Ark74/apache-ispconfig3-trisquel.sh

## apache-ispconfig3-trisquel.sh
#!/bin/bash
## Install ISPConfig3 on Trisquel 7.0 64Bits on a Digital Ocean Droplet
## Author: Luis Alberto Guzmán García ark.switnet.org
## Modified from: Nilton OS blog.linuxpro.com.br
## https://www.howtoforge.com/perfect-server-ubuntu-14.04-apache2-php-mysql-pureftpd-bind-dovecot-ispconfig-3
##

## Agregar swap de 1G y ajusta archivo ssysctl
fallocate -l 1G /swapfile ; chmod 600 /swapfile ; \
mkswap /swapfile ; swapon /swapfile ; \
echo '/swapfile   none    swap    sw    0   0' | tee -a /etc/fstab ; \
sysctl vm.swappiness=10 ; sysctl vm.vfs_cache_pressure=50 ; \
echo 'vm.swappiness=10
vm.vfs_cache_pressure = 50' | tee -a /etc/sysctl.conf

## Modificando repositorios a trisquel
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8D8AEBF1 ; \
wget http://switnet.net/apt/switnet-repo.asc -O- | sudo apt-key add - ; \
echo "apt_preserve_sources_list: true" | tee -a /etc/cloud/cloud.cfg ; \
echo '## Note, this file is written by cloud-init on first boot of an instance
## modifications made here will not survive a re-bundle.
## if you wish to make changes you can:
## a.) add "apt_preserve_sources_list: true" to /etc/cloud/cloud.cfg
##     or do the same in user-data
## b.) add sources in /etc/apt/sources.list.d
## c.) make changes to template file /etc/cloud/templates/sources.list.tmpl
#
# See http://trisquel.info/wiki/ for how to upgrade to
# newer versions of the distribution.
deb http://us.archive.trisquel.info/trisquel/ belenos main
deb-src http://us.archive.trisquel.info/trisquel/ belenos main

deb http://us.archive.trisquel.info/trisquel/ belenos-updates main
deb-src http://us.archive.trisquel.info/trisquel/ belenos-updates main

deb http://us.archive.trisquel.info/trisquel/ belenos-security main
deb-src http://us.archive.trisquel.info/trisquel/ belenos-security main

# Uncomment this lines to enable the backports optional repository
# deb http://us.archive.trisquel.info/trisquel/ belenos-backports main
# deb-src http://us.archive.trisquel.info/trisquel/ belenos-backports main

deb http://switnet.net/apt belenos-unstable main
' | tee /etc/apt/sources.list ; \
apt-get update ; apt-get -y dist-upgrade

## Paquetes extras
apt-get install -y curl git htop bmon molly-guard kexec-tools

apt-get -y install trisquel-release-upgrader-core python3-distupgrade=1:0.220.8+7.0trisquel12
aptitude dist-upgrade

dpkg-reconfigure dash

service apparmor stop
update-rc.d -f apparmor remove
apt-get remove -y apparmor apparmor-utils

service sendmail stop; update-rc.d -f sendmail remove

apt-get update
apt-get install -y ssh openssh-server

apt-get install -y postfix postfix-mysql postfix-doc
apt-get install -y mysql-client mysql-server openssl getmail4 rkhunter binutils
apt-get install -y dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo ntp ntpdate


sed -i 's|bind-address|#bind-address|' /etc/mysql/my.cnf

## Ajustando el archivo /etc/postfix/master.cf de Postfix
sed -i 's|#submission|submission|' /etc/postfix/master.cf
sed -i 's|#  -o syslog_name=postfix/submission|  -o syslog_name=postfix/submission|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_tls_security_level=encrypt|  -o smtpd_tls_security_level=encrypt|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_sasl_auth_enable=yes|  -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_reject_unlisted_recipient=no|  -o smtpd_client_restrictions=permit_sasl_authenticated,reject|' /etc/postfix/master.cf

sed -i 's|#smtps|smtps|' /etc/postfix/master.cf
sed -i 's|#  -o syslog_name=postfix/smtps|  -o syslog_name=postfix/smtps|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_tls_wrappermode=yes|  -o smtpd_tls_wrappermode=yes|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_sasl_auth_enable=yes|  -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_reject_unlisted_recipient=no|  -o smtpd_client_restrictions=permit_sasl_authenticated,reject|' /etc/postfix/master.cf

service postfix restart
service mysql restart


apt-get install -y amavisd-new spamassassin clamav clamav-daemon zoo libnet-ldap-perl
apt-get install -y unzip bzip2 arj nomarch lzop cabextract apt-listchanges
apt-get install -y libauthen-sasl-perl daemon libio-string-perl
apt-get install -y libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl

apt-get install -y apache2 apache2-doc apache2-utils libapache2-mod-php5 libapache2-mod-fcgid apache2-suexec \
libapache2-mod-suphp libapache2-mod-python

service spamassassin stop
update-rc.d -f spamassassin remove

## Xcache agregado
apt-get -y install php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin \
php5-cli php5-cgi  php-pear php-auth php5-mcrypt mcrypt php5-imagick \
imagemagick libruby php5-curl php5-intl php5-memcache php5-memcached php5-\
ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy \
php5-xmlrpc php5-xsl memcached snmp php5-xcache php-auth php-pear

php5enmod mcrypt

a2enmod suexec rewrite ssl actions include cgi
a2enmod dav_fs dav auth_digest headers

sed -i 's/<FilesMatch/#<FilesMatch/' /etc/apache2/mods-available/suphp.conf
sed -i 's/    SetHandler/#    SetHandler/' /etc/apache2/mods-available/suphp.conf
sed -i 's/<\/FilesMatch/#<\/FilesMatch/' /etc/apache2/mods-available/suphp.conf

sed -i 's/application\/x-ruby/#application\/x-ruby/' /etc/mime.types

service apache2 restart

## PHP-FPM
apt-get -y install libapache2-mod-fastcgi php5-fpm
a2enmod actions fastcgi alias
service apache2 restart

## Mailman
apt-get -y install mailman

newlist mailman

echo '## mailman mailing list
mailman:              "|/var/lib/mailman/mail/mailman post mailman"
mailman-admin:        "|/var/lib/mailman/mail/mailman admin mailman"
mailman-bounces:      "|/var/lib/mailman/mail/mailman bounces mailman"
mailman-confirm:      "|/var/lib/mailman/mail/mailman confirm mailman"
mailman-join:         "|/var/lib/mailman/mail/mailman join mailman"
mailman-leave:        "|/var/lib/mailman/mail/mailman leave mailman"
mailman-owner:        "|/var/lib/mailman/mail/mailman owner mailman"
mailman-request:      "|/var/lib/mailman/mail/mailman request mailman"
mailman-subscribe:    "|/var/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe mailman"' | tee -a /etc/aliases

newaliases

service postfix restart

ln -s /etc/mailman/apache.conf /etc/apache2/conf-available/mailman.conf

service apache2 restart
service mailman start

## PureFTPd & Quota
apt-get -y install pure-ftpd-common pure-ftpd-mysql quota quotatool

sed -i 's|VIRTUALCHROOT=false|VIRTUALCHROOT=true|' /etc/default/pure-ftpd-common


echo 1 > /etc/pure-ftpd/conf/TLS
mkdir -p /etc/ssl/private/
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
chmod 600 /etc/ssl/private/pure-ftpd.pem
service pure-ftpd-mysql restart

## FSTAB
sed -i 's/errors\=remount-ro/errors\=remount-ro,usrjquota\=quota.user,grpjquota\=quota.group,jqfmt\=vfsv0/' /etc/fstab
mount -o remount /
quotacheck -avugm
quotaon -avug

## BIND & STATS

apt-get install -y bind9 dnsutils vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl

rm -f /etc/cron.d/awstats

## Instación de Jailkit
apt-get install -y build-essential autoconf automake1.9 libtool flex bison debhelper binutils-gold

cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.17.tar.gz
tar xvfz jailkit-2.17.tar.gz
cd jailkit-2.17
./debian/rules binary

cd ..
dpkg -i jailkit_2.17-1_*.deb
rm -rf jailkit-2.17*

apt-get install -y fail2ban

echo '[pureftpd]
enabled  = true
port     = ftp
filter   = pureftpd
logpath  = /var/log/syslog
maxretry = 3

[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
logpath = /var/log/mail.log
maxretry = 5

[postfix-sasl]
enabled  = true
port     = smtp
filter   = postfix-sasl
logpath  = /var/log/mail.log
maxretry = 3' | tee /etc/fail2ban/jail.local

echo '[Definition]
failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
ignoreregex =' | tee /etc/fail2ban/filter.d/pureftpd.conf

echo '[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*
ignoreregex =' | tee /etc/fail2ban/filter.d/dovecot-pop3imap.conf

echo "ignoreregex =" >> /etc/fail2ban/filter.d/postfix-sasl.conf

service fail2ban restart

## SquirrelMail http://server.ltd/squirrelmail
apt-get install -y squirrelmail

squirrelmail-configure

cd /etc/apache2/conf-available/
ln -s ../../squirrelmail/apache.conf squirrelmail.conf
service apache2 reload

sed -i '6 i\
    AddType application/x-httpd-php .php' /etc/apache2/conf-available/squirrelmail.conf ; \
sed -i '7 i\
    php_flag magic_quotes_gpc Off' /etc/apache2/conf-available/squirrelmail.conf ; \
sed -i '8 i\
    php_flag track_vars On' /etc/apache2/conf-available/squirrelmail.conf ; \
sed -i '9 i\
    php_admin_flag allow_url_fopen Off' /etc/apache2/conf-available/squirrelmail.conf ; \
sed -i '10 i\
    php_value include_path .' /etc/apache2/conf-available/squirrelmail.conf ; \
sed -i '11 i\
    php_admin_value upload_tmp_dir /var/lib/squirrelmail/tmp' /etc/apache2/conf-available/squirrelmail.conf ; \
sed -i '12 i\
    php_admin_value open_basedir /usr/share/squirrelmail:/etc/squirrelmail:/var/lib/squirrelmail:/etc/hostname:/etc/mailname' /etc/apache2/conf-available/squirrelmail.conf


mkdir /var/lib/squirrelmail/tmp
chown www-data /var/lib/squirrelmail/tmp
a2enconf squirrelmail

service apache2 reload

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/
php -q install.php

echo "Roundcube necesita de un usuario remoto, vea: http://ur1.ca/o9l3n "
sleep 2
read -p "Presione [Enter] una vez configurado el usuario roundcube en la interfaz de ISPConfig 3 y continue la instalación..."

## Roundcube http://server.ltd/webmail - http://server.ltd/roundcube

apt-get install -y roundcube roundcube-plugins roundcube-plugins-extra

sed -i 's/#    Alias \/roundcube \/var\/lib\/roundcube/    Alias \/roundcube \/var\/lib\/roundcube/g' /etc/apache2/conf-available/roundcube.conf
sed -i '5 i\
    Alias /webmail /var/lib/roundcube' /etc/apache2/conf-available/roundcube.conf
sed -i '22i\
    DirectoryIndex index.php\
\
    <IfModule mod_php5.c>\
    AddType application/x-httpd-php .php\
\
    php_flag magic_quotes_gpc Off\
    php_flag track_vars On\
    php_flag register_globals Off\
    php_value include_path .:/usr/share/php\
  </IfModule>\
  ' /etc/apache2/conf-available/roundcube.conf

service apache2 restart

sed -i "s/\$rcmail_config\['default_host'\] =.*/\$rcmail_config['default_host'] = 'localhost';/" /etc/roundcube/main.inc.php
sed -i 's/en_US/es_ES/g' /etc/roundcube/main.inc.php

cd /tmp
git clone https://github.com/w2c/ispconfig3_roundcube.git
cd /tmp/ispconfig3_roundcube/
mv ispconfig3_* /var/lib/roundcube/plugins
cd /var/lib/roundcube/plugins
mv ispconfig3_account/config/config.inc.php.dist ispconfig3_account/config/config.inc.php

sed -i "s/\$rcmail_config\['remote_soap_pass'\] =.*/\$rcmail_config['remote_soap_pass'] = 'remote_soap_pass';/" /var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php
echo 'Por favor use la misma contraseña que uso al dar de alta el usuario remoto "roundcube": '
read password
sed -i "s/remote_soap_pass/$password/g"/var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php
echo 'Si necesita confirmarla revise el archivo  /var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php de ser necesario'
sleep 3
sed -i "s/\$rcmail_config\['soap_url'\] =.*/\$rcmail_config['soap_url'] = 'https:\/\/192.168.0.100:8080\/remote\/';/" /var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php
sed -i "s/192.168.0.100/$(curl ipecho.net/plain)/" /var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php


echo "No olvides confirmar que la dirección https://$(curl ipecho.net/plain):8080/remote/ es la que corresponde a tu servidor..."
sleep 2 ; echo "..." ; sleep 2 ; echo "..." ; sleep 2
echo "el archivo a revisar es: /var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php "
sleep 2 ; echo "..." ; sleep 2 ; echo "..." ; sleep 2
echo "continuamos..."

sed -i "s/\$rcmail_config\['plugins'\] =.*/\$rcmail_config['plugins'] = array('jqueryui', 'ispconfig3_account', 'ispconfig3_autoreply', 'ispconfig3_pass', 'ispconfig3_spam', 'ispconfig3_fetchmail', 'ispconfig3_filter');/"  /etc/roundcube/main.inc.php

## Modificaciones para activar el núcleo de Trisquel por medio de kexec en Droplet (Digital Ocean)
## mas info en: http://0wned.it/2014/08/27/custom-kernel-on-a-digitalocean-droplet-the-right-way/

wget https://gist.githubusercontent.com/Ark74/8f1880727d04bf301271/raw/ea9e7c66be23d6769edb576eab87973cc41bfe8d/etc_init.d_droplet-kernel -O /etc/init.d/droplet-kernel
chmod 755 /etc/init.d/droplet-kernel
wget https://gist.githubusercontent.com/Ark74/8f1880727d04bf301271/raw/ea9e7c66be23d6769edb576eab87973cc41bfe8d/etc_default_droplet-kernel -O /etc/default/droplet-kernel
update-rc.d droplet-kernel defaults

service droplet-kernel status
sleep 3

echo "Ahora vamos reiniciar el Servidor con nuestro núcloe de Trisquel..."
sleep 5
init 6

## etc_default_droplet-kernel
# Defaults for droplet-kernel initscript
# sourced by /etc/init.d/droplet-kernel

# Load a custom kernel for the droplet (true/false)
ENABLED=true

# Kernel and initrd image.
# If no initrd image is needed, leave blank.
KERNEL_IMAGE="/vmlinuz"
INITRD="/initrd.img"

# If empty, use current /proc/cmdline
APPEND=""

## etc_init.d_droplet-kernel
### BEGIN INIT INFO
# Provides:          droplet-kernel
# Required-Start:
# Required-Stop:
# Should-Start:      glibc
# Default-Start:     S
# Default-Stop:      6
# X-Interactive:     true
# Short-Description: Run kexec on DigitalOcean droplet
# Description:       Runs kexec on a DigitalOcean droplet to boot a custom kernel
# URL: http://0wned.it/2014/08/27/custom-kernel-on-a-digitalocean-droplet-the-right-way/
### END INIT INFO

PATH=/sbin:/bin:/usr/sbin:/usr/bin

. /lib/lsb/init-functions

test -r /etc/default/droplet-kernel && . /etc/default/droplet-kernel

do_stop() {
        # Don't do anything if kexec-tools are not installed
        # or droplet-kernel is not enabled in defaults file.
        test -x /sbin/kexec || exit 0
        test "$ENABLED" = "true" || exit 0

        # Check 'kexeced' kernel cmdline is present otherwise droplet
        # wasn't booted with a custom kernel via kexec.
        if grep -q ' kexeced$' /proc/cmdline; then

                # Remove 'kexeced' cmdline arguement so that when the droplet
                # is rebooted it will load and boot the custom kernel again.
                cat /proc/cmdline | sed 's/ kexeced$//' > /root/cmdline
                mount --bind -n -o ro /root/cmdline /proc/cmdline >/dev/null
                kexec -u

                log_action_msg "Removed 'kexeced' kernel cmdline from droplet"
        else
                log_action_msg "Droplet was not booted with the Trisquel kernel"
        fi
}

do_start() {
        # Don't do anything if kexec-tools are not installed
        # or droplet-kernel is not enabled in defaults file.
        test -x /sbin/kexec || exit 0
        test "$ENABLED" = "true" || exit 0

        do_status

        # Check 'kexeced' kernel cmdline is not present.
        # If it is, the droplet has already booted with kexec. This helps
        # prevent loops.
        if grep -qv ' kexeced$' /proc/cmdline; then

                # Give the option to abort booting the droplet using kexec.
                export KEXEC_ABORT=false
                trap "export KEXEC_ABORT=true" 2
                log_begin_msg "Press Ctrl+C to abort booting droplet with the Trisquel kernel"
                sleep 10
                trap - 2
                log_end_msg 0

                REAL_APPEND="$APPEND"
                test -z "$REAL_APPEND" && REAL_APPEND="`cat /proc/cmdline`"

                if [ "$KEXEC_ABORT" = "false" ]; then
                        log_action_begin_msg "Loading new kernel in to droplet memory"
                        if [ -z "$INITRD" ]; then
                                kexec --load "$KERNEL_IMAGE" --append="$REAL_APPEND kexeced"
                        else
                                kexec --load "$KERNEL_IMAGE" --initrd="$INITRD" --append="$REAL_APPEND kexeced"
                        fi
                        log_action_end_msg $?

                        log_action_begin_msg "Attempting to run droplet with the Trisquel kernel"
                        kexec -e
                        log_action_end_msg $?
                fi
        fi
}

do_status() {
        if [ "$ENABLED" != "true" ]; then
                log_action_msg "The Trisquel droplet kernel is NOT enabled"
                exit 0
        fi

        log_action_msg "The Trisquel droplet kernel is enabled"

        if grep -q 'kexeced$' /proc/cmdline; then
                log_action_msg "Droplet was booted with the Trisquel kernel"
        else
                log_action_msg "Droplet was NOT booted with the Trisquel kernel"
        fi
}

case "$1" in
  start)
        do_start
        ;;
  restart|reload|force-reload)
        echo "Error: argument '$1' not supported" >&2
        exit 3
        ;;
  stop)
        do_stop
        ;;
  status)
        do_status
        ;;
  *)
        echo "Usage: $0 {start|stop|status}" >&2
        exit 3
        ;;
esac
exit 0
	#!/bin/bash
	## Install ISPConfig3 on Trisquel 7.0 64Bits on a Digital Ocean Droplet
	## Author: Luis Alberto Guzmán García ark.switnet.org
	## Modified from: Nilton OS blog.linuxpro.com.br
	## https://www.howtoforge.com/perfect-server-ubuntu-14.04-apache2-php-mysql-pureftpd-bind-dovecot-ispconfig-3
	##

	## Agregar swap de 1G y ajusta archivo ssysctl
	fallocate -l 1G /swapfile ; chmod 600 /swapfile ; \
	mkswap /swapfile ; swapon /swapfile ; \
	echo '/swapfile none swap sw 0 0' \| tee -a /etc/fstab ; \
	sysctl vm.swappiness=10 ; sysctl vm.vfs_cache_pressure=50 ; \
	echo 'vm.swappiness=10
	vm.vfs_cache_pressure = 50' \| tee -a /etc/sysctl.conf

	## Modificando repositorios a trisquel
	apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8D8AEBF1 ; \
	wget http://switnet.net/apt/switnet-repo.asc -O- \| sudo apt-key add - ; \
	echo "apt_preserve_sources_list: true" \| tee -a /etc/cloud/cloud.cfg ; \
	echo '## Note, this file is written by cloud-init on first boot of an instance
	## modifications made here will not survive a re-bundle.
	## if you wish to make changes you can:
	## a.) add "apt_preserve_sources_list: true" to /etc/cloud/cloud.cfg
	## or do the same in user-data
	## b.) add sources in /etc/apt/sources.list.d
	## c.) make changes to template file /etc/cloud/templates/sources.list.tmpl
	#
	# See http://trisquel.info/wiki/ for how to upgrade to
	# newer versions of the distribution.
	deb http://us.archive.trisquel.info/trisquel/ belenos main
	deb-src http://us.archive.trisquel.info/trisquel/ belenos main

	deb http://us.archive.trisquel.info/trisquel/ belenos-updates main
	deb-src http://us.archive.trisquel.info/trisquel/ belenos-updates main

	deb http://us.archive.trisquel.info/trisquel/ belenos-security main
	deb-src http://us.archive.trisquel.info/trisquel/ belenos-security main

	# Uncomment this lines to enable the backports optional repository
	# deb http://us.archive.trisquel.info/trisquel/ belenos-backports main
	# deb-src http://us.archive.trisquel.info/trisquel/ belenos-backports main

	deb http://switnet.net/apt belenos-unstable main
	' \| tee /etc/apt/sources.list ; \
	apt-get update ; apt-get -y dist-upgrade

	## Paquetes extras
	apt-get install -y curl git htop bmon molly-guard kexec-tools

	apt-get -y install trisquel-release-upgrader-core python3-distupgrade=1:0.220.8+7.0trisquel12
	aptitude dist-upgrade

	dpkg-reconfigure dash

	service apparmor stop
	update-rc.d -f apparmor remove
	apt-get remove -y apparmor apparmor-utils

	service sendmail stop; update-rc.d -f sendmail remove

	apt-get update
	apt-get install -y ssh openssh-server

	apt-get install -y postfix postfix-mysql postfix-doc
	apt-get install -y mysql-client mysql-server openssl getmail4 rkhunter binutils
	apt-get install -y dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo ntp ntpdate


	sed -i 's\|bind-address\|#bind-address\|' /etc/mysql/my.cnf

	## Ajustando el archivo /etc/postfix/master.cf de Postfix
	sed -i 's\|#submission\|submission\|' /etc/postfix/master.cf
	sed -i 's\|# -o syslog_name=postfix/submission\| -o syslog_name=postfix/submission\|' /etc/postfix/master.cf
	sed -i 's\|# -o smtpd_tls_security_level=encrypt\| -o smtpd_tls_security_level=encrypt\|' /etc/postfix/master.cf
	sed -i 's\|# -o smtpd_sasl_auth_enable=yes\| -o smtpd_sasl_auth_enable=yes\|' /etc/postfix/master.cf
	sed -i 's\|# -o smtpd_reject_unlisted_recipient=no\| -o smtpd_client_restrictions=permit_sasl_authenticated,reject\|' /etc/postfix/master.cf

	sed -i 's\|#smtps\|smtps\|' /etc/postfix/master.cf
	sed -i 's\|# -o syslog_name=postfix/smtps\| -o syslog_name=postfix/smtps\|' /etc/postfix/master.cf
	sed -i 's\|# -o smtpd_tls_wrappermode=yes\| -o smtpd_tls_wrappermode=yes\|' /etc/postfix/master.cf
	sed -i 's\|# -o smtpd_sasl_auth_enable=yes\| -o smtpd_sasl_auth_enable=yes\|' /etc/postfix/master.cf
	sed -i 's\|# -o smtpd_reject_unlisted_recipient=no\| -o smtpd_client_restrictions=permit_sasl_authenticated,reject\|' /etc/postfix/master.cf

	service postfix restart
	service mysql restart


	apt-get install -y amavisd-new spamassassin clamav clamav-daemon zoo libnet-ldap-perl
	apt-get install -y unzip bzip2 arj nomarch lzop cabextract apt-listchanges
	apt-get install -y libauthen-sasl-perl daemon libio-string-perl
	apt-get install -y libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl

	apt-get install -y apache2 apache2-doc apache2-utils libapache2-mod-php5 libapache2-mod-fcgid apache2-suexec \
	libapache2-mod-suphp libapache2-mod-python

	service spamassassin stop
	update-rc.d -f spamassassin remove

	## Xcache agregado
	apt-get -y install php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin \
	php5-cli php5-cgi php-pear php-auth php5-mcrypt mcrypt php5-imagick \
	imagemagick libruby php5-curl php5-intl php5-memcache php5-memcached php5-\
	ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy \
	php5-xmlrpc php5-xsl memcached snmp php5-xcache php-auth php-pear

	php5enmod mcrypt

	a2enmod suexec rewrite ssl actions include cgi
	a2enmod dav_fs dav auth_digest headers

	sed -i 's/<FilesMatch/#<FilesMatch/' /etc/apache2/mods-available/suphp.conf
	sed -i 's/ SetHandler/# SetHandler/' /etc/apache2/mods-available/suphp.conf
	sed -i 's/<\/FilesMatch/#<\/FilesMatch/' /etc/apache2/mods-available/suphp.conf

	sed -i 's/application\/x-ruby/#application\/x-ruby/' /etc/mime.types

	service apache2 restart

	## PHP-FPM
	apt-get -y install libapache2-mod-fastcgi php5-fpm
	a2enmod actions fastcgi alias
	service apache2 restart

	## Mailman
	apt-get -y install mailman

	newlist mailman

	echo '## mailman mailing list
	mailman: "\|/var/lib/mailman/mail/mailman post mailman"
	mailman-admin: "\|/var/lib/mailman/mail/mailman admin mailman"
	mailman-bounces: "\|/var/lib/mailman/mail/mailman bounces mailman"
	mailman-confirm: "\|/var/lib/mailman/mail/mailman confirm mailman"
	mailman-join: "\|/var/lib/mailman/mail/mailman join mailman"
	mailman-leave: "\|/var/lib/mailman/mail/mailman leave mailman"
	mailman-owner: "\|/var/lib/mailman/mail/mailman owner mailman"
	mailman-request: "\|/var/lib/mailman/mail/mailman request mailman"
	mailman-subscribe: "\|/var/lib/mailman/mail/mailman subscribe mailman"
	mailman-unsubscribe: "\|/var/lib/mailman/mail/mailman unsubscribe mailman"' \| tee -a /etc/aliases

	newaliases

	service postfix restart

	ln -s /etc/mailman/apache.conf /etc/apache2/conf-available/mailman.conf

	service apache2 restart
	service mailman start

	## PureFTPd & Quota
	apt-get -y install pure-ftpd-common pure-ftpd-mysql quota quotatool

	sed -i 's\|VIRTUALCHROOT=false\|VIRTUALCHROOT=true\|' /etc/default/pure-ftpd-common


	echo 1 > /etc/pure-ftpd/conf/TLS
	mkdir -p /etc/ssl/private/
	openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
	chmod 600 /etc/ssl/private/pure-ftpd.pem
	service pure-ftpd-mysql restart

	## FSTAB
	sed -i 's/errors\=remount-ro/errors\=remount-ro,usrjquota\=quota.user,grpjquota\=quota.group,jqfmt\=vfsv0/' /etc/fstab
	mount -o remount /
	quotacheck -avugm
	quotaon -avug

	## BIND & STATS

	apt-get install -y bind9 dnsutils vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl

	rm -f /etc/cron.d/awstats

	## Instación de Jailkit
	apt-get install -y build-essential autoconf automake1.9 libtool flex bison debhelper binutils-gold

	cd /tmp
	wget http://olivier.sessink.nl/jailkit/jailkit-2.17.tar.gz
	tar xvfz jailkit-2.17.tar.gz
	cd jailkit-2.17
	./debian/rules binary

	cd ..
	dpkg -i jailkit_2.17-1_*.deb
	rm -rf jailkit-2.17*

	apt-get install -y fail2ban

	echo '[pureftpd]
	enabled = true
	port = ftp
	filter = pureftpd
	logpath = /var/log/syslog
	maxretry = 3

	[dovecot-pop3imap]
	enabled = true
	filter = dovecot-pop3imap
	action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
	logpath = /var/log/mail.log
	maxretry = 5

	[postfix-sasl]
	enabled = true
	port = smtp
	filter = postfix-sasl
	logpath = /var/log/mail.log
	maxretry = 3' \| tee /etc/fail2ban/jail.local

	echo '[Definition]
	failregex = .pure-ftpd: \(.@<HOST>\) \[WARNING\] Authentication failed for user.*
	ignoreregex =' \| tee /etc/fail2ban/filter.d/pureftpd.conf

	echo '[Definition]
	failregex = (?: pop3-login\|imap-login): .(?:Authentication failure\|Aborted login \(auth failed\|Aborted login \(tried to use disabled\|Disconnected \(auth failed\|Aborted login \(\d+ authentication attempts).rip=(?P<host>\S),.
	ignoreregex =' \| tee /etc/fail2ban/filter.d/dovecot-pop3imap.conf

	echo "ignoreregex =" >> /etc/fail2ban/filter.d/postfix-sasl.conf

	service fail2ban restart

	## SquirrelMail http://server.ltd/squirrelmail
	apt-get install -y squirrelmail

	squirrelmail-configure

	cd /etc/apache2/conf-available/
	ln -s ../../squirrelmail/apache.conf squirrelmail.conf
	service apache2 reload

	sed -i '6 i\
	AddType application/x-httpd-php .php' /etc/apache2/conf-available/squirrelmail.conf ; \
	sed -i '7 i\
	php_flag magic_quotes_gpc Off' /etc/apache2/conf-available/squirrelmail.conf ; \
	sed -i '8 i\
	php_flag track_vars On' /etc/apache2/conf-available/squirrelmail.conf ; \
	sed -i '9 i\
	php_admin_flag allow_url_fopen Off' /etc/apache2/conf-available/squirrelmail.conf ; \
	sed -i '10 i\
	php_value include_path .' /etc/apache2/conf-available/squirrelmail.conf ; \
	sed -i '11 i\
	php_admin_value upload_tmp_dir /var/lib/squirrelmail/tmp' /etc/apache2/conf-available/squirrelmail.conf ; \
	sed -i '12 i\
	php_admin_value open_basedir /usr/share/squirrelmail:/etc/squirrelmail:/var/lib/squirrelmail:/etc/hostname:/etc/mailname' /etc/apache2/conf-available/squirrelmail.conf


	mkdir /var/lib/squirrelmail/tmp
	chown www-data /var/lib/squirrelmail/tmp
	a2enconf squirrelmail

	service apache2 reload

	cd /tmp
	wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
	tar xfz ISPConfig-3-stable.tar.gz
	cd ispconfig3_install/install/
	php -q install.php

	echo "Roundcube necesita de un usuario remoto, vea: http://ur1.ca/o9l3n "
	sleep 2
	read -p "Presione [Enter] una vez configurado el usuario roundcube en la interfaz de ISPConfig 3 y continue la instalación..."

	## Roundcube http://server.ltd/webmail - http://server.ltd/roundcube

	apt-get install -y roundcube roundcube-plugins roundcube-plugins-extra

	sed -i 's/# Alias \/roundcube \/var\/lib\/roundcube/ Alias \/roundcube \/var\/lib\/roundcube/g' /etc/apache2/conf-available/roundcube.conf
	sed -i '5 i\
	Alias /webmail /var/lib/roundcube' /etc/apache2/conf-available/roundcube.conf
	sed -i '22i\
	DirectoryIndex index.php\
	\
	<IfModule mod_php5.c>\
	AddType application/x-httpd-php .php\
	\
	php_flag magic_quotes_gpc Off\
	php_flag track_vars On\
	php_flag register_globals Off\
	php_value include_path .:/usr/share/php\
	</IfModule>\
	' /etc/apache2/conf-available/roundcube.conf

	service apache2 restart

	sed -i "s/\$rcmail_config\['default_host'\] =.*/\$rcmail_config['default_host'] = 'localhost';/" /etc/roundcube/main.inc.php
	sed -i 's/en_US/es_ES/g' /etc/roundcube/main.inc.php

	cd /tmp
	git clone https://github.com/w2c/ispconfig3_roundcube.git
	cd /tmp/ispconfig3_roundcube/
	mv ispconfig3_* /var/lib/roundcube/plugins
	cd /var/lib/roundcube/plugins
	mv ispconfig3_account/config/config.inc.php.dist ispconfig3_account/config/config.inc.php

	sed -i "s/\$rcmail_config\['remote_soap_pass'\] =.*/\$rcmail_config['remote_soap_pass'] = 'remote_soap_pass';/" /var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php
	echo 'Por favor use la misma contraseña que uso al dar de alta el usuario remoto "roundcube": '
	read password
	sed -i "s/remote_soap_pass/$password/g"/var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php
	echo 'Si necesita confirmarla revise el archivo /var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php de ser necesario'
	sleep 3
	sed -i "s/\$rcmail_config\['soap_url'\] =.*/\$rcmail_config['soap_url'] = 'https:\/\/192.168.0.100:8080\/remote\/';/" /var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php
	sed -i "s/192.168.0.100/$(curl ipecho.net/plain)/" /var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php


	echo "No olvides confirmar que la dirección https://$(curl ipecho.net/plain):8080/remote/ es la que corresponde a tu servidor..."
	sleep 2 ; echo "..." ; sleep 2 ; echo "..." ; sleep 2
	echo "el archivo a revisar es: /var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php "
	sleep 2 ; echo "..." ; sleep 2 ; echo "..." ; sleep 2
	echo "continuamos..."

	sed -i "s/\$rcmail_config\['plugins'\] =.*/\$rcmail_config['plugins'] = array('jqueryui', 'ispconfig3_account', 'ispconfig3_autoreply', 'ispconfig3_pass', 'ispconfig3_spam', 'ispconfig3_fetchmail', 'ispconfig3_filter');/" /etc/roundcube/main.inc.php

	## Modificaciones para activar el núcleo de Trisquel por medio de kexec en Droplet (Digital Ocean)
	## mas info en: http://0wned.it/2014/08/27/custom-kernel-on-a-digitalocean-droplet-the-right-way/

	wget https://gist.githubusercontent.com/Ark74/8f1880727d04bf301271/raw/ea9e7c66be23d6769edb576eab87973cc41bfe8d/etc_init.d_droplet-kernel -O /etc/init.d/droplet-kernel
	chmod 755 /etc/init.d/droplet-kernel
	wget https://gist.githubusercontent.com/Ark74/8f1880727d04bf301271/raw/ea9e7c66be23d6769edb576eab87973cc41bfe8d/etc_default_droplet-kernel -O /etc/default/droplet-kernel
	update-rc.d droplet-kernel defaults

	service droplet-kernel status
	sleep 3

	echo "Ahora vamos reiniciar el Servidor con nuestro núcloe de Trisquel..."
	sleep 5
	init 6
	# Defaults for droplet-kernel initscript
	# sourced by /etc/init.d/droplet-kernel

	# Load a custom kernel for the droplet (true/false)
	ENABLED=true

	# Kernel and initrd image.
	# If no initrd image is needed, leave blank.
	KERNEL_IMAGE="/vmlinuz"
	INITRD="/initrd.img"

	# If empty, use current /proc/cmdline
	APPEND=""
	### BEGIN INIT INFO
	# Provides: droplet-kernel
	# Required-Start:
	# Required-Stop:
	# Should-Start: glibc
	# Default-Start: S
	# Default-Stop: 6
	# X-Interactive: true
	# Short-Description: Run kexec on DigitalOcean droplet
	# Description: Runs kexec on a DigitalOcean droplet to boot a custom kernel
	# URL: http://0wned.it/2014/08/27/custom-kernel-on-a-digitalocean-droplet-the-right-way/
	### END INIT INFO

	PATH=/sbin:/bin:/usr/sbin:/usr/bin

	. /lib/lsb/init-functions

	test -r /etc/default/droplet-kernel && . /etc/default/droplet-kernel

	do_stop() {
	# Don't do anything if kexec-tools are not installed
	# or droplet-kernel is not enabled in defaults file.
	test -x /sbin/kexec \|\| exit 0
	test "$ENABLED" = "true" \|\| exit 0

	# Check 'kexeced' kernel cmdline is present otherwise droplet
	# wasn't booted with a custom kernel via kexec.
	if grep -q ' kexeced$' /proc/cmdline; then

	# Remove 'kexeced' cmdline arguement so that when the droplet
	# is rebooted it will load and boot the custom kernel again.
	cat /proc/cmdline \| sed 's/ kexeced$//' > /root/cmdline
	mount --bind -n -o ro /root/cmdline /proc/cmdline >/dev/null
	kexec -u

	log_action_msg "Removed 'kexeced' kernel cmdline from droplet"
	else
	log_action_msg "Droplet was not booted with the Trisquel kernel"
	fi
	}

	do_start() {
	# Don't do anything if kexec-tools are not installed
	# or droplet-kernel is not enabled in defaults file.
	test -x /sbin/kexec \|\| exit 0
	test "$ENABLED" = "true" \|\| exit 0

	do_status

	# Check 'kexeced' kernel cmdline is not present.
	# If it is, the droplet has already booted with kexec. This helps
	# prevent loops.
	if grep -qv ' kexeced$' /proc/cmdline; then

	# Give the option to abort booting the droplet using kexec.
	export KEXEC_ABORT=false
	trap "export KEXEC_ABORT=true" 2
	log_begin_msg "Press Ctrl+C to abort booting droplet with the Trisquel kernel"
	sleep 10
	trap - 2
	log_end_msg 0

	REAL_APPEND="$APPEND"
	test -z "$REAL_APPEND" && REAL_APPEND="`cat /proc/cmdline`"

	if [ "$KEXEC_ABORT" = "false" ]; then
	log_action_begin_msg "Loading new kernel in to droplet memory"
	if [ -z "$INITRD" ]; then
	kexec --load "$KERNEL_IMAGE" --append="$REAL_APPEND kexeced"
	else
	kexec --load "$KERNEL_IMAGE" --initrd="$INITRD" --append="$REAL_APPEND kexeced"
	fi
	log_action_end_msg $?

	log_action_begin_msg "Attempting to run droplet with the Trisquel kernel"
	kexec -e
	log_action_end_msg $?
	fi
	fi
	}

	do_status() {
	if [ "$ENABLED" != "true" ]; then
	log_action_msg "The Trisquel droplet kernel is NOT enabled"
	exit 0
	fi

	log_action_msg "The Trisquel droplet kernel is enabled"

	if grep -q 'kexeced$' /proc/cmdline; then
	log_action_msg "Droplet was booted with the Trisquel kernel"
	else
	log_action_msg "Droplet was NOT booted with the Trisquel kernel"
	fi
	}

	case "$1" in
	start)
	do_start
	;;
	restart\|reload\|force-reload)
	echo "Error: argument '$1' not supported" >&2
	exit 3
	;;
	stop)
	do_stop
	;;
	status)
	do_status
	;;
	*)
	echo "Usage: $0 {start\|stop\|status}" >&2
	exit 3
	;;
	esac
	exit 0