precise - public

by ctf
62 deployments · 1 still active · last rev. 1 year ago

To deploy an Linode with my working environment.
You would need the script from: https://github.com/timchen86/linode_deploy
The following setting will be done.
sshd, privoxy, tor, transmission, ssmtp, stunnel, ufw, nginx, timezone, etc.

Compatible with: Ubuntu 14.04 LTS
						#!/usr/bin/env bash
set -o nounset
set -o errexit
set -o xtrace
# UDF
# <UDF name="admin_user_name" label="The admin user's name" /> 
# <UDF name="admin_user_passwd" label="The admin user's password" /> 
# <UDF name="admin_user_gid" label="The admin user's gid" /> 
# <UDF name="ssh_pubkey_url" label="The SSH public Key" /> 
# <UDF name="ssh_passphrase" label="The SSH passpharase" />
# <UDF name="gmail_account" label="The gmail account for ssmtp" /> 
# <UDF name="gmail_pass" label="The gmail pass for ssmtp" /> 
# <UDF name="ssh_port" label="The SSH server port" /> 
# <UDF name="ssmtp_port" label="The ssmtp port" /> 
# <UDF name="http_port" label="The http port" /> 
# <UDF name="tor_port" label="The tor port" /> 
# <UDF name="privoxy_port" label="The privoxy port" /> 
# <UDF name="privoxy_tor_port" label="The privoxy with tor port" /> 
# <UDF name="transmission_user" label="The transmission user" /> 
# <UDF name="transmission_passwd" label="The transmission password" /> 
# <UDF name="opt_disk" label="The disk for opt" /> 
# <UDF name="allow_ip" label="Allow IP from" /> 
# <UDF name="tz_data" label="Set up timezone for tzdata" /> 
# <UDF name="label_data" label="The label for this deploy" default="UNKNOW" /> 

# name="transmission_port" label="The transmission port" /> 
# name="afp_port" label="The afp port" /> 


SS_DIR="/root/stackscript"
mkdir -p "$SS_DIR"

SS2="$SS_DIR/StackScript2"
LOG="$SS_DIR/log"
UPDATE_SH="$SS_DIR/update.sh"

cat > "$UPDATE_SH" << "EOFUPDATE"
#!/bin/bash
export API_KEY="3pG6v2nPjZFVor8KzBUHFIRjayF2PVpnr5WPgnklHTqaY3tnmYFvMvob4kVgNLG2"
sudo curl -X POST "https://api.linode.com" -d api_key=$API_KEY -d api_action=stackscript.update --data-urlencode script@/root/StackScript -d StackScriptId=6577
EOFUPDATE

cat > "$SS2" << "BIGEOF"
#!/usr/bin/env bash
set -o nounset
set -o errexit
set -o xtrace

function task_go {
	echo -e "\n------------------\n${1}\n------------------\n"
}

function task_done {
	echo "$1" >> "$TRACE_LOG"
	echo -e "\n------------------\nDone!\n------------------\n"
	#read
}

function replace_option_transmission {
	TRANSMISSION_CONF_FILE="/etc/transmission-daemon/settings.json"
	sed -i.bak -e "s%\(^.*${1}.*\": \).*$%\1${2},%" "$TRANSMISSION_CONF_FILE"
}

function replace_option {
	sed -i.bak -e "s%^\s*\(${2}\).*$%#&\n${3}%" "${1}"
}

function replace_option_nobak {
	sed  -i    -e "s%^\s*\(${2}\).*$%#&\n${3}%" "${1}"
}

function replace_option_slash {
	sed  -i    -e "s%^\s*\(${2}\).*$%//&\n${3}%" "${1}"
}

function gen_port {
	PORT_MIN=10000
	PORT_MAX=65534
	RANDOM_PORT="$((($RANDOM+$RANDOM)%($PORT_MAX-$PORT_MIN+1)+$PORT_MIN))"

	if [ -f "$PORTS_FILE" ] 
	then 
		PORTS_COUNT=$(wc -l $PORTS_FILE | cut -f1 -d" ")
		if [ "$PORTS_COUNT" -ge "$(($PORT_MAX-$PORT_MIN+1))" ]
		then 
			exit 1
		fi

		grep -q "$RANDOM_PORT" "$PORTS_FILE"
	else 
		echo "$RANDOM_PORT $1" >> "$PORTS_FILE"
		echo "$RANDOM_PORT"
		return
	fi

	if [ "$?" -eq 0 ]
	then
		gen_port
	else
		echo "$RANDOM_PORT $1" >> "$PORTS_FILE"
		echo "$RANDOM_PORT"
	fi
	
	return
}

#

ADMIN_USER_NAME=$1
ADMIN_USER_PASSWD=$2 
ADMIN_USER_GID=$3
SSH_PUBKEY_URL=$4
SSH_PASSPHRASE=$5
GMAIL_ACCOUNT=$6
GMAIL_PASS=$7
SSH_PORT=$8
SSMTP_PORT=$9
HTTP_PORT=${10}
TOR_PORT=${11}
PRIVOXY_PORT=${12}
PRIVOXY_TOR_PORT=${13}
TRANSMISSION_USER=${14}
TRANSMISSION_PASSWD=${15}
OPT_DISK=${16}
ALLOW_IP=${17}
TZ_DATA=${18}
LABEL_DATA=${19}
#TRANSMISSION_PORT=${16}
#AFP_PORT=${17}

# global 
TMP_DIR="$HOME/stackscript"
TMP_FILE="$TMP_DIR/tmp"
TRACE_LOG="$TMP_DIR/trace"
SS_RAW_LOG="$TMP_DIR/ss_raw.log"
SS_LOG="$TMP_DIR/ss.log"
LABEL_FILE="$TMP_DIR/label_${LABEL_DATA}"
AUGTOOL_FILE="$TMP_DIR/augconf"
mkdir -p "$TMP_DIR"
chmod 700 "$TMP_DIR"
CONSOLE_LOG="$TMP_DIR/log"
HOME_DIR="/opt/home"

# release name 
DIST_CODE_NAME=$(lsb_release -c | cut -f2)
# host ip
#HOST_IP=$(ip -f inet -r addr | egrep -o "(([0-9]{3}+).*)/24" | sed 's/\/24//')
HOST_IP=$(wget -qO- http://ipecho.net/plain)
echo "$HOST_IP external" >> "/etc/hosts" 
echo "$ALLOW_IP home" >> "/etc/hosts"
PORTS_FILE="$TMP_DIR/ports"

## ufw
task_go "To setup UFW"

ufw enable
ufw default deny
for ip in $ALLOW_IP; do ufw allow from $ip; done
cat "/etc/resolv.conf" | grep nameserver | cut -d" " -f2 | xargs -i ufw allow from {}

task_done "$LINENO"


## tzdata
task_go "set up tzdata"

echo "Asia/Taipei" > /etc/timezone    
dpkg-reconfigure -f noninteractive tzdata

task_done "$LINENO"



## apt-get update
task_go "To apt-get dist-upgrade"


APT_SOURCE_LIST="/etc/apt/sources.list"
echo "deb http://us.archive.ubuntu.com/ubuntu/ ${DIST_CODE_NAME}-proposed restricted main multiverse universe" >> "$APT_SOURCE_LIST"
echo "deb http://deb.torproject.org/torproject.org ${DIST_CODE_NAME} main" >> "$APT_SOURCE_LIST"

# tor
gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
#add-apt-repository -y ppa:upubuntu-com/tor64
apt-get -y update
apt-get -y dist-upgrade 
#apt-get -y install acct
apt-get -y install python-software-properties augeas-tools

task_done "$LINENO" 

## fstab
task_go "To set up fstab for /opt"

cat > ${AUGTOOL_FILE} << EOF
set /files/etc/fstab/01/spec ${OPT_DISK}
set /files/etc/fstab/01/file /opt
set /files/etc/fstab/01/vfstype ext3
set /files/etc/fstab/01/opt[1] noatime
set /files/etc/fstab/01/opt[2] "errors"
set /files/etc/fstab/01/opt[2]/value "remount-ro"
set /files/etc/fstab/01/dump 0
set /files/etc/fstab/01/passno 2
save
EOF
augtool -f $AUGTOOL_FILE

mount -a

task_done "$LINENO"



## create admin user
task_go "To create admin user"

useradd -s "/bin/bash" -m -p "$(mkpasswd $ADMIN_USER_PASSWD)" -G "sudo" -u "$ADMIN_USER_GID" -b "$HOME_DIR" "$ADMIN_USER_NAME"
# Admin user home
ADMIN_USER_HOME="$HOME_DIR/$ADMIN_USER_NAME"

ADMIN_USER_BASHRC="$HOME_DIR/$ADMIN_USER_NAME/.bashrc"
replace_option "$ADMIN_USER_BASHRC" "alias ls=" "alias ls='ls --color=auto -a'"

task_done "$LINENO"

## disable ipv6
task_go "Diable IPv6"

echo "net.ipv6.conf.all.disable_ipv6 = 1" >> "/etc/sysctl.conf"
echo "net.ipv6.conf.default.disable_ipv6 = 1" >> "/etc/sysctl.conf"
echo "net.ipv6.conf.lo.disable_ipv6 = 1" >> "/etc/sysctl.conf"
sysctl -p

task_done "$LINENO"


## SSH
# generate admin user's ssh key
task_go "To generate admin user's ssh key"

echo -e  'y\n' | sudo -u "$ADMIN_USER_NAME" ssh-keygen -t rsa -N "$SSH_PASSPHRASE" -f "$ADMIN_USER_HOME/.ssh/id_rsa"

task_done "$LINENO"

# import admin user's public key to auth file
task_go "To import admin user's public key to auth file"

SSH_PUBKEY_TMP="${TMP_DIR}/id_rsa.pub"
wget "$SSH_PUBKEY_URL" -O "$SSH_PUBKEY_TMP"
SSH_AUTH_FILE="$ADMIN_USER_HOME/.ssh/authorized_keys"
cat "$SSH_PUBKEY_TMP" >> "$SSH_AUTH_FILE"

task_done "$LINENO"


task_go "To config sshd"

#SSH_PORT=$(gen_port "ssh")

cat > "$AUGTOOL_FILE" << EOF
set /files/etc/ssh/sshd_config/Port ${SSH_PORT}
set /files/etc/ssh/sshd_config/PermitRootLogin no
set /files/etc/ssh/sshd_config/PasswordAuthentication no
set /files/etc/ssh/sshd_config/AllowUsers/1 ${ADMIN_USER_NAME}
save
EOF

augtool -f "$AUGTOOL_FILE"

service ssh restart 

task_done "$LINENO"

## ssmtp
task_go "To set up ssmpt"

apt-get -y install ssmtp heirloom-mailx

# ssmtp config
SSMTP_CONF_FILE="/etc/ssmtp/ssmtp.conf"
cat > ${SSMTP_CONF_FILE} << EOF
root=${GMAIL_ACCOUNT}
mailhub=smtp.gmail.com:587
FromLineOverride=YES
UseSTARTTLS=YES
AuthUser=${GMAIL_ACCOUNT}
AuthPass=${GMAIL_PASS}
EOF

# ssmtp relaliases
SSMTP_REVALIASES_FILE="/etc/ssmtp/revaliases"
cat > ${SSMTP_REVALIASES_FILE} << EOF
root:${GMAIL_ACCOUNT}:smtp.gmail.com:587
${ADMIN_USER_NAME}:${GMAIL_ACCOUNT}:smtp.gmail.com:587
EOF

chown "root:mail" "$SSMTP_CONF_FILE"
chmod "640" "$SSMTP_CONF_FILE"
usermod -a -G mail "${ADMIN_USER_NAME}"

task_done "$LINENO" 


## stunnel
task_go "To set up stunnel"

apt-get -y install stunnel

STUNNEL_CONF_FILE="/etc/stunnel/stunnel.conf"
cat > ${STUNNEL_CONF_FILE} << EOF
client = yes
[ssmtp]
accept  = ${SSMTP_PORT}
connect = smtp.gmail.com:465
EOF

cat > $AUGTOOL_FILE << EOF
# stunnel4
set /files/etc/default/stunnel4/ENABLED 1
save
EOF

augtool -f $AUGTOOL_FILE
service stunnel4 start

task_done "$LINENO" 

## unattended-upgrades
task_go "To set up unattended-upgrades"

apt-get -y install unattended-upgrades

UNATTENDED_CONF_FILE="/etc/apt/apt.conf.d/50unattended-upgrades"
replace_option_slash "$UNATTENDED_CONF_FILE" "//\t\"\${distro_id}:\${distro_codename}-updates" "      \"\${distro_id}:\${distro_codename}-updates\";"
replace_option_slash "$UNATTENDED_CONF_FILE" "//\t\"\${distro_id}:\${distro_codename}-proposed" "      \"\${distro_id}:\${distro_codename}-proposed\";"

APT_PERIODIC_FILE="/etc/apt/apt.conf.d/10periodic"

cat > $APT_PERIODIC_FILE << EOF
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
EOF

task_done "$LINENO" 

## no hostname override
task_go "Set up localhost hostname"

echo "localhost" >> /etc/hostname
hostname -F /etc/hostname

task_done "$LINENO" 


## tor
task_go "To set up tor"

apt-get -y install deb.torproject.org-keyring
apt-get -y install tor

TOR_CONF_FILE="/etc/tor/torrc"
#replace_option "$TOR_CONF_FILE" "SocksPort" "SocksPort $TOR_PORT"
mv "$TOR_CONF_FILE" "${TOR_CONF_FILE}.ori"
cat > "$TOR_CONF_FILE" << EOF
SocksPort ${TOR_PORT}
CircuitBuildTimeout 5
KeepalivePeriod 60
NewCircuitPeriod 15
NumEntryGuards 8
mapaddress 10.40.40.40 p4fsi4ockecnea7l.onion
EOF

#TOR_TSOCKS_CONF_FILE="/etc/tor/tor-tsocks.conf"
#replace_option "$TOR_TSOCKS_CONF_FILE" "server_port" "server_port = $TOR_PORT"

TOR_SOCKS_CONF_FILE="/etc/torsocks.conf"
replace_option "$TOR_SOCKS_CONF_FILE" "server_port" "server_port = $TOR_PORT"

service tor restart

task_done "$LINENO"


## privoxy no tor
task_go "To set up privoxy without tor"

apt-get -y install privoxy

# patch config
PRIVOXY_BIN="/usr/sbin/privoxy"
PRIVOXY_CONF_DIR="/etc/privoxy"
PRIVOXY_CONF_FILE="$PRIVOXY_CONF_DIR/config"
PRIVOXY_INIT_FILE="/etc/init.d/privoxy"
PRIVOXY_INIT_DIFF_FILE="$TMP_DIR/privoxy.diff"
PRIVOXY_TOR_BIN="/usr/sbin/privoxy_tor"
PRIVOXY_TOR_LOG_DIR="/var/log/privoxy_tor"
PRIVOXY_TOR_CONF_DIR="/etc/privoxy_tor"
PRIVOXY_TOR_CONF_FILE="${PRIVOXY_TOR_CONF_DIR}/config"
PRIVOXY_TOR_INIT_FILE="/etc/init.d/privoxy_tor"

# patch init file
cat > "$PRIVOXY_INIT_DIFF_FILE" << EOF
--- privoxy	2012-01-08 10:39:52.000000000 +0800
+++ privoxy	2013-03-02 23:39:02.000000000 +0800
@@ -87,8 +87,8 @@
 	# that waits for the process to drop all resources that could be
 	# needed by services started subsequently.  A last resort is to
 	# sleep for some time.
-	start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec \$DAEMON
-	[ "\$?" = 2 ] && return 2
+	#start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec \$DAEMON
+	#[ "\$?" = 2 ] && return 2
 	# Many daemons don't delete their pidfiles when they exit.
 	rm -f \$PIDFILE
 	return "\$RETVAL"
EOF

patch --no-backup-if-mismatch -f -p0 -d "/etc/init.d" < "$PRIVOXY_INIT_DIFF_FILE"
cp "$PRIVOXY_INIT_FILE" "$PRIVOXY_TOR_INIT_FILE"

# patch config
cp -r "$PRIVOXY_CONF_DIR" "$PRIVOXY_TOR_CONF_DIR"

replace_option "${PRIVOXY_CONF_FILE}" "listen-address" "listen-address external:${PRIVOXY_PORT}"
replace_option "${PRIVOXY_CONF_FILE}" "#debug   4096" "debug   4096"

service privoxy restart

task_done "$LINENO"

## privoxy tor
task_go "To set up privoxy with tor"

# bin
cp "$PRIVOXY_BIN" "$PRIVOXY_TOR_BIN"

# config
replace_option "${PRIVOXY_TOR_CONF_FILE}" "listen-address" "listen-address external:${PRIVOXY_TOR_PORT}"
replace_option "${PRIVOXY_TOR_CONF_FILE}" "confdir /etc/privoxy" "confdir $PRIVOXY_TOR_CONF_DIR"
replace_option "${PRIVOXY_TOR_CONF_FILE}" "#debug   4096" "debug   4096"
replace_option "${PRIVOXY_TOR_CONF_FILE}" "#        forward-socks5" "        forward-socks5   /               127.0.0.1:${TOR_PORT} ."

# patch init script
replace_option_nobak "$PRIVOXY_TOR_INIT_FILE" "NAME=" "NAME=privoxy_tor"
replace_option_nobak "$PRIVOXY_TOR_INIT_FILE" "DAEMON=" "DAEMON=$PRIVOXY_TOR_BIN"
replace_option_nobak "$PRIVOXY_TOR_INIT_FILE" "CONFIGFILE=" "CONFIGFILE=$PRIVOXY_TOR_CONF_FILE"

service privoxy_tor restart
update-rc.d privoxy_tor defaults

task_done "$LINENO"


## http server
task_go "To set up http server"

apt-get -y install nginx

replace_option "/etc/nginx/sites-available/default" "#listen   80" "\tlisten    ${HTTP_PORT};"
service nginx restart

task_done "$LINENO"

## nfs server
task_go "To set up nfs server"

apt-get -y install nfs-kernel-server

cat > ${AUGTOOL_FILE} << EOF
set /files/etc/exports/dir[last()+1] "/opt"
set /files/etc/exports/dir[last()]/client "home"
set /files/etc/exports/dir[last()]/client/option[1] "rw"
set /files/etc/exports/dir[last()]/client/option[2] "async"
set /files/etc/exports/dir[last()]/client/option[3] "no_root_squash"
set /files/etc/exports/dir[last()]/client/option[4] "no_subtree_check"
save
EOF

augtool -f $AUGTOOL_FILE

service nfs-kernel-server restart

task_done "$LINENO"
 
## transmission server
task_go "To set up transmission server"

TRANSMISSION_WHITELIST="127.0.0.1, $ALLOW_IP, $HOST_IP"
TRANSMISSION_DIR="/opt/transmission"
TRANSMISSION_CONFIG_DIR="$TRANSMISSION_DIR/info"
TRANSMISSION_DEFAULT_FILE="/etc/default/transmission-daemon"

apt-get -y install transmission-daemon
service transmission-daemon stop

# replace_option_transmission "rpc-username" \""$TRANSMISSION_USER"\"
# replace_option_transmission "rpc-password" \""$TRANSMISSION_PASSWD"\"
# replace_option_transmission "rpc-port" "9796"
# #replace_option_transmission "rpc-whitelist" \""$TRANSMISSION_WHITELIST"\"
# replace_option_transmission "rpc-whitelist-enabled" "false"
# replace_option_transmission "rpc-authentication-required" "true"
# replace_option_transmission "download-dir" \""$TRANSMISSION_DIR"\"
# replace_option_transmission "umask" "2"
# 
# replace_option_nobak "$TRANSMISSION_DEFAULT_FILE" "CONFIG_DIR" "CONFIG_DIR=\"${TRANSMISSION_CONFIG_DIR}\""
 
echo "net.core.rmem_max = 4194304" >> "/etc/sysctl.conf"
echo "net.core.wmem_max = 1048576" >> "/etc/sysctl.conf"
sysctl -p
cp "$TRANSMISSION_CONFIG_DIR/transmission-daemon" "/etc/default"

usermod -a -G debian-transmission "$ADMIN_USER_NAME"
usermod -a -G syslog debian-transmission

service transmission-daemon start

task_done "$LINENO"


# pi
task_go "To set up pi user"

useradd -m pi -u 1000
usermod -a -G debian-transmission,"$ADMIN_USER_NAME" pi

task_done "$LINENO"

## afp
# task_go "To set up afp"
# 
# apt-get -y install netatalk
# 
# NETATALK_DEFAULT_FILE="/etc/default/netatalk"
# cat >> "$NETATALK_DEFAULT_FILE" << EOF
# AFPD_UAMLIST="-U uams_dhx2_password.so"
# ATALKD_RUN=no
# PAPD_RUN=no
# CNID_METAD_RUN=yes
# AFPD_RUN=yes
# TIMELORD_RUN=no
# A2BOOT_RUN=no
# EOF
# 
# NETATALK_VOLUMES_DEFAULT_FILE="/etc/netatalk/AppleVolumes.default"
# replace_option "$NETATALK_VOLUMES_DEFAULT_FILE" "~/" "/opt opt allow:@${ADMIN_USER_NAME} options:usedots,upriv"
# 
# NETATALK_AFPD_FILE="/etc/netatalk/afpd.conf"
# cat >> "$NETATALK_AFPD_FILE" << EOF
# - -port $AFP_PORT -tcp -noddp -icon -uamlist uams_dhx2_passwd.so
# EOF
# 
# service netatalk restart
# 
# task_done "$LINENO"
 

## implant the label
task_go "To implant the label"

echo "$(date)" > "${LABEL_FILE}"

task_done "$LINENO"

## logwatch
task_go "Set up logwatch"

apt-get -y install logwatch

LOGWATCH_DIR="/etc/logwatch/conf"
LOGWATCH_CACHE_DIR="/var/cache/logwatch"
mkdir -p "$LOGWATCH_CACHE_DIR"
LOGWATCH_SHARE_CONF_FILE="/usr/share/logwatch/default.conf/logwatch.conf"
LOGWATCH_CONF_FILE="${LOGWATCH_DIR}/logwatch.conf"

cp "$LOGWATCH_SHARE_CONF_FILE" "$LOGWATCH_DIR"
replace_option "$LOGWATCH_CONF_FILE" "Detail =" "Detail = High"

task_done "$LINENO"

## for other packages
task_go "Install more packages"

apt-get -y install build-essential inotify-tools git python-pip devscripts dput bzr

task_done "$LINENO"

## irssi for tor
task_go "Set up irc client via tor" 
apt-get install -y irssi irssi-plugin-otr irssi-scripts screen libcrypt-openssl-bignum-perl libcrypt-blowfish-perl libcrypt-dh-perl
CAP_SASL="/usr/share/irssi/scripts/cap_sasl.pl"
wget -c http://freenode.net/sasl/cap_sasl.pl -O "$CAP_SASL"
AUTORUN_DIR="/usr/share/irssi/scripts/autorun"
mkdir -p "$AUTORUN_DIR"
ln -s "$CAP_SASL" "$AUTORUN_DIR"
ln -s /usr/share/irssi/scripts "$ADMIN_USER_HOME/.irssi/scripts" && true

## irssi
# task_go "Set up irc client via tor" 
# apt-get -y install libmath-bigint-perl libmath-bigint-gmp-perl libcrypt-dh-perl libcrypt-openssl-bignum-perl libcrypt-blowfish-perl
# UPDATED_TORSOCKS_DEB_URL="https://launchpad.net/ubuntu/+source/torsocks/1.2-3/+build/3449222/+files/torsocks_1.2-3_amd64.deb"
# TORSOCKS_DEB_NAME="$(basename $UPDATED_TORSOCKS_DEB_URL)"
# wget -c "$UPDATED_TORSOCKS_DEB_URL" -P "$TMP_DIR"
# dpkg -i "$TMP_DIR/$TORSOCKS_DEB_NAME"
# IRSSI_SCRIPT_DIR="$ADMIN_USER_HOME/.irssi/scripts/autorun"
# mkdir -p "$IRSSI_SCRIPT_DIR"
# SASL_SCRIPT_URL="http://freenode.net/sasl/cap_sasl.pl"
# wget -c "$SASL_SCRIPT_URL" -P "$IRSSI_SCRIPT_DIR"
# 
# task_done "$LINENO"
 
 

## permission
task_go "Set up permission for files under stackscript directory"

chmod -R 600 "$TMP_DIR"

task_done "$LINENO"


## send out the first logwatch
task_go "The first logwatch"

LOGWATCH_SCRIPT="/etc/cron.daily/00logwatch"
"$LOGWATCH_SCRIPT"

task_done "$LINENO"



## done
echo "Deploy finished at: $(date)" | mail -a "$CONSOLE_LOG" -s "Linode deploy done: $LABEL_DATA" root
exit

#reboot

BIGEOF

chmod 700 "$SS2"
#script -f -c "$SS2 $ADMIN_USER_NAME $ADMIN_USER_PASSWD $ADMIN_USER_GID $SSH_PUBKEY_URL $SSH_PASSPHRASE $GMAIL_ACCOUNT $GMAIL_PASS $SSH_PORT $SSMTP_PORT $HTTP_PORT $TOR_PORT $PRIVOXY_PORT $PRIVOXY_TOR_PORT $TRANSMISSION_USER $TRANSMISSION_PASSWD $TRANSMISSION_PORT $AFP_PORT $OPT_DISK $ALLOW_IP $TZ_DATA $LABEL_DATA" "$LOG"
script -f -c "$SS2 $ADMIN_USER_NAME $ADMIN_USER_PASSWD $ADMIN_USER_GID $SSH_PUBKEY_URL $SSH_PASSPHRASE $GMAIL_ACCOUNT $GMAIL_PASS $SSH_PORT $SSMTP_PORT $HTTP_PORT $TOR_PORT $PRIVOXY_PORT $PRIVOXY_TOR_PORT $TRANSMISSION_USER $TRANSMISSION_PASSWD $OPT_DISK \"$ALLOW_IP\" $TZ_DATA $LABEL_DATA" "$LOG"
# mark: 6E91 @ Fri May 24 11:54:18 CST 2013
# mark: 3A5E @ Fri May 24 12:03:49 CST 2013
# mark: 2557 @ Mon May 27 16:51:35 CST 2013
# mark: 626B @ Tue May 28 11:23:48 CST 2013
# mark: 0AA7 @ Wed May 29 01:03:41 CST 2013