一、安装前
此脚本为了方便搭建测试环境,所以需要在本地网络下的纯净CentOS7系统上安装和执行,如果是在云服务器上安装的话,最好注释掉安装SMTP服务器的函数。
在执行安装脚本前,需要先手工配置好固定IP地址,并确保能够连接到互联网上,ens33为网卡名。
vi /etc/sysconfig/network-scripts/ifcfg-ens33
可以参考我的配置
二、上传脚本
在windows上使用scp命令将start.sh复制到CentOS7虚拟机上,或者直接在虚拟机上编辑也行,只要能执行脚本的方式,都可以。
scp start.sh root@yourip:~
start.sh脚本里的内容
#!/bin/bash
#####
##获取ip
function get_ip {
echo
read -p "please input you ip: " ip
echo $ip
net=`echo $ip | cut -d "." -f1-3`
ip1=`echo $ip | cut -d "." -f1`
ip2=`echo $ip | cut -d "." -f2`
ip3=`echo $ip | cut -d "." -f3`
ip4=`echo $ip | cut -d "." -f4`
export ip ip1 ip2 ip3 ip4
}
function test_network {
if ping -c 1 www.baidu.com > /dev/null
then
echo "network is fine"
elif ping -c 1 114.114.114.114 > /dev/null
then
echo "now set dnsserver"
echo "nameserver 114.114.114.114" >> /etc/resolv.conf
elif ping -c $net.1
then
echo "route is wrong"
ip route add 0.0.0.0/0 via $net.1
else
echo "gg"
fi
}
function yum_repo {
yum install -y wget
mkdir /etc/yum.repos.d/bak && mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all && yum makecache
}
function often_tools {
yum install -y net-tools
yum install -y vim
yum install -y lrzsz
yum install -y git
yum install -y bash-completion
yum install -y tcpdump
yum install -y tcpreplay
yum install -y zip unzip
}
function down_firewalld {
setenforce 0
sed -i 's/enforcing/disabled/g' /etc/selinux/config
systemctl stop firewalld
systemctl disable firewalld
}
function set_time {
yum install ntp ntpdate -y
rm -f /etc/localtime
/usr/bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime -f
ntpdate cn.pool.ntp.org
}
function var {
read -p "input ftp username " ftpuser
read -p "input ftp user $ftpuser password " ftppwd
read -p "input mail username " mailuser
read -p "input mail username2 " mailuser2
read -p "input mail user $mailuser password " mailpwd
read -p "input mail user2 $mailuser2 password " mailpwd2
export ftpuser ftppwd mailuser mailuser2 mailpwd mailpwd2
}
main()
{
get_ip
var
test_network
down_firewalld
yum_repo
often_tools
set_time
}
main
git clone https://gitee.com/wangwenqin1/autoinstall.git /root/autoinstall
cd /root/autoinstall
/bin/bash huanjing.sh
三、执行脚本
使用root用户执行脚本
sh start.sh
执行后根据提示信息,输入ip地址,ftp用户,邮件服务器用户等
huanjing.sh脚本内容
#!/bin/bash
##
function install_httpd {
yum install -y httpd
yum install -y mod_ssl
systemctl start httpd
}
function install_php {
yum install zip unzip -y
yum install php php-fpm php-mysql -y
systemctl start php-fpm
systemctl enable php-fpm
}
function install_mysql {
yum install mariadb mariadb-server -y
systemctl start mariadb.service
systemctl enable mariadb
echo -e "\ny\n123456\n123456\ny\nn\nn\ny" | mysql_secure_installation
}
function get_bwapp {
cd /root/autoinstall
unzip bWAPP.zip
mv bWAPP/ bwapp
mv bwapp /var/www/html
rm -rf /tmp/bwapp
echo "setting bwapp config"
sed -i 's/"bug"/"123456"/g' /var/www/html/bwapp/admin/settings.php
curl 127.0.0.1/bwapp/install.php?install=yes
echo '<a href="bwapp/login.php">bwapp</a>' >> /var/www/html/index.html
}
function install_ftp {
yum install vsftpd -y
useradd $ftpuser
echo "$ftppwd" | passwd --stdin $ftpuser
systemctl start vsftpd
systemctl enable vsftpd
}
function install_nginx {
yum install nginx -y
create_sslcrtkey
rm -f /etc/nginx/con.d/*.conf
touch /etc/nginx/conf.d/https.conf
cat >> /etc/nginx/conf.d/https.conf << EOF
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
root /var/www/html;
ssl_certificate "/etc/nginx/ssl/crt/server.crt";
ssl_certificate_key "/etc/nginx/ssl/key/server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
index index.html index.php;
autoindex on;
}
location ~ .php\$ {
root /var/www/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
include fastcgi_params;
}
}
EOF
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
cat >> /etc/nginx/nginx.conf << EOF
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
multi_accept on;
worker_connections 400000;
use epoll;
}
http {
log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" '
'\$status $body_bytes_sent "\$http_referer" '
'"\$http_user_agent" "\$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
}
EOF
cat >> /etc/nginx/conf.d/http.conf << EOF
server {
listen 80;
listen [::]:80;
server_name _;
root /var/www/html;
include /etc/nginx/default.d/*.conf;
location / {
autoindex on;
index index.html index.php;
}
location ~ .php\$ {
root /var/www/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
include fastcgi_params;
}
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
EOF
systemctl start nginx
systemctl enable nginx
}
function create_sslcrtkey {
mkdir -p /tmp/ssltest
cd /tmp/ssltest
openssl genrsa -des3 -passout pass:123456 -out server.key 2048
openssl rsa -in server.key -out server.key -passin pass:123456
openssl req -new -days 3650 -key server.key -out server.csr << EOF
CN
SiChuan
ChengDu
ssltest
ssltest
*.ssltest.com
test@ssltest.com
ssltest
EOF
openssl req -new -x509 -key server.key -out ca.crt -days 3650 << EOF
CN
SiChuan
ChengDu
ssltest
ssltest
*.ssltest.com
test@ssltest.com
EOF
openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey server.key -CAcreateserial -out server.crt
mkdir -p /etc/nginx/ssl/crt
mkdir -p /etc/nginx/ssl/key
cp server.key /etc/nginx/ssl/key/server.key
cp server.crt /etc/nginx/ssl/crt/server.crt
rm -rf /tmp/ssltest
}
function get_dvwa {
cd /root/autoinstall
unzip dvwa.zip
mv dvwa /var/www/html
cp /var/www/html/dvwa/config/config.inc.php.dist /var/www/html/dvwa/config/config.inc.php
mysql -u root -p123456 << EOF
create database dvwa;
grant all privileges on dvwa.* to dvwa@127.0.0.1 identified by "p@ssw0rd"
EOF
echo '<a href=dvwa>dvwa</a>' >> /var/www/html/index.html
}
function install_mailserver {
yum install dovecot -y
cd /root/autoinstall
rm -f /etc/postfix/main.cf
cp -a conf/main.cf /etc/postfix/main.cf
rm -f /etc/dovecot/dovecot.conf
cp -a conf/dovecot.conf /etc/dovecot/dovecot.conf
rm -f /etc/dovecot/conf.d/10-auth.conf
rm -f /etc/dovecot/conf.d/10-mail.conf
rm -f /etc/dovecot/conf.d/10-master.conf
cp -a conf/dovecot.conf /etc/dovecot/dovecot.conf
cp -a conf/10-auth.conf /etc/dovecot/conf.d/10-auth.conf
cp -a conf/10-mail.conf /etc/dovecot/conf.d/10-mail.conf
cp -a conf/10-master.conf /etc/dovecot/conf.d/10-master.conf
sed -i '8s/required/no/' /etc/dovecot/conf.d/10-ssl.conf
systemctl start postfix
systemctl enable postfix
systemctl start dovecot
systemctl enable dovecot
systemctl restart postfix
useradd $mailuser
echo "$mailpwd" | passwd --stdin $mailuser
useradd $mailuser2
echo "$mailpwd2" | passwd --stdin $mailuser2
}
function setdns {
yum install bind bind-utils -y
sed -i "13s/127.0.0.1/any/" /etc/named.conf
sed -i "21s/localhost/any/" /etc/named.conf
cd /root/autoinstall
rm -f /etc/named.rfc1912.zones
cp -a conf/named.rfc1912.zones /etc/named.rfc1912.zones
sed -i "46s/inputip/$ip3.$ip2.$ip1/" /etc/named.rfc1912.zones
cp -a conf/mailtest.arpa /var/named/mailtest.arpa
cp -a conf/mailtest.com.zone /var/named/mailtest.com.zone
sed -i "11s/inputip/$ip/" /var/named/mailtest.com.zone
systemctl start named
systemctl enable named
echo "nameserver $ip" > /etc/resolv.conf
echo "nameserver 114.114.114.114" >> /etc/resolv.conf
}
install_php
install_mysql
install_nginx
install_ftp
set_time
setdns
#在云服务器上安装时,注释此函数;
install_mailserver
echo "install bwapp and dvwa"
##因为是测试环境,所以安装了两个常用的靶场,不喜欢的可以注释掉下面两行;
get_bwapp
get_dvwa
echo "The web root directory :/var/www/html"
echo "The database user:root password:123456 "
echo "https server.key /etc/nginx/ssl/key/server.key"
echo "https server.crt /etc/nginx/ssl/crt/server.crt"
echo "the ftpuser is $ftpuser,password is $ftppwd"
echo "The mailaddress is XXX@mailtest.com"
echo "the mailuser is $mailuser,password is $mailpwd"
echo "the mailuser2 is $mailuser2,password is $mailpwd2"
如果有问题或者可以优化脚本的话,大家一起交流,共同进步