" ]] ; then 95 | echo -e "${redBgWhiteBold}No config file found at /etc/mongodb.conf! Did you forget to add one to conf/${profile}?${NC}" 96 | echo -e "${yellowBold}Try running './configure.sh ${profile}' again to generate a new mongodb.conf file.${NC}" 97 | return 98 | fi 99 | if [[ $( pidof mongod) ]] ; then 100 | read -p "MongoDB is running, do you want to restart it? [y/N]? " wish 101 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 102 | /etc/init.d/mongodb restart 103 | fi 104 | else 105 | read -p "Do you want to start MongoDB? [y/N]? " wish 106 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 107 | /etc/init.d/mongodb start 108 | fi 109 | fi 110 | } 111 | 112 | promptInstall 113 | installMongodb 114 | createDirectories 115 | createUser 116 | copyInit 117 | copyConfig 118 | systemStart 119 | startRestartMongodb 120 | exit 0 -------------------------------------------------------------------------------- /scripts/monit.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Installs Monit and copies over config file 4 | ## 5 | 6 | ## Prompt to continue 7 | function promptInstall { 8 | echo -e "\n${blueBgWhiteBold}This script will install monit.${NC}" 9 | read -p 'Do you want to continue [y/N]? ' wish 10 | if ! [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 11 | exit 0 12 | fi 13 | } 14 | 15 | ## Install if it isn't already 16 | function installMonit { 17 | PKG_OK=$(dpkg-query -W --showformat='${Status}\n' monit|grep "install ok installed") 18 | if [[ "" == "$PKG_OK" ]] ; then 19 | echo -e "${green}Installing Monit from apt${NC}" 20 | apt-get install monit 21 | else 22 | echo -e "${yellow}Monit already installed${NC}" 23 | fi 24 | 25 | read -p 'Do you want to add monit to system startup [y/N] ' wish 26 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 27 | update-rc.d monit defaults 28 | fi 29 | } 30 | 31 | ## Copy over the monitrc file and reload monit 32 | function copyRcFile { 33 | if [[ -f "$basepath/conf/$profile/monitrc" ]] ; then 34 | cp $basepath/conf/$profile/monitrc /etc/monit/monitrc 35 | fi 36 | monit reload 37 | } 38 | 39 | promptInstall 40 | installMonit 41 | copyRcFile 42 | exit 0 -------------------------------------------------------------------------------- /scripts/mysql.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Installs MySQL from apt 4 | ## 5 | 6 | ## Prompt to continue 7 | function promptInstall { 8 | echo -e "\n${blueBgWhiteBold}This script will update the system and install MySQL.${NC}" 9 | read -p 'Do you want to continue [y/N]? ' wish 10 | if ! [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 11 | exit 0 12 | fi 13 | } 14 | 15 | ## Install mysql 16 | function installMysql { 17 | PKG_OK=$(dpkg-query -W --showformat='${Status}\n' mysql-server|grep "install ok installed") 18 | if [[ "" == "$PKG_OK" ]] ; then 19 | echo -e "${green}Installing MySQL. You may be prompted to set username and password${NC}" 20 | apt-get install mysql-server mysql-client 21 | else 22 | echo -e "${yellow}MySQL already installed${NC}" 23 | fi 24 | } 25 | 26 | ## Copy over configs 27 | function copyConfigs { 28 | if [[ -f "$basepath/conf/$profile/my.cnf" ]] ; then 29 | wish="Y" 30 | if [[ -f "/etc/mysql/conf.d/my.cnf" ]] ; then 31 | read -p "Do you want copy my.cnf and reload mysql [y/N]? " wish 32 | fi 33 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 34 | echo -e "${green}Copying my.cnf to /etc/mysql/conf.d and reloading mysql${NC}" 35 | cp $basepath/conf/$profile/my.cnf /etc/mysql/conf.d/my.cnf 36 | /etc/init.d/mysql reload 37 | fi 38 | fi 39 | 40 | ## If there's a mysql history file, write null to it 41 | if [[ -f "/root/.mysql_history" ]] ; then 42 | cat /dev/null > /root/.mysql_history 43 | fi 44 | if [[ -f "/home/$username/.mysql_history" ]] ; then 45 | cat /dev/null > /home/$username/.mysql_history 46 | fi 47 | } 48 | 49 | ## Add mysql to startup 50 | function systemStart { 51 | read -p "Do you want to add mysql to system startup [y/N]? " wish 52 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 53 | /usr/sbin/update-rc.d -f mysql defaults 54 | fi 55 | } 56 | 57 | promptInstall 58 | installMysql 59 | copyConfigs 60 | systemStart 61 | exit 0 -------------------------------------------------------------------------------- /scripts/nginx.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Installs nginx from source 4 | ## 5 | 6 | ## Check if the nginx version is set 7 | function checkNginx { 8 | if ! [[ -n "${nginxVersion}" ]] ; then 9 | echo -e "${yellow}Skipping, nginxVersion not set in config${NC}" 10 | exit 0 11 | fi 12 | } 13 | 14 | ## Prompt to continue 15 | function promptInstall { 16 | echo -e "\n${blueBgWhiteBold}This script will install nginx from source.${NC}" 17 | read -p 'Do you want to continue [y/N]? ' wish 18 | if ! [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 19 | exit 0 20 | fi 21 | } 22 | 23 | ## Install requirements if not installed 24 | function installDependencies { 25 | PKG_OK=$(dpkg-query -W --showformat='${Status}\n' libpcre3-dev|grep "install ok installed") 26 | if [[ "" == "$PKG_OK" ]] ; then 27 | echo -e "${green}Installing libpre3-dev${NC}\n" 28 | apt-get install libpcre3-dev 29 | fi 30 | 31 | PKG_OK=$(dpkg-query -W --showformat='${Status}\n' build-essential|grep "install ok installed") 32 | if [[ "" == "$PKG_OK" ]] ; then 33 | echo -e "${green}Installing build-essential${NC}\n" 34 | apt-get install build-essential 35 | fi 36 | 37 | PKG_OK=$(dpkg-query -W --showformat='${Status}\n' libssl-dev|grep "install ok installed") 38 | if [[ "" == "$PKG_OK" ]] ; then 39 | echo -e "${green}Installing libssl-dev${NC}\n" 40 | apt-get install libssl-dev 41 | fi 42 | } 43 | 44 | ## Check if nginx is up to date. If not install/update nginx. 45 | function installNginx { 46 | NGINX_OK=$(/opt/nginx/sbin/nginx -v 2>&1 | grep "nginx/${nginxVersion}") 47 | if [[ "" == "$NGINX_OK" ]] ; then 48 | echo -e "${green}Installing nginx from source to /opt/nginx${NC}" 49 | cd /opt/ 50 | wget http://nginx.org/download/nginx-${nginxVersion}.tar.gz 51 | tar -zxvf nginx-${nginxVersion}.tar.gz 52 | cd /opt/nginx-${nginxVersion}/ 53 | ## @todo move this out to config file 54 | ./configure \ 55 | --prefix=/opt/nginx \ 56 | --user=nginx \ 57 | --group=nginx \ 58 | --with-http_ssl_module \ 59 | --with-ipv6 \ 60 | --with-http_stub_status_module \ 61 | --with-http_realip_module \ 62 | ${nginxDependencies} 63 | make 64 | make install 65 | else 66 | echo -e "${yellow}nginx already updated to version ${nginxVersion}${NC}" 67 | fi 68 | } 69 | 70 | ## Check if nginx user exists. If not, create the new user. 71 | function addUser { 72 | egrep "^nginx" /etc/passwd >/dev/null 73 | if ! [[ $? -eq 0 ]] ; then 74 | echo -e "${green}Adding nginx user${NC}" 75 | adduser --system --no-create-home --disabled-login --disabled-password --group nginx 76 | fi 77 | } 78 | 79 | ## Copy over the default nginx and trunk config. set up directories. 80 | function copyConfig { 81 | echo -e "${green}Copying over config files to /opt/nginx/conf${NC}" 82 | if ! [[ -d "/opt/nginx/conf/sites-available" ]] ; then 83 | mkdir /opt/nginx/conf/sites-available 84 | fi 85 | if ! [[ -d "/opt/nginx/conf/sites-enabled" ]] ; then 86 | mkdir /opt/nginx/conf/sites-enabled 87 | fi 88 | 89 | if [[ -f "$basepath/conf/$profile/nginx.conf" ]] ; then 90 | cp $basepath/conf/$profile/nginx.conf /opt/nginx/conf/nginx.conf 91 | else 92 | cp $basepath/src/nginx/conf/nginx.conf /opt/nginx/conf/nginx.conf 93 | fi 94 | 95 | cp $basepath/src/nginx/conf/static.conf /opt/nginx/conf/static.conf 96 | cp $basepath/src/nginx/conf/mime.types /opt/nginx/conf/mime.types 97 | 98 | if [[ 0 -lt $(ls $basepath/conf/$profile/nginx/*.conf 2>/dev/null | wc -w) ]] ; then 99 | cp $basepath/conf/$profile/nginx/*.conf /opt/nginx/conf/ 100 | fi 101 | } 102 | 103 | ## Copy over the nginx config files to sites-available. For each 104 | ## config file, check if there's a symlink in sites-enabled. if not, 105 | ## add he new sym link. 106 | function copySites { 107 | if [[ -d "$basepath/conf/$profile/nginx/sites-available" ]] ; then 108 | if [[ 0 -lt $(ls $basepath/conf/$profile/nginx/sites-available/*.conf 2>/dev/null | wc -w) ]] ; then 109 | echo -e "${green}Copying over site config files${NC}" 110 | cp $basepath/conf/$profile/nginx/sites-available/*.conf /opt/nginx/conf/sites-available/ 111 | CONF_FILES="/opt/nginx/conf/sites-available/*.conf" 112 | for c in $CONF_FILES 113 | do 114 | config_filename=$(basename $c) 115 | if ! [[ -h "/opt/nginx/conf/sites-enabled/$config_filename" ]] ; then 116 | ln -s ../sites-available/$config_filename /opt/nginx/conf/sites-enabled/$config_filename 117 | fi 118 | done 119 | fi 120 | fi 121 | } 122 | 123 | ## Copy over the init script and set up nginx to start on reboot 124 | function copyInit { 125 | echo -e "${green}Configuring the init script${NC}" 126 | cp $basepath/src/nginx/nginx_init /etc/init.d/nginx 127 | chmod +x /etc/init.d/nginx 128 | read -p "Do you want to add nginx to system startup? [y/N]? " wish 129 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 130 | /usr/sbin/update-rc.d -f nginx defaults 131 | fi 132 | read -p "Do you want to remove apache from system startup? [y/N]? " wish 133 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 134 | /usr/sbin/update-rc.d -f apache2 remove 135 | fi 136 | } 137 | 138 | ## Copy over remaining nginx files 139 | function copyDefaults { 140 | echo -e "${green}Copying 404 and 50x files${NC}" 141 | if ! [[ -d "/var/www" ]] ; then 142 | mkdir /var/www 143 | chown www-data:www-data /var/www 144 | fi 145 | if ! [[ -f "/var/www/404.html" ]] ; then 146 | cp $basepath/src/nginx/404.html /var/www/404.html 147 | chown www-data:www-data /var/www/404.html 148 | fi 149 | if ! [[ -f "/var/www/50x.html" ]] ; then 150 | cp $basepath/src/nginx/50x.html /var/www/50x.html 151 | chown www-data:www-data /var/www/50x.html 152 | fi 153 | } 154 | 155 | ## Update permissions 156 | function updatePermissions { 157 | read -p "Do you want to change ownership of all /var/www files to www-data? [y/N]? " wish 158 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 159 | chown -R www-data:www-data /var/www 160 | fi 161 | } 162 | 163 | ## Ask the user if they need to copy over any SSL certs/keys 164 | function promptSsl { 165 | echo -e "${yellow}nginx will now be started or reloaded. Now would be a good time to copy over any SSL certificates and keys!${NC}" 166 | read -p 'Press any key to continue ' anykey 167 | } 168 | 169 | ## If nginx is running, reload the config. if it's not, start nginx. 170 | function startReloadNginx { 171 | if [[ $( pidof nginx) ]] ; then 172 | read -p "nginx is running, do you want to reload it? [y/N]? " wish 173 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 174 | service nginx reload 175 | fi 176 | else 177 | read -p "Do you want to start nginx? [y/N]? " wish 178 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 179 | service nginx start 180 | fi 181 | fi 182 | } 183 | 184 | checkNginx 185 | promptInstall 186 | installDependencies 187 | installNginx 188 | addUser 189 | copyConfig 190 | copySites 191 | copyInit 192 | copyDefaults 193 | updatePermissions 194 | promptSsl 195 | startReloadNginx 196 | exit 0 197 | -------------------------------------------------------------------------------- /scripts/openssl.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Installs OpenSSL from source 4 | ## 5 | 6 | echo 'This script will install OpenSSL from source.' 7 | read -p 'Do you want to continue [y/N]? ' wish 8 | if ! [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 9 | echo "Aborted" 10 | exit 11 | fi 12 | 13 | ## Install requirements if not installed 14 | PKG_OK=$(dpkg-query -W --showformat='${Status}\n' libpcre3-dev|grep "install ok installed") 15 | if [[ "" == "$PKG_OK" ]] ; then 16 | apt-get install libpcre3-dev 17 | fi 18 | 19 | PKG_OK=$(dpkg-query -W --showformat='${Status}\n' build-essential|grep "install ok installed") 20 | if [[ "" == "$PKG_OK" ]] ; then 21 | apt-get install build-essential 22 | fi 23 | 24 | PKG_OK=$(dpkg-query -W --showformat='${Status}\n' libssl-dev|grep "install ok installed") 25 | if [[ "" == "$PKG_OK" ]] ; then 26 | apt-get install libssl-dev 27 | fi 28 | 29 | ## Check if openssl version is equal to installed version. 30 | ## if not, update openssl. 31 | OPENSSL_OK=$(openssl version 2>&1 | grep "${openssl_version}") 32 | if [[ "" == "$OPENSSL_OK" && -n "${openssl_version}" ]] ; then 33 | echo " --> installing openssl from source to /opt/openssl-${openssl_version}" 34 | cd /opt/ 35 | wget http://www.openssl.org/source/openssl-${openssl_version}.tar.gz 36 | tar xvzf openssl-${openssl_version}.tar.gz 37 | cd openssl-${openssl_version} 38 | ./config --prefix=/usr zlib-dynamic --openssldir=/etc/ssl shared 39 | make 40 | make install 41 | else 42 | echo " --> OpenSSL already updated to version ${openssl_version}" 43 | fi 44 | 45 | echo 'OpenSSL completed' 46 | echo '' -------------------------------------------------------------------------------- /scripts/php.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Installs PHP from the dotdeb repository. 4 | ## 5 | 6 | ## Prompt to continue 7 | function promptInstall { 8 | echo -e "\n${blueBgWhiteBold}This script will install PHP and PHP-FPM.${NC}" 9 | read -p 'Do you want to continue [y/N]? ' wish 10 | if ! [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 11 | exit 0 12 | fi 13 | } 14 | 15 | ## Set up the source file in /etc/apt 16 | function setupSource { 17 | if ! [[ -f "/etc/apt/sources.list.d/dotdeb.list" ]] ; then 18 | echo -e "${green}Creating dotdeb.list in /etc/apt/sources.list.d${NC}" 19 | echo 'deb http://packages.dotdeb.org wheezy-php56 all' > /etc/apt/sources.list.d/dotdeb.list 20 | echo 'deb-src http://packages.dotdeb.org wheezy-php56 all' >> /etc/apt/sources.list.d/dotdeb.list 21 | fi 22 | } 23 | 24 | ## Fetch the GPG key if it's not present 25 | function addGpgKey { 26 | KEY_OK=$(gpg --list-keys 89DF5277) 27 | if ! [[ "$KEY_OK" ]] ; then 28 | echo -e "${green}Adding dotdeb GPG key to keyring${NC}" 29 | gpg --keyserver keys.gnupg.net --recv-key 89DF5277 30 | gpg -a --export 89DF5277 | sudo apt-key add - 31 | fi 32 | 33 | apt-get update 34 | } 35 | 36 | ## Install PHP5 and all modules 37 | function installPhp { 38 | apt-get install \ 39 | php5 php5-common php5-dev php5-curl \ 40 | php5-mcrypt php5-mysqlnd php5-pspell \ 41 | php5-tidy php-pear php5-cli php5-fpm 42 | # libssh2-php 43 | } 44 | 45 | ## Look inside an fpm folder in the profile if there is one. If so 46 | ## copy those config files to the pool.d for FPM. 47 | function copyPoolConfigs { 48 | if [[ -d "$basepath/conf/$profile/php/fpm" ]] ; then 49 | echo -e "${green}Copying over PHP-FPM pool config files${NC}" 50 | cp $basepath/conf/$profile/php/fpm/*.conf /etc/php5/fpm/pool.d/ 51 | fi 52 | } 53 | 54 | ## Look for any available mods and add them 55 | function copyModsAvailable { 56 | if [[ -d "$basepath/conf/$profile/php/mods-available" ]] ; then 57 | echo -e "${green}Copying over PHP mods${NC}" 58 | cp $basepath/conf/$profile/php/mods-available/*.ini /etc/php5/mods-available/ 59 | CONF_FILES="$basepath/conf/$profile/php/mods-available/*.ini" 60 | for c in $CONF_FILES 61 | do 62 | config_filename=$(basename $c) 63 | if ! [[ -h "/etc/php5/cli/conf.d/40-$config_filename" ]] ; then 64 | ln -s ../../mods-available/$config_filename /etc/php5/cli/conf.d/40-$config_filename 65 | fi 66 | if ! [[ -h "/etc/php5/fpm/conf.d/40-$config_filename" ]] ; then 67 | ln -s ../../mods-available/$config_filename /etc/php5/fpm/conf.d/40-$config_filename 68 | fi 69 | done 70 | fi 71 | } 72 | 73 | ## Ask to add FPM to startup 74 | ## Add mysql to startup 75 | function systemStart { 76 | read -p "Do you want to add php5-fpm to system startup [y/N]? " wish 77 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 78 | /usr/sbin/update-rc.d -f php5-fpm defaults 79 | fi 80 | } 81 | 82 | ## Ask to install MongoDB extension for php 83 | function mongoExtension { 84 | if ! [[ -f "/etc/php5/mods-available/mongo.ini" ]] ; then 85 | read -p "Do you want to install the PHP MongoDB extension [y/N]? " wish 86 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 87 | apt-get install php-pear php5-dev 88 | pecl install mongo 89 | echo "extension=mongo.so" > /etc/php5/mods-available/mongo.ini 90 | if ! [[ -h "/etc/php5/cli/conf.d/30-mongo.ini" ]] ; then 91 | ln -s ../../mods-available/mongo.ini /etc/php5/cli/conf.d/30-mongo.ini 92 | fi 93 | if ! [[ -h "/etc/php5/fpm/conf.d/30-mongo.ini" ]] ; then 94 | ln -s ../../mods-available/mongo.ini /etc/php5/fpm/conf.d/30-mongo.ini 95 | fi 96 | fi 97 | fi 98 | } 99 | 100 | ## Ask to install Redis extension for PHP 101 | function redisExtension { 102 | if ! [[ -f "/etc/php5/mods-available/redis.ini" ]] ; then 103 | read -p "Do you want to install the PHP Redis extension [y/N]? " wish 104 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 105 | ## Check if the extension version is set 106 | if ! [[ -n "$redisphpVersion" ]] ; then 107 | echo -e "${redBgWhiteBold}No redisphpVersion set in this profile's config file! Did you add one?${NC}" 108 | read -p "Press any key to continue" anykey 109 | return 110 | fi 111 | 112 | cd /opt 113 | wget https://github.com/nicolasff/phpredis/archive/${redisphpVersion}.tar.gz 114 | 115 | ## Check if it got the file 116 | if ! [[ -f "/opt/$redisphpVersion.tar.gz" ]] ; then 117 | echo -e "${redBgWhiteBold}Failed to download PHP Redis extension archive. Is the version correct?${NC}" 118 | read -p "Press any key to continue" anykey 119 | return 120 | fi 121 | 122 | mv ${redisphpVersion}.tar.gz phpredis-${redisphpVersion}.tar.gz 123 | tar -xzf phpredis-${redisphpVersion}.tar.gz 124 | cd phpredis-${redisphpVersion} 125 | phpize 126 | ./configure 127 | make && make install 128 | 129 | echo "extension=redis.so" > /etc/php5/mods-available/redis.ini 130 | if ! [[ -h "/etc/php5/cli/conf.d/30-redis.ini" ]] ; then 131 | ln -s ../../mods-available/redis.ini /etc/php5/cli/conf.d/30-redis.ini 132 | fi 133 | if ! [[ -h "/etc/php5/fpm/conf.d/30-redis.ini" ]] ; then 134 | ln -s ../../mods-available/redis.ini /etc/php5/fpm/conf.d/30-redis.ini 135 | fi 136 | fi 137 | fi 138 | } 139 | 140 | function promptRestart { 141 | read -p "Do you want to restart PHP-FPM? [y/N]? " wish 142 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 143 | /etc/init.d/php5-fpm restart 144 | fi 145 | } 146 | 147 | ## @TODO 148 | ## Ask to install the cphalcon extension for PHP? 149 | 150 | promptInstall 151 | setupSource 152 | addGpgKey 153 | installPhp 154 | copyPoolConfigs 155 | copyModsAvailable 156 | mongoExtension 157 | redisExtension 158 | promptRestart 159 | exit 0 -------------------------------------------------------------------------------- /scripts/php7.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Installs PHP from the dotdeb repository. 4 | ## 5 | 6 | ## Prompt to continue 7 | function promptInstall { 8 | echo -e "\n${blueBgWhiteBold}This script will install PHP 7.0 and PHP-FPM 7.0.${NC}" 9 | read -p 'Do you want to continue [y/N]? ' wish 10 | if ! [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 11 | exit 0 12 | fi 13 | } 14 | 15 | ## Set up the source file in /etc/apt 16 | function setupSource { 17 | if ! [[ -f "/etc/apt/sources.list.d/dotdeb.list" ]] ; then 18 | echo -e "${green}Creating dotdeb.list in /etc/apt/sources.list.d${NC}" 19 | echo 'deb http://packages.dotdeb.org jessie all' > /etc/apt/sources.list.d/dotdeb.list 20 | echo 'deb-src http://packages.dotdeb.org jessie all' >> /etc/apt/sources.list.d/dotdeb.list 21 | fi 22 | } 23 | 24 | ## Fetch the GPG key if it's not present 25 | function addGpgKey { 26 | KEY_OK=$(gpg --list-keys 89DF5277) 27 | if ! [[ "$KEY_OK" ]] ; then 28 | echo -e "${green}Adding dotdeb GPG key to keyring${NC}" 29 | gpg --keyserver keys.gnupg.net --recv-key 89DF5277 30 | gpg -a --export 89DF5277 | sudo apt-key add - 31 | fi 32 | 33 | apt-get update 34 | } 35 | 36 | ## Install PHP7 and all modules 37 | function installPhp { 38 | apt-get install \ 39 | php7.0 php7.0-common php7.0-dev php7.0-curl \ 40 | php7.0-mcrypt php7.0-mysqlnd php7.0-pspell \ 41 | php7.0-tidy php-pear php7.0-cli php7.0-fpm 42 | } 43 | 44 | ## Look inside an fpm folder in the profile if there is one. If so 45 | ## copy those config files to the pool.d for FPM. 46 | function copyPoolConfigs { 47 | if [[ -d "$basepath/conf/$profile/php/fpm" ]] ; then 48 | echo -e "${green}Copying over PHP-FPM pool config files${NC}" 49 | cp $basepath/conf/$profile/php/fpm/*.conf /etc/php/7.0/fpm/pool.d/ 50 | fi 51 | } 52 | 53 | ## Look for any available mods and add them 54 | function copyModsAvailable { 55 | if [[ -d "$basepath/conf/$profile/php/mods-available" ]] ; then 56 | echo -e "${green}Copying over PHP mods${NC}" 57 | cp $basepath/conf/$profile/php/mods-available/*.ini /etc/php/7.0/mods-available/ 58 | CONF_FILES="$basepath/conf/$profile/php/mods-available/*.ini" 59 | for c in $CONF_FILES 60 | do 61 | config_filename=$(basename $c) 62 | if ! [[ -h "/etc/php/7.0/cli/conf.d/40-$config_filename" ]] ; then 63 | ln -s ../../mods-available/$config_filename /etc/php/7.0/cli/conf.d/40-$config_filename 64 | fi 65 | if ! [[ -h "/etc/php/7.0/fpm/conf.d/40-$config_filename" ]] ; then 66 | ln -s ../../mods-available/$config_filename /etc/php/7.0/fpm/conf.d/40-$config_filename 67 | fi 68 | done 69 | fi 70 | } 71 | 72 | ## Ask to add FPM to startup 73 | ## Add mysql to startup 74 | function systemStart { 75 | read -p "Do you want to add php7.0-fpm to system startup [y/N]? " wish 76 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 77 | /usr/sbin/update-rc.d -f php7.0-fpm defaults 78 | fi 79 | } 80 | 81 | ## Ask to install MongoDB extension for php 82 | function mongoExtension { 83 | if ! [[ -f "/etc/php/7.0/mods-available/mongodb.ini" ]] ; then 84 | read -p "Do you want to install the PHP MongoDB extension [y/N]? " wish 85 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 86 | apt-get install php7.0-mongodb 87 | if ! [[ -h "/etc/php/7.0/cli/conf.d/30-mongodb.ini" ]] ; then 88 | ln -s ../../mods-available/mongodb.ini /etc/php/7.0/cli/conf.d/30-mongodb.ini 89 | fi 90 | if ! [[ -h "/etc/php/7.0/fpm/conf.d/30-mongo.ini" ]] ; then 91 | ln -s ../../mods-available/mongodb.ini /etc/php/7.0/fpm/conf.d/30-mongodb.ini 92 | fi 93 | fi 94 | fi 95 | } 96 | 97 | ## Ask to install Redis extension for PHP 98 | ## @TODO 99 | function redisExtension { 100 | if ! [[ -f "/etc/php/7.0/mods-available/redis.ini" ]] ; then 101 | read -p "Do you want to install the PHP Redis extension [y/N]? " wish 102 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 103 | apt-get install php7.0-redis 104 | if ! [[ -h "/etc/php/7.0/cli/conf.d/30-redis.ini" ]] ; then 105 | ln -s ../../mods-available/redis.ini /etc/php/7.0/cli/conf.d/30-redis.ini 106 | fi 107 | if ! [[ -h "/etc/php/7.0/fpm/conf.d/30-mongo.ini" ]] ; then 108 | ln -s ../../mods-available/redis.ini /etc/php/7.0/fpm/conf.d/30-redis.ini 109 | fi 110 | fi 111 | fi 112 | } 113 | 114 | function promptRestart { 115 | read -p "Do you want to restart PHP-FPM? [y/N]? " wish 116 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 117 | /etc/init.d/php7.0-fpm restart 118 | fi 119 | } 120 | 121 | promptInstall 122 | setupSource 123 | addGpgKey 124 | installPhp 125 | copyPoolConfigs 126 | copyModsAvailable 127 | mongoExtension 128 | redisExtension 129 | promptRestart 130 | exit 0 131 | -------------------------------------------------------------------------------- /scripts/profile.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Sets up the user profile, copies bash configs 4 | ## 5 | 6 | ## Prompt to continue 7 | function promptInstall { 8 | echo -e "\n${blueBgWhiteBold}This script will set the user's profile, aliases, and authorized keys.${NC}" 9 | read -p 'Do you want to continue [y/N]? ' wish 10 | if ! [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 11 | exit 0 12 | fi 13 | } 14 | 15 | ## Copy over logout, profile, and rc files and set up bash dir 16 | function copyBashFiles { 17 | echo -e "${green}Copying bash config files${NC}" 18 | cp $basepath/src/dotfiles/bash_logout /home/$username/.bash_logout 19 | cp $basepath/src/dotfiles/bash_profile /home/$username/.bash_profile 20 | cp $basepath/src/dotfiles/bashrc /home/$username/.bashrc 21 | cp $basepath/src/dotfiles/inputrc /home/$username/.inputrc 22 | 23 | ## Create ~/.bash directory for files 24 | if ! [[ -d "/home/$username/.bash" ]] ; then 25 | mkdir /home/$username/.bash 26 | fi 27 | 28 | cp $basepath/src/dotfiles/aliases /home/$username/.bash/aliases 29 | cp $basepath/src/dotfiles/functions /home/$username/.bash/functions 30 | cp $basepath/src/dotfiles/linux /home/$username/.bash/linux 31 | 32 | ## If there's a private config, copy it over 33 | if [[ -f "$basepath/conf/$profile/bash_private" ]] ; then 34 | cp $basepath/conf/$profile/bash_private /home/$username/.bash/private 35 | fi 36 | } 37 | 38 | ## Check if hosts is in conf folder first 39 | function copyHosts { 40 | if [[ -f "$basepath/conf/$profile/hosts" ]] ; then 41 | echo -e "${green}Overwriting hosts file in /etc/hosts${NC}" 42 | if [[ -f "/etc/hosts" ]] ; then 43 | rm /etc/hosts 44 | fi 45 | cp $basepath/conf/$profile/hosts /etc/hosts 46 | fi 47 | } 48 | 49 | ## Copy over the banner 50 | function copyBanner { 51 | echo -e "${green}Overwriting login banner in /etc/issue${NC}" 52 | cp $basepath/src/banner /etc/issue 53 | 54 | if [[ -f "$basepath/conf/$profile/banner" ]] ; then 55 | cp $basepath/conf/$profile/banner /etc/issue 56 | fi 57 | } 58 | 59 | ## Ask to change the timezone 60 | function changeTimezone { 61 | read -p 'Do you want to change the system timezone? [y/N] ' wish 62 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 63 | echo -e "${green}Changing system timezone${NC}" 64 | dpkg-reconfigure tzdata 65 | fi 66 | } 67 | 68 | ## Set up the SSH profile 69 | function setupSsh { 70 | if ! [[ -d "/home/$username/.ssh" ]] ; then 71 | mkdir /home/$username/.ssh 72 | fi 73 | 74 | if [[ -f "$basepath/conf/$profile/authorized_keys" ]] ; then 75 | echo -e "${green}Copying your authorized keys file${NC}" 76 | if [[ -f "/home/$username/.ssh/authorized_keys" ]] ; then 77 | rm /home/$username/.ssh/authorized_keys 78 | fi 79 | cp $basepath/conf/$profile/authorized_keys /home/$username/.ssh/authorized_keys 80 | fi 81 | 82 | if [[ -f "/home/$username/.ssh/id_rsa" ]] ; then 83 | chmod 400 /home/$username/.ssh/id_rsa 84 | fi 85 | } 86 | 87 | ## Set up other home folders and if any files in similarly-named 88 | ## folders exist in the local config, copy them in. 89 | function homeFolders { 90 | echo -e "${green}Creating home folders and copying files over${NC}" 91 | if ! [[ -d "/home/$username/scripts" ]] ; then 92 | mkdir /home/$username/scripts 93 | fi 94 | if [[ -d "$basepath/conf/$profile/scripts" ]] ; then 95 | cp -r $basepath/conf/$profile/scripts/* /home/$username/scripts/ 96 | fi 97 | if ! [[ -d "/home/$username/archive" ]] ; then 98 | mkdir /home/$username/archive 99 | fi 100 | if [[ -d "$basepath/conf/$profile/archive" ]] ; then 101 | cp -r $basepath/conf/$profile/archive/* /home/$username/archive/ 102 | fi 103 | if ! [[ -d "/home/$username/install" ]] ; then 104 | mkdir /home/$username/install 105 | fi 106 | if [[ -d "$basepath/conf/$profile/install" ]] ; then 107 | cp -r $basepath/conf/$profile/install/* /home/$username/install/ 108 | fi 109 | } 110 | 111 | ## Make scripts executable 112 | function makeScriptsExec { 113 | if test -n "$(find /home/$username/install/ -maxdepth 1 -name '*.sh' -print -quit)" ; then 114 | echo -e "${green}Making ~/install files executable${NC}" 115 | chmod +x /home/$username/install/*.sh 116 | fi 117 | if test -n "$(find /home/$username/scripts/ -maxdepth 1 -name '*.sh' -print -quit)" ; then 118 | echo -e "${green}Making ~/scripts files executable${NC}" 119 | chmod +x /home/$username/scripts/*.sh 120 | fi 121 | } 122 | 123 | ## Ask to change shell to bash 124 | function changeShell { 125 | read -p 'Do you want to change the login shell to bash? [y/N] ' wish 126 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 127 | echo -e "${green}Changing login shell to bash${NC}" 128 | chsh -s '/bin/bash' $username 129 | fi 130 | } 131 | 132 | ## Ask to re-own home directory files 133 | function reownHome { 134 | chmod 750 /home/$username 135 | read -p "Do you want to change ownership of all home directory files to ${username}? [y/N] " wish 136 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 137 | chown -R $username:$username /home/$username 138 | fi 139 | } 140 | 141 | promptInstall 142 | copyBashFiles 143 | copyHosts 144 | copyBanner 145 | changeTimezone 146 | setupSsh 147 | homeFolders 148 | makeScriptsExec 149 | changeShell 150 | reownHome 151 | exit 0 -------------------------------------------------------------------------------- /scripts/redis.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Installs redis from source 4 | ## 5 | 6 | ## Prompt to continue 7 | function promptInstall { 8 | echo -e "\n${blueBgWhiteBold}This script will install Redis from source.${NC}" 9 | read -p 'Do you want to continue [y/N]? ' wish 10 | if ! [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 11 | exit 0 12 | fi 13 | } 14 | 15 | ## Copy tar file, unpack and make 16 | function installRedis { 17 | REDIS_OK=$(/usr/local/bin/redis-server -v 2>&1 | grep "${redisVersion}") 18 | if [[ "" == "$REDIS_OK" ]] ; then 19 | echo -e "${green}Installing Redis to /opt/redis${NC}" 20 | 21 | ## Get the dependencies 22 | PKG_OK=$(dpkg-query -W --showformat='${Status}\n' build-essential|grep "install ok installed") 23 | if [[ "" == "$PKG_OK" ]] ; then 24 | apt-get install build-essential 25 | fi 26 | 27 | ## Get the binaries 28 | wget -P /opt/ http://download.redis.io/releases/redis-${redisVersion}.tar.gz 29 | tar -xzf /opt/redis-${redisVersion}.tar.gz -C /opt 30 | 31 | if [[ -d "/opt/redis" ]] ; then 32 | rm -rf /opt/redis 33 | fi 34 | 35 | mv /opt/redis-$redisVersion /opt/redis 36 | cd /opt/redis 37 | make 38 | 39 | ## Copy binaries over 40 | cp /opt/redis/src/redis-cli /usr/local/bin/ 41 | cp /opt/redis/src/redis-server /usr/local/bin/ 42 | else 43 | echo -e "${yellow}Redis already updated to version ${redisVersion}${NC}" 44 | fi 45 | } 46 | 47 | ## Create directories 48 | function createDirectories { 49 | if ! [[ -d "/etc/redis" ]] ; then 50 | mkdir /etc/redis 51 | fi 52 | if ! [[ -d "/var/redis" ]] ; then 53 | mkdir /var/redis 54 | fi 55 | if ! [[ -d "/var/redis/6379" ]] ; then 56 | mkdir /var/redis/6379 57 | fi 58 | } 59 | 60 | ## Copy the init script 61 | function copyInit { 62 | if [[ -f "$basepath/conf/$profile/redis_6379" ]] ; then 63 | cp $basepath/conf/$profile/redis_6379 /etc/init.d/redis_6379 64 | else 65 | cp $basepath/src/redis/redis_6379 /etc/init.d/redis_6379 66 | fi 67 | 68 | chmod +x /etc/init.d/redis_6379 69 | } 70 | 71 | ## Copy of the config files 72 | function copyConfig { 73 | if [[ -f "$basepath/conf/$profile/redis.conf" ]] ; then 74 | cp $basepath/conf/$profile/redis.conf /etc/redis/6379.conf 75 | else 76 | cp $basepath/src/redis/redis.conf /etc/redis/6379.conf 77 | fi 78 | } 79 | 80 | ## Add redis to startup 81 | function systemStart { 82 | read -p "Do you want to add redis to system startup [y/N]? " wish 83 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 84 | /usr/sbin/update-rc.d -f redis_6379 defaults 85 | fi 86 | } 87 | 88 | ## Start the process if it isn't 89 | function startRestartRedis { 90 | if ! [[ -f "/etc/redis/6379.conf" ]] ; then 91 | echo -e "${redBgWhiteBold}No config file found at /etc/redis/6379.conf! Did you forget to add one to conf/${profile}?${NC}" 92 | echo -e "${yellowBold}Try running './configure.sh ${profile}' again to generate a new redis.conf file.${NC}" 93 | return 94 | fi 95 | if [[ $( pidof redis-server) ]] ; then 96 | read -p "Redis is running, do you want to restart it? [y/N]? " wish 97 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 98 | /etc/init.d/redis_6379 stop 99 | /etc/init.d/redis_6379 start 100 | fi 101 | else 102 | read -p "Do you want to start Redis? [y/N]? " wish 103 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 104 | /etc/init.d/redis_6379 start 105 | fi 106 | fi 107 | } 108 | 109 | promptInstall 110 | installRedis 111 | createDirectories 112 | copyInit 113 | copyConfig 114 | systemStart 115 | startRestartRedis 116 | exit 0 -------------------------------------------------------------------------------- /scripts/ssh.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copy sshd_config and reload SSH 4 | ## 5 | 6 | ## Prompt to continue 7 | function promptInstall { 8 | echo -e "\n${blueBgWhiteBold}This script will create copy sshd_config and reload SSH server.${NC}" 9 | read -p 'Do you want to continue [y/N]? ' wish 10 | if ! [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 11 | exit 0 12 | fi 13 | } 14 | 15 | ## Copy the sshd_config 16 | function copyConfig { 17 | if [[ -f "$basepath/conf/$profile/sshd_config" ]] ; then 18 | echo -e "${green}Copying over sshd_config to /etc/ssh${NC}" 19 | rm /etc/ssh/sshd_config 20 | cp $basepath/conf/$profile/sshd_config /etc/ssh/sshd_config 21 | else 22 | echo -e "${yellow}No sshd_config file found in conf/${profile}.${NC}" 23 | fi 24 | 25 | ## Prompt to reload 26 | if [[ -f "/etc/ssh/sshd_config" ]] ; then 27 | read -p "Do you want to reload SSH? [y/N]? " wish 28 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 29 | /etc/init.d/ssh reload 30 | fi 31 | else 32 | echo -e "${redBgWhiteBold}No config file found at /etc/ssh/sshd_config! Did you forget to add one to conf/${profile}?${NC}" 33 | echo -e "${yellowBold}Try running './configure.sh ${profile}' again to generate a new sshd_config file.${NC}" 34 | fi 35 | } 36 | 37 | ## Ask the user to test the SSH connection 38 | function testConnection { 39 | echo -e "${yellow}If SSH has been reloaded, now would be a good time to re-test the connection!${NC}" 40 | read -p "Press any key to continue" anykey 41 | } 42 | 43 | promptInstall 44 | copyConfig 45 | testConnection 46 | exit 0 -------------------------------------------------------------------------------- /scripts/user.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Creates new user and set up the locale settings 4 | ## 5 | 6 | ## Check if the user already exists. if so, abort. 7 | function checkUser { 8 | egrep "^$username" /etc/passwd >/dev/null 9 | if [[ $? -eq 0 ]] ; then 10 | echo -e "${yellow}Skipping, ${username} already exists${NC}" 11 | exit 0 12 | fi 13 | } 14 | 15 | ## Prompt to continue 16 | function promptInstall { 17 | echo -e "\n${blueBgWhiteBold}This script will create a new user and reset locale settings.${NC}" 18 | read -p 'Do you want to continue [y/N]? ' wish 19 | if ! [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 20 | exit 0 21 | fi 22 | } 23 | 24 | ## Add new user 25 | function addUser { 26 | echo -n "Enter password for new user ${username}: " 27 | read -s password 28 | echo -e "\n${green}Creating new user ${username}${NC}" 29 | pass=$(perl -e 'print crypt($ARGV[0], "password")' $password) 30 | useradd -m -p $pass $username 31 | chown $username /home/$username 32 | chgrp $username /home/$username 33 | 34 | if ! [[ $? -eq 0 ]] ; then 35 | echo -e "${redBold}Failed to add user!${NC}" 36 | fi 37 | 38 | ## Add to sudoers 39 | echo -e "${green}Adding ${username} to sudoers group${NC}" 40 | usermod -a -G sudo $username 41 | } 42 | 43 | ## Set locale (ask first) 44 | function setLocale { 45 | read -p "Do you want to set the system locale [y/N]? " wish 46 | if [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 47 | echo -e "${green}Setting locale for ${username}${NC}" 48 | rm /etc/locale.gen 49 | cp ./src/locale.gen /etc/locale.gen 50 | locale-gen 51 | fi 52 | } 53 | 54 | checkUser 55 | promptInstall 56 | addUser 57 | setLocale 58 | exit 0 -------------------------------------------------------------------------------- /scripts/xtrabackup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Install and configure Percona XtraBackup 4 | ## 5 | 6 | ## Prompt to continue 7 | function promptInstall { 8 | echo -e "\n${blueBgWhiteBold}This script will install Percona XtraBackup.${NC}" 9 | read -p 'Do you want to continue [y/N]? ' wish 10 | if ! [[ "$wish" == "y" || "$wish" == "Y" ]] ; then 11 | exit 0 12 | fi 13 | } 14 | 15 | ## Echo this out to xtrabackup.list if file not found 16 | function addAptSource { 17 | if ! [[ -f "/etc/apt/sources.list.d/xtrabackup.list" ]] ; then 18 | echo -e "${green}Adding XtraBackup source and fetching key${NC}" 19 | echo 'deb http://repo.percona.com/apt wheezy main' > /etc/apt/sources.list.d/xtrabackup.list 20 | echo 'deb-src http://repo.percona.com/apt wheezy main' >> /etc/apt/sources.list.d/xtrabackup.list 21 | apt-key adv --keyserver keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A 22 | apt-get update 23 | else 24 | echo -e "${yellow}Skipping, XtraBackup source set in /etc/apt/sources.list.d/${NC}" 25 | fi 26 | } 27 | 28 | ## Install xtrabackup 29 | function installXtrabackup { 30 | PKG_OK=$(dpkg-query -W --showformat='${Status}\n' xtrabackup|grep "install ok installed") 31 | if [[ "" == "$PKG_OK" ]] ; then 32 | echo -e "${green}Installing XtraBackup from apt${NC}" 33 | apt-get install xtrabackup 34 | else 35 | echo -e "${yellow}XtraBackup already installed${NC}" 36 | fi 37 | } 38 | 39 | promptInstall 40 | addAptSource 41 | installXtrabackup 42 | exit 0 -------------------------------------------------------------------------------- /src/authorized_keys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mikegioia/debian-server/ac44083f1c907657c8775d2a7c43abc6947b7f44/src/authorized_keys -------------------------------------------------------------------------------- /src/banner: -------------------------------------------------------------------------------- 1 | 2 | ,--. 3 | ([ oo] 4 | `- ^\ 5 | _ I`-' 6 | ,o(`-V' Ho Hum... 7 | |( `-H-' Be careful 8 | |(`--A-' where ye tread 9 | |(`-/_\'\ 10 | O `'I ``\\ 11 | (\ I |\, 12 | \\-T-"`, |H 13 | -------------------------------------------------------------------------------- /src/config: -------------------------------------------------------------------------------- 1 | ## Configuration variables 2 | username=trunk 3 | nginxVersion=1.8.0 4 | mongodbVersion=3.0.4 5 | mariadbVersion=10.0.20 6 | opensslVersion=1.0.1p 7 | redisVersion=3.0.3 8 | redisphpVersion=2.2.7 9 | ipv4Public= 10 | ipv4Private= 11 | 12 | ## Software configuration options 13 | ## 14 | ## Format: 15 | ## '--with-ipv6 --with-http_dav_module' 16 | nginxDependencies= 17 | 18 | ## Scripts to run, arrange in order of execution (space separated). 19 | ## These are the names of any script file in ./scripts (don't include 20 | ## the .sh). Add any of them to the scripts array. 21 | ## 22 | ## Format: 23 | ## ('script1' 'script2' ...) 24 | scripts=( 25 | 'user' 26 | 'profile' 27 | 'firewall' 28 | 'ssh' 29 | 'nginx' 30 | ) -------------------------------------------------------------------------------- /src/dotfiles/aliases: -------------------------------------------------------------------------------- 1 | ## General 2 | alias web='cd /var/www/' 3 | alias serverup='sudo /etc/init.d/nginx start' 4 | alias serverdown='sudo /etc/init.d/nginx stop' 5 | alias l='ls -l' 6 | alias la='ls -a' 7 | alias lal='ls -al' 8 | alias lsd='ls -l | grep "^d"' 9 | alias p='ps aux' 10 | alias tf='tail -f' 11 | alias svim='sudo -e' 12 | alias scat='sudo cat' 13 | alias car='cat' # Can't get used to the new air keyboard! (lol) 14 | alias c='clear' 15 | alias cd..='cd ..' 16 | alias cd...='cd ../..' 17 | alias cd....='cd ../../..' 18 | alias d='df -h' 19 | alias big10='du -hsx * | sort -rh | head -10' 20 | alias recall='history | grep' 21 | alias rsync='rsync --progress --stats' 22 | alias colours='for i in {0..255}; do printf "\x1b[38;5;${i}mcolour${i} "; done' 23 | alias pign='ping' # doh! 24 | alias pwgen='pwgen -1 -B' 25 | alias serve_cwd='python -m SimpleHTTPServer' -------------------------------------------------------------------------------- /src/dotfiles/bash_logout: -------------------------------------------------------------------------------- 1 | ## ~/.bash_logout: executed by bash(1) when login shell exits. 2 | 3 | ## when leaving the console clear the screen to increase privacy 4 | if [ "$SHLVL" = 1 ]; then 5 | [ -x /usr/bin/clear_console ] && /usr/bin/clear_console -q 6 | fi 7 | 8 | ## clear the user's history when logging out 9 | history -w 10 | history -c -------------------------------------------------------------------------------- /src/dotfiles/bash_profile: -------------------------------------------------------------------------------- 1 | ## ~/.bash_profile 2 | 3 | if [ -f ~/.bashrc ] ; then 4 | . ~/.bashrc 5 | fi -------------------------------------------------------------------------------- /src/dotfiles/bashrc: -------------------------------------------------------------------------------- 1 | ## ~/.bashrc 2 | 3 | ## if not running interactively, don't do anything 4 | [ -z "$PS1" ] && return 5 | 6 | ## source global bash config file 7 | [ -f /etc/bashrc ] && . /etc/bashrc 8 | 9 | ## define colors 10 | export norm="\[\033[0m\]" 11 | export black="\[\033[0;30m\]" 12 | export dkgray="\[\033[1;30m\]" 13 | export blue="\[\033[0;34m\]" 14 | export lt_blue="\[\033[1;34m\]" 15 | export green="\[\033[0;32m\]" 16 | export lt_green="\[\033[1;32m\]" 17 | export cyan="\[\033[0;36m\]" 18 | export lt_cyan="\[\033[1;36m\]" 19 | export red="\[\033[0;31m\]" 20 | export lt_red="\[\033[1;31m\]" 21 | export purple="\[\033[0;35m\]" 22 | export lt_purple="\[\033[1;35m\]" 23 | export brown="\[\033[0;33m\]" 24 | export yellow="\[\033[1;33m\]" 25 | export lt_gray="\[\033[0;37m\]" 26 | export white="\[\033[1;37m\]" 27 | 28 | ## color manpages? 29 | export LESS_TERMCAP_mb=$'\E[01;31m' 30 | export LESS_TERMCAP_md=$'\E[01;31m' 31 | export LESS_TERMCAP_me=$'\E[0m' 32 | export LESS_TERMCAP_se=$'\E[0m' 33 | export LESS_TERMCAP_so=$'\E[01;44;33m' 34 | export LESS_TERMCAP_ue=$'\E[0m' 35 | export LESS_TERMCAP_us=$'\E[01;32m' 36 | 37 | ## some basic bash stuff 38 | export TERM='xterm-color' 39 | export EDITOR=vim 40 | export HISTCONTROL=$HISTCONTROL${HISTCONTROL+,}ignoredups 41 | export HISTCONTROL=ignoreboth 42 | export HISTTIMEFORMAT='%Y-%m-%d %H:%M:%S ' 43 | export HISTFILESIZE=10000 44 | export HISTSIZE=10000 45 | export GREP_OPTIONS="--color=auto" 46 | export OS=`uname -s` 47 | export UNISONLOCALHOSTNAME=`hostname -s` 48 | 49 | ## locales 50 | export LANG=en_US.UTF-8 51 | export LC_MESSAGES="C" 52 | 53 | ## enable color support of ls and also add handy aliases 54 | [ -x /usr/bin/dircolors ] && eval "`dircolors -b`" 55 | 56 | ## set standard PATH 57 | PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin:$HOME/bin 58 | 59 | ## append to the history file, don't overwrite it 60 | shopt -s histappend 61 | 62 | ## check the window size after each command and, if necessary, update the values 63 | ## of LINES and COLUMNS 64 | shopt -s checkwinsize 65 | 66 | ## correct minor spelling errors in 'cd' commands. 67 | shopt -s cdspell 68 | 69 | ## don't try to find all the command possibilities when hitting TAB on an empty line. 70 | shopt -s no_empty_cmd_completion 71 | 72 | ## make less more friendly for non-text input files, see lesspipe(1) 73 | [ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" 74 | 75 | ## home directory bin? 76 | [ -d ~/bin ] && PATH=$PATH:~/bin 77 | 78 | ## /opt/local/{bin,sbin}? 79 | [ -d /opt/local/bin ] && PATH=$PATH:/opt/local/bin:/opt/local/sbin 80 | 81 | ## load linux config 82 | [ -f ~/.bash/linux ] && . ~/.bash/linux 83 | 84 | ## import aliases 85 | [ -f ~/.bash/aliases ] && . ~/.bash/aliases 86 | 87 | ## any private settings? 88 | [ -f ~/.bash/private ] && . ~/.bash/private 89 | 90 | ## import functions 91 | [ -f ~/.bash/functions ] && . ~/.bash/functions 92 | 93 | ## set badass prompt 94 | HOSTCOLOUR=${hostname_color} 95 | 96 | PROMPT_COMMAND='if [ $? -ne 0 ]; then ERROR_FLAG=1; else ERROR_FLAG=; fi; ' 97 | PS1=${lt_blue}'\u'${norm}'@'${HOSTCOLOUR}'\h '${norm}'['${green}'\@'${norm}'] '${yellow}'\w\n'${norm}'${ERROR_FLAG:+'${lt_red}'}\$${ERROR_FLAG:+'${norm}'} ' 98 | 99 | ## enable command/file completion with sudo 100 | complete -f -c sudo 101 | 102 | ## export important envirnoment variables 103 | export TERM PATH PROMPT_COMMAND PROMPT_TIME PS1 -------------------------------------------------------------------------------- /src/dotfiles/functions: -------------------------------------------------------------------------------- 1 | ## utility 2 | calc() { perl -wlne 'print eval'; } 3 | function lt() { ls -ltrsa "$@" | tail; } 4 | function psgrep() { ps axuf | grep -v grep | grep "$@" -i --color=auto; } 5 | function fname() { find . -iname "*$@*"; } 6 | function usergroups() { grep ^$@ /etc/group | grep -o '[^:]*$' | tr ',' '\n'; } 7 | 8 | ## see what HTTP server a website uses 9 | what_http_server() { 10 | curl -s -I $(for h in "$@"; do printf "http://%s " "$h"; done) | awk -F': ' '/^Server:/ {print $2}'; 11 | } 12 | 13 | ## usage: days_in_month [month [year]] 14 | days_in_month() { 15 | if [ -n "$1" ] 16 | then 17 | dim_m=$1 18 | dim_y=$2 19 | else 20 | eval `date "+dim_m=%m dim_y=%Y"` 21 | fi 22 | 23 | case $dim_m in 24 | *9|*4|*6|11) 25 | _DAYS_IN_MONTH=30 ;; 26 | 1|01|3|03|*5|*7|*8|10|12) 27 | _DAYS_IN_MONTH=31 ;; 28 | 2|02) 29 | is_leap_year ${dim_y:-`date +%Y`} && 30 | _DAYS_IN_MONTH=29 || 31 | _DAYS_IN_MONTH=28 ;; 32 | esac 33 | echo $_DAYS_IN_MONTH 34 | } 35 | 36 | ## usage: is_leap_year [year] 37 | is_leap_year() { 38 | ily_year=${1:-`date +%Y`} 39 | case $ily_year in 40 | *0[48] |\ 41 | *[2468][048] |\ 42 | *[13579][26] |\ 43 | *[13579][26]0|\ 44 | *[2468][048]00 |\ 45 | *[13579][26]00 ) _IS_LEAP_YEAR=1 46 | return 0 ;; 47 | *) _IS_LEAP_YEAR=0 48 | return 1 ;; 49 | esac 50 | } 51 | 52 | ## search man pages 53 | ## usage: sman command search_term 54 | sman() { 55 | PAGER=less 56 | export PAGER 57 | LESS="$LESS${2:+ +/$2}" man $1 58 | } 59 | 60 | ## files modified today 61 | today() { 62 | TODAY=`date +'%d-%m-%Y'` 63 | ls -l "$@" | grep "$TODAY" | more 64 | } 65 | 66 | lnp() { 67 | network=`ifconfig eth0 | grep "inet " | cut -f2 -d':' | cut -f1-3 -d.` 68 | ping -c 2 ${network}.${1} 69 | } 70 | 71 | ## handy extract program 72 | extract() { 73 | if [ -f $1 ] ; then 74 | case $1 in 75 | *.tar.bz2) tar xvjf $1 ;; 76 | *.tar.gz) tar xvzf $1 ;; 77 | *.bz2) bunzip2 $1 ;; 78 | *.rar) unrar x $1 ;; 79 | *.gz) gunzip $1 ;; 80 | *.tar) tar xvf $1 ;; 81 | *.tbz2) tar xvjf $1 ;; 82 | *.tgz) tar xvzf $1 ;; 83 | *.zip) unzip $1 ;; 84 | *.Z) uncompress $1 ;; 85 | *.7z) 7z x $1 ;; 86 | *) echo "'$1' cannot be extracted via >extract<" ;; 87 | esac 88 | else 89 | echo "'$1' is not a valid file" 90 | fi 91 | } 92 | 93 | ## bash clock that can run in your terminal window 94 | clock() { 95 | while true;do 96 | clear; 97 | echo ===============; 98 | date +%r; 99 | echo ===============; 100 | sleep 1; 101 | done 102 | } -------------------------------------------------------------------------------- /src/dotfiles/inputrc: -------------------------------------------------------------------------------- 1 | ## ~/.inputrc 2 | 3 | set meta-flag on 4 | set input-meta on 5 | set convert-meta off 6 | set output-meta on 7 | 8 | ## fix backspace/end etc. on FreeBSD 9 | "\e[1~": beginning-of-line 10 | "\e[4~": end-of-line 11 | "\e[5~": beginning-of-history 12 | "\e[6~": end-of-history 13 | "\e[3~": delete-char 14 | "\e[2~": quoted-insert 15 | "\e[5C": forward-word 16 | "\e[5D": backward-word 17 | 18 | "\e[A": history-search-backward 19 | "\e[B": history-search-forward 20 | "\e[C": forward-char 21 | "\e[D": backward-char -------------------------------------------------------------------------------- /src/dotfiles/linux: -------------------------------------------------------------------------------- 1 | ## linux config 2 | 3 | ## Set 256 colour terminal for Ubuntu / Redhat 4 | if [ -e /lib/terminfo/x/xterm-256color ] || [ -e /usr/share/terminfo/x/xterm-256-color ]; then 5 | TERM='xterm-256color' 6 | fi 7 | 8 | ## Aliases 9 | alias ls='ls --color=auto' 10 | alias grep='grep --color=auto' 11 | alias fgrep='fgrep --color=auto' 12 | alias egrep='egrep --color=auto' 13 | alias arpscan='sudo arp-scan -I wlan0 -l' 14 | alias serial='screen /dev/ttyUSB0 9600' # Serial console 15 | 16 | if [ -f /etc/debian_version ]; then 17 | alias tl='tail -f /var/log/syslog' 18 | alias ml='tail -n 30 -f /var/log/mail.log' 19 | else 20 | alias tl='tail -f /var/log/messages' 21 | alias ml='tail -n 30 -f /var/log/maillog' 22 | fi -------------------------------------------------------------------------------- /src/dotfiles/private: -------------------------------------------------------------------------------- 1 | ## color of hostname in terminal. list of available colors in .bashrc 2 | hostname_color=${lt_purple} 3 | 4 | ## add any private settings below -------------------------------------------------------------------------------- /src/fail2ban/jail.local: -------------------------------------------------------------------------------- 1 | [ssh] 2 | 3 | enabled = true 4 | port = 30000 5 | filter = sshd 6 | logpath = /var/log/auth.log 7 | maxretry = 6 -------------------------------------------------------------------------------- /src/fail2ban/nginx-dos.conf: -------------------------------------------------------------------------------- 1 | ## Fail2Ban configuration file 2 | ## nginx DOS 3 | ## Author: Yannick Warnir 4 | 5 | [Definition] 6 | ## Option: failregex 7 | ## Notes.: Regexp to catch a generic call from an IP address. 8 | ## Values: TEXT 9 | failregex = ^ -.*"(GET|POST).*HTTP.*"$ 10 | 11 | ## Option: ignoreregex 12 | ## Notes.: regex to ignore. If this regex matches, the line is ignored. 13 | ## Values: TEXT 14 | ignoreregex = -------------------------------------------------------------------------------- /src/firewall/firewall.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Located in /etc/firewall.sh 4 | # Pre-up script located in /etc/network/if-pre-up.d/firewall 5 | ## 6 | 7 | ## Flush any existing iptable rules and start afresh 8 | iptables -F INPUT 9 | iptables -F OUTPUT 10 | iptables -F FORWARD 11 | iptables -F POSTROUTING -t nat 12 | iptables -F PREROUTING -t nat 13 | 14 | ## Allow outgoing traffic and disallow any passthroughs 15 | iptables -P INPUT DROP 16 | iptables -P OUTPUT ACCEPT 17 | iptables -P FORWARD DROP 18 | 19 | ## Allow traffic already established to continue 20 | iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 21 | 22 | ## Allow ssh on port 30000 23 | iptables -A INPUT -p tcp --dport 30000 -j ACCEPT 24 | 25 | ## Allow web ports 26 | iptables -A INPUT -p tcp --dport 80 -j ACCEPT 27 | iptables -A INPUT -p tcp --dport 443 -j ACCEPT 28 | 29 | ## Allow local loopback services 30 | iptables -A INPUT -i lo -j ACCEPT 31 | 32 | ## Allow pings 33 | iptables -A INPUT -p icmp -j ACCEPT 34 | iptables -I INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT 35 | iptables -I INPUT -p icmp --icmp-type source-quench -j ACCEPT 36 | iptables -I INPUT -p icmp --icmp-type time-exceeded -j ACCEPT 37 | 38 | ## Anti-spoofing rules 39 | iptables -A INPUT -s 200.200.200.200 -i eth0 -j DROP 40 | iptables -A INPUT -s 192.168.0.0/24 -i eth0 -j DROP 41 | iptables -A INPUT -s 127.0.0.0/8 -i eth0 -j DROP -------------------------------------------------------------------------------- /src/firewall/firewall_preup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Load iptables rules before interfaces are brought online 4 | # This ensures that we are always protected by the firewall 5 | ## 6 | 7 | if [[ -f "/etc/firewall.sh" ]] ; then 8 | sh /etc/firewall.sh 9 | fi -------------------------------------------------------------------------------- /src/hosts: -------------------------------------------------------------------------------- 1 | 127.0.0.1 localhost localhost.localdomain 2 | -------------------------------------------------------------------------------- /src/inc/colors: -------------------------------------------------------------------------------- 1 | ## Normal colors 2 | black='\e[0;30m' 3 | red='\e[0;31m' 4 | green='\e[0;32m' 5 | yellow='\e[0;33m' 6 | blue='\e[0;34m' 7 | magenta='\e[0;35m' 8 | cyan='\e[0;36m' 9 | white='\e[0;37m' 10 | 11 | ## Notification colors 12 | redBgWhite='\e[0;41m' 13 | redBgWhiteBold='\e[1;41m' 14 | blueBgWhite='\e[0;44m' 15 | blueBgWhiteBold='\e[1;44m' 16 | greenBgWhite='\e[0;42m' 17 | greenBgWhiteBold='\e[1;42m' 18 | 19 | ## Bold colors 20 | blackBold='\e[1;30m' 21 | redBold='\e[1;31m' 22 | greenBold='\e[1;32m' 23 | yellowBold='\e[1;33m' 24 | blueBold='\e[1;34m' 25 | magentaBold='\e[1;35m' 26 | cyanBold='\e[1;36m' 27 | whiteBold='\e[1;37m' 28 | 29 | ## No color 30 | NC='\e[0m' -------------------------------------------------------------------------------- /src/locale.gen: -------------------------------------------------------------------------------- 1 | # This file lists locales that you wish to have built. You can find a list 2 | # of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add 3 | # user defined locales to /usr/local/share/i18n/SUPPORTED. If you change 4 | # this file, you need to rerun locale-gen. 5 | 6 | 7 | # aa_DJ ISO-8859-1 8 | # aa_DJ.UTF-8 UTF-8 9 | # aa_ER UTF-8 10 | # aa_ER@saaho UTF-8 11 | # aa_ET UTF-8 12 | # af_ZA ISO-8859-1 13 | # af_ZA.UTF-8 UTF-8 14 | # am_ET UTF-8 15 | # an_ES ISO-8859-15 16 | # an_ES.UTF-8 UTF-8 17 | # ar_AE ISO-8859-6 18 | # ar_AE.UTF-8 UTF-8 19 | # ar_BH ISO-8859-6 20 | # ar_BH.UTF-8 UTF-8 21 | # ar_DZ ISO-8859-6 22 | # ar_DZ.UTF-8 UTF-8 23 | # ar_EG ISO-8859-6 24 | # ar_EG.UTF-8 UTF-8 25 | # ar_IN UTF-8 26 | # ar_IQ ISO-8859-6 27 | # ar_IQ.UTF-8 UTF-8 28 | # ar_JO ISO-8859-6 29 | # ar_JO.UTF-8 UTF-8 30 | # ar_KW ISO-8859-6 31 | # ar_KW.UTF-8 UTF-8 32 | # ar_LB ISO-8859-6 33 | # ar_LB.UTF-8 UTF-8 34 | # ar_LY ISO-8859-6 35 | # ar_LY.UTF-8 UTF-8 36 | # ar_MA ISO-8859-6 37 | # ar_MA.UTF-8 UTF-8 38 | # ar_OM ISO-8859-6 39 | # ar_OM.UTF-8 UTF-8 40 | # ar_QA ISO-8859-6 41 | # ar_QA.UTF-8 UTF-8 42 | # ar_SA ISO-8859-6 43 | # ar_SA.UTF-8 UTF-8 44 | # ar_SD ISO-8859-6 45 | # ar_SD.UTF-8 UTF-8 46 | # ar_SY ISO-8859-6 47 | # ar_SY.UTF-8 UTF-8 48 | # ar_TN ISO-8859-6 49 | # ar_TN.UTF-8 UTF-8 50 | # ar_YE ISO-8859-6 51 | # ar_YE.UTF-8 UTF-8 52 | # as_IN.UTF-8 UTF-8 53 | # ast_ES ISO-8859-15 54 | # ast_ES.UTF-8 UTF-8 55 | # az_AZ.UTF-8 UTF-8 56 | # be_BY CP1251 57 | # be_BY.UTF-8 UTF-8 58 | # be_BY@latin UTF-8 59 | # ber_DZ UTF-8 60 | # ber_MA UTF-8 61 | # bg_BG CP1251 62 | # bg_BG.UTF-8 UTF-8 63 | # bn_BD UTF-8 64 | # bn_IN UTF-8 65 | # bo_CN UTF-8 66 | # bo_IN UTF-8 67 | # br_FR ISO-8859-1 68 | # br_FR.UTF-8 UTF-8 69 | # br_FR@euro ISO-8859-15 70 | # bs_BA ISO-8859-2 71 | # bs_BA.UTF-8 UTF-8 72 | # byn_ER UTF-8 73 | # ca_AD ISO-8859-15 74 | # ca_AD.UTF-8 UTF-8 75 | # ca_ES ISO-8859-1 76 | # ca_ES.UTF-8 UTF-8 77 | # ca_ES.UTF-8@valencia UTF-8 78 | # ca_ES@euro ISO-8859-15 79 | # ca_ES@valencia ISO-8859-15 80 | # ca_FR ISO-8859-15 81 | # ca_FR.UTF-8 UTF-8 82 | # ca_IT ISO-8859-15 83 | # ca_IT.UTF-8 UTF-8 84 | # crh_UA UTF-8 85 | # cs_CZ ISO-8859-2 86 | # cs_CZ.UTF-8 UTF-8 87 | # csb_PL UTF-8 88 | # cy_GB ISO-8859-14 89 | # cy_GB.UTF-8 UTF-8 90 | # da_DK ISO-8859-1 91 | # da_DK.UTF-8 UTF-8 92 | # de_AT ISO-8859-1 93 | # de_AT.UTF-8 UTF-8 94 | # de_AT@euro ISO-8859-15 95 | # de_BE ISO-8859-1 96 | # de_BE.UTF-8 UTF-8 97 | # de_BE@euro ISO-8859-15 98 | # de_CH ISO-8859-1 99 | # de_CH.UTF-8 UTF-8 100 | # de_DE ISO-8859-1 101 | # de_DE.UTF-8 UTF-8 102 | # de_DE@euro ISO-8859-15 103 | # de_LI.UTF-8 UTF-8 104 | # de_LU ISO-8859-1 105 | # de_LU.UTF-8 UTF-8 106 | # de_LU@euro ISO-8859-15 107 | # dv_MV UTF-8 108 | # dz_BT UTF-8 109 | # el_CY ISO-8859-7 110 | # el_CY.UTF-8 UTF-8 111 | # el_GR ISO-8859-7 112 | # el_GR.UTF-8 UTF-8 113 | # en_AG UTF-8 114 | # en_AU ISO-8859-1 115 | # en_AU.UTF-8 UTF-8 116 | # en_BW ISO-8859-1 117 | # en_BW.UTF-8 UTF-8 118 | # en_CA ISO-8859-1 119 | # en_CA.UTF-8 UTF-8 120 | # en_DK ISO-8859-1 121 | # en_DK.ISO-8859-15 ISO-8859-15 122 | # en_DK.UTF-8 UTF-8 123 | # en_GB ISO-8859-1 124 | # en_GB.ISO-8859-15 ISO-8859-15 125 | # en_GB.UTF-8 UTF-8 126 | # en_HK ISO-8859-1 127 | # en_HK.UTF-8 UTF-8 128 | # en_IE ISO-8859-1 129 | # en_IE.UTF-8 UTF-8 130 | # en_IE@euro ISO-8859-15 131 | # en_IN UTF-8 132 | # en_NG UTF-8 133 | # en_NZ ISO-8859-1 134 | # en_NZ.UTF-8 UTF-8 135 | # en_PH ISO-8859-1 136 | # en_PH.UTF-8 UTF-8 137 | # en_SG ISO-8859-1 138 | # en_SG.UTF-8 UTF-8 139 | # en_US ISO-8859-1 140 | # en_US.ISO-8859-15 ISO-8859-15 141 | en_US.UTF-8 UTF-8 142 | # en_ZA ISO-8859-1 143 | # en_ZA.UTF-8 UTF-8 144 | # en_ZW ISO-8859-1 145 | # en_ZW.UTF-8 UTF-8 146 | # eo ISO-8859-3 147 | # eo.UTF-8 UTF-8 148 | # es_AR ISO-8859-1 149 | # es_AR.UTF-8 UTF-8 150 | # es_BO ISO-8859-1 151 | # es_BO.UTF-8 UTF-8 152 | # es_CL ISO-8859-1 153 | # es_CL.UTF-8 UTF-8 154 | # es_CO ISO-8859-1 155 | # es_CO.UTF-8 UTF-8 156 | # es_CR ISO-8859-1 157 | # es_CR.UTF-8 UTF-8 158 | # es_DO ISO-8859-1 159 | # es_DO.UTF-8 UTF-8 160 | # es_EC ISO-8859-1 161 | # es_EC.UTF-8 UTF-8 162 | # es_ES ISO-8859-1 163 | # es_ES.UTF-8 UTF-8 164 | # es_ES@euro ISO-8859-15 165 | # es_GT ISO-8859-1 166 | # es_GT.UTF-8 UTF-8 167 | # es_HN ISO-8859-1 168 | # es_HN.UTF-8 UTF-8 169 | # es_MX ISO-8859-1 170 | # es_MX.UTF-8 UTF-8 171 | # es_NI ISO-8859-1 172 | # es_NI.UTF-8 UTF-8 173 | # es_PA ISO-8859-1 174 | # es_PA.UTF-8 UTF-8 175 | # es_PE ISO-8859-1 176 | # es_PE.UTF-8 UTF-8 177 | # es_PR ISO-8859-1 178 | # es_PR.UTF-8 UTF-8 179 | # es_PY ISO-8859-1 180 | # es_PY.UTF-8 UTF-8 181 | # es_SV ISO-8859-1 182 | # es_SV.UTF-8 UTF-8 183 | # es_US ISO-8859-1 184 | # es_US.UTF-8 UTF-8 185 | # es_UY ISO-8859-1 186 | # es_UY.UTF-8 UTF-8 187 | # es_VE ISO-8859-1 188 | # es_VE.UTF-8 UTF-8 189 | # et_EE ISO-8859-1 190 | # et_EE.ISO-8859-15 ISO-8859-15 191 | # et_EE.UTF-8 UTF-8 192 | # eu_ES ISO-8859-1 193 | # eu_ES.UTF-8 UTF-8 194 | # eu_ES@euro ISO-8859-15 195 | # eu_FR ISO-8859-1 196 | # eu_FR.UTF-8 UTF-8 197 | # eu_FR@euro ISO-8859-15 198 | # fa_IR UTF-8 199 | # fi_FI ISO-8859-1 200 | # fi_FI.UTF-8 UTF-8 201 | # fi_FI@euro ISO-8859-15 202 | # fil_PH UTF-8 203 | # fo_FO ISO-8859-1 204 | # fo_FO.UTF-8 UTF-8 205 | # fr_BE ISO-8859-1 206 | # fr_BE.UTF-8 UTF-8 207 | # fr_BE@euro ISO-8859-15 208 | # fr_CA ISO-8859-1 209 | # fr_CA.UTF-8 UTF-8 210 | # fr_CH ISO-8859-1 211 | # fr_CH.UTF-8 UTF-8 212 | # fr_FR ISO-8859-1 213 | # fr_FR.UTF-8 UTF-8 214 | # fr_FR@euro ISO-8859-15 215 | # fr_LU ISO-8859-1 216 | # fr_LU.UTF-8 UTF-8 217 | # fr_LU@euro ISO-8859-15 218 | # fur_IT UTF-8 219 | # fy_DE UTF-8 220 | # fy_NL UTF-8 221 | # ga_IE ISO-8859-1 222 | # ga_IE.UTF-8 UTF-8 223 | # ga_IE@euro ISO-8859-15 224 | # gd_GB ISO-8859-15 225 | # gd_GB.UTF-8 UTF-8 226 | # gez_ER UTF-8 227 | # gez_ER@abegede UTF-8 228 | # gez_ET UTF-8 229 | # gez_ET@abegede UTF-8 230 | # gl_ES ISO-8859-1 231 | # gl_ES.UTF-8 UTF-8 232 | # gl_ES@euro ISO-8859-15 233 | # gu_IN UTF-8 234 | # gv_GB ISO-8859-1 235 | # gv_GB.UTF-8 UTF-8 236 | # ha_NG UTF-8 237 | # he_IL ISO-8859-8 238 | # he_IL.UTF-8 UTF-8 239 | # hi_IN UTF-8 240 | # hne_IN UTF-8 241 | # hr_HR ISO-8859-2 242 | # hr_HR.UTF-8 UTF-8 243 | # hsb_DE ISO-8859-2 244 | # hsb_DE.UTF-8 UTF-8 245 | # ht_HT UTF-8 246 | # hu_HU ISO-8859-2 247 | # hu_HU.UTF-8 UTF-8 248 | # hy_AM UTF-8 249 | # hy_AM.ARMSCII-8 ARMSCII-8 250 | # ia UTF-8 251 | # id_ID ISO-8859-1 252 | # id_ID.UTF-8 UTF-8 253 | # ig_NG UTF-8 254 | # ik_CA UTF-8 255 | # is_IS ISO-8859-1 256 | # is_IS.UTF-8 UTF-8 257 | # it_CH ISO-8859-1 258 | # it_CH.UTF-8 UTF-8 259 | # it_IT ISO-8859-1 260 | # it_IT.UTF-8 UTF-8 261 | # it_IT@euro ISO-8859-15 262 | # iu_CA UTF-8 263 | # iw_IL ISO-8859-8 264 | # iw_IL.UTF-8 UTF-8 265 | # ja_JP.EUC-JP EUC-JP 266 | # ja_JP.UTF-8 UTF-8 267 | # ka_GE GEORGIAN-PS 268 | # ka_GE.UTF-8 UTF-8 269 | # kk_KZ PT154 270 | # kk_KZ RK1048 271 | # kk_KZ.UTF-8 UTF-8 272 | # kl_GL ISO-8859-1 273 | # kl_GL.UTF-8 UTF-8 274 | # km_KH UTF-8 275 | # kn_IN UTF-8 276 | # ko_KR.EUC-KR EUC-KR 277 | # ko_KR.UTF-8 UTF-8 278 | # ks_IN UTF-8 279 | # ks_IN@devanagari UTF-8 280 | # ku_TR ISO-8859-9 281 | # ku_TR.UTF-8 UTF-8 282 | # kw_GB ISO-8859-1 283 | # kw_GB.UTF-8 UTF-8 284 | # ky_KG UTF-8 285 | # lg_UG ISO-8859-10 286 | # lg_UG.UTF-8 UTF-8 287 | # li_BE UTF-8 288 | # li_NL UTF-8 289 | # lo_LA UTF-8 290 | # lt_LT ISO-8859-13 291 | # lt_LT.UTF-8 UTF-8 292 | # lv_LV ISO-8859-13 293 | # lv_LV.UTF-8 UTF-8 294 | # mai_IN UTF-8 295 | # mg_MG ISO-8859-15 296 | # mg_MG.UTF-8 UTF-8 297 | # mi_NZ ISO-8859-13 298 | # mi_NZ.UTF-8 UTF-8 299 | # mk_MK ISO-8859-5 300 | # mk_MK.UTF-8 UTF-8 301 | # ml_IN UTF-8 302 | # mn_MN UTF-8 303 | # mr_IN UTF-8 304 | # ms_MY ISO-8859-1 305 | # ms_MY.UTF-8 UTF-8 306 | # mt_MT ISO-8859-3 307 | # mt_MT.UTF-8 UTF-8 308 | # my_MM UTF-8 309 | # nan_TW@latin UTF-8 310 | # nb_NO ISO-8859-1 311 | # nb_NO.UTF-8 UTF-8 312 | # nds_DE UTF-8 313 | # nds_NL UTF-8 314 | # ne_NP UTF-8 315 | # nl_AW UTF-8 316 | # nl_BE ISO-8859-1 317 | # nl_BE.UTF-8 UTF-8 318 | # nl_BE@euro ISO-8859-15 319 | # nl_NL ISO-8859-1 320 | # nl_NL.UTF-8 UTF-8 321 | # nl_NL@euro ISO-8859-15 322 | # nn_NO ISO-8859-1 323 | # nn_NO.UTF-8 UTF-8 324 | # nr_ZA UTF-8 325 | # nso_ZA UTF-8 326 | # oc_FR ISO-8859-1 327 | # oc_FR.UTF-8 UTF-8 328 | # om_ET UTF-8 329 | # om_KE ISO-8859-1 330 | # om_KE.UTF-8 UTF-8 331 | # or_IN UTF-8 332 | # pa_IN UTF-8 333 | # pa_PK UTF-8 334 | # pap_AN UTF-8 335 | # pl_PL ISO-8859-2 336 | # pl_PL.UTF-8 UTF-8 337 | # ps_AF UTF-8 338 | # pt_BR ISO-8859-1 339 | # pt_BR.UTF-8 UTF-8 340 | # pt_PT ISO-8859-1 341 | # pt_PT.UTF-8 UTF-8 342 | # pt_PT@euro ISO-8859-15 343 | # ro_RO ISO-8859-2 344 | # ro_RO.UTF-8 UTF-8 345 | # ru_RU ISO-8859-5 346 | # ru_RU.CP1251 CP1251 347 | # ru_RU.KOI8-R KOI8-R 348 | # ru_RU.UTF-8 UTF-8 349 | # ru_UA KOI8-U 350 | # ru_UA.UTF-8 UTF-8 351 | # rw_RW UTF-8 352 | # sa_IN UTF-8 353 | # sc_IT UTF-8 354 | # sd_IN UTF-8 355 | # sd_IN@devanagari UTF-8 356 | # se_NO UTF-8 357 | # shs_CA UTF-8 358 | # si_LK UTF-8 359 | # sid_ET UTF-8 360 | # sk_SK ISO-8859-2 361 | # sk_SK.UTF-8 UTF-8 362 | # sl_SI ISO-8859-2 363 | # sl_SI.UTF-8 UTF-8 364 | # so_DJ ISO-8859-1 365 | # so_DJ.UTF-8 UTF-8 366 | # so_ET UTF-8 367 | # so_KE ISO-8859-1 368 | # so_KE.UTF-8 UTF-8 369 | # so_SO ISO-8859-1 370 | # so_SO.UTF-8 UTF-8 371 | # sq_AL ISO-8859-1 372 | # sq_AL.UTF-8 UTF-8 373 | # sr_ME UTF-8 374 | # sr_RS UTF-8 375 | # sr_RS@latin UTF-8 376 | # ss_ZA UTF-8 377 | # st_ZA ISO-8859-1 378 | # st_ZA.UTF-8 UTF-8 379 | # sv_FI ISO-8859-1 380 | # sv_FI.UTF-8 UTF-8 381 | # sv_FI@euro ISO-8859-15 382 | # sv_SE ISO-8859-1 383 | # sv_SE.ISO-8859-15 ISO-8859-15 384 | # sv_SE.UTF-8 UTF-8 385 | # ta_IN UTF-8 386 | # te_IN UTF-8 387 | # tg_TJ KOI8-T 388 | # tg_TJ.UTF-8 UTF-8 389 | # th_TH TIS-620 390 | # th_TH.UTF-8 UTF-8 391 | # ti_ER UTF-8 392 | # ti_ET UTF-8 393 | # tig_ER UTF-8 394 | # tk_TM UTF-8 395 | # tl_PH ISO-8859-1 396 | # tl_PH.UTF-8 UTF-8 397 | # tn_ZA UTF-8 398 | # tr_CY ISO-8859-9 399 | # tr_CY.UTF-8 UTF-8 400 | # tr_TR ISO-8859-9 401 | # tr_TR.UTF-8 UTF-8 402 | # ts_ZA UTF-8 403 | # tt_RU.UTF-8 UTF-8 404 | # tt_RU@iqtelif.UTF-8 UTF-8 405 | # ug_CN UTF-8 406 | # uk_UA KOI8-U 407 | # uk_UA.UTF-8 UTF-8 408 | # ur_PK UTF-8 409 | # uz_UZ ISO-8859-1 410 | # uz_UZ.UTF-8 UTF-8 411 | # uz_UZ@cyrillic UTF-8 412 | # ve_ZA UTF-8 413 | # vi_VN UTF-8 414 | # vi_VN.TCVN TCVN5712-1 415 | # wa_BE ISO-8859-1 416 | # wa_BE.UTF-8 UTF-8 417 | # wa_BE@euro ISO-8859-15 418 | # wo_SN UTF-8 419 | # xh_ZA ISO-8859-1 420 | # xh_ZA.UTF-8 UTF-8 421 | # yi_US CP1255 422 | # yi_US.UTF-8 UTF-8 423 | # yo_NG UTF-8 424 | # zh_CN GB2312 425 | # zh_CN.GB18030 GB18030 426 | # zh_CN.GBK GBK 427 | # zh_CN.UTF-8 UTF-8 428 | # zh_HK BIG5-HKSCS 429 | # zh_HK.UTF-8 UTF-8 430 | # zh_SG GB2312 431 | # zh_SG.GBK GBK 432 | # zh_SG.UTF-8 UTF-8 433 | # zh_TW BIG5 434 | # zh_TW.EUC-TW EUC-TW 435 | # zh_TW.UTF-8 UTF-8 436 | # zu_ZA ISO-8859-1 437 | # zu_ZA.UTF-8 UTF-8 -------------------------------------------------------------------------------- /src/mongodb/mongodb.conf: -------------------------------------------------------------------------------- 1 | systemLog: 2 | destination: file 3 | path: "/var/log/mongodb/mongodb.log" 4 | logAppend: true 5 | storage: 6 | journal: 7 | enabled: true 8 | dbPath: "/data/mongodb" 9 | processManagement: 10 | fork: true 11 | net: 12 | bindIp: 127.0.0.1 13 | port: 27017 14 | -------------------------------------------------------------------------------- /src/mongodb/mongodb_init: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ### BEGIN INIT INFO 4 | # Provides: mongodb 5 | # Required-Start: 6 | # Required-Stop: 7 | # Default-Start: 2 3 4 5 8 | # Default-Stop: 0 1 6 9 | # Short-Description: mongodb 10 | # Description: mongo db server 11 | ### END INIT INFO 12 | 13 | . /lib/lsb/init-functions 14 | 15 | PROGRAM="/opt/mongodb/bin/mongod" 16 | CONFIGFILE="/etc/mongodb.conf" 17 | DBPATH="/data/mongodb" 18 | LOCKFILE="$DBPATH/mongod.lock" 19 | DAEMONUSER="mongod" 20 | 21 | test -x $PROGRAM || exit 0 22 | 23 | start () { 24 | log_begin_msg "Starting MongoDB server" 25 | start-stop-daemon --background --start --quiet \ 26 | --chuid $DAEMONUSER:$DAEMONUSER \ 27 | --exec $PROGRAM -- --config $CONFIGFILE 28 | errcode=$? 29 | log_end_msg $errcode 30 | return $errcode 31 | } 32 | 33 | stop () { 34 | if [ -z $( pidof mongod) ] ; then 35 | log_warning_msg "MongoDB not running, nothing to stop" 36 | else 37 | log_begin_msg "Stopping MongoDB server" 38 | start-stop-daemon --stop --quiet --exec $PROGRAM 39 | errcode=$? 40 | [ $errcode -eq 0 ] && rm -f $LOCKFILE 41 | log_end_msg $errcode 42 | return $errcode 43 | fi 44 | } 45 | 46 | status () { 47 | status_of_proc $PROGRAM 48 | } 49 | 50 | case "$1" in 51 | start) 52 | start 53 | ;; 54 | stop) 55 | stop 56 | ;; 57 | restart) 58 | stop 59 | start 60 | ;; 61 | status) 62 | status 63 | ;; 64 | *) 65 | log_success_msg "Usage: /etc/init.d/mongodb {start|stop|restart|status}" 66 | exit 1 67 | esac 68 | 69 | exit 0 -------------------------------------------------------------------------------- /src/monit/monitrc: -------------------------------------------------------------------------------- 1 | ## Monit control file 2 | 3 | ## Poll at 2-minute intervals. Monit will wakeup every two minute to 4 | ## monitor things. Time must be given in seconds. 5 | set daemon 120 6 | 7 | ## Set syslog logging and other file locations 8 | set logfile syslog facility log_daemon 9 | set statefile /var/lib/monit/state 10 | set pidfile /var/run/monit.pid 11 | set idfile /var/lib/monit/id 12 | 13 | ## Set up monit to connect to the host. 10000 slots is about 1MB. 14 | ## This is optional and you will need to change the username, 15 | ## password, and hostname 16 | #set eventqueue basedir /var/monit slots 10000 17 | #set mmonit http://monit:monit@[HOST]:40000/collector 18 | #set httpd port 2812 19 | # #ssl enable 20 | # #pemfile /opt/monit/ssl/monit.pem 21 | # #allowselfcertification 22 | # allow localhost 23 | # allow [HOST] 24 | # allow monit:monit 25 | 26 | ## Check general system resources such as load average, cpu and memory 27 | ## usage. each test specifies a resource, conditions and the action to be 28 | ## performed should a test fail. 29 | ## Make sure to update [HOSTNAME] with the name of the machine. 30 | #check system [HOSTNAME] 31 | # if loadavg (1min) > 4 then alert 32 | # if loadavg (5min) > 2 then alert 33 | # if memory usage > 75% then alert 34 | # if swap usage > 25% then alert 35 | # if cpu usage (user) > 70% then alert 36 | # if cpu usage (system) > 30% then alert 37 | # if cpu usage (wait) > 20% then alert 38 | 39 | ## SSH 40 | check process sshd with pidfile /var/run/sshd.pid 41 | start program "/etc/init.d/ssh start" 42 | stop program "/etc/init.d/ssh stop" 43 | if failed port 30000 protocol ssh then restart 44 | if 5 restarts within 5 cycles then timeout 45 | 46 | ## Include extra config files 47 | include /etc/monit/conf.d/* -------------------------------------------------------------------------------- /src/mysql/my.cnf: -------------------------------------------------------------------------------- 1 | # saved in /etc/my.cnf 2 | 3 | [mysqld] 4 | # write out slow queries 5 | slow_query_log = 1 6 | slow_query_log_file = /var/log/mysql/mariadb-slow.log 7 | 8 | # bind address to host machine's internal IP. use this when connecting 9 | # to this server from other machines on the network. 10 | #bind-address = eth1.ip.address 11 | 12 | # disable files from being loaded 13 | local-infile = 0 14 | 15 | # disable displaying list of databases 16 | #skip-show-database 17 | 18 | [mysql] 19 | local-infile = 0 -------------------------------------------------------------------------------- /src/nginx/404.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 404 - Page Not Found 4 | 7 | 8 | 9 | 10 | 11 | 15 | 16 |

12 | The page you are looking could not be found on this machine.
13 | Go in peace. 14 |

17 | 18 | -------------------------------------------------------------------------------- /src/nginx/50x.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | The page is temporarily unavailable 4 | 7 | 8 | 9 | 10 | 11 | 15 | 16 |

12 | The page you are looking for is temporarily unavailable.
13 | Please try again later. 14 |

17 | 18 | -------------------------------------------------------------------------------- /src/nginx/conf/conf_readme.md: -------------------------------------------------------------------------------- 1 | Any nginx config files added to the sites-available directory will be added 2 | as site configurations during the nginx install. 3 | 4 | Any files added to this directory will be added to the root nginx config 5 | directory. -------------------------------------------------------------------------------- /src/nginx/conf/example.conf: -------------------------------------------------------------------------------- 1 | # Example HTTP Server 2 | # 3 | # server { 4 | # listen 80; 5 | # server_name localhost; 6 | # 7 | # root /var/www/; 8 | # index index.php index.html index.htm; 9 | # } -------------------------------------------------------------------------------- /src/nginx/conf/mime.types: -------------------------------------------------------------------------------- 1 | types { 2 | text/html html htm shtml; 3 | text/css css; 4 | text/xml xml; 5 | image/gif gif; 6 | image/jpeg jpeg jpg; 7 | application/x-javascript js; 8 | application/atom+xml atom; 9 | application/rss+xml rss; 10 | 11 | text/mathml mml; 12 | text/plain txt; 13 | text/vnd.sun.j2me.app-descriptor jad; 14 | text/vnd.wap.wml wml; 15 | text/x-component htc; 16 | 17 | image/png png; 18 | image/tiff tif tiff; 19 | image/vnd.wap.wbmp wbmp; 20 | image/x-icon ico; 21 | image/x-jng jng; 22 | image/x-ms-bmp bmp; 23 | image/svg+xml svg svgz; 24 | image/webp webp; 25 | 26 | application/java-archive jar war ear; 27 | application/mac-binhex40 hqx; 28 | application/msword doc; 29 | application/pdf pdf; 30 | application/postscript ps eps ai; 31 | application/rtf rtf; 32 | application/vnd.ms-excel xls; 33 | application/vnd.ms-powerpoint ppt; 34 | application/vnd.wap.wmlc wmlc; 35 | application/vnd.google-earth.kml+xml kml; 36 | application/vnd.google-earth.kmz kmz; 37 | application/x-7z-compressed 7z; 38 | application/x-cocoa cco; 39 | application/x-java-archive-diff jardiff; 40 | application/x-java-jnlp-file jnlp; 41 | application/x-makeself run; 42 | application/x-perl pl pm; 43 | application/x-pilot prc pdb; 44 | application/x-rar-compressed rar; 45 | application/x-redhat-package-manager rpm; 46 | application/x-sea sea; 47 | application/x-shockwave-flash swf; 48 | application/x-stuffit sit; 49 | application/x-tcl tcl tk; 50 | application/x-x509-ca-cert der pem crt; 51 | application/x-xpinstall xpi; 52 | application/xhtml+xml xhtml; 53 | application/zip zip; 54 | 55 | application/octet-stream bin exe dll; 56 | application/octet-stream deb; 57 | application/octet-stream dmg; 58 | #application/octet-stream eot; 59 | application/octet-stream iso img; 60 | application/octet-stream msi msp msm; 61 | 62 | audio/midi mid midi kar; 63 | audio/mpeg mp3; 64 | audio/ogg ogg; 65 | audio/x-m4a m4a; 66 | audio/x-realaudio ra; 67 | 68 | video/3gpp 3gpp 3gp; 69 | video/mp4 mp4; 70 | video/mpeg mpeg mpg; 71 | video/quicktime mov; 72 | video/webm webm; 73 | video/x-flv flv; 74 | video/x-m4v m4v; 75 | video/x-mng mng; 76 | video/x-ms-asf asx asf; 77 | video/x-ms-wmv wmv; 78 | video/x-msvideo avi; 79 | 80 | application/vnd.ms-fontobject eot; 81 | application/x-font-ttf ttf; 82 | font/opentype ott; 83 | application/font-woff woff; 84 | } -------------------------------------------------------------------------------- /src/nginx/conf/nginx.conf: -------------------------------------------------------------------------------- 1 | user www-data www-data; 2 | worker_processes auto; 3 | worker_rlimit_nofile 8192; 4 | 5 | events { 6 | worker_connections 8000; 7 | } 8 | 9 | error_log /opt/nginx/logs/error.log warn; 10 | pid /var/run/nginx.pid; 11 | 12 | http { 13 | server_tokens off; 14 | include mime.types; 15 | default_type application/octet-stream; 16 | sendfile on; 17 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 18 | '$status $body_bytes_sent "$http_referer" ' 19 | '"$http_user_agent" "$http_x_forwarded_for"'; 20 | 21 | keepalive_timeout 100; 22 | access_log /opt/nginx/logs/access.log main; 23 | tcp_nopush on; 24 | tcp_nodelay off; 25 | server_names_hash_bucket_size 64; 26 | 27 | ## Output compression saves bandwidth 28 | gzip on; 29 | gzip_http_version 1.1; 30 | gzip_disable "msie6"; 31 | gzip_vary on; 32 | gzip_comp_level 5; 33 | gzip_proxied any; 34 | gzip_min_length 256; 35 | gzip_types 36 | ## text/html is always compressed by HttpGzipModule 37 | text/css 38 | text/plain 39 | text/x-component 40 | application/javascript 41 | application/json 42 | application/xml 43 | application/xhtml+xml 44 | application/x-font-ttf 45 | application/x-font-opentype 46 | application/vnd.ms-fontobject 47 | image/svg+xml 48 | image/x-icon; 49 | 50 | ## Make sure gzip does not lose large gzipped js or css files 51 | ## see http://blog.leetsoft.com/2007/7/25/nginx-gzip-ssl 52 | gzip_buffers 16 8k; 53 | 54 | include sites-enabled/*; 55 | } 56 | -------------------------------------------------------------------------------- /src/nginx/conf/static.conf: -------------------------------------------------------------------------------- 1 | ## ------------------------------------------------------------------------- 2 | ## Expire rules for static content 3 | 4 | ## No default expire rule. This config mirrors that of apache as outlined in the 5 | ## html5-boilerplate .htaccess file. However, nginx applies rules by location, 6 | ## the apache rules are defined by type. A concequence of this difference is that 7 | ## if you use no file extension in the url and serve html, with apache you get an 8 | ## expire time of 0s, with nginx you'd get an expire header of one month in the 9 | ## future (if the default expire rule is 1 month). Therefore, do not use a 10 | ## default expire rule with nginx unless your site is completely static 11 | 12 | ## cache.appcache, your document html and data 13 | location ~* \.(?:manifest|appcache|html?|xml|json)$ { 14 | expires -1; 15 | access_log logs/static.log; 16 | } 17 | 18 | ## Feed 19 | location ~* \.(?:rss|atom)$ { 20 | expires 1h; 21 | add_header Cache-Control "public"; 22 | } 23 | 24 | ## Media: images, icons, video, audio, HTC 25 | location ~* \.(?:jpg|jpeg|gif|png|ico|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ { 26 | expires 1M; 27 | access_log off; 28 | log_not_found off; 29 | add_header Cache-Control "public"; 30 | } 31 | 32 | ## CSS and Javascript 33 | location ~* \.(?:css|js)$ { 34 | expires 1y; 35 | access_log off; 36 | add_header Cache-Control "public"; 37 | } 38 | 39 | ## ------------------------------------------------------------------------- 40 | ## WebFonts 41 | ## If you are NOT using cross-domain-fonts.conf, uncomment the following directive 42 | location ~* \.(?:ttf|ttc|otf|eot|woff|woff2|font.css)$ { 43 | add_header "Access-Control-Allow-Origin" "*"; 44 | expires 1M; 45 | access_log off; 46 | add_header Cache-Control "public"; 47 | } 48 | 49 | ## ------------------------------------------------------------------------- 50 | ## Force the latest IE version 51 | ## Use ChromeFrame if it's installed for a better experience for the poor IE folk 52 | add_header "X-UA-Compatible" "IE=Edge,chrome=1"; 53 | 54 | ## ------------------------------------------------------------------------- 55 | ## No-Transform 56 | ## Prevent mobile network providers from modifying your site 57 | add_header "Cache-Control" "no-transform"; 58 | 59 | ## ------------------------------------------------------------------------- 60 | ## Prevent system file access 61 | ## Prevent clients from accessing hidden files (starting with a dot) 62 | ## This is particularly important if you store .htpasswd files in the site hierarchy 63 | location ~* (?:^|/)\. { 64 | deny all; 65 | } 66 | 67 | ## Prevent clients from accessing to backup/config/source files 68 | location ~* (?:\.(?:bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$ { 69 | deny all; 70 | } 71 | -------------------------------------------------------------------------------- /src/nginx/index.html: -------------------------------------------------------------------------------- 1 | Hi :) -------------------------------------------------------------------------------- /src/nginx/index.php: -------------------------------------------------------------------------------- 1 | Hi :) 2 | 3 | Today is -------------------------------------------------------------------------------- /src/nginx/nginx_init: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | ### BEGIN INIT INFO 4 | # Provides: nginx 5 | # Required-Start: $all 6 | # Required-Stop: $all 7 | # Default-Start: 2 3 4 5 8 | # Default-Stop: 0 1 6 9 | # Short-Description: starts the nginx web server 10 | # Description: starts nginx using start-stop-daemon 11 | ### END INIT INFO 12 | 13 | PATH=/opt/nginx/sbin:/sbin:/bin:/usr/sbin:/usr/bin 14 | DAEMON=/opt/nginx/sbin/nginx 15 | NAME=nginx 16 | DESC=nginx 17 | 18 | test -x $DAEMON || exit 0 19 | 20 | # Include nginx defaults if available 21 | if [ -f "/etc/default/nginx" ] ; then 22 | . /etc/default/nginx 23 | fi 24 | 25 | set -e 26 | 27 | case "$1" in 28 | start) 29 | echo -n "Starting $DESC: " 30 | start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \ 31 | --exec $DAEMON -- $DAEMON_OPTS 32 | echo "$NAME." 33 | ;; 34 | stop) 35 | echo -n "Stopping $DESC: " 36 | start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \ 37 | --exec $DAEMON 38 | echo "$NAME." 39 | ;; 40 | restart|force-reload) 41 | echo -n "Restarting $DESC: " 42 | start-stop-daemon --stop --quiet --pidfile \ 43 | /var/run/$NAME.pid --exec $DAEMON 44 | sleep 1 45 | start-stop-daemon --start --quiet --pidfile \ 46 | /var/run/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS 47 | echo "$NAME." 48 | ;; 49 | reload) 50 | echo -n "Reloading $DESC configuration: " 51 | start-stop-daemon --stop --signal HUP --quiet --pidfile /var/run/$NAME.pid \ 52 | --exec $DAEMON 53 | echo "$NAME." 54 | ;; 55 | *) 56 | N=/etc/init.d/$NAME 57 | echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2 58 | exit 1 59 | ;; 60 | esac 61 | 62 | exit 0 -------------------------------------------------------------------------------- /src/php/fpm_example.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # read in siteurl from arg[0] and output file to arg[1] 4 | # 5 | domainname=${1:-""} 6 | 7 | if [ -z "$domainname" ]; then 8 | echo "No siteurl provided" 9 | exit 2 10 | fi 11 | 12 | echo " 13 | [${domainname}] 14 | 15 | listen = /var/run/php5-fpm-${domainname}.socket 16 | listen.backlog = -1 17 | listen.mode = 0666 18 | 19 | ; Unix user/group of processes 20 | ; user is the user who owns the site files 21 | user = www-data 22 | group = www-data 23 | 24 | ; Choose how the process manager will control the number of child processes. 25 | pm = dynamic 26 | pm.max_children = 20 27 | pm.start_servers = 5 28 | pm.min_spare_servers = 5 29 | pm.max_spare_servers = 20 30 | pm.max_requests = 500 31 | 32 | ; Pass environment variables 33 | env[HOSTNAME] = $HOSTNAME 34 | env[PATH] = /usr/local/bin:/usr/bin:/bin 35 | env[TMP] = /tmp 36 | env[TMPDIR] = /tmp 37 | env[TEMP] = /tmp 38 | 39 | ; host-specific php ini settings here 40 | ; php_admin_value[open_basedir] = /var/www/${domainname}/htdocs:/tmp 41 | " > /etc/php5/fpm/pool.d/$domainname.conf -------------------------------------------------------------------------------- /src/redis/redis.conf: -------------------------------------------------------------------------------- 1 | ## redis config 2 | daemonize yes 3 | pidfile /var/run/redis_6379.pid 4 | port 6379 5 | timeout 0 6 | tcp-keepalive 0 7 | loglevel notice 8 | logfile /var/log/redis_6379.log 9 | databases 16 10 | 11 | ## backups options 12 | save 900 1 13 | save 300 10 14 | save 60 10000 15 | rdbcompression yes 16 | rdbchecksum no 17 | dbfilename dump.rdb 18 | dir /var/redis 19 | 20 | ## append only file 21 | appendonly yes 22 | appendfilename appendonly.aof 23 | appendfsync everysec 24 | no-appendfsync-on-rewrite no 25 | auto-aof-rewrite-percentage 100 26 | auto-aof-rewrite-min-size 64mb 27 | 28 | ## slow log 29 | slowlog-log-slower-than 10000 30 | slowlog-max-len 128 -------------------------------------------------------------------------------- /src/redis/redis_6379: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ### BEGIN INIT INFO 4 | # Provides: redis 5 | # Required-Start: 6 | # Required-Stop: 7 | # Default-Start: 2 3 4 5 8 | # Default-Stop: 0 1 6 9 | # Short-Description: redis 10 | # Description: redis server 11 | ### END INIT INFO 12 | 13 | REDISPORT=6379 14 | EXEC=/usr/local/bin/redis-server 15 | CLIEXEC=/usr/local/bin/redis-cli 16 | PIDFILE=/var/run/redis_${REDISPORT}.pid 17 | CONF="/etc/redis/${REDISPORT}.conf" 18 | 19 | case "$1" in 20 | start) 21 | if [ -f $PIDFILE ] 22 | then 23 | echo "$PIDFILE exists, process is already running or crashed" 24 | else 25 | echo "Starting Redis server..." 26 | $EXEC $CONF 27 | fi 28 | ;; 29 | stop) 30 | if [ ! -f $PIDFILE ] 31 | then 32 | echo "$PIDFILE does not exist, process is not running" 33 | else 34 | PID=$(cat $PIDFILE) 35 | echo "Stopping ..." 36 | $CLIEXEC -p $REDISPORT shutdown 37 | while [ -x /proc/${PID} ] 38 | do 39 | echo "Waiting for Redis to shutdown ..." 40 | sleep 1 41 | done 42 | echo "Redis stopped" 43 | fi 44 | ;; 45 | *) 46 | echo "Please use start or stop as first argument" 47 | ;; 48 | esac -------------------------------------------------------------------------------- /src/ssh/sshd_config: -------------------------------------------------------------------------------- 1 | # Package generated configuration file 2 | # See the sshd(8) manpage for details 3 | 4 | # What ports, IPs and protocols we listen for 5 | Port 30000 6 | # Use these options to restrict which interfaces/protocols sshd will bind to 7 | #ListenAddress :: 8 | #ListenAddress 0.0.0.0 9 | Protocol 2 10 | # HostKeys for protocol version 2 11 | HostKey /etc/ssh/ssh_host_rsa_key 12 | HostKey /etc/ssh/ssh_host_dsa_key 13 | #Privilege Separation is turned on for security 14 | UsePrivilegeSeparation yes 15 | 16 | # Lifetime and size of ephemeral version 1 server key 17 | KeyRegenerationInterval 3600 18 | ServerKeyBits 768 19 | 20 | # Logging 21 | SyslogFacility AUTH 22 | LogLevel INFO 23 | 24 | # Authentication: 25 | LoginGraceTime 120 26 | PermitRootLogin no 27 | StrictModes yes 28 | 29 | RSAAuthentication yes 30 | PubkeyAuthentication yes 31 | AuthorizedKeysFile %h/.ssh/authorized_keys 32 | 33 | # Don't read the user's ~/.rhosts and ~/.shosts files 34 | IgnoreRhosts yes 35 | # For this to work you will also need host keys in /etc/ssh_known_hosts 36 | RhostsRSAAuthentication no 37 | # similar for protocol version 2 38 | HostbasedAuthentication no 39 | # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication 40 | #IgnoreUserKnownHosts yes 41 | 42 | # To enable empty passwords, change to yes (NOT RECOMMENDED) 43 | PermitEmptyPasswords no 44 | 45 | # Change to yes to enable challenge-response passwords (beware issues with 46 | # some PAM modules and threads) 47 | ChallengeResponseAuthentication no 48 | 49 | # Change to no to disable tunnelled clear text passwords 50 | PasswordAuthentication yes 51 | 52 | # Kerberos options 53 | #KerberosAuthentication no 54 | #KerberosGetAFSToken no 55 | #KerberosOrLocalPasswd yes 56 | #KerberosTicketCleanup yes 57 | 58 | # GSSAPI options 59 | #GSSAPIAuthentication no 60 | #GSSAPICleanupCredentials yes 61 | 62 | X11Forwarding no 63 | X11DisplayOffset 10 64 | PrintMotd no 65 | PrintLastLog yes 66 | TCPKeepAlive yes 67 | #UseLogin no 68 | 69 | #MaxStartups 10:30:60 70 | Banner /etc/issue 71 | 72 | # Allow client to pass locale environment variables 73 | AcceptEnv LANG LC_* 74 | 75 | Subsystem sftp /usr/lib/openssh/sftp-server 76 | 77 | UsePAM no 78 | 79 | # Allow certain users to be safe 80 | #AllowUsers user --------------------------------------------------------------------------------