Browse Source

adding #9

release/0.1
Björn 4 years ago
parent
commit
f4cc752fe4
4 changed files with 97 additions and 17 deletions
  1. +56
    -0
      app/Commands/Fail2banCommand.php
  2. +0
    -2
      app/Commands/InstallUfwCommand.php
  3. +0
    -1
      app/Commands/NginxVhostsCommand.php
  4. +41
    -14
      install.sh

+ 56
- 0
app/Commands/Fail2banCommand.php View File

@ -0,0 +1,56 @@
<?php
namespace App\Commands;
use Illuminate\Console\Scheduling\Schedule;
use LaravelZero\Framework\Commands\Command;
use Illuminate\Support\Facades\File;
use App\Facades\Install;
use Log;
class InstallUfwCommand extends Command
{
/**
* The signature of the command.
*
* @var string
*/
protected $signature = 'install:nginx';
/**
* The description of the command.
*
* @var string
*/
protected $description = 'Install mariadb and set configuration';
/**
* Execute the console command.
*
* @return mixed
*/
public function handle()
{
$this->line('Install ufw...');
exec('apt update 2>&1');
exec('apt install -y ufw 2>&1');
exec('ufw allow ssh');
// starting
exec('service ufw start');
exec('echo "y" | ufw enable');
if (Install::isReady('ufw')) {
$status = "Install ufw...success";
$this->info($status);
Log::info($status);
} else {
$this->error('Install ufw...failed');
}
}
}

+ 0
- 2
app/Commands/InstallUfwCommand.php View File

@ -39,8 +39,6 @@ class InstallUfwCommand extends Command
exec('apt install -y ufw 2>&1'); exec('apt install -y ufw 2>&1');
exec('ufw allow ssh'); exec('ufw allow ssh');
exec('ufw allow "Nginx Full"');
exec('ufw allow "OpenSSH"');
// starting // starting
exec('service ufw start'); exec('service ufw start');


+ 0
- 1
app/Commands/NginxVhostsCommand.php View File

@ -273,7 +273,6 @@ class NginxVhostsCommand extends Command
// adding current vhosts // adding current vhosts
$mainmenu = NginxVhostFactory::addVhosts($mainmenu, NginxVhost::find(), self::VHOST_INDEX); $mainmenu = NginxVhostFactory::addVhosts($mainmenu, NginxVhost::find(), self::VHOST_INDEX);
$mainmenu->open(); $mainmenu->open();
} }
} }

+ 41
- 14
install.sh View File

@ -1,5 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# #
# install mcp
# #
# #
@ -7,22 +8,48 @@ set -o errexit
set -o pipefail set -o pipefail
set -o nounset set -o nounset
_hash=${1:-}
# installing dependencies
apt install -y php-cli php-mbstring php-dom git unzip curl composer ufw fail2ban
if [ -z "${_hash}" ]; then
echo -e "\$1 is required, please check on https://composer.github.io/pubkeys.html"
exit 0
fi
#
# configure ufw and start
#
#
ufw allow ssh
service ufw start
echo "y" | ufw enable
# installing dependencies
apt install -y curl php-cli php-mbstring php-dom git unzip
#
# configure fail2ban and start
#
#
cat > /etc/fail2ban/jail.local << EOF
[default]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1/8
# "bantime" is the number of seconds that a host is banned.
bantime = 3600
banaction = ufw
# The length of time between login attempts before a ban is set.
# For example, if Fail2ban is set to ban an IP after five (3) failed log-in attempts,
# those 3 attempts must occur within the set 10-minute findtime limit.
# The findtime value should be a set number of seconds.
findtime = 600
maxretry = 5
# download installer
curl -sS https://getcomposer.org/installer -o composer-setup.php
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth-fail2ban.log
EOF
# check hash
php -r "if (hash_file('SHA384', 'composer-setup.php') === '$_hash') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
php composer-setup.php --install-dir=/usr/local/bin --filename=composer
service fail2ban start
# remove installer
rm composer-setup.php
echo -e "MCP installed"

Loading…
Cancel
Save