- ubuntu@ch1:~$ sudo cat /var/log/keyhelp/install.log
- Start install: 2022-01-14 20:01:45
- Operating System: Ubuntu 20.04 (64-bit)
- ================================================================================
- Placeholders
- ================================================================================
- install.ssh_keys =
- install.nagios =
- install.midnight_commander =
- install.server_setup =
- install.hide_lts_notice = 1
- install.hostname =
- general.preferred_protocol = ipv4
- system.email = root@***HOSTNAME***
- server.domain = ***HOSTNAME***
- server.current_hostname = ***HOSTNAME***
- server.timezone = Europe/Sarajevo
- server.fstab = LABEL=cloudimg-rootfs / ext4 defaults,usrquota,grpquota 0 1
- LABEL=UEFI /boot/efi vfat umask=0077 0 1
- # CLOUD_IMG: This file was created/modified by the Cloud Image build process
- ######################################
- ## ORACLE CLOUD INFRASTRUCTURE CUSTOMERS
- ##
- ## If you are adding an iSCSI remote block volume to this file you MUST
- ## include the '_netdev' mount option or your instance will become
- ## unavailable after the next reboot.
- ## SCSI device names are not stable across reboots; please use the device UUID
- ## instead of /dev path.
- ##
- ## Example:
- ## UUID=94c5aade-8bb1-4d55-ad0c-388bb8aa716a /data1 ext4 defaults,noatime,_netdev 0 2
- ##
- ## More information:
- ## https://docs.us-phoenix-1.oraclecloud.com/Content/Block/Tasks/connectingtoavolume.htm
- ##
- encryption.base = ***KH_ENCRYPTION_BASE***
- webserver.log_format_with_logio = %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O
- webserver.log_format_without_logio = %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" 0 0
- webserver.http_port = 80
- webserver.https_port = 443
- dir.home = /home/keyhelp
- dir.keyhelp = /home/keyhelp/www/keyhelp
- dir.webmail = /home/keyhelp/www/webmail
- dir.roundcube = /home/keyhelp/www/roundcube
- dir.rainloop = /home/keyhelp/www/rainloop
- dir.db-administration = /home/keyhelp/www/db-administration
- dir.phpmyadmin = /home/keyhelp/www/phpmyadmin
- dir.adminer = /home/keyhelp/www/adminer
- dir.statistics = /home/keyhelp/www/kh.webstats
- dir.acme_challenge = /home/keyhelp/www/.well-known/acme-challenge
- dir.autoconfig = /home/keyhelp/www/keyhelp/misc/emailconfig
- email.virus_checks =
- dovecot.imap_login_process_limit = 100
- dovecot.max_userip_connections = 10
- dovecot.enforce_quota = 1
- postfix.inet_protocols = ipv4
- clamav.signatures_for_config =
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/junk.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/jurlbl.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phish.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/rogue.hdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sanesecurity.ftm
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/scam.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamimg.hdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamattach.hdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/blurl.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/malwarehash.hsb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/hackingteam.hsb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware.hdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware_links.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_extended_malware.hdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow.attachments.hdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_bad_cw.hdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phishtank.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.hsb
- DatabaseCustomURL https://urlhaus.abuse.ch/downloads/urlhaus.ndb
- php.version = 7.4
- db.tuning_file = tuning.cnf
- db.setup.username = root
- db.setup.password =
- db.root.username = root
- db.root.password = ***DB_ROOT_PASS***
- db.keyhelp.host = localhost
- db.keyhelp.username = keyhelp
- db.keyhelp.password = ***DB_KH_PASS***
- db.keyhelp.dbname = keyhelp
- db.keyhelp_root.host = localhost
- db.keyhelp_root.username = keyhelp_root
- db.keyhelp_root.password = ***DB_KH_ROOT_PASS***
- bind.rname = root.***HOSTNAME***.
- bind.serial = 2022011400
- bind.name_servers.0 = ns.***HOSTNAME***.
- bind.name_servers.1 = ns2.***HOSTNAME***.
- bind.ips_v4.0 = ***IP_0***
- admin.username = admin
- admin.password = ***KH_ADMIN_PASS***
- admin.email = root@***HOSTNAME***
- phpmyadmin.password = ***PMA_PASS***
- phpmyadmin.blowfishsecret = ***PMA_CRYPT***
- roundcube.product_name = KeyHelp Webmail
- roundcube.support_url =
- roundcube.password = ***RC_PASS***
- roundcube.plugins = 'managesieve','password','keyhelp_sync_identities'
- roundcube.plugins_db = managesieve, password, keyhelp_sync_identities
- roundcube.skin = elastic
- roundcube.24_byte_des_key = ***RC_CRYPT***
- roundcube.pw_length = 8
- rainloop.product_name = KeyHelp Webmail
- rainloop.password = ***RL_PASS***
- rainloop.language = en
- keyhelp.id = 1333baa4a67a9c300b89437de5c36b274d386ae2351591d8718362a09635dfebdc6f4f00bd9ef2e21264e4ae572d05bf5bef25b22371a369a8571626d3af6f0b
- keyhelp.url = https://***HOSTNAME***
- keyhelp.version = 21.3
- keyhelp.settings.ips = ***IP_0***
- keyhelp.settings.name_servers = ns.***HOSTNAME***.,ns2.***HOSTNAME***.
- keyhelp.language = en
- ftp.tls_required =
- ssh_keys.support_keys =
- firewall.rule_set = common
- ################################################################################
- ################################################################################
- ================================================================================
- Update sources list
- ================================================================================
- exec | apt-get update
- Hit:1 http://ports.ubuntu.com/ubuntu-ports focal-security InRelease
- Hit:2 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal InRelease
- Hit:3 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal-updates InRelease
- Hit:4 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal-backports InRelease
- Reading package lists...
- ================================================================================
- Installation requirements
- ================================================================================
- exec | apt-get install -y unzip
- Reading package lists...
- Building dependency tree...
- Reading state information...
- unzip is already the newest version (6.0-25ubuntu1).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- exec | apt-get install -y zip
- Reading package lists...
- Building dependency tree...
- Reading state information...
- zip is already the newest version (3.0-11build1).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- exec | apt-get install -y bzip2
- Reading package lists...
- Building dependency tree...
- Reading state information...
- bzip2 is already the newest version (1.0.8-2).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- ================================================================================
- Sudo
- ================================================================================
- exec | apt-get install -y sudo
- Reading package lists...
- Building dependency tree...
- Reading state information...
- sudo is already the newest version (1.8.31-1ubuntu1.2).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- ================================================================================
- Bind9
- ================================================================================
- exec | echo "***HOSTNAME***" > /etc/hostname
- exec | apt-get install -y bind9
- Reading package lists...
- Building dependency tree...
- Reading state information...
- bind9 is already the newest version (1:9.16.1-0ubuntu2.9).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- files | bind/keyhelp_domain.conf.twig => /etc/bind/keyhelp_domain.conf
- files | bind/named.conf => /etc/bind/named.conf
- files | bind/named.conf.local => /etc/bind/named.conf.local
- exec | mkdir -p -m 0755 /etc/bind/keyhelp_domains/
- exec | touch /etc/bind/named.conf.keyhelp
- exec | service bind9 restart
- ================================================================================
- SSL/TLS
- ================================================================================
- exec | apt-get install -y openssl
- Reading package lists...
- Building dependency tree...
- Reading state information...
- openssl is already the newest version (1.1.1f-1ubuntu2.10).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- exec | mkdir -p -m 0700 /etc/ssl/keyhelp/pem/
- exec | mkdir -p -m 0700 /etc/ssl/keyhelp/files/
- files | tls/keyhelp-root-ca.crt => /etc/ssl/keyhelp/root-ca.crt
- exec | chmod 0600 /etc/ssl/keyhelp/root-ca.crt
- exec | openssl genrsa -out /etc/ssl/keyhelp/files/default.key 2048
- Generating RSA private key, 2048 bit long modulus (2 primes)
- ..+++++
- ..................+++++
- e is 65537 (0x010001)
- exec | openssl req -new -sha256 -key /etc/ssl/keyhelp/files/default.key -out /etc/ssl/keyhelp/files/default.csr -subj '/C=DE/ST=Thuringia/L=Erfurt/O=KeyHelp/OU=KeyHelp Panel/CN=***HOSTNAME***/[email protected]'
- exec | openssl x509 -req -sha256 -days 3650 -in /etc/ssl/keyhelp/files/default.csr -signkey /etc/ssl/keyhelp/files/default.key -out /etc/ssl/keyhelp/files/default.crt
- Signature ok
- subject=C = DE, ST = Thuringia, L = Erfurt, O = KeyHelp, OU = KeyHelp Panel, CN = ***HOSTNAME***, emailAddress = [email protected]
- Getting Private key
- exec | cat /etc/ssl/keyhelp/files/default.key /etc/ssl/keyhelp/files/default.csr /etc/ssl/keyhelp/files/default.crt > /etc/ssl/keyhelp/pem/default.pem
- exec | cat /etc/ssl/keyhelp/root-ca.crt > /etc/ssl/keyhelp/files/default-ca.crt
- exec | ln -s -f /etc/ssl/keyhelp/pem/default.pem /etc/ssl/keyhelp/keyhelp.pem
- exec | ln -s -f /etc/ssl/keyhelp/pem/default.pem /etc/ssl/keyhelp/ftp.pem
- exec | ln -s -f /etc/ssl/keyhelp/pem/default.pem /etc/ssl/keyhelp/mail.pem
- exec | ln -s -f /etc/ssl/keyhelp/pem/default.pem /etc/ssl/keyhelp/webmail.pem
- exec | ln -s -f /etc/ssl/keyhelp/files/default-ca.crt /etc/ssl/keyhelp/keyhelp-ca.crt
- exec | ln -s -f /etc/ssl/keyhelp/files/default-ca.crt /etc/ssl/keyhelp/ftp-ca.crt
- exec | ln -s -f /etc/ssl/keyhelp/files/default-ca.crt /etc/ssl/keyhelp/mail-ca.crt
- exec | ln -s -f /etc/ssl/keyhelp/files/default-ca.crt /etc/ssl/keyhelp/webmail-ca.crt
- exec | chown -R keyhelp:keyhelp /etc/ssl/keyhelp/files/
- exec | chmod 0600 /etc/ssl/keyhelp/files/*
- exec | chmod 0600 /etc/ssl/keyhelp/pem/*
- ================================================================================
- PHP
- ================================================================================
- exec | apt-get install -y php php-curl php-gd imagemagick php-imagick php-mail-mime php-net-sieve php-pspell php-net-socket php-auth-sasl php-intl php7.4-mysql php-net-smtp php-zip php-bcmath php-soap
- Reading package lists...
- Building dependency tree...
- Reading state information...
- php is already the newest version (2:7.4+75).
- php-curl is already the newest version (2:7.4+75).
- php-gd is already the newest version (2:7.4+75).
- php-pspell is already the newest version (2:7.4+75).
- php-auth-sasl is already the newest version (1.0.6-3).
- php-bcmath is already the newest version (2:7.4+75).
- php-imagick is already the newest version (3.4.4-4).
- php-intl is already the newest version (2:7.4+75).
- php-mail-mime is already the newest version (1.10.6-1).
- php-net-sieve is already the newest version (1.4.1-1).
- php-net-smtp is already the newest version (1.9.0-1).
- php-net-socket is already the newest version (1.0.14-2).
- php-soap is already the newest version (2:7.4+75).
- php-zip is already the newest version (2:7.4+75).
- php7.4-mysql is already the newest version (7.4.3-4ubuntu2.8).
- imagemagick is already the newest version (8:6.9.10.23+dfsg-2.1ubuntu11.4).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- files | php/timezone.ini => /etc/php/7.4/mods-available/timezone.ini
- files | php/charset.ini => /etc/php/7.4/mods-available/charset.ini
- exec | phpdismod timezone
- exec | phpenmod timezone/30
- exec | phpdismod charset
- exec | phpenmod charset/30
- ================================================================================
- Apache web server
- ================================================================================
- exec | apt-get install -y apache2 libapache2-mod-fcgid apache2-suexec-custom
- Reading package lists...
- Building dependency tree...
- Reading state information...
- libapache2-mod-fcgid is already the newest version (1:2.3.9-4).
- apache2 is already the newest version (2.4.41-4ubuntu3.9).
- apache2-suexec-custom is already the newest version (2.4.41-4ubuntu3.9).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- exec | grep -q -F "Include keyhelp/keyhelp.conf" /etc/apache2/apache2.conf || printf "\n#Include KeyHelp vHosts\nInclude keyhelp/keyhelp.conf\n" >> /etc/apache2/apache2.conf
- exec | mkdir -p -m 0755 /etc/apache2/keyhelp/
- exec | mkdir -p -m 0755 /etc/apache2/keyhelp/vhosts/
- exec | mkdir -p -m 0755 /etc/apache2/keyhelp/htpasswd/
- exec | touch /etc/apache2/keyhelp/subdomain_catch_all.conf
- files | apache/acme.conf => /etc/apache2/conf-available/acme.conf
- files | apache/autoconfig.conf => /etc/apache2/keyhelp/autoconfig.conf
- files | apache/apache2.service => /lib/systemd/system/apache2.service
- files | apache/keyhelp.conf => /etc/apache2/keyhelp/keyhelp.conf
- files | apache/mod_http2.conf => /etc/apache2/mods-available/http2.conf
- files | apache/mod_mime.conf => /etc/apache2/mods-available/mime.conf
- files | apache/mod_ssl.conf.twig => /etc/apache2/mods-available/ssl.conf
- files | apache/other-vhosts-access-log.conf => /etc/apache2/conf-available/other-vhosts-access-log.conf
- files | apache/ports.conf => /etc/apache2/ports.conf
- files | apache/security.conf => /etc/apache2/conf-available/security.conf
- files | apache/suexec_www-data => /etc/apache2/suexec/www-data
- files | apache/webmail_redirect.conf => /etc/apache2/keyhelp/webmail.conf
- exec | mkdir -p -m 0755 /home/keyhelp/www/roundcube
- exec | mkdir -p -m 0755 /home/keyhelp/www/rainloop
- exec | mkdir -p -m 0755 /home/keyhelp/www/phpmyadmin
- exec | mkdir -p -m 0755 /home/keyhelp/www/adminer
- exec | mkdir -p -m 0755 /home/keyhelp/www/kh.webstats
- exec | mkdir -p -m 0750 /var/log/apache2/keyhelp
- exec | rm -f /home/keyhelp/www/webmail
- exec | ln -s roundcube /home/keyhelp/www/webmail
- exec | rm -f /home/keyhelp/www/db-administration
- exec | ln -s phpmyadmin /home/keyhelp/www/db-administration
- exec | a2enmod actions fcgid alias auth_digest suexec deflate expires headers ssl rewrite include http2 cgid
- Module actions already enabled
- Module fcgid already enabled
- Module alias already enabled
- Considering dependency authn_core for auth_digest:
- Module authn_core already enabled
- Module auth_digest already enabled
- Module suexec already enabled
- Considering dependency filter for deflate:
- Module filter already enabled
- Module deflate already enabled
- Module expires already enabled
- Module headers already enabled
- Considering dependency setenvif for ssl:
- Module setenvif already enabled
- Considering dependency mime for ssl:
- Module mime already enabled
- Considering dependency socache_shmcb for ssl:
- Module socache_shmcb already enabled
- Module ssl already enabled
- Module rewrite already enabled
- Considering dependency mime for include:
- Module mime already enabled
- Module include already enabled
- Module http2 already enabled
- Module cgid already enabled
- exec | a2enmod proxy proxy_fcgi
- Module proxy already enabled
- Considering dependency proxy for proxy_fcgi:
- Module proxy already enabled
- Module proxy_fcgi already enabled
- exec | a2dissite 000-default
- Site 000-default already disabled
- exec | a2enconf acme
- Conf acme already enabled
- exec | a2enmod access_compat
- Considering dependency authn_core for access_compat:
- Module authn_core already enabled
- Module access_compat already enabled
- exec | a2dismod php7.4
- Module php7.4 already disabled
- exec | a2dismod mpm_prefork
- Module mpm_prefork already disabled
- exec | a2dismod mpm_event
- Module mpm_event already disabled
- exec | a2enmod mpm_worker
- Considering conflict mpm_event for mpm_worker:
- Considering conflict mpm_prefork for mpm_worker:
- Module mpm_worker already enabled
- exec | systemctl daemon-reload
- exec | service apache2 restart
- ================================================================================
- PHP-FPM
- ================================================================================
- exec | apt-get install -y php-fpm
- Reading package lists...
- Building dependency tree...
- Reading state information...
- php-fpm is already the newest version (2:7.4+75).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- exec | rm -f /etc/php/7.4/fpm/pool.d/www.conf*
- files | phpfpm/php-fpm.conf => /etc/php/7.4/fpm/php-fpm.conf
- files | phpfpm/keyhelp.conf => /etc/php/7.4/fpm/pool.d/keyhelp.conf
- exec | phpenmod ioncube
- exec | mkdir -p -m 0755 /etc/php/7.4/fpm/keyhelp_pool
- exec | service php7.4-fpm restart
- ================================================================================
- MariaDB
- ================================================================================
- exec | apt-get install -y mariadb-server
- Reading package lists...
- Building dependency tree...
- Reading state information...
- mariadb-server is already the newest version (1:10.3.32-0ubuntu0.20.04.1).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- exec | apt-get install -y libdbd-mysql-perl
- Reading package lists...
- Building dependency tree...
- Reading state information...
- libdbd-mysql-perl is already the newest version (4.050-3).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- files | database/tuning.cnf => /etc/mysql/mariadb.conf.d/90-tuning.cnf
- files | database/mariadb.cnf => /etc/mysql/conf.d/mariadb.cnf
- exec | service mysql restart
- db | UPDATE `mysql`.`user` SET `Password` = PASSWORD('***DB_ROOT_PASS***') WHERE `User` = 'root'
- db | DELETE FROM `mysql`.`user` WHERE `User` = ''
- db | DELETE FROM `mysql`.`user` WHERE `User` = 'root' AND `Host` NOT IN ('localhost', '127.0.0.1', '::1')
- db | DROP DATABASE IF EXISTS `test`
- db | FLUSH PRIVILEGES
- db | GRANT ALL PRIVILEGES ON *.* TO 'mysqladmin'@'localhost' IDENTIFIED BY '***DB_ROOT_PASS***' WITH GRANT OPTION
- ================================================================================
- KeyHelp
- ================================================================================
- exec | chmod 0750 /home/keyhelp
- exec | chown keyhelp:keyhelp /home/keyhelp/www/kh.webstats
- exec | chown -h keyhelp:keyhelp /home/keyhelp/www/webmail
- exec | chown -h keyhelp:keyhelp /home/keyhelp/www/db-administration
- exec | chgrp www-data /home/keyhelp
- exec | usermod -aG www-data keyhelp
- exec | groupadd --force keyhelp_file_manager
- exec | groupadd --force keyhelp_nossh
- exec | groupadd --force keyhelp_noftp
- exec | groupadd --force keyhelp_suspended
- exec | groupadd --force keyhelp_chroot
- exec | mkdir -p -m 0700 /etc/keyhelp/
- exec | mkdir -p -m 0700 /etc/keyhelp/config
- exec | mkdir -p -m 0700 /etc/keyhelp/skel
- exec | chown keyhelp:keyhelp -R /etc/keyhelp/
- exec | mkdir -p -m 0755 /usr/local/keyhelp/
- exec | echo '# --------------------------------------------------
- # This file is managed by KeyHelp.
- # If you want to change its content, please use
- # the corresponding configuration menu.
- # --------------------------------------------------
- hostmaster: root
- postmaster: root
- webmaster: root
- abuse: root' > /etc/aliases
- files | sudoers/keyhelp => /etc/sudoers.d/keyhelp
- files | sudoers/keyhelp_file_manager => /etc/sudoers.d/keyhelp_file_manager
- files | keyhelp/config.json => /etc/keyhelp/config/config.json
- files | keyhelp/skel/README => /etc/keyhelp/skel/README
- files | bin/call_url => /usr/local/keyhelp/call_url
- db | DROP DATABASE IF EXISTS `keyhelp`
- db | CREATE DATABASE `keyhelp`
- db | GRANT ALL PRIVILEGES ON keyhelp.* TO 'keyhelp'@'localhost' IDENTIFIED BY '***DB_KH_PASS***'
- db | GRANT ALL PRIVILEGES ON *.* TO 'keyhelp_root'@'localhost' IDENTIFIED BY '***DB_KH_ROOT_PASS***' WITH GRANT OPTION
- db | FLUSH PRIVILEGES
- import | /home/keyhelp/www/keyhelp/install/templates/keyhelp/keyhelp.sql => keyhelp
- import | /home/keyhelp/www/keyhelp/install/templates/keyhelp/prohibited_domains.sql => keyhelp
- exec | chmod 0440 /etc/sudoers.d/keyhelp
- exec | chmod 0440 /etc/sudoers.d/keyhelp_file_manager
- exec | chmod 0600 /etc/keyhelp/config/config.json
- exec | chown keyhelp:keyhelp /etc/keyhelp/config/config.json
- exec | chown keyhelp:keyhelp /etc/keyhelp/skel
- exec | chmod +x /usr/local/keyhelp/call_url
- exec | chmod +x /home/keyhelp/www/keyhelp/bin/toolbox.php
- exec | rm -fr /usr/bin/keyhelp-toolbox
- exec | ln -s /home/keyhelp/www/keyhelp/bin/toolbox.php /usr/bin/keyhelp-toolbox
- db | INSERT INTO `keyhelp`.`ssl_certificates` SET `id` = '1', `name` = 'default', `file_name` = 'default';
- db | UPDATE `keyhelp`.`settings` SET `value` = '1333baa4a67a9c300b89437de5c36b274d386ae2351591d8718362a09635dfebdc6f4f00bd9ef2e21264e4ae572d05bf5bef25b22371a369a8571626d3af6f0b' WHERE `category` = 'general' AND `name` = 'keyhelp_id'
- db | UPDATE `keyhelp`.`settings` SET `value` = 'https://***HOSTNAME***' WHERE `category` = 'general' AND `name` = 'panelurl'
- db | UPDATE `keyhelp`.`settings` SET `value` = '***HOSTNAME***' WHERE `category` = 'general' AND `name` = 'hostname'
- db | UPDATE `keyhelp`.`settings` SET `value` = 'root@***HOSTNAME***' WHERE `category` = 'general' AND `name` = 'system_email'
- db | UPDATE `keyhelp`.`settings` SET `value` = 'ns.***HOSTNAME***.,ns2.***HOSTNAME***.' WHERE `category` = 'dns' AND `name` = 'name_servers'
- db | UPDATE `keyhelp`.`settings` SET `value` = '***IP_0***' WHERE `category` = 'dns' AND `name` = 'ips'
- db | UPDATE `keyhelp`.`settings` SET `value` = '21.3' WHERE `category` = 'sys' AND `name` = 'version'
- db | UPDATE `keyhelp`.`settings` SET `value` = 'ipv4' WHERE `category` = 'sys' AND `name` = 'prefer_family'
- db | UPDATE `keyhelp`.`settings` SET `value` = 'Europe/Sarajevo' WHERE `category` = 'sys' AND `name` = 'time_zone'
- db | UPDATE `keyhelp`.`settings` SET `value` = 'https://***HOSTNAME***/db-administration/' WHERE `category` = 'db_administration' AND `name` = 'nav_url'
- db | UPDATE `keyhelp`.`settings` SET `value` = 'https://***HOSTNAME***/webmail/' WHERE `category` = 'webmail' AND `name` = 'nav_url'
- db | UPDATE `keyhelp`.`settings` SET `value` = 'managesieve, password, keyhelp_sync_identities' WHERE `category` = 'roundcube' AND `name` = 'plugins'
- db | UPDATE `keyhelp`.`settings` SET `value` = 'en' WHERE `category` = 'language' AND `name` = 'default'
- db | UPDATE `keyhelp`.`settings` SET `value` = '1' WHERE `category` = 'email' AND `name` = 'enable_virus_checks'
- db | UPDATE `keyhelp`.`settings` SET `value` = '1' WHERE `category` = 'general' AND `name` = 'show_welcome_message'
- db | UPDATE `keyhelp`.`maintenance_intervals` SET `timeframe_start` = '2', `timeframe_end` = '3' WHERE `name` = 'panel-update'
- db | UPDATE `keyhelp`.`maintenance_intervals` SET `timeframe_start` = '6', `timeframe_end` = '7' WHERE `name` = 'repo-update'
- db | UPDATE `keyhelp`.`settings` SET `value` = '1' WHERE `category` = 'ssl' AND `name` = 'panel_certificate'
- db | UPDATE `keyhelp`.`settings` SET `value` = '1' WHERE `category` = 'ssl' AND `name` = 'ftp_certificate'
- db | UPDATE `keyhelp`.`settings` SET `value` = '1' WHERE `category` = 'ssl' AND `name` = 'mail_certificate'
- db | UPDATE `keyhelp`.`settings` SET `value` = '1' WHERE `category` = 'ssl' AND `name` = 'webmail_certificate'
- db | INSERT INTO `keyhelp`.`users` SET `username` = 'admin', `password` = '$2y$10$ItofrAckl.fwtfZ0gaZU4Od60v7OmdNs8do51K9yyUoOOYp6y6QVW', `is_admin` = '1', `is_main_admin` = '1', `email` = 'root@***HOSTNAME***', `lang` = 'en', `setup_date` = '2022-01-14 20:01:45'
- db | INSERT INTO `keyhelp`.`account_templates` SET `name`='Unlimited', `disk_space`=-1, `traffic`=-1, `email_accounts`=-1, `email_addresses`=-1, `domains` =-1, `subdomains`=-1, `databases`=-1, `ftp_users`=-1, `scheduled_tasks`=-1, `ftp`=1, `php`=1, `perl`=0, `ssh`=0, `backup`=1, `panel_access`=1, `domain_security`=1, `manage_certs`=1, `file_manager`='1', `applications`='1', `dns_editor`='1', `db_remote_access`=1, `change_personal_data`=1, `php_memory_limit`='80M', `php_max_execution_time`=60, `php_post_max_size`='72M', `php_upload_max_filesize`='64M', `php_open_basedir`='##DOCROOT##/www:##DOCROOT##/files:##DOCROOT##/tmp', `php_disable_functions`='dl, disk_free_space, diskfreespace, stream_socket_sendto, proc_get_status, proc_nice, proc_open, proc_terminate, proc_close, popen, curl_multi_exec, pcntl_exec, pcntl_fork, pcntl_setpriority, symlink, link, posix_kill, posix_mkfifo, posix_setsid, posix_setuid, posix_setpgid, posix_getpwuid, show_source, highlight_file, syslog, error_log, openlog, define_syslog_variables, apache_child_terminate, apache_setenv, apache_note', `php_additional_settings`='', `phpfpm_pm`='ondemand', `phpfpm_max_children`=3, `phpfpm_max_requests`=0, `phpfpm_min_spare_servers`='', `phpfpm_max_spare_servers`='', `phpfpm_status_enabled`=0, `phpfpm_status_ip_restriction`=''
- exec | sed -i "s/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/gI" /etc/locale.gen
- exec | locale-gen en_US.UTF-8
- Generating locales (this might take a while)...
- en_US.UTF-8... done
- Generation complete.
- ================================================================================
- Backup tools
- ================================================================================
- exec | rm -rf /tmp/keyhelp_update/
- exec | mkdir -p -m 0755 /tmp/keyhelp_update
- exec | wget --no-verbose --no-check-certificate --prefer-family='ipv4' --output-document='/tmp/keyhelp_update/restic.bz2' https://github.com/restic/restic/releases/download/v0.12.1/restic_0.12.1_linux_arm64.bz2
- 2022-01-14 20:01:58 URL:https://objects.githubusercontent.com/github-production-release-asset-2e65be/19205896/2a1881ca-f1c7-419f-a266-8c645807b8c5?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220114%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220114T190158Z&X-Amz-Expires=300&X-Amz-Signature=278b533775a4d9b84d508a43c56ccfdda1447d5cac3e3e04826c6c7a15c61a02&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=19205896&response-content-disposition=attachment%3B%20filename%3Drestic_0.12.1_linux_arm64.bz2&response-content-type=application%2Foctet-stream [5619633/5619633] -> "/tmp/keyhelp_update/restic.bz2" [1]
- exec | bunzip2 --force /tmp/keyhelp_update/restic.bz2
- exec | chmod 0755 /tmp/keyhelp_update/restic
- exec | mv /tmp/keyhelp_update/restic /usr/local/bin/restic
- exec | wget --no-verbose --no-check-certificate --prefer-family='ipv4' --output-document='/tmp/keyhelp_update/rclone.zip' https://downloads.rclone.org/v1.56.2/rclone-v1.56.2-linux-arm64.zip
- 2022-01-14 20:02:00 URL:https://downloads.rclone.org/v1.56.2/rclone-v1.56.2-linux-arm64.zip [13513736/13513736] -> "/tmp/keyhelp_update/rclone.zip" [1]
- exec | unzip -j -o '/tmp/keyhelp_update/rclone.zip' -d '/tmp/keyhelp_update/rclone/'
- Archive: /tmp/keyhelp_update/rclone.zip
- inflating: /tmp/keyhelp_update/rclone/git-log.txt
- inflating: /tmp/keyhelp_update/rclone/rclone
- inflating: /tmp/keyhelp_update/rclone/README.txt
- inflating: /tmp/keyhelp_update/rclone/README.html
- inflating: /tmp/keyhelp_update/rclone/rclone.1
- exec | if [ `command -v mandb` ]; then mkdir -p /usr/local/share/man/man1 && cp /tmp/keyhelp_update/rclone/rclone.1 /usr/local/share/man/man1/rclone.1 && mandb; fi
- Purging old database entries in /usr/share/man...
- Processing manual pages under /usr/share/man...
- Purging old database entries in /usr/share/man/tr...
- Processing manual pages under /usr/share/man/tr...
- Purging old database entries in /usr/share/man/fi...
- Processing manual pages under /usr/share/man/fi...
- Purging old database entries in /usr/share/man/cs...
- Processing manual pages under /usr/share/man/cs...
- Purging old database entries in /usr/share/man/zh_CN...
- Processing manual pages under /usr/share/man/zh_CN...
- Purging old database entries in /usr/share/man/ja...
- Processing manual pages under /usr/share/man/ja...
- Purging old database entries in /usr/share/man/fr...
- Processing manual pages under /usr/share/man/fr...
- Purging old database entries in /usr/share/man/pl...
- Processing manual pages under /usr/share/man/pl...
- Purging old database entries in /usr/share/man/ru...
- Processing manual pages under /usr/share/man/ru...
- Purging old database entries in /usr/share/man/sr...
- Processing manual pages under /usr/share/man/sr...
- Purging old database entries in /usr/share/man/it...
- Processing manual pages under /usr/share/man/it...
- Purging old database entries in /usr/share/man/sl...
- Processing manual pages under /usr/share/man/sl...
- Purging old database entries in /usr/share/man/zh_TW...
- Processing manual pages under /usr/share/man/zh_TW...
- Purging old database entries in /usr/share/man/de...
- Processing manual pages under /usr/share/man/de...
- Purging old database entries in /usr/share/man/es...
- Processing manual pages under /usr/share/man/es...
- Purging old database entries in /usr/share/man/sv...
- Processing manual pages under /usr/share/man/sv...
- Purging old database entries in /usr/share/man/pt_BR...
- Processing manual pages under /usr/share/man/pt_BR...
- Purging old database entries in /usr/share/man/da...
- Processing manual pages under /usr/share/man/da...
- Purging old database entries in /usr/share/man/ko...
- Processing manual pages under /usr/share/man/ko...
- Purging old database entries in /usr/share/man/hu...
- Processing manual pages under /usr/share/man/hu...
- Purging old database entries in /usr/share/man/id...
- Processing manual pages under /usr/share/man/id...
- Purging old database entries in /usr/share/man/pt...
- Processing manual pages under /usr/share/man/pt...
- Purging old database entries in /usr/share/man/nl...
- Processing manual pages under /usr/share/man/nl...
- Purging old database entries in /usr/local/man...
- Processing manual pages under /usr/local/man...
- 0 man subdirectories contained newer manual pages.
- 0 manual pages were added.
- 0 stray cats were added.
- 5 old database entries were purged.
- exec | chmod 0755 /tmp/keyhelp_update/rclone/rclone
- exec | mv /tmp/keyhelp_update/rclone/rclone /usr/local/bin/rclone
- exec | mkdir -p -m 0777 /backup-keyhelp/
- exec | chown keyhelp:keyhelp /backup-keyhelp/
- ================================================================================
- Firewall
- ================================================================================
- exec | apt-get install -y iptables
- Reading package lists...
- Building dependency tree...
- Reading state information...
- iptables is already the newest version (1.8.4-3ubuntu2).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- exec | mkdir -p -m 0700 /etc/keyhelp/iptables/
- exec | apt-get install -y nftables
- Reading package lists...
- Building dependency tree...
- Reading state information...
- nftables is already the newest version (0.9.3-2).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- exec | mkdir -p -m 0755 /etc/nftables/
- files | firewall/rules/rules_ipv4_common => /etc/keyhelp/iptables/startup_rules_ipv4
- files | firewall/rules/rules_ipv6_common => /etc/keyhelp/iptables/startup_rules_ipv6
- files | nftables/nftables.conf => /etc/nftables.conf
- files | nftables/fail2ban.conf => /etc/nftables/fail2ban.conf
- exec | chown keyhelp:keyhelp -R /etc/keyhelp/iptables/
- exec | nft -f /etc/nftables/fail2ban.conf
- import | /home/keyhelp/www/keyhelp/install/templates/firewall/rules/common.sql => keyhelp
- ================================================================================
- SSH
- ================================================================================
- exec | apt-get install -y openssh-server
- Reading package lists...
- Building dependency tree...
- Reading state information...
- openssh-server is already the newest version (1:8.2p1-4ubuntu0.4).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- exec | grep --quiet "^\s*DenyGroups keyhelp_nossh keyhelp_suspended" /etc/ssh/sshd_config || printf "\n# Limit KeyHelp usergroup\nDenyGroups keyhelp_nossh keyhelp_suspended\n" >> /etc/ssh/sshd_config
- exec | grep --quiet "^\s*Match Group keyhelp_chroot" /etc/ssh/sshd_config || printf "\nMatch Group keyhelp_chroot\n ChrootDirectory %%h\n AllowTCPForwarding no\n X11Forwarding no\nMatch all\n" >> /etc/ssh/sshd_config
- exec | service ssh restart
- ================================================================================
- ProFTPD
- ================================================================================
- exec | /usr/share/debconf/fix_db.pl
- exec | echo "proftpd-basic shared/proftpd/inetd_or_standalone select standalone" | sudo debconf-set-selections
- exec | DEBIAN_FRONTEND=noninteractive apt-get install -y proftpd-basic proftpd-mod-mysql
- Reading package lists...
- Building dependency tree...
- Reading state information...
- proftpd-basic is already the newest version (1.3.6c-2).
- proftpd-mod-mysql is already the newest version (1.3.6c-2).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- exec | DEBIAN_FRONTEND=dialog
- files | proftpd/modules.conf => /etc/proftpd/modules.conf
- files | proftpd/proftpd.conf => /etc/proftpd/proftpd.conf
- files | proftpd/sql.conf => /etc/proftpd/sql.conf
- files | proftpd/tls.conf.twig => /etc/proftpd/tls.conf
- exec | chmod 0640 /etc/proftpd/proftpd.conf
- exec | chmod 0600 /etc/proftpd/sql.conf
- exec | service proftpd stop
- exec | service proftpd start
- ================================================================================
- Postfix
- ================================================================================
- exec | /usr/share/debconf/fix_db.pl
- exec | echo "postfix postfix/mailname string ***HOSTNAME***" | sudo debconf-set-selections
- exec | echo "postfix postfix/main_mailer_type string 'Internet Site'" | sudo debconf-set-selections
- exec | DEBIAN_FRONTEND=noninteractive apt-get install -y postfix postfix-mysql postfix-policyd-spf-python
- Reading package lists...
- Building dependency tree...
- Reading state information...
- postfix is already the newest version (3.4.13-0ubuntu1.2).
- The following additional packages will be installed:
- python3-authres python3-dns python3-spf python3-spf-engine
- The following NEW packages will be installed:
- postfix-mysql postfix-policyd-spf-python python3-authres python3-dns
- python3-spf python3-spf-engine
- 0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.
- Need to get 163 kB of archives.
- After this operation, 667 kB of additional disk space will be used.
- Get:1 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal-updates/main arm64 postfix-mysql arm64 3.4.13-0ubuntu1.2 [21.0 kB]
- Get:2 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal/universe arm64 python3-authres all 1.2.0-2 [17.1 kB]
- Get:3 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal/universe arm64 python3-dns all 3.2.1-1 [25.6 kB]
- Get:4 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal/universe arm64 python3-spf all 2.0.14-1 [57.6 kB]
- Get:5 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal/universe arm64 python3-spf-engine all 2.9.2-1 [17.1 kB]
- Get:6 http://eu-zurich-1-ad-1.clouds.ports.ubuntu.com/ubuntu-ports focal/universe arm64 postfix-policyd-spf-python all 2.9.2-1 [24.9 kB]
- Fetched 163 kB in 0s (1106 kB/s)
- Selecting previously unselected package postfix-mysql.
- (Reading database ... 118173 files and directories currently installed.)
- Preparing to unpack .../0-postfix-mysql_3.4.13-0ubuntu1.2_arm64.deb ...
- Unpacking postfix-mysql (3.4.13-0ubuntu1.2) ...
- Selecting previously unselected package python3-authres.
- Preparing to unpack .../1-python3-authres_1.2.0-2_all.deb ...
- Unpacking python3-authres (1.2.0-2) ...
- Selecting previously unselected package python3-dns.
- Preparing to unpack .../2-python3-dns_3.2.1-1_all.deb ...
- Unpacking python3-dns (3.2.1-1) ...
- Selecting previously unselected package python3-spf.
- Preparing to unpack .../3-python3-spf_2.0.14-1_all.deb ...
- Unpacking python3-spf (2.0.14-1) ...
- Selecting previously unselected package python3-spf-engine.
- Preparing to unpack .../4-python3-spf-engine_2.9.2-1_all.deb ...
- Unpacking python3-spf-engine (2.9.2-1) ...
- Selecting previously unselected package postfix-policyd-spf-python.
- Preparing to unpack .../5-postfix-policyd-spf-python_2.9.2-1_all.deb ...
- Unpacking postfix-policyd-spf-python (2.9.2-1) ...
- Setting up python3-authres (1.2.0-2) ...
- Setting up postfix-mysql (3.4.13-0ubuntu1.2) ...
- Adding mysql map entry to /etc/postfix/dynamicmaps.cf
- Setting up python3-dns (3.2.1-1) ...
- Setting up python3-spf (2.0.14-1) ...
- Setting up python3-spf-engine (2.9.2-1) ...
- Setting up postfix-policyd-spf-python (2.9.2-1) ...
- Processing triggers for man-db (2.9.1-1) ...
- exec | DEBIAN_FRONTEND=dialog
- files | postfix/main.cf.twig => /etc/postfix/main.cf
- files | postfix/master.cf => /etc/postfix/master.cf
- files | postfix/header_checks => /etc/postfix/header_checks
- files | postfix/mysql-virtual-mailbox-domains.cf => /etc/postfix/mysql-virtual-mailbox-domains.cf
- files | postfix/mysql-virtual-mailbox-maps.cf => /etc/postfix/mysql-virtual-mailbox-maps.cf
- files | postfix/mysql-virtual-alias-maps.cf => /etc/postfix/mysql-virtual-alias-maps.cf
- exec | echo "***HOSTNAME***" > /etc/mailname
- exec | openssl dhparam -out /etc/postfix/dh512.pem 512
- Generating DH parameters, 512 bit long safe prime, generator 2
- This is going to take a long time
- .............................+..................................................................................+.................................+.............+......................+................+.............................+........................+.....+.+...+..............................++*++*++*++*++*
- exec | openssl dhparam -out /etc/postfix/dh1024.pem 1024
- Generating DH parameters, 1024 bit long safe prime, generator 2
- This is going to take a long time
- .....................+......+...............+......................................................................+.....................+......................................+................................................................................................................+................................+.+...................................+..+.....+...............................................................................................................................................+................................................................................................................................................+...........................................................................+.....++*++*++*++*++*
- exec | openssl dhparam -out /etc/postfix/dh2048.pem 2048
- Generating DH parameters, 2048 bit long safe prime, generator 2
- This is going to take a long time
- ..........................................+.................................................................................................................................................................................................+............+.......................................+....................................................................................................................................................................................................................................................................+...............+........................................+....................................................+......................................+.......................................................+..............+...........................................................+...................................................+...............................+..................................................................................................................................+.................................................+................+....................................+............................................................................................+............................+...................................................+..................................................................................................................................................................................+.............................................................+......................................................+...........................+....................+..................................+....................+..................+...........................................................................................................................................................+...........+.+.......+...........................................+........................................................+.....................................................................................................................................................................................................................................................................................+...................................................................+.+..................................+..................................................................+............................................................+.......................................+...+................+............................................................................................................................+.....................................................................................................+.............................+...........................+.......................................................+..............................................................................+................................................................+......................................................................+........................................+...........................+.............................................................................................................................+............................+...........................................................+..........................+.................................................................................................................................................+.......+.........................................................................................................................................................................................................................+.....................................................................................................................+................................+...........................................................................................................+...............................+..+...................................................................................................................+...........................................................................................................................................................................................................................................................................................................................................................+.......................+..........................................................+.........................................................................................................................+..................................................................................................................................................+.............................+........................................................................................................+......................................................+..................................................................................+......................................+...................................................................................+.+........................................................................................................................................................................................................................................................................................+..................................................................................................................................................................................................................+...................+.............................................................................+................................+.....................+........................+.....................+.......................................................+..............................+....................................+.................................................................................................................................................................................................................................+.......+..........................................................................................................................................................................+..........................................................................................................................................................................................+................++*++*++*++*
- exec | chmod 0600 /etc/postfix/mysql-virtual-mailbox-domains.cf
- exec | chmod 0600 /etc/postfix/mysql-virtual-mailbox-maps.cf
- exec | chmod 0600 /etc/postfix/mysql-virtual-alias-maps.cf
- exec | service postfix restart
- ================================================================================
- Dovecot
- ================================================================================
- exec | /usr/share/debconf/fix_db.pl
- exec | DEBIAN_FRONTEND=noninteractive apt-get install -y dovecot-core dovecot-common dovecot-mysql dovecot-sieve dovecot-managesieved dovecot-imapd dovecot-pop3d dovecot-lmtpd
- Reading package lists...
- Building dependency tree...
- Reading state information...
- dovecot-core is already the newest version (1:2.3.7.2-1ubuntu3.5).
- dovecot-imapd is already the newest version (1:2.3.7.2-1ubuntu3.5).
- dovecot-pop3d is already the newest version (1:2.3.7.2-1ubuntu3.5).
- dovecot-lmtpd is already the newest version (1:2.3.7.2-1ubuntu3.5).
- dovecot-managesieved is already the newest version (1:2.3.7.2-1ubuntu3.5).
- dovecot-mysql is already the newest version (1:2.3.7.2-1ubuntu3.5).
- dovecot-sieve is already the newest version (1:2.3.7.2-1ubuntu3.5).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- exec | DEBIAN_FRONTEND=dialog
- files | dovecot/dovecot.conf.twig => /etc/dovecot/dovecot.conf
- files | dovecot/dovecot-sql.conf => /etc/dovecot/dovecot-sql.conf
- exec | id -u vmail 2>&1 || useradd -u 5000 -d /var/mail vmail
- 5000
- exec | chown -R vmail:vmail /var/mail/
- exec | chmod 0777 /var/mail
- exec | chown -R vmail:dovecot /etc/dovecot/
- exec | chmod -R o-rwx /etc/dovecot/
- exec | service dovecot restart
- ================================================================================
- OpenDKIM
- ================================================================================
- exec | apt-get -y install opendkim opendkim-tools
- Reading package lists...
- Building dependency tree...
- Reading state information...
- opendkim is already the newest version (2.11.0~beta2-1).
- opendkim-tools is already the newest version (2.11.0~beta2-1).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- exec | mkdir -p -m 0755 /etc/opendkim/
- exec | mkdir -p -m 0700 /etc/opendkim/keys
- exec | touch /etc/opendkim/signing.table
- exec | touch /etc/opendkim/key.table
- files | opendkim/opendkim.conf => /etc/opendkim.conf
- files | opendkim/trusted => /etc/opendkim/trusted
- exec | chown -R opendkim:opendkim /etc/opendkim
- ================================================================================
- Email protection
- ================================================================================
- exec | apt-get install -y amavis clamav clamav-daemon spamassassin pyzor razor
- Reading package lists...
- Building dependency tree...
- Reading state information...
- amavisd-new is already the newest version (1:2.11.0-6.1ubuntu1).
- pyzor is already the newest version (1:1.0.0-3).
- razor is already the newest version (1:2.85-4.2build5).
- clamav is already the newest version (0.103.2+dfsg-0ubuntu0.20.04.2).
- clamav-daemon is already the newest version (0.103.2+dfsg-0ubuntu0.20.04.2).
- spamassassin is already the newest version (3.4.4-1ubuntu1.1).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- exec | mkdir -p -m 0755 /var/spool/spamassassin/
- exec | chown amavis:amavis /var/spool/spamassassin/
- files | amavis/15-content_filter_mode => /etc/amavis/conf.d/15-content_filter_mode
- files | amavis/50-user => /etc/amavis/conf.d/50-user
- files | spamassassin/spamassassin => /etc/default/spamassassin
- files | spamassassin/local.cf => /etc/spamassassin/local.cf
- exec | su - amavis -s /bin/bash -c 'razor-admin -create'
- exec | su - amavis -s /bin/bash -c 'razor-admin -register'
- Register successful. Identity stored in /var/lib/amavis/.razor/identity-ru3O-4_U5k
- exec | usermod -aG amavis clamav
- exec | usermod -aG clamav amavis
- exec | chmod 0640 /etc/amavis/conf.d/50-user
- exec | chown root:amavis /etc/amavis/conf.d/50-user
- exec | service clamav-daemon restart
- exec | service amavis restart
- exec | service spamassassin restart
- exec | systemctl enable spamassassin
- Synchronizing state of spamassassin.service with SysV service script with /lib/systemd/systemd-sysv-install.
- Executing: /lib/systemd/systemd-sysv-install enable spamassassin
- exec | systemctl enable clamav-daemon
- Synchronizing state of clamav-daemon.service with SysV service script with /lib/systemd/systemd-sysv-install.
- Executing: /lib/systemd/systemd-sysv-install enable clamav-daemon
- exec | grep "^\s*DatabaseCustomURL" /etc/clamav/freshclam.conf || echo "
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/junk.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/jurlbl.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phish.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/rogue.hdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sanesecurity.ftm
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/scam.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamimg.hdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamattach.hdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/blurl.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/malwarehash.hsb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/hackingteam.hsb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware.hdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware_links.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_extended_malware.hdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow.attachments.hdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_bad_cw.hdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phishtank.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.hsb
- DatabaseCustomURL https://urlhaus.abuse.ch/downloads/urlhaus.ndb
- " >> /etc/clamav/freshclam.conf
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/junk.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/jurlbl.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phish.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/rogue.hdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sanesecurity.ftm
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/scam.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamimg.hdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamattach.hdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/blurl.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/malwarehash.hsb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/hackingteam.hsb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware.hdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware_links.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_extended_malware.hdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow.attachments.hdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_bad_cw.hdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phishtank.ndb
- DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.hsb
- DatabaseCustomURL https://urlhaus.abuse.ch/downloads/urlhaus.ndb
- ================================================================================
- AWStats
- ================================================================================
- exec | apt-get install -y awstats
- Reading package lists...
- Building dependency tree...
- Reading state information...
- awstats is already the newest version (7.6+dfsg-2ubuntu0.20.04.1).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- exec | rm -f /etc/cron.d/awstats
- exec | rm -f /etc/awstats/awstats.conf
- ================================================================================
- Fail2ban
- ================================================================================
- exec | apt-get install -y fail2ban
- Reading package lists...
- Building dependency tree...
- Reading state information...
- fail2ban is already the newest version (0.11.1-1).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- files | fail2ban/jail.d/keyhelp.local => /etc/fail2ban/jail.d/keyhelp.local
- files | fail2ban/filter.d/keyhelp-phpmyadmin.conf => /etc/fail2ban/filter.d/keyhelp-phpmyadmin.conf
- exec | chown keyhelp:keyhelp /etc/fail2ban/jail.d/keyhelp.local
- exec | service fail2ban restart
- ================================================================================
- Logrotate
- ================================================================================
- exec | apt-get install -y logrotate
- Reading package lists...
- Building dependency tree...
- Reading state information...
- logrotate is already the newest version (3.14.0-4ubuntu3).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- files | logrotate/keyhelp => /etc/logrotate.d/keyhelp
- files | logrotate/logrotate.timer => /lib/systemd/system/logrotate.timer
- files | logrotate/logrotate.service => /lib/systemd/system/logrotate.service
- exec | systemctl daemon-reload
- ================================================================================
- PhpMyAdmin 5.1.1
- ================================================================================
- exec | rm -f /tmp/keyhelp_update/phpmyadmin.tar.gz
- exec | rm -rf /home/keyhelp/www/phpmyadmin/*
- exec | mkdir -p -m 0755 /tmp/keyhelp_update
- exec | mkdir -p -m 0755 /home/keyhelp/www/phpmyadmin
- exec | wget --no-verbose --no-check-certificate --prefer-family='ipv4' --output-document='/tmp/keyhelp_update/phpmyadmin.tar.gz' https://install.keyhelp.de/files/tools/phpmyadmin/phpMyAdmin-5.1.1-all-languages.tar.gz
- 2022-01-14 20:03:33 URL:https://install.keyhelp.de/files/tools/phpmyadmin/phpMyAdmin-5.1.1-all-languages.tar.gz [13454066/13454066] -> "/tmp/keyhelp_update/phpmyadmin.tar.gz" [1]
- exec | tar --strip 1 -xf /tmp/keyhelp_update/phpmyadmin.tar.gz -C /home/keyhelp/www/phpmyadmin
- files | phpmyadmin/config.inc.php => /home/keyhelp/www/phpmyadmin/config.inc.php
- files | phpmyadmin/.htaccess => /home/keyhelp/www/phpmyadmin/.htaccess
- files | phpmyadmin/.htaccess_deny => /home/keyhelp/www/phpmyadmin/libraries/.htaccess
- db | DROP DATABASE IF EXISTS `phpmyadmin`
- db | CREATE DATABASE `phpmyadmin`
- db | GRANT SELECT,INSERT,UPDATE,DELETE ON phpmyadmin.* TO 'phpmyadmin'@'localhost' IDENTIFIED BY '***PMA_PASS***'
- db | FLUSH PRIVILEGES
- exec | rm -rf /home/keyhelp/www/phpmyadmin/setup
- exec | chmod 0600 /home/keyhelp/www/phpmyadmin/config.inc.php
- exec | chown -R keyhelp:keyhelp /home/keyhelp/www/phpmyadmin
- import | /home/keyhelp/www/phpmyadmin/sql/create_tables.sql => phpmyadmin
- ================================================================================
- Adminer 4.8.1
- ================================================================================
- exec | rm -f /tmp/keyhelp_update/adminer.tar.gz
- exec | rm -rf /home/keyhelp/www/adminer/*
- exec | mkdir -p -m 0755 /tmp/keyhelp_update
- exec | mkdir -p -m 0755 /home/keyhelp/www/adminer
- exec | wget --no-verbose --no-check-certificate --prefer-family='ipv4' --output-document='/tmp/keyhelp_update/adminer.tar.gz' https://install.keyhelp.de/files/tools/adminer/adminer-4.8.1.tar.gz
- 2022-01-14 20:03:34 URL:https://install.keyhelp.de/files/tools/adminer/adminer-4.8.1.tar.gz [432863/432863] -> "/tmp/keyhelp_update/adminer.tar.gz" [1]
- exec | tar --strip 1 -xzf /tmp/keyhelp_update/adminer.tar.gz -C /home/keyhelp/www/adminer
- exec | rm -rf /home/keyhelp/www/adminer/setup
- exec | chown -R keyhelp:keyhelp /home/keyhelp/www/adminer
- ================================================================================
- Roundcube 1.5.1 Multilanguage
- ================================================================================
- exec | rm -rf /home/keyhelp/www/roundcube/*
- exec | rm --force /tmp/keyhelp_update/roundcube.tar.gz
- exec | mkdir --parents --mode 0755 /tmp/keyhelp_update/
- exec | mkdir --parents --mode 0755 /home/keyhelp/www/roundcube
- exec | wget --no-verbose --no-check-certificate --prefer-family='ipv4' --output-document='/tmp/keyhelp_update/roundcube.tar.gz' https://install.keyhelp.de/files/tools/roundcube/roundcubemail-1.5.1.tar.gz
- 2022-01-14 20:03:34 URL:https://install.keyhelp.de/files/tools/roundcube/roundcubemail-1.5.1.tar.gz [7827081/7827081] -> "/tmp/keyhelp_update/roundcube.tar.gz" [1]
- exec | tar --strip 1 -xf /tmp/keyhelp_update/roundcube.tar.gz -C /home/keyhelp/www/roundcube
- exec | mkdir --parents --mode 0755 /home/keyhelp/www/roundcube/plugins/keyhelp_sync_identities
- files | roundcube/config.inc.php => /home/keyhelp/www/roundcube/config/config.inc.php
- files | roundcube/plugins/managesieve/config.inc.php => /home/keyhelp/www/roundcube/plugins/managesieve/config.inc.php
- files | roundcube/plugins/password/config.inc.php => /home/keyhelp/www/roundcube/plugins/password/config.inc.php
- files | roundcube/plugins/keyhelp_sync_identities/keyhelp_sync_identities.php => /home/keyhelp/www/roundcube/plugins/keyhelp_sync_identities/keyhelp_sync_identities.php
- files | roundcube/plugins/keyhelp_sync_identities/composer.json => /home/keyhelp/www/roundcube/plugins/keyhelp_sync_identities/composer.json
- db | DROP DATABASE IF EXISTS `roundcube`
- db | CREATE DATABASE `roundcube`
- db | GRANT ALL PRIVILEGES ON roundcube.* TO 'roundcube'@'localhost' IDENTIFIED BY '***RC_PASS***'
- db | FLUSH PRIVILEGES
- exec | chmod 0600 /home/keyhelp/www/roundcube/plugins/password/config.inc.php
- exec | chmod 0600 /home/keyhelp/www/roundcube/config/config.inc.php
- exec | chown -R keyhelp:keyhelp /home/keyhelp/www/roundcube
- import | /home/keyhelp/www/roundcube/SQL/mysql.initial.sql => roundcube
- ================================================================================
- Rainloop 1.16.0 (Community Edition)
- ================================================================================
- exec | rm -rf /home/keyhelp/www/rainloop/*
- exec | rm --force /tmp/keyhelp_update/rainloop.tar.gz
- exec | mkdir --parents --mode 0755 /tmp/keyhelp_update/
- exec | mkdir --parents --mode 0755 /home/keyhelp/www/rainloop
- exec | wget --no-verbose --no-check-certificate --prefer-family='ipv4' --output-document='/tmp/keyhelp_update/rainloop.tar.gz' https://install.keyhelp.de/files/tools/rainloop/rainloop-community-1.16.0.tar.gz
- 2022-01-14 20:03:35 URL:https://install.keyhelp.de/files/tools/rainloop/rainloop-community-1.16.0.tar.gz [5999866/5999866] -> "/tmp/keyhelp_update/rainloop.tar.gz" [1]
- exec | tar -xf /tmp/keyhelp_update/rainloop.tar.gz -C /home/keyhelp/www/rainloop
- exec | find /home/keyhelp/www/rainloop -type d -exec chmod 0755 {} \;
- exec | find /home/keyhelp/www/rainloop -type f -exec chmod 0644 {} \;
- exec | mkdir --parents --mode 0755 /home/keyhelp/www/rainloop/data/_data_/_default_/configs/
- exec | mkdir --parents --mode 0755 /home/keyhelp/www/rainloop/rainloop/v/1.16.0/app/domains
- exec | mkdir --parents --mode 0755 /home/keyhelp/www/rainloop/data/_data_/_default_/plugins/change-password-custom-sql/
- files | rainloop/application.ini => /home/keyhelp/www/rainloop/data/_data_/_default_/configs/application.ini
- files | rainloop/default.ini => /home/keyhelp/www/rainloop/rainloop/v/1.16.0/app/domains/default.ini
- files | rainloop/change-password-custom-sql/ChangePasswordCustomSqlDriver.php => /home/keyhelp/www/rainloop/data/_data_/_default_/plugins/change-password-custom-sql/ChangePasswordCustomSqlDriver.php
- files | rainloop/change-password-custom-sql/index.php => /home/keyhelp/www/rainloop/data/_data_/_default_/plugins/change-password-custom-sql/index.php
- files | rainloop/change-password-custom-sql/plugin-change-password-custom-sql.ini => /home/keyhelp/www/rainloop/data/_data_/_default_/configs/plugin-change-password-custom-sql.ini
- files | rainloop/.htaccess_deny => /home/keyhelp/www/rainloop/data/.htaccess
- db | DROP DATABASE IF EXISTS `rainloop`
- db | CREATE DATABASE `rainloop`
- db | GRANT ALL PRIVILEGES ON rainloop.* TO 'rainloop'@'localhost' IDENTIFIED BY '***RL_PASS***'
- db | FLUSH PRIVILEGES
- exec | chmod 0600 /home/keyhelp/www/rainloop/data/_data_/_default_/configs/application.ini
- exec | chmod 0600 /home/keyhelp/www/rainloop/data/_data_/_default_/configs/plugin-change-password-custom-sql.ini
- exec | chown -R keyhelp:keyhelp /home/keyhelp/www/rainloop
- ================================================================================
- Quota
- ================================================================================
- exec | apt-get install -y quota quotatool
- Reading package lists...
- Building dependency tree...
- Reading state information...
- quota is already the newest version (4.05-1).
- quotatool is already the newest version (1:1.6.2-5fakesync1).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- exec | service quota stop
- exec | cp /etc/fstab /etc/fstab-backup
- exec | echo "LABEL=cloudimg-rootfs / ext4 defaults,usrquota,grpquota 0 1
- LABEL=UEFI /boot/efi vfat umask=0077 0 1
- # CLOUD_IMG: This file was created/modified by the Cloud Image build process
- ######################################
- ## ORACLE CLOUD INFRASTRUCTURE CUSTOMERS
- ##
- ## If you are adding an iSCSI remote block volume to this file you MUST
- ## include the '_netdev' mount option or your instance will become
- ## unavailable after the next reboot.
- ## SCSI device names are not stable across reboots; please use the device UUID
- ## instead of /dev path.
- ##
- ## Example:
- ## UUID=94c5aade-8bb1-4d55-ad0c-388bb8aa716a /data1 ext4 defaults,noatime,_netdev 0 2
- ##
- ## More information:
- ## https://docs.us-phoenix-1.oraclecloud.com/Content/Block/Tasks/connectingtoavolume.htm
- ##" > "/etc/fstab"
- exec | mount -o remount /
- exec | quotacheck -avmug
- quotacheck: Your kernel probably supports journaled quota but you are not using it. Consider switching to journaled quota to avoid running quotacheck after an unclean shutdown.
- quotacheck: Quota for users is enabled on mountpoint / so quotacheck might damage the file.
- Please turn quotas off or use -f to force checking.
- >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
- >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ERROR DETECTED <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
- <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
- [SKIPPED DUE PREVIOUS ERRORS] exec | service quota start
- ================================================================================
- Apparmor
- ================================================================================
- exec | apt-get install -y apparmor
- Reading package lists...
- Building dependency tree...
- Reading state information...
- apparmor is already the newest version (2.13.3-7ubuntu5.1).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- ================================================================================
- 7-zip
- ================================================================================
- exec | apt-get install -y p7zip-full
- Reading package lists...
- Building dependency tree...
- Reading state information...
- p7zip-full is already the newest version (16.02+dfsg-7build1).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- ================================================================================
- Hide LTS notice
- ================================================================================
- files | update-manager/release-upgrades => /etc/update-manager/release-upgrades
- exec | rm -f /var/lib/update-notifier/release-upgrade-available
- ================================================================================
- Update message of the day
- ================================================================================
- files | motd/80-keyhelp => /etc/update-motd.d/80-keyhelp
- exec | chmod +x /etc/update-motd.d/80-keyhelp
- ================================================================================
- Nano
- ================================================================================
- exec | apt-get install -y nano
- Reading package lists...
- Building dependency tree...
- Reading state information...
- nano is already the newest version (4.8-1ubuntu1).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- ================================================================================
- Curl
- ================================================================================
- exec | apt-get install -y curl
- Reading package lists...
- Building dependency tree...
- Reading state information...
- curl is already the newest version (7.68.0-1ubuntu2.7).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- ================================================================================
- Cron daemon
- ================================================================================
- exec | apt-get install -y cron
- Reading package lists...
- Building dependency tree...
- Reading state information...
- cron is already the newest version (3.0pl1-136ubuntu1).
- 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
- files | cron/keyhelp => /etc/cron.d/keyhelp
- files | cron/keyhelp-sa-learn => /etc/cron.d/keyhelp-sa-learn
- files | cron/keyhelp-firewall => /etc/cron.d/keyhelp-firewall
- exec | chmod 0644 /etc/cron.d/keyhelp
- exec | chmod 0644 /etc/cron.d/keyhelp-sa-learn
- ################################################################################
- ################################################################################
- => Errors occurred during installation. <=
- Finished install: 2022-01-14 20:03:41
- Duration: 116 second(s)
- ubuntu@ch1:~$