#!/usr/bin/env bash # VPS Post install script # Michael Watters - wattersm@example.com # some edits by: Don R Johnson - djohnson@example.com # 11/26/2006 - Rewrite using python # 12/11/2006 - ETHDEV venet0:0 (was eth0) and FTPTYPE to pure not pro, and warning msg at end(clean when fixed) -don # 12/12/2006 - translated last bits of old install.pl (zone file creation portion) # 12/15/2006 - zone file was getting in the way of new accounts, disabling that chunk for now. # 4/15/2007 - Rewrite in bash, based on dedicated post install script. function get_data() { echo -n "What is the host name? " read NAME echo -n "Main IP Address? " read MAINIP echo -n "Root Password? " read ROOTPW echo -n "Contact E-mail? " read EMAIL } function set_passwd() { echo $ROOTPW | passwd --stdin root } function install_fantastico() { cd /usr/local/cpanel/whostmgr/docroot/cgi wget http://layer3.example.com/fantastico-files/fantastico_whm_admin.tgz tar xzpf fantastico_whm_admin.tgz rm -fv fantastico_whm_admin.tgz # Xcontroller cd /usr/local/cpanel/base/frontend rm -rf xcontroller rm -f xcontroller.tgz wget http://layer3.example.com/fantastico-files/xcontroller.tgz tar xzpf xcontroller.tgz chown -R root.root xcontroller/ rm -f xcontroller.tgz /usr/local/cpanel/bin/cachelangfiles cd /usr/local/cpanel/lang touch catalan french indonesian polish romanian spanish german italian portugues russian turkish } function disable_recursion() { cp /etc/named.conf /etc/named.conf.bak cat << EOF > /etc/named.conf key "rndc-key" { algorithm hmac-md5; secret ""; }; controls { inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; }; }; zone "." { type hint; file "/var/named/named.ca"; }; acl "trusted" { 127.0.0.1; 209.59.139.14; 69.16.234.126; 69.16.234.125; 69.16.234.124; 69.16.234.123; 69.16.234.122; }; options { allow-recursion { trusted; }; }; EOF /scripts/fixndc } if [ ! -d /home/temp ]; then mkdir /home/temp fi if [ -z "$4" ]; then get_data else NAME=$1 MAINIP=$2 ROOTPW=$3 EMAIL=$4 fi domain=`echo $NAME | cut -d "." -f 2-` # Install Fantastico Add-on install_fantastico #done!, setup server settings (server setup tab) # Change WHM Settings cat << EOF > /etc/wwwacct.conf ADDR $MAINIP CONTACTEMAIL $EMAIL CONTACTPAGER $EMAIL DEFMOD x ETHDEV eth0 FTPTYPE pureftpd HOMEDIR /home HOMEMATCH home HOST $NAME LOGSTYLE combined NS ns1.${domain} NS2 ns2.${domain} SCRIPTALIAS y EOF # Tweak Cpanel Settings echo -e "#config ---------------------------------------=\nRS=cpanelnew\nVALIASDIR=/etc/valiases\nVFILTERDIR=/etc/vfilters\naccess_log=/usr/local/cpanel/logs/access_log\nadminuser=cpanel\nallowcpsslinstall=0\nallowparkonothers=0\nallowperlupdates=0\nallowremotedomains=0\nallowunregistereddomains=1\nalwaysredirecttossl=1\nawstatsbrowserupdate=0\nawstatsreversedns=0\nbasename=cpanel\nblockcommondomains=0\ncpredirecthostname=0\ncycle=1\ndefaultmailaction=localuser\ndisablequotacache=0\ndiscardformmailbccsubject=0\ndnslookuponconnect=1\ndocroot=/usr/local/cpanel/base\ndumplogs=0\nemailusersbandwidthexceed=0\nengine=cpanel\nenginepl=cpanel.pl\nengineroot=/usr/local/cpanel\nerrorstostdout=0\nexim-retrytime=60\neximmailtrap=0\nextracpus=0\nftppasslogs=0\nignoredepreciated=0\ninterchangever=disable\njaildefaultshell=0\nkeepftplogs=0\nkeeplogs=0\nkeepstatslog=0\nloadthreshold=\nlogchmod=\nmaxemailsperhour=0\nmyname=cpaneld\nmysql-version=4.1\nmysqldebug=0\nnobodyspam=0\nnouserbackupwarn=0\nnumacctlist=\nphploader=sourceguardian\npopbeforesmtpsenders=0\npopchecktimes=0\npopfloodcheck=0\nport=2082\nproduct=cPanel\nresetpass=0\nroot=/usr/local/cpanel\nshowwhmbwusageinmegs=0\nskipanalog=1\nskipawstats=0\nskipboxcheck=0\nskipbwlimitcheck=0\nskipdiskcheck=0\nskipeximstats=0\nskipformmail=0\nskiphorde=0\nskiphttpauth=0\nskipmailman=0\nskipneomail=0\nskipspamassassin=0\nskipsqmail=0\nskipwebalizer=0\nskipwhoisns=0\nstats_log=/usr/local/cpanel/logs/stats_log\nstatsloglevel=1\nurchinsetpath=\nusemailformailmanurl=0\nusemysqloldpass=0\nversion=8.0\nnativessl=1\nmaildir=1\nmaxmem=192\n" > /var/cpanel/cpanel.config #update cpanel sslcert /scripts/rebuildcpanelsslcrt # Fix Bind echo -e "#SERVICE = PORT, SEND, RESPONSE, RESTART COMMAND\n\n service[bind]=x,x,x,/scripts/restartsrv bind,named,named|root|bind\n" > /etc/chkserv.d/bind #add vps ips(only 2 now) OCTET1=`echo $MAINIP | cut -d "." -f 1` OCTET2=`echo $MAINIP | cut -d "." -f 2` OCTET3=`echo $MAINIP | cut -d "." -f 3` OCTET4=`echo $MAINIP | cut -d "." -f 4` cat << EOF > /etc/ips $OCTET1.$OCTET2.$OCTET3.`echo $OCTET4+1 | bc`:$NETMASK:$OCTET1.$OCTET2.$OCTET3.255 EOF service ipaliases restart # Turn off recursive queries and other BIND stuff disable_recursion /scripts/rebuildnamedconf rndc reload #enable quotas /scripts/fixquotas cat << EOF > /etc/nameserverips $MAINIP=ns1.${domain} $OCTET1.$OCTET2.$OCTET3.`echo $OCTET4+1 | bc`=ns2.${domain} EOF # Install lpskel chmod 700 /home/temp cd /home/temp rm -f getpubkeys.sh rm -f install-yum.sh rm -f install-lpskel-yumconf.sh wget http://layer3.example.com/getpubkeys.sh wget http://layer3.example.com/install-yum.sh wget http://layer3.example.com/install-lpskel-yumconf.sh chmod +x getpubkeys.sh install-yum.sh install-lpskel-yumconf.sh mkdir /root/.gnupg gpg --list-keys ./getpubkeys.sh ./install-yum.sh ./install-lpskel-yumconf.sh rm -f getpubkeys.sh rm -f install-yum.sh rm -f install-lpskel-yumconf.sh echo -e "6\t1\t*\t*\t*\t /usr/bin/yum -c /usr/local/lp/configs/yum/yum.conf -y update" >> /var/spool/cron/root /etc/init.d/named restart /scripts/fixndc /scripts/fixndc rndc reload # Update chksrvd echo -e "antirelayd:1\ncpsrvd:1\nentropychat:0\nexim:1\neximstats:0\nftpd:1\nhttpd:1\nimap:1\ninterchange:0\nmysql:1\nnamed:1\npop:1\nspamd:1" > /etc/chkserv.d/chkservd.conf /etc/init.d/chkservd restart chkconfig popa3d off; chkconfig popa3ds off; /etc/init.d/xinetd stop; /etc/init.d/xinetd start /sbin/chkconfig pure-ftpd on /scripts/mysqlup /scripts/upcp # Enable bash time stamps echo >> /etc/profile echo HISTTIMEFORMAT=\"%Y%m%d - %H:%M:%S - \" >> /etc/profile # Enable mod_security curl "http://root:$ROOTPW@localhost:2086/scripts2/saveuthemes?themetype=modules&modsecurity=1.9.1-2.2" > /dev/null yum -y -c /usr/local/lp/configs/yum/yum.conf install lp-modsec-rules # Install clamAV and RBLs /usr/bin/yum -c /usr/local/lp/configs/yum/yum.conf -y install clamd clamav clamav-db echo "clamd:1" >> /etc/chkserv.d/chkservd.conf /etc/init.d/chkservd restart # Install Zend /scripts/installzendopt # Fix Perl mkdir -p /root/.cpan/CPAN cat << EOF > /root/.cpan/CPAN/MyConfig.pm # This is CPAN.pm's systemwide configuration file. This file provides # defaults for users, and the values can be changed in a per-user # configuration file. The user-config file is being looked for as # ~/.cpan/CPAN/MyConfig.pm. $CPAN::Config = { 'build_cache' => q[10], 'build_dir' => q[/root/.cpan/build], 'cache_metadata' => q[1], 'cpan_home' => q[/root/.cpan], 'dontload_hash' => { }, 'ftp' => q[/usr/bin/ftp], 'ftp_proxy' => q[], 'getcwd' => q[cwd], 'gpg' => q[/usr/bin/gpg], 'gzip' => q[/bin/gzip], 'histfile' => q[/root/.cpan/histfile], 'histsize' => q[100], 'http_proxy' => q[], 'inactivity_timeout' => q[0], 'index_expire' => q[1], 'inhibit_startup_message' => q[0], 'keep_source_where' => q[/root/.cpan/sources], 'links' => q[], 'make' => q[/usr/bin/make], 'make_arg' => q[], 'make_install_arg' => q[], 'makepl_arg' => q[], 'ncftp' => q[], 'ncftpget' => q[], 'no_proxy' => q[], 'pager' => q[/usr/bin/less], 'prerequisites_policy' => q[follow], 'scan_cache' => q[atstart], 'shell' => q[/bin/bash], 'tar' => q[/bin/tar], 'term_is_latin' => q[1], 'unzip' => q[/usr/bin/unzip], 'urllist' => [q[ftp://cpan.cse.msu.edu/], q[ftp://cpan.calvin.edu/pub/CPAN], q[ftp://cpan-sj.viaverio.com/pub/CPAN/], q[ftp://cpan-du.viaverio.com/pub/CPAN/], q[ftp://carroll.cac.psu.edu/pub/CPAN/], q[ftp://archive.progeny.com/CPAN/]], 'wget' => q[/usr/bin/wget], 'autocommit' => q[yes], }; 1; __END__ EOF # Reset Cpanel SSL certs /scripts/rebuildcpanelsslcrt # Clean up rm -fv /tmp/install.py whiptail --msgbox 'Shell-based portion of installation complete. \nPlease contact your network administrator.' 8 55 echo -e "*********************************************Install finished. DON'T FORGET TO INSTALL MODSEC\n" exit