01fa8cf72c
add fail2ban jails for ownCloud, postfix submission, roundcube, and the Mail-in-a-Box management daemon
...
(tests squashed into this commit by josh)
2016-06-06 09:13:10 -04:00
bc40134b7b
Remove comment about loopback interface
2016-04-07 10:55:20 +02:00
3210ccdcac
Don't set the hostname on the loopback 127.0.1.1
2016-03-26 15:41:20 +01:00
c910a58f07
Set the hostname of the box during the setup
2016-03-26 14:15:28 +01:00
696bbe4e82
Add a swap file to the system if system memory is less than 2GB, 5GB of free disk space is available, and if no swap file yet exists
2016-03-23 17:07:04 -04:00
e4a4b47fac
setup now asks for and sets the system timezone
...
closes #294
see #328
maybe related to #235
2015-12-26 08:08:08 -05:00
6336cc6452
tiny tweaks to make the bash slightly more readable
2015-12-22 12:33:26 -08:00
20e11bbab3
fail2ban: whitelist our machine's public ip address so status checks dont cause bans of the machine itself
2015-12-07 08:45:59 -05:00
8c00556bab
use /dev/urandom for roundcube/owncloud key generation, see #596 , partially reverts #115 ( 69f0e1d07a)
2015-11-19 07:00:33 -05:00
16d148a8a9
use /dev/urandom for DNSSEC key generation, fixes #596 , partially reverts #115 ( 69f0e1d07a)
2015-11-19 07:00:33 -05:00
e8264e9b6a
ensure /dev/urandom is seeded with a blocking call to /dev/random and using Ubuntu's pollinate servers
2015-11-19 07:00:33 -05:00
73fbcd7fa3
silence all of the installing/already installed package messages on installation
...
Querying dpkg for each package is slow, and we have way too much output on installation because of it.
2015-08-19 15:58:35 -04:00
d02f800d1b
ownCloud: enable memcached properly
2015-08-16 23:46:23 +00:00
a3087d8815
must install software-properties-common to have add-apt-repository
2015-06-29 21:47:54 -04:00
ce17c12ca2
Use netcat to check if mailinabox webservice is available
...
[JT added installing netcat-openbsd in system.sh]
2015-06-18 08:04:46 -04:00
b23ba6f75e
simplify build/setup of dovecot-lucene package
2015-06-03 15:48:35 -04:00
dd6a8d9998
upgrade to ownCloud 8.0.2
...
The contacts and calendar apps are now maintained outside of ownCloud core, so we now pull them in from github tags and must enable them explicitly.
2015-03-28 11:08:57 -04:00
c443524ee2
Configure fail2ban jails to prevent dumb brute-force attacks against postfix, dovecot and ssh. See #319
2015-03-08 01:13:55 +01:00
d775f90f0c
prevent apt from asking the user any questions
...
Add additional options to really prevent apt from asking questions, which causes setup to hang because stdin/out have been redirected.
fixes #270 , #291
2015-02-13 13:41:52 +00:00
b02d7d990e
install cron in case it isn't already installed
2015-01-11 20:00:11 +00:00
c75950125d
set dovecot default_process_limit and fs.inotify.max_user_instances to better defaults
...
See https://discourse.mailinabox.email/t/mailserver-limits/228 .
2015-01-02 23:25:52 +00:00
7e36e1fd90
added sudo to the list
...
not all setups have it and the miab installer depends on it
2014-11-25 15:36:34 +00:00
5fd107cae5
more work on making the bash scripts readable
2014-10-04 17:57:26 -04:00
9d40a12f44
first pass at making readable documentation by parsing the bash scripts
2014-09-21 13:43:31 -04:00
dd91553689
open the firewall to an alternative SSH port if set
...
https://discourse.mailinabox.email/t/opening-up-a-custom-port-for-ssh-after-install/55/2
2014-09-20 08:26:10 -04:00
98651deea4
python3-dev is a dependency for many pip packages, including pyyaml, fixes #196
2014-09-17 21:56:09 +00:00
7ea956d3bc
install network-checks's dependencies
...
Since it runs before the real setup begins, we must make sure that packages are installed.
Also removing bind9-host's installation from system.sh. In 189dd6000efixes #180
2014-09-07 12:29:23 +00:00
03bbd25a10
re-do allow apt to perform security updates on its own
...
Move this into system.sh rather than anagement.sh.
This reverts commit eab28c97ff
2014-08-23 12:35:59 +00:00
880ec44a0c
if the machine didn't have resolvconf before (my box didn't after an upgrade from Ubuntu 13.xx), make sure it has it now and archive any old resolv.conf since it should now only list 127.0.0.1 for bind9
2014-08-07 14:00:16 +00:00
621fcc2233
use /dev/random for crypto-grade RNG with the help of haveged
...
Rather than pass `-r /dev/random` to ldns-keygen (it was `-r /dev/urandom`),
don't pass `-r` at all since /dev/random is the default.
Merges branch 'master' of github.com:pysiak/mailinabox
2014-07-21 07:31:14 -04:00
69f0e1d07a
Use /dev/random instead of /dev/urandom
...
/dev/random should be used for crypto-grade RNG.
To make sure use of /dev/random doesn't stall due to lack of entropy, install haveged which fills the entropy pool with sources such as network traffic, key strokes, etc.
On branch master
Your branch is up-to-date with 'origin/master'.
Changes to be committed:
modified: setup/dns.sh
modified: setup/system.sh
modified: setup/webmail.sh
2014-07-20 23:14:13 +02:00
023cd12e1a
hide lots of unnecessary and scary output during setup
2014-07-16 09:36:56 -04:00
afb6c26c8b
run bind9 on the loopback interface for ensuring we are using a DNSSEC-aware nameserver to resolve our own DNS queries (i.e. when sending mail) since we can't trust that the network configuration provided for us gives us a DNSSEC-aware DNS server
...
see #71
2014-06-18 19:45:47 -04:00
33f06f29c1
let the user override some DNS records
2014-06-17 22:21:51 +00:00
f9c3f33e74
move the SSH password login check out of setup because it interfers with Vagrant and into a separate script that we'll use for auditing in a later phase
2014-06-06 10:51:36 -04:00
da15ae5375
rename the scripts directory to setup
2014-06-03 11:12:38 +00:00
Michael Kroes
Joshua Tauberer
Scott Bronson
Toilal
H8H
Michael Dec
solt