Your IP : 216.73.216.40
#! /bin/sh
#set -v
#set -x
PATH=/usr/local/bin:/usr/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/sbin
#cat * | grep "|*parameter1*|" | grep "|*parameter2*|" | cut -f 8,11,12,15,21,23,34 -d "|" | wc -l
#read -t 5 -n 1 -p "Type your answer :" Decision
failure() {
local lineno=$1
local msg=$2
echo "Failed at $lineno: $msg"
}
trap 'failure ${LINENO} "$BASH_COMMAND"' ERR
installnode() {
echo "Please Choose Server to Install"
echo " Select 1 for Web Server Installation"
echo " Select 1 for Profile Installation"
echo " Select 1 for DNS Installation"
echo " Select 1 for LDAP Installation"
read NodeName
}
nextstep(){
default_NextStep= ${Decision:=1}
if
[ $default_NextStep ]
then
NextStep=${default_NextStep:=1}
else
NextStep=${NextStep:=1}
fi
echo $NextStep
echo "NextStep="$NextStep >> variables
}
printmenu() {
echo ""
echo "Step-1 Network Configuration and IPV6 Disabling.."
echo "Step-2 System update and essential packages install with Additional Repository"
echo "Step-3 Httpd Installation "
echo "Step-4 httpd configure with php and python."
echo "Step-5 User Web Profile enabling"
echo "Step-6 Configure Apache SSL"
echo "Step-7 Configure MariaDB for Database"
echo "Step-8 Integrate LDAP Authentication with Mariadb"
echo "Step-9 Install PhpMyadmin and configure phpmyadmin"
echo "Step-10 Install and Configure LDAP Server"
echo "Step-11 Enable Secure LDAP Service"
echo "Step-12 LDAP Client Authentication"
echo "Step-13 Install PHP Ldap Admin"
echo "Step-14 NDJBDNS Installation for IIITA Network"
echo "Step-15 Install Clipbucket Media Server"
echo "Step-16 Install Moodal Server"
echo "Step-17 Configure Backup Client"
echo ""
echo "Step $Decision Completed Pls "
echo " Next Step is " nextstep;
echo ""
echo "Press step Number to continue or n to cancle .........."
echo ""
read Decision
}
readinfo()
{
echo -n "please provide domain name Default is :iiita.ac.in:"
read default_DomainName
if [ $default_DomainName ]
then
DomainName=${default_DomainName:=iiita.ac.in}
else
DomainName=${DomainName:=iiita.ac.in}
fi
echo "DomainName="$DomainName > variables_temp && mv variables_temp variables
echo -n "please provide Ldap Server name Default is :pldap.iiita.ac.in:"
read default_LdapServer
if [ $default_LdapServer ]
then
LdapServer=${default_LdapServer:=pldap.iiita.ac.in}
else
LdapServer=${LdapServer:=pldap.iiita.ac.in}
fi
echo "LdapServer="$LdapServer >> variables
echo -n "please provide Organization short name default is :iiita:"
read default_Org
if [ $default_Org ]
then
Org=${default_Org:=iiita}
else
Org=${Org:=iiita}
fi
echo "Org="$Org >> variables
echo -n "please provide Ldap Server base dn Default is :dc=iiita,dc=ac,dc=in: "
read default_LdapServerDn
if [ $default_LdapServerDn ]
then
LdapServerDn=${default_LdapServerDn:=dc=iiita,dc=ac,dc=in}
else
LdapServerDn=${LdapServerDn:=dc=iiita,dc=ac,dc=in}
fi
echo "LdapServerDn="$LdapServerDn >> variables
echo -n "please provide Ldap Server Manager Cn Default is :cn=Manager,dc=iiita,dc=ac,dc=in: "
read default_LdapServerCn
if
[ $default_LdapServerCn ]
then
LdapServerCn=${default_LdapServerCn:=cn=Manager,dc=iiita,dc=ac,dc=in}
else
LdapServerCn=${LdapServerCn:=cn=Manager,dc=iiita,dc=ac,dc=in}
fi
echo "LdapServerCn="$LdapServerCn >> variables
echo -n "please provide Ldap Server Manager Cn Default Password is :Tr1mb@k3shw@r: "
read default_LdapServerCnPass
if
[ $default_LdapServerCnPass ]
then
LdapServerCnPass=${default_LdapServerCnPass:=Tr1mb@k3shw@r}
else
LdapServerCnPass=${LdapServerCnPass:=Tr1mb@k3shw@r}
fi
echo "LdapServerCnPass="$LdapServerCnPass >> variables
echo -n "please provide User to Email Default is:indem@iiita.ac.in: "
read default_person_to_email
if
[ $default_person_to_email ]
then
person_to_email=${default_person_to_email:=indem@iiita.ac.in}
else
person_to_email=${person_to_email:=indem@iiita.ac.in}
fi
echo "person_to_email="$person_to_email >> variables
echo -n "please provide normal user name: iiita: "
read default_NormalUser
if
[ $default_NormalUser ]
then
NormalUser=${default_NormalUser:=iiita}
else
NormalUser=${NormalUser:=iiita}
fi
echo "NormalUser="$NormalUser >> variables
echo -n "please provide vqadmin password Default is:iiita123: "
read default_Password
if
[ $default_Password ]
then
Password=${default_Password:=iiita123}
else
Password=${Password:=iiita123}
fi
echo "Password="$Password >> variables
echo -n "please provide Database UserName: iiita: "
read default_DbName
if
[ $default_DbName ]
then
DbName=${default_DbName:=iiita}
else
DbName=${DbName:=iiita}
fi
echo "DbName="$DbName >> variables
echo -n "please provide Normal Database Password:iiita123: "
read default_DbPass
if
[ $default_DbPass ]
then
DbPass=${default_DbPass:=iiita123}
else
DbPass=${DbPass:=iiita123}
fi
echo "DbPass="$DbPass >> variables
echo -n "please provide host name Default is:studentzone: "
read default_Host
if
[ $default_Host ]
then
Host=${default_Host:=studentzone}
else
Host=${Host:=studentzone}
fi
echo "Host="$Host >> variables
echo -n "please provide Webserver host name Default is:studentzone.iiita.ac.in:"
read default_WebHost
if
[ $default_WebHost ]
then
WebHost=${default_WebHost:=studentzone.iiita.ac.in}
else
WebHost=${WebHost:=studentzone.iiita.ac.in}
fi
echo "WebHost="$WebHost >> variables
echo -n "please provide host ip Default is:$(hostname -I):"
read default_HostIp
if
[ $default_HostIp ]
then
HostIp=${default_HostIp:=$(hostname -I | xargs)}
else
HostIp=${HostIp:=$(hostname -I | xargs)}
fi
echo "HostIp="$HostIp >> variables
echo -n "please provide TinyDNS Default is:$(hostname -I):"
read default_TinyDnsHostIp
if
[ $default_TinyDnsHostIp ]
then
TinyDnsHostIp=${default_TinyDnsHostIp:=$(hostname -I | xargs)}
else
TinyDnsHostIp=${TinyDnsHostIp:=$(hostname -I | xargs)}
fi
echo "TinyDnsHostIp="$TinyDnsHostIp >> variables
echo -n "please provide DNSCache Default is:$(hostname -I):"
read default_DnsCacheHostIp
if
[ $default_DnsCacheHostIp ]
then
DnsCacheHostIp=${default_DnsCacheHostIp:=$(hostname -I | xargs)}
else
DnsCacheHostIp=${DnsCacheHostIp:=$(hostname -I | xargs)}
fi
echo "DnsCacheHostIp="$DnsCacheHostIp >> variables
echo -n "please provide host Default Gatway ip Default is:172.31.1.1:"
read default_DefaultGateway
if
[ $default_DefaultGateway ]
then
DefaultGateway=${default_DefaultGateway:=172.31.1.1}
else
DefaultGateway=${DefaultGateway:=172.31.1.1}
fi
echo "DefaultGateway="$DefaultGateway >> variables
echo -n "please provide host Dns:172.31.1.21:"
read default_Dns
if
[ $default_Dns ]
then
Dns=${default_Dns:=172.31.1.21}
else
Dns=${Dns:=172.31.1.21}
fi
echo "Dns="$Dns >> variables
echo -n "please provide Allowed Network Default is:172.0.0.0/8: "
read default_IiitaNetwork
if
[ $default_IiitaNetwork ]
then
IiitaNetwork=${default_IiitaNetwork:=172.0.0.0/8}
else
IiitaNetwork=${IiitaNetwork:=172.0.0.0/8}
fi
echo "IiitaNetwork="$IiitaNetwork >> variables
echo -n "please provide your apache webroot Directory path Default is:/var/www/html: "
read default_Webroot
if
[ $default_Webroot ]
then
Webroot=${default_Webroot:=/var/www/html}
else
Webroot=${Webroot:=/var/www/html}
fi
echo "Webroot="$Webroot >> variables
echo -n "please provide your default home dirctory location :/Data/profiles: "
read default_HomeDir
if
[ $default_HomeDir ]
then
HomeDir=${default_HomeDir:=/Data/profiles}
else
HomeDir=${HomeDir:=/Data/profiles}
fi
echo "HomeDir="$HomeDir >> variables
}
printinfo()
{
echo "============================================================================="
echo "All the information provided by you is as follows.."
echo "Domain name is \$DomainName :$DomainName"
echo "Ldap Sever name is \$LdapServer:$LdapServer"
echo "Ldap Server Dn is \$LdapServerDn:$LdapServerDn"
echo "Ldap Server Manager Cn is \$LdapServerCn:$LdapServerCn"
echo "Ldap Server Manager Cn Password is \$LdapServerCnPass:$LdapServerCnPass"
echo "User to Email is \$person_to_email:$person_to_email"
echo "Normal User Name is \$NormalUser:$NormalUser"
echo "Password is \$Password:$Password"
echo "Host Name is \$Host:$Host"
echo "Host Ip is \$HostIp:$HostIp"
echo "TinyDnsHos Ip is \$TinyDnsHostIp:$TinyDnsHostIp"
echo "DnsCacheHost Ip is \$DnsCacheHostIp:$DnsCacheHostIp"
echo "Default Gateway is \$DefaultGateway:$DefaultGateway"
echo "Default DNS is \$Dns:$Dns"
echo "Default Allowed Network is \$IiitaNetwork:$IiitaNetwork"
echo "Default Web Host Name is \$WebHos:$WebHos"
echo "Apache webroot Directory path is \$Webroot:$Webroot"
echo "Normal Database User Name is \$DbName:$DbName"
echo "Normal Database User Password is \$DbPass:$DbPass"
echo "User Default Home Directory is \$HomeDir:$HomeDir"
echo "============================================================================="
}
if [ -f ./variables ]; then
#while true; do
read -p "Do you wish to use old variables ?" yn
case $yn in
[Yy]* )
. ./variables;
printinfo;
continue
;;
[Nn]* )
echo "" > ./variables;
readinfo;
printinfo;
continue
;;
esac
#done
else
touch variables;
readinfo;
printinfo;
fi
Decision=${1-text}
printmenu
while [ $Decision -gt 0 ]; do
case $Decision in
n)
break
;;
0)
exit
;;
1)
########################################################################
########################################################################
########Stop Firewall and Disable Selinux Configure Internet############
########################################################################
########################################################################
#systemctl stop firewalld
#systemctl disable firewalld
#sed 's|SELINUX=enforcing|SELINUX=disabled|g' /etc/selinux/config > /etc/selinux/config_tmp && mv /etc/selinux/config_tmp /etc/selinux/config
#chmod 644 /etc/selinux/config
hostnamectl set-hostname $Host
if [ $HomeDir != /home ]; then
{
sed "s|HOME=/home|HOME=$HomeDir|g" /etc/default/useradd > /etc/default/useradd_tmp && mv /etc/default/useradd_tmp /etc/default/useradd
mkdir -p $HomeDir
useradd $NormalUser
echo -e "$Password\n$Password" | passwd $NormalUser
sudo -i -u $NormalUser bash << EOF
mkdir public_html
EOF
}
fi
sed 's|GRUB_CMDLINE_LINUX="|GRUB_CMDLINE_LINUX="ipv6.disable=1 |g' /etc/default/grub > /etc/default/grub_tmp && mv /etc/default/grub_tmp /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg
device=`nmcli d | awk '{if ($3 =="connected") print $1}'`
echo $device
nmcli c modify $device ipv4.addresses "$HostIp/24"
nmcli c modify $device ipv4.gateway "$DefaultGateway"
nmcli c modify $device ipv4.dns $Dns
nmcli c modify $device ipv4.method manual
nmcli c down $device
nmcli c up $device
nmcli d show $device
sed 's|BOOTPROTO=none|BOOTPROTO=static |g' /etc/sysconfig/network-scripts/ifcfg-$device > /etc/sysconfig/network-scripts/tmp_ifcfg-$device && mv /etc/sysconfig/network-scripts/tmp_ifcfg-$device /etc/sysconfig/network-scripts/ifcfg-$device
sed 's|IPV6INIT=yes|IPV6INIT=no |g' /etc/sysconfig/network-scripts/ifcfg-$device > /etc/sysconfig/network-scripts/tmp_ifcfg-$device && mv /etc/sysconfig/network-scripts/tmp_ifcfg-$device /etc/sysconfig/network-scripts/ifcfg-$device
sed 's|IPV6_AUTOCONF=yes|IPV6_AUTOCONF=no |g' /etc/sysconfig/network-scripts/ifcfg-$device > /etc/sysconfig/network-scripts/tmp_ifcfg-$device && mv /etc/sysconfig/network-scripts/tmp_ifcfg-$device /etc/sysconfig/network-scripts/ifcfg-$device
sed 's|IPV6_DEFROUTE=yes|IPV6_DEFROUTE=no |g' /etc/sysconfig/network-scripts/ifcfg-$device > /etc/sysconfig/network-scripts/tmp_ifcfg-$device && mv /etc/sysconfig/network-scripts/tmp_ifcfg-$device /etc/sysconfig/network-scripts/ifcfg-$device
sed 's|ONBOOT=no|ONBOOT=yes |g' /etc/sysconfig/network-scripts/ifcfg-$device > /etc/sysconfig/network-scripts/tmp_ifcfg-$device && mv /etc/sysconfig/network-scripts/tmp_ifcfg-$device /etc/sysconfig/network-scripts/ifcfg-$device
ip addr show
read -p "Do you wish to restart network and Reboot the system ?" yn
case $yn in
[Yy]* )
systemctl restart network
reboot
continue
;;
[Nn]* )
systemctl restart network
printmenu
continue
;;
esac
;;
2)
########################################################################
##### Add a few packages, make a directory, stop some stuff,############
##### start some stuff and remove that SUID bit :-D ####################
########################################################################
yum -y update
yum install epel-release yum-utils -y
yum -y install http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
yum-config-manager --enable remi-php74
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
yum -y install wget curl zip unzip tar yum-utils git policycoreutils-python policycoreutils-devel setroubleshoot-server mariadb-server MariaDB-client yum install mariadb-devel gpac mediainfo sendmail net-tools rsync nmap php-fpm php-gd php-json php-mbstring php-mysqlnd php-xml php-xmlrpc php-opcache php-ldap php-pear vim-enhanced php-pecl-mcrypt php php-common php-opcache php-cli php-curl php-xml php-mbstring php-pear php-devel sendmail php-gd gcc php-pecl-mcrypt lshw yum-plugin-priorities php-xmlrpc php-soap php-intl
yum -y install https://download.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum -y install epel-release
#sed -i -e "s/\]$/\]\npriority=1/g" /etc/yum.repos.d/CentOS-Base.repo
#sed -i -e "s/\]$/\]\npriority=5/g" /etc/yum.repos.d/epel.repo
#sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl.repo
#sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo
#sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/remi-safe.repo
#dnf -y install yum-allowdowngrade
yum -y install vim-enhanced
echo "alias vi='vim'" >> /etc/profile
source /etc/profile
cat << 'EOF' > ~/.vimrc
" use extended function of vim (no compatible with vi)
set nocompatible
" specify encoding
set encoding=euc-jp
" specify file encoding
set fileencodings=iso-2022-jp,sjis
" specify file formats
set fileformats=unix,dos
" ignore Case
set ignorecase
" distinct Capital if you mix it in search words
set smartcase
" highlights matched words
" if not, specify [ set nohlsearch ]
set hlsearch
" use incremental search
" if not, specify [ set noincsearch ]
set incsearch
"set list
" highlights parentheses
set showmatch
" not insert LF at the end of file
set binary noeol
" enable auto-indent
" if not, specify [ noautoindent ]
set autoindent
" show color display
" if not, specify [ syntax off ]
syntax on
" change colors for comments if it's set [ syntax on ]
highlight Comment ctermfg=LightCyan
" wrap lines
" if not, specify [ set nowrap ]
set wrap
EOF
#sed 's|#PermitRootLogin yes|PermitRootLogin yes|g' /etc/ssh/sshd_config > /etc/ssh/sshd_config_tmp && mv /etc/ssh/sshd_config_tmp /etc/ssh/sshd_config
systemctl restart sshd
printmenu
;;
################################################################
################ Add Qmail Users and Directories ###############
################################################################
3)
yum -y install httpd
rm -f /etc/httpd/conf.d/welcome.conf
sed "s|ServerAdmin root@localhost|ServerAdmin $person_to_email|g" /etc/httpd/conf/httpd.conf > /etc/httpd/conf/httpd.conf_tmp && mv /etc/httpd/conf/httpd.conf_tmp /etc/httpd/conf/httpd.conf
sed "s|#ServerName www.example.com:80|ServerName $WebHost:80|g" /etc/httpd/conf/httpd.conf > /etc/httpd/conf/httpd.conf_tmp && mv /etc/httpd/conf/httpd.conf_tmp /etc/httpd/conf/httpd.conf
sed 's|AllowOverride None|AllowOverride None|g' /etc/httpd/conf/httpd.conf > /etc/httpd/conf/httpd.conf_tmp && mv /etc/httpd/conf/httpd.conf_tmp /etc/httpd/conf/httpd.conf
sed 's|DirectoryIndex index.html|DirectoryIndex index.php index.cgi index.pl index.py index.html|g' /etc/httpd/conf/httpd.conf > /etc/httpd/conf/httpd.conf_tmp && mv /etc/httpd/conf/httpd.conf_tmp /etc/httpd/conf/httpd.conf
mkdir -p $Webroot
echo "ServerTokens Prod " >> /etc/httpd/conf/httpd.conf
echo "KeepAlive On" >> /etc/httpd/conf/httpd.conf
cat << 'EOF' > $Webroot/index.html
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Test Page
</div>
</body>
</html>
EOF
systemctl start httpd
systemctl enable httpd
firewall-cmd --add-service=http --permanent
firewall-cmd --add-service=https --permanent
firewall-cmd --reload
printmenu
;;
################################################################
################ Add Qmail Users and Directories ###############
################################################################
4)
yum -y install perl perl-CGI python
cat << EOF > /etc/httpd/conf.d/cgi-enabled.conf
# create new
# processes .cgi and .pl as CGI scripts
<Directory "$Webroot/cgi-enabled">
Options +ExecCGI
AddHandler cgi-script .cgi .pl
</Directory>
EOF
mkdir -p $Webroot/cgi-enabled
systemctl restart httpd
chcon -R -t httpd_sys_script_exec_t $Webroot/cgi-enabled
semanage fcontext -a -t httpd_sys_script_exec_t $Webroot/cgi-enable
cat << 'EOF' > $Webroot/cgi-enabled/index.cgi
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print "<html>\n<body>\n";
print "<div style=\"width: 100%; font-size: 40px; font-weight: bold; text-align: center;\">\n";
print "CGI Test Page";
print "\n</div>\n";
print "</body>\n</html>\n";
EOF
chmod 705 $Webroot/cgi-enabled/index.cgi
sed '144s/.*/Options FollowSymLinks ExecCGI/' /etc/httpd/conf/httpd.conf > /etc/httpd/conf/httpd.conf_tmp && mv /etc/httpd/conf/httpd.conf_tmp /etc/httpd/conf/httpd.conf
sed '294s/.*/AddHandler cgi-script .cgi .pl/' /etc/httpd/conf/httpd.conf > /etc/httpd/conf/httpd.conf_tmp && mv /etc/httpd/conf/httpd.conf_tmp /etc/httpd/conf/httpd.conf
systemctl restart httpd
sed '923s#.*#date.timezone = "Asia/Kolkata"#' /etc/php.ini > /etc/php.ini_tmp && mv /etc/php.ini_tmp /etc/php.ini
sed 's|short_open_tag = Off|short_open_tag = On|g' /etc/php.ini > /etc/php.ini_tmp && mv /etc/php.ini_tmp /etc/php.ini
sed 's|max_execution_time = 30|max_execution_time = 30000|g' /etc/php.ini > /etc/php.ini_tmp && mv /etc/php.ini_tmp /etc/php.ini
sed 's|memory_limit = 128M|memory_limit = 10240M|g' /etc/php.ini > /etc/php.ini_tmp && mv /etc/php.ini_tmp /etc/php.ini
sed 's|post_max_size = 8M|post_max_size = 10240M|g' /etc/php.ini > /etc/php.ini_tmp && mv /etc/php.ini_tmp /etc/php.ini
sed 's|upload_max_filesize = 2M|upload_max_filesize = 10240M|g' /etc/php.ini > /etc/php.ini_tmp && mv /etc/php.ini_tmp /etc/php.ini
systemctl restart httpd
cat << 'EOF' > $Webroot/index.php
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
<?php
print Date("Y/m/d");
?>
</div>
</body>
</html>
EOF
cat << EOF > /etc/httpd/conf.d/vhost.conf
# create new
# for original domain
<VirtualHost *:80>
DocumentRoot $Webroot
ServerName $WebHost
</VirtualHost>
# for virtual domain
<VirtualHost *:80>
DocumentRoot $HomeDir/$NormalUser/public_html
ServerName $NormalUser.$DomainName
ServerAdmin $person_to_email
ErrorLog logs/virtual.host-error_log
CustomLog logs/virtual.host-access_log combined
</VirtualHost>
EOF
systemctl restart httpd
mkdir -p $HomeDir/$NormalUser/public_html/
cat << 'EOF' > $HomeDir/$NormalUser/public_html/virtual.php
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Virtual Host Test Page
</div>
</body>
</html>
EOF
cat << 'EOF' > $Webroot/cgi-enabled/index.py
#!/usr/bin/env python
print "Content-type: text/html\n\n"
print "<html>\n<body>"
print "<div style=\"width: 100%; font-size: 40px; font-weight: bold; text-align: center;\">"
print "Python Script Test Page"
print "</div>\n</body>\n</html>"
EOF
chmod 705 $Webroot/cgi-enabled/index.py
printmenu
;;
################################################################
################ Add Qmail Users and Directories ###############
################################################################
5)
mkdir -p $Webroot/$NormalUser
chmod 755 $Webroot/$NormalUser
ln -s $Webroot/$NormalUser $HomeDir/$NormalUser/public_html
chown -R $NormalUser:$NormalUser $HomeDir/$NormalUser/public_html
chown -R $NormalUser:$NormalUser $Webroot/$NormalUser
sed '17s/.*/#UserDir disabled/' /etc/httpd/conf.d/userdir.conf > /etc/httpd/conf.d/userdir.conf_tmp && mv /etc/httpd/conf.d/userdir.conf_tmp /etc/httpd/conf.d/userdir.conf
sed '24s/.*/UserDir public_html/' /etc/httpd/conf.d/userdir.conf > /etc/httpd/conf.d/userdir.conf_tmp && mv /etc/httpd/conf.d/userdir.conf_tmp /etc/httpd/conf.d/userdir.conf
sed "31s|/home|$HomeDir|g" /etc/httpd/conf.d/userdir.conf > /etc/httpd/conf.d/userdir.conf_tmp && mv /etc/httpd/conf.d/userdir.conf_tmp /etc/httpd/conf.d/userdir.conf
sed '32s/.*/AllowOverride All/' /etc/httpd/conf.d/userdir.conf > /etc/httpd/conf.d/userdir.conf_tmp && mv /etc/httpd/conf.d/userdir.conf_tmp /etc/httpd/conf.d/userdir.conf
sed '33s/.*/Options None/' /etc/httpd/conf.d/userdir.conf > /etc/httpd/conf.d/userdir.conf_tmp && mv /etc/httpd/conf.d/userdir.conf_tmp /etc/httpd/conf.d/userdir.conf
systemctl restart httpd
setsebool -P httpd_enable_homedirs on
restorecon -R $HomeDir
restorecon -R $HomeDir/$NormalUser/public_html
cat << 'EOF' > $HomeDir/$NormalUser/public_html/index.html
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
UserDir Test Page
</div>
</body>
</html>
EOF
chown -R $NormalUser:$NormalUser $HomeDir/$NormalUser/public_html/index.html
printmenu
;;
################################################################
################ Add Qmail Users and Directories ###############
################################################################
6)
yum -y install mod_ssl
mkdir -p /etc/starcert/ssl.crt
mkdir -p /etc/starcert/ssl.key
cat << 'EOF' > /etc/starcert/ssl.crt/STAR_iiita_ac_in.crt
-----BEGIN CERTIFICATE-----
MIIG0jCCBbqgAwIBAgIQZP69c/SNsvjyK0AKalEpOjANBgkqhkiG9w0BAQsFADCB
kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV
BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
QTAeFw0xODA0MjMwMDAwMDBaFw0yMDA3MjEyMzU5NTlaMFsxITAfBgNVBAsTGERv
bWFpbiBDb250cm9sIFZhbGlkYXRlZDEeMBwGA1UECxMVRXNzZW50aWFsU1NMIFdp
bGRjYXJkMRYwFAYDVQQDDA0qLmlpaXRhLmFjLmluMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA0b+XiUdaIbCAVcwtqWFVDZA/K/cy/pd7TKDxuuiJ0QIr
ViVGJZ0Z4a0dUI10udUUF6pEkDLPSnx38VOO7i9kZnHIxPxRqipaPXPKTKxVCUNv
ZijjXWvgwCHpW3Xq8x9TgywHrItGdy3YWishm2UEHDT4CQE8KjIuGlLn3l2Yoqbf
YoUznvtiBvmiMEuIEI8saxvK4v47GCp1zplTQwEV36+7UoD198rjDc7UJyu6wIgb
4VwARxzOVBastf4Ht1iif7tL8yRNyjli/xZSfz1GsOZEEvDf3leeytSJFnNDeTBn
L0z6AJ1W8Q3rmW6are4BIRapE2jQMwn27RFTD+V54QIDAQABo4IDWjCCA1YwHwYD
VR0jBBgwFoAUkK9qOpRaC9iQ6hJWc99DtDoo2ucwHQYDVR0OBBYEFLko1Y6AIKsc
uaKsijj6EmTPjISjMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud
JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBPBgNVHSAESDBGMDoGCysGAQQBsjEB
AgIHMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BT
MAgGBmeBDAECATBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vY3JsLmNvbW9kb2Nh
LmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3Js
MIGFBggrBgEFBQcBAQR5MHcwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuY29tb2Rv
Y2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5j
cnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTAlBgNVHREE
HjAcgg0qLmlpaXRhLmFjLmluggtpaWl0YS5hYy5pbjCCAX8GCisGAQQB1nkCBAIE
ggFvBIIBawFpAHcA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFi
8OFr4QAABAMASDBGAiEAhPObzE3jm8UE2sC2p28o3oneWXvMosfwGxt0lcVprQQC
IQCDtZStACmJPpOuhyuOsZ8b2ELwpwkorwP58UWPw3PA2gB2AF6nc/nfVsDntTZI
fdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABYvDhak0AAAQDAEcwRQIhANMu2XjjJMBE
qJN5brEetUs/6bvrzSOfg9G5Kk1Z3xgLAiAlmQDZRr/9zJkqGf+5PRuL1WLzW1ph
lz5pYA741Eb4VwB2AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAAB
YvDhai0AAAQDAEcwRQIhAMT762W2CG2+QISZPSaxEag6ZBMlCR+tXI1kjPg8V42K
AiAKYnq2LYpsV3Brb75i8Ky9HobCmzH3dwkX5f4ZV620ajANBgkqhkiG9w0BAQsF
AAOCAQEAHoBWOwNVZ79lQsN2/sE6O2UONKmMVJfdtcENkmK/hJh5vdfb4gSseNuW
R366Lze6hOT1zzSnTEgUTsYYnMjjA9ptzFQoxbDYrrepq5ecIxsFgG6vUDWzvBpj
yyTmH5hfIQn4gRXvB+GV06dPdF/lD4iTr5U4EeF5upUh2DbFzqz9Ow4q4c2QjI6u
wRw308vHJqEO0p2PYCJK7lnIi8hHzyOV6DX7Ya61Gv26A3a/h835JFzTjSpvfpBt
B8hSYMBjwdwu1QASIm7dvEXU8j5SUL6gQMTgaU7KuHnVs7wex2P7bkYCKvQGanm5
e6VjEuVjbu2+r5B+XGXVnBcakkkkpw==
-----END CERTIFICATE-----
EOF
cat << 'EOF' > /etc/starcert/ssl.crt/STAR_iiita_ac_in.ca-bundle
-----BEGIN CERTIFICATE-----
MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCB
hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQwMjEy
MDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
Q09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZh
bGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAI7CAhnhoFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28Sh
bXcDow+G+eMGnD4LgYqbSRutA776S9uMIO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0
Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4TgllfQcBhglo/uLQeTnaG6
ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh7lgUq/51
UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0n
c13cRTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQY
MBaAFLuvfgI9+qbxPISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz
30O0Oija5zAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgG
BmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9kb2NhLmNv
bS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB
AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9E
T1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21v
ZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2p
mj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/
e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsItG8kO3KdY3RYPBps
P0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdoltMY
dVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc
2bXhc3js9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxG
V/Iz2tDIY+3GH5QFlkoakdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4
HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBmGqW5prU5wfWYQ//u+aen/e7KJD2AFsQX
j4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODcQgPmlKidrv0PJFGUzpII
0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje3WYkN5Ap
lBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf
+AZxAeKCINT+b72x
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgIQJ2buVutJ846r13Ci/ITeIjANBgkqhkiG9w0BAQwFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
gYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYD
VQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkq
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTdxc9EZ3SZKzejfSNw
AHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH9IY+Cvo+XPmT5jR6
2RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onr
ayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt
4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIq
m1y9TBsoilwie7SrmNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g/
vOldxJuvRZnio1oktLqpVj3Pb6r/SVi+8Kj/9Lit6Tf7urj0Czr56ENCHonYhMsT
8dm74YlguIwoVqwUHZwK53Hrzw7dPamWoUi9PPevtQ0iTMARgexWO/bTouJbt7IE
IlKVgJNp6I5MZfGRAy1wdALqi2cVKWlSArvX31BqVUa/oKMoYX9w0MOiqiwhqkfO
KJwGRXa/ghgntNWutMtQ5mv0TIZxMOmm3xaG4Nj/QN370EKIf6MzOi5cHkERgWPO
GHFrK+ymircxXDpqR+DDeVnWIBqv8mqYqnK8V0rSS527EPywTEHl7R09XiidnMy/
s1Hap0flhFMCAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g
JMtUGjAdBgNVHQ4EFgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQD
AgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9
MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVy
bmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6
Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAGS/g/FfmoXQ
zbihKVcN6Fr30ek+8nYEbvFScLsePP9NDXRqzIGCJdPDoCpdTPW6i6FtxFQJdcfj
Jw5dhHk3QBN39bSsHNA7qxcS1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLY
Uspzgb8c8+a4bmYRBbMelC1/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5
B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI/V5eu+MtWuLt29G9Hvx
PUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vR
pu/xO28QOG8=
-----END CERTIFICATE-----
EOF
cat << 'EOF' > /etc/starcert/ssl.key/iiitaSSL_PRIVATEkey.txt
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEA0b+XiUdaIbCAVcwtqWFVDZA/K/cy/pd7TKDxuuiJ0QIrViVG
JZ0Z4a0dUI10udUUF6pEkDLPSnx38VOO7i9kZnHIxPxRqipaPXPKTKxVCUNvZijj
XWvgwCHpW3Xq8x9TgywHrItGdy3YWishm2UEHDT4CQE8KjIuGlLn3l2YoqbfYoUz
nvtiBvmiMEuIEI8saxvK4v47GCp1zplTQwEV36+7UoD198rjDc7UJyu6wIgb4VwA
RxzOVBastf4Ht1iif7tL8yRNyjli/xZSfz1GsOZEEvDf3leeytSJFnNDeTBnL0z6
AJ1W8Q3rmW6are4BIRapE2jQMwn27RFTD+V54QIDAQABAoIBABIFk0ChV9YzMyOs
EnROP5+VuEfPyprjax2vanWzyzuhIxYYx8ktkW65kB4+uTvKWhqab5+wLe1pemjK
1CoU+lxvBGAgiefEEdLb4xLpb7kHCUhO1RJO1ZXMlB9ep1xSYbuQiexCX0CYONGu
iQmwCUVfK7yiVYgOnbV3UCLkCdxXsGHWmCI3A2JuDJEQjQHVd5cBdTConriKfhM/
vG8MmYd9mHKE9FYP51q/aa86Lxsp6slUGm95ofWPCR09c6/xwRaYK7XaCys7o0Yx
PRthREdqAIse8BTx6WPuOBBcXUuMyqs/feJANc+u0PuCfCpYYOSUN3dflPEYrKTg
ipWOkT0CgYEA6Iak7bsnQ54734NZSqonDLYNqQ2Tf233UlxnfxuDpF+Bv5vyZ6ac
ysQ6SZDmJ43U7Vo/Xez5oVeNCUe+SKOJuP6W6rbY7r6TgiVulX07Y8WG+u4hwjAa
+o8X3/PBzkxw6FbPsqk5cckkypgGBPNhVzt6gJGOemy+XIB7HUW9ZK8CgYEA5uxK
BTSQQuU+X9Ws5/VR0/Htb4YjhXdRQI3MjWyXd5atjd7F4/fKJitbsYT03Rq9dWSQ
tgLYmOfxfWlQNQjsMEYeruJ4slIIaxB1t0Bddq/8OX/CA3Q6FJQiULrWTE7Lq2Ww
X2cdsrJ/Zel5VHO9TD7wZf3IIrwVbG+3GqTezm8CgYBR14pXboccYqZaPmYARLFn
5PAb735Z3L+vSnzXHT0RbthBM8d3Ogp3x+doG0sW4vHt9NTW32Dhq+olOQ49jOod
peZCiMcECSnsJfatQR3VOSIQUh6ptbrZM+JIXgh57yfSbzO9g5iHdy+u6yE7Ptql
FHdCp3jJmFrMPiCXJgPKWwKBgExu0WE/sLAzqJ2X4A82x8rbPLe5MnCuuZogVSBK
XSgcG33lyqJWFfbkSwlK9LFqdGMy0iMsdfzGaMwV25JyTZr82pMQKtr7BAZMAGqT
R1xNi7KMcu8pvT+qeGE4Nk4zln44vlQVkWLgagKVcK9fT7y46GEZyvCUSJMHtxd+
krDJAoGAKvphPPMpuGHYO8YwhEDpFt87vr04XEKBD8QhhOFFyu10T79dZ7ihltwM
6pw2zDVC9XWg1IQ/jJPjlon6hRT86EiwjxCSuQGk0Nki0FKYN4qaSzAOly3VuMZ9
jVtdtKe4vUqhT40l6v6rxV/JQNGdY99HZ4aplKur6D3LzftpMxo=
-----END RSA PRIVATE KEY-----
EOF
sed '59s|#DocumentRoot|DocumentRoot|g' /etc/httpd/conf.d/ssl.conf > /etc/httpd/conf.d/ssl.conf_tmp && mv /etc/httpd/conf.d/ssl.conf_tmp /etc/httpd/conf.d/ssl.conf
sed "59s|/var/www/html|$Webroot|g" /etc/httpd/conf.d/ssl.conf > /etc/httpd/conf.d/ssl.conf_tmp && mv /etc/httpd/conf.d/ssl.conf_tmp /etc/httpd/conf.d/ssl.conf
sed '60s|#ServerName|ServerName|g' /etc/httpd/conf.d/ssl.conf > /etc/httpd/conf.d/ssl.conf_tmp && mv /etc/httpd/conf.d/ssl.conf_tmp /etc/httpd/conf.d/ssl.conf
sed "60s|www.example.com|$WebHost|g" /etc/httpd/conf.d/ssl.conf > /etc/httpd/conf.d/ssl.conf_tmp && mv /etc/httpd/conf.d/ssl.conf_tmp /etc/httpd/conf.d/ssl.conf
sed "61s|www.example.com|$WebHost|g" /etc/httpd/conf.d/ssl.conf > /etc/httpd/conf.d/ssl.conf_tmp && mv /etc/httpd/conf.d/ssl.conf_tmp /etc/httpd/conf.d/ssl.conf
sed '75s|.*|SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2|g' /etc/httpd/conf.d/ssl.conf > /etc/httpd/conf.d/ssl.conf_tmp && mv /etc/httpd/conf.d/ssl.conf_tmp /etc/httpd/conf.d/ssl.conf
sed '100s|SSLCertificateFile |#SSLCertificateFile|g' /etc/httpd/conf.d/ssl.conf > /etc/httpd/conf.d/ssl.conf_tmp && mv /etc/httpd/conf.d/ssl.conf_tmp /etc/httpd/conf.d/ssl.conf
sed '107s|SSLCertificateKeyFile |#SSLCertificateKeyFile|g' /etc/httpd/conf.d/ssl.conf > /etc/httpd/conf.d/ssl.conf_tmp && mv /etc/httpd/conf.d/ssl.conf_tmp /etc/httpd/conf.d/ssl.conf
sed '101aSSLCACertificateFile /etc/starcert/ssl.crt/STAR_iiita_ac_in.ca-bundle' /etc/httpd/conf.d/ssl.conf > /etc/httpd/conf.d/ssl.conf_tmp && mv /etc/httpd/conf.d/ssl.conf_tmp /etc/httpd/conf.d/ssl.conf
sed '101aSSLCertificateChainFile /etc/starcert/ssl.crt/STAR_iiita_ac_in.ca-bundle' /etc/httpd/conf.d/ssl.conf > /etc/httpd/conf.d/ssl.conf_tmp && mv /etc/httpd/conf.d/ssl.conf_tmp /etc/httpd/conf.d/ssl.conf
sed '101aSSLCertificateKeyFile /etc/starcert/ssl.key/iiitaSSL_PRIVATEkey.txt' /etc/httpd/conf.d/ssl.conf > /etc/httpd/conf.d/ssl.conf_tmp && mv /etc/httpd/conf.d/ssl.conf_tmp /etc/httpd/conf.d/ssl.conf
sed '101aSSLCertificateFile /etc/starcert/ssl.crt/STAR_iiita_ac_in.crt' /etc/httpd/conf.d/ssl.conf > /etc/httpd/conf.d/ssl.conf_tmp && mv /etc/httpd/conf.d/ssl.conf_tmp /etc/httpd/conf.d/ssl.conf
systemctl restart httpd
cat << EOF > /etc/httpd/conf.d/vhost.conf
<VirtualHost *:80>
DocumentRoot $Webroot
ServerName $WebHost
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>
EOF
firewall-cmd --add-service=https --permanent
firewall-cmd --reload
sed '32s|SetHandler |#SetHandler |g' /etc/httpd/conf.d/php.conf > /etc/httpd/conf.d/php.conf_tmp && mv /etc/httpd/conf.d/php.conf_tmp /etc/httpd/conf.d/php.conf
sed '32a SetHandler "proxy:fcgi://127.0.0.1:9000" ' /etc/httpd/conf.d/php.conf > /etc/httpd/conf.d/php.conf_tmp && mv /etc/httpd/conf.d/php.conf_tmp /etc/httpd/conf.d/php.conf
systemctl start php-fpm
systemctl enable php-fpm
systemctl restart httpd
echo '<?php phpinfo(); ?>' > $Webroot/info.php
printmenu
;;
################################################################
################ Add Qmail Users and Directories ###############
################################################################
7)
sed '13acharacter-set-server=utf8 ' /etc/my.cnf.d/server.cnf > /etc/my.cnf.d/server.cnf_tmp && mv /etc/my.cnf.d/server.cnf_tmp /etc/my.cnf.d/server.cnf
mkdir -p /etc/my.cnf.d/pki
cp /etc/starcert/ssl.crt/STAR_iiita_ac_in.crt /etc/starcert/ssl.key/iiitaSSL_PRIVATEkey.txt /etc/starcert/ssl.crt/STAR_iiita_ac_in.ca-bundle /etc/my.cnf.d/pki
chown mysql. /etc/my.cnf.d/pki/*
sed '13a ssl-key=/etc/my.cnf.d/pki/iiitaSSL_PRIVATEkey.txt' /etc/my.cnf.d/server.cnf > /etc/my.cnf.d/server.cnf_tmp && mv /etc/my.cnf.d/server.cnf_tmp /etc/my.cnf.d/server.cnf
sed '13a ssl-ca=/etc/my.cnf.d/pki/STAR_iiita_ac_in.ca-bundle' /etc/my.cnf.d/server.cnf > /etc/my.cnf.d/server.cnf_tmp && mv /etc/my.cnf.d/server.cnf_tmp /etc/my.cnf.d/server.cnf
sed '13a ssl-cert=/etc/my.cnf.d/pki/STAR_iiita_ac_in.crt' /etc/my.cnf.d/server.cnf > /etc/my.cnf.d/server.cnf_tmp && mv /etc/my.cnf.d/server.cnf_tmp /etc/my.cnf.d/server.cnf
systemctl start mariadb
systemctl enable mariadb
printf "\n y\n n\n y\n y\n y\n y\n" | sudo mysql_secure_installation
echo ""
echo -ne "Generating DB access..."
mysql -uroot -e "CREATE DATABASE $DbName;"
mysql -uroot -e "CREATE USER '$DbName'@'%' IDENTIFIED BY '$DbPass';"
mysql -uroot -e "GRANT ALL PRIVILEGES ON $DbName.* TO '$DbName'@'%' IDENTIFIED BY '$DbPass';"
mysql -uroot -e "FLUSH PRIVILEGES;"
echo -ne " OK"
echo ""
echo "- Database address : localhost"
echo "- Database name : $DbName"
echo "- Database user : $DbName"
echo "- Database password : $DbPass"
echo ""
firewall-cmd --add-service=mysql --permanent
firewall-cmd --reload
printmenu
;;
################################################################
################ Mariadb LDAP Authentication ###############
################################################################
8)
yum install -y gcc pam-devel
wget https://raw.githubusercontent.com/MariaDB/server/10.4/plugin/auth_pam/mapper/pam_user_map.c
gcc pam_user_map.c -shared -lpam -fPIC -o pam_user_map.so
sudo install --mode=0755 pam_user_map.so /lib64/security
cat << 'EOF' > /etc/pam.d/mariadb
auth [success=1 new_authtok_reqd=1 default=ignore] pam_unix.so audit
auth required pam_ldap.so try_first_pass
auth required pam_user_map.so
account sufficient pam_unix.so audit
account required pam_ldap.so
EOF
sed '13a plugin_load_add = auth_pam' /etc/my.cnf.d/server.cnf > /etc/my.cnf.d/server.cnf_tmp && mv /etc/my.cnf.d/server.cnf_tmp /etc/my.cnf.d/server.cnf
sed '13a pam_use_cleartext_plugin = on' /etc/my.cnf.d/server.cnf > /etc/my.cnf.d/server.cnf_tmp && mv /etc/my.cnf.d/server.cnf_tmp /etc/my.cnf.d/server.cnf
#sed '13a plugin_load_add = auth_pam_v1' /etc/my.cnf.d/server.cnf > /etc/my.cnf.d/server.cnf_tmp && mv /etc/my.cnf.d/server.cnf_tmp /etc/my.cnf.d/server.cnf
sed '46a log_error=/var/log/mysql.log' /etc/my.cnf.d/server.cnf > /etc/my.cnf.d/server.cnf_tmp && mv /etc/my.cnf.d/server.cnf_tmp /etc/my.cnf.d/server.cnf
touch /var/log/mysql.log
systemctl restart mariadb
printmenu
;;
################################################################
################ Add Qmail Users and Directories ###############
################################################################
9)
#yum -y install phpMyAdmin
yum --enablerepo=remi install -y phpmyadmin
sed "16a Require ip 127.0.0.1 $IiitaNetwork" /etc/httpd/conf.d/phpMyAdmin.conf > /etc/httpd/conf.d/phpMyAdmin.conf_tmp && mv /etc/httpd/conf.d/phpMyAdmin.conf_tmp /etc/httpd/conf.d/phpMyAdmin.conf
sed "30a Require ip 127.0.0.1 $IiitaNetwork" /etc/httpd/conf.d/phpMyAdmin.conf > /etc/httpd/conf.d/phpMyAdmin.conf_tmp && mv /etc/httpd/conf.d/phpMyAdmin.conf_tmp /etc/httpd/conf.d/phpMyAdmin.conf
#sed "17s|Require ip 127.0.0.1|Require ip 127.0.0.1 $IiitaNetwork|g" /etc/httpd/conf.d/phpMyAdmin.conf > /etc/httpd/conf.d/phpMyAdmin.conf_tmp && mv /etc/httpd/conf.d/phpMyAdmin.conf_tmp /etc/httpd/conf.d/phpMyAdmin.conf
#sed "34s|Require ip 127.0.0.1|Require ip 127.0.0.1 $IiitaNetwork|g" /etc/httpd/conf.d/phpMyAdmin.conf > /etc/httpd/conf.d/phpMyAdmin.conf_tmp && mv /etc/httpd/conf.d/phpMyAdmin.conf_tmp /etc/httpd/conf.d/phpMyAdmin.conf
#cd /usr/share
#rm -rf phpMyAdmin
#wget https://files.phpmyadmin.net/phpMyAdmin/4.9.4/phpMyAdmin-4.9.4-english.zip
#unzip phpMyAdmin-4.9.4-english.zip
#mv phpMyAdmin-4.9.4-english phpMyAdmin
#cp /etc/phpMyAdmin/config.inc.php /usr/share/phpMyAdmin
#chmod 644 config.inc.php
systemctl restart httpd
printmenu
;;
################################################################
################ Enable ldap Auth and User Dir ###############
################################################################
10)
yum -y install openldap-servers openldap-clients
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
chown ldap. /var/lib/ldap/DB_CONFIG
systemctl start slapd
systemctl enable slapd
cat << EOF > /tmp/chrootpw.ldif
# specify the password generated above for "olcRootPW" section
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: `slappasswd -s $LdapServerCnPass`
EOF
ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/chrootpw.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
cat << EOF > /tmp/chdomain.ldif
# replace to your own domain name for "dc=***,dc=***" section
# specify the password generated above for "olcRootPW" section
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="$LdapServerCn" read by * none
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: $LdapServerDn
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: $LdapServerCn
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: `slappasswd -s $LdapServerCnPass`
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="$LdapServerCn" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="$LdapServerCn" write by * read
EOF
ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/chdomain.ldif
cat << EOF > /tmp/basedomain.ldif
# replace to your own domain name for "dc=***,dc=***" section
dn: $LdapServerDn
objectClass: top
objectClass: dcObject
objectclass: organization
o: $Org
dc: $Org
dn: $LdapServerCn
objectClass: organizationalRole
cn: Managera
EOF
ldapadd -x -D "$LdapServerCn" -w $LdapServerCnPass -f /tmp/basedomain.ldif
cd /etc/openldap/schema/
cat << 'EOF' > /etc/openldap/schema/iiita.ldif
dn: cn=iiita,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: iiita
olcAttributeTypes: {0}( 1.1.2.1.1 NAME 'MaritalStatus' DESC 'Marital Status of
the employee' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNT
AX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {1}( 1.1.2.1.2 NAME 'DOB' DESC 'Date of Birth' EQUALITY cas
eIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121
.1.15 SINGLE-VALUE )
olcAttributeTypes: {2}( 1.1.2.1.3 NAME 'Sex' DESC 'Sex' EQUALITY caseIgnoreMat
ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING
LE-VALUE )
olcAttributeTypes: {3}( 1.1.2.1.4 NAME 'Designation' DESC 'Designation name' E
QUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1
466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {4}( 1.1.2.1.5 NAME 'Grade' DESC 'Grade name' EQUALITY case
IgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
1.15 SINGLE-VALUE )
olcAttributeTypes: {5}( 1.1.2.1.6 NAME 'Passport' DESC 'Passport details' EQUA
LITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466
.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {6}( 1.1.2.1.7 NAME 'PAN' DESC 'PAN No details' EQUALITY ca
seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
1.1.15 SINGLE-VALUE )
olcAttributeTypes: {7}( 1.1.2.1.8 NAME 'PFNo' DESC 'PF details' EQUALITY caseI
gnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
.15 SINGLE-VALUE )
olcAttributeTypes: {8}( 1.1.2.1.9 NAME 'DepartmentName' DESC 'Name of the Depa
rtment' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.
6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {9}( 1.1.2.1.10 NAME 'JoiningDate' DESC 'Employee joining d
ate' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1
.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {10}( 1.1.2.1.11 NAME 'BloodGroup' DESC 'Embloyee blood gro
up' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.
4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {11}( 1.1.2.1.12 NAME 'HighestEducation' DESC 'Highest Educ
ation of the Employee' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMa
tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {12}( 1.1.2.1.13 NAME 'BankAcNo' DESC 'Bank Account No' EQU
ALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.146
6.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {13}( 1.1.2.1.14 NAME 'Vehicle' DESC 'Vehicle datails two o
r four wheeler' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYN
TAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {14}( 1.1.2.1.15 NAME 'PersonalEmail' DESC 'Personal Email
of the Employee' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SY
NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {15}( 1.1.2.1.16 NAME 'PrevCompanyName' DESC 'Name of the P
revious company' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SY
NTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {16}( 1.1.2.1.17 NAME 'Fresher' DESC 'Fresher or not' EQUAL
ITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.
115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {17}( 1.1.2.1.18 NAME 'TotalExperience' DESC 'Total Experie
nce of the employee' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatc
h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {18}( 1.1.2.1.19 NAME 'FatherName' DESC 'FatherName of the
Employee' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.
3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {19}( 1.1.2.1.20 NAME 'MotherName' DESC 'Mother name of the
Employee' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1
.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcObjectClasses: {0}( 1.1.2.2.3 NAME 'iiitastudent' DESC 'object class' STRUC
TURAL MUST ( cn $ sn ) MAY ( PAN $ Passport $ PFNo $ Per
sonalEmail $ PrevCompanyName $ gn $ initials $ DOB $ Sex $ Designation $ Grad
e $ DepartmentName $ BloodGroup $ email $ postalAddress $ MaritalStatus $ Joi
ningDate $ HighestEducation $ BankAcNo $ Vehicle $ Fresher $ TotalExperience
$ FatherName $ MotherName ) )
EOF
cat << 'EOF' > /etc/openldap/schema/iiita.schema
attributetype ( 1.1.2.1.1
NAME 'MaritalStatus'
DESC 'Marital Status of the employee'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
attributetype ( 1.1.2.1.2
NAME 'DOB'
DESC 'Date of Birth'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
attributetype ( 1.1.2.1.3
NAME 'Sex'
DESC 'Sex'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
attributetype ( 1.1.2.1.4
NAME 'Designation'
DESC 'Designation name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
attributetype ( 1.1.2.1.5
NAME 'Grade'
DESC 'Grade name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
attributetype ( 1.1.2.1.6
NAME 'Passport'
DESC 'Passport details'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
attributetype ( 1.1.2.1.7
NAME 'PAN'
DESC 'PAN No details'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
attributetype ( 1.1.2.1.8
NAME 'PFNo'
DESC 'PF details'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
attributetype ( 1.1.2.1.9
NAME 'DepartmentName'
DESC 'Name of the Department'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
attributetype ( 1.1.2.1.10
NAME 'JoiningDate'
DESC 'Employee joining date'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
attributetype ( 1.1.2.1.11
NAME 'BloodGroup'
DESC 'Embloyee blood group'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
attributetype ( 1.1.2.1.12
NAME 'HighestEducation'
DESC 'Highest Education of the Employee'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
attributetype ( 1.1.2.1.13
NAME 'BankAcNo'
DESC 'Bank Account No'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
attributetype ( 1.1.2.1.14
NAME 'Vehicle'
DESC 'Vehicle datails two or four wheeler'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
attributetype ( 1.1.2.1.15
NAME 'PersonalEmail'
DESC 'Personal Email of the Employee'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
attributetype ( 1.1.2.1.16
NAME 'PrevCompanyName'
DESC 'Name of the Previous company'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
attributetype ( 1.1.2.1.17
NAME 'Fresher'
DESC 'Fresher or not'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
attributetype ( 1.1.2.1.18
NAME 'TotalExperience'
DESC 'Total Experience of the employee'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
attributetype ( 1.1.2.1.19
NAME 'FatherName'
DESC 'FatherName of the Employee'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
attributetype ( 1.1.2.1.20
NAME 'MotherName'
DESC 'Mother name of the Employee'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
attributetype ( 1.1.2.1.22
NAME 'homePhone'
DESC 'Home Phone Number'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
objectclass ( 1.1.2.2.3
NAME 'iiitastudent'
DESC 'object class'
STRUCTURAL
MUST ( cn $ sn )
MAY ( homePhone $ PAN $ Passport $ PFNo $ PersonalEmail $ PrevCompanyName $ gn $ initials $ DOB $ Sex $ Designation $ Grade $ DepartmentName $ BloodGroup $ email $ postalAddress $ MaritalStatus $ JoiningDate $ HighestEducation $ BankAcNo $ Vehicle $ Fresher $ TotalExperience $ FatherName $ MotherName )
)
EOF
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/iiita.ldif
wget https://wiki.yola.ru/_media/openldap/qmail.ldif
#wget -O qmail.ldif https://raw.githubusercontent.com/sha2017/server.ldap/master/files/etc/ldap/slapd.d/cn%3Dconfig/cn%3Dschema/cn%3D%7B6%7Dqmail.ldif
wget https://raw.githubusercontent.com/threerings/splatd/master/splat/ldaputils/test/data/openldap/schema/qmail.schema
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/qmail.ldif
firewall-cmd --add-service=ldap --permanent
firewall-cmd --reload
printmenu
;;
11)
cp /etc/starcert/ssl.crt/STAR_iiita_ac_in.crt /etc/starcert/ssl.key/iiitaSSL_PRIVATEkey.txt /etc/starcert/ssl.crt/STAR_iiita_ac_in.ca-bundle /etc/openldap/certs/
cd /etc/openldap/certs/
chown ldap. /etc/openldap/certs/iiitaSSL_PRIVATEkey.txt /etc/openldap/certs/STAR_iiita_ac_in.ca-bundle /etc/openldap/certs/STAR_iiita_ac_in.crt
cat << EOF > /tmp/mod_ssl.ldif
# create new
dn: cn=config
changetype: modify
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/openldap/certs/STAR_iiita_ac_in.ca-bundle
-
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/STAR_iiita_ac_in.crt
-
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/iiitaSSL_PRIVATEkey.txt
EOF
ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/mod_ssl.ldif
sed '9s|.*|SLAPD_URLS="ldapi:/// ldap:/// ldaps:///" |' /etc/sysconfig/slapd > /etc/sysconfig/slapd_tmp && mv /etc/sysconfig/slapd_tmp /etc/sysconfig/slapd
systemctl restart slapd
firewall-cmd --add-service=ldaps --permanent
#setsebool -P httpd_can_connect_ldaps on
#setsebool httpd_can_network_connect on
firewall-cmd --reload
printmenu
;;
12)
yum -y install openldap-clients nss-pam-ldapd
mkdir -p /etc/openldap/cacerts
cp /etc/starcert/ssl.crt/STAR_iiita_ac_in.crt /etc/starcert/ssl.key/iiitaSSL_PRIVATEkey.txt /etc/starcert/ssl.crt/STAR_iiita_ac_in.ca-bundle /etc/openldap/cacerts
chown nslcd. /etc/openldap/cacerts/*
sed '18s|uri ldap://127.0.0.1/ |#uri ldap://127.0.0.1/ |g' /etc/nslcd.conf > /etc/nslcd.conf_tmp && mv /etc/nslcd.conf_tmp /etc/nslcd.conf
sed '25s|base dc=example,dc=com |#base dc=example,dc=com |g' /etc/nslcd.conf > /etc/nslcd.conf_tmp && mv /etc/nslcd.conf_tmp /etc/nslcd.conf
sed '25s|base dc=example,dc=com |#base dc=example,dc=com |g' /etc/nslcd.conf > /etc/nslcd.conf_tmp && mv /etc/nslcd.conf_tmp /etc/nslcd.conf
sed "30a binddn $LdapServerCn" /etc/nslcd.conf > /etc/nslcd.conf_tmp && mv /etc/nslcd.conf_tmp /etc/nslcd.conf
sed "35a bindpw $LdapServerCnPass" /etc/nslcd.conf > /etc/nslcd.conf_tmp && mv /etc/nslcd.conf_tmp /etc/nslcd.conf
sed "19a uri ldaps://$LdapServer:636" /etc/nslcd.conf > /etc/nslcd.conf_tmp && mv /etc/nslcd.conf_tmp /etc/nslcd.conf
sed "26a base $LdapServerDn" /etc/nslcd.conf > /etc/nslcd.conf_tmp && mv /etc/nslcd.conf_tmp /etc/nslcd.conf
sed '77a tls_key /etc/openldap/cacerts/iiitaSSL_PRIVATEkey.txt' /etc/nslcd.conf > /etc/nslcd.conf_tmp && mv /etc/nslcd.conf_tmp /etc/nslcd.conf
sed '77a tls_cacertfile /etc/openldap/cacerts/STAR_iiita_ac_in.ca-bundle' /etc/nslcd.conf > /etc/nslcd.conf_tmp && mv /etc/nslcd.conf_tmp /etc/nslcd.conf
sed '77a tls_cert /etc/openldap/cacerts/STAR_iiita_ac_in.crt' /etc/nslcd.conf > /etc/nslcd.conf_tmp && mv /etc/nslcd.conf_tmp /etc/nslcd.conf
#echo "TLS_REQCERT allow" >> /etc/openldap/ldap.conf
#echo "tls_reqcert allow" >> /etc/nslcd.conf
#sed '109,119s|^|#|' /etc/nslcd.conf > /etc/nslcd.conf_tmp && mv /etc/nslcd.conf_tmp /etc/nslcd.conf
#sed '109,119s|^#.*|^#|' /etc/nslcd.conf > /etc/nslcd.conf_tmp && mv /etc/nslcd.conf_tmp /etc/nslcd.conf
#sed '114,124s|#*||' /etc/nslcd.conf > /etc/nslcd.conf_tmp && mv /etc/nslcd.conf_tmp /etc/nslcd.conf
chmod 600 /etc/nslcd.conf
#tls_cacertdir /etc/openldap/cacerts
#sed -i '/^#.* 110,120 /s/^#//' /etc/nslcd.conf > /etc/nslcd.conf_tmp && mv /etc/nslcd.conf_tmp /etc/nslcd.conf
#sed '49724,49736 {s/^/#/}' file > newFile && mv newFile file
#semanage port -a -t -S --store ldap_port_t -p tcp 4636
#setsebool -P authlogin_nsswitch_use_ldap 1
#authconfig --enableldap --enableldapauth --enableldaptls --ldapserver="ldaps://$LdapServer:636" --ldapbasedn="$LdapServerDn" --enablemkhomedir --enableshadow --enablelocauthorize --passalgo=sha256 --update
authconfig --enableldap --enableldapauth --ldapserver="ldaps://$LdapServer:636" --ldapbasedn="$LdapServerDn" --enablemkhomedir --enableshadow --enablelocauthorize --passalgo=sha256 --update
PAM_USER='$PAM_USER'
cat << EOF > /usr/bin/create_dir.sh
#!/bin/bash
if [ ! -d $Webroot/$PAM_USER ]; then
mkdir -p $Webroot/$PAM_USER
echo "Welcome Page Under Construction .." > $Webroot/$PAM_USER/index.html
chown -R $PAM_USER:apache $Webroot/$PAM_USER
ln -s $Webroot/$PAM_USER $HomeDir/$PAM_USER/public_html
chown -h $PAM_USER:apache $HomeDir/$PAM_USER/public_html
#chmod 750 $HomeDir/$PAM_USER
#if [ -d /Data/backup/2/$PAM_USER/ ]; then
#rm -rf /var/www/html/$PAM_USER/index.html
#mv /Data/backup/2/$PAM_USER/* /var/www/html/$PAM_USER/
chown -R $PAM_USER:apache $Webroot/$PAM_USER
chmod 775 $Webroot/$PAM_USER
if [ $PAM_USER != "root" ]; then
mysql -u root -e "create database $PAM_USER;"
mysql -u root -e "CREATE USER '$PAM_USER'@'localhost' IDENTIFIED via pam USING 'mariadb';"
#mysql -u root -e "grant all on $PAM_USER.* to '$PAM_USER'@'localhost' identified via pam USING 'mariadb';"
mysql -u root -e "grant all on $PAM_USER.* to '$PAM_USER'@'localhost' identified via pam USING 'mariadb';"
mysql -u root -e "flush privileges;"
echo "$PAM_USER:$PAM_USER" > /etc/security/user_map.conf
chcon -R -t httpd_sys_content_t $Webroot/$PAM_USER
chcon -R -t httpd_sys_content_t $HomeDir/$PAM_USER/public_html
/usr/sbin/restorecon $HomeDir/$PAM_USER/public_html
/usr/sbin/semanage fcontext -a -t httpd_sys_content_t $HomeDir/$PAM_USER/public_html
#semanage fcontext -a -t httpd_sys_content_t $HomeDir/$PAM_USER
#semanage fcontext -a -t httpd_sys_content_t $HomeDir/$PAM_USER/public_html
#restorecon $HomeDir/$PAM_USER
#restorecon $HomeDir/$PAM_USER/public_html
cd ~/
fi
fi
EOF
unset PAM_USER
chmod +x /usr/bin/create_dir.sh
sed "27a session optional pam_exec.so debug log=/tmp/pam_exec.log /usr/bin/create_dir.sh" /etc/pam.d/password-auth > /etc/pam.d/password-auth_tmp && mv /etc/pam.d/password-auth_tmp /etc/pam.d/password-auth
printmenu
;;
################################################################
################ Add Qmail Users and Directories ###############
################################################################
13)
yum -y install phpldapadmin
cd /etc/
rm -rf phpldapadmin
cd /usr/share
rm -rf phpldapadmin/
git clone https://github.com/breisig/phpLDAPadmin.git
mv phpLDAPadmin phpldapadmin
mv /usr/share/phpldapadmin/config /etc/phpldapadmin
ln -s /etc/phpldapadmin /usr/share/phpldapadmin/config
cp /etc/phpldapadmin/config.php.example /etc/phpldapadmin/config.php
#sed '397s|//*||' /etc/phpldapadmin/config.php > /etc/phpldapadmin/config.php_tmp && mv /etc/phpldapadmin/config.php_tmp /etc/phpldapadmin/config.php
#sed '398s|^|#|' /etc/phpldapadmin/config.php > /etc/phpldapadmin/config.php_tmp && mv /etc/phpldapadmin/config.php_tmp /etc/phpldapadmin/config.php
sed "11a Require ip 127.0.0.1 172.0.0.0/8" /etc/httpd/conf.d/phpldapadmin.conf > /etc/httpd/conf.d/phpldapadmin.conf_tmp && mv /etc/httpd/conf.d/phpldapadmin.conf_tmp /etc/httpd/conf.d/phpldapadmin.conf
systemctl restart httpd
setsebool -P httpd_can_connect_ldap on
setsebool -P httpd_can_sendmail 1
printmenu
;;
################################################################
################ Add Qmail Users and Directories ###############
################################################################
14)
yum -y install bind-utils logrotate net-tools wget nmap
yum -y install ndjbdns
cd /etc/ndjbdns/
touch data
tinydns-data
sed "9s|.*|IP=$TinyDnsHostIp |" /etc/ndjbdns/tinydns.conf > /etc/ndjbdns/tinydns.conf_tmp && mv /etc/ndjbdns/tinydns.conf_tmp /etc/ndjbdns/tinydns.conf
sed "23s|.*|IP=$DnsCacheHostIp |" /etc/ndjbdns/dnscache.conf > /etc/ndjbdns/dnscache.conf_tmp && mv //etc/ndjbdns/dnscache.conf_tmp /etc/ndjbdns/dnscache.conf
systemctl enable tinydns
systemctl start tinydns
systemctl enable dnscache
systemctl start dnscache
firewall-cmd --add-service=dns --permanent
firewall-cmd --reload
cd /etc/ndjbdns/servers/
echo "$TinyDnsHostIp" > $DomainName
cat $DomainName | tee {16,17,18,19,20,21,22,23,24,25,26,27,28,29,30}.172.in-addr.arpa
cat $DomainName | tee 35.119.103.in-addr.arpa
cd /etc/ndjbdns/ip
touch 172
touch 103.119.35
touch 14.139.236
touch 127.0.0.1
systemctl restart tinydns
systemctl restart dnscache
printmenu
;;
15)
#wget https://raw.githubusercontent.com/q3aql/ffmpeg-install/master/ffmpeg-install
#chmod a+x ffmpeg-install
#./ffmpeg-install --install release
#yum -y install https://download.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
#yum -y localinstall --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm
#yum -y install --nogpgcheck https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm
#yum -y install http://rpmfind.net/linux/epel/7/x86_64/Packages/s/SDL2-2.0.10-1.el7.x86_64.rpm
yum -y localinstall --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm
yum -y install --nogpgcheck https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm
yum -y install http://rpmfind.net/linux/epel/7/x86_64/Packages/s/SDL2-2.0.10-1.el7.x86_64.rpm
#wget https://raw.githubusercontent.com/q3aql/ffmpeg-install/master/ffmpeg-install
#chmod a+x ffmpeg-install
#./ffmpeg-install --install release
yum -y install ffmpeg ffmpeg-devel ImageMagick ImageMagick-devel
printf "\n" | pecl install imagick > /dev/null
echo "extension=imagick.so" > /etc/php.d/imagick.ini
echo ""
echo -ne "Installing Clipbucket sources..."
mkdir -p $Webroot/memories/
cd $Webroot/memories/
git clone https://github.com/MacWarrior/clipbucket-5.0.git ./ > /dev/null 2>&1
echo -ne " OK"
echo ""
echo -ne "Updating sources access permissions..."
mv $Webroot/memories/upload/* $Webroot/memories/
cd $Webroot/memories/
chown apache: -R ../memories
chmod 755 -R ./cache ./files ./images ./includes/langs
chmod 755 ./includes
echo -ne " OK"
cat << EOF > /etc/httpd/conf.d/memories.conf
<VirtualHost memory.iiita.ac.in:443>
ServerName $Host.$DomainName
DocumentRoot $Webroot/memories
SSLEngine on
SSLCertificateFile /etc/starcert/ssl.crt/STAR_iiita_ac_in.crt
SSLCertificateChainFile /etc/starcert/ssl.crt/STAR_iiita_ac_in.ca-bundle
SSLCertificateKeyFile /etc/starcert/ssl.key/iiitaSSL_PRIVATEkey.txt
<Directory $Webroot/memories>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog /var/log/httpd/error_log
CustomLog /var/log/httpd/access_log combined
</VirtualHost>
EOF
#cat << EOF >> /etc/httpd/conf/httpd.conf
#NameVirtualHost *:80
##<Directory $Webroot/>
# Options Indexes FollowSymLinks
# AllowOverride None
# Require all granted
#</Directory>
#EOF
systemctl restart httpd > /dev/null
chcon -R -t httpd_sys_rw_content_t $Webroot/memories
semanage fcontext -a -t httpd_sys_rw_content_t "$Webroot/memories/(/.*)?"
echo -ne " OK"
echo ""
echo "- Website URL : http://$HostName.$DomainName"
systemctl restart httpd
printmenu
;;
16)
cd $Webroot
wget https://download.moodle.org/download.php/direct/stable38/moodle-latest-38.tgz
tar -xvzf moodle-latest-38.tgz
mv moodle courses
mkdir -p /var/www/moodledata
chmod 777 /var/www/moodledata
cat << EOF > /etc/httpd/conf.d/$Hostname.conf
<VirtualHost $WebHost:443>
ServerName $WebHost
DocumentRoot $Webroot/courses
SSLEngine on
SSLCertificateFile /etc/starcert/ssl.crt/STAR_iiita_ac_in.crt
SSLCertificateChainFile /etc/starcert/ssl.crt/STAR_iiita_ac_in.ca-bundle
SSLCertificateKeyFile /etc/starcert/ssl.key/iiitaSSL_PRIVATEkey.txt
<Directory $Webroot/courses>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog /var/log/httpd/error_log
CustomLog /var/log/httpd/access_log combined
</VirtualHost>
EOF
systemctl restart httpd > /dev/null
chcon -R -t httpd_sys_rw_content_t /var/www/moodledata
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/moodledata/(/.*)?"
chcon -R -t httpd_sys_rw_content_t $Webroot/courses
semanage fcontext -a -t httpd_sys_rw_content_t "$Webroot/courses/(/.*)?"
echo "Moodle Installed Select 0 to Exit"
read Decision
;;
17)
yum -y group install "Development Tools"
yum -y install rsnapshot
mkdir -p $BackupDir/script
mkdir -p $BackupDir/data/rawdata
cd mkdir -p $BackupDir/script
wget http://fcron.free.fr/archives/fcron-3.3.0.src.tar.gz
tar -xvzf http://fcron.free.fr/archives/fcron-3.3.0.src.tar.gz
cd fcron-3.3.0
./configure
gmake
gmake install
useradd $BackupUser
echo -e "$BUPassword\n$BUPassword" | passwd $BackupUser
sudo -i -u $BackupUser bash << EOF
mkdir public_html
EOF
cat << 'EOF' > $HomeDir/$BackupUser/.validate
#! /bin/bash
#$SSH_ORIGINAL_COMMAND
case "$SSH_ORIGINAL_COMMAND" in
*\&*|*\|*|*\;*|*\>*|*\<*|*\!*)
exit 1
;;
'rsync --server --sender'*)
sudo $SSH_ORIGINAL_COMMAND
;;
*)
exit 1
;;
esac
EOF
chmod 700 $HomeDir/$BackupUser/.validate
mkdir -p $HomeDir/$BackupUser/.ssh
chmod 700 $HomeDir/$BackupUser/.ssh
cat << 'EOF' > $HomeDir/$BackupUser/.ssh/authorized_keys
from="172.31.1.50",command="/home/backup/.validate" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKoRbFZcCDeSPBpEJqEXIpDfXOC9Dz0Xt6qAlvSuobEzBC8Y6rP1pd6DI+qGidGSN/xnHd4MpdnD7KZJGLM89LOamrMD24xVuUZDrH0iPRsnBgHLTfktJpKbuaCgV9uTB3M/EFxH7TqyDuZ5EuY++o87kkNZENUlFD5XJhAYsZEi+QVrKGl/CJjn81ajXJLIRjhd/ZWphM0OCIcrgGJXjRpk4HubROfHPfumIqvpulYIErc9zMRrUMDzrqTtiMSL/4p7p9Jj4K5S6Zvzdhqfvov/k2Dj2AICgWQo5IBMZt2Tl2N322wxmFSVu9bduL8Lf8iih9+7QgV1SCw2/2OUhZ backup@backup.iiita.ac.in
EOF
chmod 600 $HomeDir/$BackupUser/.ssh/authorized_keys
echo "Moodle Installed Select 0 to Exit"
read Decision
;;
esac
done