lab/myvemail
1
0
Fork 0
mirror of https://git.myvelabs.com/lab/myvemail.git synced 2025-12-17 21:26:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Delete mail-root.sh

Browse source
This commit is contained in:
myve 2024-04-23 18:53:08 -06:00
commit 44b6cd10a1
1 changed files with 0 additions and 235 deletions
Download patch file Download diff file Expand all files Collapse all files

235
mail-root.sh
View file

@ -1,235 +0,0 @@
#!/usr/bin/env bash
set -a
set -e
# Script is meant for Debian
hostnamectl | grep -q 'Debian' || exit 1
# Insert SSH keys here
sshkeys=''
# Backup mailservers
backup_mailserver=''
# Exit function
function die
{
read -n 1 -s -p $'\n\e[1;33mError encountered, exiting...\e[0m\n'
exit 1
}
# Grab options
while [ ${1} != "" ]
do
case ${1} in
-u | --user )
if [ ${2} != "" ]
then
username=${2}
shift
fi
;;
-p | --port )
if [ ${2} != "" ]
then
ssh_port=${2}
shift
fi
;;
-d | --domain )
if [ ${2} != "" ]
then
domain=${2}
shift
fi
;;
-? | -h | --help )
cat <<HELP
Parameters:
-u, --user Unix username
-p, --port SSH port
-d, --domain Domain name (eg, mail.web.com)
-?, -h, --help This help
HELP
exit 0
;;
* )
echo "Unknown parameter ${1}" 1>&2
exit 1
;;
esac
shift
done
clear
# Assign random alternate SSH port
if [ -z ${ssh_port} ]
then
ssh_port=$(shuf -i 10027-65000 -n 1)
fi
# Random username
if [ -z ${username} ]
then
username=$(cat /dev/urandom | tr -d -c 'a-z' | fold -w 8 | head -n 1)
fi
# Domain
if [ -z ${domain} ]
then
echo -e '\e[1;34mType in your full mail domain name (eg. mael.elgoog.com)\e[0m'
until [ "${domain}" ]
do
read -r -p 'Domain name: ' domain
[ "${domain}" ] || echo -e '\n\e[1;31mDomain name cannot be empty, try again\e[0m'
done
echo
fi
# Superuser password
echo -e '\e[1;34mCreate a root superuser password\e[0m'
until [ "${rootpass}" = "${rootpass2}" -a "${rootpass}" ]
do
read -s -r -p 'Superuser password: ' rootpass
read -s -r -p $'\nVerify superuser password: ' rootpass2
if [ -z "${rootpass}" ]
then
echo -e '\n\n\e[1;31mPassword field cannot be empty, try again\e[0m'
elif [ "${rootpass}" != "${rootpass2}" ]
then
echo -e '\n\n\e[1;31mPasswords did not match, try again\e[0m'
fi
done
printf '%s\n' "${rootpass}" "${rootpass}" | passwd &>/dev/null
echo -e '\n\n\e[1;32mRoot superuser password has been saved\e[0m\n'
unset rootpass rootpass2
# User password
echo -e '\e[1;34mSet a password for '"${username}"'\e[0m'
until [ "${userpass}" = "${userpass2}" -a "${userpass}" ]
do
read -s -r -p 'User password: ' userpass
read -s -r -p $'\nVerify user password: ' userpass2
if [ -z "${userpass}" ]
then
echo -e '\n\n\e[1;31mPassword field cannot be empty, try again\e[0m'
elif [ "${userpass}" != "${userpass2}" ]
then
echo -e '\n\n\e[1;31mPasswords did not match, try again\e[0m'
fi
done
printf '%s\n' "${userpass}" "${userpass}" "" "" "" "" "" | adduser ${username} &>/dev/null
echo -e '\n\n\e[1;32mPassword for '${username}'@'${domain}' -p' ${ssh_port}' has been saved\e[0m\n'
unset userpass userpass2
echo -e '\e[1;34mUpgrading system...\e[0m'
apt remove -y nano exim* &>/dev/null
apt update -y || die
apt upgrade -y || die
apt dist-upgrade -y || die
apt install -y sudo ufw vim fail2ban wget telnet dnsutils rsyslog zram-tools \
|| die 'Apt failed'
# cron rsyslog
sed -i 's/#cron/cron/' /etc/rsyslog.conf
# ufw firewall
ufw allow ${ssh_port}/tcp >/dev/null
yes | ufw enable >/dev/null
systemctl -q enable --now ufw fail2ban
# fail2ban
tee /etc/fail2ban/jail.d/sshd.conf >/dev/null <<'SSHD'
[sshd]
enabled = true
filter = sshd
backend = systemd
maxretry = 5
findtime = 1d
bantime = 4w
ignoreip = 127.0.0.1/8
SSHD
install /dev/stdin /usr/local/bin/fail2ban-jails <<'ALL-JAILS'
#!/bin/bash
JAILS=$(sudo fail2ban-client status | grep "Jail list" | sed -E 's/^[^:]+:[ \t]+//' | sed 's/,//g')
for JAIL in $JAILS
do
sudo fail2ban-client status $JAIL
done
ALL-JAILS
# zram swap
echo -e "ALGO=zstd\nPERCENT=60" >>/etc/default/zramswap
# Shut up fstrim
rm -f /etc/cron.weekly/fstrim &>/dev/null
# Hostname and unix users
hostnamectl set-hostname ${domain}
sed -i '/127.0.0.1/ s/$/ '${domain}'/' /etc/hosts
adduser ${username} sudo &>/dev/null
# SSH settings
echo "Port ${ssh_port}
PermitRootLogin no
PasswordAuthentication no
Protocol 2" >/etc/ssh/sshd_config.d/zz-ssh.conf
# Disable history saving
cat >>~/.bashrc <<EOF
if [ -f ~/.bash_history ]
then
rm -f ~/.bash_history
fi
unset HISTFILE
history -c
EOF
if hostname | grep -q "${domain}" && grep -q "${domain}" /etc/hosts
then
install /dev/stdin /usr/local/bin/mail-server <<MAILSERVER
#!/usr/bin/env bash
# Backup mailservers
backup_mailserver=(${backup_mailserver})
MAILSERVER
wget -q4O- https://git.myvelabs.com/lab/linux/raw/branch/master/mail-user.sh >>/usr/local/bin/mail-server
su ${username} <<"CHANGEUSER"
# SSH
yes | ssh-keygen -t ed25519 -q -f ~/.ssh/id_ed25519 -P ""
echo "${sshkeys}" >~/.ssh/authorized_keys
CHANGEUSER
echo -e '\n\e[1m\t## Run "mail-server" immediately\n\e[0m'
su ${username}
clear
cat <<END
###
### Login ssh as new user
###
while :
do
clear
if ssh ${username}@${domain} -p ${ssh_port} exit
then
echo -e '\e[1m## Run "~/dhparam" upon logging in\n\e[0m'
ssh ${username}@${domain} -p ${ssh_port}
break
else
sleep 1
fi
done
END
. ~/.bashrc
reboot
fi