mailinabox/setup/preflight.sh

84 lines
3.0 KiB
Bash

# Are we running as root?
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root. Please re-run like this:"
echo
echo "sudo $0"
echo
exit
fi
# Check that we are running on Ubuntu 14.04 LTS (or 14.04.xx).
if [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/14\.04\.[0-9]/14.04/' `" != "Ubuntu 14.04 LTS" ]; then
echo "Mail-in-a-Box only supports being installed on Ubuntu 14.04, sorry. You are running:"
echo
lsb_release -d | sed 's/.*:\s*//'
echo
echo "We can't write scripts that run on every possible setup, sorry."
exit
fi
# Check that we have enough memory.
#
# /proc/meminfo reports free memory in kibibytes. Our baseline will be 768 MB,
# which is 750000 kibibytes.
#
# Skip the check if we appear to be running inside of Vagrant, because that's really just for testing.
TOTAL_PHYSICAL_MEM=$(head -n 1 /proc/meminfo | awk '{print $2}')
if [ $TOTAL_PHYSICAL_MEM -lt 750000 ]; then
if [ ! -d /vagrant ]; then
TOTAL_PHYSICAL_MEM=$(expr \( \( $TOTAL_PHYSICAL_MEM \* 1024 \) / 1000 \) / 1000)
echo "Your Mail-in-a-Box needs more memory (RAM) to function properly."
echo "Please provision a machine with at least 768 MB, 1 GB recommended."
echo "This machine has $TOTAL_PHYSICAL_MEM MB memory."
exit
fi
fi
# Check that tempfs is mounted with exec
MOUNTED_TMP_AS_NO_EXEC=$(grep "/tmp.*noexec" /proc/mounts)
if [ -n "$MOUNTED_TMP_AS_NO_EXEC" ]; then
echo "Mail-in-a-Box has to have exec rights on /tmp, please mount /tmp with exec"
exit
fi
# Check that no .wgetrc exists
if [ -e ~/.wgetrc ]; then
echo "Mail-in-a-Box expects no overrides to wget defaults, ~/.wgetrc exists"
exit
fi
# Check that we are running on x86_64, any other architecture is unsupported and
# will fail later in the setup when we try to install the custom build lucene packages.
#
# Set ARM=1 to ignore this check if you have built the packages yourself. If you do this
# you are on your own!
ARCHITECTURE=$(uname -m)
if [ "$ARCHITECTURE" != "x86_64" ]; then
if [ -z "$ARM" ]; then
echo "Mail-in-a-Box only supports x86_64 and will not work on any other architecture, like ARM."
echo "Your architecture is $ARCHITECTURE"
exit
fi
fi
# Check that the kernel supports at least ipv4 ip_tables, either by a module or by being
# compiled directly in the kernel
#
# If this isn't supported tell the user to compile the kernel module or disable the firewall
# and inform of the risk of doing so.
if
[ ! -e /proc/net/ip_tables_names ] &&
[ ! -e /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ip_tables.ko ] &&
[ -z "$DISABLE_FIREWALL" ]
then
echo "Your system doesn't support at least ipv4 ip_tables. You will either need to compile"
echo "a kernel that supports it, or compile the kernel module"
echo
echo "If you would like to continue without a firewall you can set 'export DISABLE_FIREWALL=1' at the"
echo "command line. However, doing this prevents Mail-in-a-Box to activate fail2ban. This service"
echo "protects the system from bruteforce attacks on the exposed network services. Also services "
echo "that shouldn't be exposed are now exposed if you don't use a different (external) firewall"
exit
fi