From 3d86924418df8e303b6684cf048baae0817fbc79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn?= Date: Sun, 9 Aug 2020 14:20:15 +0200 Subject: [PATCH] smaller bugfixes, change logic --- app/Commands/Fail2banDisableCommand.php | 14 +++-- app/Commands/Fail2banEnableCommand.php | 20 +++++-- app/Commands/LetsEncryptAddCommand.php | 3 +- app/Commands/LetsEncryptRemoveCommand.php | 35 ++++++++---- app/Commands/MariadbInstallCommand.php | 23 +++++--- app/Commands/MonitoringStateCommand.php | 7 ++- app/Commands/NginxInstallCommand.php | 27 ++++++--- app/Commands/NodejsInstallCommand.php | 16 ++++-- app/Commands/PhpFpmInstallCommand.php | 70 ++++++++++++++++++----- app/Helpers/InstallHelper.php | 31 +++++++++- resources/nginx/nginx.blade.php | 2 +- 11 files changed, 187 insertions(+), 61 deletions(-) diff --git a/app/Commands/Fail2banDisableCommand.php b/app/Commands/Fail2banDisableCommand.php index 4006884..587eb65 100644 --- a/app/Commands/Fail2banDisableCommand.php +++ b/app/Commands/Fail2banDisableCommand.php @@ -6,15 +6,19 @@ use Illuminate\Console\Scheduling\Schedule; use LaravelZero\Framework\Commands\Command; /** + * Disable Fail2ban Configuration * * * */ class Fail2banDisableCommand extends Command { - const FAIL2BAN_JAIL_DIRECTORY = '/etc/fail2ban/jail.d'; - const RESOURCES_JAIL_DIRECTORY = '/resources/fail2ban/jail.d'; - + // destination to jail + const DESTINATION_FAIL2BAN_JAIL_DIRECTORY = '/etc/fail2ban/jail.d'; + + // source to jail + const SOURCE_FAIL2BAN_JAIL_DIRECTORY = '/resources/fail2ban/jail.d'; + /** * The signature of the command. * @@ -39,7 +43,7 @@ class Fail2banDisableCommand extends Command // getting configuration $configuration = $this->argument('configuration'); - $source = base_path().self::RESOURCES_JAIL_DIRECTORY.'/'.$configuration.'.conf'; + $source = base_path().self::SOURCE_FAIL2BAN_JAIL_DIRECTORY.'/'.$configuration.'.conf'; // configuration not found if (!file_exists($source)) { @@ -47,7 +51,7 @@ class Fail2banDisableCommand extends Command exit(); } - unlink(self::FAIL2BAN_JAIL_DIRECTORY.'/'.$configuration.'.conf'); + unlink(self::DESTINATION_FAIL2BAN_JAIL_DIRECTORY.'/'.$configuration.'.conf'); exec('service fail2ban restart'); $this->info('fail2ban...'.$configuration.' disabled'); diff --git a/app/Commands/Fail2banEnableCommand.php b/app/Commands/Fail2banEnableCommand.php index 0e1e3c6..0955247 100644 --- a/app/Commands/Fail2banEnableCommand.php +++ b/app/Commands/Fail2banEnableCommand.php @@ -5,17 +5,19 @@ namespace App\Commands; use Illuminate\Console\Scheduling\Schedule; use LaravelZero\Framework\Commands\Command; -use Log; - /** + * Enable Fail2ban Configuration * * * */ class Fail2banEnableCommand extends Command { - const FAIL2BAN_JAIL_DIRECTORY = '/etc/fail2ban/jail.d'; - const RESOURCES_JAIL_DIRECTORY = '/resources/fail2ban/jail.d'; + // destination to jail + const DESTINATION_FAIL2BAN_JAIL_DIRECTORY = '/etc/fail2ban/jail.d'; + + // source to jail + const SOURCE_FAIL2BAN_JAIL_DIRECTORY = '/resources/fail2ban/jail.d'; /** * The signature of the command. @@ -41,7 +43,7 @@ class Fail2banEnableCommand extends Command // getting configuration $configuration = $this->argument('configuration'); - $source = base_path().self::RESOURCES_JAIL_DIRECTORY.'/'.$configuration.'.conf'; + $source = base_path().self::SOURCE_FAIL2BAN_JAIL_DIRECTORY.'/'.$configuration.'.conf'; // configuration not found if (!file_exists($source)) { @@ -49,7 +51,13 @@ class Fail2banEnableCommand extends Command exit(); } - $destination = self::FAIL2BAN_JAIL_DIRECTORY.'/'.$configuration.'.conf'; + $destination = self::DESTINATION_FAIL2BAN_JAIL_DIRECTORY.'/'.$configuration.'.conf'; + + // configuration already enabled + if (file_exists($destination)) { + $this->info('fail2ban...configuration already enabled'); + exit(); + } copy($source, $destination); $this->info('fail2ban...'.$configuration.' enabled'); diff --git a/app/Commands/LetsEncryptAddCommand.php b/app/Commands/LetsEncryptAddCommand.php index 1837423..552dcc1 100644 --- a/app/Commands/LetsEncryptAddCommand.php +++ b/app/Commands/LetsEncryptAddCommand.php @@ -6,6 +6,7 @@ use Illuminate\Console\Scheduling\Schedule; use LaravelZero\Framework\Commands\Command; /** + * Add LetsEncrypt Certificate * * * @@ -24,7 +25,7 @@ class LetsEncryptAddCommand extends Command * * @var string */ - protected $description = 'Get Certificates from LetsEncrypt'; + protected $description = 'Add Certificates from LetsEncrypt'; /** * Execute the console command. diff --git a/app/Commands/LetsEncryptRemoveCommand.php b/app/Commands/LetsEncryptRemoveCommand.php index 5974212..5ff9551 100644 --- a/app/Commands/LetsEncryptRemoveCommand.php +++ b/app/Commands/LetsEncryptRemoveCommand.php @@ -12,6 +12,7 @@ use LaravelZero\Framework\Commands\Command; */ class LetsEncryptRemoveCommand extends Command { + // directory const CERT_DIR = '/etc/certbot/'; /** @@ -40,18 +41,32 @@ class LetsEncryptRemoveCommand extends Command foreach($domains as $domain) { - $archive = self::CERT_DIR.'archive/'.$domain; - $live = self::CERT_DIR.'live/'.$domain; - $renewal = self::CERT_DIR.'renewal/'.$domain; + $diretories = [ + 'archive' => self::CERT_DIR.'archive/'.$domain, + 'live' => self::CERT_DIR.'live/'.$domain, + 'renwal' => self::CERT_DIR.'renewal/'.$domain + ]; - rmdir($archiv); - rmdir($live); - rmdir($renewal); + $errors = 0; - if (file_exists($archiv) && file_exists($live) && file_exists($renewal)) { - $this->info('Certifikate for '.$domain.' ...deleted!'); - } else { - $this->error('Certifikate for '.$domain.' ...not deleted!'); + foreach($diretories as $diretory) { + if (!file_exists($diretory)) { + $errors++; + } else { + rmdir($archiv); + } + } + + if ($errors === (count($diretories) - 1)) { + $this->error('Error! Certificate for '.$domain.' ...not found!'); + } + + if ($erros > 0 && $errors < (count($diretories) - 1)) { + $this->error('Trouble! Certificate for '.$domain.' ...delete! Some files were not found!'); + } + + if ($errors === 0) { + $this->info('Success! Certificate for '.$domain.' ...deleted!'); } } } diff --git a/app/Commands/MariadbInstallCommand.php b/app/Commands/MariadbInstallCommand.php index b2d4d93..9261564 100644 --- a/app/Commands/MariadbInstallCommand.php +++ b/app/Commands/MariadbInstallCommand.php @@ -36,7 +36,7 @@ class MariadbInstallCommand extends Command * * @var string */ - protected $description = 'Install mariadb and set configuration'; + protected $description = 'Install Mariadb and set configuration'; /** * Execute the console command. @@ -47,8 +47,11 @@ class MariadbInstallCommand extends Command { $this->info('Mariadb install...'); - exec('apt update 2>&1'); - exec('apt install -y mariadb-server mariadb-client 2>&1'); + exec('apt update 2>&1', $output); + exec('apt install -y mariadb-server mariadb-client 2>&1', $output); + + // @TODO apt add a Warning for no good, in a later version output will be scanned for helpfull infos + $this->line(implode("\n", Install::filterAptMessages($output))); if (Install::isReady('mariadb-server mariadb-client')) { @@ -68,27 +71,31 @@ class MariadbInstallCommand extends Command $password = $generator->generatePasswords()[0]; // remove plugin for root and set password + $this->info('Mariadb add password for root...'); exec('sudo mysql -u root -e "UPDATE mysql.user SET Password=PASSWORD(\''.$password.'\') WHERE User=\'root\';"'); exec('sudo mysql -u root -e "UPDATE mysql.user SET plugin=\'\' where User=\'root\';"'); - // delete anonymous user - exec('sudo mysql -u root -e "DELETE FROM mysql.user WHERE User=\'\';"'); - // make sure root can only access from local + $this->info('Mariadb make sure root can ony access from local...'); exec('sudo mysql -u root -e "DELETE FROM mysql.user WHERE User=\'root\' AND Host NOT IN (\'localhost\', \'127.0.0.1\', \'::1\');"'); + // delete anonymous user + $this->info('Mariadb delete anonymous user...'); + exec('sudo mysql -u root -e "DELETE FROM mysql.user WHERE User=\'\';"'); + // drop test database and anthing familiar + $this->info('Mariadb drop test and anthing familiar...'); exec('sudo mysql -u root -e "DROP DATABASE IF EXISTS test;"'); exec('sudo mysql -u root -e "DELETE FROM mysql.db WHERE Db=\'test\' OR Db=\'test_%\';"'); // update privileges exec('sudo mysql -u root -e "FLUSH PRIVILEGES;"'); - $this->info('Success! \o/ Check /root/mcp.log'); + $this->info('Mariadb installing...Success! \o/ Check '.self::MCP_LOG_FILE); file_put_contents(self::MCP_LOG_FILE, "Mariadb installed\nuser: root\npassword: $password\n--\n", FILE_APPEND); } else { - $this->error('Failed!'); + $this->error('Failed! Please check log-file!'); } } } diff --git a/app/Commands/MonitoringStateCommand.php b/app/Commands/MonitoringStateCommand.php index b6c2c46..a189c32 100644 --- a/app/Commands/MonitoringStateCommand.php +++ b/app/Commands/MonitoringStateCommand.php @@ -5,8 +5,11 @@ namespace App\Commands; use Illuminate\Console\Scheduling\Schedule; use LaravelZero\Framework\Commands\Command; -use Log; - +/** + * + * + * + */ class MonitoringStateCommand extends Command { /** diff --git a/app/Commands/NginxInstallCommand.php b/app/Commands/NginxInstallCommand.php index d97c31f..518eb80 100644 --- a/app/Commands/NginxInstallCommand.php +++ b/app/Commands/NginxInstallCommand.php @@ -9,7 +9,7 @@ use App\Facades\Install; use App\BladeFile; /** - * + * Nginx install * * */ @@ -20,7 +20,7 @@ class NginxInstallCommand extends Command * * @var string */ - protected $signature = 'nginx:install {--user=www-data}'; + protected $signature = 'nginx:install {--user=www-data} {--environment=production}'; /** * The description of the command. @@ -38,21 +38,28 @@ class NginxInstallCommand extends Command { $this->info('Nginx installing...'); - exec('apt update 2>&1'); - exec('apt install -y nginx 2>&1'); + exec('apt update 2>&1', $output); + exec('apt install -y nginx 2>&1', $output); + + // @TODO apt add a Warning for no good, in a later version output will be scanned for helpfull infos + $this->line(implode("\n", Install::filterAptMessages($output))); // check if nginx is ready and installed if (Install::isReady('nginx')) { + $this->info('Nginx create configuration...'); + // copy snippets exec('cp '.base_path().'/resources/nginx/snippets/*.conf /etc/nginx/snippets'); $configuration = [ 'user' => $this->option('user'), - 'env' => App::environment() + 'environment' => $this->option('environment') ]; // get workers + $output = []; + exec('echo $(grep ^processor /proc/cpuinfo | wc -l)', $output); $configuration['processes'] = $output[0]; @@ -64,11 +71,15 @@ class NginxInstallCommand extends Command $bladeFile->put('nginx', '/etc/nginx/nginx.conf', $configuration); // adding ufw to nginx - exec('ufw allow "Nginx Full"'); + $output = []; + + $this->info('Nginx adding ufw rules...'); + exec('ufw allow "Nginx Full" 2>&1', $output); + $this->line(implode("\n", $output)); - $this->info('Success! \o/'); + $this->info('Nginx installing...Success! \o/'); } else { - $this->error('Failed! /o\\'); + $this->error('Failed! Please check log-file!'); } } } diff --git a/app/Commands/NodejsInstallCommand.php b/app/Commands/NodejsInstallCommand.php index 2accdf2..427496d 100644 --- a/app/Commands/NodejsInstallCommand.php +++ b/app/Commands/NodejsInstallCommand.php @@ -38,21 +38,29 @@ class NodejsInstallCommand extends Command // getting configuration $version = $this->argument('version'); - exec('useradd -d /home/nodejs -m nodejs'); + $this->info('Nodejs installing...'); + exec('curl -sL https://deb.nodesource.com/setup_'.$version.'.x | sudo -E bash -'); - exec('apt-get install -y nodejs -qq'); + exec('apt-get install -y nodejs 2>&1'); + + // @TODO apt add a Warning for no good, in a later version output will be scanned for helpfull infos + $this->line(implode("\n", Install::filterAptMessages($output))); + + $this->info('Nodejs add user...'); + exec('useradd -d /home/nodejs -m nodejs', $output); exec('sudo -Hu nodejs mkdir /home/nodejs/.npm'); exec('sudo -Hu nodejs npm config set prefix /home/nodejs/.npm'); exec('echo -e "export PATH=/home/nodejs/.npm/bin:\$PATH" >> /home/nodejs/.bashrc'); + $this->info('Nodejs install npm & pm2...'); exec('npm install -g npm && npm install -g pm2'); // check if nginx is ready and installed if (Install::isReady('nodejs')) { - $this->info("Success!"); + $this->info('Nginx installing...Success! \o/'); } else { - $this->error("Failed! Please check log-file!"); + $this->error('Failed! Please check log-file!'); } } } diff --git a/app/Commands/PhpFpmInstallCommand.php b/app/Commands/PhpFpmInstallCommand.php index 9f95044..f59b739 100644 --- a/app/Commands/PhpFpmInstallCommand.php +++ b/app/Commands/PhpFpmInstallCommand.php @@ -4,20 +4,27 @@ namespace App\Commands; use Illuminate\Console\Scheduling\Schedule; use LaravelZero\Framework\Commands\Command; -use Illuminate\Support\Facades\File; - use App\Facades\Install; -use Log; - -class InstallPhpFpmCommand extends Command +/** + * Install php-fpm + * + * + */ +class PhpFpmInstallCommand extends Command { + const FILE_PREFIX = '/etc/php'; + const FILE_SUFFIX = '/fpm/pool.d/www.conf'; + + // packages to install + const PACKAGES = 'php-mysql php-pear php-gd php-common php-curl php-json php-mbstring php-xml php-zip php-bcmath'; + /** * The signature of the command. * * @var string */ - protected $signature = 'php-fpm:install'; + protected $signature = 'php-fpm:install {--user=}'; /** * The description of the command. @@ -33,19 +40,52 @@ class InstallPhpFpmCommand extends Command */ public function handle() { - $this->info('Install PHP FPM'); + $this->info('Php-fpm installing...'); + + exec('apt update 2>&1', $output); + exec('apt install -y php-fpm '.self::PACKAGES.' 2>&1', $output); + + // @TODO apt add a Warning for no good, in a later version output will be scanned for helpfull infos + $this->line(implode("\n", Install::filterAptMessages($output))); + + // scan for all versions + foreach(scandir(self::FILE_PREFIX) as $directory) { + + // get path to www.conf + $file = self::FILE_PREFIX.'/'.$directory.self::FILE_SUFFIX; - exec('apt update 2>&1'); - exec('apt install -y php-fpm php-curl php-mysql php-pear php-dev php-gd 2>&1'); + if (file_exists($file)) { - if (Install::isReady('nginx')) { + // get user + $user = $this->option('user'); - // get status of nginx - exec('nginx -v 2>&1', $output); - $status = "$output[0] installed"; + if ($user) { + $output = []; + + $this->info('Php-fpm change user...'); + exec('sed -i "s/user = www-data/user = '.$user.'/g" '.$file, $output); + exec('sed -i "s/group = www-data/group = '.$user.'/g" '.$file, $output); + + exec('sed -i "s/listen.owner = www-data/listen.owner = '.$user.'/g" '.$file, $output); + exec('sed -i "s/listen.group = www-data/listen.group = '.$user.'/g" '.$file, $output); + + $this->line(implode("\n", $output)); + } + + $output = []; + + $this->info('Php-fpm change mode...'); + exec('sed -i "s/;listen.mode = 0660/listen.mode = 0660/g" '.$file, $output); + + $this->line(implode("\n", $output)); + } + } - $this->info($status); - Log::info($status); + // check if nginx is ready and installed + if (Install::isReady('php-fpm')) { + $this->info('Php-fpm installing...Success! \o/'); + } else { + $this->error('Failed! Please check log-file!'); } } } diff --git a/app/Helpers/InstallHelper.php b/app/Helpers/InstallHelper.php index 48629e7..3926b69 100644 --- a/app/Helpers/InstallHelper.php +++ b/app/Helpers/InstallHelper.php @@ -2,11 +2,21 @@ namespace App\Helpers; +/** + * + * + * + */ class InstallHelper { - // + // message for status const PACKAGE_STATUS = 'Status: install ok installed'; + // not allowed message + const NOT_ALLOWED = [ + 'WARNING: apt does not have a stable CLI interface. Use with caution in scripts.' + ]; + /** * check if a packege is installed * @@ -25,4 +35,23 @@ class InstallHelper return $result; } + + /** + * apt add a Warning for no good, + * + * + * @return array + */ + public function filterAptMessages($output) + { + $results = []; + + foreach($output as $message) { + if (!in_array($message, self::NOT_ALLOWED) && !empty($message)) { + $results[] = $message; + } + } + + return $results; + } } \ No newline at end of file diff --git a/resources/nginx/nginx.blade.php b/resources/nginx/nginx.blade.php index 2df98d2..51f0659 100644 --- a/resources/nginx/nginx.blade.php +++ b/resources/nginx/nginx.blade.php @@ -25,7 +25,7 @@ events { http { server_tokens off; - @if ($env === 'development') + @if ($environment === 'development') # error log will be only write from debug error_log /var/log/nginx.error_log debug;