{"id":158523,"date":"2012-11-13T20:30:04","date_gmt":"2012-11-13T16:30:04","guid":{"rendered":"http:\/\/savepearlharbor.com\/?p=158523"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T21:00:00","slug":"","status":"publish","type":"post","link":"https:\/\/savepearlharbor.com\/?p=158523","title":{"rendered":"<span class=\"post_title\">\u0410\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u044f \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430<\/span>"},"content":{"rendered":"<div class=\"content html_format\"> \t\t\t\u041d\u0430\u0432\u0435\u0440\u043d\u044f\u043a\u0430, \u0443 \u043c\u043d\u043e\u0433\u0438\u0445 \u0435\u0441\u0442\u044c \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0432\u0435\u0431 \u0441\u0435\u0440\u0432\u0435\u0440\u044b. \u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 \u043d\u043e\u0432\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0441 \u043d\u0443\u043b\u044f \u2014 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043d\u0443\u0434\u043d\u043e\u0435 \u0438 <s>\u0432\u0440\u0435\u043c\u044f\u0443\u0431\u0438\u0432\u0430\u044e\u0449\u0435\u0435<\/s> \u0442\u0440\u0443\u0434\u043e\u0435\u043c\u043a\u043e\u0435 \u0437\u0430\u043d\u044f\u0442\u0438\u0435 \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f \u043d\u043e\u0432\u0438\u0447\u043a\u0430, \u043d\u043e \u0438 \u0434\u043b\u044f \u0431\u044b\u0432\u0430\u043b\u044b\u0445.<\/p>\n<p>  \u0410 \u0435\u0441\u043b\u0438 \u043a \u0442\u043e\u043c\u0443 \u0436\u0435 \u043f\u043e \u0434\u043e\u043b\u0433\u0443 \u0441\u043b\u0443\u0436\u0431\u044b \u0432\u0430\u043c \u043f\u0440\u0438\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0442\u044c \u043f\u043e \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0432 \u043d\u0435\u0434\u0435\u043b\u044e\/\u043c\u0435\u0441\u044f\u0446, \u0442\u043e \u043d\u0435\u0432\u043e\u043b\u044c\u043d\u043e \u043d\u0430\u0447\u0438\u043d\u0430\u0435\u0448\u044c \u0437\u0430\u0434\u0443\u043c\u044b\u0432\u0430\u0442\u044c\u0441\u044f \u043e\u0431 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u044d\u0442\u043e\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430. \u0425\u043e\u0447\u0443 \u043f\u043e\u0434\u0435\u043b\u0438\u0442\u044c\u0441\u044f bash \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e \u0434\u043b\u044f \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 RedHat \/ CentOS \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432.<\/p>\n<p>  <a name=\"habracut\"><\/a><\/p>\n<p>  \u0418\u0434\u0435\u044e \u044d\u0442\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0430 \u044f \u043f\u043e\u0434\u0441\u043c\u043e\u0442\u0440\u0435\u043b \u0434\u0430\u0432\u043d\u044b\u043c \u0434\u0430\u0432\u043d\u043e \u0443 \u043d\u044b\u043d\u0435 \u0437\u0430\u0431\u0440\u043e\u0448\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0435\u043a\u0442\u0430 <a href=\"http:\/\/www.btcentral.org.uk\/projects\/centmin\/\">Centmin<\/a>. \u0421\u043a\u0440\u0438\u043f\u0442 \u0440\u0430\u0441\u0441\u0447\u0438\u0442\u0430\u043d \u043d\u0430 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0443 RedHat Enterprise Linux (CentOS) \u0432\u0435\u0440\u0441\u0438\u0439 5 \u0438 6, \u043d\u043e \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043b\u0435\u0433\u043a\u043e \u0430\u0434\u0430\u043f\u0442\u0438\u0440\u043e\u0432\u0430\u043d \u0434\u043b\u044f \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c.<\/p>\n<p>  \u0418\u0442\u0430\u043a, \u0432\u0432\u0438\u0434\u0443 \u0431\u043e\u043b\u044c\u0448\u043e\u0433\u043e \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u0430 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0435\u0432 \u0432 \u043a\u043e\u0434\u0435, \u043f\u0440\u0438\u0432\u0435\u0434\u0443 \u0442\u043e\u043b\u044c\u043a\u043e \u043a\u0440\u0430\u0442\u043a\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435.<\/p>\n<ul>\n<li>\u041f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0435\u0432 <b>epel<\/b>, <b>ius<\/b>, <b>nginx<\/b>. \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0430\u043a\u0435\u0442\u043e\u0432<\/li>\n<li>\u0423\u0441\u0442\u0430\u043d\u0430\u0432\u043a\u0430 \u043c\u0438\u043d\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043d\u0430\u0431\u043e\u0440\u0430 \u0443\u0442\u0438\u043b\u0438\u0442, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u043b\u044f \u043d\u043e\u0440\u043c\u0430\u043b\u044c\u043d\u043e\u0439 \u0440\u0430\u0431\u043e\u0442\u044b \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0434\u043b\u044f \u043d\u043e\u0432\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c<\/li>\n<li>\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 <b>SSHD<\/b><\/li>\n<li>\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 <b>NTPD<\/b>, \u0432\u044b\u0431\u043e\u0440 \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439 \u0437\u043e\u043d\u044b, \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u044f \u0434\u0430\u0442\u044b<\/li>\n<li>\u041c\u043e\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 <b>\/tmp<\/b> \u0438 <b>\/dev\/shm<\/b> c \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430\u043c\u0438 noexec \u0438 nosuid<\/li>\n<li>\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 <b>Virtualmin<\/b>, <b>CSF Firewall<\/b>, <b>MySQL<\/b> 5.5, <b>PHP<\/b> 5.4, <b>Nginx<\/b>, <b>Postfix<\/b>, SaslAuth, phpMyAdmin<\/li>\n<li>\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 <b>CPANminus<\/b> \u043a\u0430\u043a \u0437\u0430\u043c\u0435\u043d\u044b CPAN<\/li>\n<li>\u041e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u043d\u0435\u043d\u0443\u0436\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432 \u0438\u0437 \u0430\u0432\u0442\u043e\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438<\/li>\n<\/ul>\n<p>  \u0411\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439 \u0441\u043a\u0440\u0438\u043f\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442 \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e, \u043d\u043e \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0432\u0441\u0435 \u0436\u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b. \u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0432\u0432\u043e\u0434 \u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f SSL \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 \u0438 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 Virtualmin.<\/p>\n<p>  \u041f\u0440\u0438\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0442\u0441\u044f \u043b\u044e\u0431\u044b\u0435 \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0438 \u0437\u0430\u043c\u0435\u0447\u0430\u043d\u0438\u044f, \u044f \u0434\u0430\u043b\u0435\u043a\u043e \u043d\u0435 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442 \u043f\u043e \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u0438\u044e \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432 \u043d\u0430 BASH.<\/p>\n<p>  p.s. \u043f\u0440\u043e\u0448\u0443 \u0438\u0437\u0432\u0438\u043d\u0438\u0442\u044c \u0437\u0430 \u0430\u043d\u0433\u043b\u0438\u0439\u0441\u043a\u0438\u0439, \u044f \u043d\u0435 \u043f\u0440\u0438\u0432\u044b\u043a \u043f\u0438\u0441\u0430\u0442\u044c \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0438 \u0432 \u043a\u043e\u0434\u0435 \u043d\u0430 \u0440\u0443\u0441\u0441\u043a\u043e\u043c.<\/p>\n<p>  \u0418 \u0442\u0430\u043a, \u0441\u0430\u043c \u0441\u043a\u0440\u0438\u043f\u0442\u2026<\/p>\n<pre><code class=\"bash\">#!\/bin\/sh # Author: sam2kb  ROOT_ALIAS='vasya@pupkin.ru'  # Set your email here CENTOS_VERSION='6'  # Major RedHat version e.g. 5 or 6  ZONEINFO='America\/New_York' SET_TIMEZONE=y UPDATE_PACKAGES=y ADD_REPOS=y ALTER_KERNEL_PARAMS=y SECURE_TMP=y SECURE_SHM=y SECURE_SSHD=y SSHD_PORT=11022 SSHD_USERS='root'  # Allowed IPs CSF_IGNORE=' 188.72.80.205 # Sape.ru 188.72.80.201 # Sape.ru';  # Allowed IPs WEBMIN_ALLOW='' # Separate with space WEBMIN_PORT=11033  INSTALL_WEBMIN=y INSTALL_CPANMIN=y INSTALL_CSF=y INSTALL_NTP=y\t# Install Network time protocol daemon INSTALL_PMNV=y\t# PHP, MYSQL, NGINX, VIRTUALMIN INSTALL_PMA=y\t# Install phpMyAdmin PMA_VERSION='3.5.3'  # YOU SHOULD NOT NEED TO MODIFY ANYTHING BELOW THIS LINE  +++++++++++++++++++ # JUST RUN &quot;sh \/server-init.sh&quot; # ############################################################### SCRIPT_NAME='Initial server setup script' DIR_TMP=&quot;\/server-init&quot;\t\t\t# Working directory to be created by installer KEYPRESS_PARAM='-s -n1 -p'\t\t# Read a keypress without hitting ENTER \t\t\t\t\t\t\t\t# -s means do not echo input \t\t\t\t\t\t\t\t# -n means accept only N characters of input \t\t\t\t\t\t\t\t# -p means echo the following prompt before reading input ASKCMD=&quot;read $KEYPRESS_PARAM &quot; CUR_DIR=`pwd`\t\t\t\t\t# Get current directory MACHINE_TYPE=`uname -m`\t\t\t# Used to detect if OS is 64bit or not if [ &quot;${MACHINE_TYPE}&quot; == 'i686' ]; then \tMACHINE_TYPE='i386' fi ############################################################### # FUNCTIONS  ASK () { \tkeystroke='' \twhile [[ &quot;$keystroke&quot; != [yYnNaA] ]]; do \t\t$ASKCMD &quot;$1&quot; keystroke \t\techo &quot;$keystroke&quot;; \tdone \tkey=$(echo $keystroke) }  # Setup colors black='\\E[30;40m' red='\\E[31;40m' green='\\E[32;40m' yellow='\\E[33;40m' blue='\\E[34;40m' magenta='\\E[35;40m' cyan='\\E[36;40m' white='\\E[37;40m'  boldblack='\\E[1;30;40m' boldred='\\E[1;31;40m' green='\\E[1;32;40m' boldyellow='\\E[1;33;40m' boldblue='\\E[1;34;40m' boldmagenta='\\E[1;35;40m' boldcyan='\\E[1;36;40m' boldwhite='\\E[1;37;40m'  reset=&quot;tput sgr0&quot;      #  Reset text attributes to normal without clearing screen  cecho ()\t# Colored-echo. \t\t\t# $1 = message \t\t\t# $2 = color \t\t\t# if $3 not set, print stars { \tmessage=$1 \tcolor=$2  \tif [[ $3 == '' ]]; then \t\techo &quot; &quot;; \t\techo -e &quot;$color********************************************************&quot;; $reset; \tfi \techo -e &quot;$color* $message&quot; ; $reset  \tif [[ $3 == '' ]]; then \t\techo -e &quot;$color********************************************************&quot;; $reset; \t\techo &quot; &quot;; \tfi \tsleep 0.3 # sleep for two seconds \treturn }  run_the_script () { \t# If OpenVZ user add user\/group 500 - else various folders and devices \t# will end up with an odd user\/group name for some reason \tif [ -f \/proc\/user_beancounters ]; then \t\tgroupadd 500 \t\tuseradd -g 500 -s \/sbin\/nologin -M 500 \tfi  \tif [ &quot;${ROOT_ALIAS}&quot; != '' ]; then \t\tcecho &quot;Adding root alias&quot; $green \t\tsed -i 's\/#root:\\s*marc\/root:\\t\\t'&quot;${ROOT_ALIAS}&quot;'\/g' \/etc\/aliases \t\tnewaliases \tfi  \tif [[ &quot;$UPDATE_PACKAGES&quot; = [yY] ]]; then \t\tcecho &quot;Updating packages&quot; $green \t\tyum clean all \t\tyum -y update glibc\\* \t\tyum -y update yum\\* rpm\\* python\\* \t\tyum clean all \t\tyum -y update \tfi  \tif [[ &quot;$ADD_REPOS&quot; = [yY] ]]; then \t\tcecho &quot;* Adding repositories&quot; $green \t\tyum install -y wget rpm  \t\tif [ &quot;${CENTOS_VERSION}&quot; == '5' ]; then \t\t\twget -c http:\/\/dl.iuscommunity.org\/pub\/ius\/stable\/Redhat\/5\/${MACHINE_TYPE}\/ius-release-1.0-10.ius.el5.noarch.rpm --tries=3 \t\t\twget -c http:\/\/dl.iuscommunity.org\/pub\/ius\/stable\/Redhat\/5\/${MACHINE_TYPE}\/epel-release-5-4.noarch.rpm --tries=3 \t\t\twget -c http:\/\/nginx.org\/packages\/centos\/5\/noarch\/RPMS\/nginx-release-centos-5-0.el5.ngx.noarch.rpm --tries=3 \t\telse \t\t\twget -c http:\/\/dl.iuscommunity.org\/pub\/ius\/stable\/Redhat\/6\/${MACHINE_TYPE}\/ius-release-1.0-10.ius.el6.noarch.rpm --tries=3 \t\t\twget -c http:\/\/dl.iuscommunity.org\/pub\/ius\/stable\/Redhat\/6\/${MACHINE_TYPE}\/epel-release-6-5.noarch.rpm --tries=3 \t\t\twget -c http:\/\/nginx.org\/packages\/centos\/6\/noarch\/RPMS\/nginx-release-centos-6-0.el6.ngx.noarch.rpm --tries=3 \t\tfi  \t\trpm -ivh epel-release-* \t\trpm -ivh ius-release-* \t\trpm -ivh nginx-release-centos-*  \t\tyum -y update epel-release ius-release nginx-release-centos \tfi  \tif [[ &quot;$UPDATE_PACKAGES&quot; = [yY] ]]; then \t\tcecho &quot;Updating packages (new repos)...&quot; $green \t\tyum clean all \t\tyum -y update \tfi  \tcecho &quot;Installing Development Tools&quot; $green \tyum -y install wget perl perl-CPAN perl-devel perl-YAML perl-Time-HiRes perl-DBD-MySQL perl-libwww-perl perl-Net-SSLeay python gcc make automake autoconf patch mlocate libtool nano rsync sysstat lsof curl xterm dbus-x11 libXt-devel unzip zip zlib bzip2 openssh* file e2fsprogs iptables* libjpeg libpng freetype pam-devel  \tif [[ &quot;$ALTER_KERNEL_PARAMS&quot; = [yY] ]]; then \t\tcecho &quot;Altering kernel params&quot; $green \t\techo 30 &gt; \/proc\/sys\/net\/ipv4\/tcp_fin_timeout; \t\techo 3000 &gt; \/proc\/sys\/net\/core\/netdev_max_backlog; \t\techo 3000 &gt; \/proc\/sys\/net\/core\/somaxconn; \t\techo 10 &gt; \/proc\/sys\/net\/ipv4\/tcp_keepalive_intvl; \t\techo 2 &gt; \/proc\/sys\/net\/ipv4\/tcp_keepalive_probes; \t\techo 300000 &gt; \/proc\/sys\/fs\/file-max;  \t\tcat &gt;&gt; \/etc\/security\/limits.conf &lt;&lt;EOF  *               soft    nofile          20000 *               hard    nofile          150000 EOF \tfi  \tif [[ &quot;$SECURE_SSHD&quot; = [yY] ]]; then \t\tcecho &quot;Securing SSHD&quot; $green \t\tcat &gt;&gt; \/etc\/ssh\/sshd_config &lt;&lt;EOF  UseDNS no Port $SSHD_PORT Protocol 2 AllowUsers $SSHD_USERS EOF \tfi  \tif [[ &quot;$SECURE_TMP&quot; = [yY] ]]; then \t\tcecho &quot;Secured \/tmp and \/var\/tmp&quot; $green \t\trm -rf \/tmp; mkdir \/tmp; \t\tmount -t tmpfs -o rw,noexec,nosuid tmpfs \/tmp \t\tchmod 1777 \/tmp \t\techo &quot;tmpfs                   \/tmp                    tmpfs   rw,noexec,nosuid     0 0&quot; &gt;&gt; \/etc\/fstab \t\trm -rf \/var\/tmp; ln -s \/tmp \/var\/tmp \tfi  \tif [[ &quot;$SECURE_SHM&quot; = [yY] ]]; then \t\tcecho &quot;Secured \/dev\/shm&quot; $green \t\tumount \/dev\/shm; rm -rf \/dev\/shm; mkdir \/dev\/shm \t\tmount -t tmpfs -o rw,noexec,nosuid tmpfs \/dev\/shm \t\tchmod 1777 \/dev\/shm; \t\techo &quot;tmpfs                   \/dev\/shm                tmpfs   rw,noexec,nosuid     0 0&quot; &gt;&gt; \/etc\/fstab \tfi  \tif [[ &quot;$SET_TIMEZONE&quot; = [yY] ]]; then \t\tcecho &quot;Setting preferred timezone&quot; $green \t\trm -f \/etc\/localtime \t\tln -s \/usr\/share\/zoneinfo\/$ZONEINFO \/etc\/localtime \t\tcecho &quot;Current date & time for the zone you selected is: &quot; $green &quot;-&quot; \t\tdate \tfi  \tif [[ &quot;$INSTALL_PMNV&quot; = [yY] ]]; then \t\tcecho &quot;Removing old mysql package&quot; $green \t\tservice mysqld stop \t\trpm -e --nodeps mysql-libs  \t\tcecho &quot;Installing MYSQL&quot; $green \t\tyum -y install mysql55-server mysql55-devel mysql55-libs mysqlclient16  \t\tcecho &quot;Installing PHP&quot; $green \t\tyum -y install php54 php54-bcmath php54-cli php54-common php54-devel php54-fpm php54-gd php54-imap php54-ioncube-loader php54-mbstring php54-mcrypt php54-mysql php54-pear php54-pecl-geoip php54-pecl-apc php54-process php54-xml php54-xmlrpc  \t\tcecho &quot;Installing NGINX&quot; $green \t\tyum -y install nginx \tfi   \tif [[ &quot;$INSTALL_CPANMIN&quot; = [yY] ]]; then \t\t# Install and upgrade cpanmin \t\tcurl -L http:\/\/cpanmin.us | perl - --self-upgrade  \t\t# Install system modules \t\tcpanm Authen::Libwrap Authen::PAM Time:HiRes IO::Pty Getopt::Long Digest::SHA1 Net::SSLeay \tfi   \tif [[ &quot;$INSTALL_WEBMIN&quot; = [yY] ]]; then \t\tcecho &quot;Installing Webmin&quot; $green \t\t\twget -c http:\/\/www.webmin.com\/download\/rpm\/webmin-current.rpm --tries=3 \t\t\trpm -ivh webmin-*  \t\t\tsed -i &quot;s\/port=10000\/port=$WEBMIN_PORT\/g&quot; \/etc\/webmin\/miniserv.conf \t\t\tsed -i &quot;s\/listen=10000\/listen=$WEBMIN_PORT\/g&quot; \/etc\/webmin\/miniserv.conf \t\t\tsed -i &quot;s\/ssl=0\/ssl=1\/g&quot; \/etc\/webmin\/miniserv.conf  \t\t\tif [ &quot;${WEBMIN_ALLOW}&quot; != '' ]; then \t\t\t\tcat &gt;&gt; \/etc\/webmin\/miniserv.conf&lt;&lt;EOF allow=$WEBMIN_ALLOW EOF \t\t\tfi \t\t\tservice webmin restart \tfi   \tif [[ &quot;$INSTALL_PMNV&quot; = [yY] ]]; then \t\tcecho &quot;Installing Virtualmin&quot; $green \t\tcd \/usr\/local\/src \t\twget -c http:\/\/software.virtualmin.com\/gpl\/scripts\/install.sh --tries=3  \t\t# Skip obsolete packages (we already installed latest versions of PHP and MySQL) \t\tsed -i 's\/mysql mysql-server mysql-devel \/\/g' \/usr\/local\/src\/install.sh \t\tsed -i 's\/php php-xml php-gd php-imap php-mysql php-odbc php-pear php-pgsql php-snmp php-xmlrpc php-mbstring \/\/g' \/usr\/local\/src\/install.sh  \t\t# Virtualmin requires insecure \/tmp \t\tmount -o remount,exec \/tmp \t\tsh install.sh \t\tmount -o remount \/tmp  \t\t# Stop useless services \t\tservice mailman stop; chkconfig mailman off \t\tservice usermin stop; chkconfig usermin off  \t\tcecho &quot;Setting up Postfix&quot; $green \t\tmkdir \/etc\/postfix\/ssl \t\tPOSTFIX_SSL='\/etc\/postfix\/ssl'  \t\t# Generate SSL certificate for Postfix \t\topenssl genrsa -des3 -rand \/etc\/hosts -out $POSTFIX_SSL\/smtpd.key 1024 \t\tchmod 600 $POSTFIX_SSL\/smtpd.key \t\topenssl req -new -key $POSTFIX_SSL\/smtpd.key -out $POSTFIX_SSL\/smtpd.csr \t\topenssl x509 -req -days 3650 -in $POSTFIX_SSL\/smtpd.csr -signkey $POSTFIX_SSL\/smtpd.key -out $POSTFIX_SSL\/smtpd.crt \t\topenssl rsa -in $POSTFIX_SSL\/smtpd.key -out $POSTFIX_SSL\/smtpd.key.unencrypted \t\tmv -f $POSTFIX_SSL\/smtpd.key.unencrypted $POSTFIX_SSL\/smtpd.key \t\topenssl req -new -x509 -extensions v3_ca -keyout $POSTFIX_SSL\/cakey.pem -out $POSTFIX_SSL\/cacert.pem -days 3650  \t\t# TODO: postfix config, dovecot config  \t\t# Fix saslauthd path \t\tmkdir -p \/var\/spool\/postfix\/var\/run\/saslauthd \t\tchown postfix.root -R \/var\/spool\/postfix\/var\/ \t\tsed -i 's~SOCKETDIR=.*$~SOCKETDIR=\/var\/spool\/postfix\/var\/run\/saslauthd~g' \/etc\/sysconfig\/saslauthd \t\tservice saslauthd restart  \t\t# Copy postfix certificate over to nginx \t\tcecho &quot;Setting up nginx&quot; $green \t\tmkdir -p \/var\/nginx\/temp; mkdir \/etc\/nginx\/ssl \t\tcp \/etc\/postfix\/ssl\/smtpd.crt \/etc\/nginx\/ssl\/server.crt \t\tcp \/etc\/postfix\/ssl\/smtpd.key \/etc\/nginx\/ssl\/server.key   \t\tif [[ &quot;$INSTALL_PMA&quot; = [yY] ]]; then \t\t\tcecho &quot;Installing phpMyAdmin&quot; $green \t\t\tmkdir \/home\/www; \t\t\twget -c http:\/\/downloads.sourceforge.net\/project\/phpmyadmin\/phpMyAdmin\/${PMA_VERSION}\/phpMyAdmin-${PMA_VERSION}-english.zip --tries=3 \t\t\tunzip phpMyAdmin-${PMA_VERSION}-english.zip; \t\t\tmv phpMyAdmin-${PMA_VERSION}-english \/home\/www\/pma \t\t\trm -rf \/home\/www\/pma\/setup  \t\t\t# Random blowfish secret \t\t\tBLOWFISH=`tr -dc A-Za-z0-9_ &lt; \/dev\/urandom | head -c 30` \t\t\tcat &gt;\/home\/www\/pma\/config.inc.php&lt;&lt;EOF &lt;?php  \\$cfg['blowfish_secret'] = '$BLOWFISH';  ?&gt; EOF \t\t\tchown apache.apache -R \/home\/www\/pma; \t\tfi  \t\tcecho &quot;Setting up installed services&quot; $green \t\tservice proftpd stop; chkconfig proftpd off \t\tservice httpd stop; chkconfig httpd off  \t\tservice nginx start; chkconfig nginx on \t\tservice mysqld start; chkconfig mysqld on \t\tservice php-fpm start; chkconfig php-fpm on \tfi   \tif [[ &quot;$INSTALL_CSF&quot; = [yY] ]]; then \t\tcecho &quot;Installing CSF firewall&quot; $green \t\twget -c http:\/\/www.configserver.com\/free\/csf.tgz --tries=3  \t\ttar zxf csf.tgz -C $DIR_TMP\/; cd $DIR_TMP\/csf \t\tsh install.sh \t\tcd $DIR_TMP  \t\t# Make sure log file exists \t\ttouch \/var\/log\/lfd.log  \t\tcecho &quot;Testing IP Tables Modules&quot; $green \t\tperl \/etc\/csf\/csftest.pl  \t\tCCONF='\/etc\/csf\/csf.conf'  \t\tcecho &quot;Configuring CSF, step 1&quot; $green \t\tsed -i 's\/TESTING_INTERVAL = &quot;[^&quot;]*&quot;\/TESTING_INTERVAL = &quot;10&quot;\/g' $CCONF \t\tsed -i 's\/AUTO_UPDATES = &quot;0&quot;\/AUTO_UPDATES = &quot;1&quot;\/g' $CCONF \t\tsed -i 's\/ICMP_OUT_RATE = &quot;[^&quot;]*&quot;\/ICMP_OUT_RATE = &quot;2\\\/s&quot;\/g' $CCONF \t\tsed -i 's\/DENY_IP_LIMIT = &quot;[^&quot;]*&quot;\/DENY_IP_LIMIT = &quot;200&quot;\/g' $CCONF \t\tsed -i 's\/PS_EMAIL_ALERT = &quot;1&quot;\/PS_EMAIL_ALERT = &quot;0&quot;\/g' $CCONF \t\tsed -i 's\/DROP_NOLOG = &quot;[^&quot;]*&quot;\/DROP_NOLOG = &quot;21,22,67,68,82,111,113,135:139,445,513,520,1433,3306&quot;\/g' $CCONF \t\tsed -i 's\/SAFECHAINUPDATE = &quot;0&quot;\/SAFECHAINUPDATE = &quot;1&quot;\/g' $CCONF  \t\tcecho &quot;Configuring CSF, step 2&quot; $green \t\tif [ ! -f \/proc\/user_beancounters ]; then \t\t\t# Flood protection. Not available in OpenVZ \t\t\tsed -i 's\/SYNFLOOD = &quot;0&quot;\/SYNFLOOD = &quot;1&quot;\/g' $CCONF \t\t\tsed -i 's\/SYNFLOOD_RATE = &quot;[^&quot;]*\\\/s&quot;\/SYNFLOOD_RATE = &quot;100\\\/s&quot;\/g' $CCONF \t\t\tsed -i 's\/SYNFLOOD_BURST = &quot;[^&quot;]*&quot;\/SYNFLOOD_BURST = &quot;150&quot;\/g' $CCONF \t\tfi  \t\tsed -i 's\/TCP_IN = &quot;[^&quot;]*&quot;\/TCP_IN = &quot;25,53,80,143,443,465,587,993,995,'&quot;${WEBMIN_PORT}&quot;','&quot;${SSHD_PORT}&quot;'&quot;\/g' $CCONF \t\tsed -i 's\/LF_DSHIELD = &quot;0&quot;\/LF_DSHIELD = &quot;86400&quot;\/g' $CCONF \t\tsed -i 's\/LF_SPAMHAUS = &quot;0&quot;\/LF_SPAMHAUS = &quot;86400&quot;\/g' $CCONF \t\tsed -i 's\/LF_DIRWATCH = &quot;[^&quot;]*&quot;\/LF_DIRWATCH = &quot;0&quot;\/g' $CCONF \t\tsed -i 's\/LF_INTEGRITY = &quot;[^&quot;]*&quot;\/LF_INTEGRITY = &quot;0&quot;\/g' $CCONF \t\tsed -i 's\/LF_DISTATTACK = &quot;0&quot;\/LF_DISTATTACK = &quot;1&quot;\/g' $CCONF \t\tsed -i 's\/LF_DISTATTACK_UNIQ = &quot;[^&quot;]*&quot;\/LF_DISTATTACK_UNIQ = &quot;3&quot;\/g' $CCONF  \t\tcecho &quot;Configuring CSF, step 3&quot; $green \t\tsed -i 's\/LF_NETBLOCK = &quot;0&quot;\/LF_NETBLOCK = &quot;1&quot;\/g' $CCONF \t\tsed -i 's\/LF_NETBLOCK_COUNT = &quot;[^&quot;]*&quot;\/LF_NETBLOCK_COUNT = &quot;6&quot;\/g' $CCONF \t\tsed -i 's\/LF_SSHD = &quot;[^&quot;]*&quot;\/LF_SSHD = &quot;2&quot;\/g' $CCONF \t\tsed -i 's\/LF_FTPD = &quot;[^&quot;]*&quot;\/LF_FTPD = &quot;3&quot;\/g' $CCONF \t\tsed -i 's\/LF_SMTPAUTH = &quot;[^&quot;]*&quot;\/LF_SMTPAUTH = &quot;3&quot;\/g' $CCONF \t\tsed -i 's\/LF_POP3D = &quot;[^&quot;]*&quot;\/LF_POP3D = &quot;3&quot;\/g' $CCONF \t\tsed -i 's\/LF_IMAPD = &quot;[^&quot;]*&quot;\/LF_IMAPD = &quot;3&quot;\/g' $CCONF  \t\tcd $DIR_TMP  \t\tcecho &quot;Adding Applications\/Users to CSF ignore list&quot; $green  \t\tcat &gt;&gt;\/etc\/csf\/csf.pignore&lt;&lt;EOF  exe:\/usr\/libexec\/mysqld exe:\/usr\/sbin\/php-fpm exe:\/usr\/sbin\/nginx user:postfix user:dovecot user:dovenull user:haldaemon EOF  \t\tcat &gt;&gt;\/etc\/csf\/csf.ignore&lt;&lt;EOF  74.125.0.0\/16 # Google 77.88.0.0\/18 # Yandex $CSF_IGNORE EOF  \t\tcat &gt;&gt;\/etc\/csf\/csf.rignore&lt;&lt;EOF  .googlebot.com .google.com .1e100.net .yahoo.net .msn.com .mail.ru .yandex.ru EOF  \t\tchkconfig --levels 235 csf on \t\tservice csf restart  \t\tif [[ &quot;$INSTALL_WEBMIN&quot; = [yY] ]]; then \t\t\tcecho &quot;Installing Webmin CSF module&quot; $green \t\t\tperl \/usr\/libexec\/webmin\/install-module.pl \/etc\/csf\/csfwebmin.tgz \t\tfi \tfi   \tif [ -f \/proc\/user_beancounters ]; then \t\tcecho &quot;OpenVZ system detected, NTP not installed&quot; $green \telse \t\tif [[ &quot;$INSTALL_NTP&quot; = [yY] ]]; then \t\t\tcecho &quot;Installing NTP (and syncing time)&quot; $green \t\t\tyum -y install ntp \t\t\tchkconfig --levels 235 ntpd on \t\t\tntpdate pool.ntp.org \t\t\tcecho &quot;The date\/time is now:&quot; $green \t\t\tdate \t\t\tcecho &quot;If this is correct, then everything is working properly&quot; $green  \t\t\tservice ntpd restart \t\tfi \tfi  \t# Final yum update \tyum -y update  }  ################################################################ # SCRIPT START # clear  cecho &quot;********************************************************&quot; $boldyellow &quot;-&quot; cecho &quot;$SCRIPT_NAME&quot; $green &quot;-&quot; cecho &quot;********************************************************&quot; $boldyellow &quot;-&quot; echo &quot; &quot; ASK &quot;Would you like to continue? [y\/n] &quot; if [[ &quot;$key&quot; = [nN] ]]; then     exit 0 fi  if [ -d &quot;$DIR_TMP&quot; ]; then \tASK &quot;It seems that you have run this script before. Do you want to exit? [y\/n]&quot; \tif [[ &quot;$key&quot; = [yY] ]]; then \t\tcecho &quot;Installation aborted &quot; $green \t\texit \tfi else \tmkdir $DIR_TMP; cd $DIR_TMP \trun_the_script fi  cd $DIR_TMP   cecho &quot;**********************************************************************&quot; $green &quot;-&quot; cecho &quot;* Installation complete, congratulations!&quot; $green &quot;-&quot; cecho &quot;* Enjoy CentOS!&quot; $green &quot;-&quot; cecho &quot;**********************************************************************&quot; $green &quot;-&quot;  cecho &quot;Temporary files\/folders removed&quot; $green \tcd; rm -rf $DIR_TMP  cecho &quot;Running updatedb command. Please wait...&quot; $green \tupdatedb  cecho &quot;Deleting $SCRIPT_NAME&quot; $green \trm -f $0  cecho &quot;Disabling services&quot; $green \tif [ &quot;${CENTOS_VERSION}&quot; == '5' ]; then \t\t# Add services you want to disable \t\tchkconfig xfs off; service xfs stop \t\tchkconfig atd off; service atd stop \t\tchkconfig nfslock off; service nfslock stop \t\tchkconfig rpcidmapd off; service rpcidmapd stop \t\tchkconfig anacron off; service anacron stop \t\tchkconfig avahi-daemon off; service avahi-daemon stop \t\tchkconfig hidd off; service hidd stop \t\tchkconfig pcscd off; service pcscd stop \telse \t\t# Add services you want to disable \t\tchkconfig avahi-daemon off; service avahi-daemon stop \tfi  if [[ &quot;$SECURE_SSHD&quot; = [yY] ]]; then \tservice sshd restart fi  cecho &quot;All done! It's recommended to reboot the server now.&quot; $green exit; <\/code><\/pre>\n<div class=\"clear\"><\/div>\n<\/p><\/div>\n<p> \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b \u0441\u0442\u0430\u0442\u044c\u0438 <a href=\"http:\/\/habrahabr.ru\/post\/158523\/\"> http:\/\/habrahabr.ru\/post\/158523\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<div class=\"content html_format\"> \t\t\t\u041d\u0430\u0432\u0435\u0440\u043d\u044f\u043a\u0430, \u0443 \u043c\u043d\u043e\u0433\u0438\u0445 \u0435\u0441\u0442\u044c \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0432\u0435\u0431 \u0441\u0435\u0440\u0432\u0435\u0440\u044b. \u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 \u043d\u043e\u0432\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0441 \u043d\u0443\u043b\u044f \u2014 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043d\u0443\u0434\u043d\u043e\u0435 \u0438 <s>\u0432\u0440\u0435\u043c\u044f\u0443\u0431\u0438\u0432\u0430\u044e\u0449\u0435\u0435<\/s> \u0442\u0440\u0443\u0434\u043e\u0435\u043c\u043a\u043e\u0435 \u0437\u0430\u043d\u044f\u0442\u0438\u0435 \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f \u043d\u043e\u0432\u0438\u0447\u043a\u0430, \u043d\u043e \u0438 \u0434\u043b\u044f \u0431\u044b\u0432\u0430\u043b\u044b\u0445.<\/p>\n<p>  \u0410 \u0435\u0441\u043b\u0438 \u043a \u0442\u043e\u043c\u0443 \u0436\u0435 \u043f\u043e \u0434\u043e\u043b\u0433\u0443 \u0441\u043b\u0443\u0436\u0431\u044b \u0432\u0430\u043c \u043f\u0440\u0438\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0442\u044c \u043f\u043e \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0432 \u043d\u0435\u0434\u0435\u043b\u044e\/\u043c\u0435\u0441\u044f\u0446, \u0442\u043e \u043d\u0435\u0432\u043e\u043b\u044c\u043d\u043e \u043d\u0430\u0447\u0438\u043d\u0430\u0435\u0448\u044c \u0437\u0430\u0434\u0443\u043c\u044b\u0432\u0430\u0442\u044c\u0441\u044f \u043e\u0431 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u044d\u0442\u043e\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430. \u0425\u043e\u0447\u0443 \u043f\u043e\u0434\u0435\u043b\u0438\u0442\u044c\u0441\u044f bash \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e \u0434\u043b\u044f \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 RedHat \/ CentOS \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-158523","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/158523","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=158523"}],"version-history":[{"count":0,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/158523\/revisions"}],"wp:attachment":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=158523"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=158523"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=158523"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}