Michael Kroes
01fa8cf72c
add fail2ban jails for ownCloud, postfix submission, roundcube, and the Mail-in-a-Box management daemon
...
(tests squashed into this commit by josh)
2016-06-06 09:13:10 -04:00
Michael Kroes
bc40134b7b
Remove comment about loopback interface
2016-04-07 10:55:20 +02:00
Michael Kroes
3210ccdcac
Don't set the hostname on the loopback 127.0.1.1
2016-03-26 15:41:20 +01:00
Michael Kroes
c910a58f07
Set the hostname of the box during the setup
2016-03-26 14:15:28 +01:00
Michael Kroes
696bbe4e82
Add a swap file to the system if system memory is less than 2GB, 5GB of free disk space is available, and if no swap file yet exists
2016-03-23 17:07:04 -04:00
Joshua Tauberer
e4a4b47fac
setup now asks for and sets the system timezone
...
closes #294
see #328
maybe related to #235
2015-12-26 08:08:08 -05:00
Scott Bronson
6336cc6452
tiny tweaks to make the bash slightly more readable
2015-12-22 12:33:26 -08:00
Joshua Tauberer
20e11bbab3
fail2ban: whitelist our machine's public ip address so status checks dont cause bans of the machine itself
2015-12-07 08:45:59 -05:00
Joshua Tauberer
8c00556bab
use /dev/urandom for roundcube/owncloud key generation, see #596 , partially reverts #115 ( 69f0e1d07a
)
2015-11-19 07:00:33 -05:00
Joshua Tauberer
16d148a8a9
use /dev/urandom for DNSSEC key generation, fixes #596 , partially reverts #115 ( 69f0e1d07a
)
2015-11-19 07:00:33 -05:00
Joshua Tauberer
e8264e9b6a
ensure /dev/urandom is seeded with a blocking call to /dev/random and using Ubuntu's pollinate servers
2015-11-19 07:00:33 -05:00
Joshua Tauberer
73fbcd7fa3
silence all of the installing/already installed package messages on installation
...
Querying dpkg for each package is slow, and we have way too much output on installation because of it.
2015-08-19 15:58:35 -04:00
Joshua Tauberer
d02f800d1b
ownCloud: enable memcached properly
2015-08-16 23:46:23 +00:00
Joshua Tauberer
a3087d8815
must install software-properties-common to have add-apt-repository
2015-06-29 21:47:54 -04:00
Toilal
ce17c12ca2
Use netcat to check if mailinabox webservice is available
...
[JT added installing netcat-openbsd in system.sh]
2015-06-18 08:04:46 -04:00
Joshua Tauberer
b23ba6f75e
simplify build/setup of dovecot-lucene package
2015-06-03 15:48:35 -04:00
Joshua Tauberer
dd6a8d9998
upgrade to ownCloud 8.0.2
...
The contacts and calendar apps are now maintained outside of ownCloud core, so we now pull them in from github tags and must enable them explicitly.
2015-03-28 11:08:57 -04:00
H8H
c443524ee2
Configure fail2ban jails to prevent dumb brute-force attacks against postfix, dovecot and ssh. See #319
2015-03-08 01:13:55 +01:00
Joshua Tauberer
d775f90f0c
prevent apt from asking the user any questions
...
Add additional options to really prevent apt from asking questions, which causes setup to hang because stdin/out have been redirected.
fixes #270 , #291
2015-02-13 13:41:52 +00:00
Joshua Tauberer
b02d7d990e
install cron in case it isn't already installed
2015-01-11 20:00:11 +00:00
Joshua Tauberer
c75950125d
set dovecot default_process_limit and fs.inotify.max_user_instances to better defaults
...
See https://discourse.mailinabox.email/t/mailserver-limits/228 .
2015-01-02 23:25:52 +00:00
Michael Dec
7e36e1fd90
added sudo to the list
...
not all setups have it and the miab installer depends on it
2014-11-25 15:36:34 +00:00
Joshua Tauberer
5fd107cae5
more work on making the bash scripts readable
2014-10-04 17:57:26 -04:00
Joshua Tauberer
9d40a12f44
first pass at making readable documentation by parsing the bash scripts
2014-09-21 13:43:31 -04:00
Joshua Tauberer
dd91553689
open the firewall to an alternative SSH port if set
...
https://discourse.mailinabox.email/t/opening-up-a-custom-port-for-ssh-after-install/55/2
2014-09-20 08:26:10 -04:00
Joshua Tauberer
98651deea4
python3-dev is a dependency for many pip packages, including pyyaml, fixes #196
2014-09-17 21:56:09 +00:00
Joshua Tauberer
7ea956d3bc
install network-checks's dependencies
...
Since it runs before the real setup begins, we must make sure that packages are installed.
Also removing bind9-host's installation from system.sh. In 189dd6000e
I added this so we could use `host`
to aid Docker autoconfiguration. Docker support was since removed but this hadn't gotten removed, which lead me to think it was
normally installed by Ubuntu. It's now installed in `network-checks.sh`.
fixes #180
2014-09-07 12:29:23 +00:00
Joshua Tauberer
03bbd25a10
re-do allow apt to perform security updates on its own
...
Move this into system.sh rather than anagement.sh.
This reverts commit eab28c97ff
.
2014-08-23 12:35:59 +00:00
Joshua Tauberer
880ec44a0c
if the machine didn't have resolvconf before (my box didn't after an upgrade from Ubuntu 13.xx), make sure it has it now and archive any old resolv.conf since it should now only list 127.0.0.1 for bind9
2014-08-07 14:00:16 +00:00
Joshua Tauberer
621fcc2233
use /dev/random for crypto-grade RNG with the help of haveged
...
Rather than pass `-r /dev/random` to ldns-keygen (it was `-r /dev/urandom`),
don't pass `-r` at all since /dev/random is the default.
Merges branch 'master' of github.com:pysiak/mailinabox
2014-07-21 07:31:14 -04:00
solt
69f0e1d07a
Use /dev/random instead of /dev/urandom
...
/dev/random should be used for crypto-grade RNG.
To make sure use of /dev/random doesn't stall due to lack of entropy, install haveged which fills the entropy pool with sources such as network traffic, key strokes, etc.
On branch master
Your branch is up-to-date with 'origin/master'.
Changes to be committed:
modified: setup/dns.sh
modified: setup/system.sh
modified: setup/webmail.sh
2014-07-20 23:14:13 +02:00
Joshua Tauberer
023cd12e1a
hide lots of unnecessary and scary output during setup
2014-07-16 09:36:56 -04:00
Joshua Tauberer
afb6c26c8b
run bind9 on the loopback interface for ensuring we are using a DNSSEC-aware nameserver to resolve our own DNS queries (i.e. when sending mail) since we can't trust that the network configuration provided for us gives us a DNSSEC-aware DNS server
...
see #71
2014-06-18 19:45:47 -04:00
Joshua Tauberer
33f06f29c1
let the user override some DNS records
2014-06-17 22:21:51 +00:00
Joshua Tauberer
f9c3f33e74
move the SSH password login check out of setup because it interfers with Vagrant and into a separate script that we'll use for auditing in a later phase
2014-06-06 10:51:36 -04:00
Joshua Tauberer
da15ae5375
rename the scripts directory to setup
2014-06-03 11:12:38 +00:00