|
| 1 | +#!/bin/sh |
| 2 | +# |
| 3 | +# dxr@brutalsec.net |
| 4 | +# 01-09-2009 |
| 5 | +# |
| 6 | + |
| 7 | +exit 1; |
| 8 | + |
| 9 | +1. If is not a new instalation, then |
| 10 | + |
| 11 | +BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP |
| 12 | +BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP |
| 13 | +BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP |
| 14 | +BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP |
| 15 | + |
| 16 | + |
| 17 | +2. Create partitions |
| 18 | + |
| 19 | +/var/www/ Chroot partition (ext3) |
| 20 | +/var/www/html/ Chroot system |
| 21 | +/var/www/html/var/log/apache2 Log partition (ext3) |
| 22 | +/var/www/html/var/www/html Webs partition (xfs) |
| 23 | +/var/www/html/tmp Temporal dir (tmpfs, optiones: ) |
| 24 | + |
| 25 | +/dev/lvm_foobar1/chroot_lv -> /var/www/ (ext3) |
| 26 | +/dev/lvm_foobar2/apachelogs_lv -> /var/www/html/var/log/apache2 (ext3) |
| 27 | +/dev/lvm_foobar3/hosting_lv -> /var/www/html/var/www/html (xfs) |
| 28 | + |
| 29 | +mkdir -p /var/www/html/var/log/apache2 /var/www/html/var/www/html |
| 30 | +mount /dev/lvm_foobar1/chroot_lv /var/www/ |
| 31 | +mount /dev/lvm_foobar2/apachelogs_lv /var/www/html/var/log/apache2 |
| 32 | +mount /dev/lvm_foobar3/hosting_lv /var/www/html/var/www/html |
| 33 | + |
| 34 | +3. Clear apache and php instalation |
| 35 | +# We never wont install apache or php in non-chroot system, if we have installed, we only have do a backup of confgigurations, uninstall, and check every simbolic link |
| 36 | +dpkg -l|egrep --color -i 'apache|php' |
| 37 | + |
| 38 | +4. Prepair chroot enviroment |
| 39 | +apt-get install debootstrap libpcre3 libaprutil1 libxml2 mime-support |
| 40 | +time debootstrap --arch=amd64 lenny /var/www/html/ ftp://ftp.fr.debian.org/debian/ |
| 41 | + |
| 42 | +echo "/proc /var/www/html/proc proc defaults 0 0">>/etc/fstab |
| 43 | +echo "devpts /var/www/html/dev/pts devpts defaults 0 0">>/etc/fstab |
| 44 | + |
| 45 | +mount -a |
| 46 | + |
| 47 | +echo "@sshusers - chroot /var/www/html/">>/etc/security/limits.conf |
| 48 | + |
| 49 | +cp -r /etc/{passwd,group,apt}>/var/www/html/etc/ |
| 50 | + |
| 51 | +chroot /var/www/html apt-get update |
| 52 | +chroot /var/www/html apt-get install fakeroot --force-yes -y |
| 53 | +chroot /var/www/html apt-get install locales |
| 54 | +chroot /var/www/html dpkg-reconfigure locales |
| 55 | + |
| 56 | +mv /usr/lib/apache2 /usr/lib/apache2_old |
| 57 | +mv /var/log/apache2 /var/log/apache2_old |
| 58 | +mv /var/lock/apache2 /var/lock/apache2_old |
| 59 | +mv /var/lib/apache2 /var/lib/apache2_old |
| 60 | +mv /usr/lib/php5 /usr/lib/php5_old |
| 61 | +mv /etc/apache2 /etc/apache2_old |
| 62 | +mv /etc/suphp /etc/suphp_old |
| 63 | + |
| 64 | +chroot /var/www/html apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby libapache2-mod-chroot php-apc |
| 65 | + |
| 66 | +chroot /var/www/html /etc/init.d/apache2 stop |
| 67 | + |
| 68 | +# Is good idea to add nagios alarm for check every simbolic link is correct. |
| 69 | +ln -s /var/www/html/etc/apache2 /etc/apache2 |
| 70 | +ln -s /var/www/html/etc/suphp /etc/suphp |
| 71 | +ln -s /var/www/html/var/run/apache2 /var/run/apache2 |
| 72 | +ln -s /var/www/html/var/run/apache2.pid /var/run/apache2.pid |
| 73 | +ln -s /var/www/html/usr/sbin/apache2ctl /usr/sbin/apache2ctl |
| 74 | +ln -s /var/www/html/usr/sbin/apache2 /usr/sbin/apache2 |
| 75 | +ln -s /var/www/html/usr/lib/apache2 /usr/lib/apache2 |
| 76 | +ln -s /var/www/html/usr/sbin/a2enmod /usr/sbin/a2enmod |
| 77 | +ln -s /var/www/html/usr/sbin/a2dismod /usr/sbin/a2dismod |
| 78 | +ln -s /var/www/html/var/log/apache2 /var/log/apache2 |
| 79 | +ln -s /var/www/html/var/lock/apache2 /var/lock/apache2 |
| 80 | +ln -s /var/www/html/var/lib/apache2 /var/lib/apache2 |
| 81 | +ln -s /var/www/html/usr/lib/php5 /usr/lib/php5 |
| 82 | + |
| 83 | +a2enmod mod_chroot |
| 84 | +a2enmod suexec |
| 85 | +echo "ChrootDir /var/www/html" > /etc/apache2/conf.d/mod_chroot.conf |
| 86 | +mkdir -p /var/www/html/var/www/html |
| 87 | +sed -i -e 's#DocumentRoot /var/www/#DocumentRoot /var/www/html/#' /etc/apache2/sites-enabled/000-default |
| 88 | +echo "<? phpinfo(); system(\"rm -rf test; mkdir test\"); ?>">/var/www/html/var/www/html/index.php |
| 89 | + |
| 90 | +echo "fakeroot apt-get -qq update && fakeroot apt-get dist-upgrade">/var/www/html/sbin/Update |
| 91 | +chmod +x /var/www/html/sbin/Update |
| 92 | +printf "echo \" [+] Updating Real System ...\"\napt-get -qq update && apt-get dist-upgrade\necho \" [+] Updating Chroot System ...\"\nchroot /var/www/html/ Update ">/sbin/Update |
| 93 | +chmod +x /sbin/Update |
| 94 | + |
| 95 | +# Protect apache configuration. ONLY root can read it |
| 96 | +chown root:root /etc/apache2/ && chmod 700 /etc/apache2/ |
| 97 | + |
| 98 | +5, Start apache |
| 99 | +/etc/init.d/apache2 restart |
| 100 | + |
| 101 | +6. Install ispconfig ........ |
| 102 | + |
0 commit comments