adding #9

app/Commands/Fail2banCommand.php

@@ -0,0 +1,56 @@
+<?php
+
+namespace App\Commands;
+
+use Illuminate\Console\Scheduling\Schedule;
+use LaravelZero\Framework\Commands\Command;
+use Illuminate\Support\Facades\File;
+
+use App\Facades\Install;
+
+use Log;
+
+class InstallUfwCommand extends Command
+{
+    /**
+     * The signature of the command.
+     *
+     * @var string
+     */
+    protected $signature = 'install:nginx';
+
+    /**
+     * The description of the command.
+     *
+     * @var string
+     */
+    protected $description = 'Install mariadb and set configuration';
+
+    /**
+     * Execute the console command.
+     *
+     * @return mixed
+     */
+    public function handle()
+    {
+        $this->line('Install ufw...');
+
+        exec('apt update 2>&1');
+        exec('apt install -y ufw 2>&1');
+
+        exec('ufw allow ssh');
+
+        // starting
+        exec('service ufw start');
+        exec('echo "y" | ufw enable');
+
+        if (Install::isReady('ufw')) {
+            $status = "Install ufw...success";
+
+            $this->info($status);
+            Log::info($status);
+        } else {
+            $this->error('Install ufw...failed');
+        }
+    }
+}

app/Commands/InstallUfwCommand.php

@@ -39,8 +39,6 @@ class InstallUfwCommand extends Command
         exec('apt install -y ufw 2>&1');
 
         exec('ufw allow ssh');
-        exec('ufw allow "Nginx Full"');
-        exec('ufw allow "OpenSSH"');
 
         // starting
         exec('service ufw start');

app/Commands/NginxVhostsCommand.php

@@ -273,7 +273,6 @@ class NginxVhostsCommand extends Command
 
         // adding current vhosts
         $mainmenu = NginxVhostFactory::addVhosts($mainmenu, NginxVhost::find(), self::VHOST_INDEX);
-
         $mainmenu->open();
     }
 }

install.sh

@@ -1,5 +1,6 @@
 #!/usr/bin/env bash
 #
+# install mcp
 #
 #
 
@@ -7,22 +8,48 @@ set -o errexit
 set -o pipefail
 set -o nounset
 
-_hash=${1:-}
+# installing dependencies
+apt install -y php-cli php-mbstring php-dom git unzip curl composer ufw fail2ban
 
-if [ -z "${_hash}" ]; then
-    echo -e "\$1 is required, please check on https://composer.github.io/pubkeys.html"
-    exit 0
-fi
+#
+# configure ufw and start
+#
+#
+ufw allow ssh
+service ufw start
+echo "y" | ufw enable
 
-# installing dependencies
-apt install -y curl php-cli php-mbstring php-dom git unzip
+#
+# configure fail2ban and start
+#
+#
+cat > /etc/fail2ban/jail.local << EOF
+[default]
+# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
+# ban a host which matches an address in this list. Several addresses can be
+# defined using space separator.
+ignoreip = 127.0.0.1/8
+
+# "bantime" is the number of seconds that a host is banned.
+bantime = 3600
+
+banaction = ufw
+
+# The length of time between login attempts before a ban is set.
+# For example, if Fail2ban is set to ban an IP after five (3) failed log-in attempts,
+# those 3 attempts must occur within the set 10-minute findtime limit.
+# The findtime value should be a set number of seconds.
+findtime = 600
+
+maxretry = 5
 
-# download installer
-curl -sS https://getcomposer.org/installer -o composer-setup.php
+[ssh]
+enabled  = true
+port     = ssh
+filter   = sshd
+logpath  = /var/log/auth-fail2ban.log
+EOF
 
-# check hash
-php -r "if (hash_file('SHA384', 'composer-setup.php') === '$_hash') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
-php composer-setup.php --install-dir=/usr/local/bin --filename=composer
+service fail2ban start
 
-# remove installer
-rm composer-setup.php
+echo -e "MCP installed"