diff --git a/scripts/install/amazon.sh b/scripts/install/amazon.sh index ae6cfce3c..9a1d953fc 100755 --- a/scripts/install/amazon.sh +++ b/scripts/install/amazon.sh @@ -21,42 +21,43 @@ yum install -y curl-devel libmcrypt libmcrypt-devel yum install -y mysql-devel yum install -y expect -if [ -f /usr/sbin/iptables ];then - - iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT - iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT - iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT - iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT - # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 7200 -j ACCEPT - # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT - # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 30000:40000 -j ACCEPT - service iptables save - - iptables_status=`service iptables status | grep 'not running'` - if [ "${iptables_status}" == '' ];then - service iptables restart - fi +SSH_PORT=`netstat -ntpl|grep sshd|grep -v grep | sed -n "1,1p" | awk '{print $4}' | awk -F : '{print $2}'` +echo "SSH PORT:${SSH_PORT}" - #安装时不开启 - service iptables stop -fi +# if [ -f /usr/sbin/iptables ];then + +# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT +# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT +# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT +# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT +# service iptables save + +# iptables_status=`service iptables status | grep 'not running'` +# if [ "${iptables_status}" == '' ];then +# service iptables restart +# fi +# #安装时不开启 +# service iptables stop +# fi -if [ ! -f /usr/sbin/iptables ];then + +if [ ! -f /usr/sbin/firewalld ];then yum install firewalld -y systemctl enable firewalld #取消服务锁定 systemctl unmask firewalld systemctl start firewalld - firewall-cmd --permanent --zone=public --add-port=22/tcp + if [ "$SSH_PORT" != "" ];then + firewall-cmd --permanent --zone=public --add-port=${SSH_PORT}/tcp + else + firewall-cmd --permanent --zone=public --add-port=22/tcp + fi + firewall-cmd --permanent --zone=public --add-port=80/tcp firewall-cmd --permanent --zone=public --add-port=443/tcp firewall-cmd --permanent --zone=public --add-port=888/tcp - # firewall-cmd --permanent --zone=public --add-port=7200/tcp - # firewall-cmd --permanent --zone=public --add-port=3306/tcp - # firewall-cmd --permanent --zone=public --add-port=30000-40000/tcp - sed -i 's#AllowZoneDrifting=yes#AllowZoneDrifting=no#g' /etc/firewalld/firewalld.conf firewall-cmd --reload diff --git a/scripts/install/arch.sh b/scripts/install/arch.sh index 35a084a2e..e6ce01131 100644 --- a/scripts/install/arch.sh +++ b/scripts/install/arch.sh @@ -54,40 +54,41 @@ echo y | pacman -Syu icu hwclock --systohc -if [ -f /usr/sbin/iptables ];then - - iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT - iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT - iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT - iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT - # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 7200 -j ACCEPT - # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT - # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 30000:40000 -j ACCEPT - service iptables save - - iptables_status=`service iptables status | grep 'not running'` - if [ "${iptables_status}" == '' ];then - service iptables restart - fi +SSH_PORT=`netstat -ntpl|grep sshd|grep -v grep | sed -n "1,1p" | awk '{print $4}' | awk -F : '{print $2}'` +echo "SSH PORT:${SSH_PORT}" - #安装时不开启 - service iptables stop -fi +# if [ -f /usr/sbin/iptables ];then + +# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT +# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT +# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT +# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT +# service iptables save +# iptables_status=`service iptables status | grep 'not running'` +# if [ "${iptables_status}" == '' ];then +# service iptables restart +# fi -if [ ! -f /usr/sbin/iptables ];then +# #安装时不开启 +# service iptables stop +# fi + + +if [ ! -f /usr/sbin/firewalld ];then echo y | pacman -Sy firewalld systemctl enable firewalld systemctl start firewalld - firewall-cmd --permanent --zone=public --add-port=22/tcp + if [ "$SSH_PORT" != "" ];then + firewall-cmd --permanent --zone=public --add-port=${SSH_PORT}/tcp + else + firewall-cmd --permanent --zone=public --add-port=22/tcp + fi + firewall-cmd --permanent --zone=public --add-port=80/tcp firewall-cmd --permanent --zone=public --add-port=443/tcp firewall-cmd --permanent --zone=public --add-port=888/tcp - # firewall-cmd --permanent --zone=public --add-port=7200/tcp - # firewall-cmd --permanent --zone=public --add-port=3306/tcp - # firewall-cmd --permanent --zone=public --add-port=30000-40000/tcp - sed -i 's#AllowZoneDrifting=yes#AllowZoneDrifting=no#g' /etc/firewalld/firewalld.conf firewall-cmd --reload diff --git a/scripts/install/debian.sh b/scripts/install/debian.sh index 40aafac0f..e8eb7800b 100644 --- a/scripts/install/debian.sh +++ b/scripts/install/debian.sh @@ -45,23 +45,24 @@ apt-get update -y apt install -y wget curl lsof unzip tar cron expect locate apt install -y python3-pip python3-dev python3-venv -if [ -f /usr/sbin/ufw ];then - if [ "$SSH_PORT" != "" ];then - ufw allow $SSH_PORT/tcp - else - ufw allow 22/tcp - fi - ufw allow 80/tcp - ufw allow 443/tcp - ufw allow 888/tcp -fi +# if [ -f /usr/sbin/ufw ];then +# if [ "$SSH_PORT" != "" ];then +# ufw allow $SSH_PORT/tcp +# else +# ufw allow 22/tcp +# fi -if [ -f /usr/sbin/ufw ];then - ufw disable -fi +# ufw allow 80/tcp +# ufw allow 443/tcp +# ufw allow 888/tcp +# fi + +# if [ -f /usr/sbin/ufw ];then +# ufw disable +# fi -if [ ! -f /usr/sbin/ufw ];then +if [ ! -f /usr/sbin/firewalld ];then # look # firewall-cmd --list-all @@ -79,16 +80,12 @@ if [ ! -f /usr/sbin/ufw ];then firewall-cmd --permanent --zone=public --add-port=80/tcp firewall-cmd --permanent --zone=public --add-port=443/tcp firewall-cmd --permanent --zone=public --add-port=888/tcp - # firewall-cmd --permanent --zone=public --add-port=7200/tcp - # firewall-cmd --permanent --zone=public --add-port=3306/tcp - # firewall-cmd --permanent --zone=public --add-port=30000-40000/tcp # fix:debian10 firewalld faq # https://kawsing.gitbook.io/opensystem/andoid-shou-ji/untitled/fang-huo-qiang#debian-10-firewalld-0.6.3-error-commandfailed-usrsbinip6tablesrestorewn-failed-ip6tablesrestore-v1.8 sed -i 's#IndividualCalls=no#IndividualCalls=yes#g' /etc/firewalld/firewalld.conf firewall-cmd --reload - #安装时不开启 systemctl stop firewalld fi diff --git a/scripts/install/fedora.sh b/scripts/install/fedora.sh index d885e45d4..2349e2987 100644 --- a/scripts/install/fedora.sh +++ b/scripts/install/fedora.sh @@ -17,45 +17,48 @@ yum install -y wget curl lsof unzip yum install -y expect dnf install crontabs -y -if [ -f /usr/sbin/iptables ];then - - iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT - iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT - iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT - iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT - # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 7200 -j ACCEPT - # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT - # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 30000:40000 -j ACCEPT - service iptables save - - iptables_status=`service iptables status | grep 'not running'` - if [ "${iptables_status}" == '' ];then - service iptables restart - fi - - #安装时不开启 - service iptables stop -fi - - - -if [ "${isVersion}" == '' ];then - if [ ! -f "/usr/sbin/iptables" ];then - yum install firewalld -y - systemctl enable firewalld - systemctl start firewalld - +SSH_PORT=`netstat -ntpl|grep sshd|grep -v grep | sed -n "1,1p" | awk '{print $4}' | awk -F : '{print $2}'` +echo "SSH PORT:${SSH_PORT}" + +# if [ -f /usr/sbin/iptables ];then + +# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT +# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT +# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT +# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT +# # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 7200 -j ACCEPT +# # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT +# # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 30000:40000 -j ACCEPT +# service iptables save + +# iptables_status=`service iptables status | grep 'not running'` +# if [ "${iptables_status}" == '' ];then +# service iptables restart +# fi + +# #安装时不开启 +# service iptables stop +# fi + + +if [ ! -f /usr/sbin/iptables ];then + yum install firewalld -y + systemctl enable firewalld + systemctl start firewalld + + if [ "$SSH_PORT" != "" ];then + firewall-cmd --permanent --zone=public --add-port=${SSH_PORT}/tcp + else firewall-cmd --permanent --zone=public --add-port=22/tcp - firewall-cmd --permanent --zone=public --add-port=80/tcp - firewall-cmd --permanent --zone=public --add-port=443/tcp - firewall-cmd --permanent --zone=public --add-port=888/tcp - # firewall-cmd --permanent --zone=public --add-port=7200/tcp - # firewall-cmd --permanent --zone=public --add-port=3306/tcp - # firewall-cmd --permanent --zone=public --add-port=30000-40000/tcp - firewall-cmd --reload fi + + firewall-cmd --permanent --zone=public --add-port=80/tcp + firewall-cmd --permanent --zone=public --add-port=443/tcp + firewall-cmd --permanent --zone=public --add-port=888/tcp + firewall-cmd --reload fi + #安装时不开启 systemctl stop firewalld diff --git a/scripts/install/opensuse.sh b/scripts/install/opensuse.sh index c6276154b..8655db800 100644 --- a/scripts/install/opensuse.sh +++ b/scripts/install/opensuse.sh @@ -52,40 +52,41 @@ zypper install -y freetype2-devel # zypper install -y php-config -if [ -f /usr/sbin/iptables ];then - - iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT - iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT - iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT - iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT - # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 7200 -j ACCEPT - # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT - # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 30000:40000 -j ACCEPT - service iptables save - - iptables_status=`service iptables status | grep 'not running'` - if [ "${iptables_status}" == '' ];then - service iptables restart - fi +SSH_PORT=`netstat -ntpl|grep sshd|grep -v grep | sed -n "1,1p" | awk '{print $4}' | awk -F : '{print $2}'` +echo "SSH PORT:${SSH_PORT}" - #安装时不开启 - service iptables stop -fi +# if [ -f /usr/sbin/iptables ];then + +# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT +# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT +# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT +# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT +# service iptables save +# iptables_status=`service iptables status | grep 'not running'` +# if [ "${iptables_status}" == '' ];then +# service iptables restart +# fi -if [ ! -f /usr/sbin/iptables ];then +# #安装时不开启 +# service iptables stop +# fi + + +if [ ! -f /usr/sbin/firewalld ];then zypper install -y firewalld systemctl enable firewalld systemctl start firewalld - firewall-cmd --permanent --zone=public --add-port=22/tcp + if [ "$SSH_PORT" != "" ];then + firewall-cmd --permanent --zone=public --add-port=${SSH_PORT}/tcp + else + firewall-cmd --permanent --zone=public --add-port=22/tcp + fi + firewall-cmd --permanent --zone=public --add-port=80/tcp firewall-cmd --permanent --zone=public --add-port=443/tcp firewall-cmd --permanent --zone=public --add-port=888/tcp - # firewall-cmd --permanent --zone=public --add-port=7200/tcp - # firewall-cmd --permanent --zone=public --add-port=3306/tcp - # firewall-cmd --permanent --zone=public --add-port=30000-40000/tcp - sed -i 's#AllowZoneDrifting=yes#AllowZoneDrifting=no#g' /etc/firewalld/firewalld.conf firewall-cmd --reload diff --git a/scripts/install/ubuntu.sh b/scripts/install/ubuntu.sh index 2d48f6ce4..fc57fcec3 100644 --- a/scripts/install/ubuntu.sh +++ b/scripts/install/ubuntu.sh @@ -27,33 +27,28 @@ localedef -v -c -i en_US -f UTF-8 en_US.UTF-8 SSH_PORT=`netstat -ntpl|grep sshd|grep -v grep | sed -n "1,1p" | awk '{print $4}' | awk -F : '{print $2}'` echo "SSH PORT:${SSH_PORT}" -if [ -f /usr/sbin/ufw ];then +# if [ -f /usr/sbin/ufw ];then - # look - # ufw status - ufw enable +# # look +# # ufw status +# ufw enable - if [ "$SSH_PORT" != "" ];then - ufw allow $SSH_PORT/tcp - else - ufw allow 22/tcp - fi +# if [ "$SSH_PORT" != "" ];then +# ufw allow $SSH_PORT/tcp +# else +# ufw allow 22/tcp +# fi - ufw allow 80/tcp - ufw allow 443/tcp - ufw allow 888/tcp - # ufw allow 7200/tcp - # ufw allow 3306/tcp - # ufw allow 30000:40000/tcp +# ufw allow 80/tcp +# ufw allow 443/tcp +# ufw allow 888/tcp +# fi -fi - - -if [ -f /usr/sbin/ufw ];then - ufw disable -fi +# if [ -f /usr/sbin/ufw ];then +# ufw disable +# fi -if [ ! -f /usr/sbin/ufw ];then +if [ ! -f /usr/sbin/firewalld ];then apt install -y firewalld systemctl enable firewalld systemctl start firewalld @@ -67,9 +62,6 @@ if [ ! -f /usr/sbin/ufw ];then firewall-cmd --permanent --zone=public --add-port=80/tcp firewall-cmd --permanent --zone=public --add-port=443/tcp firewall-cmd --permanent --zone=public --add-port=888/tcp - # firewall-cmd --permanent --zone=public --add-port=7200/tcp - # firewall-cmd --permanent --zone=public --add-port=3306/tcp - # firewall-cmd --permanent --zone=public --add-port=30000-40000/tcp # fix:debian10 firewalld faq # https://kawsing.gitbook.io/opensystem/andoid-shou-ji/untitled/fang-huo-qiang#debian-10-firewalld-0.6.3-error-commandfailed-usrsbinip6tablesrestorewn-failed-ip6tablesrestore-v1.8