File "csf_install.sh"
Full path: /www/wwwroot/fabriciovc.eti.br/downloads/scripts/svn/zimbra/csf_install.sh
File size: 3.82 KiB (3915 bytes)
MIME-type: text/x-shellscript
Charset: utf-8
#!/bin/bash
# CSF DMZ Tecnologia - Initial Configuration
CSFPATH="/etc/csf"
DMZPATH="/opt/dmztec/csf"
DMZCSFCONF="$DMZPATH/csf.conf"
mkdir -p $DMZPATH
mv $CSFPATH/csf.allow $DMZPATH/csf.allow
mv $CSFPATH/csf.conf $DMZPATH/csf.conf
mv $CSFPATH/csf.deny $DMZPATH/csf.deny
mv $CSFPATH/csf.ignore $DMZPATH/csf.ignore
mv $CSFPATH/csf.pignore $DMZPATH/csf.pignore
mv $CSFPATH/csf.redirect $DMZPATH/csf.redirect
touch $DMZPATH/csfpost.sh
touch $DMZPATH/csfpre.sh
touch $DMZPATH/csfvars.sh
chmod 700 $DMZPATH/csfpost.sh
chmod 700 $DMZPATH/csfpre.sh
chmod 700 $DMZPATH/csfvars.sh
ln -s $DMZPATH/csf.allow $CSFPATH/csf.allow
ln -s $DMZPATH/csf.conf $CSFPATH/csf.conf
ln -s $DMZPATH/csf.deny $CSFPATH/csf.deny
ln -s $DMZPATH/csf.ignore $CSFPATH/csf.ignore
ln -s $DMZPATH/csf.pignore $CSFPATH/csf.pignore
ln -s $DMZPATH/csf.redirect $CSFPATH/csf.redirect
ln -s $DMZPATH/csfpost.sh $CSFPATH/csfpost.sh
ln -s $DMZPATH/csfpre.sh $CSFPATH/csfpre.sh
ln -s $DMZPATH/csfvars.sh $CSFPATH/csfvars.sh
sed 's/TESTING = "1"/TESTING = "0"/g' -i $DMZCSFCONF
sed 's/RESTRICT_SYSLOG = "0"/RESTRICT_SYSLOG = "3"/g' -i $DMZCSFCONF
sed 's/TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,65522"/TCP_IN = "22,61194,65522"/g' -i $DMZCSFCONF
sed 's/TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995"/TCP_OUT = "22,53,80,443,587,61194,65522"/g' -i $DMZCSFCONF
sed 's/UDP_IN = "20,21,53"/UDP_IN = "61194"/g' -i $DMZCSFCONF
sed 's/UDP_OUT = "20,21,53,113,123"/UDP_OUT = "53,123,61194"/g' -i $DMZCSFCONF
sed 's/TCP6_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,65522"/TCP6_IN = ""/g' -i $DMZCSFCONF
sed 's/TCP6_OUT = "20,21,22,25,53,80,110,113,443,587,993,995"/TCP6_OUT = "53,80,443,587"/g' -i $DMZCSFCONF
sed 's/UDP6_IN = "20,21,53"/UDP6_IN = ""/g' -i $DMZCSFCONF
sed 's/UDP6_OUT = "20,21,53,113,123"/UDP6_OUT = "53,123"/g' -i $DMZCSFCONF
sed 's/SYSLOG_CHECK = "0"/SYSLOG_CHECK = "3600"/g' -i $DMZCSFCONF
sed 's/LF_IPSET = "0"/LF_IPSET = "1"/g' -i $DMZCSFCONF
sed 's/DROP_LOGGING = "1"/DROP_LOGGING = "0"/g' -i $DMZCSFCONF
sed 's/LF_ALERT_TO = ""/LF_ALERT_TO = "monitor@dmztec.com.br"/g' -i $DMZCSFCONF
sed 's/X_ARF_TO = ""/X_ARF_TO = "monitor@dmztec.com.br"/g' -i $DMZCSFCONF
sed 's/CC_ALLOW_FILTER = ""/CC_ALLOW_FILTER = "BR"/g' -i $DMZCSFCONF
sed 's/CC_INTERVAL = "14"/CC_INTERVAL = "7"/g' -i $DMZCSFCONF
sed 's/LF_POP3D = "0"/LF_POP3D = "1"/g' -i $DMZCSFCONF
sed 's/LF_IMAPD = "0"/LF_IMAPD = "1"/g' -i $DMZCSFCONF
sed 's/PT_USERPROC = "10"/PT_USERPROC = "0"/g' -i $DMZCSFCONF
sed 's/PT_USERMEM = "512"/PT_USERMEM = "0"/g' -i $DMZCSFCONF
sed 's/PT_USERRSS = "256"/PT_USERRSS = "0"/g' -i $DMZCSFCONF
sed 's/PT_USERTIME = "1800"/PT_USERTIME = "0"/g' -i $DMZCSFCONF
cat <<EOF >> $DMZPATH/csfpost.sh
#!/bin/sh
# VARS
. /opt/dmztec/csf/csfvars.sh
EOF
cat <<EOF >> $DMZPATH/csfpre.sh
#!/bin/sh
# VARS
. /opt/dmztec/csf/csfvars.sh
# FILTER VRRD
#iptables -I INPUT -i eth2 -d 224.0.0.0/8 -p vrrp -j ACCEPT
#iptables -I OUTPUT -o eth2 -d 224.0.0.0/8 -p vrrp -j ACCEPT
# FILTER INPUT
iptables -A INPUT -i '$IFACE_TUN' -j ACCEPT
# FILTER FORWARD
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i '$IFACE_TUN' -j ACCEPT
iptables -A FORWARD -o '$IFACE_TUN' -j ACCEPT
# FILTER OUTPUT
iptables -A OUTPUT -o '$IFACE_TUN' -j ACCEPT
# NAT PREROUTING
# NAT POSTROUTING
iptables -A POSTROUTING -t nat -o '$IFACE_LINK1' -j MASQUERADE
#iptables -A POSTROUTING -t nat -o '$IFACE_LINK2' -j MASQUERADE
EOF
cat <<EOF >> $DMZPATH/csfvars.sh
#!/bin/sh
# Interfaces
IFACE_LINK1="eth0"
IFACE_LINK2="eth1"
IFACE_VRRP="eth2"
IFACE_VLAN002="eth2"
IFACE_VLAN004="vlan3"
# IPs
IP_LINK1="192.168.100.1"
IP_LINK2="192.168.15.1"
IP_VLAN002="172.16.2.254"
# DNAT IPs
IP_WEBSITE1="172.16.4.23"
IP_WEBSITE2="172.16.4.24"
# Networks range
NET_VLAN002="172.16.2.0/24"
NET_VLAN004="172.16.4.0/24"
NET_VLAN010="172.16.10.0/24"
# Ports
PORT_SSH="65522"
EOF
# Install extras
yum install perl-LWP-Protocol-https