diff --git a/app/Commands/Fail2banCommand.php b/app/Commands/Fail2banCommand.php new file mode 100644 index 0000000..df2c704 --- /dev/null +++ b/app/Commands/Fail2banCommand.php @@ -0,0 +1,56 @@ +line('Install ufw...'); + + exec('apt update 2>&1'); + exec('apt install -y ufw 2>&1'); + + exec('ufw allow ssh'); + + // starting + exec('service ufw start'); + exec('echo "y" | ufw enable'); + + if (Install::isReady('ufw')) { + $status = "Install ufw...success"; + + $this->info($status); + Log::info($status); + } else { + $this->error('Install ufw...failed'); + } + } +} diff --git a/app/Commands/InstallUfwCommand.php b/app/Commands/InstallUfwCommand.php index 461476e..df2c704 100644 --- a/app/Commands/InstallUfwCommand.php +++ b/app/Commands/InstallUfwCommand.php @@ -39,8 +39,6 @@ class InstallUfwCommand extends Command exec('apt install -y ufw 2>&1'); exec('ufw allow ssh'); - exec('ufw allow "Nginx Full"'); - exec('ufw allow "OpenSSH"'); // starting exec('service ufw start'); diff --git a/app/Commands/NginxVhostsCommand.php b/app/Commands/NginxVhostsCommand.php index e74b4fa..c7ce50c 100644 --- a/app/Commands/NginxVhostsCommand.php +++ b/app/Commands/NginxVhostsCommand.php @@ -273,7 +273,6 @@ class NginxVhostsCommand extends Command // adding current vhosts $mainmenu = NginxVhostFactory::addVhosts($mainmenu, NginxVhost::find(), self::VHOST_INDEX); - $mainmenu->open(); } } diff --git a/install.sh b/install.sh index fd66d97..0a387dd 100755 --- a/install.sh +++ b/install.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash # +# install mcp # # @@ -7,22 +8,48 @@ set -o errexit set -o pipefail set -o nounset -_hash=${1:-} +# installing dependencies +apt install -y php-cli php-mbstring php-dom git unzip curl composer ufw fail2ban -if [ -z "${_hash}" ]; then - echo -e "\$1 is required, please check on https://composer.github.io/pubkeys.html" - exit 0 -fi +# +# configure ufw and start +# +# +ufw allow ssh +service ufw start +echo "y" | ufw enable -# installing dependencies -apt install -y curl php-cli php-mbstring php-dom git unzip +# +# configure fail2ban and start +# +# +cat > /etc/fail2ban/jail.local << EOF +[default] +# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not +# ban a host which matches an address in this list. Several addresses can be +# defined using space separator. +ignoreip = 127.0.0.1/8 + +# "bantime" is the number of seconds that a host is banned. +bantime = 3600 + +banaction = ufw + +# The length of time between login attempts before a ban is set. +# For example, if Fail2ban is set to ban an IP after five (3) failed log-in attempts, +# those 3 attempts must occur within the set 10-minute findtime limit. +# The findtime value should be a set number of seconds. +findtime = 600 + +maxretry = 5 -# download installer -curl -sS https://getcomposer.org/installer -o composer-setup.php +[ssh] +enabled = true +port = ssh +filter = sshd +logpath = /var/log/auth-fail2ban.log +EOF -# check hash -php -r "if (hash_file('SHA384', 'composer-setup.php') === '$_hash') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" -php composer-setup.php --install-dir=/usr/local/bin --filename=composer +service fail2ban start -# remove installer -rm composer-setup.php \ No newline at end of file +echo -e "MCP installed" \ No newline at end of file