Created
January 14, 2016 09:57
-
-
Save hannesbe/500faec4b9f2f7d1d323 to your computer and use it in GitHub Desktop.
csf installer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# <c> Copyright 2012 SolidShellSecurity, LLC | |
# | |
# This program is distributed in the hope that it will be useful, | |
# but WITHOUT ANY WARRANTY; without even the implied warranty of | |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
# GNU General Public License for more details. | |
# | |
# So, whether you eat or drink, or whatever you do, do all to the glory of God. | |
# (1 Corinthians 10:31 ESV) | |
# | |
#[START-CONFIGS] | |
SERVERNAME=$(hostname); | |
EMAIL=""; | |
DOWNLOADPATH="http://SOLIDSHELLSECURITY.COM/_public/downloads"; | |
CONF="1"; | |
VERBOSE="no"; | |
DEBUG="no"; | |
PURR="\e[01;32m[ PURR ]\e[0m" | |
MEOW="\e[01;36m[ MEOW ]\e[0m" | |
RAWR="\e[01;33m[ RAWR ]\e[0m" | |
HISS="\e[01;31m[ HISS ]\e[0m" | |
#[END-CONFIGS] | |
#[START-BINS] | |
BIN_SED="/bin/sed"; | |
BIN_WGET="/usr/bin/wget"; | |
BIN_TAR="/bin/tar"; | |
BIN_ECHO="/bin/echo"; | |
BIN_CHATTR="/usr/bin/chattr" | |
BIN_CHKCONFIG="/sbin/chkconfig"; | |
BIN_TOUCH="/bin/touch"; | |
BIN_CHMOD="/bin/chmod"; | |
BIN_CHOWN="/bin/chown"; | |
BIN_GUNZIP="/usr/bin/gunzip"; | |
BIN_PATCH="/usr/bin/patch"; | |
BIN_FIND="/usr/bin/find"; | |
BIN_RM="/bin/rm"; | |
BIN_USERDEL="/usr/sbin/userdel"; | |
BIN_GROUPDEL="/usr/sbin/groupdel"; | |
#[END-BINS] | |
#[START-OPTS] | |
usage() | |
{ | |
echo -e "./chkrootkit_install.sh | |
-h --help ? : Display help information(this message) | |
-e --email email : Set e-mail used to send alerts | |
-c --conf # : Configuration setup. See website for full information | |
1) Default | |
2) (D)DoS Protection on - low level | |
3) (D)DoS Protection on - high level | |
-v --verbose : Turn on verbose mode to display all information (not implemented yet) | |
-d --debug : Turn on debug mode (not implemented yet)" | |
exit 1 | |
} | |
while [ true ] | |
do | |
case $1 in | |
-h | --help | -\?) | |
usage | |
exit 0 | |
;; | |
-e | --email) | |
EMAIL=$2 | |
shift 2 | |
;; | |
-c | --conf) | |
CONF=$2 | |
shift 2 | |
;; | |
-v | --verbose) | |
VERBOSE=$2 | |
shift 2 | |
;; | |
-d | --debug) | |
DEBUG=$2 | |
shift 2 | |
;; | |
--) # End of all options | |
shift | |
break | |
;; | |
-*) | |
echo "WARN: Unknown option (ignored): $1" >&2 | |
shift | |
;; | |
*) # no more options. Stop while loop | |
break | |
;; | |
esac | |
done | |
#[END-OPTS] | |
$BIN_ECHO -e "\e[0;36m __ __ __ \e[0m" | |
$BIN_ECHO -e "\e[0;36m (_ _ |o _|(_ |_ _ ||(_ _ _ ._ o_|_ \e[0m" | |
$BIN_ECHO -e "\e[0;36m __)(_)||(_|__)| |(/_||__)(/_(_|_|| | |_\/ \e[0m" | |
$BIN_ECHO -e "\e[0;36m /\e[0;37m.com - Your IT Team \e[0m" | |
#[START-CHECK] | |
$BIN_ECHO -e "\e[0;34m ==================================================================================== \e[0m" | |
$BIN_ECHO -e "\e[01;32m +\e[0m\e[1;33m SERVICE:\e[0m \e[0;36m (CSF)ConfigServer Firewall Installer \e[0m" | |
$BIN_ECHO -e "\e[01;32m +\e[0m\e[1;33m VERSION:\e[0m \e[0;36m 1.0 \e[0m" | |
$BIN_ECHO -e "\e[01;32m +\e[0m\e[1;33m RELEASE:\e[0m \e[0;36m October 11th 2012 \e[0m" | |
$BIN_ECHO -e "" | |
$BIN_ECHO -e "\e[01;32m +\e[0m\e[1;33m COMMUNITY TOPIC:\e[0" | |
$BIN_ECHO -e "\e[01;32m -\e[0m\e[0m \e[4;37mhttp://community.solidshellsecurity.com/topic/25514-csf-configureserver-firewall-install-script/\e[0" | |
$BIN_ECHO -e "\e[0;34m ==================================================================================== \e[0m" | |
$BIN_ECHO -e " BEGIN CHECKS.. " | |
if [ "$(whoami &2>/dev/null)" != "root" ] && [ "$(id -un &2>/dev/null)" != "root" ] ; then | |
$BIN_ECHO " $HISS must be root to run this script " | |
exit 1 | |
else | |
$BIN_ECHO -e " $PURR permission check passed " | |
fi | |
CHECK_servervirt() | |
{ | |
if [ -f /proc/xen ] ; then | |
$BIN_ECHO -e " $MEOW Server is XEN " | |
SERVERVIRT="xen"; | |
SERVERIP=$(ifconfig venet0:0 | awk -F':| +' '/inet addr/{print $4}'); | |
elif [ -f /proc/vz ] ; then | |
$BIN_ECHO -e " $MEOW Server is OpenVZ " | |
SERVERVIRT="openvz"; | |
SERVERIP=$(ifconfig venet0:0 | awk -F':| +' '/inet addr/{print $4}'); | |
else | |
$BIN_ECHO -e " $MEOW Server is full dedicated " | |
SERVERVIRT="dedicated"; | |
SERVERIP=$(ifconfig eth0 | awk -F':| +' '/inet addr/{print $4}'); | |
fi | |
} | |
CHECK_servervirt | |
$BIN_ECHO -e " Server name: $SERVERNAME " | |
$BIN_ECHO -e " Server IP: $SERVERIP " | |
CHECK_architecture() | |
{ | |
architecture=`uname -m` | |
if [ "$architecture" != "x86_64" ] && [ "$architecture" != "ia64" ]; then | |
architecture="x86" | |
$BIN_ECHO -e " $MEOW Architecture: $architecture " | |
else | |
architecture="x86_64" | |
$BIN_ECHO -e " $MEOW Architecture: $architecture " | |
fi | |
} | |
CHECK_distro() | |
{ | |
DISTRO=""; | |
if [ `uname -r | egrep '(6.2-RELEASE|6.1-RELEASE|5.5-RELEASE|6.1-STABLE|5.4-RELEASE|6.0-RELEASE|5.3-RELEASE|4.10-RELEASE|4.11-RELEASE)'` ]; then | |
DISTRO="FreeBSD"; | |
$BIN_ECHO " $MEOW System is running FreeBSD" | |
elif [ -f /etc/debian_version ]; then | |
$BIN_ECHO -e " $MEOW System is running Debian Linux" | |
DISTRO=DEBIAN; | |
elif [ -f /etc/SuSE-release ]; then | |
$BIN_ECHO -e " $MEOW System is running SuSE Linux" | |
DISTRO=SUSE; | |
elif [ -f /etc/fedora-release ]; then | |
$BIN_ECHO -e " $MEOW System is running Fedora Linux" | |
DISTRO=FEDORA; | |
elif [ -f /etc/redhat-release ]; then | |
$BIN_ECHO -e " $MEOW System is running Red Hat Linux" | |
DISTRO=REDHAT; | |
else | |
$BIN_ECHO -e " $HISS no supported distribution found running " | |
exit 1 | |
fi | |
} | |
CHECK_architecture | |
CHECK_distro | |
$BIN_ECHO -e " END CHECKS... " | |
#[END-CHECK] | |
$BIN_ECHO -e " $MEOW Installing ConfigServer Firewall.. " | |
$BIN_ECHO -e " $MEOW Downloading.. " | |
cd /usr/src | |
$BIN_WGET http://www.configserver.com/free/csf.tgz > /dev/null | |
$BIN_ECHO -e " $MEOW Extracting.. " | |
$BIN_TAR -zxvf csf.tgz > /dev/null | |
cd csf | |
$BIN_ECHO -e " $MEOW Installing.. " | |
./install.sh > /dev/null | |
cd /usr/src | |
$BIN_RM -rf csf.tgz | |
$BIN_RM -rf csf/ | |
if [ -e /etc/csf/csf.conf ]; then | |
$BIN_ECHO -e " $PURR Installed! " | |
else | |
$BIN_ECHO -e " $HISS Install Failed! " | |
exit 0; | |
fi | |
$BIN_ECHO -e " $MEOW Configuring.. " | |
case "$CONF" in | |
1) | |
$BIN_SED -i "s/TESTING = \"1\"/TESTING = \"0\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/LF_ALERT_TO = \"\"/LF_ALERT_TO = \"$EMAIL\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/LF_ALERT_FROM = \"\"/LF_ALERT_FROM = \"notice@$SERVERNAME\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/LF_TRIGGER = \"0\"/LF_TRIGGER = \"5\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/LF_TRIGGER_PERM = \"1\"/LF_TRIGGER_PERM = \"3600\"/g" /etc/csf/csf.conf | |
;; | |
2) | |
$BIN_SED -i "s/TESTING = \"1\"/TESTING = \"0\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/LF_ALERT_TO = \"\"/LF_ALERT_TO = \"$EMAIL\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/LF_ALERT_FROM = \"\"/LF_ALERT_FROM = \"notice@$SERVERNAME\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/LF_TRIGGER = \"0\"/LF_TRIGGER = \"5\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/LF_TRIGGER_PERM = \"1\"/LF_TRIGGER_PERM = \"3600\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/DENY_IP_LIMIT = \"100\"/DENY_IP_LIMIT = \"500\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/DENY_TEMP_IP_LIMIT = \"100\"/LF_TRIGGER_PERM = \"500\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/SYNFLOOD = \"0\"/SYNFLOOD = \"1\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/CONNLIMIT = \"\"/CONNLIMIT = \"80;60\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/PORTFLOOD = \"\"/PORTFLOOD = \"80;tcp;60;5\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/CT_LIMIT = \"0\"/CT_LIMIT = \"300\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/CT_PORTS = \"\"/CT_PORTS = \"80,443\"/g" /etc/csf/csf.conf | |
;; | |
3) | |
$BIN_SED -i "s/TESTING = \"1\"/TESTING = \"0\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/LF_ALERT_TO = \"\"/LF_ALERT_TO = \"$EMAIL\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/LF_ALERT_FROM = \"\"/LF_ALERT_FROM = \"notice@$SERVERNAME\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/LF_TRIGGER = \"0\"/LF_TRIGGER = \"5\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/LF_TRIGGER_PERM = \"1\"/LF_TRIGGER_PERM = \"3600\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/DENY_IP_LIMIT = \"100\"/DENY_IP_LIMIT = \"1000\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/DENY_TEMP_IP_LIMIT = \"100\"/LF_TRIGGER_PERM = \"1000\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/SYNFLOOD = \"0\"/SYNFLOOD = \"1\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/CONNLIMIT = \"\"/CONNLIMIT = \"80;20\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/PORTFLOOD = \"\"/PORTFLOOD = \"80;tcp;20;5\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/CT_LIMIT = \"0\"/CT_LIMIT = \"150\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/SYNFLOOD_RATE = \"100/s\"/SYNFLOOD_RATE = \"10/s\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/SYNFLOOD_BURST = \"150\"/SYNFLOOD_BURST = \"15\"/g" /etc/csf/csf.conf | |
$BIN_SED -i "s/ICMP_IN = \"1\"/ICMP_IN = \"0\"/g" /etc/csf/csf.conf | |
;; | |
esac | |
$BIN_ECHO -e " $PURR Configure Done! " | |
$BIN_ECHO -e " $PURR Script Finished! " | |
$BIN_ECHO -e "\e[0;34m ========================================== \e[0m" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment