Update install-mailcow-ubuntu.sh

2024-12-06 16:22:07 +05:30 · 2024-12-06 16:22:07 +05:30 · 3e19423845
commit 3e19423845
parent b5e6f1493a
1 changed files with 85 additions and 43 deletions
--- a/install-mailcow-ubuntu.sh
+++ b/install-mailcow-ubuntu.sh
@ -67,8 +67,8 @@ ufw allow 995/tcp
 ufw allow 4190/tcp
 ufw --force enable

-# Configure fail2ban with SSH honeypot
-log_message "Configuring fail2ban and SSH honeypot..."
+# Configure fail2ban for SSH
+log_message "Configuring fail2ban for SSH protection..."
 cat > /etc/fail2ban/jail.local << EOL
 [DEFAULT]
 bantime = 1h
@ -78,9 +78,6 @@ banaction = ufw
 backend = systemd

 ignoreip = 127.0.0.1/8 ::1
-findtime = 10m
-bantime = 1h
-maxretry = 3

 [sshd]
 enabled = true
@ -89,43 +86,7 @@ filter = sshd
 logpath = %(sshd_log)s
 maxretry = 3
 bantime = 1d
-
-[ssh-honeypot]
-enabled = true
-filter = sshd
-logpath = %(sshd_log)s
-maxretry = 1
-bantime = 1d
-findtime = 1d
-EOL
-
-# Configure fail2ban filter
-cat > /etc/fail2ban/filter.d/sshd.local << EOL
-[Definition]
-failregex = ^%(__prefix_line)s(?:error: PAM: )?[aA]uthentication (?:failure|error) for .* from <HOST>( via \S+)?\s*$
-            ^%(__prefix_line)s(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\s*$
-            ^%(__prefix_line)sFailed \S+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?(: (ruser .*|(\S+ ID \S+ \(serial \d+\) CA )?\S+ %(__md5hex)s))?\s*$
-            ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$
-            ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$
-            ^%(__prefix_line)sUser .+ from <HOST> not allowed because not listed in AllowUsers\s*$
-            ^%(__prefix_line)sUser .+ from <HOST> not allowed because listed in DenyUsers\s*$
-            ^%(__prefix_line)sUser .+ from <HOST> not allowed because not in any group\s*$
-            ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$
-            ^%(__prefix_line)sReceived disconnect from <HOST>: 3: .*: Auth fail$
-            ^%(__prefix_line)sUser .+ from <HOST> not allowed because a group is listed in DenyGroups\s*$
-            ^%(__prefix_line)sUser .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$
-            ^%(__prefix_line)s[aA]uthentication (?:failure|error) for .* from <HOST>(?:\s+\[preauth\])?\s*$
-ignoreregex = 
-EOL
-
-# Create fail2ban systemd override directory
-mkdir -p /etc/systemd/system/fail2ban.service.d/
-
-# Create override file
-cat > /etc/systemd/system/fail2ban.service.d/override.conf << EOL
-[Service]
-ExecStart=
-ExecStart=/usr/bin/fail2ban-server -xf start
+findtime = 10m
 EOL

 # Reload systemd daemon
@ -134,24 +95,105 @@ systemctl daemon-reload
 # Restart fail2ban
 systemctl restart fail2ban

+# Restart fail2ban
+systemctl restart fail2ban
+
 # Set up Mailcow directory and permissions
 log_message "Setting up Mailcow directory..."
 mkdir -p /opt/mailcow-dockerized
 chown dockeruser:dockeruser /opt/mailcow-dockerized

+# Function to get FQDN input
+get_fqdn() {
+    local fqdn
+    while true; do
+        read -p "Please enter your Fully Qualified Domain Name (FQDN) (e.g., mail.example.com): " fqdn
+        if [[ $fqdn =~ ^[a-zA-Z0-9][a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then
+            echo "$fqdn"
+            return 0
+        else
+            echo "Invalid FQDN format. Please try again."
+        fi
+    done
+}
+
+# Get timezone
+get_timezone() {
+    local timezone
+    while true; do
+        read -p "Please enter your timezone (e.g., Europe/Berlin) [default: UTC]: " timezone
+        timezone=${timezone:-UTC}
+        if [ -f "/usr/share/zoneinfo/$timezone" ]; then
+            echo "$timezone"
+            return 0
+        else
+            echo "Invalid timezone. Please try again."
+        fi
+    done
+}
+
+# Function to configure mailcow
+configure_mailcow() {
+    local fqdn=$1
+    local timezone=$2
+    
+    # Create temporary config file
+    cat > /tmp/mailcow_config << EOL
+MAILCOW_HOSTNAME=${fqdn}
+TIMEZONE=${timezone}
+EOL
+    
+    # Ask for additional configuration
+    read -p "Do you want to customize additional mailcow configuration? (y/N): " customize
+    if [[ $customize =~ ^[Yy]$ ]]; then
+        nano /tmp/mailcow_config
+    fi
+    
+    return 0
+}
+
 # Switch to dockeruser and install Mailcow
 log_message "Installing Mailcow as dockeruser..."
+
+# Get configuration parameters
+FQDN=$(get_fqdn)
+TIMEZONE=$(get_timezone)
+
+# Store configuration for dockeruser
+echo "FQDN=$FQDN" > /tmp/mailcow_vars
+echo "TIMEZONE=$TIMEZONE" >> /tmp/mailcow_vars
+
+configure_mailcow "$FQDN" "$TIMEZONE"
+
 su - dockeruser << 'EOF'
+# Source the configuration variables
+source /tmp/mailcow_vars
+
+# Clone and set up mailcow
 cd /opt
 git clone https://github.com/mailcow/mailcow-dockerized
 cd mailcow-dockerized
-./generate_config.sh
+
+# Use the prepared configuration
+cat /tmp/mailcow_config > mailcow.conf
+
+# Generate config with the provided FQDN
+printf "%s\n" "$FQDN" | ./generate_config.sh
+
+# Offer to edit the full configuration
+read -p "Would you like to review and edit the full mailcow configuration? (y/N): " edit_conf
+if [[ $edit_conf =~ ^[Yy]$ ]]; then
+    nano mailcow.conf
+fi

 # Start Mailcow
 docker compose pull
 docker compose up -d
 EOF

+# Clean up temporary files
+rm -f /tmp/mailcow_vars /tmp/mailcow_config
+
 # Final security checks
 log_message "Performing final security checks..."
 su - dockeruser -c "cd /opt/mailcow-dockerized && docker compose ps"