diff --git a/apps/adminer.sh b/apps/adminer.sh index ddef8e9a..e3742854 100644 --- a/apps/adminer.sh +++ b/apps/adminer.sh @@ -2,6 +2,8 @@ # Tech and Me © - 2018, https://www.techandme.se/ +echo "Installing and securing Adminer..." + # shellcheck disable=2034,2059 true # shellcheck source=lib.sh @@ -30,9 +32,6 @@ fi # Check distrobution and version check_distro_version -echo "Installing and securing Adminer..." -echo - # Install Adminer apt update -q4 & spinner_loading install_if_not adminer diff --git a/apps/collabora.sh b/apps/collabora.sh index e1879d90..ae25ec28 100644 --- a/apps/collabora.sh +++ b/apps/collabora.sh @@ -1,4 +1,9 @@ #!/bin/bash + +# Tech and Me © - 2018, https://www.techandme.se/ + +echo "Installing Collabora..." + # shellcheck disable=2034,2059 true # shellcheck source=lib.sh @@ -6,8 +11,6 @@ NC_UPDATE=1 && COLLABORA_INSTALL=1 . <(curl -sL https://raw.githubusercontent.co unset NC_UPDATE unset COLLABORA_INSTALL -# Tech and Me © - 2018, https://www.techandme.se/ - # Check for errors + debug code and abort if something isn't right # 1 = ON # 0 = OFF @@ -32,9 +35,6 @@ You can't run OnlyOffice at the same time as you run Collabora." exit 1 fi -echo "Installing Collabora..." -echo - # Notification msg_box "Before you start, please make sure that port 80+443 is directly forwarded to this machine!" @@ -194,15 +194,13 @@ then then openssl dhparam -dsaparam -out "$DHPARAMS" 4096 fi - printf "${ICyan}\n" - printf "Certs are generated!\n" - printf "${Color_Off}\n" + printf "%b" "${IGreen}Certs are generated!\n${Color_Off}" a2ensite "$SUBDOMAIN.conf" restart_webserver # Install Collabora App occ_command app:install richdocuments else - printf "${ICyan}\nIt seems like no certs were generated, please report this issue here: $ISSUES\n" + printf "%b" "${IRed}It seems like no certs were generated, please report this issue here: $ISSUES\n${Color_Off}" any_key "Press any key to continue... " restart_webserver fi diff --git a/apps/fail2ban.sh b/apps/fail2ban.sh index 58e2f2f3..40534db8 100644 --- a/apps/fail2ban.sh +++ b/apps/fail2ban.sh @@ -3,6 +3,8 @@ # Tech and Me © - 2018, https://www.techandme.se/ # Inspired by https://github.com/nextcloud/nextcloudpi/blob/master/etc/nextcloudpi-config.d/fail2ban.sh +echo "Installing Fail2ban..." + # shellcheck disable=2034,2059 true # shellcheck source=lib.sh @@ -31,8 +33,6 @@ FINDTIME_=1800 # failed attempts before banning an IP MAXRETRY_=10 -echo "Installing Fail2ban..." - apt update -q4 & spinner_loading check_command apt install fail2ban -y check_command update-rc.d fail2ban disable diff --git a/apps/fulltextsearch.sh b/apps/fulltextsearch.sh index 6f693b09..e8cc14a3 100644 --- a/apps/fulltextsearch.sh +++ b/apps/fulltextsearch.sh @@ -3,6 +3,8 @@ # Tech and Me © - 2018, https://www.techandme.se/ # SwITNet Ltd © - 2018, https://switnet.net/ +echo "Installing Elastic Search & Full Text Search on Nextcloud..." + # shellcheck disable=2034,2059 true # shellcheck source=lib.sh @@ -37,9 +39,6 @@ If yes, revert all the settings and try again, it must be a clean install." exit 1 fi -echo "Installing Elastic Search & Full Text Search on Nextcloud..." -echo - # Disable and remove Nextant + Solr if [ -d "$NC_APPS_PATH"/nextant ] then diff --git a/apps/netdata.sh b/apps/netdata.sh index 8b192b77..40d55802 100644 --- a/apps/netdata.sh +++ b/apps/netdata.sh @@ -15,9 +15,6 @@ true DEBUG=0 debug_mode -echo "Installing Netdata..." -echo - # Download and install Netdata if [ -d /etc/netdata ] then diff --git a/apps/onlyoffice.sh b/apps/onlyoffice.sh index 06604473..fe47e9fe 100644 --- a/apps/onlyoffice.sh +++ b/apps/onlyoffice.sh @@ -1,4 +1,9 @@ #!/bin/bash + +echo "Installing OnlyOffice..." + +# Tech and Me © - 2018, https://www.techandme.se/ + # shellcheck disable=2034,2059 true # shellcheck source=lib.sh @@ -6,8 +11,6 @@ NC_UPDATE=1 && OO_INSTALL=1 . <(curl -sL https://raw.githubusercontent.com/nextc unset NC_UPDATE unset OO_INSTALL -# Tech and Me © - 2018, https://www.techandme.se/ - # Check for errors + debug code and abort if something isn't right # 1 = ON # 0 = OFF @@ -32,9 +35,6 @@ You can't run Collabora at the same time as you run OnlyOffice." exit 1 fi -echo "Installing OnlyOffice..." -echo - # Notification msg_box "Before you start, please make sure that port 80+443 is directly forwarded to this machine!" @@ -183,16 +183,14 @@ then then openssl dhparam -dsaparam -out "$DHPARAMS" 4096 fi - printf "${ICyan}\n" - printf "Certs are generated!\n" - printf "${Color_Off}\n" + printf "%b" "${IGreen}Certs are generated!\n${Color_Off}" a2ensite "$SUBDOMAIN.conf" restart_webserver # Install Onlyoffice App cd "$NC_APPS_PATH" check_command git clone https://github.com/ONLYOFFICE/onlyoffice-owncloud.git onlyoffice else - printf "${ICyan}\nIt seems like no certs were generated, please report this issue here: $ISSUES\n" + printf "%b" "${IRed}It seems like no certs were generated, please report this issue here: $ISSUES\n${Color_Off}" any_key "Press any key to continue... " restart_webserver fi diff --git a/apps/previewgenerator.sh b/apps/previewgenerator.sh index 61e4ab34..77ed99d9 100644 --- a/apps/previewgenerator.sh +++ b/apps/previewgenerator.sh @@ -1,4 +1,7 @@ #!/bin/bash + +# Tech and Me © - 2018, https://www.techandme.se/ + # shellcheck disable=2034,2059 true # shellcheck source=lib.sh diff --git a/apps/spreedme.sh b/apps/spreedme.sh index cbb8aee5..e9f98ed9 100644 --- a/apps/spreedme.sh +++ b/apps/spreedme.sh @@ -2,6 +2,8 @@ # Tech and Me © - 2018, https://www.techandme.se/ +echo "Installing Spreed.ME..." + # shellcheck disable=2034,2059 true # shellcheck source=lib.sh @@ -27,9 +29,6 @@ root_check # Nextcloud 13 is required. lowest_compatible_nc 13 -echo "Installing Spreed.ME..." -echo - # Install if missing install_if_not apache2 install_if_not snapd diff --git a/apps/talk.sh b/apps/talk.sh index 94757b0b..2962a701 100644 --- a/apps/talk.sh +++ b/apps/talk.sh @@ -2,6 +2,8 @@ # Tech and Me © - 2018, https://www.techandme.se/ +echo "Installing Nextcloud Talk..." + # shellcheck disable=2034,2059 true # shellcheck source=lib.sh @@ -21,8 +23,6 @@ root_check # Nextcloud 13 is required. lowest_compatible_nc 13 -echo "Installing Nextcloud Talk..." - # Check if Nextcloud is installed echo "Checking if Nextcloud is installed..." if ! curl -s https://"${TURN_DOMAIN//\\/}"/status.php | grep -q 'installed":true' diff --git a/apps/webmin.sh b/apps/webmin.sh index 1c1db557..aa5868ca 100644 --- a/apps/webmin.sh +++ b/apps/webmin.sh @@ -2,6 +2,8 @@ # Tech and Me © - 2018, https://www.techandme.se/ +echo "Installing Webmin..." + # shellcheck disable=2034,2059 true # shellcheck source=lib.sh @@ -16,9 +18,6 @@ debug_mode # Check if root root_check -echo "Installing Webmin..." -echo - # Install packages for Webmin apt install -y zip perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl apt-show-versions python diff --git a/lets-encrypt/activate-ssl.sh b/lets-encrypt/activate-ssl.sh index 82140a1f..795976c1 100644 --- a/lets-encrypt/activate-ssl.sh +++ b/lets-encrypt/activate-ssl.sh @@ -243,15 +243,15 @@ attempts_left() { local method="$1" if [ "$method" == "standalone" ] then - printf "${ICyan}It seems like no certs were generated, we will do 2 more tries.${Color_Off}\n" + printf "%b" "${ICyan}It seems like no certs were generated, we will do 2 more tries.\n${Color_Off}" any_key "Press any key to continue..." elif [ "$method" == "webroot" ] then - printf "${ICyan}It seems like no certs were generated, we will do 1 more try.${Color_Off}\n" + printf "%b" "${ICyan}It seems like no certs were generated, we will do 1 more tries.\n${Color_Off}" any_key "Press any key to continue..." elif [ "$method" == "dns" ] then - printf "${ICyan}It seems like no certs were generated, we will do 0 more tries.${Color_Off}\n" + printf "%b" "${IRed}It seems like no certs were generated, please check your DNS and try again.\n${Color_Off}" any_key "Press any key to continue..." fi } diff --git a/static/change-root-profile.sh b/static/change-root-profile.sh index 21001ad5..3f445971 100644 --- a/static/change-root-profile.sh +++ b/static/change-root-profile.sh @@ -43,7 +43,7 @@ ROOT-PROFILE # Add Aliases { -echo alias nextcloud_occ="sudo -u www-data php $NCPATH/occ" -echo alias run_update_nextcloud="bash $SCRIPTS/update.sh" +echo "alias nextcloud_occ='sudo -u www-data php $NCPATH/occ'" +echo "alias run_update_nextcloud='bash $SCRIPTS/update.sh'" } > /root/.bash_aliases diff --git a/static/modsecurity.sh b/static/modsecurity.sh index 9709c7c4..7065eb1a 100644 --- a/static/modsecurity.sh +++ b/static/modsecurity.sh @@ -1,4 +1,9 @@ #!/bin/bash + +# Tech and Me © - 2018, https://www.techandme.se/ + +echo "Installing ModSecurity..." + # shellcheck disable=2034,2059 true # shellcheck source=lib.sh @@ -13,9 +18,6 @@ debug_mode # Check if root root_check -echo "Installing ModSecurity..." -echo - # Add modsecurity apt update -q4 & spinner_loading install_if_not libapache2-mod-security2 @@ -31,7 +33,7 @@ tail -f /var/log/apache2/modsec_audit.log You can disable it by typing this command in your shell: sed -i 's/SecRuleEngine .*/SecRuleEngine DetectionOnly/g' /etc/modsecurity/modsecurity.conf -You have been warnned." +You have been warned." if [[ "yes" == $(ask_yes_or_no "Do you want to enable active defence?") ]] then sed -i 's|SecRuleEngine .*|SecRuleEngine on|g' /etc/modsecurity/modsecurity.conf @@ -81,10 +83,10 @@ cat << MODSECWHITE > "/etc/modsecurity/whitelist.conf" MODSECWHITE # Don't log in Apache2 error.log, only in a seperate log (/var/log/apache2/modsec_audit.log) -check command sed -i 's|SecDefaultAction "phase:1,log,auditlog,pass"|# SecDefaultAction "phase:1,log,auditlog,pass"|g' /etc/modsecurity/crs/crs-setup.conf -check command sed -i 's|SecDefaultAction "phase:2,log,auditlog,pass"|# SecDefaultAction "phase:2,log,auditlog,pass"|g' /etc/modsecurity/crs/crs-setup.conf -check command sed -i 's|# SecDefaultAction "phase:1,nolog,auditlog,pass"|SecDefaultAction "phase:1,nolog,auditlog,pass"|g' /etc/modsecurity/crs/crs-setup.conf -check command sed -i 's|# SecDefaultAction "phase:2,nolog,auditlog,pass"|SecDefaultAction "phase:2,nolog,auditlog,pass"|g' /etc/modsecurity/crs/crs-setup.conf +check_command sed -i 's|SecDefaultAction "phase:1,log,auditlog,pass"|# SecDefaultAction "phase:1,log,auditlog,pass"|g' /etc/modsecurity/crs/crs-setup.conf +check_command sed -i 's|SecDefaultAction "phase:2,log,auditlog,pass"|# SecDefaultAction "phase:2,log,auditlog,pass"|g' /etc/modsecurity/crs/crs-setup.conf +check_command sed -i 's|# SecDefaultAction "phase:1,nolog,auditlog,pass"|SecDefaultAction "phase:1,nolog,auditlog,pass"|g' /etc/modsecurity/crs/crs-setup.conf +check_command sed -i 's|# SecDefaultAction "phase:2,nolog,auditlog,pass"|SecDefaultAction "phase:2,nolog,auditlog,pass"|g' /etc/modsecurity/crs/crs-setup.conf if [ -f /etc/modsecurity/whitelist.conf ] then diff --git a/static/security.sh b/static/security.sh index ed6ca558..7798797d 100644 --- a/static/security.sh +++ b/static/security.sh @@ -3,7 +3,6 @@ # Tech and Me © - 2018, https://www.techandme.se/ # REMOVE disable of SC2154 WHEN PUTTING SPAMHAUS IN PRODUCTION (it's just to fixing travis for now) - # shellcheck disable=2034,2059,SC2154 true # shellcheck source=lib.sh @@ -19,7 +18,6 @@ debug_mode root_check echo "Installing Extra Security..." -echo # Based on: http://www.techrepublic.com/blog/smb-technologist/secure-your-apache-server-from-ddos-slowloris-and-dns-injection-attacks/