-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinstall.sh
executable file
·151 lines (113 loc) · 4.57 KB
/
install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
#! /bin/bash
#set -x
# ****************************************************************************
# *
# * Author: (c) 2004-2023 Cybionet - Ugly Codes Division
# *
# * File: install.sh
# * Version: 1.1.29
# *
# * Description: Script to install environment for 40-iptables.
# *
# * Creation: December 02, 2013
# * Change: November 08, 2023
# *
# ****************************************************************************
# * chmod 500 install.sh
# ****************************************************************************
# #################################################################
# ## CUSTOM VARIABLES
# ## Two possible choices:netfilter-persistent or iptables-persistent.
readonly fwPersistent='iptables-persistent'
readonly fwDependency='xtables-addons-common ipset geoip-bin geoip-database'
# ## Do not put the trailing slash.
readonly rulesLocation='/root/running_scripts/iptables'
readonly adminLocation='/root/admin_scripts/services/iptables'
# #################################################################
# ## VARIABLES
# ## Current date.
actualYear=$(date +"%Y")
declare -r actualYear
# ## Header title.
appHeader="(c) 2004-${actualYear} Cybionet - Installation Wizard"
declare -r appHeader
#############################################################################################
# ## VERIFICATION
# ## Check if the script are running with sudo or under root user.
if [ "${EUID}" -ne 0 ] ; then
echo -e "\n\e[34m${appHeader}\e[0m\n"
echo -e "\n\n\n\e[33mCAUTION: This script must be run with sudo or as root.\e[0m"
exit 0
else
echo -e "\n\e[34m${appHeader}\e[0m"
printf '%.s─' $(seq 1 "$(tput cols)")
fi
# ## Check Ubuntu version.
release=$(lsb_release -r | awk -F " " '{print $2}')
if [[ "${release:0:2}" =~ ^(16|18)$ ]]; then
echo -e "\e[31;1;208mERROR:\e[0m Your version of Ubuntu is too old (Ubuntu ${release}). It will not support Geoip addon. Please use Ubuntu 20.04 and above."
echo -e "For Ubuntu 16.04 and 18.04, you can check this documentation: https://ultramookie.com/2020/07/geoip-blocking/"
fi
# #################################################################
# ## FUNCTIONS
function iptablesLog() {
cp rsyslog/20-iptables.conf /etc/rsyslog.d/20-iptables.conf
systemctl restart rsyslog.service
# ## Creating an empty file by default.
touch /var/log/iptables.log
chmod 640 /var/log/iptables.log
cp logrotate/iptables /etc/logrotate.d/
mkdir -p /root/running_scripts/iptables/logrotate/
cp logrotate/country.sh /root/running_scripts/iptables/logrotate/
}
function attTool() {
cp tools/attgraph.sh "${adminLocation}"
}
function baseDirectory() {
# ## Create a location for rules if it does not exist.
if [ ! -d "${rulesLocation}" ]; then
mkdir -p "${rulesLocation}"
fi
# ## Create a location for the admin scripts if it does not exist.
if [ ! -d "${adminLocation}" ]; then
mkdir -p "${adminLocation}"
fi
}
# #################################################################
# ## EXECUTION
# ## Installation of dependancies.
if ! dpkg-query -s "${fwPersistent}" > /dev/null 2>&1; then
echo -e "\e[34;1;208mINFORMATION:\e[0m Installing ${fwPersistent} package."
apt-get install "${fwPersistent}"
apt-get install "${fwDependency}"
fi
# ## Create the directories for the rules and admin script if they do not exist.
baseDirectory
# ## Copy IPv4 persistent script.
cp ./bin/40-iptables /usr/share/netfilter-persistent/plugins.d/
chmod 500 /usr/share/netfilter-persistent/plugins.d/40-iptables
ln -sf /usr/share/netfilter-persistent/plugins.d/40-iptables "${rulesLocation}"
# ## Copy IPv4 configuration script.
if [ ! -d '/etc/iptables/' ]; then
mkdir /etc/iptables/
fi
cp ./conf/40-iptables.conf /etc/iptables/
chmod 440 /etc/iptables/40-iptables.conf
ln -sf /etc/iptables/40-iptables.conf "${rulesLocation}"
# ## Copy IPv4 empty custom rules file.
cp ./conf/custom.rules "${rulesLocation}"
chmod 440 "${rulesLocation}"/custom.rules
# ## Copy IPv6 persistent script.
cp ./bin/60-ip6tables /usr/share/netfilter-persistent/plugins.d/
chmod 500 /usr/share/netfilter-persistent/plugins.d/60-ip6tables
ln -sf /usr/share/netfilter-persistent/plugins.d/60-ip6tables "${rulesLocation}"
# ## Create separated log for iptables.
iptablesLog
# ## Add statistic tools for iptables.log.
attTool
# ## Last message.
echo -e "\e[38;5;208mWARNING: Please configure the 40-iptables scripts before restarting.\e[0m\n vim /etc/iptables/40-iptables.conf"
echo -e "\n Also there are several 'add-ons' in the addons directory you may want to install\n\to geoip\n\to redlist\n\to spamhaus\n\to torbulkexit\n"
# ## Exit.
exit 0
# ## END