XAROBASE
/
Scripts
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Récupération

This commit is contained in:
Administrateur XAROBASE 2018-09-11 18:35:00 +02:00
parent f3875e447c
commit 840d8a1179
4 changed files with 311 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

261
Linux/Messagerie/mail.sh Normal file
View File

@ -0,0 +1,261 @@
#!/bin/bash
# Vérification root
if [ `whoami` != 'root' ];
then
exit
fi
# Initialisation des variables
SOURCE=`pwd`
echo ' __ __ _____ ____ ____ _____ ______'
echo ' \ \ / / /\ | __ \ / __ \| _ \ /\ / ____| ____|'
echo ' \ V / / \ | |__) | | | | |_) | / \ | (___ | |__'
echo ' > < / /\ \ | _ /| | | | _ < / /\ \ \___ \| __|'
echo ' / . \ / ____ \| | \ \| |__| | |_) / ____ \ ____) | |____'
echo ' /_/ \_\/_/ \_\_| \_\\____/|____/_/ \_\_____/|______|'
echo ' _____ __ _'
echo '/ ___| / _| |'
echo '\ `--. ___ | |_| |___ ____ _ _ __ ___'
echo ' `--. \/ _ \| _| __\ \ /\ / / _` | '__/ _ \'
echo '/\__/ / (_) | | | |_ \ V V / (_| | | | __/'
echo '\____/ \___/|_| \__| \_/\_/ \__,_|_| \___|'
echo ""
echo "Programme de déploiement de service mail (V1)"
echo ""
read -p "Ce script s'adresse aux utilisateurs expérimentés. Voulez-vous continuer ? (o/N) : " CONFIRM
CONFIRM=${CONFIRM^^}
if [ $CONFIRM != 'O' ];
then
exit
fi
echo "#######################"
echo "# Lancement du script #"
echo "#######################"
# Installation des mises à jours
echo "########################################"
echo "# Début de la procédure de mise à jour #"
echo "########################################"
apt-get update
apt-get upgrade -y
echo "-- Mise à jour terminé !"
# Services à déployer
echo "#######################"
echo "# Services à déployer #"
echo "#######################"
read -p "Voulez-vous déployer le service mail ? (o/N) : " MAIL
MAIL=${MAIL^^}
if [ $MAIL == 'O' ];
then
# Installation Mail
echo "###############################################"
echo "# Lancement de l'installation du service mail #"
echo "###############################################"
apt-get install mariadb-server mariadb-client expect -y
echo "-- Installation de MariaDB terminé !"
DEBIAN_FRONTEND=noninteractive apt-get install postfix -y
echo "-- Installation de Postfix terminé !"
apt-get install postfix-mysql -y
echo "-- Installation du plugin postfix-mysql terminé !"
apt-get install dovecot-core dovecot-imapd dovecot-lmtpd dovecot-mysql -y
echo "-- Installation de Dovecot terminé !"
apt-get install apache2 -y
echo "-- Installation de Apache terminé !"
apt-get install php php-mysql php-imap -y
echo "-- Installation de PHP terminé !"
# Questions Mail et définition des variables
echo "#################################"
echo "# Configuration du service mail #"
echo "#################################"
read -p "Entrer votre nom de domaine : " DOMAIN
read -p "Définir le nom d'utilisateur administrateur du serveur mail : " POSTFIXADMIN_ADMIN
read -p "Entrer le mot de passe root du SGBD (laisser vide si première BDD) : " MARIADB_ROOT_PASSWORD
read -p "Définir le mot de passe postfix du SGBD : " MARIADB_POSTFIX_PASSWORD
APACHE_CONFIG_SS=`cat /etc/apache2/apache2.conf | grep "ServerSignature Off"`
APACHE_CONFIG_ST=`cat /etc/apache2/apache2.conf | grep "ServerTokens Prod"`
echo "#####################"
echo "# Configuration BDD #"
echo "#####################"
mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "UPDATE mysql.user SET Password=PASSWORD('$MARIADB_ROOT_PASSWORD') WHERE User='root';"
echo "-- Mot de passe root changé !"
mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "DELETE FROM mysql.user WHERE User='';"
echo "-- Suppression des utilisateurs anonymes !"
mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
echo "-- Suppression des connexions root à distance !"
mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "CREATE database postfix;"
echo "-- Base de donné postfix créée !"
mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "CREATE USER 'postfix'@'localhost' IDENTIFIED BY '$MARIADB_POSTFIX_PASSWORD';"
mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "GRANT USAGE ON *.* TO 'postfix'@'localhost';"
mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "GRANT ALL PRIVILEGES ON postfix.* TO 'postfix'@'localhost';"
echo "-- Création de l'utilisateur postfix !"
mysql -u root --password='$MARIADB_ROOT_PASSWORD' -e "FLUSH PRIVILEGES;"
echo "-- Application des paramètres !"
echo "###########################"
echo "# Configuration de Apache #"
echo "###########################"
if [ -z $APACHE_CONFIG_SS ];
then
echo "ServerSignature Off" >> /etc/apache2/apache2.conf
fi
if [ -z $APACHE_CONFIG_ST ];
then
echo "ServerTokens Prod" >> /etc/apache2/apache2.conf
fi
echo "-- Signature serveur supprimée !"
echo "Listen 8083" >> /etc/apache2/ports.conf
echo "-- Port d'écoute ajouté !"
echo "############################"
echo "# Configuration de Postfix #"
echo "############################"
echo "" > /etc/postfix/main.cf
echo -e "#######################\n## GENERALS SETTINGS ##\n#######################\n\nsmtpd_banner\t\t= \$myhostname ESMTP \$mail_name (Debian/GNU)\nbiff\t\t\t= no\nappend_dot_mydomain\t= no\nreadme_directory\t= no\ndelay_warning_time\t= 4h\nmailbox_command\t\t= procmail -a \"\$EXTENSION\"\nrecipient_delimiter\t= +\ndisable_vrfy_command\t= yes\nmessage_size_limit\t= 26214400\nmailbox_size_limit\t= 524288000\n\ninet_interfaces\t= all\ninet_protocols\t= ipv4\n\nmyhostname\t= $DOMAIN\nmyorigin\t= $DOMAIN\nmydestination\t= localhost localhost.\$mydomain\nmynetworks\t= 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128\nrelayhost\t= \n\nalias_maps\t= hash:/etc/aliases\nalias_database\t= hash:/etc/aliases\n\n##################\n## DKIM ##\n##################\n\nmilter_protocol = 6\nmilter_default_action = accept\nsmtpd_milters = unix:/clamav/clamav-milter.ctl\n\n####################\n## TLS PARAMETERS ##\n####################\n# Smtp ( OUTGOING / Client )\nsmtp_tls_loglevel\t\t= 1\nsmtp_tls_security_level\t\t= may\nsmtp_tls_CAfile\t\t\t= /etc/ssl/certs/ca.cert.pem\nsmtp_tls_protocols\t\t= !SSLv3\nsmtp_tls_mandatory_protocols\t= !SSLv3\nsmtp_tls_mandatory_ciphers\t= high\nsmtp_tls_exclude_ciphers\t= aNULL, eNULL, EXPORT, DES, DES, RC2, RC4, MD5, PSK, SRP, DSS, AECDH, ADH\nsmtp_tls_note_starttls_offer\t= yes\n\n# Smtpd ( INCOMING / Server )\nsmtpd_tls_loglevel\t\t= 1\nsmtpd_tls_auth_only\t\t= yes\nsmtpd_tls_security_level\t= may\nsmtpd_tls_received_header\t= yes\nsmtpd_tls_protocols\t\t= !SSLv3\nsmtpd_tls_mandatory_protocols\t= !SSLv3\nsmtpd_tls_mandatory_ciphers\t= medium\nsmtpd_tls_CAfile\t\t= \$smtp_tls_CAfile\nsmtpd_tls_cert_file\t\t= etc/ssl/certs/mailserver.crt\nsmtpd_tls_key_file\t\t= /etc/ssl/private/mailserver.key\nsmtpd_tls_dh1024_param_file\t= \$config_directory/dh2048.pem\nsmtpd_tls_dh512_param_file\t= \$config_directory/dh512.pem\n\ntls_preempt_cipherlist\t= yes\ntls_random_source\t= dev:/dev/urandom\n\nsmtp_tls_session_cache_database\t\t= btree:\${data_directory}/smtp_scache\nsmtpd_tls_session_cache_database\t= tree:\${data_directory}/smtpd_scache\nlmtp_tls_session_cache_database\t\t= btree:\${data_directory}/lmtp_scache\n\n#####################\n## SASL PARAMETERS ##\n#####################\n\nsmtpd_sasl_auth_enable\t\t= es\nsmtpd_sasl_type\t\t\t= dovecot\nsmtpd_sasl_path\t\t\t= private/auth\nsmtpd_sasl_security_options\t= noanonymous\nsmtpd_sasl_tls_security_options\t= \$smtpd_sasl_security_options\nsmtpd_sasl_local_domain\t\t= $mydomain\nsmtpd_sasl_authenticated_header\t= yes\n\n##############################\n## VIRTUALS MAPS PARAMETERS ##\n##############################\n\nvirtual_uid_maps\t= static:5000\nvirtual_gid_maps\t= static:5000\nvirtual_minimum_uid\t= 5000\nvirtual_mailbox_base\t= /var/mail\nvirtual_transport\t= lmtp:unix:private/dovecot-lmtp\nvirtual_mailbox_domains\t= mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf\nvirtual_mailbox_maps\t= mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf\nvirtual_alias_maps\t= mysql:/etc/postfix/mysql-virtual-alias-maps.cf\nsmtpd_sender_login_maps\t= mysql:/etc/postfix/mysql-sender-ogin-maps.cf\n\n######################\n## ERRORS REPORTING ##\n######################\n\nbounce_template_file\t= /etc/postfix/bounce.cf\n\nnotify_classes\t\t= resource, software\n\nerror_notice_recipient\t= POSTFIXADMIN_ADMIN@$DOMAIN\n\n##################\n## RESTRICTIONS ##\n##################\n\nmime_header_checks\t= regexp:/etc/postfix/header_checks\nheader_checks\t\t= regexp:/etc/postfix/header_checks\n\nsmtpd_recipient_restrictions =\n\tpermit_mynetworks,\n\tpermit_sasl_authenticated,\n\treject_non_fqdn_recipient,\n\treject_unauth_destination,\n\treject_unknown_recipient_domain,\n\treject_rbl_client zen.spamhaus.org\n\nsmtpd_reject_unlisted_sender = yes\n\nsmtpd_sender_restrictions =\n\treject_non_fqdn_sender,\n\treject_unknown_sender_domain,\n\treject_unlisted_sender,\n\treject_sender_login_mismatch,\n\treject_authenticated_sender_login_mismatch\n\nsmtpd_helo_restrictions =\n\tpermit_mynetworks,\n\tpermit_sasl_authenticated,\n\treject_invalid_helo_hostname,\n\treject_non_fqdn_helo_hostname,\n\treject_unknown_helo_hostname\n\nsmtpd_client_restrictions =\n\tpermit_mynetworks,\n\tpermit_inet_interfaces,\n\tpermit_sasl_authenticated,\n\treject_plaintext_session,\n\treject_unauth_pipelining" >> /etc/postfix/main.cf
cd /etc/ssl/
openssl genrsa -out ca.key.pem 4096
openssl req -x509 -new -nodes -days 3650 -sha256 -key ca.key.pem -out ca.cert.pem
openssl genrsa -out mailserver.key 4096
openssl req -new -sha256 -key mailserver.key -out mailserver.csr
openssl x509 -req -days 1460 -sha256 -in mailserver.csr -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -out mailserver.crt
chmod 444 ca.cert.pem
chmod 444 mailserver.crt
chmod 400 ca.key.pem
chmod 400 mailserver.key
mv ca.key.pem private/
mv ca.cert.pem certs/
mv mailserver.key private/
mv mailserver.crt certs/
openssl dhparam -out /etc/postfix/dh2048.pem 2048
openssl dhparam -out /etc/postfix/dh512.pem 512
touch /etc/postfix/mysql-virtual-mailbox-domains.cf
echo -e "hosts = 127.0.0.1\nuser = postfix\npassword = $MARIADB_POSTFIX_PASSWORD\ndbname = postfix\nquery = SELECT domain FROM domain WHERE domain='%s' and backupmx = 0 and active = 1" >> /etc/postfix/mysql-virtual-mailbox-domains.cf
touch /etc/postfix/mysql-virtual-mailbox-maps.cf
echo -e "hosts = 127.0.0.1\nuser = postfix\npassword = $MARIADB_POSTFIX_PASSWORD\ndbname = postfix\nquery = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1" >> /etc/postfix/mysql-virtual-mailbox-maps.cf
touch /etc/postfix/mysql-virtual-alias-maps.cf
echo -e "hosts = 127.0.0.1\nuser = postfix\npassword = $MARIADB_POSTFIX_PASSWORD\ndbname = postfix\nquery = SELECT goto FROM alias WHERE address='%s' AND active = 1" >> /etc/postfix/mysql-virtual-alias-maps.cf
touch /etc/postfix/mysql-sender-login-maps.cf
echo -e "hosts = 127.0.0.1\nuser = postfix\npassword = $MARIADB_POSTFIX_PASSWORD\ndbname = postfix\nquery = SELECT username FROM mailbox WHERE username='%s' AND active = 1" >> /etc/postfix/mysql-sender-login-maps.cf
echo "" > /etc/postfix/master.cf
echo -e "smtp\tinet\tn\t-\ty\t-\t-\tsmtpd\n\t-o content_filter=spamassassin\n\nsubmission\tinet\tn\t-\ty\t-\t-\tsmtpd\n\t-o syslog_name=postfix/submission\n\t-o smtpd_tls_dh1024_param_file=\${config_directory}/dh2048.pem\n\t-o smtpd_tls_security_level=encrypt\n\t-o smtpd_sasl_auth_enable=yes\n\t-o smtpd_client_restrictions=\$mua_client_restrictions\n\t-o smtpd_helo_restrictions=\$mua_helo_restrictions\n\t-o smtpd_sender_restrictions=\$mua_sender_restrictions\n\t-o smtpd_recipient_restrictions=\$mua_sender_restrictions\n\t-o content_filter=spamassassin\npickup\tunix\tn\t-\ty\t60\t1\tpickup\ncleanup\tunix\tn\t-\ty\t-t0\tcleanup\nqmgr\tunix\tn\t-\tn\t300\t1\tqmgr\n#qmgr\tunix\tn\t-\tn\t300\t1\toqmgr\ntlsmgr\tunix\t-\t-\ty\t1000?\t1\ttlsmgr\nrewrite\tunix\t-\t-\ty\t-\t-\ttrivial-rewrite\nbounce\tunix\t-\t-\ty\t-\t0\tbounce\ndefer\tunix\t-\t-\ty\t-\t0\tbounce\ntrace\tunix\t-\t-\ty\t-\t0\tbounce\nverify\tunix\t-\t-\ty\t-\t1\tverify\nflush\tunix\tn\t-\ty\t1000?\t0\tflush\nproxymap\tunix\t-\t-\tn\t-\t-\tproxymap\nproxywrite\tunix -\t-\tn\t-\t1\tproxymap\nsmtp\tunix\t-\t-\ty\t-\t-\tsmtp\nrelay\tunix\t-\t-\ty\t-\t-\tsmtp\nshowq\tunix\tn\t-\ty\t-\t-\tshowq\nerror\tunix\t-\t-\ty\t-\t-\terror\nretry\tunix\t-\t-\ty\t-\t-\terror\ndiscard\tunix\t-\t-\ty\t-\t-\tdiscard\nlocal\tunix\t-\tn\tn\t-\t-\tlocal\nvirtual\tunix\t-\tn\tn\t-\t-\tvirtual\nlmtp\tunix\t-\t-\ty\t-\t-\tlmtp\nanvil\tunix\t-\t-\ty\t-\t1\tanvil\nscache\tunix\t-\t-\ty\t-\t1\tscache\nmaildrop\tunix\t-\tn\tn\t-\t-tpipe\n\tflags=DRhu user=vmail argv=/usr/bin/maildrop -d \${recipient}\nuucp\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=Fqhu user=uucp argv=uux -r -n -z -a\$sender - \$nexthop!rmail (\$recipient)\nifmail\tunix\t-\tn\tn\t-\t-tpipe\n\tflags=F user=ftn argv=/usr/lib/ifmail/ifmail -r \$nexthop (\$recipient)\nbsmtp\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t\$nexthop -f\$sender \$recipient\nscalemail-ackend\tunix\t-\tn\tn\t-\t2\tpipe\n\tflags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store \${nexthop} \${user} \${extension}\nmailman\tunix\t-\tn\tn\t-\t-\tpipe\n\tflags=FR user=list rgv=/usr/lib/mailman/bin/postfix-to-mailman.py\n\t\${nexthop} \${user}\n\nspamassassin\tunix\t-\tn\tn\t-\t-\tpipe\n\tuser=debian-spamd argv=/usr/bin/spamc -s 26214400 -f -e /usr/sbin/sendmail -oi -f \${sender} \${recipient}" >> /etc/postfix/master.cf
echo "############################"
echo "# Configuration de Dovecot #"
echo "############################"
echo "" > /etc/dovecot/dovecot.conf
echo -e "
!include_try /usr/share/dovecot/protocols.d/*.protocol\n protocols = imap lmtp sieve\nlisten = *\nmail_plugins = \$mail_plugins quota\n!include conf.d/*.conf\n!include_try local.conf" >> /etc/dovecot/dovecot.conf
echo "" > /etc/dovecot/conf.d/10-mail.conf
echo -e "mail_location = maildir:/var/mail/vhosts/%d/%n/mail\nmaildir_stat_dirs=yes\nnamespace inbox {\n\tinbox = yes\n}\nmail_uid = 5000\nmail_gid = 5000\nfirst_valid_uid = 5000\nlast_valid_uid = 5000\nmail_privileged_group = vmail" >> /etc/dovecot/conf.d/10-mail.conf
mkdir -p /var/mail/vhosts/$DOMAIN
groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /var/mail
chown -R vmail:vmail /var/mail
echo "" > /etc/dovecot/conf.d/10-auth.conf
echo -e "disable_plaintext_auth = yes\nauth_mechanisms = plain login\n!include auth-sql.conf.ext" >> /etc/dovecot/conf.d/10-auth.conf
echo "" > /etc/dovecot/conf.d/auth-sql.conf.ext
echo -e "passdb {\n\tdriver = sql\n\targs = /etc/dovecot/dovecot-sql.conf\n}\nuserdb {\n\tdriver = sql\n\targs = /etc/dovecot/dovecot-sql.conf}" >> /etc/dovecot/conf.d/auth-sql.conf.ext
echo "" > /etc/dovecot/dovecot-sql.conf
echo -e "driver = mysql\nconnect = host=127.0.0.1 dbname=postfix user=postfixuser password=$MARIADB_POSTFIX_PASSWORD\ndefault_pass_scheme = SHA512-CRYPT\nuser_query = SELECT CONCAT('/var/mail/vhosts/',maildir) as home, CONCAT('maildir:/var/mail/vhosts/',maildir,'mail/') as mail, CONCAT('*:bytes=', IF(mailbox.quota = -1, domain.maxquota*1048576, mailbox.quota)) as quota_rule FROM mailbox, domain WHERE username = '%u' AND mailbox.active = '1' AND domain.domain = '%d' AND domain.active = '1'\npassword_query = SELECT username as user, password, CONCAT('/var/mail/vhosts/',maildir) AS userdb_home, CONCAT('maildir:/var/mail/vhosts/',maildir,'mail/') AS userdb_mail FROM mailbox WHERE username = '%u' AND active = '1'" >> /etc/dovecot/dovecot-sql.conf
chown -R vmail:dovecot /etc/dovecot
chmod -R o-rwx /etc/dovecot
echo "" > /etc/dovecot/conf.d/10-master.conf
echo -e "service imap-login {\n\tinet_listener imap {\n\t\tport = 143\n\t}\n\tinet_listener imaps {\n\t\tport = 993\n\t\tssl = yes\n\t}\n\tservice_count = 0\n}\nservice lmtp {\n\tunix_listener /var/spool/postfix/private/dovecot-lmtp {\n\t\tmode = 0600\n\t\tuser = postfix\n\t\tgroup = postfix\n\t}\n}\nservice imap {\n}\nservice auth {\n\tunix_listener auth-userdb {\n\t\tmode = 0600\n\t\tuser = vmail\n\t\tgroup = vmail\n\t}\n\tunix_listener /var/spool/postfix/private/auth {\n\t\tmode = 0666\n\t\tuser = postfix\n\t\tgroup = postfix\n\t}\n\tuser = dovecot\n}\nservice auth-worker {\n\tuser = vmail\n}" >> /etc/dovecot/conf.d/10-master.conf
echo "" > /etc/dovecot/conf.d/10-ssl.conf
echo -e "ssl = required\nssl_cert = </etc/letsencrypt/live/xarobase.com/fullchain.pem\nssl_key = </etc/letsencrypt/live/xarobase.com/privkey.pem\nssl_dh_parameters_length = 2048\nssl_protocols = !SSLv3\nssl_cipher_list = ALL:!aNULL:!eNULL:!LOW:!MEDIUM:!EXP:!RC2:!RC4:!DES:!3DES:!MD5:!PSK:!SRP:!DSS:!AECDH:!ADH:@STRENGTH\nssl_prefer_server_ciphers = yes" >> /etc/dovecot/conf.d/10-ssl.conf
echo "#############################"
echo "# Installation PostfixAdmin #"
echo "#############################"
cd /var/www
wget https://sourceforge.net/projects/postfixadmin/files/latest/postfixadmin.tar.gz
echo "-- Archive téléchargée !"
tar -xzf postfixadmin.tar.gz
echo "-- Archive décompressée !"
mv postfixadmin-* postfixadmin
cp /var/www/postfixadmin/config.inc.php /var/www/postfixadmin/config.local.php
rm -rf postfixadmin.tar.gz
sed -i -e "s/\$CONF\[\x27configured\x27\] =.*/\$CONF['configured'] = true;/" /var/www/postfixadmin/config.local.php
sed -i -e "s/\$CONF\[\x27default_language\x27\] =.*/\$CONF['default_language'] = 'fr';/" /var/www/postfixadmin/config.local.php
sed -i -e "s/\$CONF\[\x27database_type\x27\] =.*/\$CONF['database_type'] = 'mysqli';/" /var/www/postfixadmin/config.local.php
sed -i -e "s/\$CONF\[\x27database_host\x27\] =.*/\$CONF['database_host'] = 'localhost';/" /var/www/postfixadmin/config.local.php
sed -i -e "s/\$CONF\[\x27database_user\x27\] =.*/\$CONF['database_user'] = 'postfix';/" /var/www/postfixadmin/config.local.php
sed -i -e "s/\$CONF\[\x27database_password\x27\] =.*/\$CONF['database_password'] = '$MARIADB_POSTFIX_PASSWORD';/" /var/www/postfixadmin/config.local.php
sed -i -e "s/\$CONF\[\x27database_name\x27\] =.*/\$CONF['database_name'] = 'postfix';/" /var/www/postfixadmin/config.local.php
sed -i -e "s/\$CONF\[\x27admin_email\x27\] =.*/\$CONF['admin_email'] = '$POSTFIXADMIN_ADMIN@$DOMAIN';/" /var/www/postfixadmin/config.local.php
sed -i -e "s/\$CONF\[\x27domain_path\x27\] =.*/\$CONF['domain_path'] = 'YES';/" /var/www/postfixadmin/config.local.php
sed -i -e "s/\$CONF\[\x27domain_in_mailbox\x27\] =.*/\$CONF['domain_in_mailbox'] = 'NO';/" /var/www/postfixadmin/config.local.php
sed -i -e "s/\$CONF\[\x27fetchmail\x27\] =.*/\$CONF['fetchmail'] = 'NO';/" /var/www/postfixadmin/config.local.php
echo "-- Paramètres appliqués !"
chown -R www-data:www-data postfixadmin
echo "-- Droits sur le répertoire appliqués !"
touch /etc/apache2/sites-available/postfixadmin.conf
echo -e "<VirtualHost *:8083>\n\tServerAdmin webmaster@$DOMAIN\n\tDocumentRoot /var/www/postfixadmin/public\n\tErrorLog \${APACHE_LOG_DIR}/error.log\n\tCustomLog \${APACHE_LOG_DIR}/access.log combined\n</VirtualHost>" >> /etc/apache2/sites-available/postfixadmin.conf
echo "-- Vhost créé !"
a2ensite postfixadmin
echo "-- Vhost activé !"
fi
# Redémarrage des services
echo "############################"
echo "# Redémarrage des services #"
echo "############################"
if [ $VPN == 'O' ];
then
service openvpn restart
echo "-- OpenVPN redémarré !"
fi
cd $SOURCE
# Ajout de la vérification XAROBASE
FILE=`cat /etc/XAROBASE`
if [ -z $FILE ] || [ $FILE != 'INSTALLED' ];
then
# Ajout du motd
touch /etc/XAROBASE
echo "INSTALLED" > /etc/XAROBASE
echo "" > /etc/motd
echo ' __ __ _____ ____ ____ _____ ______' >> /etc/motd
echo ' \ \ / / /\ | __ \ / __ \| _ \ /\ / ____| ____|' >> /etc/motd
echo ' \ V / / \ | |__) | | | | |_) | / \ | (___ | |__' >> /etc/motd
echo ' > < / /\ \ | _ /| | | | _ < / /\ \ \___ \| __|' >> /etc/motd
echo ' / . \ / ____ \| | \ \| |__| | |_) / ____ \ ____) | |____' >> /etc/motd
echo ' /_/ \_\/_/ \_\_| \_\\____/|____/_/ \_\_____/|______|' >> /etc/motd
echo ' _____ __ _' >> /etc/motd
echo '/ ___| / _| |' >> /etc/motd
echo '\ `--. ___ | |_| |___ ____ _ _ __ ___' >> /etc/motd
echo ' `--. \/ _ \| _| __\ \ /\ / / _` | '__/ _ \' >> /etc/motd
echo '/\__/ / (_) | | | |_ \ V V / (_| | | | __/' >> /etc/motd
echo '\____/ \___/|_| \__| \_/\_/ \__,_|_| \___|' >> /etc/motd
echo -e "\n\t\t\t\t\t\t${HOSTNAME^^}" >> /etc/motd
echo '' >> /etc/motd
fi
if [ $VPN == 'O' ];
then
echo "-- Service Mail" >> /etc/motd
fi
echo "#########################"
echo "# Fin de l'installation #"
echo "#########################"
echo "Vous disposé maintenant des services suivant : "
if [ $VPN == 'O' ];
then
echo "-- Service VPN"
echo "Vous pouvez vous connecter au serveur avec un client grâce à l'archive présente dans /etc/openvpn/clientconf/$VPN_USER.zip"
echo "Un redémarrage est nécessaire !"
fi

40
Linux/Réseaux/dns-dhcp.sh
View File

@ -1,5 +1,11 @@
#!/bin/bash
#Initialisation des variables
# Vérification root
if [ `whoami` != 'root' ];
then
exit
fi
# Initialisation des variables
SOURCE=`pwd`
MAJ=n
MENTEUR=n
@ -16,9 +22,9 @@ echo ' `--. \/ _ \| _| __\ \ /\ / / _` | '__/ _ \'
echo '/\__/ / (_) | | | |_ \ V V / (_| | | | __/'
echo '\____/ \___/|_| \__| \_/\_/ \__,_|_| \___|'
echo ""
echo "Programme de déploiement de service DNS et DHCP (V1)"
echo "Programme de déploiement de service DNS et DHCP (V2)"
echo ""
read -p "Ce script s'adresse aux utilisateurs expérimentés. Voulvez-vous continuer ? (O/N) : " CONFIRM
read -p "Ce script s'adresse aux utilisateurs expérimentés. Voulvez-vous continuer ? (o/N) : " CONFIRM
CONFIRM=${CONFIRM^^}
if [ $CONFIRM != 'O' ];
then
@ -40,24 +46,25 @@ echo "-- Mise à jour terminé !"
echo "#######################"
echo "# Services à déployer #"
echo "#######################"
read -p "Voulez-vous déployer le service DNS ? (O/N) : " DNS
read -p "Voulez-vous déployer le service DNS ? (o/N) : " DNS
DNS=${DNS^^}
read -p "Voulez-vous déployer le service DHCP ? (O/N) : " DHCP
read -p "Voulez-vous déployer le service DHCP ? (o/N) : " DHCP
DHCP=${DHCP^^}
# Sevices associés
if [ $DNS == 'O' ] && [ $DHCP == 'O' ];
then
read -p "Voulez-vous installer la fonctionnalité de mise à jour automaitque entre le DHCP et le DNS ? (O/N) : " MAJ
read -p "Voulez-vous installer la fonctionnalité de mise à jour automaitque entre le DHCP et le DNS ? (o/N) : " MAJ
MAJ=${MAJ^^}
fi
read -p "Quel est l'interface réseau à utilisé ? : " INTERFACE
# Récupération adresse IP, HOSTNAME et utilisateur
IP=`ifconfig $INTERFACE | grep netmask | awk -F" " '{print $2}'`
HOSTNAME=`hostname`
# Récupération adresse IP, HOSTNAME
IP=`ip -4 addr show $INTERFACE | grep inet | awk -F" " '{print $2}' | awk -F"/" '{print $1}'`
DNS_SRV=$IP
USER=`whoami`
HOSTNAME=`hostname`
#Lancement des installs
if [ $DNS == 'O' ];
then
@ -74,7 +81,7 @@ then
echo "########################"
read -p "Entrer le TLD de votre réseau local : " TLD
TLD=${TLD,,}
read -p "Voulez-vous installer la fonctionnalité de DNS menteur ? (O/N) : " MENTEUR
read -p "Voulez-vous installer la fonctionnalité de DNS menteur ? (o/N) : " MENTEUR
MENTEUR=${MENTEUR^^}
SERIAL=`date +%Y%m%d`
IP_REV=`echo $IP | awk -F"." '{print $3}'`.`echo $IP | awk -F"." '{print $2}'`.`echo $IP | awk -F"." '{print $1}'`.in-addr.arpa
@ -107,8 +114,8 @@ then
echo "-- Zones configurés !"
touch /etc/bind/db.$TLD
touch /etc/bind/db.$TLD.inv
echo -e "\$ORIGIN .\n\$TTL 7200\n$TLD\t\t\tIN SOA $HOSTNAME.$TLD. $USER.$TLD. (\n\t\t\t\t$SERIAL\n\t\t\t\t7200\n\t\t\t\t3600\n\t\t\t\t604800\n\t\t\t\t7200\n\t\t\t\t)\n\t\t\tNS\t$HOSTNAME.$TLD.\n\$ORIGIN $TLD.\n$HOSTNAME\t\t\tA\t$IP" >> /etc/bind/db.$TLD
echo -e "\$ORIGIN .\n\$TTL 7200\n$IP_REV\t\t\tIN SOA $HOSTNAME.$TLD. $USER.$TLD. (\n\t\t\t\t$SERIAL\n\t\t\t\t7200\n\t\t\t\t3600\n\t\t\t\t604800\n\t\t\t\t7200\n\t\t\t\t)\n\t\t\tNS\t$HOSTNAME.$TLD.\n\$ORIGIN $IP_REV.\n$IP_FIN\t\t\tPTR\t$HOSTNAME.$TLD." >> /etc/bind/db.$TLD.inv
echo -e "\$ORIGIN .\n\$TTL 7200\n$TLD\t\t\tIN SOA $HOSTNAME.$TLD. root.$TLD. (\n\t\t\t\t$SERIAL\n\t\t\t\t7200\n\t\t\t\t3600\n\t\t\t\t604800\n\t\t\t\t7200\n\t\t\t\t)\n\t\t\tNS\t$HOSTNAME.$TLD.\n\$ORIGIN $TLD.\n$HOSTNAME\t\t\tA\t$IP" >> /etc/bind/db.$TLD
echo -e "\$ORIGIN .\n\$TTL 7200\n$IP_REV\t\t\tIN SOA $HOSTNAME.$TLD. root.$TLD. (\n\t\t\t\t$SERIAL\n\t\t\t\t7200\n\t\t\t\t3600\n\t\t\t\t604800\n\t\t\t\t7200\n\t\t\t\t)\n\t\t\tNS\t$HOSTNAME.$TLD.\n\$ORIGIN $IP_REV.\n$IP_FIN\t\t\tPTR\t$HOSTNAME.$TLD." >> /etc/bind/db.$TLD.inv
echo "-- Fichiers de zones créés !"
ln -s /etc/bind/db.$TLD /var/cache/bind/new.db.$TLD
ln -s /etc/bind/db.$TLD.inv /var/cache/bind/new.db.$TLD.inv
@ -125,7 +132,7 @@ then
echo "-- Zonne DNS menteur créé !"
echo -e "\n\nzone \"menteur\" {\n\ttype master;\n\tfile\"/var/cache/bind/db.menteur\";\n};" >> /etc/bind/named.conf.local
echo "-- Zone configuré !"
echo -e "\$TTL 7200\n@\t\t\tIN SOA $HOSTNAME.$TLD. $USER.$TLD. (\n\t\t\t\t$SERIAL\n\t\t\t\t7200\n\t\t\t\t3600\n\t\t\t\t604800\n\t\t\t\t7200\n\t\t\t\t)\n\t\t\tIN NS\t$HOSTNAME.$TLD.\n" >> /etc/bind/db.menteur
echo -e "\$TTL 7200\n@\t\t\tIN SOA $HOSTNAME.$TLD. root.$TLD. (\n\t\t\t\t$SERIAL\n\t\t\t\t7200\n\t\t\t\t3600\n\t\t\t\t604800\n\t\t\t\t7200\n\t\t\t\t)\n\t\t\tIN NS\t$HOSTNAME.$TLD.\n" >> /etc/bind/db.menteur
echo "-- Fichier de zone créé !"
ln -s /etc/bind/db.menteur /var/cache/bind/new.db.menteur
echo "-- Lien symbolique créé !"
@ -174,8 +181,9 @@ then
TLD=${TLD,,}
read -p "Entrer l'adresse IP du serveur DNS : " DNS_SRV
fi
MSR=`ifconfig $INTERFACE | grep netmask | awk -F" " '{print $4}'`
MSR=`ip -4 addr show $INTERFACE | grep inet | awk -F" " '{print $2}' | awk -F"/" '{print $2}'`
NETWORK=`ipcalc $IP/$MSR | grep Network | awk -F" " '{print $2}' | awk -F"/" '{print $1}'`
MSR=`ipcalc $IP/$MSR | grep Netmask | awk -F" " '{print $2}' | awk -F" " '{print $1}'`
# Configuration DHCP
echo "####################################"
@ -297,4 +305,4 @@ fi
if [ $MAJ == 'O' ];
then
echo "-- Fonctionnalité de mise à jour DNS et DHCP activé"
fi
fi

41
Linux/Réseaux/vpn.sh
View File

@ -1,5 +1,11 @@
#!/bin/bash
#Initialisation des variables
# Vérification root
if [ `whoami` != 'root' ];
then
exit
fi
# Initialisation des variables
SOURCE=`pwd`
echo ' __ __ _____ ____ ____ _____ ______'
echo ' \ \ / / /\ | __ \ / __ \| _ \ /\ / ____| ____|'
@ -14,9 +20,9 @@ echo ' `--. \/ _ \| _| __\ \ /\ / / _` | '__/ _ \'
echo '/\__/ / (_) | | | |_ \ V V / (_| | | | __/'
echo '\____/ \___/|_| \__| \_/\_/ \__,_|_| \___|'
echo ""
echo "Programme de déploiement de service OpenVPN (V1)"
echo "Programme de déploiement de service OpenVPN (V2)"
echo ""
read -p "Ce script s'adresse aux utilisateurs expérimentés. Voulez-vous continuer ? (O/N) : " CONFIRM
read -p "Ce script s'adresse aux utilisateurs expérimentés. Voulez-vous continuer ? (o/N) : " CONFIRM
CONFIRM=${CONFIRM^^}
if [ $CONFIRM != 'O' ];
then
@ -38,7 +44,7 @@ echo "-- Mise à jour terminé !"
echo "#######################"
echo "# Services à déployer #"
echo "#######################"
read -p "Voulez-vous déployer le service VPN ? (O/N) : " VPN
read -p "Voulez-vous déployer le service VPN ? (o/N) : " VPN
VPN=${VPN^^}
# Récupération interface
@ -67,32 +73,31 @@ then
echo "########################"
echo "# Configuration du VPN #"
echo "########################"
read -p "Entre le code pays du certificat : " KEY_COUNTRY
read -p "Entrer le code pays du certificat : " KEY_COUNTRY
KEY_COUNTRY=${KEY_COUNTRY^^}
read -p "Entrer le département du certificat : " KEY_PROVINCE
read -p "Entrer la ville du certificat : " KEY_CITY
read -p "Entrer le nom de l'organisation du certificat : " KEY_ORG
read -p "Entrer l'unité d'organisation du certificat : " KEY_OU
read -p "Entrer l'adresse email de contact du certificat : " KEY_EMAIL
read -p "Entrer le nom du service VPN : " VPN_NAME
read -p "Entrer le nom de l'instance VPN : " VPN_NAME
VPN_NAME=${VPN_NAME,,}
read -p "Entrer le port du service VPN : " VPN_PORT
read -p "Entrer l'adresse réseau du réseau VPN : " VPN_NETWORK
read -p "Entrer le port de l'instance VPN : " VPN_PORT
read -p "Entrer l'adresse réseau de votre réseau VPN : " VPN_NETWORK
read -p "Entrer le masque de votre réseau VPN : " VPN_NETMASK
read -p "Entrer le FQDN de votre serveur : " VPN_ADRESSE
VPN_ADRESSE=${VPN_ADRESSE,,}
read -p "Entrer le DNS que votre client utilisera : " VPN_DNS
read -p "Entrer le TLD de votre réseau : " VPN_TLD
read -p "Entrer le TLD de votre réseau VPN : " VPN_TLD
VPN_TLD=${VPN_TLD,,}
read -p "Entre le nom du certificat client du service VPN : " VPN_USER
read -p "Entre le nom du certificat client dde l'instance VPN : " VPN_USER
VPN_USER=${VPN_USER,,}
read -p "Voulez-vous sécuriser le certificat client par un mot de passe ? (O/N) : " VPN_USER_PASS
read -p "Voulez-vous sécuriser le certificat client par un mot de passe ? (o/N) : " VPN_USER_PASS
VPN_USER_PASS=${VPN_USER_PASS^^}
VPN_NETWORK=`ipcalc $VPN_NETWORK $VPN_NETMASK | grep Network | awk -F" " '{print $2}' | awk -F"/" '{print $1}'`
INTERFACES_CONFIG=`cat /etc/network/interfaces | grep "pre-up iptables-restore < /etc/openvpn/iptables.rules"`
VPN_IPTABLES_CONFIG='pre-up iptables-restore < /etc/openvpn/iptables.rules'
# Configuration DNS
# Configuration VPN
echo "###################################"
echo "# Génération du certifiat serveur #"
echo "###################################"
@ -100,7 +105,7 @@ then
cp /usr/share/easy-rsa/* /etc/openvpn/easy-rsa
echo "-- easy-rsa copié !"
echo "" > /etc/openvpn/easy-rsa/vars
echo -e "export EASY_RSA=\"\`pwd\`\"\nexport OPENSSL=\"openssl\"\nexport PKCS11TOOL=\"pkcs11-tool\"\nexport GREP=\"grep\"\nexport KEY_CONFIG=\`\$EASY_RSA/whichopensslcnf \$EASY_RSA\`\nexport KEY_DIR=\"\$EASY_RSA/keys\"\necho NOTE: If you run ./clean-all, I will be doing a rm -rf on \$KEY_DIR\nexport PKCS11_MODULE_PATH=\"dummy\"\nexport PKCS11_PIN=\"dummy\"\nexport KEY_SIZE=1024\nexport CA_EXPIRE=3650\nexport KEY_COUNTRY=\"$KEY_COUNTRY\"\nexport KEY_PROVINCE=\"$KEY_PROVINCE\"\nexport KEY_CITY=\"$KEY_CITY\"\nexport KEY_ORG=\"$KEY_ORG\"\nexport KEY_EMAIL=\"$KEY_EMAIL\"\nexport KEY_OU=\"$KEY_OU\"\nexport KEY_NAME=\"$VPN_NAME\"" >> /etc/openvpn/easy-rsa/vars
echo -e "export EASY_RSA=\"\`pwd\`\"\nexport OPENSSL=\"openssl\"\nexport PKCS11TOOL=\"pkcs11-tool\"\nexport GREP=\"grep\"\nexport KEY_CONFIG=\`\$EASY_RSA/whichopensslcnf \$EASY_RSA\`\nexport KEY_DIR=\"\$EASY_RSA/keys\"\necho NOTE: If you run ./clean-all, I will be doing a rm -rf on \$KEY_DIR\nexport PKCS11_MODULE_PATH=\"dummy\"\nexport PKCS11_PIN=\"dummy\"\nexport KEY_SIZE=2048\nexport CA_EXPIRE=3650\nexport KEY_COUNTRY=\"$KEY_COUNTRY\"\nexport KEY_PROVINCE=\"$KEY_PROVINCE\"\nexport KEY_CITY=\"$KEY_CITY\"\nexport KEY_ORG=\"$KEY_ORG\"\nexport KEY_EMAIL=\"$KEY_EMAIL\"\nexport KEY_OU=\"$KEY_OU\"\nexport KEY_NAME=\"$VPN_NAME\"" >> /etc/openvpn/easy-rsa/vars
cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf
echo "-- easy-rsa modifié !"
cd /etc/openvpn/easy-rsa
@ -111,7 +116,7 @@ then
./pkitool --server $VPN_NAME
openvpn --genkey --secret keys/ta.key
echo "-- Certificat généré !"
cp /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn/easy-rsa/keys/ta.key /etc/openvpn/easy-rsa/keys/$VPN_NAME.crt /etc/openvpn/easy-rsa/keys/$VPN_NAME.key /etc/openvpn/easy-rsa/keys/dh1024.pem /etc/openvpn/
cp /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn/easy-rsa/keys/ta.key /etc/openvpn/easy-rsa/keys/$VPN_NAME.crt /etc/openvpn/easy-rsa/keys/$VPN_NAME.key /etc/openvpn/easy-rsa/keys/dh2048.pem /etc/openvpn/
echo "-- Copie du certificat !"
echo "####################################"
echo "# Copie de la configuration du VPN #"
@ -120,7 +125,7 @@ then
mkdir /etc/openvpn/jail/tmp
mkdir /etc/openvpn/clientconf
touch /etc/openvpn/$VPN_NAME.conf
echo -e "mode server\nproto tcp\nport $VPN_PORT\ndev tun\ntopology subnet\nca ca.crt\ncert $VPN_NAME.crt\nkey $VPN_NAME.key\ndh dh1024.pem\ntls-auth ta.key 1\nkey-direction 0\ncipher AES-256-CBC\nserver $VPN_NETWORK $VPN_NETMASK\npush \"redirect-gateway def1\"\npush \"dhcp-option DNS $VPN_DNS\"\npush \"dhcp-option DOMAIN $VPN_TLD\"\nkeepalive 10 120\nclient-to-client\nuser nobody\ngroup nogroup\nchroot /etc/openvpn/jail\npersist-key\npersist-tun\ncomp-lzo\nduplicate-cn\nverb 3\nmute 20\nstatus openvpn-status.log\nlog-append /var/log/openvpn.log" >> /etc/openvpn/$VPN_NAME.conf
echo -e "mode server\nproto tcp\nport $VPN_PORT\ndev tun\ntopology subnet\nca ca.crt\ncert $VPN_NAME.crt\nkey $VPN_NAME.key\ndh dh2048.pem\ntls-auth ta.key 1\nkey-direction 0\ncipher AES-256-CBC\nserver $VPN_NETWORK $VPN_NETMASK\npush \"redirect-gateway def1\"\npush \"dhcp-option DNS $VPN_DNS\"\npush \"dhcp-option DOMAIN $VPN_TLD\"\nkeepalive 10 120\nclient-to-client\nuser nobody\ngroup nogroup\nchroot /etc/openvpn/jail\npersist-key\npersist-tun\ncomp-lzo\nduplicate-cn\nverb 3\nmute 20\nstatus openvpn-status.log\nlog-append /var/log/openvpn.log" >> /etc/openvpn/$VPN_NAME.conf
echo "-- Fichiers créés !"
echo "################################"
echo "# Activation du routage et NAT #"
@ -133,7 +138,7 @@ then
iptables -I OUTPUT -o tun0 -j ACCEPT
iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE
sh -c "iptables-save > /etc/openvpn/iptables.rules"
if [ -z $INTERFACES_CONFIG ] || [ $INTERFACES_CONFIG != $VPN_IPTABLES_CONFIG ];
if [ -z $INTERFACES_CONFIG ];
then
echo "pre-up iptables-restore < /etc/openvpn/iptables.rules" >> /etc/network/interfaces
fi
@ -208,4 +213,4 @@ then
echo "-- Service VPN"
echo "Vous pouvez vous connecter au serveur avec un client grâce à l'archive présente dans /etc/openvpn/clientconf/$VPN_USER.zip"
echo "Un redémarrage est nécessaire !"
fi
fi

6
Windows/xarspot.bat
View File

@ -1,7 +1,7 @@
@ECHO OFF
REM QBFC Project Options Begin
REM HasVersionInfo: Yes
REM Companyname: XAROBASE Script
REM Companyname: XAROBASE Software
REM Productname: Xarspot
REM Filedescription: Xarspot
REM Copyrights: XAROBASE
@ -195,9 +195,9 @@ echo exit : Permet de quitter la fenetre.
goto %RETURN%
:COPYRIGHT
echo ********************************************************************************
echo COPYRIGHT XAROBASE TOUT DROIT RESERVE
echo XAROBASE Software TOUT DROIT RESERVE
echo.
echo xarobase.ddns.net
echo www.xarobase.com
echo.
echo Logiciel GRATUIT VENTE INTERDITE !
goto %RETURN%