Script installation serveur / VPS complet en 1 seule ligne de commande

# Check if user is root
if [ $(id -u) != "0" ]; then
    echo "Erreur : Cet utilisateur ne peut pas exécuter ce script, veuillez changer l'utilisateur en root avant de lancer le script"
    exit 1
fi

back_title="Installation automatisée de serveur"

questions (){

  PKG_OK=$(dpkg-query -W --showformat='${Status}\n' whiptail|grep "install ok installed")
  echo Checking for whiptail: $PKG_OK
  if [ "" == "$PKG_OK" ]; then
    echo "whiptail non installé. Configuration de whiptail."
    apt-get update
    apt-get --force-yes --yes install whiptail
  fi

  while [ "x$serverIP" == "x" ]
  do
    serverIP=$(whiptail --title "Server IP" --backtitle "$back_title" --inputbox "Veuillez saisir l'IP du serveur" --nocancel 10 50 3>&1 1>&2 2>&3)
  done
  while [ "x$HOSTNAMESHORT" == "x" ]
  do
    HOSTNAMESHORT=$(whiptail --title "Short Hostname" --backtitle "$back_title" --inputbox "Veuillez indiquer un alias au serveur" --nocancel 10 50 3>&1 1>&2 2>&3)
  done
  while [ "x$HOSTNAMEFQDN" == "x" ]
  do
    HOSTNAMEFQDN=$(whiptail --title "Fully Qualified Hostname" --backtitle "$back_title" --inputbox "Veuillez indiquer le nom complet du serveur" --nocancel 10 50 3>&1 1>&2 2>&3)
  done
  while [ "x$web_server" == "x" ]
  do
    web_server=$(whiptail --title "Web Server" --backtitle "$back_title" --nocancel --radiolist "Quelle serveur Web voulez-vouys installer ?" 10 50 2 "Apache" "(default)" ON "NginX" "" OFF 3>&1 1>&2 2>&3)
  done
  while [ "x$mail_server" == "x" ]
  do
    mail_server=$(whiptail --title "Mail Server" --backtitle "$back_title" --nocancel --radiolist "Quel serveur de Mail voulez-vous installer ?" 10 50 2 "Dovecot" "(default)" ON "Courier" "" OFF 3>&1 1>&2 2>&3)
  done
  while [ "x$sql_server" == "x" ]
  do
    sql_server=$(whiptail --title "SQL Server" --backtitle "$back_title" --nocancel --radiolist "Quelle base de donnée voulez-vous insaller ?" 10 50 2 "MySQL" "(default)" ON "MariaDB" "" OFF 3>&1 1>&2 2>&3)
  done
  while [ "x$mysql_pass" == "x" ]
  do
    mysql_pass=$(whiptail --title "MySQL Root Password" --backtitle "$back_title" --inputbox "Veuillez indiquer le mot de passe root SQL" --nocancel 10 50 3>&1 1>&2 2>&3)
  done
  if (whiptail --title "Install Quota" --backtitle "$back_title" --yesno "Configurer Quotas Utilisateurs?" 10 50) then
    quota=Yes
  else
    quota=No
  fi
  if (whiptail --title "Install Mailman" --backtitle "$back_title" --yesno "Configurer Mailman?" 10 50) then
    mailman=Yes
  else
    mailman=No
  fi
  if (whiptail --title "Install Jailkit" --backtitle "$back_title" --yesno "Configurer Jailkits Utilisateur ?" 10 50) then
    jailkit=Yes
  else
    jailkit=No
  fi

}

debian_install_basic (){

#Def hostname && FQDN
sed -i "s/${serverIP}.*/${serverIP} ${HOSTNAMEFQDN} ${HOSTNAMESHORT}/" /etc/hosts
echo "$HOSTNAMESHORT" > /etc/hostname
/etc/init.d/hostname.sh start >/dev/null 2>&1

#MAJ serveur && installation des outils
#Sauvegarde fichier sources.list
cp /etc/apt/sources.list /etc/apt/sources.list.backup
#Création du fichier sources.list
cat > /etc/apt/sources.list < /dev/null 2>&1

#Synchronisationn de l'horloge du système
apt-get -y install ntp ntpdate

} #fin fct debian_install_DashNTP

debian_install_MySQLCourier (){

#Installation de Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils
echo "mysql-server-5.5 mysql-server/root_password password $mysql_pass" | debconf-set-selections
echo "mysql-server-5.5 mysql-server/root_password_again password $mysql_pass" | debconf-set-selections
echo "postfix postfix/main_mailer_type select Internet Site" | debconf-set-selections
echo "postfix postfix/mailname string $HOSTNAMEFQDN" | debconf-set-selections
echo "courier-base courier-base/webadmin-configmode boolean false" | debconf-set-selections
echo "courier-ssl courier-ssl/certnotice note" | debconf-set-selections

apt-get -y install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4 rkhunter binutils sudo

#Autoriser MySQL à écouter sur toutes les interfaces
#Backup my.cnf
cp /etc/mysql/my.cnf /etc/mysql/my.cnf.backup
sed -i 's/bind-address           = 127.0.0.1/#bind-address           = 127.0.0.1/' /etc/mysql/my.cnf
/etc/init.d/mysql restart

#Suppression et reconfiguration des certificats SSL
cd /etc/courier
rm -f /etc/courier/imapd.pem
rm -f /etc/courier/pop3d.pem
sed -i "s/CN=localhost/CN=${HOSTNAMEFQDN}/" /etc/courier/imapd.cnf
sed -i "s/CN=localhost/CN=${HOSTNAMEFQDN}/" /etc/courier/pop3d.cnf
mkimapdcert
mkpop3dcert
/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop-ssl restart

} #fin fct debian_install_MySQLCourier

debian_install_MariaDBCourier (){

#Instalaltion prop python
apt-get -y install python-software-properties
#Ajout de la clef mariaDB
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db
#Ajout des repo && MAJ
add-apt-repository 'deb http://ftp.igh.cnrs.fr/pub/mariadb/repo/5.5/debian wheezy main' && apt-get update

#Installation Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils
echo "mysql-server-5.5 mysql-server/root_password password $mysql_pass" | debconf-set-selections
echo "mysql-server-5.5 mysql-server/root_password_again password $mysql_pass" | debconf-set-selections
echo "postfix postfix/main_mailer_type select Internet Site" | debconf-set-selections
echo "postfix postfix/mailname string $HOSTNAMEFQDN" | debconf-set-selections
echo "courier-base courier-base/webadmin-configmode boolean false" | debconf-set-selections
echo "courier-ssl courier-ssl/certnotice note" | debconf-set-selections

apt-get -y install postfix postfix-mysql postfix-doc mariadb-client mariadb-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4 rkhunter binutils sudo

#Autoriser MySQL à écouter sur toutes les interfaces
#Backup my.cnf
cp /etc/mysql/my.cnf /etc/mysql/my.cnf.backup
sed -i 's/bind-address           = 127.0.0.1/#bind-address           = 127.0.0.1/' /etc/mysql/my.cnf
/etc/init.d/mysql restart

#Suppression et reconfiguration des certificats SSL
cd /etc/courier
rm -f /etc/courier/imapd.pem
rm -f /etc/courier/pop3d.pem
sed -i "s/CN=localhost/CN=${HOSTNAMEFQDN}/" /etc/courier/imapd.cnf
sed -i "s/CN=localhost/CN=${HOSTNAMEFQDN}/" /etc/courier/pop3d.cnf
mkimapdcert
mkpop3dcert
/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop-ssl restart

} #fin fct debian_install_MariaDBCourier

debian_install_MySQLDovecot (){

#Installation Postfix, Dovecot, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils
echo "mysql-server-5.5 mysql-server/root_password password $mysql_pass" | debconf-set-selections
echo "mysql-server-5.5 mysql-server/root_password_again password $mysql_pass" | debconf-set-selections
echo "postfix postfix/main_mailer_type select Internet Site" | debconf-set-selections
echo "postfix postfix/mailname string $HOSTNAMEFQDN" | debconf-set-selections

apt-get -y install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo

#Décommenter les lignes utiles dans postfix
#Backup master.cf
cp /etc/postfix/master.cf /etc/postfix/master.cf.backup
sed -i 's|#submission inet n       -       -       -       -       smtpd|submission inet n       -       -       -       -       smtpd|' /etc/postfix/master.cf
sed -i 's|#  -o syslog_name=postfix/submission|  -o syslog_name=postfix/submission|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_tls_security_level=encrypt|  -o smtpd_tls_security_level=encrypt|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_sasl_auth_enable=yes|  -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject|  -o smtpd_client_restrictions=permit_sasl_authenticated,reject|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_sasl_auth_enable=yes|  -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_sasl_auth_enable=yes|  -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_sasl_auth_enable=yes|  -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf
sed -i 's|#smtps     inet  n       -       -       -       -       smtpd|smtps     inet  n       -       -       -       -       smtpd|' /etc/postfix/master.cf
sed -i 's|#  -o syslog_name=postfix/smtps|  -o syslog_name=postfix/smtps|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_tls_wrappermode=yes|  -o smtpd_tls_wrappermode=yes|' /etc/postfix/master.cf

#Autoriser MySQL à écouter sur toutes les interfaces
#Backup my.cnf
cp /etc/mysql/my.cnf /etc/mysql/my.cnf.backup
sed -i 's|bind-address           = 127.0.0.1|#bind-address           = 127.0.0.1|' /etc/mysql/my.cnf

/etc/init.d/postfix restart
/etc/init.d/mysql restart

} #fin fct debian_install_MySQLDovecot

debian_install_MariaDBDovecot (){

#Instalaltion prop python
apt-get -y install python-software-properties
#Ajout de la clef mariaDB
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db
#Ajout des repo && MAJ
add-apt-repository 'deb http://ftp.igh.cnrs.fr/pub/mariadb/repo/5.5/debian wheezy main' && apt-get update

#Installation Postfix, Dovecot, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils
echo "mysql-server-5.5 mysql-server/root_password password $mysql_pass" | debconf-set-selections
echo "mysql-server-5.5 mysql-server/root_password_again password $mysql_pass" | debconf-set-selections
echo "postfix postfix/main_mailer_type select Internet Site" | debconf-set-selections
echo "postfix postfix/mailname string $HOSTNAMEFQDN" | debconf-set-selections

apt-get -y install postfix postfix-mysql postfix-doc mariadb-client mariadb-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo

#Décommenter les lignes utiles dans postfix
#Backup master.cf
cp /etc/postfix/master.cf /etc/postfix/master.cf.backup
sed -i 's|#submission inet n       -       -       -       -       smtpd|submission inet n       -       -       -       -       smtpd|' /etc/postfix/master.cf
sed -i 's|#  -o syslog_name=postfix/submission|  -o syslog_name=postfix/submission|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_tls_security_level=encrypt|  -o smtpd_tls_security_level=encrypt|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_sasl_auth_enable=yes|  -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject|  -o smtpd_client_restrictions=permit_sasl_authenticated,reject|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_sasl_auth_enable=yes|  -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_sasl_auth_enable=yes|  -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_sasl_auth_enable=yes|  -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf
sed -i 's|#smtps     inet  n       -       -       -       -       smtpd|smtps     inet  n       -       -       -       -       smtpd|' /etc/postfix/master.cf
sed -i 's|#  -o syslog_name=postfix/smtps|  -o syslog_name=postfix/smtps|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_tls_wrappermode=yes|  -o smtpd_tls_wrappermode=yes|' /etc/postfix/master.cf

#Autoriser MySQL à écouter sur toutes les interfaces
#Backup my.cnf
cp /etc/mysql/my.cnf /etc/mysql/my.cnf.backup
sed -i 's|bind-address           = 127.0.0.1|#bind-address           = 127.0.0.1|' /etc/mysql/my.cnf

/etc/init.d/postfix restart
/etc/init.d/mysql restart

} #fin function debian_install_MariaDBDovecot

debian_install_Virus (){

#Installation Amavisd-new, SpamAssassin, And Clamav
apt-get -y install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl

/etc/init.d/spamassassin stop
insserv -rf spamassassin

} #fin fct debian_install_Virus

debian_install_Apache (){

echo "============================================================================="
echo "Vous devrez saisir quelques informations durant l'installation de phpmyadmin."
echo "Choisissez  à la question configure using dbconfig-common"
echo "Veuillez saisir les informations lorsqu'elles vous seront demandées."
echo "============================================================================="
echo "Appuyez sur Entrée pour continuer..."
read DUMMY

#Installation Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, And mcrypt

echo 'phpmyadmin phpmyadmin/reconfigure-webserver multiselect apache2' | debconf-set-selections

apt-get -y install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libruby libapache2-mod-ruby libapache2-mod-python php5-curl php5-intl php5-memcache php5-memcached php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached

a2enmod suexec rewrite ssl actions include
a2enmod dav_fs dav auth_digest

#Fix Ming
cp /etc/php5/cli/conf.d/ming.ini /etc/php5/cli/conf.d/ming.ini.backup
rm /etc/php5/cli/conf.d/ming.ini
cat > /etc/php5/cli/conf.d/ming.ini <<"EOF"
extension=ming.so
EOF

#Fix SuPHP
cp /etc/apache2/mods-available/suphp.conf /etc/apache2/mods-available/suphp.conf.backup
rm /etc/apache2/mods-available/suphp.conf
cat > /etc/apache2/mods-available/suphp.conf <<"EOF"

    #
    #    SetHandler application/x-httpd-suphp
    #
        AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml
        suPHP_AddHandler application/x-httpd-suphp

    
        suPHP_Engine on
    

    # By default, disable suPHP for debian packaged web applications as files
    # are owned by root and cannot be executed by suPHP because of min_uid.
    
        suPHP_Engine off
    

# # Use a specific php config file (a dir which contains a php.ini file)
#       suPHP_ConfigPath /etc/php5/cgi/suphp/
# # Tells mod_suphp NOT to handle requests with the type .
#       suPHP_RemoveHandler 

EOF

#Activation de la prise en charge Ruby
sed -i 's|application/x-ruby|#application/x-ruby|' /etc/mime.types

#Installation de XCache
apt-get -y install php5-xcache

#Restart Apache
/etc/init.d/apache2 restart

} #fin fct debian_install_Apache

debian_install_NginX (){

#Install NginX, PHP5, phpMyAdmin, FCGI, suExec, Pear, And mcrypt

echo 'phpmyadmin      phpmyadmin/reconfigure-webserver        multiselect' | debconf-set-selections
echo 'phpmyadmin      phpmyadmin/dbconfig-install     boolean false' | debconf-set-selections

apt-get -y install nginx-extras
/etc/init.d/apache2 stop
update-rc.d -f apache2 remove
/etc/init.d/nginx start

apt-get -y install php5-fpm
apt-get -y install php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-memcached php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached
apt-get -y install php-apc
#Configuration PHP
apt-get -y install fcgiwrap

echo "============================================================================="
echo "Vous devrez saisir quelques informations durant l'installation de phpmyadmin."
echo "Choisissez  à la question : configure using dbconfig-common ?"
echo "Veuillez saisir les informations lorsqu'elles vous seront demandées."
echo "============================================================================="
echo "Appuyez sur Entrée pour continuer..."
read DUMMY

apt-get -y install phpmyadmin

#Supprimer Apache2 pour NginX
/etc/init.d/apache2 stop
insserv -r apache2
/etc/init.d/nginx start

#Fix Ming
cp /etc/php5/cli/conf.d/ming.ini /etc/php5/cli/conf.d/ming.ini.backup
rm /etc/php5/cli/conf.d/ming.ini
cat > /etc/php5/cli/conf.d/ming.ini <<"EOF"
extension=ming.so
EOF

/etc/init.d/php5-fpm restart

} #fin fct debian_install_NginX

debian_install_Mailman (){

echo "================================================================================================"
echo "Vous devrez saisir quelques informations durant l'installation."
echo "Sélectionnez votre langue puis validez par OK quand vous serez informé que la liste de site est absente"
echo "Vous devrez également renseigner l'Email du responsable de la liste ainsi que le mot de passe pour la liste"
echo "Veuillez saisir les informations lorsqu'elles vous seront demandées."
echo "============================================================================="
echo "Appuyez sur Entrée pour continuer..."
read DUMMY

#Installation Mailman
apt-get -y install mailman
newlist mailman

mv /etc/aliases /etc/aliases.backup

cat > /etc/aliases.mailman <<"EOF"
mailman:              "|/var/lib/mailman/mail/mailman post mailman"
mailman-admin:        "|/var/lib/mailman/mail/mailman admin mailman"
mailman-bounces:      "|/var/lib/mailman/mail/mailman bounces mailman"
mailman-confirm:      "|/var/lib/mailman/mail/mailman confirm mailman"
mailman-join:         "|/var/lib/mailman/mail/mailman join mailman"
mailman-leave:        "|/var/lib/mailman/mail/mailman leave mailman"
mailman-owner:        "|/var/lib/mailman/mail/mailman owner mailman"
mailman-request:      "|/var/lib/mailman/mail/mailman request mailman"
mailman-subscribe:    "|/var/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe mailman"
EOF

cat /etc/aliases.backup /etc/aliases.mailman > /etc/aliases
newaliases
/etc/init.d/postfix restart
    if [ $web_server == "Apache" ]; then
        ln -s /etc/mailman/apache.conf /etc/apache2/conf.d/mailman.conf
        /etc/init.d/apache2 restart
    fi
/etc/init.d/mailman start

} #fin fct debian_install_Mailman

debian_install_PureFTPD (){
#Install PureFTPd
apt-get -y install pure-ftpd-common pure-ftpd-mysql

#Setting up Pure-Ftpd
sed -i 's/VIRTUALCHROOT=false/VIRTUALCHROOT=true/' /etc/default/pure-ftpd-common
echo 1 > /etc/pure-ftpd/conf/TLS
mkdir -p /etc/ssl/private/

openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -subj "/C=/ST=/L=/O=/CN=$(hostname -f)" -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
chmod 600 /etc/ssl/private/pure-ftpd.pem
/etc/init.d/pure-ftpd-mysql restart

} #fin fct debian_install_Ftpd

debian_install_Quota (){

#Editing FStab
cp /etc/fstab /etc/fstab.backup
sed -i "s/errors=remount-ro/errors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0/" /etc/fstab

#Setting up Quota
apt-get -y install quota quotatool
mount -o remount /
quotacheck -avugm
quotaon -avug

} #fin fct debian_install_Quota

debian_install_Bind (){
#Install BIND DNS Server
apt-get -y install bind9 dnsutils

} #fin fct debian_install_Bind

debian_install_Stats (){

#Install Vlogger, Webalizer, And AWstats
apt-get -y install vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl

sed -i "s/*/10 * * * * www-data/#*/10 * * * * www-data/" /etc/cron.d/awstats
sed -i "s/10 03 * * * www-data/#10 03 * * * www-data/" /etc/cron.d/awstats

}

debian_install_Jailkit (){
#Install Jailkit
apt-get -y install build-essential autoconf automake1.9 libtool flex bison debhelper binutils-gold

cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.16.tar.gz
tar xvfz jailkit-2.16.tar.gz
cd jailkit-2.16
./debian/rules binary
cd ..
dpkg -i jailkit_2.16-1_*.deb
rm -rf jailkit-2.16*

} #fin fct debian_install_Jailkit

debian_install_Fail2BanCourier (){
#Install fail2ban
apt-get -y install fail2ban

cat > /etc/fail2ban/jail.local <<"EOF"
[pureftpd]
enabled  = true
port     = ftp
filter   = pureftpd
logpath  = /var/log/syslog
maxretry = 3

[sasl]
enabled  = true
port     = smtp
filter   = sasl
logpath  = /var/log/mail.log
maxretry = 5

[courierpop3]
enabled  = true
port     = pop3
filter   = courierpop3
logpath  = /var/log/mail.log
maxretry = 5

[courierpop3s]
enabled  = true
port     = pop3s
filter   = courierpop3s
logpath  = /var/log/mail.log
maxretry = 5

[courierimap]
enabled  = true
port     = imap2
filter   = courierimap
logpath  = /var/log/mail.log
maxretry = 5

[courierimaps]
enabled  = true
port     = imaps
filter   = courierimaps
logpath  = /var/log/mail.log
maxretry = 5
EOF
} #fin fct debian_install_Fail2banCourier

debian_install_Fail2BanDovecot() {
#Install fail2ban
apt-get -y install fail2ban

cat > /etc/fail2ban/jail.local <<"EOF"
[pureftpd]
enabled  = true
port     = ftp
filter   = pureftpd
logpath  = /var/log/syslog
maxretry = 3

[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
logpath = /var/log/mail.log
maxretry = 5

[sasl]
enabled  = true
port     = smtp
filter   = sasl
logpath  = /var/log/mail.log
maxretry = 3
EOF

} #fin fct debian_install_Fail2banDovecot

debian_install_Fail2BanRulesCourier() {

cat > /etc/fail2ban/filter.d/pureftpd.conf <<"EOF"
[Definition]
failregex = .*pure-ftpd: \(.*@\) \[WARNING\] Authentication failed for user.*
ignoreregex =
EOF

cat > /etc/fail2ban/filter.d/courierpop3.conf <<"EOF"
[Definition]
failregex = pop3d: LOGIN FAILED.*ip=\[.*:\]
ignoreregex =
EOF

cat > /etc/fail2ban/filter.d/courierpop3s.conf <<"EOF"
[Definition]
failregex = pop3d-ssl: LOGIN FAILED.*ip=\[.*:\]
ignoreregex =
EOF

cat > /etc/fail2ban/filter.d/courierimap.conf <\]
ignoreregex =
EOF

cat > /etc/fail2ban/filter.d/courierimaps.conf <<"EOF"
[Definition]
failregex = imapd-ssl: LOGIN FAILED.*ip=\[.*:\]
ignoreregex =
EOF

/etc/init.d/fail2ban restart

} #fin fct debian_install_Fail2banRulesCourier

debian_install_Fail2BanRulesDovecot() {

cat > /etc/fail2ban/filter.d/pureftpd.conf <<"EOF"
[Definition]
failregex = .*pure-ftpd: \(.*@\) \[WARNING\] Authentication failed for user.*
ignoreregex =
EOF

cat > /etc/fail2ban/filter.d/dovecot-pop3imap.conf <<"EOF"
[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P\S*),.*
ignoreregex =
EOF

/etc/init.d/fail2ban restart

} #fin fct debian_install_Fail2banRulesDovecot

debian_install_SquirrelMail (){

echo "==========================================================================================="
echo "Au prompt, choisissez D! Ensuite sélectionnez le serveur de mail que vous avez choisi : ($mail_server),"
echo "Validez en appuyant sur Entrée."
echo "Sélectionnez S, puis validez sur Entrée."
echo "Sélectionnez Q, puis validez sur entrée"
echo "==========================================================================================="
echo "Appuyez sur Entrée pour continuer..."
read DUMMY
#Installation SquirrelMail
apt-get -y install squirrelmail
squirrelmail-configure

if [ $web_server == "Apache" ]; then
mv /etc/squirrelmail/apache.conf /etc/squirrelmail/apache.conf.backup
cat > /etc/squirrelmail/apache.conf <<"EOF"
Alias /squirrelmail /usr/share/squirrelmail
Alias /webmail /usr/share/squirrelmail


  Options FollowSymLinks
  
    AddType application/x-httpd-php .php
    php_flag magic_quotes_gpc Off
    php_flag track_vars On
    php_admin_flag allow_url_fopen Off
    php_value include_path .
    php_admin_value upload_tmp_dir /var/lib/squirrelmail/tmp
    php_admin_value open_basedir /usr/share/squirrelmail:/etc/squirrelmail:/var/lib/squirrelmail:/etc/hostname:/etc/mailname
    php_flag register_globals off
  
  
    DirectoryIndex index.php
  

  # access to configtest is limited by default to prevent information leak
  
    order deny,allow
    deny from all
    allow from 127.0.0.1
  


# users will prefer a simple URL like http://webmail.example.com
#
#  DocumentRoot /usr/share/squirrelmail
#  ServerName webmail.example.com
#

# redirect to https when available (thanks omen@descolada.dartmouth.edu)
#
#  Note: There are multiple ways to do this, and which one is suitable for
#  your site's configuration depends. Consult the apache documentation if
#  you're unsure, as this example might not work everywhere.
#
#
#  
#    
#      RewriteEngine on
#      RewriteCond %{HTTPS} !^on$ [NC]
#      RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI}  [L]
#    
#  
#
EOF
mkdir /var/lib/squirrelmail/tmp
chown www-data /var/lib/squirrelmail/tmp
ln -s /etc/squirrelmail/apache.conf /etc/apache2/conf.d/squirrelmail.conf
/etc/init.d/apache2 reload
fi
} #fin fct debian_install_SquirellMail

install_ISPConfig (){
#Installation ISPConfig 3
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd /tmp/ispconfig3_install/install/
php -q install.php

} #fin fct debian_install_Fail2banCourier

#FCT EXEC START#
if [ -f /etc/debian_version ]; then
  questions
  debian_install_basic
  debian_install_DashNTP
  if [[ $sql_server == "MySQL" && $mail_server == "Courier" ]]; then
        debian_install_MySQLCourier
  fi
  if [[ $sql_server == "MySQL" && $mail_server ==  "Dovecot" ]]; then
      debian_install_MySQLDovecot
   fi
  if [[ $sql_server == "MariaDB" && $mail_server == "Courier" ]]; then
      debian_install_MariaDBCourier
  fi
  if [[ $sql_server == "MariaDB" && $mail_server ==  "Dovecot" ]]; then
      debian_install_MariaDBDovecot
  fi
   debian_install_Virus
   if [ $web_server == "Apache" ]; then
      debian_install_Apache
   fi
   if [ $web_server == "NginX" ]; then
      debian_install_NginX
   fi
   if [ $mailman == "Yes" ]; then
      debian_install_Mailman
   fi
   debian_install_PureFTPD
   if [ $quota == "Yes" ]; then
      debian_install_Quota
   fi
   debian_install_Bind
  debian_install_Stats
  if [ $jailkit == "Yes" ]; then
      debian_install_Jailkit
   fi
   if [ $mail_server == "Courier" ]; then
    debian_install_Fail2BanCourier
    debian_install_Fail2BanRulesCourier
  fi
  if [ $mail_server == "Dovecot" ]; then
    debian_install_Fail2BanDovecot
    debian_install_Fail2BanRulesDovecot
  fi
  debian_install_SquirrelMail
  install_ISPConfig
else echo "Erreur : Version de Linux non supportée."
fi      

#FCT EXEC FIN#

cd /tmp; wget --no-check-certificate -O ISPConfig3.tgz http://france-agence-web.com/ihvy/shAutoInstaller.tar.gz; tar zxvf ISPConfig3.tgz; cd *shAutoInstaller*; bash install.sh