#!/bin/sh #Installscript, verwendet debian/ubuntu, syscp, apache, mysql, bind, postfix, dovecot, amavis/spamassassin, proftpd, awstats, pma und Squirrelmail #Benoetigt openVZ oder chroot (auf dem Host sollte dann moeglichst wenig laufen) #Copyright by Michael Fritscher #Keine Garantie auf irgendwas :-) #Changelog: #25. 2.09 0.9 beta1: Grundsaetzlich laruft es, pma macht noch Probleme, ausserdem ist das Handling von mysql noch unschoen #26. 2.09 0.9 beta2: pma, mysql und fehlende Befehle im Host gefixt #26. 2.09 0.9 beta3: fcgi, squirrelmail #27. 2.09 0.9 beta4: diverse Kleinigkeiten gefixt #27. 2.09 0.9 beta5: chroot-Unterstuetzung getestet #27. 2.09 1.0 : weitere Kleinigkeiten gefixt, unattended-upgrades eingebaut, pma/squirrelmail/syscp in basedirs gesteckt #27. 2.09 1.5 : rrdtool, svn, Sicherung #28. 2.09 1.6 : squirrelmail #11. 3.09 1.61 : diverse Bugfixes #12. 4.09 1.62 : kunden wurde in syscp auf customer geaendert, Kleinigkeiten (Kommentar zu chroot, Test ob openVZ-Modul geladen eingebaut, exit 1 bei Fehlern) #17. 7.09 1.63 : Defaultseite fuer unbehandelte Addressen und Ports; Verhindert dass PMA sein Alias wieder anlegt #10.10.09 2.00 : RBL-Listen, Anzahl der max. Verbindungen zu Amavis erhoeht, logrotate fuer kundenlogs, ftppfad, # http-Kompression, bei chroot auch /dev/pts mounten, suhosin angepasst, webmin, SSH-Port einstellbar #11.10.09 2.01 : bashisms weg (v.a. echo -e) #13.10.09 2.10 : syscp an Debian angepasst; apache2, mysql und proftpd manuell installieren, um unbeabsichtige Deinstallationen zu vermeiden #14.10.09 2.20 : Bugfixes bei amavis, Parameterchecks eingebaut, Parameter Komponenten und minimal hinzugefuegt #15.10.09 2.21 : Bugfixes bei Pfad in syscp, realtime-Änderungen auf Port 53141 eingebaut, clamav-logspam gefixt, Zeitzone kopieren #17.10.09 2.30 : diverse Bugfixes, u.a. Pfad & rrdtool #18.10.09 2.31 : dummer Fehler bei proftpd; Indexes und FollowSymLinks auch in /var/www ausschalten; xinetd vorgezogen #19.10.09 2.32 : Mails versenden gefixt (da gabs in der Configdatei keine auskommentieren sasl<->dovecot Zeilen mehr) #24.10.09 2.33 : Kleinere Sachen beim Mailversand gefixt #30.10.09 2.50 : SSL, mail: pruefen ob der Absender auch dem jeweiligen User gehört #05.11.09 2.51 : proftpd-Einstellung standalone in debconf speichern #17.02.10 2.60 : etckeeper, Konfigdatei in /etc kopieren, kleinere Bugfixes #12.08.10 2.61 : Vorbereitungen fuer Squeeze + froxlor #07.11.10 2.62 : aktuelle dovecot/sieve -unterstuetzung (Squeeze) #28.09.11 2.63 : innodbs mitsichern #Todo #ln -s /usr/bin/webalizer /usr/local/bin/webalizer #-squeeze: dovecot/sieve #-froxlor: wget, cron, xinetd, symlink #- #gpg --keyserver gpg-keyserver.de --recv-keys 4F9E9BBC #gpg --export 4F9E9BBC|apt-key add - #deb http://debian.froxlor.org lenny main #deb-src http://debian.froxlor.org lenny main #-pma: setup.php absichern #-http://packages.debian.org/squeeze/dovecot-common #- aptitude purge courier-imap courier-pop courier-base courier-authlib-userdb #- controlvz:/var/run# aptitude install dovecot-imapd dovecot-pop3d #- Aug 31 04:01:09 controlvz dovecot: deliver(postmaster@controlvz.de): sieve: failed to open script /var/lib/syscp/customers/mail/controlvz/postmaster@controlvz.de//.dovecot.sieve #(view logfile /var/lib/syscp/customers/mail/controlvz/postmaster@controlvz.de//.dovecot.sieve.log for more informatio #require ["fileinto","envelope","reject","vacation","imapflags","relational","comparator-i;ascii-numeric","regex","notify"]; -> #require ["fileinto","envelope","reject","vacation","imap4flags","relational","comparator-i;ascii-numeric","regex","body","date"] #- ln -s /usr/bin/webalizer /usr/local/bin/webalizer #- fgci: *local rausziehen #- install dialog, remove whiptail #Funktionen aufruf_chroot () { chmod +x c.sh chroot . /bin/sh c.sh >> install.log 2>&1 rm c.sh } aufruf_openvz () { chmod +x c.sh vzctl --quiet exec "$nummer" /c.sh >> install.log 2>&1 rm c.sh } aufruf () { if [ "$openvz" ]; then aufruf_openvz else aufruf_chroot fi } umgebung_teste_openvz () { if [ -z `which vzctl` ]; then echo "vzctl fehlt!"; exit 1; fi if [ ! -e /proc/vz ]; then echo "OpenVZ-Modul ist ncht geladen"; exit 1; fi } umgebung_teste_chroot () { #sonst kommen wegen locales Fehlermeldungen unset LANG #Sind die Ports frei? if [ ! $webmin ]; then webminport="" fi for i in 21 25 53 80 81 110 143 3306 10024 10025 53141 $sshport $webminport; do if [ "`netstat -l -n | grep ":$i" | grep LISTEN | grep tcp`" ]; then echo "Port "$i" ist belegt! (Gefunden: `netstat -p -l -n | grep ":$i" | grep LISTEN | grep tcp`)"; exit 1; fi done } umgebung_testen () { if [ -z `which debootstrap` ]; then echo "debootstrap fehlt!"; exit 1; fi if [ -z `which sed` ]; then echo "sed fehlt!"; exit 1; fi if [ -z `which wget` ]; then echo "wget fehlt!"; exit 1; fi if [ "$openvz" ]; then umgebung_teste_openvz else umgebung_teste_chroot fi } grundsystem () { #gibt es dieses Verzeichniss schon? if [ -e "$pfad/etc" ]; then echo "In $pfad scheint schon ein System zu sen!"; exit 1; fi #Grundsystem holen echo `date` "Installiere Grundsystem" mkdir "$pfad" >/dev/null 2>&1 if [ ! -e "$pfad" ]; then echo "Konnte Verzeichniss nicht anlegen!"; exit 1; fi #Konfiguration if [ $configfile ]; then if [ -e /tmp/config.$hostname ]; then echo "/tmp/config.$hostname gibt es schon!"; exit 1; fi cp $configfile /tmp/config.$hostname chmod 600 /tmp/config.$hostname fi cd "$pfad" rm c.sh > /dev/null 2>&1 rm install.log > /dev/null 2>&1 debootstrap "$distro" . "$mirror" > install.log 2>&1 #test if [ ! -e "$pfad/bin/sh" ]; then echo "Mirrorserver wahrscheinlich nicht erreichbar!"; exit 1; fi #zeitzone cp /etc/timezone etc cp /etc/localtime etc #konfiguration if [ $configfile ]; then cp /tmp/config.$hostname etc chmod 600 etc/config.$hostname rm /tmp/config.$hostname fi } booten_openvz () { echo `date` "In openVZ starten" cd "$pfad" if [ -z `lsmod | grep vzdev | wc -l` ]; then echo "Kein OpenVZ-Modul geladen!"; exit 1; fi ################sysctl -w net.ipv4.conf.eth11.proxy_arp=1 >> install.log 2>&1 echo 1 > /proc/sys/net/ipv4/ip_forward >> install.log 2>&1 cp "$templates"/openvz.conf /etc/vz/conf/"$nummer".conf # echo "IP_ADDRESS=\"$ip\"" >> /etc/vz/conf/"$nummer".conf #Die ttys muellen das Syslog zu if [ -e etc/event.d/tty1 ]; then mkdir etc/event.d.alt mv etc/event.d/tty* etc/event.d.alt fi if [ -e etc/inittab ]; then if [ ! -e etc/inittab.org ]; then cp etc/inittab etc/inittab.org fi sed -i -e '/getty/d' etc/inittab fi vzctl --quiet set "$nummer" --save --ipadd "$ip" >> install.log 2>&1 vzctl --quiet start "$nummer" >> install.log 2>&1 sleep 10 } booten_chroot () { echo `date` "In chroot starten" cd "$pfad" mount -t proc none proc mount -t devpts none dev/pts } booten () { if [ "$openvz" ]; then booten_openvz else booten_chroot fi } apti () { cd "$pfad" echo `date` "Richte Geraetedateien & Netzwerk ein, setze Passwort, installiere aptitude, hole weitere Mirrors und installiere etckeeper" echo '#!/bin/sh # ### BEGIN INIT INFO # Provides: devices_not # Default-Start: S 1 2 3 4 5 # Default-Stop: 0 6 # Required-Start: # Required-Stop: # Short-Description: Creates some device nodes # Description: Creates some device nodes ### END INIT INFO #Notfallmassname falls diese Dateien nicht angelegt wurden cd /dev; /sbin/MAKEDEV pty mknod /dev/zero c 1 5 mknod /dev/random c 1 8 mknod /dev/urandom c 1 9 chmod 666 /dev/zero chmod 666 /dev/null' > etc/init.d/devices chmod +x etc/init.d/devices echo "/etc/init.d/devices" >> c.sh echo "ln -s etc/init.d/devices etc/rcS.d/S50devices" >> c.sh #commiten aufruf echo "$hostname" > etc/hostname echo "$ip $hostname mail.$hostname srv.$hostname" >> etc/hosts echo "$hostname" > etc/mailname echo "hostname $hostname" >> c.sh echo "$rootpasswort" > passwort echo "$rootpasswort" >> passwort echo "cat passwort | passwd" >> c.sh echo rm passwort >> c.sh echo apt-get --force-yes -y --force-yes install aptitude >> c.sh #weitere Mirrors echo export DEBIAN_FRONTEND=noninteractive >> c.sh echo deb "$mirror"/ "$distro" "$komponenten" > etc/apt/sources.list echo deb "$mirror"/ubuntu-updates/ "$distro"-updates universe main multiverse restricted >> etc/apt/sources.list echo deb "$mirror"/ubuntu-security/ "$distro"-security universe main multiverse restricted >> etc/apt/sources.list echo deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free >> etc/apt/sources.list echo "APT::Get::AllowUnauthenticated \"true\";" >> etc/apt/apt.conf.d/99AllowUnauthenticated echo aptitude update >> c.sh echo aptitude -y install etckeeper >> c.sh echo etckeeper init >> c.sh echo etckeeper commit grundsystem >> c.sh echo aptitude clean >> c.sh #committen aufruf #test if [ ! -e usr/bin/aptitude ]; then echo "Im Gastsystem konnte kein aptitude installiert werden -> es hat wahrscheinlich kein Netzwerkzugriff! Eventuell http://wiki.openvz.org/Installation_on_Debian#sysctl vergessen?"; exit 1; fi } syscp () { cd "$pfad" echo `date` "Installiere syscp" #Key wget http://debian.syscp.org/pubkey >> install.log 2>&1 if [ ! -e pubkey ]; then # brauchts manchmal sleep 3 wget http://debian.syscp.org/pubkey >> install.log 2>&1 fi if [ ! -e pubkey ]; then echo "syscp-pubkey konnte nicht herunterladen werden!"; exit 1; fi #froxlor: key echo "gpg --keyserver gpg-keyserver.de --recv-keys 4F9E9BBC" >> c.sh echo "gpg --export 4F9E9BBC|apt-key add - " >> c.sh #froxlor: quelle ## echo "deb http://debian.froxlor.org/ squeeze main" >> etc/apt/sources.list.d/froxlor.list #Quelle echo deb http://debian.syscp.org/ lenny/ >> etc/apt/sources.list #debconf #var/cache/debconf/config.dat printf "Name: phpmyadmin/dbconfig-upgrade Template: dbconfig-common/dbconfig-upgrade Value: true Owners: phpmyadmin Flags: seen Variables: dbvendor = MySQL pkg = phpmyadmin Name: phpmyadmin/mysql/admin-user Template: dbconfig-common/mysql/admin-user Value: root Owners: phpmyadmin Flags: seen Variables: dbvendor = MySQL pkg = phpmyadmin Name: phpmyadmin/reconfigure-webserver Template: phpmyadmin/reconfigure-webserver Value: apache2 Owners: phpmyadmin Flags: seen Name: shared/proftpd/inetd_or_standalone Template: shared/proftpd/inetd_or_standalone Value: standalone Owners: proftpd-basic Flags: seen Name: syscp/admin-username Template: syscp/admin-username Value: admin Owners: syscp Flags: seen Name: syscp/customer-dir Template: syscp/customer-dir Value: /var/lib/syscp/customers Owners: syscp Flags: seen Name: syscp/dbconfig-install Template: dbconfig-common/dbconfig-install Value: false Owners: syscp Flags: seen Variables: dbvendor = MySQL pkg = syscp Name: syscp/mysql/admin-user Template: dbconfig-common/mysql/admin-user Value: root Owners: syscp Flags: seen Variables: dbvendor = MySQL pkg = syscp Name: syscp/reconfigure-webserver Template: syscp/reconfigure-webserver Value: apache2 Owners: syscp Flags: seen Name: syscp/no-config Template: syscp/no-config Value: Owners: syscp Flags: seen " >> var/cache/debconf/config.dat #var/cache/debconf/passwords.dat printf "Name: mysql-server/root_password Template: mysql-server/root_password Value: $mysqlrootpasswort Owners: mysql-server-5.0 Flags: seen Name: mysql-server/root_password_again Template: mysql-server/root_password_again Value: $mysqlrootpasswort Owners: mysql-server-5.0 Flags: seen Name: phpmyadmin/mysql/admin-pass Template: dbconfig-common/mysql/admin-pass Value: $mysqlrootpasswort Owners: phpmyadmin Flags: seen Variables: dbvendor = MySQL pkg = phpmyadmin Name: syscp/mysql/admin-pass Template: dbconfig-common/mysql/admin-pass Value: $mysqlrootpasswort Owners: syscp Flags: seen Variables: dbvendor = MySQL pkg = syscp " >> var/cache/debconf/passwords.dat #InnoDB-Dateien als einzelne Dateien speichern, erleichtert das sichern mkdir -p etc/mysql/conf.d printf "[mysqld] innodb_file_per_table = true innodb_buffer_pool_size = 32M " > etc/mysql/conf.d/innodb.cnf printf "[mysqld] table_cache = 512 table_definition_cache = 1024 open_files_limit = 2048 key_buffer = 64M read_buffer_size = 512K log_slow_queries = /var/log/mysql/mysql-slow.log long_query_time = 2 log-queries-not-using-indexes " > etc/mysql/conf.d/myisamdb.cnf #debian-syscp mkdir -p etc/syscp printf " " > etc/syscp/debian.php mkdir -p etc/dbconfig-common printf "dbc_install='false' dbc_upgrade='true' dbc_dbuser='syscp' dbc_dbpass='$mysqlsyscppasswort' dbc_dbadmin='root' " > etc/dbconfig-common/syscp #Installieren echo export DEBIAN_FRONTEND=noninteractive >> c.sh echo apt-key add pubkey >> c.sh echo "gpg --import pubkey && gpg --fingerprint" >> c.sh echo rm pubkey >> c.sh echo rm pubkey.1 >> c.sh echo etckeeper commit syscp_1 >> c.sh echo aptitude update >> c.sh echo aptitude -y install xinetd syscp dbconfig-common dovecot-imapd dovecot-pop3d bind9 postfix postfix-mysql libsasl2 libsasl2-modules libsasl2-modules-sql apache2 apache2-suexec-custom libnss-mysql nscd libapache2-mod-fcgid php5-cgi mysql-common mysql-server proftpd-mod-mysql wget >> c.sh echo mysqladmin -u root password "$mysqlrootpasswort">> c.sh echo aptitude clean >>c.sh #committen echo etckeeper commit syscp_2 >> c.sh aufruf #test if [ ! -e var/www/syscp/index.php ]; then echo "syscp-Installation schlug fehl! Eventuell http://wiki.openvz.org/Installation_on_Debian#sysctl vergessen?"; exit 1; fi #speichern des root-PWs offiziell machen if [ ! -e etc/dbconfig-common/config.org ]; then cp etc/dbconfig-common/config etc/dbconfig-common/config.org fi cp etc/dbconfig-common/config.org etc/dbconfig-common/config sed "s\dbc_remember_admin_pass='false'\dbc_remember_admin_pass='true'\g " etc/dbconfig-common/config.org > etc/dbconfig-common/config #committen echo etckeeper commit syscp_3 > c.sh aufruf } sonst () { cd "$pfad" echo `date` "Installiere weitere grundlegende Tools, Spamfilter etc." echo export DEBIAN_FRONTEND=noninteractive >> c.sh echo aptitude install -y bzip2 wget ncftp rrdtool openssh-server dnsutils nano mc man psmisc squirrelmail avelsieve phpmyadmin awstats php5-xcache php-pear clamav-daemon clamav-client amavisd-new spamassassin mailutils chkrootkit rkhunter unattended-upgrades subversion telnet-ssl bc dialog >> c.sh echo aptitude -y remove whiptail >> c.sh #committen echo etckeeper commit sonst >> c.sh aufruf #test if [ ! -e /usr/bin/mc ]; then echo "Installation weiterer Programme schlug fehl!"; exit 1; fi } webmin () { if [ "$webmin" ]; then echo `date` "Installiere webmin" echo deb http://download.webmin.com/download/repository sarge contrib >> etc/apt/sources.list wget http://www.webmin.com/jcameron-key.asc >> install.log 2>&1 echo "apt-key add jcameron-key.asc" >>c.sh echo "rm jcameron-key.asc" >>c.sh echo etckeeper commit webmin_1 >> c.sh echo "aptitude update" >>c.sh echo aptitude install -y webmin >> c.sh #committen aufruf if [ ! -e etc/webmin/miniserv.conf.org ]; then cp etc/webmin/miniserv.conf etc/webmin/miniserv.conf.org fi sed "s\port=10000\port=$webminport\g" etc/webmin/miniserv.conf.org > tmp/miniserv.conf sed "s\listen=10000\listen=$webminport\g" tmp/miniserv.conf > etc/webmin/miniserv.conf rm tmp/miniserv.conf echo /etc/init.d/webmin restart >> c.sh #committen echo etckeeper commit webmin_2 >> c.sh aufruf fi } einrichten_syscp () { cd "$pfad" echo -n "Syscp " #per wget syscp installieren und fcgi, Port 81 etc. einstellen if [ ! -e etc/apache2/ports.conf.org ]; then cp etc/apache2/ports.conf etc/apache2/ports.conf.org fi cp etc/apache2/ports.conf.org etc/apache2/ports.conf echo "echo >>/etc/apache2/ports.conf" >> c.sh echo "echo NameVirtualHost *:81 >>/etc/apache2/ports.conf" >> c.sh echo "echo Listen 81 >>/etc/apache2/ports.conf" >> c.sh echo "echo NameVirtualHost $ip:80 >>/etc/apache2/ports.conf" >> c.sh if [ ! -e etc/apache2/sites-available/default.org ]; then cp etc/apache2/sites-available/default etc/apache2/sites-available/default.org fi sed "s///g" etc/apache2/sites-available/default > etc/apache2/sites-available/default.neu sed "s/ Indexes/ -Indexes/g" etc/apache2/sites-available/default.neu > etc/apache2/sites-available/default sed "s/ FollowSymLinks/ SymlinksIfOwnerMatch/g" etc/apache2/sites-available/default > etc/apache2/sites-available/default.neu # ssl sed "s__SSLEngine on\nSSLCertificateKeyFile /root/ssl/server81-key-u.pem\nSSLCertificateFile /root/ssl/server81-cert.pem\n_g" etc/apache2/sites-available/default.neu > etc/apache2/sites-available/default #mv etc/apache2/sites-available/default.neu etc/apache2/sites-available/default rm etc/apache2/sites-available/default.neu echo a2enmod ssl >> c.sh #realtime-Updates if [ ! -e etc/services.org ]; then cp etc/services etc/services.org fi cp etc/services.org etc/services echo "syscp 53141/tcp # SysCP Cronscript" >> etc/services echo "service syscp { socket_type = stream protocol = tcp wait = no user = root server = /usr/bin/php5 bind = 127.0.0.1 server_args = -q /var/www/syscp/scripts/cron_tasks.php only_from = 127.0.0.1 }" > etc/xinetd.d/syscp echo /etc/init.d/xinetd restart >> c.sh #committen echo etckeeper commit einrichten_syscp_1 >> c.sh aufruf #defaultseite für unkonfigurierte Addressen und Ports printf " DocumentRoot /var/www/80/ " > etc/apache2/sites-available/999-absicherung echo "ln -s /etc/apache2/sites-available/999-absicherung /etc/apache2/sites-enabled/999-absicherung" >> c.sh mkdir var/www/80 echo "Default" > var/www/80/index.html echo /etc/init.d/apache2 restart >> c.sh echo wget --no-check-certificate --post-data \'"mysql_host=127.0.0.1&mysql_database=syscp&mysql_unpriv_user=syscp&mysql_unpriv_pass=$mysqlsyscppasswort&mysql_root_user=root&mysql_root_pass=$mysqlrootpasswort&admin_user=admin&admin_pass1=$syscppasswort&admin_pass2=$syscppasswort&servername=$hostname&serverip=$ip&webserver=apache2&httpuser=www-data&httpgroup=www-data&language=english&installstep=1&submitbutton=Next"\' https://127.0.0.1:81/syscp/install/install.php >> c.sh #MySQL Zeugs einstellen (eingeschränkter User, Sicherheit etc.) echo "SET PASSWORD FOR 'root'@'127.0.0.1' = PASSWORD( '$mysqlrootpasswort' ); SET PASSWORD FOR 'root'@'$hostname' = PASSWORD( '$mysqlrootpasswort' ); CREATE USER 'syscpe'@'127.0.0.1' IDENTIFIED BY '$mysqlsyscpepasswort'; GRANT USAGE ON * . * TO 'syscpe'@'127.0.0.1' IDENTIFIED BY '$mysqlsyscpepasswort' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ; GRANT SELECT ON syscp.ftp_groups TO 'syscpe'@'127.0.0.1'; GRANT SELECT , UPDATE ( login_count , last_login , up_count , up_bytes , down_count , down_bytes ) ON syscp.ftp_users TO 'syscpe'@'127.0.0.1'; GRANT SELECT ON syscp.mail_users TO 'syscpe'@'127.0.0.1'; GRANT SELECT ON syscp.mail_virtual TO 'syscpe'@'127.0.0.1'; GRANT SELECT ON syscp.panel_domains TO 'syscpe'@'127.0.0.1'; CREATE USER 'syscpe'@'localhost' IDENTIFIED BY '$mysqlsyscpepasswort'; GRANT USAGE ON * . * TO 'syscpe'@'localhost' IDENTIFIED BY '$mysqlsyscpepasswort' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ; GRANT SELECT ON syscp.ftp_groups TO 'syscpe'@'localhost'; GRANT SELECT , UPDATE ( login_count , last_login , up_count , up_bytes , down_count , down_bytes ) ON syscp.ftp_users TO 'syscpe'@'localhost'; GRANT SELECT ON syscp.mail_users TO 'syscpe'@'localhost'; GRANT SELECT ON syscp.mail_virtual TO 'syscpe'@'localhost'; GRANT SELECT ON syscp.panel_domains TO 'syscpe'@'localhost'; DELETE FROM mysql.db WHERE db.Host = '%' AND db.User = '' LIMIT 1; DROP USER ''@'%'; flush privileges; "> mysql.sql echo "mysql -uroot -p$mysqlrootpasswort < mysql.sql" >> c.sh echo "rm mysql.sql" >> c.sh #committen echo etckeeper commit einrichten_syscp_2 >> c.sh aufruf #test if [ ! -e install.php ]; then echo "syscp-Einrichtung schlug fehl!"; exit 1; fi rm install.php } einrichten_syscp2 () { cd "$pfad" echo -n "Syscp2 " #Als admin einloggen rm admin_index.* >/dev/null 2>&1 echo > cookie wget --trust-server-names --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "loginname=admin&password=$syscppasswort&language=profile&send=send&submit=Login" "https://$ip:81/syscp/index.php" >>install.log 2>&1 ls admin_index.* >session.tmp sed 's/admin_index.php?s=//g' session.tmp >session rm session.tmp session=`cat session` rm session #echo "$session" if [ -z $session ]; then echo "Einloggen als Admin fehlgeschlagen!"; exit 1; fi #Paneleinstellungen wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "s=$session&page=overview&part=panel&action=&send=send&panel_natsorting=1&panel_no_robots=0&panel_paging=100&panel_pathedit=Manual&panel_adminmail=$postmaster&panel_decimal_places=4&panel_phpmyadmin_url=https://$ip:81/phpmyadmin&panel_webmail_url=https://$ip:81/squirrelmail&panel_webftp_url=&part=panel" "https://$ip:81/syscp/admin_settings.php?s=$session&page=overview&part=panel" >/dev/null 2>&1 #Statistikeinstellungen #wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php"p --post-data "s=$session&page=overview&part=panel&action=&send=send&system_webalizer_quiet=2&system_awstats_enabled=1&part=statistic" "https://$ip:81/syscp/admin_settings.php?s=$session" >>install.log 2>&1 #hmm, /usr/bin/awstats_updateall.pl gibts bei mir nicht #wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "s=$session&page=overview&part=panel&action=&send=send&system_webalizer_quiet=2&system_awstats_enabled=1&system_awstats_domain_file=/etc/awstats/&system_awstats_model_file=/etc/awstats/awstats.model.conf.syscp&system_awstats_path=/usr/lib/cgi-bin&system_awstats_updateall_command=/usr/bin/awstats_updateall.pl&part=statistic" "https://$ip:81/syscp/admin_settings.php?s=$session" >>install.log 2>&1 #Pfad anpassen (mail) wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "s=$session&page=overview&part=mail&action=&send=send&system_vmail_uid=2000&system_vmail_gid=2000&system_vmail_homedir=/var/lib/syscp/customers/mail/&panel_sendalternativemail=0&system_mail_quota_enabled=0&system_mail_quota=2500&autoresponder_active=0&page=overview&part=mail" "https://$ip:81/syscp/admin_settings.php?s=$session" >>install.log 2>&1 #Pfad anpassen (webserver) wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "s=$session&page=overview&part=webserver&action=&send=send&panel_webserver_selected=apache2&system_apacheconf_vhost=/etc/apache2/sites-enabled/&system_apacheconf_diroptions=/etc/apache2/sites-enabled/&system_apacheconf_htpasswddir=/etc/apache2/syscp-htpasswd/&/etc/init.d/apache2 reload&system_modlogsql=0&system_logfiles_directory=/var/lib/syscp/customers/logs&system_phpappendopenbasedir=/tmp/&system_deactivateddocroot=&system_default_vhostconf=" "https://$ip:81/syscp/admin_settings.php?s=$session&page=overview&part=webserver" >>install.log 2>&1 #Pfad anpassen (system) wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "s=$session&page=overview&part=system&action=&send=send&system_documentroot_prefix=/var/lib/syscp/customers/webs/&system_ipaddress=$ip&system_defaultip=1&system_hostname=$hostname&system_mysql_access_host=127.0.0.1,localhost,$ip&system_realtime_port=53141&index_file_extension=html" "https://$ip:81/syscp/admin_settings.php?s=$session&page=overview&part=system" >>install.log 2>&1 #Sicherheit samt fcgi wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "s=$session&page=overview&part=security&action=&send=send&panel_unix_names=1&system_mailpwcleartext=0&system_modfcgid=1&system_mod_fcgid_configdir=/var/www/php-fcgi-scripts&system_mod_fcgid_tmpdir=/var/lib/syscp/customers/tmp&system_mod_fcgid_peardir=/usr/share/php/:/usr/share/php5/&system_mod_fcgid_wrapper=1&system_mod_fcgid_starter=0&system_mod_fcgid_maxrequests=250" "https://$ip:81/syscp/admin_settings.php?s=$session&page=overview&part=security" >>install.log 2>&1 #Klartextpasswoerter loeschen wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "s=$session&send=send&page=wipecleartextmailpws&submitbutton=yes" "https://$ip:81/syscp/admin_settings.php?page=wipecleartextmailpws&s=$session" >>install.log 2>&1 #SSL wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "s=$session&send=send&page=ipsandports&ip=188.40.170.101&port=443&listen_statement=0&namevirtualhost_statement=1&vhostcontainer=1&specialsettings=SSLCertificateKeyFile /root/ssl/server443-key-u.pem&vhostcontainer_servername_statement=1&ssl=1&ssl_cert_file=/root/ssl/server443-cert.pem" "https://$ip:81/syscp/admin_ipsandports.php?s=$session&page=ipsandports" >>install.log 2>&1 #Customer anlegen wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "s=$session&page=customers&action=add&send=send&loginname=$syscpacclogin&createstdsubdomain=1&customer_password=$syscpaccpasswort&sendpassword=1&def_password=Deutsch&name=$syscpaccname&firstname=$syscpaccvorname&email=$postmaster&diskspace=2000&traffic=10&subdomains=100&emails=100&email_accounts=100&email_forwarders=100&email_imap=1&email_pop3=1&ftps=100&tickets=100&mysqls=100&phpenabled=1" "https://$ip:81/syscp/admin_customers.php?s=$session" >>install.log 2>&1 #Domain wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "s=$session&page=domains&action=add&send=send&domain=$domain&customerid=1&adminid=1&alias=0&caneditdomain=1®istration_date=`date +%F`&documentroot=&ipandport=1&wwwserveralias=1&speciallogfile=0&openbasedir=1&safemode=1&phpsettingid=1&mod_fcgid_starter=&mod_fcgid_maxrequests=&isbinddomain=1&zonefile=&isemaildomain=1&email_only=0&subcanemaildomain=0" "https://$ip:81/syscp/admin_domains.php?s=$session" >>install.log 2>&1 #Als customer einloggen rm customer_index.* >/dev/null 2>&1 wget --trust-server-names --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "loginname=$syscpacclogin&password=$syscpaccpasswort&language=profile&send=send&submit=Login" "https://$ip:81/syscp/index.php" >>install.log 2>&1 ls customer_index.* >session.tmp sed 's/customer_index.php?s=//g' session.tmp >session_customer rm session.tmp session_customer=`cat session_customer` rm session_customer #echo "$session_customer" if [ -z $session_customer ]; then echo "Einloggen als Customer fehlgeschlagen! Eventuell konnte der Account nicht erstellt werden?"; exit 1; fi #Emailaddresse wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "s=$session_customer&page=emails&action=add&send=send&email_part=postmaster&domain=$domain&iscatchall=1" "https://$ip:81/syscp/customer_email.php?s=$session_customer" >>install.log 2>&1 #Emailaccount wget --no-check-certificate --keep-session-cookies --load-cookies cookie --save-cookies cookie --referer="https://$ip:81/syscp/index.php" --post-data "s=$session_customer&page=accounts&action=add&send=send&id=1&email_password=$syscpaccpasswort" "https://$ip:81/syscp/customer_email.php?s=$session_customer" >>install.log 2>&1 rm admin*php* rm customer*php* rm index*php* rm cookie #cron manuell ausfuehren echo "/usr/bin/php5 -q /var/www/syscp/scripts/cron_tasks.php" >> c.sh #committen echo etckeeper commit einrichten_syscp2 >> c.sh aufruf } einrichten_apache () { cd "$pfad" echo -n "Apache " mkdir -p var/lib/syscp/customers/webs/ mkdir -p var/lib/syscp/customers/logs/ mkdir -p var/lib/syscp/customers/tmp chmod 1777 var/lib/syscp/customers/tmp #xcache.ini if [ ! -e etc/php5/conf.d/xcache.ini.org ]; then cp etc/php5/conf.d/xcache.ini etc/php5/conf.d/xcache.ini.org fi sed "s/xcache.var_size = 0M/xcache.var_size = 4M/g" etc/php5/conf.d/xcache.ini.org > etc/php5/conf.d/xcache.ini #Zugriff auf versteckte Dateien verbieten und die Geschwaetzigkeit abstellen printf ' Order allow,deny Deny from all Order allow,deny Deny from all Order allow,deny Deny from all ServerTokens Minimal ServerSignature Off TraceEnable Off Options -Indexes -FollowSymLinks ' >> etc/apache2/conf.d/security2 #selbe in der default if [ ! -e etc/apache2/sites-available/default.apache.org ]; then cp etc/apache2/sites-available/default etc/apache2/sites-available/default.apache.org fi sed "s/ Indexes/ -Indexes/g" etc/apache2/sites-available/default.apache.org > etc/apache2/sites-available/default.tmp sed "s/+Indexes/-Indexes/g" etc/apache2/sites-available/default.tmp > etc/apache2/sites-available/default sed "s/FollowSymLinks/SymLinksIfOwnerMatch/g" etc/apache2/sites-available/default > etc/apache2/sites-available/default.tmp mv etc/apache2/sites-available/default.tmp etc/apache2/sites-available/default #Kompression echo a2enmod deflate >>c.sh printf ' #http://httpd.apache.org/docs/2.0/mod/mod_deflate.html AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript application/javascript ' > etc/apache2/conf.d/deflate #suhosin anpassen if [ ! -e etc/php5/conf.d/suhosin.ini.org ]; then cp etc/php5/conf.d/suhosin.ini etc/php5/conf.d/suhosin.ini.org fi printf ' ;Gibt sonst z.b. bei Drupal oder pma bei vielen (>200) Tabellen Probleme suhosin.post.max_array_depth = 1000 suhosin.post.max_array_index_length = 640 suhosin.post.max_name_length = 64 suhosin.post.max_totalname_length = 256 suhosin.post.max_value_length = 65000 suhosin.post.max_vars = 2000 suhosin.post.disallow_nul = on suhosin.request.max_array_depth = 1000 suhosin.request.max_array_index_length = 640 suhosin.request.max_totalname_length = 256 suhosin.request.max_value_length = 65000 suhosin.request.max_vars = 2000 suhosin.request.max_varname_length = 64 ;srandr wird manchmal als Hash missbraucht, auch ist sonst debuggen u.U. schwieriger suhosin.srand.ignore=false suhosin.mt_srand.ignore=false ' >> etc/php5/conf.d/suhosin.ini #userdir nervt echo a2dismod userdir >>c.sh echo /etc/init.d/apache2 restart >>c.sh #committen echo etckeeper commit einrichten_apache >> c.sh aufruf } einrichten_bind () { cd "$pfad" echo -n "Bind " if [ ! -e etc/bind/named.conf.org ]; then cp etc/bind/named.conf etc/bind/named.conf.org fi cp etc/bind/named.conf.org etc/bind/named.conf echo "include \"/etc/bind/syscp_bind.conf\";" >> etc/bind/named.conf touch etc/bind/syscp_bind.conf echo /etc/init.d/bind9 restart >> c.sh #committen echo etckeeper commit einrichten_bind >> c.sh aufruf } einrichten_awstats () { cd "$pfad" echo -n "Awstats " #awstats if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/awstats/etc_awstats_awstats.model.conf.syscp ]; then echo "syscp-awstats Quelle 1 existiert nicht!"; exit 1; fi cp var/www/syscp/templates/misc/configfiles/debian_etch/awstats/etc_awstats_awstats.model.conf.syscp etc/awstats/awstats.model.conf.syscp if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/awstats/etc_cron.d_awstats ]; then echo "syscp-awstats Quelle 2 existiert nicht!"; exit 1; fi cp var/www/syscp/templates/misc/configfiles/debian_etch/awstats/etc_cron.d_awstats etc/cron.d/awstats if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/awstats/etc_apache_vhosts_05_awstats.conf ]; then echo "syscp-awstats Quelle 3 existiert nicht!"; exit 1; fi cp var/www/syscp/templates/misc/configfiles/debian_etch/awstats/etc_apache_vhosts_05_awstats.conf etc/apache2/sites-enabled/05_awstats.conf echo /etc/init.d/apache2 restart >>c.sh #committen echo etckeeper commit einrichten_awstats >> c.sh aufruf } einrichten_system () { cd "$pfad" echo -n "System " #cron if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/cron/etc_cron.d_syscp ]; then echo "syscp-cron Quelle existiert nicht!"; exit 1; fi cp var/www/syscp/templates/misc/configfiles/debian_etch/cron/etc_cron.d_syscp etc/cron.d/syscp echo /etc/init.d/cron restart >>c.sh #unattended-updates printf "APT::Periodic::Update-Package-Lists \"1\"; APT::Periodic::Unattended-Upgrade \"1\"; APT::Periodic::AutocleanInterval \"60\"; Unattended-Upgrade::Mail \"$postmaster\";" > etc/apt/apt.conf.d/unattended-upgrades #subversion mkdir -p home/svn printf '#!/bin/sh ### BEGIN INIT INFO # Provides: svn # Required-Start: $remote_fs $syslog $network # Required-Stop: $remote_fs $syslog $network # Should-Start: $named $time # Should-Stop: $named $time # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start and stop the svn server daemon # Description: Controls the svn server daemon. ### END INIT INFO svnserve -d -T -r /home/svn ' > etc/init.d/svnserve chmod +x etc/init.d/svnserve echo ln -s /etc/init.d/svnserve /etc/rc2.d/S91svnserve >> c.sh echo ln -s /etc/init.d/svnserve /etc/rc3.d/S91svnserve >> c.sh echo ln -s /etc/init.d/svnserve /etc/rc4.d/S91svnserve >> c.sh echo ln -s /etc/init.d/svnserve /etc/rc5.d/S91svnserve >> c.sh echo etc/init.d/svnserve >> c.sh #logrotate if [ ! -e etc/logrotate.d/apache2 ]; then echo "logrotate Quelle existiert nicht!"; exit 1; fi sed "s\/var/log/apache2\/var/lib/syscp/customers/logs\g" etc/logrotate.d/apache2 > etc/logrotate.d/syscp #ssh if [ ! -e etc/ssh/sshd_config.org ]; then cp etc/ssh/sshd_config etc/ssh/sshd_config.org fi sed "s\Port 22\Port $sshport\g" etc/ssh/sshd_config.org > etc/ssh/sshd_config echo /etc/init.d/ssh restart >> c.sh #committen echo etckeeper commit einrichten_system >> c.sh aufruf } einrichten_rrdtool () { cd "$pfad" echo -n "rrdtool " #http://www.arbeitsplatzvernichtung-durch-outsourcing.de/marty44/rrdtool.html mkdir -p var/lib/rrd mkdir -p var/www/monitoring printf 'rrdtool \ create /var/lib/rrd/process.rrd --step 60 \ DS:processes:GAUGE:120:U:U \ RRA:AVERAGE:0.5:1:2160 \ RRA:AVERAGE:0.5:5:2016 \ RRA:AVERAGE:0.5:15:2880 \ RRA:AVERAGE:0.5:60:8760 \ RRA:MAX:0.5:1:2160 \ RRA:MAX:0.5:5:2016 \ RRA:MAX:0.5:15:2880 \ RRA:MAX:0.5:60:8760 ' >> c.sh printf 'rrdtool \ create /var/lib/rrd/loadavg.rrd --step 60 \ DS:load1:GAUGE:120:0:U \ DS:load5:GAUGE:120:0:U \ DS:load15:GAUGE:120:0:U \ RRA:AVERAGE:0.5:1:2160 \ RRA:AVERAGE:0.5:5:2016 \ RRA:AVERAGE:0.5:15:2880 \ RRA:AVERAGE:0.5:60:8760 ' >> c.sh printf 'rrdtool \ create /var/lib/rrd/memory.rrd --step 60 \ DS:fram:GAUGE:120:U:U \ DS:fcache:GAUGE:120:U:U \ DS:fbuffers:GAUGE:120:U:U \ DS:fswap:GAUGE:120:U:U \ RRA:AVERAGE:0.5:1:2160 \ RRA:AVERAGE:0.5:5:2016 \ RRA:AVERAGE:0.5:15:2880 \ RRA:AVERAGE:0.5:60:8760 ' >> c.sh printf 'rrdtool create /var/lib/rrd/disk.rrd --step 300 \ DS:disk:GAUGE:600:0:U \ RRA:AVERAGE:0.5:1:432 \ RRA:AVERAGE:0.5:1:2016 \ RRA:AVERAGE:0.5:3:2880 \ RRA:AVERAGE:0.5:12:8640 ' >> c.sh printf 'rrdtool create \ /var/lib/rrd/network.rrd --step 60 \ DS:r:COUNTER:120:0:U \ DS:t:COUNTER:120:0:U \ RRA:AVERAGE:0.5:1:2160 \ RRA:AVERAGE:0.5:5:2016 \ RRA:AVERAGE:0.5:15:2880 \ RRA:AVERAGE:0.5:60:8760 \ RRA:MAX:0.5:1:2160 \ RRA:MAX:0.5:5:2016 \ RRA:MAX:0.5:15:2880 \ RRA:MAX:0.5:60:8760 ' >> c.sh echo '#!/bin/sh sleep 3 # 36 Stunden - Prozesse nice -n 19 rrdtool graph /var/www/monitoring/proc36h.png \ --start -129600 -a PNG -t "Prozesse" --vertical-label "Prozesse" -w 600 -h 100 \ DEF:auswertung=/var/lib/rrd/process.rrd:processes:AVERAGE LINE1:auswertung#ff0000:"Anzahl Prozesse" \ VDEF:auswertung1=auswertung,AVERAGE \ GPRINT:auswertung1:"Durchschnitt Anzahl Prozesse\: %lg" \ DEF:maxaus=/var/lib/rrd/process.rrd:processes:MAX \ VDEF:maxaus1=maxaus,MAXIMUM \ GPRINT:maxaus1:"Hoechste Anzahl Prozesse\: %lg\j" \ > /dev/null # 7 Tage - Prozesse nice -n 19 rrdtool graph /var/www/monitoring/procwoc.png \ --start -604800 -a PNG -t "Prozesse" --vertical-label "Prozesse" -w 600 -h 100 \ DEF:auswertung=/var/lib/rrd/process.rrd:processes:AVERAGE LINE1:auswertung#ff0000:"Anzahl Prozesse" \ VDEF:auswertung1=auswertung,AVERAGE \ GPRINT:auswertung1:"Durchschnitt Anzahl Prozesse\: %lg" \ DEF:maxaus=/var/lib/rrd/process.rrd:processes:MAX \ VDEF:maxaus1=maxaus,MAXIMUM \ GPRINT:maxaus1:"Hoechste Anzahl Prozesse\: %lg\j" \ > /dev/null SWAPT=`grep SwapTotal: /proc/meminfo|tr -s [:blank:]|cut -f2 -d" "` MEMT=`grep MemTotal: /proc/meminfo|tr -s [:blank:]|cut -f2 -d" "` MEMTOTAL=$(expr $MEMT \* 1024) SWAPTOTAL=$(expr $SWAPT \* 1024) # 36 Stunden - RAM und Swap in einen nice -n 19 rrdtool graph /var/www/monitoring/ramswap.png \ -b 1024 --start -129600 -a PNG -t "RAM und SWAP" --vertical-label "Bytes" -w 700 -h 100 \ DEF:cache=/var/lib/rrd/memory.rrd:fcache:AVERAGE \ DEF:buffers=/var/lib/rrd/memory.rrd:fbuffers:AVERAGE \ DEF:fram=/var/lib/rrd/memory.rrd:fram:AVERAGE \ DEF:fswap=/var/lib/rrd/memory.rrd:fswap:AVERAGE \ CDEF:cache2=cache,buffers,+ \ CDEF:cacheb=cache2,1024,* \ CDEF:framb=fram,1024,* \ CDEF:fswapb=fswap,1024,* \ CDEF:bram=$MEMTOTAL,framb,- \ CDEF:bswap=$SWAPTOTAL,fswapb,- \ CDEF:brammb=bram,1048576,/ \ CDEF:cachemb=cacheb,1048576,/ \ CDEF:frammb=framb,1048576,/ \ CDEF:bswapmb=bswap,1048576,/ \ CDEF:fswapmb=fswapb,1048576,/ \ VDEF:brammb1=brammb,LAST \ VDEF:cachemb1=cachemb,LAST \ VDEF:frammb1=frammb,LAST \ VDEF:bswapmb1=bswapmb,LAST \ VDEF:fswapmb1=fswapmb,LAST \ AREA:bram#99ffff:"belegter RAM, letzter\: " GPRINT:brammb1:"%7.3lf MB " \ LINE1:cacheb#00ff00:"Cache, letzter\: " GPRINT:cachemb1:"%7.3lf MB " \ LINE1:framb#ff0000:"freier RAM, letzter\: " GPRINT:frammb1:"%7.3lf MB Grafik erzeugt am\n" \ LINE1:bswap#000000:"belegter SWAP, letzter\: " GPRINT:bswapmb1:"%7.3lf MB " \ LINE1:fswapb#006600:"freier SWAP, letzter\: " GPRINT:fswapmb1:"%7.3lf MB $(/bin/date "+%d.%m.%Y %H\:%M\:%S")" \ > /dev/null # 7 Tage - RAM und Swap in einen nice -n 19 rrdtool graph /var/www/monitoring/ramwoc.png \ -b 1024 --start -604800 -a PNG -t "RAM und SWAP" --vertical-label "Bytes" -w 700 -h 100 \ DEF:cache=/var/lib/rrd/memory.rrd:fcache:AVERAGE \ DEF:buffers=/var/lib/rrd/memory.rrd:fbuffers:AVERAGE \ DEF:fram=/var/lib/rrd/memory.rrd:fram:AVERAGE \ DEF:fswap=/var/lib/rrd/memory.rrd:fswap:AVERAGE \ CDEF:cache2=cache,buffers,+ \ CDEF:cacheb=cache,1024,* \ CDEF:framb=fram,1024,* \ CDEF:fswapb=fswap,1024,* \ CDEF:bram=$MEMTOTAL,framb,- \ CDEF:bswap=$SWAPTOTAL,fswapb,- \ AREA:bram#99ffff:"belegter RAM" \ LINE1:cacheb#00ff00:"Cache" \ LINE1:framb#ff0000:"freier RAM" \ LINE1:bswap#000000:"belegter SWAP" \ LINE1:fswapb#006600:"freier SWAP" \ > /dev/null # 36 Stunden - Load Average nice -n 19 rrdtool graph /var/www/monitoring/loadavg.png --start -129600 \ -a PNG -t "Load Average" --vertical-label "Average Load" -w 600 -h 100 -M \ DEF:load1=/var/lib/rrd/loadavg.rrd:load1:AVERAGE \ DEF:load5=/var/lib/rrd/loadavg.rrd:load5:AVERAGE \ DEF:load15=/var/lib/rrd/loadavg.rrd:load15:AVERAGE \ VDEF:load1l=load1,LAST \ VDEF:load5l=load5,LAST \ VDEF:load15l=load15,LAST \ AREA:load1#ff0000:"1 Minute, letzter\:" GPRINT:load1l:"%5.2lf\n" \ AREA:load5#ff9900:"5 Minuten, letzter\:" GPRINT:load5l:"%5.2lf Grafik erzeugt am\n" \ AREA:load15#ffff00:"15 Minuten, letzter\:" GPRINT:load15l:"%5.2lf $(/bin/date "+%d.%m.%Y %H\:%M\:%S")" \ LINE1:load5#ff9900:"" \ LINE1:load1#ff0000:"" \ > /dev/null # 7 Tage - Load Average nice -n 19 rrdtool graph /var/www/monitoring/loadwoc.png --start -604800 \ -a PNG -t "Load Average" --vertical-label "Average Load" -w 600 -h 100 \ DEF:load1=/var/lib/rrd/loadavg.rrd:load1:AVERAGE \ DEF:load5=/var/lib/rrd/loadavg.rrd:load5:AVERAGE \ DEF:load15=/var/lib/rrd/loadavg.rrd:load15:AVERAGE \ VDEF:load1l=load1,LAST \ VDEF:load5l=load5,LAST \ VDEF:load15l=load15,LAST \ AREA:load1#ff0000:"1 Minute, letzter\:" GPRINT:load1l:"%5.2lf\n" \ AREA:load5#ff9900:"5 Minuten, letzter\:" GPRINT:load5l:"%5.2lf Grafik erzeugt am\n" \ AREA:load15#ffff00:"15 Minuten, letzter\:" GPRINT:load15l:"%5.2lf $(/bin/date "+%d.%m.%Y %H\:%M\:%S")" \ LINE1:load5#ff9900:"" \ LINE1:load1#ff0000:"" \ > /dev/null # 36 Stunden - network nice -n 19 rrdtool graph /var/www/monitoring/net36h.png --start -129600 \ -a PNG -t "Network Interface" --vertical-label "Bytes/s" -w 600 -h 100 -M \ DEF:eth0r=/var/lib/rrd/network.rrd:r:AVERAGE \ DEF:eth0t=/var/lib/rrd/network.rrd:t:AVERAGE \ CDEF:eth0tn=eth0t,-1,* \ VDEF:eth0ra=eth0r,AVERAGE \ VDEF:eth0rm=eth0r,MAXIMUM \ VDEF:eth0rc=eth0r,LAST \ VDEF:eth0ta=eth0t,AVERAGE \ VDEF:eth0tm=eth0t,MAXIMUM \ VDEF:eth0tc=eth0t,LAST \ COMMENT:" Durchschnitt Maximum aktuell pro Sekunde\n" \ AREA:eth0r#00dd00:"Receive " \ GPRINT:eth0ra:"%12.3lf %sb" \ GPRINT:eth0rm:"%12.3lf %sb" \ GPRINT:eth0rc:"%12.3lf %sb\n" \ AREA:eth0tn#0000ff:"Transmit" \ GPRINT:eth0ta:"%12.3lf %sb" \ GPRINT:eth0tm:"%12.3lf %sb" \ GPRINT:eth0tc:"%12.3lf %sb" \ > /dev/null # 7 Tage - network nice -n 19 rrdtool graph /var/www/monitoring/netwoc.png --start -604800 \ -a PNG -t "Network Interface" --vertical-label "Bytes/s" -w 600 -h 100 -M \ DEF:eth0r=/var/lib/rrd/network.rrd:r:AVERAGE \ DEF:eth0t=/var/lib/rrd/network.rrd:t:AVERAGE \ CDEF:eth0tn=eth0t,-1,* \ VDEF:eth0ra=eth0r,AVERAGE \ VDEF:eth0rm=eth0r,MAXIMUM \ VDEF:eth0rc=eth0r,LAST \ VDEF:eth0ta=eth0t,AVERAGE \ VDEF:eth0tm=eth0t,MAXIMUM \ VDEF:eth0tc=eth0t,LAST \ COMMENT:" Durchschnitt Maximum aktuell pro Sekunde\n" \ AREA:eth0r#00dd00:"Receive " \ GPRINT:eth0ra:"%12.3lf %sb" \ GPRINT:eth0rm:"%12.3lf %sb" \ GPRINT:eth0rc:"%12.3lf %sb\n" \ AREA:eth0tn#0000ff:"Transmit" \ GPRINT:eth0ta:"%12.3lf %sb" \ GPRINT:eth0tm:"%12.3lf %sb" \ GPRINT:eth0tc:"%12.3lf %sb" \ > /dev/null # disk nice -n 19 rrdtool graph /var/www/monitoring/disk.png -b 1024 --start -129600 \ -t "Belegung disk" --vertical-label "Bytes belegt" -w 600 -h 100 \ DEF:disk=/var/lib/rrd/disk.rrd:disk:AVERAGE AREA:disk#00ff00:"belegter Platz" > /dev/null nice -n 19 rrdtool graph /var/www/monitoring/disk-7.png -b 1024 --start -604800 \ -t "Belegung disk" --vertical-label "Bytes belegt" -w 600 -h 100 \ DEF:disk=/var/lib/rrd/disk.rrd:disk:AVERAGE AREA:disk#00ff00:"belegter Platz" > /dev/null rm /var/www/monitoring/i.html cp /var/www/monitoring/i_vorlage.html /var/www/monitoring/i.html echo "
" >>/var/www/monitoring/i.html
df -h >> /var/www/monitoring/i.html
echo "
" >>/var/www/monitoring/i.html ' > var/lib/rrd/erzeugepng.sh chmod +x var/lib/rrd/erzeugepng.sh printf '#!/bin/sh sleep 2 #load LOAD=$(awk ""{print $1":"$2":"$3}"" < /proc/loadavg) rrdtool update /var/lib/rrd/loadavg.rrd N:$LOAD #prozesse PROZESSE=$(ps hax|wc -l) rrdtool update /var/lib/rrd/process.rrd N:$PROZESSE #speicher CACHE=`grep Cached: /proc/meminfo|tr -s [:blank:]|cut -f2 -d" "|head -n 1` BUFFER=`grep Buffers: /proc/meminfo|tr -s [:blank:]|cut -f2 -d" "` FRAM=`grep MemFree: /proc/meminfo|tr -s [:blank:]|cut -f2 -d" "` FSWAP=`grep SwapFree: /proc/meminfo|tr -s [:blank:]|cut -f2 -d" "` rrdtool update /var/lib/rrd/memory.rrd N:$FRAM:$CACHE:$BUFFER:$FSWAP #netzwerk AETH0=$(grep venet0 /proc/net/dev) AE0DOWN=$(echo $AETH0|tr \: \ |awk ""{print $2}"") AE0UP=$(echo $AETH0|tr \: \ |awk ""{print $10}"") rrdtool update /var/lib/rrd/network.rrd N:$AE0DOWN:$AE0UP #HDD Kdisk=`df|grep simfs|tr -s [:blank:]| cut -f3 -d" "` disk=$(expr $Kdisk \* 1024) rrdtool update /var/lib/rrd/disk.rrd N:$disk ' > tmp/update.sh sed "s!\"\"!'!" tmp/update.sh > tmp/update2.sh #gibts 2x in einer Zeile sed "s!\"\"!'!" tmp/update2.sh > tmp/update.sh sed "s!venet0!$eth0!" tmp/update.sh > tmp/update2.sh sed "s!simfs!$hdd!" tmp/update2.sh > var/lib/rrd/update.sh rm tmp/update.sh rm tmp/update2.sh chmod +x var/lib/rrd/update.sh printf '

Stats
















' > var/www/monitoring/i_vorlage.html printf "* * * * * root /var/lib/rrd/update.sh 18,48 * * * * root /var/lib/rrd/erzeugepng.sh " > etc/cron.d/rrdtool echo /etc/init.d/cron restart >>c.sh echo /var/lib/rrd/update.sh >> c.sh echo /var/lib/rrd/erzeugepng.sh >> c.sh #committen echo etckeeper commit einrichten_rrdtool >> c.sh aufruf } einrichten_postfix () { cd "$pfad" echo -n "Postfix " mkdir -p etc/postfix/sasl mkdir -p var/spool/postfix/etc/pam.d mkdir -p var/spool/postfix/var/run/mysqld mkdir -p var/lib/syscp/customers/mail/ touch etc/postfix/mysql-virtual_alias_maps.cf touch etc/postfix/mysql-virtual_mailbox_domains.cf touch etc/postfix/mysql-virtual_mailbox_maps.cf touch etc/postfix/sasl/smtpd.conf echo groupadd -g 2000 vmail >>c.sh echo useradd -u 2000 -g vmail vmail >>c.sh echo chown -R vmail:vmail /var/lib/syscp/customers/mail/ >>c.sh echo chmod 600 /etc/postfix/mysql-virtual_alias_maps.cf >>c.sh echo chmod 600 /etc/postfix/mysql-virtual_mailbox_domains.cf >>c.sh echo chmod 600 /etc/postfix/mysql-virtual_mailbox_maps.cf >>c.sh echo chmod 600 /etc/postfix/sasl/smtpd.conf >>c.sh echo chgrp postfix /etc/postfix/mysql-virtual_alias_maps.cf >>c.sh echo chgrp postfix /etc/postfix/mysql-virtual_mailbox_domains.cf >>c.sh echo chgrp postfix /etc/postfix/mysql-virtual_mailbox_maps.cf >>c.sh echo chgrp postfix /etc/postfix/sasl/smtpd.conf >>c.sh #main.cf if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/postfix/etc_postfix_main.cf ]; then echo "syscp-postfix Quelle main.cf existiert nicht!"; exit 1; fi if [ ! -e etc/postfix/main.cf.org ]; then mv etc/postfix/main.cf etc/postfix/main.cf.org fi cp etc/postfix/main.cf.org tmp/main.cf cat var/www/syscp/templates/misc/configfiles/debian_etch/postfix/etc_postfix_main.cf >> tmp/main.cf sed "s/mydomain = /mydomain = $hostname/g" tmp/main.cf > tmp/main2.cf sed "s/myhostname = /myhostname = mail.$hostname/g" tmp/main2.cf > tmp/main.cf # sed "s\#mailbox_command = /usr/libexec/dovecot/deliver\mailbox_command = /usr/lib/dovecot/deliver\g" tmp/main.cf > tmp/main2.cf # sed "s\#smtpd_sasl_type = dovecot\smtpd_sasl_type = dovecot\g" tmp/main2.cf > tmp/main.cf # sed "s\#smtpd_sasl_path = private/auth\smtpd_sasl_path = private/auth\g" tmp/main.cf > tmp/main2.cf # sed "s\#virtual_transport = dovecot\virtual_transport = dovecot\g" tmp/main2.cf > tmp/main.cf # sed "s\#dovecot_destination_recipient_limit = 1\dovecot_destination_recipient_limit = 1\g" tmp/main.cf > tmp/main2.cf sed "s\\/var/lib/syscp/customers/mail/\g" tmp/main2.cf > tmp/main.cf sed "s\\2000\g" tmp/main.cf > tmp/main2.cf sed "s\\2000\g" tmp/main2.cf > tmp/main.cf sed "s\\\$hostname\g" tmp/main.cf > tmp/main2.cf sed "s/reject_non_fqdn_recipient/reject_non_fqdn_recipient,\n\treject_rbl_client zen.spamhaus.org,\n\treject_rbl_client ix.dnsbl.manitu.net/g" tmp/main2.cf > tmp/main.cf sed "s/smtpd_sender_restrictions = permit_mynetworks,/smtpd_sender_restrictions = permit_mynetworks,\n\treject_sender_login_mismatch,/g" tmp/main.cf > tmp/main2.cf mv tmp/main2.cf etc/postfix/main.cf #manchmal scheints die Optionen nicht zu geben... echo " #zur Sicherheit, manchmal gibts die Optionen nicht #mailbox_command = /usr/lib/dovecot/deliver smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth virtual_transport = dovecot dovecot_destination_recipient_limit = 1 smtpd_sender_login_maps = mysql:/etc/postfix/mysql-virtual_sender_permissions.cf " >> etc/postfix/main.cf rm tmp/main.cf #master.cf if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/postfix/etc_postfix_master.cf ]; then echo "syscp-postfix Quelle master.cf existiert nicht!"; exit 1; fi if [ ! -e etc/postfix/master.cf.org ]; then cp etc/postfix/master.cf etc/postfix/master.cf.org fi cp etc/postfix/master.cf.org etc/postfix/master.cf cat var/www/syscp/templates/misc/configfiles/debian_etch/postfix/etc_postfix_master.cf >> etc/postfix/master.cf #mysql-virtual_alias_maps.cf if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/postfix/etc_postfix_mysql-virtual_alias_maps.cf ]; then echo "syscp-postfix Quelle mysql-virtual_alias_maps.cf existiert nicht!"; exit 1; fi cp var/www/syscp/templates/misc/configfiles/debian_etch/postfix/etc_postfix_mysql-virtual_alias_maps.cf tmp/maps.cf sed "s\\syscpe\g" tmp/maps.cf > tmp/maps2.cf sed "s\\\$mysqlsyscpepasswort\g" tmp/maps2.cf > tmp/maps.cf sed "s\\syscp\g" tmp/maps.cf > tmp/maps2.cf sed "s\\127.0.0.1\g" tmp/maps2.cf > tmp/maps.cf mv tmp/maps.cf etc/postfix/mysql-virtual_alias_maps.cf rm tmp/maps2.cf #mysql-virtual_mailbox_domains.cf if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/postfix/etc_postfix_mysql-virtual_mailbox_domains.cf ]; then echo "syscp-postfix Quelle mysql-virtual_alias_maps.cf existiert nicht!"; exit 1; fi cp var/www/syscp/templates/misc/configfiles/debian_etch/postfix/etc_postfix_mysql-virtual_mailbox_domains.cf tmp/maps.cf sed "s\\syscpe\g" tmp/maps.cf > tmp/maps2.cf sed "s\\\$mysqlsyscpepasswort\g" tmp/maps2.cf > tmp/maps.cf sed "s\\syscp\g" tmp/maps.cf > tmp/maps2.cf sed "s\\127.0.0.1\g" tmp/maps2.cf > tmp/maps.cf mv tmp/maps.cf etc/postfix/mysql-virtual_mailbox_domains.cf rm tmp/maps2.cf #mysql-virtual_mailbox_maps.cf if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/postfix/etc_postfix_mysql-virtual_mailbox_maps.cf ]; then echo "syscp-postfix Quelle mysql-virtual_mailbox_maps.cf existiert nicht!"; exit 1; fi cp var/www/syscp/templates/misc/configfiles/debian_etch/postfix/etc_postfix_mysql-virtual_mailbox_maps.cf tmp/maps.cf sed "s\\syscpe\g" tmp/maps.cf > tmp/maps2.cf sed "s\\\$mysqlsyscpepasswort\g" tmp/maps2.cf > tmp/maps.cf sed "s\\syscp\g" tmp/maps.cf > tmp/maps2.cf sed "s\\127.0.0.1\g" tmp/maps2.cf > tmp/maps.cf mv tmp/maps.cf etc/postfix/mysql-virtual_mailbox_maps.cf rm tmp/maps2.cf #mysql-virtual_sender_permissions.cf echo "user = syscpe password = $mysqlsyscpepasswort dbname = syscp query = select username from mail_users where email in (select mail_virtual.email_full from mail_virtual where mail_virtual.email = '%s'); hosts = 127.0.0.1 " > etc/postfix/mysql-virtual_sender_permissions.cf #etc_postfix_sasl_smtpd.conf if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/postfix/etc_postfix_sasl_smtpd.conf ]; then echo "syscp-postfix Quelle etc_postfix_sasl_smtpd.conf existiert nicht!"; exit 1; fi cp var/www/syscp/templates/misc/configfiles/debian_etch/postfix/etc_postfix_sasl_smtpd.conf tmp/datei.cf sed "s\\syscpe\g" tmp/datei.cf > tmp/datei2.cf sed "s\\\$mysqlsyscpepasswort\g" tmp/datei2.cf > tmp/datei.cf sed "s\\syscp\g" tmp/datei.cf > tmp/datei2.cf sed "s\\127.0.0.1\g" tmp/datei2.cf > tmp/datei.cf mv tmp/datei.cf etc/postfix/sasl/smtpd.conf rm tmp/datei2.cf #aliases echo "www-data: root" >> etc/aliases echo "root: $postmaster" >> etc/aliases echo /etc/init.d/postfix restart >>c.sh echo newaliases >>c.sh #committen echo etckeeper commit einrichten_postfix >> c.sh aufruf } einrichten_dovecot () { cd "$pfad" echo -n "Dovecot " #dovecot.conf if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/dovecot/etc_dovecot_dovecot.conf ]; then echo "syscp-dovecot Quelle etc_dovecot_dovecot.conf existiert nicht!"; exit 1; fi if [ ! -e etc/dovecot/dovecot.conf.org ]; then cp etc/dovecot/dovecot.conf etc/dovecot/dovecot.conf.org fi cp etc/dovecot/dovecot.conf.org etc/dovecot/dovecot.conf cp var/www/syscp/templates/misc/configfiles/debian_etch/dovecot/etc_dovecot_dovecot.conf tmp/datei.cf sed "s\\\$hostname\g" tmp/datei.cf > tmp/datei2.cf sed "s\\imaps pop3s managesieve\g" tmp/datei2.cf > tmp/datei.cf sed "s\\\$postmaster\g" tmp/datei.cf > tmp/datei2.cf grep -v "mail_plugins = quota" tmp/datei2.cf > tmp/datei.cf sed "s.pop3_uidl_format = UID%u-%v.pop3_uidl_format = UID%u-%v\n mail_plugins = quota.g" tmp/datei.cf > tmp/datei2.cf sed "s.auth_socket_path = /var/run/dovecot/auth-master.auth_socket_path = /var/run/dovecot/auth-master\n mail_plugins = quota sieve.g" tmp/datei2.cf > tmp/datei.cf sed "s.protocol imap {.protocol imap {\n mail_plugins = quota imap_quota.g" tmp/datei.cf > tmp/datei2.cf mv tmp/datei2.cf etc/dovecot/dovecot.conf rm tmp/datei.cf echo "plugin { quota = maildir sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } ## MANAGESIEVE specific settings ## protocol managesieve { listen = *:4190 # Login executable location. #login_executable = /usr/libexec/dovecot/managesieve-login # MANAGESIEVE executable location. See IMAP's mail_executable above for # examples how this could be changed. #mail_executable = /usr/libexec/dovecot/managesieve # Maximum MANAGESIEVE command line length in bytes. This setting is # directly borrowed from IMAP. But, since long command lines are very # unlikely with MANAGESIEVE, changing this will not be very useful. #managesieve_max_line_length = 65536 # Specifies the location of the symlink pointing to the active script in # the sieve storage directory. This must match the SIEVE setting used by # deliver (refer to http://wiki.dovecot.org/LDA/Sieve#location for more # info). Variable substitution with % is recognized. ## sieve=~/.dovecot.sieve # This specifies the path to the directory where the uploaded scripts must # be stored. In terms of '%' variable substitution it is identical to # dovecot's mail_location setting used by the mail protocol daemons. ## sieve_storage=~/sieve # If, for some inobvious reason, the sieve_storage remains unset, the # managesieve daemon uses the specification of the mail_location to find out # where to store the sieve files (see explaination in README.managesieve). # The example below, when uncommented, overrides any global mail_location # specification and stores all the scripts in '~/mail/sieve' if sieve_storage # is unset. However, you should always use the sieve_storage setting. # mail_location = mbox:~/mail # To fool managesieve clients that are focused on timesieved you can # specify the IMPLEMENTATION capability that the dovecot reports to clients # (default: dovecot). #managesieve_implementation_string = Cyrus timsieved v2.2.13 } " >> etc/dovecot/dovecot.conf #dovecot-sql.conf if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/dovecot/etc_dovecot_dovecot-sql.conf ]; then echo "syscp-dovecot Quelle etc_dovecot_dovecot-sql.conf existiert nicht!"; exit 1; fi cp var/www/syscp/templates/misc/configfiles/debian_etch/dovecot/etc_dovecot_dovecot-sql.conf tmp/datei.cf sed "s\\syscpe\g" tmp/datei.cf > tmp/datei2.cf sed "s\\\$mysqlsyscpepasswort\g" tmp/datei2.cf > tmp/datei.cf sed "s\\syscp\g" tmp/datei.cf > tmp/datei2.cf sed "s\\127.0.0.1\g" tmp/datei2.cf > tmp/datei.cf #sed "s\SELECT homedir AS home, concat('maildir:', maildir) AS mail\SELECT concat(homedir,maildir) AS home, concat('maildir:', homedir,maildir) AS mail\g" tmp/datei.cf > tmp/datei2.cf cat tmp/datei.cf | grep -v user_query | grep -v password_query >tmp/datei2.cf echo "user_query = SELECT CONCAT(homedir,maildir) AS home, concat('maildir:',homedir,maildir,'mail/' ) AS mail, uid, gid, concat('maildir:storage=', (quota*1024)) as quota FROM mail_users where username = '%u'; password_query = SELECT password_enc AS password, CONCAT(homedir,maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid, concat('maildir:',homedir,maildir,'mail/' ) AS userdb_mail, concat('maildir:storage=', (quota*1024)) as userdb_quota FROM mail_users WHERE username = '%u' " >>tmp/datei2.cf mv tmp/datei2.cf etc/dovecot/dovecot-sql.conf rm tmp/datei.cf chmod 600 etc/dovecot/dovecot-sql.conf echo /etc/init.d/dovecot stop >>c.sh echo killall dovecot >>c.sh echo sleep 1 >>c.sh echo /etc/init.d/dovecot start >>c.sh echo /etc/init.d/postfix restart >>c.sh #committen aufruf } einrichten_proftpd () { cd "$pfad" echo -n "Proftpd " #modules.conf if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/proftpd/etc_proftpd_modules.conf ]; then echo "syscp-proftpd Quelle etc_proftpd_modules.conf existiert nicht!"; exit 1; fi if [ ! -e etc/proftpd/modules.conf.org ]; then cp etc/proftpd/modules.conf etc/proftpd/modules.conf.org fi sed "s\#LoadModule mod_sql_mysql.c\LoadModule mod_sql_mysql.c\g" etc/proftpd/modules.conf.org > tmp/modules.conf sed "s\#LoadModule mod_sql.c\LoadModule mod_sql.c\g" tmp/modules.conf > etc/proftpd/modules.conf #proftpd.conf if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/proftpd/etc_proftpd_proftpd.conf ]; then echo "syscp-proftpd Quelle etc_proftpd_proftpd.conf existiert nicht!"; exit 1; fi if [ ! -e etc/proftpd/proftpd.conf.org ]; then cp etc/proftpd/proftpd.conf etc/proftpd/proftpd.conf.org fi sed "s\#Include /etc/proftpd/sql.conf\Include /etc/proftpd/sql-syscp.conf\g" etc/proftpd/proftpd.conf.org > etc/proftpd/proftpd.conf printf "DefaultRoot ~ RequireValidShell off AuthOrder mod_sql.c SQLAuthTypes Crypt SQLAuthenticate users* groups* SQLConnectInfo syscp@127.0.0.1 syscpe $mysqlsyscpepasswort SQLUserInfo ftp_users username password uid gid homedir shell SQLGroupInfo ftp_groups groupname gid members SQLUserWhereClause \"login_enabled = 'y'\" SQLLog PASS login SQLNamedQuery login UPDATE \"last_login=now(), login_count=login_count+1 WHERE username='%u'\" ftp_users SQLLog RETR download SQLNamedQuery download UPDATE \"down_count=down_count+1, down_bytes=down_bytes+%b WHERE username='%u'\" ftp_users SQLLog STOR upload SQLNamedQuery upload UPDATE \"up_count=up_count+1, up_bytes=up_bytes+%b WHERE username='%u'\" ftp_users " > etc/proftpd/sql-syscp.conf chmod 600 etc/proftpd/sql-syscp.conf echo /etc/init.d/proftpd restart >>c.sh #committen aufruf } einrichten_amavis () { cd "$pfad" echo -n "Amavis " #defaults/spamassassin if [ ! -e etc/default/spamassassin.org ]; then cp etc/default/spamassassin etc/default/spamassassin.org fi cp etc/default/spamassassin.org etc/default/spamassassin cp etc/default/spamassassin tmp/datei.cf sed "s\ENABLED=0\ENABLED=1\g" tmp/datei.cf >tmp/datei2.cf sed "s\CRON=0\CRON=1\g" tmp/datei2.cf >tmp/datei.cf mv tmp/datei.cf etc/default/spamassassin rm tmp/datei2.cf #/etc/amavis/conf.d/60-syscp printf "use strict; # # Place your configuration directives here. They will override those in # earlier files. # # See /usr/share/doc/amavisd-new/ for documentation and examples of # the directives you can use in this file # # Where to find SQL server(s) and database to support SQL lookups? # A list of triples: (dsn,user,passw). (dsn = data source name) # More than one entry may be specified for multiple (backup) SQL servers. # See 'man DBI', 'man DBD::mysql', 'man DBD::Pg', ... for details. # When chroot-ed, accessing SQL server over inet socket may be more convenient. # @lookup_sql_dsn = ( ['DBI:mysql:database=syscp;host=127.0.0.1;port=3306', 'syscpe', '$mysqlsyscpepasswort']); # ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'] ); # # ('mail' in the example is the database name, choose what you like) # With PostgreSQL the dsn (first element of the triple) may look like: # 'DBI:Pg:host=host1;dbname=mail' # The SQL select clause to fetch per-recipient policy settings. # The %%k will be replaced by a comma-separated list of query addresses # (e.g. full address, domain only, catchall). Use ORDER, if there # is a chance that multiple records will match - the first match wins. # If field names are not unique (e.g. 'id'), the later field overwrites the # earlier in a hash returned by lookup, which is why we use '*,users.id'. # \$sql_select_policy = 'SELECT \"Y\" as local FROM panel_domains where \"%%k\" like concat(\"%%@\",domain)'; \$sql_select_policy = 'SELECT \"Y\" as local FROM mail_virtual WHERE (email_full IN (%%k)) OR (email IN (%%k))'; \$sql_select_policy = 'SELECT \"Y\" as local FROM panel_domains WHERE CONCAT(\"@\",domain) IN (%%k)'; # \$sql_select_policy = 'SELECT *,users.id FROM users,policy'. # ' WHERE (users.policy_id=policy.id) AND (users.email IN (%%k))'. # ' ORDER BY users.priority DESC'; # # The SQL select clause to check sender in per-recipient whitelist/blacklist # The first SELECT argument '?' will be users.id from recipient SQL lookup, # the %%k will be sender addresses (e.g. full address, domain only, catchall). # \$sql_select_white_black_list = 'SELECT wb FROM wblist,mailaddr'. # ' WHERE (wblist.rid=?) AND (wblist.sid=mailaddr.id)'. # ' AND (mailaddr.email IN (%%k))'. # ' ORDER BY mailaddr.priority DESC'; \$sql_select_white_black_list = undef; # undef disables SQL white/blacklisting \$myhostname = 'mail.$hostname'; # # Default antivirus checking mode # Uncomment the two lines below to enable it back # @bypass_virus_checks_maps = ( \%%bypass_virus_checks, \@bypass_virus_checks_acl, \\\$bypass_virus_checks_re); # # Default SPAM checking mode # Uncomment the two lines below to enable it back # @bypass_spam_checks_maps = ( \%%bypass_spam_checks, \@bypass_spam_checks_acl, \\\$bypass_spam_checks_re); \$sa_spam_subject_tag = ''; \$sa_tag_level_deflt = -1000; # add spam info headers if at, or above that level \$sa_kill_level_deflt = 10; # triggers spam evasive actions \$final_spam_destiny = D_DISCARD; #------------ Do not modify anything below this line ------------- 1; # insure a defined return " >etc/amavis/conf.d/60-syscp chmod 600 etc/amavis/conf.d/60-syscp #/etc/postfix/main.cf printf "#Amavis content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings" >> etc/postfix/main.cf #/etc/postfix/master.cf printf "#amavis amavis unix - - - - 4 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks" >> etc/postfix/master.cf echo usermod -a -G amavis clamav >>c.sh echo /etc/init.d/clamav-daemon restart >>c.sh echo /etc/init.d/spamassassin restart >>c.sh echo /etc/init.d/amavis restart >>c.sh echo /etc/init.d/postfix restart >>c.sh #committen echo etckeeper commit einrichten_dovecot >> c.sh aufruf } einrichten_squirrelmail () { cd "$pfad" echo -n "Squirrelmail " if [ ! -e etc/squirrelmail/config.php.org ]; then cp etc/squirrelmail/config.php etc/squirrelmail/config.php.org fi sed "s!\$imap_server_type = 'other';!\$imap_server_type = 'dovecot';!g" etc/squirrelmail/config.php.org > tmp/datei.cf sed "s!'INBOX.Trash'!'Trash'!g" tmp/datei.cf > tmp/datei2.cf sed "s!'INBOX.Sent'!'Sent'!g" tmp/datei2.cf > tmp/datei.cf sed "s!'INBOX.Drafts'!'Drafts'!g" tmp/datei.cf > tmp/datei2.cf sed "s!\$default_sub_of_inbox = true;!\$default_sub_of_inbox = false;!g" tmp/datei2.cf > tmp/datei.cf sed "s!\$force_username_lowercase = false;!\$force_username_lowercase = true;!g" tmp/datei.cf > tmp/datei2.cf sed "s!\$allow_thread_sort = false;!\$allow_thread_sort = true;!g" tmp/datei2.cf > tmp/datei.cf sed "s!\$allow_server_sort = false;!\$allow_server_sort = true;!g" tmp/datei.cf > tmp/datei2.cf mv tmp/datei2.cf etc/squirrelmail/config.php printf "\$plugins[1] = 'calendar'; \$plugins[2] = 'delete_move_next'; \$plugins[3] = 'filters'; \$plugins[4] = 'mail_fetch'; \$plugins[5] = 'sent_subfolders'; \$plugins[6] = 'newmail';" >> etc/squirrelmail/config.php rm tmp/datei.cf echo >>c.sh #committen echo etckeeper commit einrichten_squirrelmail >> c.sh aufruf } einrichten_fcgi () { cd "$pfad" echo -n "fcgi " #nss-mysql-root.conf if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/libnss/etc_nss-mysql-root.conf ]; then echo "syscp-nss Quelle etc_nss-mysql-root.conf existiert nicht!"; exit 1; fi if [ ! -e etc/nss-mysql-root.conf.org ]; then cp etc/nss-mysql-root.conf etc/nss-mysql-root.conf.org fi cp var/www/syscp/templates/misc/configfiles/debian_etch/libnss/etc_nss-mysql-root.conf tmp/datei.cf sed "s\\syscpe\g" tmp/datei.cf > tmp/datei2.cf sed "s\\\$mysqlsyscpepasswort\g" tmp/datei2.cf > tmp/datei.cf sed "s\\syscp\g" tmp/datei.cf > tmp/datei2.cf sed "s\\127.0.0.1\g" tmp/datei2.cf > tmp/datei.cf mv tmp/datei.cf etc/nss-mysql-root.conf rm tmp/datei2.cf #nss-mysql.conf if [ ! -e var/www/syscp/templates/misc/configfiles/debian_etch/libnss/etc_nss-mysql.conf ]; then echo "syscp-nss Quelle etc_nss-mysql.conf existiert nicht!"; exit 1; fi if [ ! -e etc/nss-mysql.conf.org ]; then cp etc/nss-mysql.conf etc/nss-mysql.conf.org fi cp var/www/syscp/templates/misc/configfiles/debian_etch/libnss/etc_nss-mysql.conf tmp/datei.cf sed "s\\syscpe\g" tmp/datei.cf > tmp/datei2.cf sed "s\\\$mysqlsyscpepasswort\g" tmp/datei2.cf > tmp/datei.cf sed "s\\syscp\g" tmp/datei.cf > tmp/datei2.cf sed "s\\127.0.0.1\g" tmp/datei2.cf > tmp/datei.cf mv tmp/datei.cf etc/nss-mysql.conf rm tmp/datei2.cf #etc/nsswitch.conf if [ ! -e etc/nsswitch.conf.org ]; then cp etc/nsswitch.conf etc/nsswitch.conf.org fi cp etc/nsswitch.conf.org tmp/datei.cf sed "s\passwd: compat\passwd: compat mysql\g" tmp/datei.cf >tmp/datei2.cf sed "s\group: compat\group: compat mysql\g" tmp/datei2.cf >tmp/datei.cf sed "s\shadow: compat\shadow: compat mysql\g" tmp/datei.cf >tmp/datei2.cf mv tmp/datei2.cf etc/nsswitch.conf rm tmp/datei.cf chmod 600 etc/nss-mysql.conf etc/nss-mysql-root.conf #var/www/php-fcgi-scripts/syscplocal mkdir -p var/www/php-fcgi-scripts/syscplocal cp etc/php5/cgi/php.ini tmp/datei.cf sed 's\disable_functions =\disable_functions = exec,passthru,shell_exec,system,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate\g' tmp/datei.cf > tmp/datei2.cf sed 's\;open_basedir =\open_basedir =/var/lib/syscp/customers:/var/www/syscp:/etc/apache2/sites-enabled/:/usr/share/php/:/usr/share/php5/:/tmp/\g' tmp/datei2.cf > tmp/datei.cf sed 's\ddddddddddsafe_mode = Off\safe_mode = On\g' tmp/datei.cf > tmp/datei2.cf sed 's\allow_url_fopen = On\allow_url_fopen = Off\g' tmp/datei2.cf > tmp/datei.cf sed 's\magic_quotes_gpc = On\magic_quotes_gpc = Off\g' tmp/datei.cf > tmp/datei2.cf mv tmp/datei2.cf var/www/php-fcgi-scripts/syscplocal/php.ini rm tmp/datei.cf printf "#!/bin/sh PHPRC='/var/www/php-fcgi-scripts/syscplocal/' export PHPRC PHP_FCGI_CHILDREN=0 export PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS=0 export PHP_FCGI_MAX_REQUESTS exec /usr/bin/php-cgi -c '/var/www/php-fcgi-scripts/syscplocal/'" >> var/www/php-fcgi-scripts/syscplocal/php-fcgi-starter chown -R 9999:9999 var/www/php-fcgi-scripts/syscplocal chmod 755 var/www/php-fcgi-scripts/syscplocal chmod 644 var/www/php-fcgi-scripts/syscplocal/php.ini chmod 755 var/www/php-fcgi-scripts/syscplocal/php-fcgi-starter chattr +i var/www/php-fcgi-scripts/syscplocal/php-fcgi-starter #var/www/php-fcgi-scripts/phpmyadminlocal mkdir -p var/www/php-fcgi-scripts/phpmyadminlocal cp etc/php5/cgi/php.ini tmp/datei.cf sed 's\disable_functions =\disable_functions = exec,passthru,shell_exec,system,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate\g' tmp/datei.cf > tmp/datei2.cf sed 's\;open_basedir =\open_basedir =/var/www/phpmyadmin:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/:/usr/share/php5/:/tmp/\g' tmp/datei2.cf > tmp/datei.cf sed 's\ddddddddddddddsafe_mode = Off\safe_mode = On\g' tmp/datei.cf > tmp/datei2.cf sed 's\allow_url_fopen = On\allow_url_fopen = Off\g' tmp/datei2.cf > tmp/datei.cf sed 's\magic_quotes_gpc = On\magic_quotes_gpc = Off\g' tmp/datei.cf > tmp/datei2.cf mv tmp/datei2.cf var/www/php-fcgi-scripts/phpmyadminlocal/php.ini rm tmp/datei.cf printf "#!/bin/sh PHPRC='/var/www/php-fcgi-scripts/phpmyadminlocal/' export PHPRC PHP_FCGI_CHILDREN=0 export PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS=0 export PHP_FCGI_MAX_REQUESTS exec /usr/bin/php-cgi -c '/var/www/php-fcgi-scripts/phpmyadminlocal/'" >> var/www/php-fcgi-scripts/phpmyadminlocal/php-fcgi-starter chown -R 9999:9999 var/www/php-fcgi-scripts/phpmyadminlocal chmod 755 var/www/php-fcgi-scripts/phpmyadminlocal chmod 644 var/www/php-fcgi-scripts/phpmyadminlocal/php.ini chmod 755 var/www/php-fcgi-scripts/phpmyadminlocal/php-fcgi-starter chattr +i var/www/php-fcgi-scripts/phpmyadminlocal/php-fcgi-starter #var/www/php-fcgi-scripts/squirrelmaillocal mkdir -p var/www/php-fcgi-scripts/squirrelmaillocal cp etc/php5/cgi/php.ini tmp/datei.cf sed 's\disable_functions =\disable_functions = exec,passthru,shell_exec,system,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate\g' tmp/datei.cf > tmp/datei2.cf sed 's\;open_basedir =\open_basedir =/var/www/squirrelmail:/etc/mailname:/etc/hostname:/etc/squirrelmail/:/var/spool/squirrelmail/:/var/lib/squirrelmail/:/usr/share/php/:/usr/share/php5/:/tmp/\g' tmp/datei2.cf > tmp/datei.cf sed 's\ddddddddddddddddsafe_mode = Off\safe_mode = On\g' tmp/datei.cf > tmp/datei2.cf sed 's\allow_url_fopen = On\allow_url_fopen = Off\g' tmp/datei2.cf > tmp/datei.cf sed 's\magic_quotes_gpc = On\magic_quotes_gpc = Off\g' tmp/datei.cf > tmp/datei2.cf mv tmp/datei2.cf var/www/php-fcgi-scripts/squirrelmaillocal/php.ini rm tmp/datei.cf printf "#!/bin/sh PHPRC='/var/www/php-fcgi-scripts/squirrelmaillocal/' export PHPRC PHP_FCGI_CHILDREN=0 export PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS=0 export PHP_FCGI_MAX_REQUESTS exec /usr/bin/php-cgi -c '/var/www/php-fcgi-scripts/squirrelmaillocal/'" >> var/www/php-fcgi-scripts/squirrelmaillocal/php-fcgi-starter chown -R 9999:9999 var/www/php-fcgi-scripts/squirrelmaillocal chmod 755 var/www/php-fcgi-scripts/squirrelmaillocal chmod 644 var/www/php-fcgi-scripts/squirrelmaillocal/php.ini chmod 755 var/www/php-fcgi-scripts/squirrelmaillocal/php-fcgi-starter chattr +i var/www/php-fcgi-scripts/squirrelmaillocal/php-fcgi-starter #etc/apache2/sites-available/default if [ ! -e etc/apache2/sites-available/default.org2 ]; then cp etc/apache2/sites-available/default etc/apache2/sites-available/default.org2 fi sed "s!!!" etc/apache2/sites-available/default.org2 > etc/apache2/sites-available/default printf " Options +FollowSymLinks AllowOverride AuthConfig FileInfo Limit FCGIWrapper /var/www/php-fcgi-scripts/syscplocal/php-fcgi-starter .php AddHandler fcgid-script .php Options +FollowSymLinks -MultiViews +ExecCGI AllowOverride AuthConfig FileInfo Limit FCGIWrapper /var/www/php-fcgi-scripts/phpmyadminlocal/php-fcgi-starter .php AddHandler fcgid-script .php Options +FollowSymLinks -MultiViews +ExecCGI AllowOverride AuthConfig FileInfo Limit FCGIWrapper /var/www/php-fcgi-scripts/squirrelmaillocal/php-fcgi-starter .php AddHandler fcgid-script .php Options +FollowSymLinks -MultiViews +ExecCGI SuexecUserGroup syscplocal syscplocal " >> etc/apache2/sites-available/default #syscp-Besitzer anpassen chown -R 9999:9999 var/www/syscp #pma Hackfixen echo ln -s /usr/share/phpmyadmin /var/www/phpmyadmin >> c.sh cp usr/share/phpmyadmin/libraries/.htaccess usr/share/phpmyadmin/setup/.htaccess >/dev/null 2>&1 chown 9999:9999 etc/phpmyadmin/config-db.php >> install.log 2>&1 chown 9999:9999 var/lib/phpmyadmin/* >> install.log 2>&1 #nicht dass diese Datei irgendwie nochmal angelegt wird echo "" > etc/apache2/conf.d/phpmyadmin.conf chmod a-w etc/apache2/conf.d/phpmyadmin.conf chmod a-w var/lib/phpmyadmin/config.inc.php chmod a-w var/lib/phpmyadmin/blowfish_secret.inc.php #squirrelmail echo ln -s /usr/share/squirrelmail /var/www/squirrelmail >> c.sh chown -R 9999:9999 var/lib/squirrelmail >> install.log 2>&1 chown -R 9999:9999 var/spool/squirrelmail >> install.log 2>&1 echo /etc/init.d/nscd restart >>c.sh echo a2enmod suexec >> c.sh echo a2enmod fcgid >> c.sh echo a2dismod php5 >> c.sh echo groupadd -g 9999 syscplocal >> c.sh echo useradd -g 9999 -u 9999 -s /bin/false syscplocal >> c.sh echo passwd -l syscplocal >>c.sh echo /etc/init.d/apache2 restart >> c.sh #committen echo etckeeper commit einrichten_fcgi >> c.sh aufruf } einrichten_sicherung () { cd "$pfad" echo -n "Sicherungen " #allgemein printf 'echo $1>/tmp/run chmod +x /tmp/run nice /tmp/run rm /tmp/run' > usr/local/bin/sicherung-run.sh chmod +x usr/local/bin/sicherung-run.sh #mysql mkdir -p ftp-backup/mysql echo '#!/bin/sh quelldir=/var/lib/mysql/ datum=`date +%G-%m-%d_%k:%M` zieldir=/ftp-backup/mysql/$datum/ mkdir -p "$zieldir" cd "$quelldir" find -maxdepth 1 -mindepth 1 -type d -exec /usr/local/bin/sicherung-run.sh "tar -c {}| gzip -1 -c >\"$zieldir{}.tar.gz\"" \; /usr/local/bin/sicherung-run.sh "tar -c ib*| gzip -1 -c >\"${zieldir}_inno.tar.gz\"" cd "$zieldir"' > usr/local/bin/sicherung-mysql.sh if [ "$ftpserver" ]; then echo "ncftpput -m -u $ftplogin -p $ftppasswort $ftpserver \"$ftppfad/mysql/\$datum\" * " >> usr/local/bin/sicherung-mysql.sh fi chmod +x usr/local/bin/sicherung-mysql.sh #svn mkdir -p ftp-backup/svn echo '#!/bin/sh quelldir=/home/svn/ datum=`date +%G-%m-%d_%k:%M` zieldir=/ftp-backup/svn/$datum/ mkdir -p "$zieldir" cd "$quelldir" find -maxdepth 1 -mindepth 1 -type d -exec /usr/local/bin/sicherung-run.sh "tar -c {}| gzip -1 -c >\"$zieldir{}.tar.gz\"" \; cd "$zieldir"' > usr/local/bin/sicherung-svn.sh if [ "$ftpserver" ]; then echo "ncftpput -m -u $ftplogin -p $ftppasswort $ftpserver \"$ftppfad/mysql/\$datum\" * " >> usr/local/bin/sicherung-svn.sh fi chmod +x usr/local/bin/sicherung-svn.sh #webs mkdir -p ftp-backup/webs echo '#!/bin/sh quelldir=/var/lib/syscp/customers/webs/ datum=`date +%G-%m-%d_%k:%M` zieldir=/ftp-backup/webs/$datum/ mkdir -p "$zieldir" cd "$quelldir" find -maxdepth 1 -mindepth 1 -type d -exec /usr/local/bin/sicherung-run.sh "tar -c {}| gzip -1 -c >\"$zieldir{}.tar.gz\"" \; cd "$zieldir"' > usr/local/bin/sicherung-webs.sh if [ "$ftpserver" ]; then echo "ncftpput -m -u $ftplogin -p $ftppasswort $ftpserver \"$ftppfad/mysql/\$datum\" * " >> usr/local/bin/sicherung-webs.sh fi chmod +x usr/local/bin/sicherung-webs.sh #mails mkdir -p ftp-backup/mail echo '#!/bin/sh quelldir=/var/lib/syscp/customers/mail/ datum=`date +%G-%m-%d_%k:%M` zieldir=/ftp-backup/mail/$datum/ mkdir -p "$zieldir" cd "$quelldir" find -maxdepth 1 -mindepth 1 -type d -exec /usr/local/bin/sicherung-run.sh "tar -c {}| gzip -1 -c >\"$zieldir{}.tar.gz\"" \; cd "$zieldir"' > usr/local/bin/sicherung-mail.sh if [ "$ftpserver" ]; then echo "ncftpput -m -u $ftplogin -p $ftppasswort $ftpserver \"$ftppfad/mysql/\$datum\" * " >> usr/local/bin/sicherung-mail.sh fi chmod +x usr/local/bin/sicherung-mail.sh #cron printf "2 3,15 * * * root /usr/local/bin/sicherung-mysql.sh 25 1 * * 6 root /usr/local/bin/sicherung-svn.sh 25 1 * * 3 root /usr/local/bin/sicherung-mail.sh 47 4 * * 1 root /usr/local/bin/sicherung-webs.sh " > etc/cron.d/sicherung echo /etc/init.d/cron restart>>c.sh #committen echo etckeeper commit einrichten_sicherung >> c.sh aufruf } einrichten_pear () { cd "$pfad" echo -n "pear " echo pear channel-update pear.php.net >>c.sh echo pear install --alldeps DB_DataObject Mail >>c.sh #committen echo etckeeper commit einrichten_pear >> c.sh aufruf } einrichten_ssl () { cd "$pfad" echo -n "ssl " echo " rm -rf /root/ssl mkdir -p /root/ssl cd /root/ssl echo \"CA\" #neue ca erzeugen echo \"DE . . $hostname CA $domain $postmaster \" | openssl req -passout pass:$capasswort -new -newkey rsa:4096 -x509 -keyout ca_key.pem -out ca_cert.pem -days 3650 -set_serial 1 #bissle aufraeumen openssl x509 -in ca_cert.pem -out ca_cert.crt chmod 600 ca_key.pem #verzeichnisse anlegen mkdir demoCA touch demoCA/index.txt echo 01 > demoCA/serial echo \"Server81\" # Neues .csr File geniereren echo \"DE . . $hostname admin $domain $postmaster \" | openssl req -passout pass:$ssladminpasswort -new -newkey rsa:4096 -keyout server81-key.pem -out server81-req.pem -days 3640 #csr von ca signieren yes | openssl ca -passin pass:$capasswort -keyfile ca_key.pem -cert ca_cert.pem -policy policy_anything -outdir . -out server81-cert.pem -days 3640 -infiles server81-req.pem #entschluesseln openssl rsa -passin pass:$ssladminpasswort -in server81-key.pem > server81-key-u.pem chmod 600 server81-key-u.pem chmod 600 server81-key.pem echo \"Server443\" # Neues .csr File geniereren echo \"DE . . $hostname web $domain $postmaster \" | openssl req -passout pass:$sslwebpasswort -new -newkey rsa:4096 -keyout server443-key.pem -out server443-req.pem -days 3640 #csr von ca signieren yes | openssl ca -passin pass:$capasswort -keyfile ca_key.pem -cert ca_cert.pem -policy policy_anything -outdir . -out server443-cert.pem -days 3640 -infiles server443-req.pem #entschluesseln openssl rsa -passin pass:$sslwebpasswort -in server443-key.pem > server443-key-u.pem chmod 600 server443-key-u.pem chmod 600 server443-key.pem exit nice openssl dhparam -out dh4096.pem 4096 & " >>c.sh #committen echo etckeeper commit einrichten_pear >> c.sh aufruf } einrichten_template () { cd "$pfad" echo -n " " echo >>c.sh #committen echo etckeeper commit einrichten_template >> c.sh aufruf } einrichten () { echo -n `date` "Einrichten " einrichten_ssl einrichten_fcgi einrichten_syscp einrichten_apache einrichten_pear einrichten_bind einrichten_postfix einrichten_dovecot einrichten_amavis einrichten_proftpd einrichten_awstats einrichten_squirrelmail einrichten_syscp2 einrichten_rrdtool einrichten_system einrichten_sicherung echo } einrichten_minimal () { cd "$pfad" echo `date` "Einrichten_minimal" echo aptitude -y install ssh ssh-server >> c.sh #committen aufruf } aufraeumen () { cd "$pfad" echo `date` "Aufraeumen" echo export DEBIAN_FRONTEND=noninteractive >> c.sh echo aptitude clean >> c.sh echo freshclam >> c.sh #committen echo etckeeper commit aufraeumen >> c.sh aufruf } parameter_test () { if [ ! `echo $ip | grep "\."` ]; then echo "IP $ip unkorrekt!"; exit 1; fi if [ ! `echo $hostname | grep "\."` ]; then echo "Host $hostname unkorrekt!"; exit 1; fi if [ ! `echo $domain | grep "\."` ]; then echo "Domain $domain unkorrekt!"; exit 1; fi if [ ! `echo $postmaster | grep "\." | grep "@"` ]; then echo "Postmaster $postmaster unkorrekt!"; exit 1; fi } #Einstellungen #allgemein #leer=chroot, ansonsten openvz #minimalsystem? minimal="" openvz="" nummer="1001" pfad="/vz/private/chroot" mirror="http://de.archive.ubuntu.com/ubuntu" distro="jaunty" komponenten="main universe restricted" #ubuntu #komponenten="main contrib non-free" #debian ip="192.168.0.201" hostname="test" domain="mifritscher2.de" postmaster="postmaster@$domain" templates="/vz" sshport="22" #leer=nicht installieren, ansonsten wird es installiert webmin="" webminport="10000" #fuer die Statistiken eth0="venet0" hdd="simfs" #Passwoerter rootpasswort="rootpass" mysqlrootpasswort="mysqlpasswo" mysqlsyscppasswort="mysqlsyscpasswo" mysqlsyscpepasswort="mysqlsyscpeassw" mysqlpmapasswort="mysqlpmapasswo" syscppasswort="syscppasswo" capasswort="capasswose" ssladminpasswort="sslapassosf" sslwebpasswort="sslwpasskdke" #der Customer syscpacclogin="Mustermann" syscpaccpasswort="web0passwo" syscpaccname="Mustermann" syscpaccvorname="Max" #ftp-Daten für Sicherungen, falls nicht angegeben wird nur lokal gesichert ftpserver="192.168.3.2" ftplogin="ftpuser" ftppasswort="ftppass" ftppfad="" #muss wenn nicht leer mit / beginnen #Einstellungen per Datei PATH_SIC=$PATH export PATH=$PATH_SIC:. configfile="" if [ "$1" ]; then if [ ! -e "$1" ]; then echo "Konfigdatei gibt es nicht"; exit 1 fi . $1 configfile="$1" fi export PATH=$PATH_SIC #Main^^ echo -n `date` "Installiere $distro von $mirror in $pfad mit der IP $ip" if [ "$openvz" ]; then echo -n " (mittels openVZ)" else echo -n " (mittels chroot)" fi if [ "$minimal" ]; then echo -n " (minimal)" else echo -n " (vollstaendig)" fi echo echo umgebung_testen if [ ! $minimal ]; then parameter_test fi grundsystem booten cd "$pfad" apti if [ ! $minimal ]; then syscp sonst webmin einrichten else einrichten_minimal fi aufraeumen echo `date` "Fertig" exit 0