#######################################################
# file limits #
#######################################################
## setup high volume file access mode
ulimit -n 131070
## add below lines to
echo -e “root\tsoft\tnofile\t120000
root\thard\tnofile\t300000
mysql\tsoft\tnofile\t120000
mysql\thard\tnofile\t300000
apache\tsoft\tnofile\t120000
apache\thard\tnofile\t300000
nginx\tsoft\tnofile\t120000
nginx\thard\tnofile\t300000″ >> /etc/security/limits.conf
#######################################################
# Essential packages #
#######################################################
dpkg-reconfigure dash
#click yes
#####################################################
# Change the Default Shell #
#####################################################
apt-get install open-vm-tools -y
systemctl enable open-vm-tools
systemctl start open-vm-tools
#####################################################
# qemo useragent (optional) #
#####################################################
sudo add-apt-repository universe
apt install qemu-guest-agent -y
#################################
# disable ipv6 #
#################################
sudo sysctl -w net.ipv6.conf.all.forwarding=1
sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1
echo ‘
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1′ >> /etc/sysctl.conf
sed -i ‘s/GRUB_CMDLINE_LINUX_DEFAULT=”.*”/GRUB_CMDLINE_LINUX_DEFAULT=”ipv6.disable=1″/’ /etc/default/grub
sed -i ‘s/GRUB_CMDLINE_LINUX=”.*”/GRUB_CMDLINE_LINUX=”ipv6.disable=1″/’ /etc/default/grub
#################################
# Disable AppArmor #
#################################
service apparmor stop
update-rc.d -f apparmor remove
apt-get remove apparmor apparmor-utils
Synchronize the System Clock
#####################################################
# Synchronize the System Clock #
#####################################################
apt-get -y install ntp
#############################################################
# Install Postfix, Dovecot, MariaDB, rkhunter, and binutils #
#############################################################
service sendmail stop; update-rc.d -f sendmail remove
#The error message:
#
#Failed to stop sendmail.service: Unit sendmail.service not loaded.
apt-get -y install postfix postfix-mysql postfix-doc mariadb-client mariadb-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd sudo
#You will be asked the following questions:
#General type of mail configuration: <– Internet Site
#System mail name: <– server1.example.com
echo ‘#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: “man 5 master” or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute “postfix reload” after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n – – – – smtpd
#smtp inet n – – – 1 postscreen
#smtpd pass – – – – – smtpd
#dnsblog unix – – – – 0 dnsblog
#tlsproxy unix – – – – 0 tlsproxy
submission inet n – – – – smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n – – – – smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n – – – – qmqpd
pickup unix n – – 60 1 pickup
cleanup unix n – – – 0 cleanup
qmgr unix n – n 300 1 qmgr
#qmgr unix n – n 300 1 oqmgr
tlsmgr unix – – – 1000? 1 tlsmgr
rewrite unix – – – – – trivial-rewrite
bounce unix – – – – 0 bounce
defer unix – – – – 0 bounce
trace unix – – – – 0 bounce
verify unix – – – – 1 verify
flush unix n – – 1000? 0 flush
proxymap unix – – n – – proxymap
proxywrite unix – – n – 1 proxymap
smtp unix – – – – – smtp
relay unix – – – – – smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n – – – – showq
error unix – – – – – error
retry unix – – – – – error
discard unix – – – – – discard
local unix – n n – – local
virtual unix – n n – – virtual
lmtp unix – – – – – lmtp
anvil unix – – – – 1 anvil
scache unix – – – – 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix – n n – – pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing “lmtp” master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd=”lmtpd -a” listen=”localhost:lmtp” proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix – n n – – pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix – n n – – pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix – n n – – pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender – $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix – n n – – pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix – n n – – pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix – n n – 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix – n n – – pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}’ > /etc/postfix/master.cf
service postfix restart
#We want MySQL to listen on all interfaces, not just localhost. Therefore, we edit /etc/mysql/mariadb.conf.d/50-server.cnf and comment out the line bind-address = 127.0.0.1:
nano /etc/mysql/mariadb.conf.d/50-server.cnf
##bind-address = 127.0.0.1
#save and close
#Now we set a root password in MariaDB. Run:
mysql_secure_installation
#Enter current password for root (enter for none): <– press enter
#Set root password? [Y/n] <– y
#New password: <– Enter the new MariaDB root password here
#Re-enter new password: <– Repeat the password
#Remove anonymous users? [Y/n] <– y
#Disallow root login remotely? [Y/n] <– y
#Reload privilege tables now? [Y/n] <– y
#Set the password authentication method in MariaDB to native so we can use PHPMyAdmin later to connect as root user:
echo “update mysql.user set plugin = ‘mysql_native_password’ where user=’root’;” | mysql -u root
#Edit the file /etc/mysql/debian.cnf and set the MYSQL / MariaDB root password there twice in the rows that start with password.
nano /etc/mysql/debian.cnf
# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host = localhost
user = root
password = yourdbpassword
socket = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
host = localhost
user = root
password = yourdbpassword
socket = /var/run/mysqld/mysqld.sock
basedir = /usr
#Then we restart MariaDB:
service mysql restart
#Now check that networking is enabled. Run
netstat -tap | grep mysql
#tcp6 0 0 [::]:mysql [::]:* LISTEN 30591/mysqld
Recent Comments