Untitled

From Hot Tamarin, 2 Years ago, written in Plain Text.

Embed

Download Paste or View Raw
Hits: 126

ubuntu@ch1:~$ sudo cat /var/log/keyhelp/install.log

Start install: 2022-01-14 20:01:45

Operating System: Ubuntu 20.04 (64-bit)

================================================================================

Placeholders

================================================================================

install.ssh_keys =

install.nagios =

install.midnight_commander =

install.server_setup =

install.hide_lts_notice = 1

install.hostname =

general.preferred_protocol = ipv4

system.email = root@***HOSTNAME***

server.domain = ***HOSTNAME***

server.current_hostname = ***HOSTNAME***

server.timezone = Europe/Sarajevo

server.fstab = LABEL=cloudimg-rootfs / ext4 defaults,usrquota,grpquota 0 1

LABEL=UEFI /boot/efi vfat umask=0077 0 1

# CLOUD_IMG: This file was created/modified by the Cloud Image build process

######################################

## ORACLE CLOUD INFRASTRUCTURE CUSTOMERS

##

## If you are adding an iSCSI remote block volume to this file you MUST

## include the '_netdev' mount option or your instance will become

## unavailable after the next reboot.

## SCSI device names are not stable across reboots; please use the device UUID

## instead of /dev path.

##

## Example:

## UUID=94c5aade-8bb1-4d55-ad0c-388bb8aa716a /data1 ext4 defaults,noatime,_netdev 0 2

##

## More information:

## https://docs.us-phoenix-1.oraclecloud.com/Content/Block/Tasks/connectingtoavolume.htm

##

encryption.base = ***KH_ENCRYPTION_BASE***

webserver.log_format_with_logio = %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O

webserver.log_format_without_logio = %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" 0 0

webserver.http_port = 80

webserver.https_port = 443

dir.home = /home/keyhelp

dir.keyhelp = /home/keyhelp/www/keyhelp

dir.webmail = /home/keyhelp/www/webmail

dir.roundcube = /home/keyhelp/www/roundcube

dir.rainloop = /home/keyhelp/www/rainloop

dir.db-administration = /home/keyhelp/www/db-administration

dir.phpmyadmin = /home/keyhelp/www/phpmyadmin

dir.adminer = /home/keyhelp/www/adminer

dir.statistics = /home/keyhelp/www/kh.webstats

dir.acme_challenge = /home/keyhelp/www/.well-known/acme-challenge

dir.autoconfig = /home/keyhelp/www/keyhelp/misc/emailconfig

email.virus_checks =

dovecot.imap_login_process_limit = 100

dovecot.max_userip_connections = 10

dovecot.enforce_quota = 1

postfix.inet_protocols = ipv4

clamav.signatures_for_config =

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/junk.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/jurlbl.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phish.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/rogue.hdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sanesecurity.ftm

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/scam.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamimg.hdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamattach.hdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/blurl.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/malwarehash.hsb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/hackingteam.hsb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware.hdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware_links.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_extended_malware.hdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow.attachments.hdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_bad_cw.hdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phishtank.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.hsb

DatabaseCustomURL https://urlhaus.abuse.ch/downloads/urlhaus.ndb

php.version = 7.4

db.tuning_file = tuning.cnf

db.setup.username = root

db.setup.password =

db.root.username = root

db.root.password = ***DB_ROOT_PASS***

db.keyhelp.host = localhost

db.keyhelp.username = keyhelp

db.keyhelp.password = ***DB_KH_PASS***

db.keyhelp.dbname = keyhelp

db.keyhelp_root.host = localhost

db.keyhelp_root.username = keyhelp_root

db.keyhelp_root.password = ***DB_KH_ROOT_PASS***

bind.rname = root.***HOSTNAME***.

bind.serial = 2022011400

bind.name_servers.0 = ns.***HOSTNAME***.

bind.name_servers.1 = ns2.***HOSTNAME***.

bind.ips_v4.0 = ***IP_0***

admin.username = admin

admin.password = ***KH_ADMIN_PASS***

admin.email = root@***HOSTNAME***

phpmyadmin.password = ***PMA_PASS***

phpmyadmin.blowfishsecret = ***PMA_CRYPT***

roundcube.product_name = KeyHelp Webmail

roundcube.support_url =

roundcube.password = ***RC_PASS***

roundcube.plugins = 'managesieve','password','keyhelp_sync_identities'

roundcube.plugins_db = managesieve, password, keyhelp_sync_identities

roundcube.skin = elastic

roundcube.24_byte_des_key = ***RC_CRYPT***

roundcube.pw_length = 8

rainloop.product_name = KeyHelp Webmail

rainloop.password = ***RL_PASS***

rainloop.language = en

keyhelp.id = 1333baa4a67a9c300b89437de5c36b274d386ae2351591d8718362a09635dfebdc6f4f00bd9ef2e21264e4ae572d05bf5bef25b22371a369a8571626d3af6f0b

keyhelp.url = https://***HOSTNAME***

keyhelp.version = 21.3

keyhelp.settings.ips = ***IP_0***

keyhelp.settings.name_servers = ns.***HOSTNAME***.,ns2.***HOSTNAME***.

keyhelp.language = en

ftp.tls_required =

ssh_keys.support_keys =

firewall.rule_set = common

################################################################################

################################################################################

================================================================================

Update sources list

================================================================================

exec | apt-get update

Hit:1 http://ports.ubuntu.com/ubuntu-ports focal-security InRelease

Hit:2 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal InRelease

Hit:3 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal-updates InRelease

Hit:4 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal-backports InRelease

Reading package lists...

================================================================================

Installation requirements

================================================================================

exec | apt-get install -y unzip

Reading package lists...

Building dependency tree...

Reading state information...

unzip is already the newest version (6.0-25ubuntu1).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

exec | apt-get install -y zip

Reading package lists...

Building dependency tree...

Reading state information...

zip is already the newest version (3.0-11build1).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

exec | apt-get install -y bzip2

Reading package lists...

Building dependency tree...

Reading state information...

bzip2 is already the newest version (1.0.8-2).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

================================================================================

Sudo

================================================================================

exec | apt-get install -y sudo

Reading package lists...

Building dependency tree...

Reading state information...

sudo is already the newest version (1.8.31-1ubuntu1.2).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

================================================================================

Bind9

================================================================================

exec | echo "***HOSTNAME***" > /etc/hostname

exec | apt-get install -y bind9

Reading package lists...

Building dependency tree...

Reading state information...

bind9 is already the newest version (1:9.16.1-0ubuntu2.9).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

files | bind/keyhelp_domain.conf.twig => /etc/bind/keyhelp_domain.conf

files | bind/named.conf => /etc/bind/named.conf

files | bind/named.conf.local => /etc/bind/named.conf.local

exec | mkdir -p -m 0755 /etc/bind/keyhelp_domains/

exec | touch /etc/bind/named.conf.keyhelp

exec | service bind9 restart

================================================================================

SSL/TLS

================================================================================

exec | apt-get install -y openssl

Reading package lists...

Building dependency tree...

Reading state information...

openssl is already the newest version (1.1.1f-1ubuntu2.10).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

exec | mkdir -p -m 0700 /etc/ssl/keyhelp/pem/

exec | mkdir -p -m 0700 /etc/ssl/keyhelp/files/

files | tls/keyhelp-root-ca.crt => /etc/ssl/keyhelp/root-ca.crt

exec | chmod 0600 /etc/ssl/keyhelp/root-ca.crt

exec | openssl genrsa -out /etc/ssl/keyhelp/files/default.key 2048

Generating RSA private key, 2048 bit long modulus (2 primes)

..+++++

..................+++++

e is 65537 (0x010001)

exec | openssl req -new -sha256 -key /etc/ssl/keyhelp/files/default.key -out /etc/ssl/keyhelp/files/default.csr -subj '/C=DE/ST=Thuringia/L=Erfurt/O=KeyHelp/OU=KeyHelp Panel/CN=***HOSTNAME***/[email protected]'

exec | openssl x509 -req -sha256 -days 3650 -in /etc/ssl/keyhelp/files/default.csr -signkey /etc/ssl/keyhelp/files/default.key -out /etc/ssl/keyhelp/files/default.crt

Signature ok

subject=C = DE, ST = Thuringia, L = Erfurt, O = KeyHelp, OU = KeyHelp Panel, CN = ***HOSTNAME***, emailAddress = [email protected]

Getting Private key

exec | cat /etc/ssl/keyhelp/files/default.key /etc/ssl/keyhelp/files/default.csr /etc/ssl/keyhelp/files/default.crt > /etc/ssl/keyhelp/pem/default.pem

exec | cat /etc/ssl/keyhelp/root-ca.crt > /etc/ssl/keyhelp/files/default-ca.crt

exec | ln -s -f /etc/ssl/keyhelp/pem/default.pem /etc/ssl/keyhelp/keyhelp.pem

exec | ln -s -f /etc/ssl/keyhelp/pem/default.pem /etc/ssl/keyhelp/ftp.pem

exec | ln -s -f /etc/ssl/keyhelp/pem/default.pem /etc/ssl/keyhelp/mail.pem

exec | ln -s -f /etc/ssl/keyhelp/pem/default.pem /etc/ssl/keyhelp/webmail.pem

exec | ln -s -f /etc/ssl/keyhelp/files/default-ca.crt /etc/ssl/keyhelp/keyhelp-ca.crt

exec | ln -s -f /etc/ssl/keyhelp/files/default-ca.crt /etc/ssl/keyhelp/ftp-ca.crt

exec | ln -s -f /etc/ssl/keyhelp/files/default-ca.crt /etc/ssl/keyhelp/mail-ca.crt

exec | ln -s -f /etc/ssl/keyhelp/files/default-ca.crt /etc/ssl/keyhelp/webmail-ca.crt

exec | chown -R keyhelp:keyhelp /etc/ssl/keyhelp/files/

exec | chmod 0600 /etc/ssl/keyhelp/files/*

exec | chmod 0600 /etc/ssl/keyhelp/pem/*

================================================================================

PHP

================================================================================

exec | apt-get install -y php php-curl php-gd imagemagick php-imagick php-mail-mime php-net-sieve php-pspell php-net-socket php-auth-sasl php-intl php7.4-mysql php-net-smtp php-zip php-bcmath php-soap

Reading package lists...

Building dependency tree...

Reading state information...

php is already the newest version (2:7.4+75).

php-curl is already the newest version (2:7.4+75).

php-gd is already the newest version (2:7.4+75).

php-pspell is already the newest version (2:7.4+75).

php-auth-sasl is already the newest version (1.0.6-3).

php-bcmath is already the newest version (2:7.4+75).

php-imagick is already the newest version (3.4.4-4).

php-intl is already the newest version (2:7.4+75).

php-mail-mime is already the newest version (1.10.6-1).

php-net-sieve is already the newest version (1.4.1-1).

php-net-smtp is already the newest version (1.9.0-1).

php-net-socket is already the newest version (1.0.14-2).

php-soap is already the newest version (2:7.4+75).

php-zip is already the newest version (2:7.4+75).

php7.4-mysql is already the newest version (7.4.3-4ubuntu2.8).

imagemagick is already the newest version (8:6.9.10.23+dfsg-2.1ubuntu11.4).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

files | php/timezone.ini => /etc/php/7.4/mods-available/timezone.ini

files | php/charset.ini => /etc/php/7.4/mods-available/charset.ini

exec | phpdismod timezone

exec | phpenmod timezone/30

exec | phpdismod charset

exec | phpenmod charset/30

================================================================================

Apache web server

================================================================================

exec | apt-get install -y apache2 libapache2-mod-fcgid apache2-suexec-custom

Reading package lists...

Building dependency tree...

Reading state information...

libapache2-mod-fcgid is already the newest version (1:2.3.9-4).

apache2 is already the newest version (2.4.41-4ubuntu3.9).

apache2-suexec-custom is already the newest version (2.4.41-4ubuntu3.9).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

exec | grep -q -F "Include keyhelp/keyhelp.conf" /etc/apache2/apache2.conf || printf "\n#Include KeyHelp vHosts\nInclude keyhelp/keyhelp.conf\n" >> /etc/apache2/apache2.conf

exec | mkdir -p -m 0755 /etc/apache2/keyhelp/

exec | mkdir -p -m 0755 /etc/apache2/keyhelp/vhosts/

exec | mkdir -p -m 0755 /etc/apache2/keyhelp/htpasswd/

exec | touch /etc/apache2/keyhelp/subdomain_catch_all.conf

files | apache/acme.conf => /etc/apache2/conf-available/acme.conf

files | apache/autoconfig.conf => /etc/apache2/keyhelp/autoconfig.conf

files | apache/apache2.service => /lib/systemd/system/apache2.service

files | apache/keyhelp.conf => /etc/apache2/keyhelp/keyhelp.conf

files | apache/mod_http2.conf => /etc/apache2/mods-available/http2.conf

files | apache/mod_mime.conf => /etc/apache2/mods-available/mime.conf

files | apache/mod_ssl.conf.twig => /etc/apache2/mods-available/ssl.conf

files | apache/other-vhosts-access-log.conf => /etc/apache2/conf-available/other-vhosts-access-log.conf

files | apache/ports.conf => /etc/apache2/ports.conf

files | apache/security.conf => /etc/apache2/conf-available/security.conf

files | apache/suexec_www-data => /etc/apache2/suexec/www-data

files | apache/webmail_redirect.conf => /etc/apache2/keyhelp/webmail.conf

exec | mkdir -p -m 0755 /home/keyhelp/www/roundcube

exec | mkdir -p -m 0755 /home/keyhelp/www/rainloop

exec | mkdir -p -m 0755 /home/keyhelp/www/phpmyadmin

exec | mkdir -p -m 0755 /home/keyhelp/www/adminer

exec | mkdir -p -m 0755 /home/keyhelp/www/kh.webstats

exec | mkdir -p -m 0750 /var/log/apache2/keyhelp

exec | rm -f /home/keyhelp/www/webmail

exec | ln -s roundcube /home/keyhelp/www/webmail

exec | rm -f /home/keyhelp/www/db-administration

exec | ln -s phpmyadmin /home/keyhelp/www/db-administration

exec | a2enmod actions fcgid alias auth_digest suexec deflate expires headers ssl rewrite include http2 cgid

Module actions already enabled

Module fcgid already enabled

Module alias already enabled

Considering dependency authn_core for auth_digest:

Module authn_core already enabled

Module auth_digest already enabled

Module suexec already enabled

Considering dependency filter for deflate:

Module filter already enabled

Module deflate already enabled

Module expires already enabled

Module headers already enabled

Considering dependency setenvif for ssl:

Module setenvif already enabled

Considering dependency mime for ssl:

Module mime already enabled

Considering dependency socache_shmcb for ssl:

Module socache_shmcb already enabled

Module ssl already enabled

Module rewrite already enabled

Considering dependency mime for include:

Module mime already enabled

Module include already enabled

Module http2 already enabled

Module cgid already enabled

exec | a2enmod proxy proxy_fcgi

Module proxy already enabled

Considering dependency proxy for proxy_fcgi:

Module proxy already enabled

Module proxy_fcgi already enabled

exec | a2dissite 000-default

Site 000-default already disabled

exec | a2enconf acme

Conf acme already enabled

exec | a2enmod access_compat

Considering dependency authn_core for access_compat:

Module authn_core already enabled

Module access_compat already enabled

exec | a2dismod php7.4

Module php7.4 already disabled

exec | a2dismod mpm_prefork

Module mpm_prefork already disabled

exec | a2dismod mpm_event

Module mpm_event already disabled

exec | a2enmod mpm_worker

Considering conflict mpm_event for mpm_worker:

Considering conflict mpm_prefork for mpm_worker:

Module mpm_worker already enabled

exec | systemctl daemon-reload

exec | service apache2 restart

================================================================================

PHP-FPM

================================================================================

exec | apt-get install -y php-fpm

Reading package lists...

Building dependency tree...

Reading state information...

php-fpm is already the newest version (2:7.4+75).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

exec | rm -f /etc/php/7.4/fpm/pool.d/www.conf*

files | phpfpm/php-fpm.conf => /etc/php/7.4/fpm/php-fpm.conf

files | phpfpm/keyhelp.conf => /etc/php/7.4/fpm/pool.d/keyhelp.conf

exec | phpenmod ioncube

exec | mkdir -p -m 0755 /etc/php/7.4/fpm/keyhelp_pool

exec | service php7.4-fpm restart

================================================================================

MariaDB

================================================================================

exec | apt-get install -y mariadb-server

Reading package lists...

Building dependency tree...

Reading state information...

mariadb-server is already the newest version (1:10.3.32-0ubuntu0.20.04.1).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

exec | apt-get install -y libdbd-mysql-perl

Reading package lists...

Building dependency tree...

Reading state information...

libdbd-mysql-perl is already the newest version (4.050-3).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

files | database/tuning.cnf => /etc/mysql/mariadb.conf.d/90-tuning.cnf

files | database/mariadb.cnf => /etc/mysql/conf.d/mariadb.cnf

exec | service mysql restart

db | UPDATE `mysql`.`user` SET `Password` = PASSWORD('***DB_ROOT_PASS***') WHERE `User` = 'root'

db | DELETE FROM `mysql`.`user` WHERE `User` = ''

db | DELETE FROM `mysql`.`user` WHERE `User` = 'root' AND `Host` NOT IN ('localhost', '127.0.0.1', '::1')

db | DROP DATABASE IF EXISTS `test`

db | FLUSH PRIVILEGES

db | GRANT ALL PRIVILEGES ON *.* TO 'mysqladmin'@'localhost' IDENTIFIED BY '***DB_ROOT_PASS***' WITH GRANT OPTION

================================================================================

KeyHelp

================================================================================

exec | chmod 0750 /home/keyhelp

exec | chown keyhelp:keyhelp /home/keyhelp/www/kh.webstats

exec | chown -h keyhelp:keyhelp /home/keyhelp/www/webmail

exec | chown -h keyhelp:keyhelp /home/keyhelp/www/db-administration

exec | chgrp www-data /home/keyhelp

exec | usermod -aG www-data keyhelp

exec | groupadd --force keyhelp_file_manager

exec | groupadd --force keyhelp_nossh

exec | groupadd --force keyhelp_noftp

exec | groupadd --force keyhelp_suspended

exec | groupadd --force keyhelp_chroot

exec | mkdir -p -m 0700 /etc/keyhelp/

exec | mkdir -p -m 0700 /etc/keyhelp/config

exec | mkdir -p -m 0700 /etc/keyhelp/skel

exec | chown keyhelp:keyhelp -R /etc/keyhelp/

exec | mkdir -p -m 0755 /usr/local/keyhelp/

exec | echo '# --------------------------------------------------

# This file is managed by KeyHelp.

# If you want to change its content, please use

# the corresponding configuration menu.

# --------------------------------------------------

hostmaster: root

postmaster: root

webmaster: root

abuse: root' > /etc/aliases

files | sudoers/keyhelp => /etc/sudoers.d/keyhelp

files | sudoers/keyhelp_file_manager => /etc/sudoers.d/keyhelp_file_manager

files | keyhelp/config.json => /etc/keyhelp/config/config.json

files | keyhelp/skel/README => /etc/keyhelp/skel/README

files | bin/call_url => /usr/local/keyhelp/call_url

db | DROP DATABASE IF EXISTS `keyhelp`

db | CREATE DATABASE `keyhelp`

db | GRANT ALL PRIVILEGES ON keyhelp.* TO 'keyhelp'@'localhost' IDENTIFIED BY '***DB_KH_PASS***'

db | GRANT ALL PRIVILEGES ON *.* TO 'keyhelp_root'@'localhost' IDENTIFIED BY '***DB_KH_ROOT_PASS***' WITH GRANT OPTION

db | FLUSH PRIVILEGES

import | /home/keyhelp/www/keyhelp/install/templates/keyhelp/keyhelp.sql => keyhelp

import | /home/keyhelp/www/keyhelp/install/templates/keyhelp/prohibited_domains.sql => keyhelp

exec | chmod 0440 /etc/sudoers.d/keyhelp

exec | chmod 0440 /etc/sudoers.d/keyhelp_file_manager

exec | chmod 0600 /etc/keyhelp/config/config.json

exec | chown keyhelp:keyhelp /etc/keyhelp/config/config.json

exec | chown keyhelp:keyhelp /etc/keyhelp/skel

exec | chmod +x /usr/local/keyhelp/call_url

exec | chmod +x /home/keyhelp/www/keyhelp/bin/toolbox.php

exec | rm -fr /usr/bin/keyhelp-toolbox

exec | ln -s /home/keyhelp/www/keyhelp/bin/toolbox.php /usr/bin/keyhelp-toolbox

db | INSERT INTO `keyhelp`.`ssl_certificates` SET `id` = '1', `name` = 'default', `file_name` = 'default';

db | UPDATE `keyhelp`.`settings` SET `value` = '1333baa4a67a9c300b89437de5c36b274d386ae2351591d8718362a09635dfebdc6f4f00bd9ef2e21264e4ae572d05bf5bef25b22371a369a8571626d3af6f0b' WHERE `category` = 'general' AND `name` = 'keyhelp_id'

db | UPDATE `keyhelp`.`settings` SET `value` = 'https://***HOSTNAME***' WHERE `category` = 'general' AND `name` = 'panelurl'

db | UPDATE `keyhelp`.`settings` SET `value` = '***HOSTNAME***' WHERE `category` = 'general' AND `name` = 'hostname'

db | UPDATE `keyhelp`.`settings` SET `value` = 'root@***HOSTNAME***' WHERE `category` = 'general' AND `name` = 'system_email'

db | UPDATE `keyhelp`.`settings` SET `value` = 'ns.***HOSTNAME***.,ns2.***HOSTNAME***.' WHERE `category` = 'dns' AND `name` = 'name_servers'

db | UPDATE `keyhelp`.`settings` SET `value` = '***IP_0***' WHERE `category` = 'dns' AND `name` = 'ips'

db | UPDATE `keyhelp`.`settings` SET `value` = '21.3' WHERE `category` = 'sys' AND `name` = 'version'

db | UPDATE `keyhelp`.`settings` SET `value` = 'ipv4' WHERE `category` = 'sys' AND `name` = 'prefer_family'

db | UPDATE `keyhelp`.`settings` SET `value` = 'Europe/Sarajevo' WHERE `category` = 'sys' AND `name` = 'time_zone'

db | UPDATE `keyhelp`.`settings` SET `value` = 'https://***HOSTNAME***/db-administration/' WHERE `category` = 'db_administration' AND `name` = 'nav_url'

db | UPDATE `keyhelp`.`settings` SET `value` = 'https://***HOSTNAME***/webmail/' WHERE `category` = 'webmail' AND `name` = 'nav_url'

db | UPDATE `keyhelp`.`settings` SET `value` = 'managesieve, password, keyhelp_sync_identities' WHERE `category` = 'roundcube' AND `name` = 'plugins'

db | UPDATE `keyhelp`.`settings` SET `value` = 'en' WHERE `category` = 'language' AND `name` = 'default'

db | UPDATE `keyhelp`.`settings` SET `value` = '1' WHERE `category` = 'email' AND `name` = 'enable_virus_checks'

db | UPDATE `keyhelp`.`settings` SET `value` = '1' WHERE `category` = 'general' AND `name` = 'show_welcome_message'

db | UPDATE `keyhelp`.`maintenance_intervals` SET `timeframe_start` = '2', `timeframe_end` = '3' WHERE `name` = 'panel-update'

db | UPDATE `keyhelp`.`maintenance_intervals` SET `timeframe_start` = '6', `timeframe_end` = '7' WHERE `name` = 'repo-update'

db | UPDATE `keyhelp`.`settings` SET `value` = '1' WHERE `category` = 'ssl' AND `name` = 'panel_certificate'

db | UPDATE `keyhelp`.`settings` SET `value` = '1' WHERE `category` = 'ssl' AND `name` = 'ftp_certificate'

db | UPDATE `keyhelp`.`settings` SET `value` = '1' WHERE `category` = 'ssl' AND `name` = 'mail_certificate'

db | UPDATE `keyhelp`.`settings` SET `value` = '1' WHERE `category` = 'ssl' AND `name` = 'webmail_certificate'

db | INSERT INTO `keyhelp`.`users` SET `username` = 'admin', `password` = '$2y$10$ItofrAckl.fwtfZ0gaZU4Od60v7OmdNs8do51K9yyUoOOYp6y6QVW', `is_admin` = '1', `is_main_admin` = '1', `email` = 'root@***HOSTNAME***', `lang` = 'en', `setup_date` = '2022-01-14 20:01:45'

db | INSERT INTO `keyhelp`.`account_templates` SET `name`='Unlimited', `disk_space`=-1, `traffic`=-1, `email_accounts`=-1, `email_addresses`=-1, `domains` =-1, `subdomains`=-1, `databases`=-1, `ftp_users`=-1, `scheduled_tasks`=-1, `ftp`=1, `php`=1, `perl`=0, `ssh`=0, `backup`=1, `panel_access`=1, `domain_security`=1, `manage_certs`=1, `file_manager`='1', `applications`='1', `dns_editor`='1', `db_remote_access`=1, `change_personal_data`=1, `php_memory_limit`='80M', `php_max_execution_time`=60, `php_post_max_size`='72M', `php_upload_max_filesize`='64M', `php_open_basedir`='##DOCROOT##/www:##DOCROOT##/files:##DOCROOT##/tmp', `php_disable_functions`='dl, disk_free_space, diskfreespace, stream_socket_sendto, proc_get_status, proc_nice, proc_open, proc_terminate, proc_close, popen, curl_multi_exec, pcntl_exec, pcntl_fork, pcntl_setpriority, symlink, link, posix_kill, posix_mkfifo, posix_setsid, posix_setuid, posix_setpgid, posix_getpwuid, show_source, highlight_file, syslog, error_log, openlog, define_syslog_variables, apache_child_terminate, apache_setenv, apache_note', `php_additional_settings`='', `phpfpm_pm`='ondemand', `phpfpm_max_children`=3, `phpfpm_max_requests`=0, `phpfpm_min_spare_servers`='', `phpfpm_max_spare_servers`='', `phpfpm_status_enabled`=0, `phpfpm_status_ip_restriction`=''

exec | sed -i "s/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/gI" /etc/locale.gen

exec | locale-gen en_US.UTF-8

Generating locales (this might take a while)...

en_US.UTF-8... done

Generation complete.

================================================================================

Backup tools

================================================================================

exec | rm -rf /tmp/keyhelp_update/

exec | mkdir -p -m 0755 /tmp/keyhelp_update

exec | wget --no-verbose --no-check-certificate --prefer-family='ipv4' --output-document='/tmp/keyhelp_update/restic.bz2' https://github.com/restic/restic/releases/download/v0.12.1/restic_0.12.1_linux_arm64.bz2

2022-01-14 20:01:58 URL:https://objects.githubusercontent.com/github-production-release-asset-2e65be/19205896/2a1881ca-f1c7-419f-a266-8c645807b8c5?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220114%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220114T190158Z&X-Amz-Expires=300&X-Amz-Signature=278b533775a4d9b84d508a43c56ccfdda1447d5cac3e3e04826c6c7a15c61a02&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=19205896&response-content-disposition=attachment%3B%20filename%3Drestic_0.12.1_linux_arm64.bz2&response-content-type=application%2Foctet-stream [5619633/5619633] -> "/tmp/keyhelp_update/restic.bz2" [1]

exec | bunzip2 --force /tmp/keyhelp_update/restic.bz2

exec | chmod 0755 /tmp/keyhelp_update/restic

exec | mv /tmp/keyhelp_update/restic /usr/local/bin/restic

exec | wget --no-verbose --no-check-certificate --prefer-family='ipv4' --output-document='/tmp/keyhelp_update/rclone.zip' https://downloads.rclone.org/v1.56.2/rclone-v1.56.2-linux-arm64.zip

2022-01-14 20:02:00 URL:https://downloads.rclone.org/v1.56.2/rclone-v1.56.2-linux-arm64.zip [13513736/13513736] -> "/tmp/keyhelp_update/rclone.zip" [1]

exec | unzip -j -o '/tmp/keyhelp_update/rclone.zip' -d '/tmp/keyhelp_update/rclone/'

Archive: /tmp/keyhelp_update/rclone.zip

inflating: /tmp/keyhelp_update/rclone/git-log.txt

inflating: /tmp/keyhelp_update/rclone/rclone

inflating: /tmp/keyhelp_update/rclone/README.txt

inflating: /tmp/keyhelp_update/rclone/README.html

inflating: /tmp/keyhelp_update/rclone/rclone.1

exec | if [ `command -v mandb` ]; then mkdir -p /usr/local/share/man/man1 && cp /tmp/keyhelp_update/rclone/rclone.1 /usr/local/share/man/man1/rclone.1 && mandb; fi

Purging old database entries in /usr/share/man...

Processing manual pages under /usr/share/man...

Purging old database entries in /usr/share/man/tr...

Processing manual pages under /usr/share/man/tr...

Purging old database entries in /usr/share/man/fi...

Processing manual pages under /usr/share/man/fi...

Purging old database entries in /usr/share/man/cs...

Processing manual pages under /usr/share/man/cs...

Purging old database entries in /usr/share/man/zh_CN...

Processing manual pages under /usr/share/man/zh_CN...

Purging old database entries in /usr/share/man/ja...

Processing manual pages under /usr/share/man/ja...

Purging old database entries in /usr/share/man/fr...

Processing manual pages under /usr/share/man/fr...

Purging old database entries in /usr/share/man/pl...

Processing manual pages under /usr/share/man/pl...

Purging old database entries in /usr/share/man/ru...

Processing manual pages under /usr/share/man/ru...

Purging old database entries in /usr/share/man/sr...

Processing manual pages under /usr/share/man/sr...

Purging old database entries in /usr/share/man/it...

Processing manual pages under /usr/share/man/it...

Purging old database entries in /usr/share/man/sl...

Processing manual pages under /usr/share/man/sl...

Purging old database entries in /usr/share/man/zh_TW...

Processing manual pages under /usr/share/man/zh_TW...

Purging old database entries in /usr/share/man/de...

Processing manual pages under /usr/share/man/de...

Purging old database entries in /usr/share/man/es...

Processing manual pages under /usr/share/man/es...

Purging old database entries in /usr/share/man/sv...

Processing manual pages under /usr/share/man/sv...

Purging old database entries in /usr/share/man/pt_BR...

Processing manual pages under /usr/share/man/pt_BR...

Purging old database entries in /usr/share/man/da...

Processing manual pages under /usr/share/man/da...

Purging old database entries in /usr/share/man/ko...

Processing manual pages under /usr/share/man/ko...

Purging old database entries in /usr/share/man/hu...

Processing manual pages under /usr/share/man/hu...

Purging old database entries in /usr/share/man/id...

Processing manual pages under /usr/share/man/id...

Purging old database entries in /usr/share/man/pt...

Processing manual pages under /usr/share/man/pt...

Purging old database entries in /usr/share/man/nl...

Processing manual pages under /usr/share/man/nl...

Purging old database entries in /usr/local/man...

Processing manual pages under /usr/local/man...

0 man subdirectories contained newer manual pages.

0 manual pages were added.

0 stray cats were added.

5 old database entries were purged.

exec | chmod 0755 /tmp/keyhelp_update/rclone/rclone

exec | mv /tmp/keyhelp_update/rclone/rclone /usr/local/bin/rclone

exec | mkdir -p -m 0777 /backup-keyhelp/

exec | chown keyhelp:keyhelp /backup-keyhelp/

================================================================================

Firewall

================================================================================

exec | apt-get install -y iptables

Reading package lists...

Building dependency tree...

Reading state information...

iptables is already the newest version (1.8.4-3ubuntu2).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

exec | mkdir -p -m 0700 /etc/keyhelp/iptables/

exec | apt-get install -y nftables

Reading package lists...

Building dependency tree...

Reading state information...

nftables is already the newest version (0.9.3-2).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

exec | mkdir -p -m 0755 /etc/nftables/

files | firewall/rules/rules_ipv4_common => /etc/keyhelp/iptables/startup_rules_ipv4

files | firewall/rules/rules_ipv6_common => /etc/keyhelp/iptables/startup_rules_ipv6

files | nftables/nftables.conf => /etc/nftables.conf

files | nftables/fail2ban.conf => /etc/nftables/fail2ban.conf

exec | chown keyhelp:keyhelp -R /etc/keyhelp/iptables/

exec | nft -f /etc/nftables/fail2ban.conf

import | /home/keyhelp/www/keyhelp/install/templates/firewall/rules/common.sql => keyhelp

================================================================================

SSH

================================================================================

exec | apt-get install -y openssh-server

Reading package lists...

Building dependency tree...

Reading state information...

openssh-server is already the newest version (1:8.2p1-4ubuntu0.4).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

exec | grep --quiet "^\s*DenyGroups keyhelp_nossh keyhelp_suspended" /etc/ssh/sshd_config || printf "\n# Limit KeyHelp usergroup\nDenyGroups keyhelp_nossh keyhelp_suspended\n" >> /etc/ssh/sshd_config

exec | grep --quiet "^\s*Match Group keyhelp_chroot" /etc/ssh/sshd_config || printf "\nMatch Group keyhelp_chroot\n ChrootDirectory %%h\n AllowTCPForwarding no\n X11Forwarding no\nMatch all\n" >> /etc/ssh/sshd_config

exec | service ssh restart

================================================================================

ProFTPD

================================================================================

exec | /usr/share/debconf/fix_db.pl

exec | echo "proftpd-basic shared/proftpd/inetd_or_standalone select standalone" | sudo debconf-set-selections

exec | DEBIAN_FRONTEND=noninteractive apt-get install -y proftpd-basic proftpd-mod-mysql

Reading package lists...

Building dependency tree...

Reading state information...

proftpd-basic is already the newest version (1.3.6c-2).

proftpd-mod-mysql is already the newest version (1.3.6c-2).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

exec | DEBIAN_FRONTEND=dialog

files | proftpd/modules.conf => /etc/proftpd/modules.conf

files | proftpd/proftpd.conf => /etc/proftpd/proftpd.conf

files | proftpd/sql.conf => /etc/proftpd/sql.conf

files | proftpd/tls.conf.twig => /etc/proftpd/tls.conf

exec | chmod 0640 /etc/proftpd/proftpd.conf

exec | chmod 0600 /etc/proftpd/sql.conf

exec | service proftpd stop

exec | service proftpd start

================================================================================

Postfix

================================================================================

exec | /usr/share/debconf/fix_db.pl

exec | echo "postfix postfix/mailname string ***HOSTNAME***" | sudo debconf-set-selections

exec | echo "postfix postfix/main_mailer_type string 'Internet Site'" | sudo debconf-set-selections

exec | DEBIAN_FRONTEND=noninteractive apt-get install -y postfix postfix-mysql postfix-policyd-spf-python

Reading package lists...

Building dependency tree...

Reading state information...

postfix is already the newest version (3.4.13-0ubuntu1.2).

The following additional packages will be installed:

python3-authres python3-dns python3-spf python3-spf-engine

The following NEW packages will be installed:

postfix-mysql postfix-policyd-spf-python python3-authres python3-dns

python3-spf python3-spf-engine

0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.

Need to get 163 kB of archives.

After this operation, 667 kB of additional disk space will be used.

Get:1 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal-updates/main arm64 postfix-mysql arm64 3.4.13-0ubuntu1.2 [21.0 kB]

Get:2 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal/universe arm64 python3-authres all 1.2.0-2 [17.1 kB]

Get:3 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal/universe arm64 python3-dns all 3.2.1-1 [25.6 kB]

Get:4 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal/universe arm64 python3-spf all 2.0.14-1 [57.6 kB]

Get:5 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal/universe arm64 python3-spf-engine all 2.9.2-1 [17.1 kB]

Get:6 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal/universe arm64 postfix-policyd-spf-python all 2.9.2-1 [24.9 kB]

Fetched 163 kB in 0s (1106 kB/s)

Selecting previously unselected package postfix-mysql.

(Reading database ... 118173 files and directories currently installed.)

Preparing to unpack .../0-postfix-mysql_3.4.13-0ubuntu1.2_arm64.deb ...

Unpacking postfix-mysql (3.4.13-0ubuntu1.2) ...

Selecting previously unselected package python3-authres.

Preparing to unpack .../1-python3-authres_1.2.0-2_all.deb ...

Unpacking python3-authres (1.2.0-2) ...

Selecting previously unselected package python3-dns.

Preparing to unpack .../2-python3-dns_3.2.1-1_all.deb ...

Unpacking python3-dns (3.2.1-1) ...

Selecting previously unselected package python3-spf.

Preparing to unpack .../3-python3-spf_2.0.14-1_all.deb ...

Unpacking python3-spf (2.0.14-1) ...

Selecting previously unselected package python3-spf-engine.

Preparing to unpack .../4-python3-spf-engine_2.9.2-1_all.deb ...

Unpacking python3-spf-engine (2.9.2-1) ...

Selecting previously unselected package postfix-policyd-spf-python.

Preparing to unpack .../5-postfix-policyd-spf-python_2.9.2-1_all.deb ...

Unpacking postfix-policyd-spf-python (2.9.2-1) ...

Setting up python3-authres (1.2.0-2) ...

Setting up postfix-mysql (3.4.13-0ubuntu1.2) ...

Adding mysql map entry to /etc/postfix/dynamicmaps.cf

Setting up python3-dns (3.2.1-1) ...

Setting up python3-spf (2.0.14-1) ...

Setting up python3-spf-engine (2.9.2-1) ...

Setting up postfix-policyd-spf-python (2.9.2-1) ...

Processing triggers for man-db (2.9.1-1) ...

exec | DEBIAN_FRONTEND=dialog

files | postfix/main.cf.twig => /etc/postfix/main.cf

files | postfix/master.cf => /etc/postfix/master.cf

files | postfix/header_checks => /etc/postfix/header_checks

files | postfix/mysql-virtual-mailbox-domains.cf => /etc/postfix/mysql-virtual-mailbox-domains.cf

files | postfix/mysql-virtual-mailbox-maps.cf => /etc/postfix/mysql-virtual-mailbox-maps.cf

files | postfix/mysql-virtual-alias-maps.cf => /etc/postfix/mysql-virtual-alias-maps.cf

exec | echo "***HOSTNAME***" > /etc/mailname

exec | openssl dhparam -out /etc/postfix/dh512.pem 512

Generating DH parameters, 512 bit long safe prime, generator 2

This is going to take a long time

.............................+..................................................................................+.................................+.............+......................+................+.............................+........................+.....+.+...+..............................++*++*++*++*++*

exec | openssl dhparam -out /etc/postfix/dh1024.pem 1024

Generating DH parameters, 1024 bit long safe prime, generator 2

This is going to take a long time

.....................+......+...............+......................................................................+.....................+......................................+................................................................................................................+................................+.+...................................+..+.....+...............................................................................................................................................+................................................................................................................................................+...........................................................................+.....++*++*++*++*++*

exec | openssl dhparam -out /etc/postfix/dh2048.pem 2048

Generating DH parameters, 2048 bit long safe prime, generator 2

This is going to take a long time

..........................................+.................................................................................................................................................................................................+............+.......................................+....................................................................................................................................................................................................................................................................+...............+........................................+....................................................+......................................+.......................................................+..............+...........................................................+...................................................+...............................+..................................................................................................................................+.................................................+................+....................................+............................................................................................+............................+...................................................+..................................................................................................................................................................................+.............................................................+......................................................+...........................+....................+..................................+....................+..................+...........................................................................................................................................................+...........+.+.......+...........................................+........................................................+.....................................................................................................................................................................................................................................................................................+...................................................................+.+..................................+..................................................................+............................................................+.......................................+...+................+............................................................................................................................+.....................................................................................................+.............................+...........................+.......................................................+..............................................................................+................................................................+......................................................................+........................................+...........................+.............................................................................................................................+............................+...........................................................+..........................+.................................................................................................................................................+.......+.........................................................................................................................................................................................................................+.....................................................................................................................+................................+...........................................................................................................+...............................+..+...................................................................................................................+...........................................................................................................................................................................................................................................................................................................................................................+.......................+..........................................................+.........................................................................................................................+..................................................................................................................................................+.............................+........................................................................................................+......................................................+..................................................................................+......................................+...................................................................................+.+........................................................................................................................................................................................................................................................................................+..................................................................................................................................................................................................................+...................+.............................................................................+................................+.....................+........................+.....................+.......................................................+..............................+....................................+.................................................................................................................................................................................................................................+.......+..........................................................................................................................................................................+..........................................................................................................................................................................................+................++*++*++*++*

exec | chmod 0600 /etc/postfix/mysql-virtual-mailbox-domains.cf

exec | chmod 0600 /etc/postfix/mysql-virtual-mailbox-maps.cf

exec | chmod 0600 /etc/postfix/mysql-virtual-alias-maps.cf

exec | service postfix restart

================================================================================

Dovecot

================================================================================

exec | /usr/share/debconf/fix_db.pl

exec | DEBIAN_FRONTEND=noninteractive apt-get install -y dovecot-core dovecot-common dovecot-mysql dovecot-sieve dovecot-managesieved dovecot-imapd dovecot-pop3d dovecot-lmtpd

Reading package lists...

Building dependency tree...

Reading state information...

dovecot-core is already the newest version (1:2.3.7.2-1ubuntu3.5).

dovecot-imapd is already the newest version (1:2.3.7.2-1ubuntu3.5).

dovecot-pop3d is already the newest version (1:2.3.7.2-1ubuntu3.5).

dovecot-lmtpd is already the newest version (1:2.3.7.2-1ubuntu3.5).

dovecot-managesieved is already the newest version (1:2.3.7.2-1ubuntu3.5).

dovecot-mysql is already the newest version (1:2.3.7.2-1ubuntu3.5).

dovecot-sieve is already the newest version (1:2.3.7.2-1ubuntu3.5).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

exec | DEBIAN_FRONTEND=dialog

files | dovecot/dovecot.conf.twig => /etc/dovecot/dovecot.conf

files | dovecot/dovecot-sql.conf => /etc/dovecot/dovecot-sql.conf

exec | id -u vmail 2>&1 || useradd -u 5000 -d /var/mail vmail

5000

exec | chown -R vmail:vmail /var/mail/

exec | chmod 0777 /var/mail

exec | chown -R vmail:dovecot /etc/dovecot/

exec | chmod -R o-rwx /etc/dovecot/

exec | service dovecot restart

================================================================================

OpenDKIM

================================================================================

exec | apt-get -y install opendkim opendkim-tools

Reading package lists...

Building dependency tree...

Reading state information...

opendkim is already the newest version (2.11.0~beta2-1).

opendkim-tools is already the newest version (2.11.0~beta2-1).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

exec | mkdir -p -m 0755 /etc/opendkim/

exec | mkdir -p -m 0700 /etc/opendkim/keys

exec | touch /etc/opendkim/signing.table

exec | touch /etc/opendkim/key.table

files | opendkim/opendkim.conf => /etc/opendkim.conf

files | opendkim/trusted => /etc/opendkim/trusted

exec | chown -R opendkim:opendkim /etc/opendkim

================================================================================

Email protection

================================================================================

exec | apt-get install -y amavis clamav clamav-daemon spamassassin pyzor razor

Reading package lists...

Building dependency tree...

Reading state information...

amavisd-new is already the newest version (1:2.11.0-6.1ubuntu1).

pyzor is already the newest version (1:1.0.0-3).

razor is already the newest version (1:2.85-4.2build5).

clamav is already the newest version (0.103.2+dfsg-0ubuntu0.20.04.2).

clamav-daemon is already the newest version (0.103.2+dfsg-0ubuntu0.20.04.2).

spamassassin is already the newest version (3.4.4-1ubuntu1.1).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

exec | mkdir -p -m 0755 /var/spool/spamassassin/

exec | chown amavis:amavis /var/spool/spamassassin/

files | amavis/15-content_filter_mode => /etc/amavis/conf.d/15-content_filter_mode

files | amavis/50-user => /etc/amavis/conf.d/50-user

files | spamassassin/spamassassin => /etc/default/spamassassin

files | spamassassin/local.cf => /etc/spamassassin/local.cf

exec | su - amavis -s /bin/bash -c 'razor-admin -create'

exec | su - amavis -s /bin/bash -c 'razor-admin -register'

Register successful. Identity stored in /var/lib/amavis/.razor/identity-ru3O-4_U5k

exec | usermod -aG amavis clamav

exec | usermod -aG clamav amavis

exec | chmod 0640 /etc/amavis/conf.d/50-user

exec | chown root:amavis /etc/amavis/conf.d/50-user

exec | service clamav-daemon restart

exec | service amavis restart

exec | service spamassassin restart

exec | systemctl enable spamassassin

Synchronizing state of spamassassin.service with SysV service script with /lib/systemd/systemd-sysv-install.

Executing: /lib/systemd/systemd-sysv-install enable spamassassin

exec | systemctl enable clamav-daemon

Synchronizing state of clamav-daemon.service with SysV service script with /lib/systemd/systemd-sysv-install.

Executing: /lib/systemd/systemd-sysv-install enable clamav-daemon

exec | grep "^\s*DatabaseCustomURL" /etc/clamav/freshclam.conf || echo "

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/junk.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/jurlbl.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phish.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/rogue.hdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sanesecurity.ftm

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/scam.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamimg.hdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamattach.hdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/blurl.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/malwarehash.hsb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/hackingteam.hsb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware.hdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware_links.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_extended_malware.hdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow.attachments.hdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_bad_cw.hdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phishtank.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.hsb

DatabaseCustomURL https://urlhaus.abuse.ch/downloads/urlhaus.ndb

" >> /etc/clamav/freshclam.conf

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/junk.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/jurlbl.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phish.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/rogue.hdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sanesecurity.ftm

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/scam.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamimg.hdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamattach.hdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/blurl.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/malwarehash.hsb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/hackingteam.hsb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware.hdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware_links.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_extended_malware.hdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow.attachments.hdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_bad_cw.hdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phishtank.ndb

DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.hsb

DatabaseCustomURL https://urlhaus.abuse.ch/downloads/urlhaus.ndb

================================================================================

AWStats

================================================================================

exec | apt-get install -y awstats

Reading package lists...

Building dependency tree...

Reading state information...

awstats is already the newest version (7.6+dfsg-2ubuntu0.20.04.1).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

exec | rm -f /etc/cron.d/awstats

exec | rm -f /etc/awstats/awstats.conf

================================================================================

Fail2ban

================================================================================

exec | apt-get install -y fail2ban

Reading package lists...

Building dependency tree...

Reading state information...

fail2ban is already the newest version (0.11.1-1).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

files | fail2ban/jail.d/keyhelp.local => /etc/fail2ban/jail.d/keyhelp.local

files | fail2ban/filter.d/keyhelp-phpmyadmin.conf => /etc/fail2ban/filter.d/keyhelp-phpmyadmin.conf

exec | chown keyhelp:keyhelp /etc/fail2ban/jail.d/keyhelp.local

exec | service fail2ban restart

================================================================================

Logrotate

================================================================================

exec | apt-get install -y logrotate

Reading package lists...

Building dependency tree...

Reading state information...

logrotate is already the newest version (3.14.0-4ubuntu3).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

files | logrotate/keyhelp => /etc/logrotate.d/keyhelp

files | logrotate/logrotate.timer => /lib/systemd/system/logrotate.timer

files | logrotate/logrotate.service => /lib/systemd/system/logrotate.service

exec | systemctl daemon-reload

================================================================================

PhpMyAdmin 5.1.1

================================================================================

exec | rm -f /tmp/keyhelp_update/phpmyadmin.tar.gz

exec | rm -rf /home/keyhelp/www/phpmyadmin/*

exec | mkdir -p -m 0755 /tmp/keyhelp_update

exec | mkdir -p -m 0755 /home/keyhelp/www/phpmyadmin

exec | wget --no-verbose --no-check-certificate --prefer-family='ipv4' --output-document='/tmp/keyhelp_update/phpmyadmin.tar.gz' https://install.keyhelp.de/files/tools/phpmyadmin/phpMyAdmin-5.1.1-all-languages.tar.gz

2022-01-14 20:03:33 URL:https://install.keyhelp.de/files/tools/phpmyadmin/phpMyAdmin-5.1.1-all-languages.tar.gz [13454066/13454066] -> "/tmp/keyhelp_update/phpmyadmin.tar.gz" [1]

exec | tar --strip 1 -xf /tmp/keyhelp_update/phpmyadmin.tar.gz -C /home/keyhelp/www/phpmyadmin

files | phpmyadmin/config.inc.php => /home/keyhelp/www/phpmyadmin/config.inc.php

files | phpmyadmin/.htaccess => /home/keyhelp/www/phpmyadmin/.htaccess

files | phpmyadmin/.htaccess_deny => /home/keyhelp/www/phpmyadmin/libraries/.htaccess

db | DROP DATABASE IF EXISTS `phpmyadmin`

db | CREATE DATABASE `phpmyadmin`

db | GRANT SELECT,INSERT,UPDATE,DELETE ON phpmyadmin.* TO 'phpmyadmin'@'localhost' IDENTIFIED BY '***PMA_PASS***'

db | FLUSH PRIVILEGES

exec | rm -rf /home/keyhelp/www/phpmyadmin/setup

exec | chmod 0600 /home/keyhelp/www/phpmyadmin/config.inc.php

exec | chown -R keyhelp:keyhelp /home/keyhelp/www/phpmyadmin

import | /home/keyhelp/www/phpmyadmin/sql/create_tables.sql => phpmyadmin

================================================================================

Adminer 4.8.1

================================================================================

exec | rm -f /tmp/keyhelp_update/adminer.tar.gz

exec | rm -rf /home/keyhelp/www/adminer/*

exec | mkdir -p -m 0755 /tmp/keyhelp_update

exec | mkdir -p -m 0755 /home/keyhelp/www/adminer

exec | wget --no-verbose --no-check-certificate --prefer-family='ipv4' --output-document='/tmp/keyhelp_update/adminer.tar.gz' https://install.keyhelp.de/files/tools/adminer/adminer-4.8.1.tar.gz

2022-01-14 20:03:34 URL:https://install.keyhelp.de/files/tools/adminer/adminer-4.8.1.tar.gz [432863/432863] -> "/tmp/keyhelp_update/adminer.tar.gz" [1]

exec | tar --strip 1 -xzf /tmp/keyhelp_update/adminer.tar.gz -C /home/keyhelp/www/adminer

exec | rm -rf /home/keyhelp/www/adminer/setup

exec | chown -R keyhelp:keyhelp /home/keyhelp/www/adminer

================================================================================

Roundcube 1.5.1 Multilanguage

================================================================================

exec | rm -rf /home/keyhelp/www/roundcube/*

exec | rm --force /tmp/keyhelp_update/roundcube.tar.gz

exec | mkdir --parents --mode 0755 /tmp/keyhelp_update/

exec | mkdir --parents --mode 0755 /home/keyhelp/www/roundcube

exec | wget --no-verbose --no-check-certificate --prefer-family='ipv4' --output-document='/tmp/keyhelp_update/roundcube.tar.gz' https://install.keyhelp.de/files/tools/roundcube/roundcubemail-1.5.1.tar.gz

2022-01-14 20:03:34 URL:https://install.keyhelp.de/files/tools/roundcube/roundcubemail-1.5.1.tar.gz [7827081/7827081] -> "/tmp/keyhelp_update/roundcube.tar.gz" [1]

exec | tar --strip 1 -xf /tmp/keyhelp_update/roundcube.tar.gz -C /home/keyhelp/www/roundcube

exec | mkdir --parents --mode 0755 /home/keyhelp/www/roundcube/plugins/keyhelp_sync_identities

files | roundcube/config.inc.php => /home/keyhelp/www/roundcube/config/config.inc.php

files | roundcube/plugins/managesieve/config.inc.php => /home/keyhelp/www/roundcube/plugins/managesieve/config.inc.php

files | roundcube/plugins/password/config.inc.php => /home/keyhelp/www/roundcube/plugins/password/config.inc.php

files | roundcube/plugins/keyhelp_sync_identities/keyhelp_sync_identities.php => /home/keyhelp/www/roundcube/plugins/keyhelp_sync_identities/keyhelp_sync_identities.php

files | roundcube/plugins/keyhelp_sync_identities/composer.json => /home/keyhelp/www/roundcube/plugins/keyhelp_sync_identities/composer.json

db | DROP DATABASE IF EXISTS `roundcube`

db | CREATE DATABASE `roundcube`

db | GRANT ALL PRIVILEGES ON roundcube.* TO 'roundcube'@'localhost' IDENTIFIED BY '***RC_PASS***'

db | FLUSH PRIVILEGES

exec | chmod 0600 /home/keyhelp/www/roundcube/plugins/password/config.inc.php

exec | chmod 0600 /home/keyhelp/www/roundcube/config/config.inc.php

exec | chown -R keyhelp:keyhelp /home/keyhelp/www/roundcube

import | /home/keyhelp/www/roundcube/SQL/mysql.initial.sql => roundcube

================================================================================

Rainloop 1.16.0 (Community Edition)

================================================================================

exec | rm -rf /home/keyhelp/www/rainloop/*

exec | rm --force /tmp/keyhelp_update/rainloop.tar.gz

exec | mkdir --parents --mode 0755 /tmp/keyhelp_update/

exec | mkdir --parents --mode 0755 /home/keyhelp/www/rainloop

exec | wget --no-verbose --no-check-certificate --prefer-family='ipv4' --output-document='/tmp/keyhelp_update/rainloop.tar.gz' https://install.keyhelp.de/files/tools/rainloop/rainloop-community-1.16.0.tar.gz

2022-01-14 20:03:35 URL:https://install.keyhelp.de/files/tools/rainloop/rainloop-community-1.16.0.tar.gz [5999866/5999866] -> "/tmp/keyhelp_update/rainloop.tar.gz" [1]

exec | tar -xf /tmp/keyhelp_update/rainloop.tar.gz -C /home/keyhelp/www/rainloop

exec | find /home/keyhelp/www/rainloop -type d -exec chmod 0755 {} \;

exec | find /home/keyhelp/www/rainloop -type f -exec chmod 0644 {} \;

exec | mkdir --parents --mode 0755 /home/keyhelp/www/rainloop/data/_data_/_default_/configs/

exec | mkdir --parents --mode 0755 /home/keyhelp/www/rainloop/rainloop/v/1.16.0/app/domains

exec | mkdir --parents --mode 0755 /home/keyhelp/www/rainloop/data/_data_/_default_/plugins/change-password-custom-sql/

files | rainloop/application.ini => /home/keyhelp/www/rainloop/data/_data_/_default_/configs/application.ini

files | rainloop/default.ini => /home/keyhelp/www/rainloop/rainloop/v/1.16.0/app/domains/default.ini

files | rainloop/change-password-custom-sql/ChangePasswordCustomSqlDriver.php => /home/keyhelp/www/rainloop/data/_data_/_default_/plugins/change-password-custom-sql/ChangePasswordCustomSqlDriver.php

files | rainloop/change-password-custom-sql/index.php => /home/keyhelp/www/rainloop/data/_data_/_default_/plugins/change-password-custom-sql/index.php

files | rainloop/change-password-custom-sql/plugin-change-password-custom-sql.ini => /home/keyhelp/www/rainloop/data/_data_/_default_/configs/plugin-change-password-custom-sql.ini

files | rainloop/.htaccess_deny => /home/keyhelp/www/rainloop/data/.htaccess

db | DROP DATABASE IF EXISTS `rainloop`

db | CREATE DATABASE `rainloop`

db | GRANT ALL PRIVILEGES ON rainloop.* TO 'rainloop'@'localhost' IDENTIFIED BY '***RL_PASS***'

db | FLUSH PRIVILEGES

exec | chmod 0600 /home/keyhelp/www/rainloop/data/_data_/_default_/configs/application.ini

exec | chmod 0600 /home/keyhelp/www/rainloop/data/_data_/_default_/configs/plugin-change-password-custom-sql.ini

exec | chown -R keyhelp:keyhelp /home/keyhelp/www/rainloop

================================================================================

Quota

================================================================================

exec | apt-get install -y quota quotatool

Reading package lists...

Building dependency tree...

Reading state information...

quota is already the newest version (4.05-1).

quotatool is already the newest version (1:1.6.2-5fakesync1).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

exec | service quota stop

exec | cp /etc/fstab /etc/fstab-backup

exec | echo "LABEL=cloudimg-rootfs / ext4 defaults,usrquota,grpquota 0 1

LABEL=UEFI /boot/efi vfat umask=0077 0 1

# CLOUD_IMG: This file was created/modified by the Cloud Image build process

######################################

## ORACLE CLOUD INFRASTRUCTURE CUSTOMERS

##

## If you are adding an iSCSI remote block volume to this file you MUST

## include the '_netdev' mount option or your instance will become

## unavailable after the next reboot.

## SCSI device names are not stable across reboots; please use the device UUID

## instead of /dev path.

##

## Example:

## UUID=94c5aade-8bb1-4d55-ad0c-388bb8aa716a /data1 ext4 defaults,noatime,_netdev 0 2

##

## More information:

## https://docs.us-phoenix-1.oraclecloud.com/Content/Block/Tasks/connectingtoavolume.htm

##" > "/etc/fstab"

exec | mount -o remount /

exec | quotacheck -avmug

quotacheck: Your kernel probably supports journaled quota but you are not using it. Consider switching to journaled quota to avoid running quotacheck after an unclean shutdown.

quotacheck: Quota for users is enabled on mountpoint / so quotacheck might damage the file.

Please turn quotas off or use -f to force checking.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ERROR DETECTED <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

[SKIPPED DUE PREVIOUS ERRORS] exec | service quota start

================================================================================

Apparmor

================================================================================

exec | apt-get install -y apparmor

Reading package lists...

Building dependency tree...

Reading state information...

apparmor is already the newest version (2.13.3-7ubuntu5.1).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

================================================================================

7-zip

================================================================================

exec | apt-get install -y p7zip-full

Reading package lists...

Building dependency tree...

Reading state information...

p7zip-full is already the newest version (16.02+dfsg-7build1).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

================================================================================

Hide LTS notice

================================================================================

files | update-manager/release-upgrades => /etc/update-manager/release-upgrades

exec | rm -f /var/lib/update-notifier/release-upgrade-available

================================================================================

Update message of the day

================================================================================

files | motd/80-keyhelp => /etc/update-motd.d/80-keyhelp

exec | chmod +x /etc/update-motd.d/80-keyhelp

================================================================================

Nano

================================================================================

exec | apt-get install -y nano

Reading package lists...

Building dependency tree...

Reading state information...

nano is already the newest version (4.8-1ubuntu1).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

================================================================================

Curl

================================================================================

exec | apt-get install -y curl

Reading package lists...

Building dependency tree...

Reading state information...

curl is already the newest version (7.68.0-1ubuntu2.7).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

================================================================================

Cron daemon

================================================================================

exec | apt-get install -y cron

Reading package lists...

Building dependency tree...

Reading state information...

cron is already the newest version (3.0pl1-136ubuntu1).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

files | cron/keyhelp => /etc/cron.d/keyhelp

files | cron/keyhelp-sa-learn => /etc/cron.d/keyhelp-sa-learn

files | cron/keyhelp-firewall => /etc/cron.d/keyhelp-firewall

exec | chmod 0644 /etc/cron.d/keyhelp

exec | chmod 0644 /etc/cron.d/keyhelp-sa-learn

################################################################################

################################################################################

=> Errors occurred during installation. <=

Finished install: 2022-01-14 20:03:41

Duration: 116 second(s)

ubuntu@ch1:~$

Author

Title

Language

Your paste - Paste your paste here

ubuntu@ch1:~$ sudo cat /var/log/keyhelp/install.log
Start install: 2022-01-14 20:01:45
Operating System: Ubuntu 20.04 (64-bit)

================================================================================
  Placeholders
================================================================================

install.ssh_keys = 
  install.nagios = 
  install.midnight_commander = 
  install.server_setup = 
  install.hide_lts_notice = 1
  install.hostname = 
  general.preferred_protocol = ipv4
  system.email = root@***HOSTNAME***
  server.domain = ***HOSTNAME***
  server.current_hostname = ***HOSTNAME***
  server.timezone = Europe/Sarajevo
  server.fstab = LABEL=cloudimg-rootfs     /     ext4     defaults,usrquota,grpquota     0     1
  LABEL=UEFI	/boot/efi	vfat	umask=0077	0 1
  
  # CLOUD_IMG: This file was created/modified by the Cloud Image build process
  ######################################
  ## ORACLE CLOUD INFRASTRUCTURE CUSTOMERS
  ##
  ## If you are adding an iSCSI remote block volume to this file you MUST
  ## include the '_netdev' mount option or your instance will become
  ## unavailable after the next reboot.
  ## SCSI device names are not stable across reboots; please use the device UUID
  ## instead of /dev path.
  ##
  ## Example:
  ## UUID=94c5aade-8bb1-4d55-ad0c-388bb8aa716a /data1 ext4 defaults,noatime,_netdev 0 2
  ##
  ## More information:
  ## https://docs.us-phoenix-1.oraclecloud.com/Content/Block/Tasks/connectingtoavolume.htm
  ##
  encryption.base = ***KH_ENCRYPTION_BASE***
  webserver.log_format_with_logio = %h %l %u %t \&quot;%r\&quot; %&gt;s %b \&quot;%{Referer}i\&quot; \&quot;%{User-Agent}i\&quot; %I %O
  webserver.log_format_without_logio = %h %l %u %t \&quot;%r\&quot; %&gt;s %b \&quot;%{Referer}i\&quot; \&quot;%{User-Agent}i\&quot; 0 0
  webserver.http_port = 80
  webserver.https_port = 443
  dir.home = /home/keyhelp
  dir.keyhelp = /home/keyhelp/www/keyhelp
  dir.webmail = /home/keyhelp/www/webmail
  dir.roundcube = /home/keyhelp/www/roundcube
  dir.rainloop = /home/keyhelp/www/rainloop
  dir.db-administration = /home/keyhelp/www/db-administration
  dir.phpmyadmin = /home/keyhelp/www/phpmyadmin
  dir.adminer = /home/keyhelp/www/adminer
  dir.statistics = /home/keyhelp/www/kh.webstats
  dir.acme_challenge = /home/keyhelp/www/.well-known/acme-challenge
  dir.autoconfig = /home/keyhelp/www/keyhelp/misc/emailconfig
  email.virus_checks = 
  dovecot.imap_login_process_limit = 100
  dovecot.max_userip_connections = 10
  dovecot.enforce_quota = 1
  postfix.inet_protocols = ipv4
  clamav.signatures_for_config = 
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/junk.ndb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/jurlbl.ndb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phish.ndb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/rogue.hdb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sanesecurity.ftm
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/scam.ndb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamimg.hdb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamattach.hdb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/blurl.ndb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/malwarehash.hsb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/hackingteam.hsb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware.hdb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware_links.ndb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_extended_malware.hdb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow.attachments.hdb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_bad_cw.hdb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.ndb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phishtank.ndb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.hsb
  DatabaseCustomURL https://urlhaus.abuse.ch/downloads/urlhaus.ndb
  
  php.version = 7.4
  db.tuning_file = tuning.cnf
  db.setup.username = root
  db.setup.password = 
  db.root.username = root
  db.root.password = ***DB_ROOT_PASS***
  db.keyhelp.host = localhost
  db.keyhelp.username = keyhelp
  db.keyhelp.password = ***DB_KH_PASS***
  db.keyhelp.dbname = keyhelp
  db.keyhelp_root.host = localhost
  db.keyhelp_root.username = keyhelp_root
  db.keyhelp_root.password = ***DB_KH_ROOT_PASS***
  bind.rname = root.***HOSTNAME***.
  bind.serial = 2022011400
  bind.name_servers.0 = ns.***HOSTNAME***.
  bind.name_servers.1 = ns2.***HOSTNAME***.
  bind.ips_v4.0 = ***IP_0***
  admin.username = admin
  admin.password = ***KH_ADMIN_PASS***
  admin.email = root@***HOSTNAME***
  phpmyadmin.password = ***PMA_PASS***
  phpmyadmin.blowfishsecret = ***PMA_CRYPT***
  roundcube.product_name = KeyHelp Webmail
  roundcube.support_url = 
  roundcube.password = ***RC_PASS***
  roundcube.plugins = 'managesieve','password','keyhelp_sync_identities'
  roundcube.plugins_db = managesieve, password, keyhelp_sync_identities
  roundcube.skin = elastic
  roundcube.24_byte_des_key = ***RC_CRYPT***
  roundcube.pw_length = 8
  rainloop.product_name = KeyHelp Webmail
  rainloop.password = ***RL_PASS***
  rainloop.language = en
  keyhelp.id = 1333baa4a67a9c300b89437de5c36b274d386ae2351591d8718362a09635dfebdc6f4f00bd9ef2e21264e4ae572d05bf5bef25b22371a369a8571626d3af6f0b
  keyhelp.url = https://***HOSTNAME***
  keyhelp.version = 21.3
  keyhelp.settings.ips = ***IP_0***
  keyhelp.settings.name_servers = ns.***HOSTNAME***.,ns2.***HOSTNAME***.
  keyhelp.language = en
  ftp.tls_required = 
  ssh_keys.support_keys = 
  firewall.rule_set = common

################################################################################
################################################################################

================================================================================
  Update sources list
================================================================================

exec  | apt-get update
          Hit:1 http://ports.ubuntu.com/ubuntu-ports focal-security InRelease
          Hit:2 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal InRelease
          Hit:3 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal-updates InRelease
          Hit:4 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal-backports InRelease
          Reading package lists...

================================================================================
  Installation requirements
================================================================================

exec  | apt-get install -y unzip
          Reading package lists...
          Building dependency tree...
          Reading state information...
          unzip is already the newest version (6.0-25ubuntu1).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  exec  | apt-get install -y zip
          Reading package lists...
          Building dependency tree...
          Reading state information...
          zip is already the newest version (3.0-11build1).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  exec  | apt-get install -y bzip2
          Reading package lists...
          Building dependency tree...
          Reading state information...
          bzip2 is already the newest version (1.0.8-2).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

================================================================================
  Sudo
================================================================================

exec  | apt-get install -y sudo
          Reading package lists...
          Building dependency tree...
          Reading state information...
          sudo is already the newest version (1.8.31-1ubuntu1.2).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

================================================================================
  Bind9
================================================================================

exec  | echo &quot;***HOSTNAME***&quot; &gt; /etc/hostname
  exec  | apt-get install -y bind9
          Reading package lists...
          Building dependency tree...
          Reading state information...
          bind9 is already the newest version (1:9.16.1-0ubuntu2.9).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

files | bind/keyhelp_domain.conf.twig =&gt; /etc/bind/keyhelp_domain.conf
  files | bind/named.conf =&gt; /etc/bind/named.conf
  files | bind/named.conf.local =&gt; /etc/bind/named.conf.local

exec  | mkdir -p -m 0755 /etc/bind/keyhelp_domains/
  exec  | touch /etc/bind/named.conf.keyhelp
  exec  | service bind9 restart

================================================================================
  SSL/TLS
================================================================================

exec  | apt-get install -y openssl
          Reading package lists...
          Building dependency tree...
          Reading state information...
          openssl is already the newest version (1.1.1f-1ubuntu2.10).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  exec  | mkdir -p -m 0700 /etc/ssl/keyhelp/pem/
  exec  | mkdir -p -m 0700 /etc/ssl/keyhelp/files/

files | tls/keyhelp-root-ca.crt =&gt; /etc/ssl/keyhelp/root-ca.crt

exec  | chmod 0600 /etc/ssl/keyhelp/root-ca.crt
  exec  | openssl genrsa -out /etc/ssl/keyhelp/files/default.key 2048
          Generating RSA private key, 2048 bit long modulus (2 primes)
          ..+++++
          ..................+++++
          e is 65537 (0x010001)
  exec  | openssl req -new -sha256 -key /etc/ssl/keyhelp/files/default.key -out /etc/ssl/keyhelp/files/default.csr -subj '/C=DE/ST=Thuringia/L=Erfurt/O=KeyHelp/OU=KeyHelp Panel/CN=***HOSTNAME***/emailAddress=info@keyhelp.de'
  exec  | openssl x509 -req -sha256 -days 3650 -in /etc/ssl/keyhelp/files/default.csr -signkey /etc/ssl/keyhelp/files/default.key -out /etc/ssl/keyhelp/files/default.crt
          Signature ok
          subject=C = DE, ST = Thuringia, L = Erfurt, O = KeyHelp, OU = KeyHelp Panel, CN = ***HOSTNAME***, emailAddress = info@keyhelp.de
          Getting Private key
  exec  | cat /etc/ssl/keyhelp/files/default.key /etc/ssl/keyhelp/files/default.csr /etc/ssl/keyhelp/files/default.crt &gt; /etc/ssl/keyhelp/pem/default.pem
  exec  | cat /etc/ssl/keyhelp/root-ca.crt &gt; /etc/ssl/keyhelp/files/default-ca.crt
  exec  | ln -s -f /etc/ssl/keyhelp/pem/default.pem /etc/ssl/keyhelp/keyhelp.pem
  exec  | ln -s -f /etc/ssl/keyhelp/pem/default.pem /etc/ssl/keyhelp/ftp.pem
  exec  | ln -s -f /etc/ssl/keyhelp/pem/default.pem /etc/ssl/keyhelp/mail.pem
  exec  | ln -s -f /etc/ssl/keyhelp/pem/default.pem /etc/ssl/keyhelp/webmail.pem
  exec  | ln -s -f /etc/ssl/keyhelp/files/default-ca.crt /etc/ssl/keyhelp/keyhelp-ca.crt
  exec  | ln -s -f /etc/ssl/keyhelp/files/default-ca.crt /etc/ssl/keyhelp/ftp-ca.crt
  exec  | ln -s -f /etc/ssl/keyhelp/files/default-ca.crt /etc/ssl/keyhelp/mail-ca.crt
  exec  | ln -s -f /etc/ssl/keyhelp/files/default-ca.crt /etc/ssl/keyhelp/webmail-ca.crt
  exec  | chown -R keyhelp:keyhelp /etc/ssl/keyhelp/files/
  exec  | chmod 0600 /etc/ssl/keyhelp/files/*
  exec  | chmod 0600 /etc/ssl/keyhelp/pem/*

================================================================================
  PHP
================================================================================

exec  | apt-get install -y php php-curl php-gd imagemagick php-imagick php-mail-mime php-net-sieve php-pspell php-net-socket php-auth-sasl php-intl php7.4-mysql php-net-smtp php-zip php-bcmath php-soap
          Reading package lists...
          Building dependency tree...
          Reading state information...
          php is already the newest version (2:7.4+75).
          php-curl is already the newest version (2:7.4+75).
          php-gd is already the newest version (2:7.4+75).
          php-pspell is already the newest version (2:7.4+75).
          php-auth-sasl is already the newest version (1.0.6-3).
          php-bcmath is already the newest version (2:7.4+75).
          php-imagick is already the newest version (3.4.4-4).
          php-intl is already the newest version (2:7.4+75).
          php-mail-mime is already the newest version (1.10.6-1).
          php-net-sieve is already the newest version (1.4.1-1).
          php-net-smtp is already the newest version (1.9.0-1).
          php-net-socket is already the newest version (1.0.14-2).
          php-soap is already the newest version (2:7.4+75).
          php-zip is already the newest version (2:7.4+75).
          php7.4-mysql is already the newest version (7.4.3-4ubuntu2.8).
          imagemagick is already the newest version (8:6.9.10.23+dfsg-2.1ubuntu11.4).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

files | php/timezone.ini =&gt; /etc/php/7.4/mods-available/timezone.ini
  files | php/charset.ini =&gt; /etc/php/7.4/mods-available/charset.ini

exec  | phpdismod timezone
  exec  | phpenmod timezone/30
  exec  | phpdismod charset
  exec  | phpenmod charset/30

================================================================================
  Apache web server
================================================================================

exec  | apt-get install -y apache2 libapache2-mod-fcgid apache2-suexec-custom
          Reading package lists...
          Building dependency tree...
          Reading state information...
          libapache2-mod-fcgid is already the newest version (1:2.3.9-4).
          apache2 is already the newest version (2.4.41-4ubuntu3.9).
          apache2-suexec-custom is already the newest version (2.4.41-4ubuntu3.9).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  exec  | grep -q -F &quot;Include keyhelp/keyhelp.conf&quot; /etc/apache2/apache2.conf || printf &quot;\n#Include KeyHelp vHosts\nInclude keyhelp/keyhelp.conf\n&quot; &gt;&gt; /etc/apache2/apache2.conf
  exec  | mkdir -p -m 0755 /etc/apache2/keyhelp/
  exec  | mkdir -p -m 0755 /etc/apache2/keyhelp/vhosts/
  exec  | mkdir -p -m 0755 /etc/apache2/keyhelp/htpasswd/
  exec  | touch /etc/apache2/keyhelp/subdomain_catch_all.conf

files | apache/acme.conf =&gt; /etc/apache2/conf-available/acme.conf
  files | apache/autoconfig.conf =&gt; /etc/apache2/keyhelp/autoconfig.conf
  files | apache/apache2.service =&gt; /lib/systemd/system/apache2.service
  files | apache/keyhelp.conf =&gt; /etc/apache2/keyhelp/keyhelp.conf
  files | apache/mod_http2.conf =&gt; /etc/apache2/mods-available/http2.conf
  files | apache/mod_mime.conf =&gt; /etc/apache2/mods-available/mime.conf
  files | apache/mod_ssl.conf.twig =&gt; /etc/apache2/mods-available/ssl.conf
  files | apache/other-vhosts-access-log.conf =&gt; /etc/apache2/conf-available/other-vhosts-access-log.conf
  files | apache/ports.conf =&gt; /etc/apache2/ports.conf
  files | apache/security.conf =&gt; /etc/apache2/conf-available/security.conf
  files | apache/suexec_www-data =&gt; /etc/apache2/suexec/www-data
  files | apache/webmail_redirect.conf =&gt; /etc/apache2/keyhelp/webmail.conf

exec  | mkdir -p -m 0755 /home/keyhelp/www/roundcube
  exec  | mkdir -p -m 0755 /home/keyhelp/www/rainloop
  exec  | mkdir -p -m 0755 /home/keyhelp/www/phpmyadmin
  exec  | mkdir -p -m 0755 /home/keyhelp/www/adminer
  exec  | mkdir -p -m 0755 /home/keyhelp/www/kh.webstats
  exec  | mkdir -p -m 0750 /var/log/apache2/keyhelp
  exec  | rm -f /home/keyhelp/www/webmail
  exec  | ln -s roundcube /home/keyhelp/www/webmail
  exec  | rm -f /home/keyhelp/www/db-administration
  exec  | ln -s phpmyadmin /home/keyhelp/www/db-administration
  exec  | a2enmod actions fcgid alias auth_digest suexec deflate expires headers ssl rewrite include http2 cgid
          Module actions already enabled
          Module fcgid already enabled
          Module alias already enabled
          Considering dependency authn_core for auth_digest:
          Module authn_core already enabled
          Module auth_digest already enabled
          Module suexec already enabled
          Considering dependency filter for deflate:
          Module filter already enabled
          Module deflate already enabled
          Module expires already enabled
          Module headers already enabled
          Considering dependency setenvif for ssl:
          Module setenvif already enabled
          Considering dependency mime for ssl:
          Module mime already enabled
          Considering dependency socache_shmcb for ssl:
          Module socache_shmcb already enabled
          Module ssl already enabled
          Module rewrite already enabled
          Considering dependency mime for include:
          Module mime already enabled
          Module include already enabled
          Module http2 already enabled
          Module cgid already enabled
  exec  | a2enmod proxy proxy_fcgi
          Module proxy already enabled
          Considering dependency proxy for proxy_fcgi:
          Module proxy already enabled
          Module proxy_fcgi already enabled
  exec  | a2dissite 000-default
          Site 000-default already disabled
  exec  | a2enconf acme
          Conf acme already enabled
  exec  | a2enmod access_compat
          Considering dependency authn_core for access_compat:
          Module authn_core already enabled
          Module access_compat already enabled
  exec  | a2dismod php7.4
          Module php7.4 already disabled
  exec  | a2dismod mpm_prefork
          Module mpm_prefork already disabled
  exec  | a2dismod mpm_event
          Module mpm_event already disabled
  exec  | a2enmod mpm_worker
          Considering conflict mpm_event for mpm_worker:
          Considering conflict mpm_prefork for mpm_worker:
          Module mpm_worker already enabled
  exec  | systemctl daemon-reload
  exec  | service apache2 restart

================================================================================
  PHP-FPM
================================================================================

exec  | apt-get install -y php-fpm
          Reading package lists...
          Building dependency tree...
          Reading state information...
          php-fpm is already the newest version (2:7.4+75).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  exec  | rm -f /etc/php/7.4/fpm/pool.d/www.conf*

files | phpfpm/php-fpm.conf =&gt; /etc/php/7.4/fpm/php-fpm.conf
  files | phpfpm/keyhelp.conf =&gt; /etc/php/7.4/fpm/pool.d/keyhelp.conf

exec  | phpenmod ioncube
  exec  | mkdir -p -m 0755 /etc/php/7.4/fpm/keyhelp_pool
  exec  | service php7.4-fpm restart

================================================================================
  MariaDB
================================================================================

exec  | apt-get install -y mariadb-server
          Reading package lists...
          Building dependency tree...
          Reading state information...
          mariadb-server is already the newest version (1:10.3.32-0ubuntu0.20.04.1).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  exec  | apt-get install -y libdbd-mysql-perl
          Reading package lists...
          Building dependency tree...
          Reading state information...
          libdbd-mysql-perl is already the newest version (4.050-3).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

files | database/tuning.cnf =&gt; /etc/mysql/mariadb.conf.d/90-tuning.cnf
  files | database/mariadb.cnf =&gt; /etc/mysql/conf.d/mariadb.cnf

exec  | service mysql restart

db    | UPDATE `mysql`.`user` SET `Password` = PASSWORD('***DB_ROOT_PASS***') WHERE `User` = 'root'
  db    | DELETE FROM `mysql`.`user` WHERE `User` = ''
  db    | DELETE FROM `mysql`.`user` WHERE `User` = 'root' AND `Host` NOT IN ('localhost', '127.0.0.1', '::1')
  db    | DROP DATABASE IF EXISTS `test`
  db    | FLUSH PRIVILEGES
  db    | GRANT ALL PRIVILEGES ON *.* TO 'mysqladmin'@'localhost' IDENTIFIED BY '***DB_ROOT_PASS***' WITH GRANT OPTION

================================================================================
  KeyHelp
================================================================================

exec  | chmod 0750 /home/keyhelp
  exec  | chown keyhelp:keyhelp /home/keyhelp/www/kh.webstats
  exec  | chown -h keyhelp:keyhelp /home/keyhelp/www/webmail
  exec  | chown -h keyhelp:keyhelp /home/keyhelp/www/db-administration
  exec  | chgrp www-data /home/keyhelp
  exec  | usermod -aG www-data keyhelp
  exec  | groupadd --force keyhelp_file_manager
  exec  | groupadd --force keyhelp_nossh
  exec  | groupadd --force keyhelp_noftp
  exec  | groupadd --force keyhelp_suspended
  exec  | groupadd --force keyhelp_chroot
  exec  | mkdir -p -m 0700 /etc/keyhelp/
  exec  | mkdir -p -m 0700 /etc/keyhelp/config
  exec  | mkdir -p -m 0700 /etc/keyhelp/skel
  exec  | chown keyhelp:keyhelp -R /etc/keyhelp/
  exec  | mkdir -p -m 0755 /usr/local/keyhelp/
  exec  | echo '# --------------------------------------------------
  #  This file is managed by KeyHelp.                 
  #  If you want to change its content, please use    
  #  the corresponding configuration menu.            
  # --------------------------------------------------
  hostmaster: root
  postmaster: root
  webmaster: root
  abuse: root' &gt; /etc/aliases

files | sudoers/keyhelp =&gt; /etc/sudoers.d/keyhelp
  files | sudoers/keyhelp_file_manager =&gt; /etc/sudoers.d/keyhelp_file_manager
  files | keyhelp/config.json =&gt; /etc/keyhelp/config/config.json
  files | keyhelp/skel/README =&gt; /etc/keyhelp/skel/README
  files | bin/call_url =&gt; /usr/local/keyhelp/call_url

db    | DROP DATABASE IF EXISTS `keyhelp`
  db    | CREATE DATABASE `keyhelp`
  db    | GRANT ALL PRIVILEGES ON keyhelp.* TO 'keyhelp'@'localhost' IDENTIFIED BY '***DB_KH_PASS***'
  db    | GRANT ALL PRIVILEGES ON *.* TO 'keyhelp_root'@'localhost' IDENTIFIED BY '***DB_KH_ROOT_PASS***' WITH GRANT OPTION
  db    | FLUSH PRIVILEGES

import | /home/keyhelp/www/keyhelp/install/templates/keyhelp/keyhelp.sql =&gt; keyhelp
  import | /home/keyhelp/www/keyhelp/install/templates/keyhelp/prohibited_domains.sql =&gt; keyhelp

exec  | chmod 0440 /etc/sudoers.d/keyhelp
  exec  | chmod 0440 /etc/sudoers.d/keyhelp_file_manager
  exec  | chmod 0600 /etc/keyhelp/config/config.json
  exec  | chown keyhelp:keyhelp /etc/keyhelp/config/config.json
  exec  | chown keyhelp:keyhelp /etc/keyhelp/skel
  exec  | chmod +x /usr/local/keyhelp/call_url
  exec  | chmod +x /home/keyhelp/www/keyhelp/bin/toolbox.php
  exec  | rm -fr /usr/bin/keyhelp-toolbox
  exec  | ln -s /home/keyhelp/www/keyhelp/bin/toolbox.php /usr/bin/keyhelp-toolbox

db    | INSERT INTO `keyhelp`.`ssl_certificates` SET `id` = '1', `name` = 'default', `file_name` = 'default';
  db    | UPDATE `keyhelp`.`settings` SET `value` = '1333baa4a67a9c300b89437de5c36b274d386ae2351591d8718362a09635dfebdc6f4f00bd9ef2e21264e4ae572d05bf5bef25b22371a369a8571626d3af6f0b'                                WHERE `category` = 'general'           AND `name` = 'keyhelp_id'
  db    | UPDATE `keyhelp`.`settings` SET `value` = 'https://***HOSTNAME***'                               WHERE `category` = 'general'           AND `name` = 'panelurl'
  db    | UPDATE `keyhelp`.`settings` SET `value` = '***HOSTNAME***'                             WHERE `category` = 'general'           AND `name` = 'hostname'
  db    | UPDATE `keyhelp`.`settings` SET `value` = 'root@***HOSTNAME***'                              WHERE `category` = 'general'           AND `name` = 'system_email'
  db    | UPDATE `keyhelp`.`settings` SET `value` = 'ns.***HOSTNAME***.,ns2.***HOSTNAME***.'             WHERE `category` = 'dns'               AND `name` = 'name_servers'
  db    | UPDATE `keyhelp`.`settings` SET `value` = '***IP_0***'                      WHERE `category` = 'dns'               AND `name` = 'ips'
  db    | UPDATE `keyhelp`.`settings` SET `value` = '21.3'                           WHERE `category` = 'sys'               AND `name` = 'version'
  db    | UPDATE `keyhelp`.`settings` SET `value` = 'ipv4'                WHERE `category` = 'sys'               AND `name` = 'prefer_family'
  db    | UPDATE `keyhelp`.`settings` SET `value` = 'Europe/Sarajevo'                           WHERE `category` = 'sys'               AND `name` = 'time_zone'
  db    | UPDATE `keyhelp`.`settings` SET `value` = 'https://***HOSTNAME***/db-administration/'            WHERE `category` = 'db_administration' AND `name` = 'nav_url'
  db    | UPDATE `keyhelp`.`settings` SET `value` = 'https://***HOSTNAME***/webmail/'                      WHERE `category` = 'webmail'           AND `name` = 'nav_url'
  db    | UPDATE `keyhelp`.`settings` SET `value` = 'managesieve, password, keyhelp_sync_identities'                      WHERE `category` = 'roundcube'         AND `name` = 'plugins'
  db    | UPDATE `keyhelp`.`settings` SET `value` = 'en'                          WHERE `category` = 'language'          AND `name` = 'default'
  db    | UPDATE `keyhelp`.`settings` SET `value` = '1'  WHERE `category` = 'email'             AND `name` = 'enable_virus_checks'
  db    | UPDATE `keyhelp`.`settings` SET `value` = '1' WHERE `category` = 'general' AND `name` = 'show_welcome_message'
  db    | UPDATE `keyhelp`.`maintenance_intervals` SET `timeframe_start` = '2', `timeframe_end` = '3' WHERE `name` = 'panel-update'
  db    | UPDATE `keyhelp`.`maintenance_intervals` SET `timeframe_start` = '6',  `timeframe_end` = '7'  WHERE `name` = 'repo-update'
  db    | UPDATE `keyhelp`.`settings` SET `value` = '1' WHERE `category` = 'ssl' AND `name` = 'panel_certificate'
  db    | UPDATE `keyhelp`.`settings` SET `value` = '1' WHERE `category` = 'ssl' AND `name` = 'ftp_certificate'
  db    | UPDATE `keyhelp`.`settings` SET `value` = '1' WHERE `category` = 'ssl' AND `name` = 'mail_certificate'
  db    | UPDATE `keyhelp`.`settings` SET `value` = '1' WHERE `category` = 'ssl' AND `name` = 'webmail_certificate'
  db    | INSERT INTO `keyhelp`.`users` SET `username` = 'admin', `password` = '$2y$10$ItofrAckl.fwtfZ0gaZU4Od60v7OmdNs8do51K9yyUoOOYp6y6QVW', `is_admin` = '1', `is_main_admin` = '1', `email` = 'root@***HOSTNAME***', `lang` = 'en', `setup_date` = '2022-01-14 20:01:45'
  db    | INSERT INTO `keyhelp`.`account_templates` SET `name`='Unlimited', `disk_space`=-1, `traffic`=-1, `email_accounts`=-1, `email_addresses`=-1, `domains` =-1, `subdomains`=-1, `databases`=-1, `ftp_users`=-1, `scheduled_tasks`=-1, `ftp`=1, `php`=1, `perl`=0, `ssh`=0, `backup`=1, `panel_access`=1, `domain_security`=1, `manage_certs`=1, `file_manager`='1', `applications`='1', `dns_editor`='1', `db_remote_access`=1, `change_personal_data`=1, `php_memory_limit`='80M', `php_max_execution_time`=60, `php_post_max_size`='72M', `php_upload_max_filesize`='64M', `php_open_basedir`='##DOCROOT##/www:##DOCROOT##/files:##DOCROOT##/tmp', `php_disable_functions`='dl, disk_free_space, diskfreespace, stream_socket_sendto, proc_get_status, proc_nice, proc_open, proc_terminate, proc_close, popen, curl_multi_exec, pcntl_exec, pcntl_fork, pcntl_setpriority, symlink, link, posix_kill, posix_mkfifo, posix_setsid, posix_setuid, posix_setpgid, posix_getpwuid, show_source, highlight_file, syslog, error_log, openlog, define_syslog_variables, apache_child_terminate, apache_setenv, apache_note', `php_additional_settings`='', `phpfpm_pm`='ondemand', `phpfpm_max_children`=3, `phpfpm_max_requests`=0, `phpfpm_min_spare_servers`='', `phpfpm_max_spare_servers`='', `phpfpm_status_enabled`=0, `phpfpm_status_ip_restriction`=''

exec  | sed -i &quot;s/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/gI&quot; /etc/locale.gen
  exec  | locale-gen en_US.UTF-8
          Generating locales (this might take a while)...
            en_US.UTF-8... done
          Generation complete.

================================================================================
  Backup tools
================================================================================

exec  | rm -rf /tmp/keyhelp_update/
  exec  | mkdir -p -m 0755 /tmp/keyhelp_update
  exec  | wget --no-verbose --no-check-certificate --prefer-family='ipv4' --output-document='/tmp/keyhelp_update/restic.bz2' https://github.com/restic/restic/releases/download/v0.12.1/restic_0.12.1_linux_arm64.bz2
          2022-01-14 20:01:58 URL:https://objects.githubusercontent.com/github-production-release-asset-2e65be/19205896/2a1881ca-f1c7-419f-a266-8c645807b8c5?X-Amz-Algorithm=AWS4-HMAC-SHA256&amp;X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220114%2Fus-east-1%2Fs3%2Faws4_request&amp;X-Amz-Date=20220114T190158Z&amp;X-Amz-Expires=300&amp;X-Amz-Signature=278b533775a4d9b84d508a43c56ccfdda1447d5cac3e3e04826c6c7a15c61a02&amp;X-Amz-SignedHeaders=host&amp;actor_id=0&amp;key_id=0&amp;repo_id=19205896&amp;response-content-disposition=attachment%3B%20filename%3Drestic_0.12.1_linux_arm64.bz2&amp;response-content-type=application%2Foctet-stream [5619633/5619633] -&gt; &quot;/tmp/keyhelp_update/restic.bz2&quot; [1]
  exec  | bunzip2 --force /tmp/keyhelp_update/restic.bz2
  exec  | chmod 0755 /tmp/keyhelp_update/restic
  exec  | mv /tmp/keyhelp_update/restic /usr/local/bin/restic
  exec  | wget --no-verbose --no-check-certificate --prefer-family='ipv4' --output-document='/tmp/keyhelp_update/rclone.zip' https://downloads.rclone.org/v1.56.2/rclone-v1.56.2-linux-arm64.zip
          2022-01-14 20:02:00 URL:https://downloads.rclone.org/v1.56.2/rclone-v1.56.2-linux-arm64.zip [13513736/13513736] -&gt; &quot;/tmp/keyhelp_update/rclone.zip&quot; [1]
  exec  | unzip -j -o '/tmp/keyhelp_update/rclone.zip' -d '/tmp/keyhelp_update/rclone/'
          Archive:  /tmp/keyhelp_update/rclone.zip
            inflating: /tmp/keyhelp_update/rclone/git-log.txt
            inflating: /tmp/keyhelp_update/rclone/rclone
            inflating: /tmp/keyhelp_update/rclone/README.txt
            inflating: /tmp/keyhelp_update/rclone/README.html
            inflating: /tmp/keyhelp_update/rclone/rclone.1
  exec  | if [ `command -v mandb` ]; then mkdir -p /usr/local/share/man/man1 &amp;&amp; cp /tmp/keyhelp_update/rclone/rclone.1 /usr/local/share/man/man1/rclone.1 &amp;&amp; mandb; fi
          Purging old database entries in /usr/share/man...
          Processing manual pages under /usr/share/man...
          Purging old database entries in /usr/share/man/tr...
          Processing manual pages under /usr/share/man/tr...
          Purging old database entries in /usr/share/man/fi...
          Processing manual pages under /usr/share/man/fi...
          Purging old database entries in /usr/share/man/cs...
          Processing manual pages under /usr/share/man/cs...
          Purging old database entries in /usr/share/man/zh_CN...
          Processing manual pages under /usr/share/man/zh_CN...
          Purging old database entries in /usr/share/man/ja...
          Processing manual pages under /usr/share/man/ja...
          Purging old database entries in /usr/share/man/fr...
          Processing manual pages under /usr/share/man/fr...
          Purging old database entries in /usr/share/man/pl...
          Processing manual pages under /usr/share/man/pl...
          Purging old database entries in /usr/share/man/ru...
          Processing manual pages under /usr/share/man/ru...
          Purging old database entries in /usr/share/man/sr...
          Processing manual pages under /usr/share/man/sr...
          Purging old database entries in /usr/share/man/it...
          Processing manual pages under /usr/share/man/it...
          Purging old database entries in /usr/share/man/sl...
          Processing manual pages under /usr/share/man/sl...
          Purging old database entries in /usr/share/man/zh_TW...
          Processing manual pages under /usr/share/man/zh_TW...
          Purging old database entries in /usr/share/man/de...
          Processing manual pages under /usr/share/man/de...
          Purging old database entries in /usr/share/man/es...
          Processing manual pages under /usr/share/man/es...
          Purging old database entries in /usr/share/man/sv...
          Processing manual pages under /usr/share/man/sv...
          Purging old database entries in /usr/share/man/pt_BR...
          Processing manual pages under /usr/share/man/pt_BR...
          Purging old database entries in /usr/share/man/da...
          Processing manual pages under /usr/share/man/da...
          Purging old database entries in /usr/share/man/ko...
          Processing manual pages under /usr/share/man/ko...
          Purging old database entries in /usr/share/man/hu...
          Processing manual pages under /usr/share/man/hu...
          Purging old database entries in /usr/share/man/id...
          Processing manual pages under /usr/share/man/id...
          Purging old database entries in /usr/share/man/pt...
          Processing manual pages under /usr/share/man/pt...
          Purging old database entries in /usr/share/man/nl...
          Processing manual pages under /usr/share/man/nl...
          Purging old database entries in /usr/local/man...
          Processing manual pages under /usr/local/man...
          0 man subdirectories contained newer manual pages.
          0 manual pages were added.
          0 stray cats were added.
          5 old database entries were purged.
  exec  | chmod 0755 /tmp/keyhelp_update/rclone/rclone
  exec  | mv /tmp/keyhelp_update/rclone/rclone /usr/local/bin/rclone
  exec  | mkdir -p -m 0777 /backup-keyhelp/
  exec  | chown keyhelp:keyhelp /backup-keyhelp/

================================================================================
  Firewall
================================================================================

exec  | apt-get install -y iptables
          Reading package lists...
          Building dependency tree...
          Reading state information...
          iptables is already the newest version (1.8.4-3ubuntu2).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  exec  | mkdir -p -m 0700 /etc/keyhelp/iptables/
  exec  | apt-get install -y nftables
          Reading package lists...
          Building dependency tree...
          Reading state information...
          nftables is already the newest version (0.9.3-2).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  exec  | mkdir -p -m 0755 /etc/nftables/

files | firewall/rules/rules_ipv4_common =&gt; /etc/keyhelp/iptables/startup_rules_ipv4
  files | firewall/rules/rules_ipv6_common =&gt; /etc/keyhelp/iptables/startup_rules_ipv6
  files | nftables/nftables.conf =&gt; /etc/nftables.conf
  files | nftables/fail2ban.conf =&gt; /etc/nftables/fail2ban.conf

exec  | chown keyhelp:keyhelp -R /etc/keyhelp/iptables/
  exec  | nft -f /etc/nftables/fail2ban.conf

import | /home/keyhelp/www/keyhelp/install/templates/firewall/rules/common.sql =&gt; keyhelp

================================================================================
  SSH
================================================================================

exec  | apt-get install -y openssh-server
          Reading package lists...
          Building dependency tree...
          Reading state information...
          openssh-server is already the newest version (1:8.2p1-4ubuntu0.4).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  exec  | grep --quiet &quot;^\s*DenyGroups keyhelp_nossh keyhelp_suspended&quot; /etc/ssh/sshd_config || printf &quot;\n# Limit KeyHelp usergroup\nDenyGroups keyhelp_nossh keyhelp_suspended\n&quot; &gt;&gt; /etc/ssh/sshd_config
  exec  | grep --quiet &quot;^\s*Match Group keyhelp_chroot&quot; /etc/ssh/sshd_config || printf &quot;\nMatch Group keyhelp_chroot\n ChrootDirectory %%h\n AllowTCPForwarding no\n X11Forwarding no\nMatch all\n&quot; &gt;&gt; /etc/ssh/sshd_config
  exec  | service ssh restart

================================================================================
  ProFTPD
================================================================================

exec  | /usr/share/debconf/fix_db.pl
  exec  | echo &quot;proftpd-basic shared/proftpd/inetd_or_standalone select standalone&quot; | sudo debconf-set-selections
  exec  | DEBIAN_FRONTEND=noninteractive apt-get install -y proftpd-basic proftpd-mod-mysql
          Reading package lists...
          Building dependency tree...
          Reading state information...
          proftpd-basic is already the newest version (1.3.6c-2).
          proftpd-mod-mysql is already the newest version (1.3.6c-2).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  exec  | DEBIAN_FRONTEND=dialog

files | proftpd/modules.conf =&gt; /etc/proftpd/modules.conf
  files | proftpd/proftpd.conf =&gt; /etc/proftpd/proftpd.conf
  files | proftpd/sql.conf =&gt; /etc/proftpd/sql.conf
  files | proftpd/tls.conf.twig =&gt; /etc/proftpd/tls.conf

exec  | chmod 0640 /etc/proftpd/proftpd.conf
  exec  | chmod 0600 /etc/proftpd/sql.conf
  exec  | service proftpd stop
  exec  | service proftpd start

================================================================================
  Postfix
================================================================================

exec  | /usr/share/debconf/fix_db.pl
  exec  | echo &quot;postfix postfix/mailname string ***HOSTNAME***&quot; | sudo debconf-set-selections
  exec  | echo &quot;postfix postfix/main_mailer_type string 'Internet Site'&quot; | sudo debconf-set-selections
  exec  | DEBIAN_FRONTEND=noninteractive apt-get install -y postfix postfix-mysql postfix-policyd-spf-python
          Reading package lists...
          Building dependency tree...
          Reading state information...
          postfix is already the newest version (3.4.13-0ubuntu1.2).
          The following additional packages will be installed:
            python3-authres python3-dns python3-spf python3-spf-engine
          The following NEW packages will be installed:
            postfix-mysql postfix-policyd-spf-python python3-authres python3-dns
            python3-spf python3-spf-engine
          0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.
          Need to get 163 kB of archives.
          After this operation, 667 kB of additional disk space will be used.
          Get:1 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal-updates/main arm64 postfix-mysql arm64 3.4.13-0ubuntu1.2 [21.0 kB]
          Get:2 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal/universe arm64 python3-authres all 1.2.0-2 [17.1 kB]
          Get:3 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal/universe arm64 python3-dns all 3.2.1-1 [25.6 kB]
          Get:4 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal/universe arm64 python3-spf all 2.0.14-1 [57.6 kB]
          Get:5 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal/universe arm64 python3-spf-engine all 2.9.2-1 [17.1 kB]
          Get:6 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal/universe arm64 postfix-policyd-spf-python all 2.9.2-1 [24.9 kB]
          Fetched 163 kB in 0s (1106 kB/s)
          Selecting previously unselected package postfix-mysql.
(Reading database ... 118173 files and directories currently installed.)
          Preparing to unpack .../0-postfix-mysql_3.4.13-0ubuntu1.2_arm64.deb ...
          Unpacking postfix-mysql (3.4.13-0ubuntu1.2) ...
          Selecting previously unselected package python3-authres.
          Preparing to unpack .../1-python3-authres_1.2.0-2_all.deb ...
          Unpacking python3-authres (1.2.0-2) ...
          Selecting previously unselected package python3-dns.
          Preparing to unpack .../2-python3-dns_3.2.1-1_all.deb ...
          Unpacking python3-dns (3.2.1-1) ...
          Selecting previously unselected package python3-spf.
          Preparing to unpack .../3-python3-spf_2.0.14-1_all.deb ...
          Unpacking python3-spf (2.0.14-1) ...
          Selecting previously unselected package python3-spf-engine.
          Preparing to unpack .../4-python3-spf-engine_2.9.2-1_all.deb ...
          Unpacking python3-spf-engine (2.9.2-1) ...
          Selecting previously unselected package postfix-policyd-spf-python.
          Preparing to unpack .../5-postfix-policyd-spf-python_2.9.2-1_all.deb ...
          Unpacking postfix-policyd-spf-python (2.9.2-1) ...
          Setting up python3-authres (1.2.0-2) ...
          Setting up postfix-mysql (3.4.13-0ubuntu1.2) ...
          Adding mysql map entry to /etc/postfix/dynamicmaps.cf
          Setting up python3-dns (3.2.1-1) ...
          Setting up python3-spf (2.0.14-1) ...
          Setting up python3-spf-engine (2.9.2-1) ...
          Setting up postfix-policyd-spf-python (2.9.2-1) ...
          Processing triggers for man-db (2.9.1-1) ...
  exec  | DEBIAN_FRONTEND=dialog

files | postfix/main.cf.twig =&gt; /etc/postfix/main.cf
  files | postfix/master.cf =&gt; /etc/postfix/master.cf
  files | postfix/header_checks =&gt; /etc/postfix/header_checks
  files | postfix/mysql-virtual-mailbox-domains.cf =&gt; /etc/postfix/mysql-virtual-mailbox-domains.cf
  files | postfix/mysql-virtual-mailbox-maps.cf =&gt; /etc/postfix/mysql-virtual-mailbox-maps.cf
  files | postfix/mysql-virtual-alias-maps.cf =&gt; /etc/postfix/mysql-virtual-alias-maps.cf

exec  | echo &quot;***HOSTNAME***&quot; &gt; /etc/mailname
  exec  | openssl dhparam -out /etc/postfix/dh512.pem 512
          Generating DH parameters, 512 bit long safe prime, generator 2
          This is going to take a long time
          .............................+..................................................................................+.................................+.............+......................+................+.............................+........................+.....+.+...+..............................++*++*++*++*++*
  exec  | openssl dhparam -out /etc/postfix/dh1024.pem 1024
          Generating DH parameters, 1024 bit long safe prime, generator 2
          This is going to take a long time
          .....................+......+...............+......................................................................+.....................+......................................+................................................................................................................+................................+.+...................................+..+.....+...............................................................................................................................................+................................................................................................................................................+...........................................................................+.....++*++*++*++*++*
  exec  | openssl dhparam -out /etc/postfix/dh2048.pem 2048
          Generating DH parameters, 2048 bit long safe prime, generator 2
          This is going to take a long time
          ..........................................+.................................................................................................................................................................................................+............+.......................................+....................................................................................................................................................................................................................................................................+...............+........................................+....................................................+......................................+.......................................................+..............+...........................................................+...................................................+...............................+..................................................................................................................................+.................................................+................+....................................+............................................................................................+............................+...................................................+..................................................................................................................................................................................+.............................................................+......................................................+...........................+....................+..................................+....................+..................+...........................................................................................................................................................+...........+.+.......+...........................................+........................................................+.....................................................................................................................................................................................................................................................................................+...................................................................+.+..................................+..................................................................+............................................................+.......................................+...+................+............................................................................................................................+.....................................................................................................+.............................+...........................+.......................................................+..............................................................................+................................................................+......................................................................+........................................+...........................+.............................................................................................................................+............................+...........................................................+..........................+.................................................................................................................................................+.......+.........................................................................................................................................................................................................................+.....................................................................................................................+................................+...........................................................................................................+...............................+..+...................................................................................................................+...........................................................................................................................................................................................................................................................................................................................................................+.......................+..........................................................+.........................................................................................................................+..................................................................................................................................................+.............................+........................................................................................................+......................................................+..................................................................................+......................................+...................................................................................+.+........................................................................................................................................................................................................................................................................................+..................................................................................................................................................................................................................+...................+.............................................................................+................................+.....................+........................+.....................+.......................................................+..............................+....................................+.................................................................................................................................................................................................................................+.......+..........................................................................................................................................................................+..........................................................................................................................................................................................+................++*++*++*++*
  exec  | chmod 0600 /etc/postfix/mysql-virtual-mailbox-domains.cf
  exec  | chmod 0600 /etc/postfix/mysql-virtual-mailbox-maps.cf
  exec  | chmod 0600 /etc/postfix/mysql-virtual-alias-maps.cf
  exec  | service postfix restart

================================================================================
  Dovecot
================================================================================

exec  | /usr/share/debconf/fix_db.pl
  exec  | DEBIAN_FRONTEND=noninteractive apt-get install -y dovecot-core dovecot-common dovecot-mysql dovecot-sieve dovecot-managesieved dovecot-imapd dovecot-pop3d dovecot-lmtpd
          Reading package lists...
          Building dependency tree...
          Reading state information...
          dovecot-core is already the newest version (1:2.3.7.2-1ubuntu3.5).
          dovecot-imapd is already the newest version (1:2.3.7.2-1ubuntu3.5).
          dovecot-pop3d is already the newest version (1:2.3.7.2-1ubuntu3.5).
          dovecot-lmtpd is already the newest version (1:2.3.7.2-1ubuntu3.5).
          dovecot-managesieved is already the newest version (1:2.3.7.2-1ubuntu3.5).
          dovecot-mysql is already the newest version (1:2.3.7.2-1ubuntu3.5).
          dovecot-sieve is already the newest version (1:2.3.7.2-1ubuntu3.5).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  exec  | DEBIAN_FRONTEND=dialog

files | dovecot/dovecot.conf.twig =&gt; /etc/dovecot/dovecot.conf
  files | dovecot/dovecot-sql.conf =&gt; /etc/dovecot/dovecot-sql.conf

exec  | id -u vmail 2&gt;&amp;1 || useradd -u 5000 -d /var/mail vmail
          5000
  exec  | chown -R vmail:vmail /var/mail/
  exec  | chmod 0777 /var/mail
  exec  | chown -R vmail:dovecot /etc/dovecot/
  exec  | chmod -R o-rwx /etc/dovecot/
  exec  | service dovecot restart

================================================================================
  OpenDKIM
================================================================================

exec  | apt-get -y install opendkim opendkim-tools
          Reading package lists...
          Building dependency tree...
          Reading state information...
          opendkim is already the newest version (2.11.0~beta2-1).
          opendkim-tools is already the newest version (2.11.0~beta2-1).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  exec  | mkdir -p -m 0755 /etc/opendkim/
  exec  | mkdir -p -m 0700 /etc/opendkim/keys
  exec  | touch /etc/opendkim/signing.table
  exec  | touch /etc/opendkim/key.table

files | opendkim/opendkim.conf =&gt; /etc/opendkim.conf
  files | opendkim/trusted =&gt; /etc/opendkim/trusted

exec  | chown -R opendkim:opendkim /etc/opendkim

================================================================================
  Email protection
================================================================================

exec  | apt-get install -y amavis clamav clamav-daemon spamassassin pyzor razor
          Reading package lists...
          Building dependency tree...
          Reading state information...
          amavisd-new is already the newest version (1:2.11.0-6.1ubuntu1).
          pyzor is already the newest version (1:1.0.0-3).
          razor is already the newest version (1:2.85-4.2build5).
          clamav is already the newest version (0.103.2+dfsg-0ubuntu0.20.04.2).
          clamav-daemon is already the newest version (0.103.2+dfsg-0ubuntu0.20.04.2).
          spamassassin is already the newest version (3.4.4-1ubuntu1.1).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  exec  | mkdir -p -m 0755 /var/spool/spamassassin/
  exec  | chown amavis:amavis /var/spool/spamassassin/

files | amavis/15-content_filter_mode =&gt; /etc/amavis/conf.d/15-content_filter_mode
  files | amavis/50-user =&gt; /etc/amavis/conf.d/50-user
  files | spamassassin/spamassassin =&gt; /etc/default/spamassassin
  files | spamassassin/local.cf =&gt; /etc/spamassassin/local.cf

exec  | su - amavis -s /bin/bash -c 'razor-admin -create'
  exec  | su - amavis -s /bin/bash -c 'razor-admin -register'
          Register successful.  Identity stored in /var/lib/amavis/.razor/identity-ru3O-4_U5k
  exec  | usermod -aG amavis clamav
  exec  | usermod -aG clamav amavis
  exec  | chmod 0640 /etc/amavis/conf.d/50-user
  exec  | chown root:amavis /etc/amavis/conf.d/50-user
  exec  | service clamav-daemon restart
  exec  | service amavis restart
  exec  | service spamassassin restart
  exec  | systemctl enable spamassassin
          Synchronizing state of spamassassin.service with SysV service script with /lib/systemd/systemd-sysv-install.
          Executing: /lib/systemd/systemd-sysv-install enable spamassassin
  exec  | systemctl enable clamav-daemon
          Synchronizing state of clamav-daemon.service with SysV service script with /lib/systemd/systemd-sysv-install.
          Executing: /lib/systemd/systemd-sysv-install enable clamav-daemon
  exec  | grep &quot;^\s*DatabaseCustomURL&quot; /etc/clamav/freshclam.conf || echo &quot;
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/junk.ndb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/jurlbl.ndb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phish.ndb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/rogue.hdb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sanesecurity.ftm
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/scam.ndb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamimg.hdb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamattach.hdb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/blurl.ndb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/malwarehash.hsb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/hackingteam.hsb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware.hdb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware_links.ndb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_extended_malware.hdb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow.attachments.hdb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_bad_cw.hdb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.ndb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phishtank.ndb
  DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.hsb
  DatabaseCustomURL https://urlhaus.abuse.ch/downloads/urlhaus.ndb
  &quot; &gt;&gt; /etc/clamav/freshclam.conf
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/junk.ndb
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/jurlbl.ndb
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phish.ndb
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/rogue.hdb
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sanesecurity.ftm
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/scam.ndb
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamimg.hdb
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamattach.hdb
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/blurl.ndb
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/malwarehash.hsb
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/hackingteam.hsb
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware.hdb
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware_links.ndb
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_extended_malware.hdb
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow.attachments.hdb
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_bad_cw.hdb
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.ndb
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phishtank.ndb
          DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.hsb
          DatabaseCustomURL https://urlhaus.abuse.ch/downloads/urlhaus.ndb

================================================================================
  AWStats
================================================================================

exec  | apt-get install -y awstats
          Reading package lists...
          Building dependency tree...
          Reading state information...
          awstats is already the newest version (7.6+dfsg-2ubuntu0.20.04.1).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  exec  | rm -f /etc/cron.d/awstats
  exec  | rm -f /etc/awstats/awstats.conf

================================================================================
  Fail2ban
================================================================================

exec  | apt-get install -y fail2ban
          Reading package lists...
          Building dependency tree...
          Reading state information...
          fail2ban is already the newest version (0.11.1-1).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

files | fail2ban/jail.d/keyhelp.local =&gt; /etc/fail2ban/jail.d/keyhelp.local
  files | fail2ban/filter.d/keyhelp-phpmyadmin.conf =&gt; /etc/fail2ban/filter.d/keyhelp-phpmyadmin.conf

exec  | chown keyhelp:keyhelp /etc/fail2ban/jail.d/keyhelp.local
  exec  | service fail2ban restart

================================================================================
  Logrotate
================================================================================

exec  | apt-get install -y logrotate
          Reading package lists...
          Building dependency tree...
          Reading state information...
          logrotate is already the newest version (3.14.0-4ubuntu3).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

files | logrotate/keyhelp =&gt; /etc/logrotate.d/keyhelp
  files | logrotate/logrotate.timer =&gt; /lib/systemd/system/logrotate.timer
  files | logrotate/logrotate.service =&gt; /lib/systemd/system/logrotate.service

exec  | systemctl daemon-reload

================================================================================
  PhpMyAdmin 5.1.1
================================================================================

exec  | rm -f /tmp/keyhelp_update/phpmyadmin.tar.gz
  exec  | rm -rf /home/keyhelp/www/phpmyadmin/*
  exec  | mkdir -p -m 0755 /tmp/keyhelp_update
  exec  | mkdir -p -m 0755 /home/keyhelp/www/phpmyadmin
  exec  | wget --no-verbose --no-check-certificate --prefer-family='ipv4' --output-document='/tmp/keyhelp_update/phpmyadmin.tar.gz' https://install.keyhelp.de/files/tools/phpmyadmin/phpMyAdmin-5.1.1-all-languages.tar.gz
          2022-01-14 20:03:33 URL:https://install.keyhelp.de/files/tools/phpmyadmin/phpMyAdmin-5.1.1-all-languages.tar.gz [13454066/13454066] -&gt; &quot;/tmp/keyhelp_update/phpmyadmin.tar.gz&quot; [1]
  exec  | tar --strip 1 -xf /tmp/keyhelp_update/phpmyadmin.tar.gz -C /home/keyhelp/www/phpmyadmin

files | phpmyadmin/config.inc.php =&gt; /home/keyhelp/www/phpmyadmin/config.inc.php
  files | phpmyadmin/.htaccess =&gt; /home/keyhelp/www/phpmyadmin/.htaccess
  files | phpmyadmin/.htaccess_deny =&gt; /home/keyhelp/www/phpmyadmin/libraries/.htaccess

db    | DROP DATABASE IF EXISTS `phpmyadmin`
  db    | CREATE DATABASE `phpmyadmin`
  db    | GRANT SELECT,INSERT,UPDATE,DELETE ON phpmyadmin.* TO 'phpmyadmin'@'localhost' IDENTIFIED BY '***PMA_PASS***'
  db    | FLUSH PRIVILEGES

exec  | rm -rf /home/keyhelp/www/phpmyadmin/setup
  exec  | chmod 0600 /home/keyhelp/www/phpmyadmin/config.inc.php
  exec  | chown -R keyhelp:keyhelp /home/keyhelp/www/phpmyadmin

import | /home/keyhelp/www/phpmyadmin/sql/create_tables.sql =&gt; phpmyadmin

================================================================================
  Adminer 4.8.1
================================================================================

exec  | rm -f /tmp/keyhelp_update/adminer.tar.gz
  exec  | rm -rf /home/keyhelp/www/adminer/*
  exec  | mkdir -p -m 0755 /tmp/keyhelp_update
  exec  | mkdir -p -m 0755 /home/keyhelp/www/adminer
  exec  | wget --no-verbose --no-check-certificate --prefer-family='ipv4' --output-document='/tmp/keyhelp_update/adminer.tar.gz' https://install.keyhelp.de/files/tools/adminer/adminer-4.8.1.tar.gz
          2022-01-14 20:03:34 URL:https://install.keyhelp.de/files/tools/adminer/adminer-4.8.1.tar.gz [432863/432863] -&gt; &quot;/tmp/keyhelp_update/adminer.tar.gz&quot; [1]
  exec  | tar --strip 1 -xzf /tmp/keyhelp_update/adminer.tar.gz -C /home/keyhelp/www/adminer
  exec  | rm -rf /home/keyhelp/www/adminer/setup
  exec  | chown -R keyhelp:keyhelp /home/keyhelp/www/adminer

================================================================================
  Roundcube 1.5.1 Multilanguage
================================================================================

exec  | rm -rf /home/keyhelp/www/roundcube/*
  exec  | rm --force /tmp/keyhelp_update/roundcube.tar.gz
  exec  | mkdir --parents --mode 0755 /tmp/keyhelp_update/
  exec  | mkdir --parents --mode 0755 /home/keyhelp/www/roundcube
  exec  | wget --no-verbose --no-check-certificate --prefer-family='ipv4' --output-document='/tmp/keyhelp_update/roundcube.tar.gz' https://install.keyhelp.de/files/tools/roundcube/roundcubemail-1.5.1.tar.gz
          2022-01-14 20:03:34 URL:https://install.keyhelp.de/files/tools/roundcube/roundcubemail-1.5.1.tar.gz [7827081/7827081] -&gt; &quot;/tmp/keyhelp_update/roundcube.tar.gz&quot; [1]
  exec  | tar --strip 1 -xf /tmp/keyhelp_update/roundcube.tar.gz -C /home/keyhelp/www/roundcube
  exec  | mkdir --parents --mode 0755 /home/keyhelp/www/roundcube/plugins/keyhelp_sync_identities

files | roundcube/config.inc.php =&gt; /home/keyhelp/www/roundcube/config/config.inc.php
  files | roundcube/plugins/managesieve/config.inc.php =&gt; /home/keyhelp/www/roundcube/plugins/managesieve/config.inc.php
  files | roundcube/plugins/password/config.inc.php =&gt; /home/keyhelp/www/roundcube/plugins/password/config.inc.php
  files | roundcube/plugins/keyhelp_sync_identities/keyhelp_sync_identities.php =&gt; /home/keyhelp/www/roundcube/plugins/keyhelp_sync_identities/keyhelp_sync_identities.php
  files | roundcube/plugins/keyhelp_sync_identities/composer.json =&gt; /home/keyhelp/www/roundcube/plugins/keyhelp_sync_identities/composer.json

db    | DROP DATABASE IF EXISTS `roundcube`
  db    | CREATE DATABASE `roundcube`
  db    | GRANT ALL PRIVILEGES ON roundcube.* TO 'roundcube'@'localhost' IDENTIFIED BY '***RC_PASS***'
  db    | FLUSH PRIVILEGES

exec  | chmod 0600 /home/keyhelp/www/roundcube/plugins/password/config.inc.php
  exec  | chmod 0600 /home/keyhelp/www/roundcube/config/config.inc.php
  exec  | chown -R keyhelp:keyhelp /home/keyhelp/www/roundcube

import | /home/keyhelp/www/roundcube/SQL/mysql.initial.sql =&gt; roundcube

================================================================================
  Rainloop 1.16.0 (Community Edition)
================================================================================

exec  | rm -rf /home/keyhelp/www/rainloop/*
  exec  | rm --force /tmp/keyhelp_update/rainloop.tar.gz
  exec  | mkdir --parents --mode 0755 /tmp/keyhelp_update/
  exec  | mkdir --parents --mode 0755 /home/keyhelp/www/rainloop
  exec  | wget --no-verbose --no-check-certificate --prefer-family='ipv4' --output-document='/tmp/keyhelp_update/rainloop.tar.gz' https://install.keyhelp.de/files/tools/rainloop/rainloop-community-1.16.0.tar.gz
          2022-01-14 20:03:35 URL:https://install.keyhelp.de/files/tools/rainloop/rainloop-community-1.16.0.tar.gz [5999866/5999866] -&gt; &quot;/tmp/keyhelp_update/rainloop.tar.gz&quot; [1]
  exec  | tar -xf /tmp/keyhelp_update/rainloop.tar.gz -C /home/keyhelp/www/rainloop
  exec  | find /home/keyhelp/www/rainloop -type d -exec chmod 0755 {} \;
  exec  | find /home/keyhelp/www/rainloop -type f -exec chmod 0644 {} \;
  exec  | mkdir --parents --mode 0755 /home/keyhelp/www/rainloop/data/_data_/_default_/configs/
  exec  | mkdir --parents --mode 0755 /home/keyhelp/www/rainloop/rainloop/v/1.16.0/app/domains
  exec  | mkdir --parents --mode 0755 /home/keyhelp/www/rainloop/data/_data_/_default_/plugins/change-password-custom-sql/

files | rainloop/application.ini =&gt; /home/keyhelp/www/rainloop/data/_data_/_default_/configs/application.ini
  files | rainloop/default.ini =&gt; /home/keyhelp/www/rainloop/rainloop/v/1.16.0/app/domains/default.ini
  files | rainloop/change-password-custom-sql/ChangePasswordCustomSqlDriver.php =&gt; /home/keyhelp/www/rainloop/data/_data_/_default_/plugins/change-password-custom-sql/ChangePasswordCustomSqlDriver.php
  files | rainloop/change-password-custom-sql/index.php =&gt; /home/keyhelp/www/rainloop/data/_data_/_default_/plugins/change-password-custom-sql/index.php
  files | rainloop/change-password-custom-sql/plugin-change-password-custom-sql.ini =&gt; /home/keyhelp/www/rainloop/data/_data_/_default_/configs/plugin-change-password-custom-sql.ini
  files | rainloop/.htaccess_deny =&gt; /home/keyhelp/www/rainloop/data/.htaccess

db    | DROP DATABASE IF EXISTS `rainloop`
  db    | CREATE DATABASE `rainloop`
  db    | GRANT ALL PRIVILEGES ON rainloop.* TO 'rainloop'@'localhost' IDENTIFIED BY '***RL_PASS***'
  db    | FLUSH PRIVILEGES

exec  | chmod 0600 /home/keyhelp/www/rainloop/data/_data_/_default_/configs/application.ini
  exec  | chmod 0600 /home/keyhelp/www/rainloop/data/_data_/_default_/configs/plugin-change-password-custom-sql.ini
  exec  | chown -R keyhelp:keyhelp /home/keyhelp/www/rainloop

================================================================================
  Quota
================================================================================

exec  | apt-get install -y quota quotatool
          Reading package lists...
          Building dependency tree...
          Reading state information...
          quota is already the newest version (4.05-1).
          quotatool is already the newest version (1:1.6.2-5fakesync1).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  exec  | service quota stop
  exec  | cp /etc/fstab /etc/fstab-backup
  exec  | echo &quot;LABEL=cloudimg-rootfs     /     ext4     defaults,usrquota,grpquota     0     1
  LABEL=UEFI	/boot/efi	vfat	umask=0077	0 1
  
  # CLOUD_IMG: This file was created/modified by the Cloud Image build process
  ######################################
  ## ORACLE CLOUD INFRASTRUCTURE CUSTOMERS
  ##
  ## If you are adding an iSCSI remote block volume to this file you MUST
  ## include the '_netdev' mount option or your instance will become
  ## unavailable after the next reboot.
  ## SCSI device names are not stable across reboots; please use the device UUID
  ## instead of /dev path.
  ##
  ## Example:
  ## UUID=94c5aade-8bb1-4d55-ad0c-388bb8aa716a /data1 ext4 defaults,noatime,_netdev 0 2
  ##
  ## More information:
  ## https://docs.us-phoenix-1.oraclecloud.com/Content/Block/Tasks/connectingtoavolume.htm
  ##&quot; &gt; &quot;/etc/fstab&quot;
  exec  | mount -o remount /
  exec  | quotacheck -avmug
          quotacheck: Your kernel probably supports journaled quota but you are not using it. Consider switching to journaled quota to avoid running quotacheck after an unclean shutdown.
          quotacheck: Quota for users is enabled on mountpoint / so quotacheck might damage the file.
          Please turn quotas off or use -f to force checking.

&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;
  &gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt; ERROR DETECTED &lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;
  &lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;

[SKIPPED DUE PREVIOUS ERRORS] exec  | service quota start

================================================================================
  Apparmor
================================================================================

exec  | apt-get install -y apparmor
          Reading package lists...
          Building dependency tree...
          Reading state information...
          apparmor is already the newest version (2.13.3-7ubuntu5.1).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

================================================================================
  7-zip
================================================================================

exec  | apt-get install -y p7zip-full
          Reading package lists...
          Building dependency tree...
          Reading state information...
          p7zip-full is already the newest version (16.02+dfsg-7build1).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

================================================================================
  Hide LTS notice
================================================================================

files | update-manager/release-upgrades =&gt; /etc/update-manager/release-upgrades

exec  | rm -f /var/lib/update-notifier/release-upgrade-available

================================================================================
  Update message of the day
================================================================================

files | motd/80-keyhelp =&gt; /etc/update-motd.d/80-keyhelp

exec  | chmod +x /etc/update-motd.d/80-keyhelp

================================================================================
  Nano
================================================================================

exec  | apt-get install -y nano
          Reading package lists...
          Building dependency tree...
          Reading state information...
          nano is already the newest version (4.8-1ubuntu1).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

================================================================================
  Curl
================================================================================

exec  | apt-get install -y curl
          Reading package lists...
          Building dependency tree...
          Reading state information...
          curl is already the newest version (7.68.0-1ubuntu2.7).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

================================================================================
  Cron daemon
================================================================================

exec  | apt-get install -y cron
          Reading package lists...
          Building dependency tree...
          Reading state information...
          cron is already the newest version (3.0pl1-136ubuntu1).
          0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

files | cron/keyhelp =&gt; /etc/cron.d/keyhelp
  files | cron/keyhelp-sa-learn =&gt; /etc/cron.d/keyhelp-sa-learn
  files | cron/keyhelp-firewall =&gt; /etc/cron.d/keyhelp-firewall

exec  | chmod 0644 /etc/cron.d/keyhelp
  exec  | chmod 0644 /etc/cron.d/keyhelp-sa-learn

################################################################################
################################################################################

=&gt; Errors occurred during installation. &lt;=

Finished install: 2022-01-14 20:03:41
Duration: 116 second(s)
ubuntu@ch1:~$

Private - Private paste aren't shown in recent listings.

Delete After - When should we delete your paste?

Spam protection -

Reply to "Untitled"