#!/bin/bash ## OS=`hostnamectl | grep "Operating System" | awk -F" " {'print $5'}` net_func () { server=`hostname | awk -F"." {'print $1'} ` domain=`hostname -d` H=${server^^} R=${domain^^} W=`echo $R | sed 's/\.[^\.]*$//'` G="`echo $domain | sed 's/\.[^\.]*$//'`" DEV=`ip -4 route | awk {'print $5'} | head -n 1` IPR=`ip -4 route | awk {'print $3'} | head -n 1` IP=`ip -4 route get $IPR | awk {'print $5'} | head -n 1` NET=`ip -4 route | grep $IP | awk -F"/" {'print $1'} | tail -n1` MASK=`ifconfig | grep broadcast |tail -n1| awk {'print $4'}` BR=`ifconfig | grep broadcast |tail -n1| awk {'print $6'}` REV=`echo $IP| awk 'BEGIN { FS = "." } ; { print $3"."$2"."$1}'` IPH=`echo $IP | awk -F"." {'print $4'}` RANG=`echo $NET | sed 's/..$//'` POOL=`echo $RANG.50 $RANG.99` DNS=`cat /etc/samba/smb.conf | grep forwarder | awk -F" " {'print $4'}` PASS_ADM="`cat .secret`" ADM="`cat .mailadmin`" PASS_MAIL="`cat .passadmin`" } srt_func () { crt=` cat /etc/ssl/private/$server.crt | grep CERTIFICATE | awk -F" " '{print $2}'| awk -F"-" '{print $1}' | head -n1` if [ "CERTIFICATE" = "$crt" ] ; then echo " ok!" else openssl genrsa -out $server.key 2048 openssl req -x509 -new -nodes -key $server.key -sha256 -days 3650 -out $server.crt TRUE=`openssl x509 -in $server.crt -text -noout | grep 'CA:TRUE'` if [ -z $TRUE ]; then echo "FALSE" else echo "OK!" cat $server.crt $server.key > $server.pem mv $server.crt $server.key $server.pem /etc/ssl/private/ fi fi } dhcp_func () { echo "" set=`ps ax | grep SCREEN | grep dhcp_set | awk -F" " '{print $1}'` if [ ! -z "$set" ] ; then echo "dhcp_set `echo -e '\E[33;32m'"\033[1m activ \033[0m"`" echo "prozess $set" else echo "dhcp_set `echo -e '\E[33;31m'"\033[1m no activ \033[0m"`" echo " sh adc_install.sh -dhcp_on" echo "prozess $set" fi } case "$1" in -ad_install) echo "install samba AD" if [ ! -z "`zypper lr | grep markusd`" ] ; then echo "Repository уже есть." else zypper addrepo https://download.opensuse.org/repositories/home:/markusd:/samba:/samba-4.19-related:/samba-4.19-mit-fs/$OS/home:markusd:samba:samba-4.19-related:samba-4.19-mit-fs.repo zypper refresh zypper --non-interactive install krb5-client net-tools-deprecated ldb-tools samba-ad-dc lbdb python3-Markdown python3-setproctitle bind dhcp-server fi systemctl stop smbd nmbd winbind systemctl disable smbd nmbd winbind systemctl mask smbd nmbd winbind rm -f /var/lib/samba/*.tdb *.ldb rm -f /var/lib/samba/private/*.tdb *.ldb net_func read -p "Задайте пароль для администратора домена: " PASS_ADM echo "$PASS_ADM" > .secret read -p "IP adress внешнего DNS: " DNS echo "search $domain nameserver 127.0.0.1 nameserver $IP nameserver $DNS" > /var/run/netconfig/resolv.conf mv /etc/samba/smb.conf /etc/samba/smb.conf-backup samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=BIND9_DLZ --realm=$R --domain=$W --adminpass=$PASS_ADM echo "# Global parameters [global] dns forwarder = $DNS bind interfaces only = yes interfaces = 127.0.0.1 $IP netbios name = $H realm = $R server role = active directory domain controller workgroup = $W idmap_ldb:use rfc2307 = yes template homedir = /home/%U logon script = %U.bat template shell = /bin/bash server services = -dns ldap server require strong auth = no nsupdate command = /usr/bin/nsupdate -g server signing = mandatory server min protocol = SMB3 client signing = mandatory winbind nss info =rfc2307 winbind enum users = yes winbind enum groups = yes map acl inherit = yes store dos attributes = yes tls enabled = yes tls keyfile = /var/lib/samba/private/tls/key.pem tls certfile = /var/lib/samba/private/tls/cert.pem tls cafile = /var/lib/samba/private/tls/ca.pem [sysvol] path = /var/lib/samba/sysvol read only = No create mask = 0700 directory mask = 0644 vfs objects = dfs_samba4, acl_xattr, full_audit [netlogon] path = /var/lib/samba/sysvol/$domain/scripts read only = No create mask = 0700 directory mask = 0644 vfs objects = dfs_samba4, acl_xattr, full_audit [Admins] valid users = +\"$R\\Domain Admins\" writable = yes path = /srv/samba/samba_admins browseable = yes create mask = 0666 directory mask = 0777 [Users] valid users = +\"$R\\Domain Users\" path = /srv/samba/samba_users writable = yes browseable = Yes create mask = 0666 directory mask = 0777 [homes] comment = Home Directories valid users = %S, %D%S browseable = No read only = No inherit acls = Yes [profiles] comment = Network Profiles Service path = %H read only = No browseable = No store dos attributes = Yes create mask = 0600 directory mask = 0700 [public] comment = Public path = /srv/samba/public read only = No inherit permissions = Yes inherit acls = Yes inherit owner = Yes guest ok = Yes" > /etc/samba/smb.conf echo "[libdefaults] default_realm = $R dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime = 24h forwardable = yes default_ccache_name = FILE:/tmp/krb5cc_%{uid} [realms] $R = { default_domain = $domain } [domain_realm] $server = $R" >/var/lib/samba/private/krb5.conf rm -f /etc/krb5.conf ln -s /var/lib/samba/private/krb5.conf /etc/ echo "auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 1000 quiet_success auth sufficient pam_winbind.so use_first_pass auth required pam_deny.so " > /etc/pam.d/common-auth echo "session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel " > /etc/pam.d/common-session echo "password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password sufficient pam_winbind.so use_authtok password required pam_deny.so " > /etc/pam.d/common-password echo "account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 1000 quiet account [default=bad success=ok user_unknown=ignore] pam_winbind.so account required pam_permit.so " > /etc/pam.d/common-account sed -i "s/^passwd:.*/passwd: compat winbind/g" /etc/nsswitch.conf sed -i "s/^group:.*/group: compat winbind/g" /etc/nsswitch.conf sed -i "s/^shadow:.*/shadow: compat winbind/g" /etc/nsswitch.conf echo "bindcmdaddress $IP ntpsigndsocket /var/lib/samba/ntp_signd" >> /etc/chrony.d/pool.conf sed -i "s/NETCONFIG_DNS_STATIC_SERVERS=.*/NETCONFIG_DNS_STATIC_SERVERS=\"$IP 1.1.1.1\"/g" /etc/sysconfig/network/config chown root:chrony /var/lib/samba/ntp_signd/ chmod 750 /var/lib/samba/ntp_signd/ systemctl enable samba-ad-dc.service systemctl start samba-ad-dc.service mkdir -p /srv/samba/samba_admins /srv/samba/samba_users /srv/samba/public chmod -R 770 /srv/samba/samba_users chown root:users /srv/samba/samba_users chmod -R 777 /srv/samba/public setfacl -R -b /srv/samba/public setfacl -R -d -m:rxw /srv/samba/public samba-tool dns zonecreate $server.$domain $REV.in-addr.arpa -U administrator%$PASS_ADM samba-tool dns add $server $REV.in-addr.arpa $IPH PTR $server.$domain -U administrator%$PASS_ADM sh adc_install.sh -bind sh adc_install.sh -dhcp sh adc_install.sh -dhcp_on echo "--- reboot ---" ;; -uadd) net_func echo "Создать пользователя домена" echo "Наберите имя и фамилию пользователя домена через пробел: < Wasja Pupkin > и нажмите Enter:" read a b A=${a} B=${b} D="`echo ${b::1}`" e="$a" E=${e,,} v="`echo ${E::1}`" n=${B,,} if [ ! -z "$B" ] ; then U=$v.$n else U=$A fi uadd_func () { if [ ! -z "$B" ] ; then samba-tool user create $U --login-shell=/bin/bash --gecos "$A $D." --given-name="$A" --surname="$B" --mail-address="$U@$domain" --script-path=$U.bat --profile-path=\\\\"$server.$domain"\\profiles\\"$U" --home-drive=F --home-directory=\\\\"$server.$domain"\\"$U" else samba-tool user create $U --login-shell=/bin/bash --gecos "$A" --given-name="$A" --mail-address="$U@$domain" --script-path=$U.bat --profile-path=\\\\"$server.$domain"\\profiles\\"$U" --home-drive=F --home-directory=\\\\"$server.$domain"\\"$U" fi } if [ ! -z "$B" ] ; then us=`ldbsearch --url=/var/lib/samba/private/sam.ldb | grep $A | grep $B | head -1 | awk -F" " '{print $2}'| cut -d"=" -f2` else us=`ldbsearch --url=/var/lib/samba/private/sam.ldb | grep $A | grep sAMAccountName: | tail -n1 | awk -F" " '{print $2}'` fi if [ "$us" = "$A" ]; then echo "Пользователь $a $b уже есть." else if [ ! -z "$B" ] ; then string="$E" echo $string l=${#string} for var in $(wbinfo -u | grep $n | awk -F'\' {'print $2'} | awk -F"." '{print $1}') do count=1 until [ $count -gt $l ] do for var1 in `echo "${string:0:$count}"` do if [[ $var == $var1 ]]; then i=$count i=$(($i + 1)) U=`echo "${string:0:$i}.$n"` fi done count=$(( $count + 1 )) done done fi read -p "Разрешить простые пароли? (Y/y, N/n, HELP H/h ) " yn case $yn in [Yy]* ) echo "OK!" samba-tool domain passwordsettings set --complexity=off ;; [Nn]* ) echo "OK!" samba-tool domain passwordsettings set --complexity=on ;; [Hh]* ) #samba-tool domain passwordsettings set --help samba-tool domain passwordsettings show exit ;; * ) echo "Please answer Y/y N/n or H/h HELP." ;; esac uadd_func u=`wbinfo -u | grep $U` if [ "$U" = "$u" ] ; then echo "Пользователь $U уже есть." else su - $U -c "exit"; echo $? ldbsearch -H /var/lib/samba/private/sam.ldb "sAMAccountName=$U" pwset=`samba-tool domain passwordsettings show | grep complexity | awk -F": " '{print $2}'` if [ "$pwset" = "off" ] ; then echo "$pwset -- on." samba-tool domain passwordsettings set --complexity=on fi echo "@echo ###################################### @echo # # @echo # Login Domain_Users $U # @echo # На Linux-Server $server.$domain # @echo # Domain $domain # @echo # # @echo ####################################### @echo off if %OS%.==Windows_NT. goto WinNT if %windir%.==. goto DOS :Win9x echo Win9x stuff here... goto end :DOS echo DOS stuff here... goto end :WinNT echo WinNT stuff here... goto end :end net use k: \\\\$server.$domain\\Users net use p: \\\\$server.$domain\\public net time \\\\$server.$domain /set /yes" > /var/lib/samba/sysvol/$domain/scripts/$U.bat chmod 777 /var/lib/samba/sysvol/$domain/scripts/$U.bat unix2dos /var/lib/samba/sysvol/$domain/scripts/$U.bat fi fi ;; -gadd) echo "Создать группу домена : " read Gr g=`wbinfo -g | grep $Gr` if [ ! -z "$g" ] ; then echo "Группа $G уже есть." else samba-tool group add $Gr echo "Группа $Gr создана." fi ;; -ugadd) echo "Ввести пользователя в группу домена - <группа> <пользователь> : " read Gr U g=`wbinfo -g | grep $Gr` if [ ! -z "$g" ] ; then samba-tool group addmembers $Gr $U else echo "Группы $Gr несуществует." fi ;; -udel) echo "Удалить пользователя домена - : <пользователь> " read -p "Удалить пользователя: " user id $user read -p "Удалить пользователя из группы: " group read -p "(YES/NO/LIST/HELP) " del case $del in [Yy]* ) echo "Удалить!" samba-tool group removemembers $group $user samba-tool user delete $user rm -rf /home/$user rm -rf /var/lib/samba/sysvol/$dom/scripts/$user.bat ;; [Nn]* ) echo "OK!" ;; [Ll]* ) samba-tool user list ;; [Hh]* ) samba-tool user delete -h ;; * ) echo "Please answer Y/y N/n or H/h HELP." ;; esac ;; -upass) echo "Задать пароль пользователю домена - : <пользователь> " read -p "Pass пользователя: " user samba-tool user setpassword $user ;; -ad_uninstall) echo "Удалить конфигурацию Samba AD" systemctl stop samba-ad-dc.service systemctl stop named.service systemctl stop dhcpd.service cp /etc/pam.d/common-account.pam-config-backup /etc/pam.d/common-account cp /etc/pam.d/common-auth.pam-config-backup /etc/pam.d/common-auth cp /etc/pam.d/common-session.pam-config-backup /etc/pam.d/common-session sed -i "s/^passwd:.*/passwd: compat/g" /etc/nsswitch.conf sed -i "s/^group:.*/group: compat/g" /etc/nsswitch.conf sed -i "s/^shadow:.*/shadow: compat/g" /etc/nsswitch.conf sed -i "s/KRB5RCACHETYPE.*/\ /g" /etc/sysconfig/named rm -rf /srv/samba cp /etc/samba/smb.conf-backup /etc/samba/smb.conf rm -f /var/lib/samba/sysvol/$domain/script/*.bat cp /etc/chrony.d/pool.conf-backup /etc/chrony.d/pool.conf rm -f /var/lib/samba/*.tdb *.ldb rm -f /var/lib/samba/private/*.tdb *.ldb sh adc_install.sh -dhcp_off ;; -ad_test) echo "Тест АД Samba Servers:" net_func echo "#### Listen to Ports ####" echo "" netstat -tlpn |grep samba echo "" echo "#### DNS Test ####" echo "" host $server.$domain echo "" c=`dig $domain | grep $domain | tail -n1` echo "`echo -e '\E[33;32m'"\033[1m $c \033[0m"`" d=`dig -x $IP @127.0.0.1 +short` echo "`echo -e '\E[33;32m'"\033[1m $d \033[0m"`" h=`host -t A $server.$domain` echo "`echo -e '\E[33;32m'"\033[1m $h \033[0m"`" samba-tool dns query 127.0.0.1 $domain @ ALL -U 'administrator'%$PASS_ADM samba-tool dns query 127.0.0.1 $REV.in-addr.arpa @ ALL -U 'administrator'%$PASS_ADM echo "" echo "#### Kerberos Test ####" e=`host -t SRV _kerberos._tcp.$domain` echo "`echo -e '\E[33;32m'"\033[1m $e \033[0m"`" echo "" echo "#### LDAP Test ####" f=`host -t SRV _ldap._tcp.$domain` echo "`echo -e '\E[33;32m'"\033[1m $f \033[0m"` ####" echo "" echo "#### Global Catalog Test ####" g=`host -t SRV _gc._tcp.$domain` echo "`echo -e '\E[33;32m'"\033[1m $g \033[0m"` ####" echo "" echo "#### Соединения Test ####" echo "" echo "`cat .secret`" | smbclient -L localhost echo "" echo "#### Kerberos Test ####" echo "" echo "`cat .secret`" | kinit administrator@$R echo "`cat .secret`" | klist echo "#### DHCPD Test ####" echo "" dhcp_func ;; -ad_restart) echo "Restart Samba_AD NAMED DHCPD" service samba-ad-dc restart service named restart service dhcpd restart sh adc_install.sh -dhcp_on dhcp_func ;; -ad_status) echo "Status Samba_AD NAMED DHCPD" service samba-ad-dc status service named status service dhcpd status dhcp_func ;; -dhcp) net_func dp="`rpm -aq | grep dhcp-server |tail -n1 | awk -F"-" {'print $1'} ; echo $?`" if [ 0 != "$dp" ] ; then echo "##########################" echo "Пакет server-dhcpd уже установлен." echo "##########################" else yast -i dhcp-server fi cp /etc/dhcpd.conf /etc/dhcpd.conf.original echo "authoritative ; ddns-update-style none; log-facility local7; subnet $NET netmask $MASK { option subnet-mask $MASK; option broadcast-address $BR; option time-offset 0; option routers $IPR; option domain-name \"$domain\"; option domain-name-servers $IP; option netbios-name-servers $IP; option ntp-servers $IP; pool { max-lease-time 1800; range $POOL; } }" > /etc/dhcpd.conf sed -i "s/DHCPD_INTERFACE=.*/DHCPD_INTERFACE=\"$DEV\"/g" /etc/sysconfig/dhcpd systemctl enable dhcpd.service service dhcpd start service dhcpd status ;; -dhcp_set) TIME=10 c=1 while [ "$c" = "1" ]; do net_func LOG=/var/log/localmessages PASS_ADM="`cat .secret`" Z=`cat $LOG | grep DHCPACK | tail -n 1 | grep '('| awk -F" " '{print $9}'` if [ ! -z $Z ]; then HOST=`cat $LOG | grep DHCPACK | tail -n 1 | awk -F" " '{print $9}' | sed 's/^.//' | sed 's/.$//'` echo "$HOST" HIP=`cat $LOG | grep DHCPACK | tail -n 1 | awk -F" " '{print $6}'` echo "$HIP" N=`echo $HIP| awk 'BEGIN { FS = "." } ; { print $4 }'` dhost="$HOST.$domain" A=`samba-tool dns query $server $domain $HOST A -U administrator%$PASS_ADM | grep A | awk -F":" '{print $1}' | sed 's/^[ \t]*//g'` if [ "$A" = "A" ]; then smbhost=$HOST.$domain fi if [ "$smbhost" != "$dhost" ]; then if [ "$smbhost" != "$dhost" ]; then samba-tool dns add $server $domain $HOST A $HIP -U administrator%$PASS_ADM echo "$HOST" samba-tool dns add $server $REV.in-addr.arpa $N PTR $HOST.$domain -U administrator%$PASS_ADM echo "$N" fi else if [ "" = "$dhost" ]; then if [ "$smbhost" != "$dhost" ]; then samba-tool dns add $server $domain $HOST A $HIP -U administrator%$PASS_ADM echo "$HOST" samba-tool dns add $server $REV.in-addr.arpa $N PTR $HOST.$domain -U administrator%$PASS_ADM echo "$N" fi else echo "" fi echo "" fi else echo "" fi sleep $TIME done; ;; -dhcp_on) screen -d -m ./adc_install.sh -dhcp_set & ;; -dhcp_off) service dhcpd stop off=`ps -ax | grep SCREEN | head -n 1 | awk -F" " '{print $1}'` kill -9 $off echo "dhcp_off" ;; -c_add) net_func echo "Ввеcти компьютер в домен" e="ftp 192.168.1.5" echo "Наберите имя и IP-адрес компьютера и через пробел: `echo -e '\E[33;32m'"\033[1m $e \033[0m"` и нажмите Enter:" read host adr ipn=`echo $adr | awk -F"." {'print $4'}` samba-tool dns add $server $domain $host A $adr -U administrator%$PASS_ADM samba-tool dns add $server $REV.in-addr.arpa $ipn PTR $host.$domain -U administrator%$PASS_ADM ;; -c_del) net_func echo "Удалить компьютер из домена" e="ftp 192.168.1.5" echo "Наберите имя и IP-адрес компьютера и через пробел: `echo -e '\E[33;32m'"\033[1m $e \033[0m"` и нажмите Enter:" read host adr ipn=`echo $adr | awk -F"." {'print $4'}` samba-tool dns delete $server $domain $host A $adr -U administrator%$PASS_ADM samba-tool dns delete $server $REV.in-addr.arpa $ipn PTR $host.$domain -U administrator%$PASS_ADM ;; -cname_add) net_func echo "Присвоить новое имя компьютеру - CNAME в ДНС" e="www $server" echo "Наберите новое имя компьютера и через пробел имя другого компьютера: `echo -e '\E[33;32m'"\033[1m $e \033[0m"` и нажмите Enter:" read cname host samba-tool dns add $server $domain $cname CNAME $host.$domain -U administrator%$PASS_ADM ;; -cname_del) net_func echo "Удалить имя компьютера - CNAME из ДНС" e="www $server" echo "Наберите имя компьютера и через пробел имя другого компьютера: `echo -e '\E[33;32m'"\033[1m $e \033[0m"` и нажмите Enter:" read cname host samba-tool dns delete $server $domain $cname CNAME $host.$domain -U administrator%$PASS_ADM ;; -ns_add) net_func ns=NS echo "Ввеcти`echo -e '\E[33;32m'"\033[1m $ns \033[0m"` запись для компьютера в обратную зону ДНС" e="$server" echo "Наберите имя компьютера: `echo -e '\E[33;32m'"\033[1m $e \033[0m"` и нажмите Enter:" read host samba-tool dns add $server $REV.in-addr.arpa @ NS $host.$domain -U administrator%$PASS_ADM ;; -mx_add) net_func mx=MX echo "Ввеcти `echo -e '\E[33;32m'"\033[1m $mx \033[0m"`запись для компьютера в ДНС" e="$server" echo "Наберите имя компьютера:`echo -e '\E[33;32m'"\033[1m $e \033[0m"` и нажмите Enter:" read host samba-tool dns add $server $domain @ MX "$host.$domain 10" -U administrator%$PASS_ADM #SERVER INFO #samba-tool dns serverinfo localhost #ZONE INFO #samba-tool dns zoneinfo localhost simplex.local #ZONE LIST #samba-tool dns zonelist localhost #Print all DNS records #samba-tool dns query localhost simplex.local @ ALL #Добавить UNIX-группу: #samba-tool group add groupname --nis-domain=samdom --gid-number= ;; -bind) if [ bind = "`rpm -aq | grep '^bind' | awk -F"-" {'print $1'} | tail -n1`" ] ; then echo "Пакет BIND уже установлен." else yast -i bind fi net_func echo "options { forwarders { $IP; $DNS; }; auth-nxdomain yes; dnssec-validation yes; listen-on port 53 { 127.0.0.1; $IP; }; tkey-gssapi-keytab \"/var/lib/samba/private/dns.keytab\"; allow-query { $NET/24; 127.0.0.1; }; allow-transfer { $NET/24; 127.0.0.1; }; allow-recursion { $NET/24; 127.0.0.1; }; directory \"/var/lib/named\"; empty-zones-enable no; listen-on-v6 { none; }; notify no; }; zone \".\" in { type hint; file \"root.hint\"; }; zone \"localhost\" in { type master; file \"localhost.zone\"; }; zone \"0.0.127.in-addr.arpa\" in { type master; file \"127.0.0.zone\"; }; include \"/etc/named.d/rndc-access.conf\"; dlz \"AD DNS Zone\" { database \"dlopen /usr/lib64/samba/bind9/dlz_bind9_16.so\"; }; logging { category xfer-in { log_syslog; }; channel log_syslog { syslog; }; category default { log_syslog; }; };" > /etc/named.conf echo 'KRB5RCACHETYPE="none"' >> /etc/sysconfig/named systemctl enable named.service service named start service named status ;; -mail_inst) echo "#################################" echo "Установить Mail Сервер" echo "#################################" net_func srt_func q=`rpm -aq | grep dovecot23 | awk -F"-" {'print $1'} | head -n1` echo "$q" if [ "dovecot23" = "$q" ]; then echo "Пакет dovecot уже установлен." else zypper --non-interactive install dovecot spamassassin spamass-milter amavisd-milter clamav fail2ban cat /etc/ssl/private/$server.crt /etc/ssl/private/$server.key > /etc/ssl/private/$server.pem fi echo "" e="mailadmin" echo Задайте имя SYSTEM администратора Mail Сервера \""`echo -e '\E[33;32m'"\033[1m $e \033[0m"`"\" и нажмите Enter: read -p : ADM adm=`id $ADM | awk -F"=" {'print $1'}` if [ "$adm" = "uid" ]; then echo " " echo " Aдминистратор Mail Сервера - "`echo -e '\E[33;32m'"\033[1m $e \033[0m"`" создан" else #samba-tool domain passwordsettings set --complexity=off samba-tool user create $ADM --login-shell=/bin/bash --gecos "$ADM" --given-name="$ADM" --mail-address="$ADM@$domain" --profile-path=\\\\"$server.$domain"\\profiles\\"$ADM" --home-drive=F --home-directory=\\\\"$server.$domain"\\"$ADM" su - $ADM -c "exit"; echo $? samba-tool group addmembers 'domain admins' $ADM #samba-tool domain passwordsettings set --complexity=on sed -i "s/^#root:.*/root: $ADM/g" /etc/aliases newaliases mkdir -p /var/db/dkim/ amavisd genrsa /var/db/dkim/$domain.pem echo "$ADM" > .mailadmin fi echo " " read -p "Задайте password администратора Mail Сервера "`echo -e '\E[33;32m'"\033[1m $ADM \033[0m"`" и нажмите Enter: " PASS_MAIL echo "$PASS_MAIL" > .passadmin echo "Создать новый сертификат для dovecot: " read -p "(Yy/Nn/) " ok case $ok in [Yy]* ) echo "Создать dh4094.pem или dh2048.pem?" echo "Если 1 вариант, то это продлится несколько минут...!" read -p "(1 или 2) " dh case $dh in [1]* ) echo "Это продлится несколько минут...!" sudo openssl dhparam -out /etc/ssl/private/dh4094.pem 4094 echo "Сертификат dh4094.pem cоздан. OK!" ;; [2]* ) sudo openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 echo "Сертификат dh2048.pem cоздан. OK!" ;; esac ;; [Nn]* ) q=`ls /etc/ssl/private | grep dh2048.pem` echo "$q" if [ "dh2048.pem" = "$q" ]; then echo "OK!" else echo "Нужно создать новый файл /etc/dovecot/dh2048.pem.: " sudo openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 echo "OK!" fi ;; * ) echo "Please answer Y/y N/n." ;; esac mkdir /etc/dovecot/sieve echo 'require "fileinto"; if header :contains "X-Spam-Flag" ["YES"] { fileinto "Junk"; stop; }' > /etc/dovecot/sieve/global.sieve echo "[DEFAULT] banaction = firewallcmd-rich-rules[actiontype=] banaction_allports = firewallcmd-rich-rules[actiontype=] ignoreip = 127.0.0.1/8 $NET/$MASK bantime = 60 findtime = 60 maxretry = 3 destemail = $ADM@$domain sender = fail2ban@$domain # SSH servers [sshd] enabled = true [apache-auth] enabled = true [vsftpd] enabled = true " > /etc/fail2ban/jail.local echo '#!/bin/sh # DHDIR='/etc/ssl/private/' DHBIT='2048' if [ ! -d ${DHDIR} ]; then echo Error: Directory "'"${DHDIR}"'" does not exist! exit 1 fi FILE=`mktemp` ; openssl dhparam -out $FILE ${DHBIT} > /dev/null 2>&1 && mv -f $FILE ${DHDIR}dh${DHBIT}.pem chmod 600 ${DHDIR}dh${DHBIT}.pem exit 0' > /etc/cron.daily/dh2048 ######### main.cf ########################### cp /etc/postfix/main.cf /etc/postfix/main.cf.original echo "compatibility_level = 3.7 queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/lib/postfix/bin/ data_directory = /var/lib/postfix mail_owner = postfix unknown_local_recipient_reject_code = 550 smtpd_banner = \$myhostname ESMTP debug_peer_level = 2 sendmail_path = /usr/sbin/sendmail newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq setgid_group = maildrop biff = no delay_warning_time = 1h disable_dns_lookups = no disable_mime_output_conversion = no disable_vrfy_command = yes inet_interfaces = all inet_protocols = all masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_exceptions = root mydestination = \$myhostname,\$mydomain myhostname = $server.$domain mydomain = $domain mynetworks_style = subnet relayhost = [$server.$domain] alias_maps = lmdb:/etc/aliases canonical_maps = lmdb:/etc/postfix/canonical relocated_maps = lmdb:/etc/postfix/relocated sender_canonical_maps = lmdb:/etc/postfix/sender_canonical transport_maps = lmdb:/etc/postfix/transport mail_spool_directory = /var/mail message_strip_characters = \0 mailbox_command = /usr/lib/dovecot/deliver mailbox_size_limit = 0 message_size_limit = 0 strict_8bitmime = no strict_rfc821_envelopes = no content_filter = smtp-amavis:[127.0.0.1]:10024 smtpd_delay_reject = yes smtpd_helo_required = no smtputf8_enable = no smtpd_sender_restrictions = lmdb:/etc/postfix/access smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination smtp_sasl_auth_enable = no smtpd_sasl_auth_enable = no smtp_use_tls = yes smtp_tls_loglevel = 1 smtp_enforce_tls = no smtp_tls_security_level = may smtp_tls_CApath = /etc/ssl/private smtp_tls_cert_file = /etc/ssl/private/$server.crt smtp_tls_key_file = /etc/ssl/private/$server.key smtp_tls_session_cache_database = lmdb:/var/lib/postfix/smtp_tls_session_cache smtpd_use_tls = yes smtpd_tls_loglevel = 1 smtpd_enforce_tls = no smtpd_tls_security_level = may smtpd_tls_cert_file = /etc/ssl/private/$server.crt smtpd_tls_key_file = /etc/ssl/private/$server.key smtpd_tls_auth_only = yes smtpd_tls_session_cache_database = lmdb:\${data_directory}/smtpd_scache smtpd_tls_ask_ccert = no smtpd_tls_exclude_ciphers = RC4 smtpd_tls_received_header = no smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 relay_domains = \$mydestination lmdb:/etc/postfix/relay relay_recipient_maps = lmdb:/etc/postfix/relay_recipients smtpd_milters = inet:127.0.0.1:8891, inet:127.0.0.1:7357 non_smtpd_milters = inet:127.0.0.1:8891, inet:127.0.0.1:7357 milter_default_action = accept milter_protocol = 6 " > /etc/postfix/main.cf ##################### /etc/postfix/master.cf ###################################### cp /etc/postfix/master.cf /etc/postfix/master.cf.original echo "smtp inet n - y - - smtpd submission inet n - y - - smtpd -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt -o smtpd_tls_wrappermode=no -o smtpd_sasl_auth_enable=yes -o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_milters=inet:127.0.0.1:8891 -o non_smtpd_milters=inet:127.0.0.1:7357 pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp -o syslog_name=postfix/\$service_name showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache postlog unix-dgram n - n - 1 postlogd " > /etc/postfix/master.cf ####### /etc/dovecot/dovecot.conf ############################### cp /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.original echo 'protocols = imap pop3 sieve lmtp dict { } !include conf.d/*.conf !include_try local.conf' > /etc/dovecot/dovecot.conf ####### /etc/dovecot/conf.d/10-mail.conf ################# cp /etc/dovecot/conf.d/10-mail.conf /etc/dovecot/conf.d/10-mail.conf.original echo 'mail_location = maildir:~/Maildir namespace inbox { #prefix = INBOX. inbox = yes # ... mailbox Drafts { auto = no # Never created automatically special_use = \Drafts } mailbox Junk { auto = subscribe # Automatically created and subscribed special_use = \Junk } mailbox Spam { auto = no special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { auto = no special_use = \Sent } mailbox "Archives" { auto = create # Automatically created, but no automatic subscription special_use = \Archive } mailbox Archive { auto = no special_use = \Archive } } mail_plugin_dir = /usr/lib64/dovecot/modules protocol !indexer-worker { } ' > /etc/dovecot/conf.d/10-mail.conf ####### /etc/dovecot/conf.d/10-master.conf ############### cp /etc/dovecot/conf.d/10-master.conf /etc/dovecot/conf.d/10-master.conf.original echo 'service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service submission-login { inet_listener submission { port = 587 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { mode = 0600 user = postfix group = postfix } } service imap { } service pop3 { } service submission { } service auth { unix_listener auth-userdb { } unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } } service auth-worker { } service dict { unix_listener dict { } }' > /etc/dovecot/conf.d/10-master.conf ###### /etc/dovecot/conf.d/10-auth.conf ################# cp /etc/dovecot/conf.d/10-auth.conf /etc/dovecot/conf.d/10-auth.conf.original echo 'disable_plaintext_auth = yes auth_username_format = %n auth_mechanisms = plain login !include auth-system.conf.ext' > /etc/dovecot/conf.d/10-auth.conf ####### /etc/dovecot/conf.d/10-ssl.conf ################## cp /etc/dovecot/conf.d/10-ssl.conf /etc/dovecot/conf.d/10-ssl.conf.original echo "ssl = required ssl_cert = /etc/dovecot/conf.d/10-ssl.conf ###### /etc/dovecot/conf.d/15-mailboxes.conf ############### cp /etc/dovecot/conf.d/15-mailboxes.conf /etc/dovecot/conf.d/15-mailboxes.conf.original echo 'namespace inbox { mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent auto = subscribe } mailbox "Archives" { auto = create special_use = \Archive } mailbox Archive { auto = no special_use = \Archive } }' > /etc/dovecot/conf.d/15-mailboxes.conf ###### /etc/dovecot/conf.d/15-lda.conf ##################### cp /etc/dovecot/conf.d/15-lda.conf /etc/dovecot/conf.d/15-lda.conf.original echo 'protocol lda { mail_plugins = $mail_plugins sieve }' > /etc/dovecot/conf.d/15-lda.conf ###### /etc/dovecot/conf.d/20-lmtp.conf ##################### cp /etc/dovecot/conf.d/20-lmtp.conf /etc/dovecot/conf.d/20-lmtp.conf.original echo 'protocol lmtp { mail_plugins = quota sieve }' > /etc/dovecot/conf.d/20-lmtp.conf ####### auth-system.conf.ext ############################################## cp /etc/dovecot/conf.d/auth-system.conf.ext /etc/dovecot/conf.d/auth-system.conf.ext.original echo 'passdb { driver = pam } userdb { driver = passwd }' > /etc/dovecot/conf.d/auth-system.conf.ext ###### /etc/dovecot/conf.d/20-imap.conf ######################## cp /etc/dovecot/conf.d/20-imap.conf /etc/dovecot/conf.d/20-imap.conf.original echo 'protocol imap { mail_plugins = $mail_plugins }' > /etc/dovecot/conf.d/20-imap.conf ######## Amavisd-new Virus Scanner ############################################ q=`cat /etc/amavisd.conf | grep $domain | head -n1 | awk -F" " {'print $3'}` echo "$q" if [ ! -z "$q" ]; then echo "Пакет Amavisd-new Virus Scanner установлен." else cp /etc/amavisd.conf /etc/amavisd.conf.original sed -i "s/^\$mydomain.*/\$mydomain\ = \"\\$domain\";/g" /etc/amavisd.conf key="dkim_key('$domain', 'default', '/var/db/dkim/$domain.pem'); " sed -i '/$enable_dkim_signing/a\ \'"${key}" /etc/amavisd.conf sed -i "s/192.168.0.0\/16/$NET\/$MASK/g" /etc/amavisd.conf sed -i "s/^\$inet_socket_port.*/\$inet_socket_port\ =\ [10024,10026,8891];/g" /etc/amavisd.conf sed -i "s/^#\ \$myhostname.*/\$myhostname\ =\ \"$server.$domain\";/g" /etc/amavisd.conf sed -i "s/^#\ \$notify_method.*/\$notify_method\ =\ \'smtp:[127.0.0.1]:10025\';/g" /etc/amavisd.conf sed -i "s/^#\ \$forward_method.*/\$forward_method\ =\ \'smtp:[127.0.0.1]:10025\';/g" /etc/amavisd.conf socket="\$inet_socket_bind = '127.0.0.1'; " sed -i '/$myhostname/a\ \'"${socket}" /etc/amavisd.conf sed -i "s/^#\ @bypass_virus_checks_maps.*/@bypass_virus_checks_maps, @bypass_spam_checks_maps,/g" /etc/amavisd.conf sed -i "s/^#\ @bypass_banned_checks_maps.*/@bypass_banned_checks_maps, @bypass_header_checks_maps,/g" /etc/amavisd.conf sed -i "s/^#\ @virus_lovers_maps.*/@virus_lovers_maps, @spam_lovers_maps,/g" /etc/amavisd.conf sed -i "s/^#\ @banned_files_lovers_maps.*/@banned_files_lovers_maps, @bad_header_lovers_maps,/g" /etc/amavisd.conf sed -i "s/SPAM_SA_UPDATE.*/SPAM_SA_UPDATE=\"yes\"/g" /etc/sysconfig/dhcpd fi ######## /etc/clamd.conf ########################################### cp /etc/clamd.conf /etc/clamd.conf.original echo "LogFileUnlock yes LogFileMaxSize 2M LogTime yes LogClean yes LogSyslog yes LogFacility LOG_MAIL LogRotate yes ExtendedDetectionInfo yes PidFile /run/clamav/clamd.pid TemporaryDirectory /var/tmp LocalSocket /run/clamav/clamd-socket LocalSocketMode 660 FixStaleSocket yes TCPSocket 3310 TCPAddr 127.0.0.1 StreamMaxLength 10M StreamMaxPort 32000 MaxThreads 20 ReadTimeout 300 SendBufTimeout 200 MaxQueue 200 IdleTimeout 60 User vscan PhishingSignatures no" > /etc/clamd.conf ###### clamav-milter.conf ######################### cp /etc/clamav-milter.conf /etc/clamav-milter.conf.original echo "MilterSocket inet:7357@127.0.0.1 MilterSocketMode 660 FixStaleSocket yes User vscan PidFile /run/clamav/clamav-milter.pid ClamdSocket unix:/run/clamav/clamd-socket OnInfected Quarantine AddHeader Replace ReportHostname $server.$domain LogFile /tmp/clamav-milter.log LogFileMaxSize 2M LogTime yes LogSyslog yes LogFacility LOG_MAIL LogInfected Basic LogClean Basic #SupportMultipleRecipients yes " > /etc/clamav-milter.conf #samba-tool dns add localhost $domain $server A $IP -U administrator%$PASS_ADM #samba-tool dns add localhost $REV.in-addr.arpa $IPH PTR $server.$domain. -U administrator%$PASS_ADM samba-tool dns add localhost $domain @ MX $server.$domain' 10' -U administrator%$PASS_ADM samba-tool dns add localhost $domain @ TXT "v=spf1 a:$domain mx -all" -U administrator%$PASS_ADM samba-tool dns add localhost $domain smtp CNAME $server.$domain -U administrator%$PASS_ADM samba-tool dns add localhost $domain pop3 CNAME $server.$domain -U administrator%$PASS_ADM samba-tool dns add localhost $domain imap CNAME $server.$domain -U administrator%$PASS_ADM samba-tool dns add localhost $domain webmail CNAME $server.$domain -U administrator%$PASS_ADM samba-tool dns add localhost $domain _smtp._tcp SRV $server.$domain' 25 5 0' -U administrator%$PASS_ADM samba-tool dns add localhost $domain _imaps._tcp SRV imap.$domain' 993 5 0' -U administrator%$PASS_ADM samba-tool dns add localhost $domain _pop3s._tcp SRV pop3.$domain' 995 5 0' -U administrator%$PASS_ADM samba-tool dns add localhost $domain _submission._tcp SRV smtp.$domain' 587 5 0' -U administrator%$PASS_ADM cat /var/db/dkim/$domain.pem > dh.txt sed -i '/PRIVATE/d' dh.txt PARAMETERS="`cat dh.txt`" ARG=${PARAMETERS} samba-tool dns add localhost $domain $server._domainkey TXT '"v=DKIM1; h=sha256; k=rsa;"'\ "p=$ARG" -U administrator%$PASS_ADM systemctl enable postfix.service systemctl enable dovecot.service systemctl enable amavis.service systemctl enable spamd.service systemctl enable clamd.service systemctl enable clamav-milter.service systemctl enable fail2ban.service systemctl enable freshclam.service freshclam sa-update ;; -http) net_func srt_func if [ 0 != "`rpm -aq | grep apache2 | awk -F"-" {'print $1'} | tail -n1 ; echo $?`" ] ; then echo "Пакет Apache2 уже установлен." else yast -i apache2 php8 php8-mbstring apache2-mod_php8 fi a2enmod php8 a2enmod apache2-mod_php8 a2enmod access_compat a2enmod ssl a2enmod status a2enflag SSL cp /etc/apache2/vhosts.d/vhost-ssl.template /etc/apache2/vhosts.d/$domain.conf echo "Apache2 $server.$domain установлен." sed -i "s/#DocumentRoot.*/DocumentRoot\ \"\/srv\/www\/htdocs\"/g" /etc/apache2/vhosts.d/$domain.conf sed -i "s/#ServerName.*/ServerName\ $server.$domain:443/g" /etc/apache2/vhosts.d/$domain.conf sed -i "s/SSLCertificateFile.*/SSLCertificateFile\ \/etc\/ssl\/private\/$server.crt/g" /etc/apache2/vhosts.d/$domain.conf sed -i "s/SSLCertificateKeyFile.*/SSLCertificateKeyFile\ \/etc\/ssl\/private\/$server.key/g" /etc/apache2/vhosts.d/$domain.conf sed -i "s/#ServerAdmin.*/ServerAdmin\ administrator@$domain/g" /etc/apache2/vhosts.d/$domain.conf echo "

PHP Test Page: Смотри здесь:

" > /srv/www/htdocs/index.php echo '' > /srv/www/htdocs/info.php samba-tool dns add $server $domain www CNAME $server.$domain -U administrator%$PASS_ADM systemctl enable apache2.service systemctl start apache2.service firefox https://www.$domain ;; -madmin) q=`rpm -aq | grep phpMyAdmin | awk -F"-" {'print $1'} | head -n1` echo "$q" if [ "phpMyAdmin" = "$q" ]; then echo "Пакет phpMyAdmin установлен." else zypper --non-interactive install apache2 phpMyAdmin fi net_func srt_func echo " ServerName $server.$domain DocumentRoot /usr/share/phpMyAdmin ErrorLog /var/log/apache2/phpMyAdmin_error.log CustomLog /var/log/apache2/phpMyAdmin_access.log combined Options FollowSymLinks AllowOverride All Options FollowSymLinks MultiViews AllowOverride All " > /etc/apache2/vhosts.d/phpmyadmin.conf sed -i "/ZeroConf/d" /etc/phpMyAdmin/config.inc.php a="\$cfg['ZeroConf'] = true; " sed -i '/declare/a\ \'"${a}" /etc/phpMyAdmin/config.inc.php y=`cat -n /etc/phpMyAdmin/config.inc.php | grep password | head -n1 | awk -F" " {'print $1'}` x=`echo '$cfg['\''Servers'\''][$i]['\''password'\''] = '\'$PASS_MAIL''\'';'` sed -i "$y"d /etc/phpMyAdmin/config.inc.php sed -i "$y a $x" /etc/phpMyAdmin/config.inc.php service mysql restart mysqladmin -u root password "$PASS_MAIL" systemctl restart apache2.service firefox http://$server.$domain/phpMyAdmin ;; -padmin) q=`rpm -aq | grep postfixadmin | awk -F"-" {'print $1'} | head -n1` echo "$q" if [ "postfixadmin" = "$q" ]; then echo "PostfixAdmin станов." else echo "Установить PostfixAdmin." zypper --non-interactive install apache2 postfixadmin mariadb a2enmod access_compat a2enmod ssl a2enmod status a2enflag POSTFIXADMIN fi net_func srt_func echo " ServerName $server.$domain DocumentRoot /usr/share/postfixadmin/public ErrorLog /var/log/apache2/postfixadmin_error.log CustomLog /var/log/apache2/postfixadmin_access.log combined Options FollowSymLinks AllowOverride All Options FollowSymLinks MultiViews AllowOverride All " > /etc/apache2/vhosts.d/postfix.conf systemctl restart apache2.service systemctl restart mariadb.service echo "CREATE DATABASE postfix; CREATE USER $ADM@127.0.0.1 IDENTIFIED BY \"$PASS_MAIL\"; GRANT ALL PRIVILEGES ON postfix.* TO $ADM@127.0.0.1 IDENTIFIED BY \"$PASS_MAIL\"; FLUSH PRIVILEGES;" > db.sql mysql < db.sql rm -f db.sql mysqladmin -u root password $PASS_MAIL sed -i "s/false/true/g" /etc/postfixadmin/config.local.php pass=`php -r "echo password_hash(\"$PASS_MAIL\", PASSWORD_DEFAULT);"` sed -i '/database_password/d' /etc/postfixadmin/config.local.php sed -i '/setup_password/d' /etc/postfixadmin/config.local.php sed -i '/database_user/d' /etc/postfixadmin/config.local.php echo "\$CONF['database_password'] = '$PASS_MAIL';" >> /etc/postfixadmin/config.local.php echo "\$CONF['database_user'] = '$ADM';" >> /etc/postfixadmin/config.local.php echo "\$CONF['setup_password'] = '$pass';" >> /etc/postfixadmin/config.local.php systemctl restart apache2.service service mysql restart firefox http://$server.$domain/postfixadmin/setup.php ;; -rcube) q=`rpm -aq | grep roundcubemail | awk -F"-" {'print $1'};` if [ "roundcubemail" = "$q" ]; then echo "Пакет Roundcubemail установлен." else echo "Установить Roundcube." zypper --non-interactive install roundcubemail MozillaThunderbird fi net_func srt_func echo "CREATE DATABASE roundcube; GRANT ALL PRIVILEGES ON roundcube.* TO $ADM@127.0.0.1 IDENTIFIED BY \"$PASS_MAIL\"; FLUSH PRIVILEGES;" > db.sql mysql < db.sql echo " array ( 'verify_peer_name' => false, 'verify_peer' => false, ), ); \$config['smtp_host'] = 'ssl://webmail.$domain:465'; \$config['smtp_user'] = ''; \$config['smtp_auth_type'] = 'PLAIN'; \$config['smtp_conn_options'] = array ( 'ssl' => array ( 'verify_peer' => false, 'verify_peer_name' => false, ), ); \$config['support_url'] = ''; \$config['product_name'] = 'Roundcube Webmail'; \$config['des_key'] = 'rcmail-!24ByteDESkey*Str'; \$config['plugins'] = [ 'archive', 'zipdownload', ]; \$config['skin'] = 'elastic'; " > /etc/roundcubemail/config.inc.php mysql -D roundcube < /srv/www/roundcubemail/SQL/mysql.initial.sql a2enmod php-mbstring a2enmod php-openssl a2enmod php-exif a2enmod php-intl a2enmod deflate a2enmod expires a2enmod headers a2ensite "rouncube" service apache2 restart systemctl restart apache2.service service mysql restart firefox https://webmail.$domain/roundcube/installer mv /srv/www/roundcubemail/installer /srv/www/roundcubemail/installer.DEL sed -i "/true//g"/etc/roundcubemail/config.inc.php ;; -ftp) net_func if [ ! -z "`rpm -aq | grep vsftpd | awk -F"-" {'print $1'}`" ] ; then echo "Пакет vsftpd уже установлен." else yast -i vsftpd filezilla fi srt_func echo "anonymous_enable=NO local_enable=YES userlist_deny=NO userlist_enable=YES userlist_file=/etc/vsftpd.user_list write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES xferlog_std_format=YES chroot_local_user=YES listen=YES pam_service_name=vsftpd rsa_cert_file=/etc/ssl/private/$server.pem rsa_private_key_file=/etc/ssl/private/$server.pem ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO require_ssl_reuse=NO ssl_ciphers=HIGH pasv_enable=YES pasv_min_port=64000 pasv_max_port=64321 port_enable=YES #local_root=/home/\$USER/ftp allow_writeable_chroot=YES " > /etc/vsftpd.conf samba-tool dns add $server $domain ftp CNAME $server.$domain -U administrator%$PASS_ADM systemctl enable vsftpd.service service vsftpd start service vsftpd status ;; -ftp_uadd) echo "Создать ftp login для пользователя домена " e="w.pupkin" echo "Наберите login пользователя домена: < `echo -e '\E[33;32m'"\033[1m $e \033[0m"` > и нажмите Enter:" read uftp mkdir -p /home/$uftp/ftp/upload chmod 550 /home/$uftp/ftp chmod 750 /home/$uftp/ftp/upload chown -R $uftp: /home/$uftp/ftp echo "$uftp" >> /etc/vsftpd.user_list ;; -mail_test) echo "check for valid E-MAIL" read -p "Задайте E-Mail и нажмите Enter: " MAIL echo "helo example.com mail from: rcpt to: <$MAIL> quit" > .mail user=`echo $MAIL | perl -p -e 's/^([^@]+)@([^\@]+)$/$1/g'` host=`echo $MAIL | perl -p -e 's/^([^@]+)@([^\@]+)$/$2/g'` mxhost=`host -t mx $host|perl -p -e 's/.* ([^ ]+)\.$/$1/g'|sort -R|tail -1` result=`cat .mail | nc $mxhost 465| grep ^550 | wc -c` if [ $result -eq 0 ] then e="is valid" echo $MAIL "`echo -e '\E[33;32m'"\033[1m $e \033[0m"`" exit 0 else f="is not valid" echo $MAIL "`echo -e '\E[31;35m'"\033[1m $f \033[0m"`" exit 1 fi ;; -mail_restart) echo "Restart Mail Серверa" service postfix restart service dovecot restart service amavis restart service spamd restart service clamd restart service clamav-milter restart service fail2ban restart service freshclam restart ;; -mail_stop) echo "Restart Mail Серверa" service postfix stop service dovecot stop service amavis stop service spamd stop service clamd stop service clamav-milter stop service fail2ban stop service freshclam stop ;; -mail_status) net_func echo "Status Mail Серверa" service postfix status service dovecot status service amavis status service spamd status service clamd status service clamav-milter status service fail2ban status service freshclam status echo " " echo " Можно проверить соединение SSL: # openssl s_client -connect $server.$domain:993 QUIT # openssl s_client -starttls imap -connect $server.$domain:143 QUIT # openssl s_client -starttls smtp -connect $server.$domain:587 QUIT" ;; -mail_uninst) echo "Удалить конфигурацию Mail Сервера." net_func TRUE=`ls /etc/postfix | grep main.cf.original` if [ ! -z $TRUE ]; then mv /etc/postfix/main.cf.original /etc/postfix/main.cf mv /etc/postfix/master.cf.original /etc/postfix/master.cf mv /etc/dovecot/conf.d/10-mail.conf.original /etc/dovecot/conf.d/10-mail.conf mv /etc/dovecot/conf.d/10-master.conf.original /etc/dovecot/conf.d/10-master.conf mv /etc/dovecot/conf.d/10-auth.conf.original /etc/dovecot/conf.d/10-auth.conf mv /etc/dovecot/conf.d/10-ssl.conf.original /etc/dovecot/conf.d/10-ssl.conf mv /etc/dovecot/conf.d/15-mailboxes.conf.original /etc/dovecot/conf.d/15-mailboxes.conf mv /etc/dovecot/conf.d/auth-system.conf.ext.original /etc/dovecot/conf.d/auth-system.conf.ext mv /etc/amavisd.conf.original /etc/amavisd.conf mv /etc/clamd.conf.original /etc/clamd.conf mv /etc/clamav-milter.conf.original /etc/clamav-milter.conf sed -i "s/^root:.*/#root:/g" /etc/aliases sed -i '/KRB5RCACHETYPE/d' /etc/sysconfig/named echo "server 3.opensuse.pool.ntp.org iburst" > /etc/chrony.d/pool.conf fi ;; -bsys) echo "backup system" net_func BACKUP_DIR="/opt/backup-`date "+%m.%d.%H.%M"`" mkdir -p $BACKUP_DIR/etc/ cp -a /etc/apache2 $BACKUP_DIR/etc/ cp -a /etc/dovecot $BACKUP_DIR/etc/ cp -a /etc/pam.d $BACKUP_DIR/etc/ cp -a /etc/postfix $BACKUP_DIR/etc/ cp -a /etc/amavisd.conf $BACKUP_DIR/etc cp -a /etc/chrony.d/ $BACKUP_DIR/etc cp -a /etc/clamd.conf $BACKUP_DIR/etc cp -a /etc/clamav-milter.conf $BACKUP_DIR/etc cp -a /etc/nsswitch.conf $BACKUP_DIR/etc cp -a /etc/sudoers $BACKUP_DIR/etc cp -a /etc/sysconfig $BACKUP_DIR/etc/ cp -a /etc/samba $BACKUP_DIR/etc/ cp -a /etc/named.conf $BACKUP_DIR/etc cp -a /etc/dhcpd.conf $BACKUP_DIR/etc cp -a /etc/vsftpd.conf $BACKUP_DIR/etc cp -a /etc/ssl $BACKUP_DIR/etc cp -a /etc/postfixadmin $BACKUP_DIR/etc cp -a /etc/phpMyAdmin $BACKUP_DIR/etc cp -a /etc/roundcubemail $BACKUP_DIR/etc cp -a /etc/fail2ban $BACKUP_DIR/etc ;; *) echo " -ad_install - Установить Samba_AD NAMED DHCPD. -ad_uninstall - Удалить конфигурацию Samba_AD. -ad_restart - Restart Samba_AD NAMED DHCPD. -ad_status - Status Samba_AD NAMED DHCPD. -ad_test - Прoверка работы Samba_AD. -uadd - Создать пользователя домена. -udel - Удалить пользователя домена. -gadd - Создать группу домена. -ugadd - Ввести пользователя в группу домена. -upass - Задать пароль пользователю домена -dhcp - Установить DHCPD. -dhcp_on - Включить DHCPD demon. --Вводит IP-адрес и имя компьютера ( принтера, смартфона и пр.) в прямую и обратную зону ДНС. -dhcp_off - Выключить DHCPD demon. -bind - Установить NAMED. -c_add - Ввеcти компьютер в ДНС. -c_del - Удалить компьютер из ДНС. -cname_add - Присвоить новое имя компьютеру - CNAME в ДНС. -cname_del - Удалить имя компьютера - CNAME из ДНС. -ns_add - Ввеcти NS запись для компьютера в обратную зону ДНС. -mx_add - Ввеcти MX запись для компьютера в ДНС. -ftp - Установить FTP Сервер VSTPD. -http - Установить HTTP Сервер Apache2. -mail_inst - Установить Mail Сервер. -mail_uninst - Удалить конфигурацию Mail Серверa. -mail_restart - Restart Mail Серверa. -mail_status - Status Mail Серверa. -mail_stop - Stop Сервер -mail_test - Test Mail Серверa. -padmin - Установить PostfixAdmin -madmin - Установить phpMyAdmin -rcube - Установить Roundcubemail -bsys - Бэкап внесённых изменений в систему ". ;; esac exit 1 #end #################### download trial virus ##################################### # wget http://www.eicar.org/download/eicar.com # clamscan --infected --remove --recursive /home/ # #################### ANTIVIRUS-TEST-FILE ####################################### # #### X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* # #################### ANTI-SPAM-TEST ############################################## # ### XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X