#!/bin/bash source /root/.bashrc if [ ! -d /home/temp ]; then mkdir /home/temp fi function get_data() { echo -n "What is this server's host name? " read HOSTNAME echo -n "Main IP Address? " read MAINIP echo -n "Netmask? " read NETMASK echo -n "Gateway? " read GATEWAY echo -n "Root Password? " read ROOTPW echo -n "Does this server need Initadmin? " read INITADMIN echo -n "Does this server need Fantastico? " read FANTASTICO echo -n "Contact e-mail address? " read CONTACTEMAIL echo -n "Configure backups? " read BACKUPS } function set_passwd() { echo $ROOTPW | passwd --stdin root } function install_fantastico() { cd /usr/local/cpanel/whostmgr/docroot/cgi wget http://layer3.example.com/fantastico-files/fantastico_whm_admin.tgz tar xzpf fantastico_whm_admin.tgz rm -fv fantastico_whm_admin.tgz # Xcontroller cd /usr/local/cpanel/base/frontend rm -rf xcontroller rm -f xcontroller.tgz wget http://layer3.example.com/fantastico-files/xcontroller.tgz tar xzpf xcontroller.tgz chown -R root.root xcontroller/ rm -f xcontroller.tgz /usr/local/cpanel/bin/cachelangfiles cd /usr/local/cpanel/lang touch catalan french indonesian polish romanian spanish german italian portugues russian turkish } function install_zend() { /scripts/installzendopt } function configure_backups() { cat << EOF > /etc/cpbackup.conf BACKUPACCTS yes BACKUPDAYS 0,1,2,3,4,5,6 BACKUPDIR /backup BACKUPENABLE yes BACKUPENABLE-0 yes BACKUPFILES no BACKUPFTPPASSIVE no BACKUPINC no BACKUPINT Daily BACKUPLOGS no BACKUPMOUNT no BACKUPRETDAILY 1 BACKUPRETMONTHLY 1 BACKUPRETWEEKLY 1 BACKUPTYPE normal DIEIFNOTMOUNTED no MYSQLBACKUP both submit Save BACKUPCHECK yes BACKUP2 yes EOF } function config_network() { echo "Applying network config..." cat << EOF > /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=static IPADDR=$MAINIP NETMASK=$NETMASK GATEWAY=$GATEWAY ONBOOT=yes TYPE=Ethernet EOF cat << EOF > /etc/sysconfig/network NETWORKING=yes HOSTNAME=$HOSTNAME EOF hostname $HOSTNAME ifdown eth0 ifup eth0 OCTET1=`echo $MAINIP | cut -d "." -f 1` OCTET2=`echo $MAINIP | cut -d "." -f 2` OCTET3=`echo $MAINIP | cut -d "." -f 3` OCTET4=`echo $MAINIP | cut -d "." -f 4` cat << EOF > /etc/ips $OCTET1.$OCTET2.$OCTET3.`echo $OCTET4+1 | bc`:$NETMASK:$OCTET1.$OCTET2.$OCTET3.255 $OCTET1.$OCTET2.$OCTET3.`echo $OCTET4+2 | bc`:$NETMASK:$OCTET1.$OCTET2.$OCTET3.255 $OCTET1.$OCTET2.$OCTET3.`echo $OCTET4+3 | bc`:$NETMASK:$OCTET1.$OCTET2.$OCTET3.255 EOF # Rebuild the IP pool now /etc/init.d/ipaliases restart } function disable_recursion() { cp /etc/named.conf /etc/named.conf.bak cat << EOF > /etc/named.conf key "rndc-key" { algorithm hmac-md5; secret ""; }; controls { inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; }; }; zone "." { type hint; file "/var/named/named.ca"; }; acl "trusted" { 127.0.0.1; 209.59.139.14; 69.16.234.126; 69.16.234.125; 69.16.234.124; 69.16.234.123; 69.16.234.122; }; options { allow-recursion { trusted; }; }; EOF /scripts/fixndc } function fix_hosts() { shortname=`echo ${HOSTNAME} | cut -d "." -f 1` cat << EOF > /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 ${shortname} ${HOSTNAME} localhost.localdomain localhost ${MAINIP} ${shortname} ${HOSTNAME} EOF /scripts/park ${MAINIP} ${HOSTNAME} } # Get root password and network settings get_data set_passwd config_network if [ $? != 0 ]; then echo Error configuring network! exit 1 fi # Install lpskel chmod 700 /home/temp cd /home/temp rm -f getpubkeys.sh rm -f install-yum.sh rm -f install-lpskel-yumconf.sh wget http://layer3.example.com/getpubkeys.sh wget http://layer3.example.com/install-yum.sh wget http://layer3.example.com/install-lpskel-yumconf.sh chmod +x getpubkeys.sh install-yum.sh install-lpskel-yumconf.sh mkdir /root/.gnupg gpg --list-keys ./getpubkeys.sh ./install-yum.sh ./install-lpskel-yumconf.sh rm -f getpubkeys.sh rm -f install-yum.sh rm -f install-lpskel-yumconf.sh echo -e "6\t1\t*\t*\t*\t /usr/bin/yum -c /usr/local/lp/configs/yum/yum.conf -y update" >> /var/spool/cron/root # Update Cpanel and perl modules first echo "Updating Cpanel and Perl..." /scripts/upcp /usr/local/cpanel/bin/checkperlmodules perl -MCPAN -e 'install DB_File' # Enable TCP Syncookies echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf echo 1 > /proc/sys/net/ipv4/tcp_syncookies # Change WHM Settings cat << EOF > /etc/wwwacct.conf ADDR $MAINIP CONTACTEMAIL $CONTACTEMAIL CONTACTPAGER $CONTACTEMAIL DEFMOD x ETHDEV eth0 FTPTYPE pureftpd HOMEDIR /home HOMEMATCH home HOST $HOSTNAME LOGSTYLE combined NS ns1.`echo $HOSTNAME | cut -d "." -f 2-3` NS2 ns2.`echo $HOSTNAME | cut -d "." -f 2-3` SCRIPTALIAS y EOF # Tweak Cpanel Settings echo -e "#config ---------------------------------------=\nRS=cpanelnew\nVALIASDIR=/etc/valiases\nVFILTERDIR=/etc/vfilters\naccess_log=/usr/local/cpanel/logs/access_log\nadminuser=cpanel\nallowcpsslinstall=0\nallowparkonothers=0\nallowperlupdates=0\nallowremotedomains=0\nallowunregistereddomains=1\nalwaysredirecttossl=1\nawstatsbrowserupdate=0\nawstatsreversedns=0\nbasename=cpanel\nblockcommondomains=0\ncpredirecthostname=0\ncycle=1\ndefaultmailaction=localuser\ndisablequotacache=0\ndiscardformmailbccsubject=0\ndnslookuponconnect=1\ndocroot=/usr/local/cpanel/base\ndumplogs=0\nemailusersbandwidthexceed=0\nengine=cpanel\nenginepl=cpanel.pl\nengineroot=/usr/local/cpanel\nerrorstostdout=0\nexim-retrytime=60\neximmailtrap=0\nextracpus=0\nftppasslogs=0\nignoredepreciated=0\ninterchangever=disable\njaildefaultshell=0\nkeepftplogs=0\nkeeplogs=0\nkeepstatslog=0\nloadthreshold=\nlogchmod=\nmaxemailsperhour=0\nmyname=cpaneld\nmysql-version=4.1\nmysqldebug=0\nnobodyspam=0\nnouserbackupwarn=0\nnumacctlist=\nphploader=sourceguardian\npopbeforesmtpsenders=0\npopchecktimes=0\npopfloodcheck=0\nport=2082\nproduct=cPanel\nresetpass=0\nroot=/usr/local/cpanel\nshowwhmbwusageinmegs=0\nskipanalog=1\nskipawstats=0\nskipboxcheck=0\nskipbwlimitcheck=0\nskipdiskcheck=0\nskipeximstats=0\nskipformmail=0\nskiphorde=0\nskiphttpauth=0\nskipmailman=0\nskipneomail=0\nskipspamassassin=0\nskipsqmail=0\nskipwebalizer=0\nskipwhoisns=0\nstats_log=/usr/local/cpanel/logs/stats_log\nstatsloglevel=1\nurchinsetpath=\nusemailformailmanurl=0\nusemysqloldpass=0\nversion=8.0\nnativessl=1\nmaildir=1\nmaxmem=192\n" > /var/cpanel/cpanel.config # Move domlogs mv /usr/local/apache/domlogs /home/domlogs ln -s /home/domlogs /usr/local/apache/domlogs # Add rdate to crontab echo -e "00\t00,06,12,18\t*\t*\t*\trdate -s time.example.com > /dev/null 2>&1" >> /var/spool/cron/root # Update chksrvd settings echo -e "antirelayd:1\ncpsrvd:1\nentropychat:0\nexim:1\neximstats:0\nftpd:1\nhttpd:1\nimap:1\ninterchange:0\nmysql:1\nnamed:1\npop:1\nspamd:1" > /etc/chkserv.d/chkservd.conf /etc/init.d/chkservd restart if [ $INITADMIN == "y" ] || [ $INITADMIN == "yes" ]; then # Install firewall and security scripts - Initadmin perl -i -p -e 's/\#Protocol\ 2\,1/Protocol\ 2/g' /etc/ssh/sshd_config /usr/bin/yum -c /usr/local/lp/configs/yum/yum.conf -y install lp-security-scripts iftop iptraf lp-apf lp-bfd /usr/bin/yum -c /usr/local/lp/configs/yum/yum.conf -y install perl-Digest-SHA1 lp-rkhunter lp-chkrootkit /usr/bin/yum -c /usr/local/lp/configs/yum/yum.conf -y install netpbm netpbm-devel netpbm-progs echo "delay=1" >> /root/.mytop /usr/bin/yum -c /usr/local/lp/configs/yum/yum.conf -y install cpperl-DBD-MySQL lp-mytop # Install clamAV and RBLs /usr/bin/yum -c /usr/local/lp/configs/yum/yum.conf -y install clamd clamav clamav-db echo "clamd:1" >> /etc/chkserv.d/chkservd.conf /etc/init.d/chkservd restart # Enable mod_security curl "http://root:$ROOTPW@localhost:2086/scripts2/saveuthemes?themetype=modules&modsecurity=1.9.1-2.2" > /dev/null yum -y -c /usr/local/lp/configs/yum/yum.conf install lp-modsec-rules # Zend Installer install_zend fi if [ $FANTASTICO == "y" ] || [ $FANTASTICO == "yes" ]; then install_fantastico fi mkdir -p /root/.cpan/CPAN cat << EOF > /root/.cpan/CPAN/MyConfig.pm # This is CPAN.pm's systemwide configuration file. This file provides # defaults for users, and the values can be changed in a per-user # configuration file. The user-config file is being looked for as # ~/.cpan/CPAN/MyConfig.pm. $CPAN::Config = { 'build_cache' => q[10], 'build_dir' => q[/root/.cpan/build], 'cache_metadata' => q[1], 'cpan_home' => q[/root/.cpan], 'dontload_hash' => { }, 'ftp' => q[/usr/bin/ftp], 'ftp_proxy' => q[], 'getcwd' => q[cwd], 'gpg' => q[/usr/bin/gpg], 'gzip' => q[/bin/gzip], 'histfile' => q[/root/.cpan/histfile], 'histsize' => q[100], 'http_proxy' => q[], 'inactivity_timeout' => q[0], 'index_expire' => q[1], 'inhibit_startup_message' => q[0], 'keep_source_where' => q[/root/.cpan/sources], 'links' => q[], 'make' => q[/usr/bin/make], 'make_arg' => q[], 'make_install_arg' => q[], 'makepl_arg' => q[], 'ncftp' => q[], 'ncftpget' => q[], 'no_proxy' => q[], 'pager' => q[/usr/bin/less], 'prerequisites_policy' => q[follow], 'scan_cache' => q[atstart], 'shell' => q[/bin/bash], 'tar' => q[/bin/tar], 'term_is_latin' => q[1], 'unzip' => q[/usr/bin/unzip], 'urllist' => [q[ftp://cpan.cse.msu.edu/], q[ftp://cpan.calvin.edu/pub/CPAN], q[ftp://cpan-sj.viaverio.com/pub/CPAN/], q[ftp://cpan-du.viaverio.com/pub/CPAN/], q[ftp://carroll.cac.psu.edu/pub/CPAN/], q[ftp://archive.progeny.com/CPAN/]], 'wget' => q[/usr/bin/wget], 'autocommit' => q[yes], }; 1; __END__ EOF touch /root/.my.cnf # Fix Logrotate bugs cat << EOF > /etc/cron.daily/logrotate #!/bin/sh export TMPDIR=/home/temp /usr/sbin/logrotate /etc/logrotate.conf EXITVALUE=$? if [ $EXITVALUE != 0 ]; then /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]" fi exit 0 EOF # Enable backups if [ $BACKUPS == "y" ] || [ $BACKUPS == "yes" ]; then configure_backups fi # Install Mr. Radar rpm -e --nodeps centos-yumconf yum -y install php-mysql yum -y -c /usr/local/lp/configs/yum/yum.conf install yumconf-system rm -f /etc/yum.repos.d/system.repo yum -c /usr/local/lp/configs/yum/yum.conf -y install mm3k-client-pull # Add cron job to prevent license issues echo -e "0\t*/8\t*\t*\t*\t/usr/local/cpanel/cpkeyclt" >> /var/spool/cron/root # Do RAID stuff echo "Getting and Executing RAID Check Script" cd /home/temp /usr/bin/wget http://www.example.com/dsinstall/raid/checkraid.sh sh ./checkraid.sh # Fix Bind rpm -e --nodeps bind-libs rpm -e --nodeps bind yum -y install bind disable_recursion service named restart chkconfig named on # Reset Cpanel SSL certs /scripts/rebuildcpanelsslcrt # Fix FTP /etc/init.d/pure-ftpd start chkconfig --level 345 pure-ftpd on # Fix host name issue fix_hosts rm -fv ks-cpanel-postinstall.sh rm -fv ks64-cpanel-postinstall.sh