109 lines
3.2 KiB
Bash
Executable File
109 lines
3.2 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# --- 0. VÉRIFICATION DES DROITS ---
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "❌ Erreur : Ce script doit être lancé avec sudo."
|
|
exit 1
|
|
fi
|
|
|
|
# --- 1. CONFIGURATION DYNAMIQUE ---
|
|
HOSTNAME=$(hostname)
|
|
SMTP_HOST="mail.acemail.fr"
|
|
SMTP_PORT="587"
|
|
SMTP_USER="srv.${HOSTNAME}@a5l.fr"
|
|
DEST_EMAIL="cedric+${HOSTNAME}@abonnel.fr"
|
|
|
|
echo "=========================================================="
|
|
echo " VÉRIFICATION SMTP & DÉPLOIEMENT - ${HOSTNAME}"
|
|
echo "=========================================================="
|
|
|
|
# --- 2. TEST DU MOT DE PASSE SMTP ---
|
|
AUTH_OK=false
|
|
while [ "$AUTH_OK" = false ]; do
|
|
echo -n "🔑 Entrez le mot de passe SMTP pour ${SMTP_USER} : "
|
|
read -s SMTP_PASS
|
|
echo -e "\n⏳ Test de connexion en cours..."
|
|
|
|
# Config temporaire pour le test
|
|
cat > /tmp/.msmtp_test <<EOF
|
|
defaults
|
|
auth on
|
|
tls on
|
|
tls_trust_file /etc/ssl/certs/ca-certificates.crt
|
|
account test
|
|
host $SMTP_HOST
|
|
port $SMTP_PORT
|
|
from $SMTP_USER
|
|
user $SMTP_USER
|
|
password $SMTP_PASS
|
|
account default : test
|
|
EOF
|
|
chmod 600 /tmp/.msmtp_test
|
|
|
|
# Tentative d'envoi
|
|
echo "Test de configuration" | msmtp --file=/tmp/.msmtp_test -t "$DEST_EMAIL" 2>/dev/null
|
|
|
|
if [ $? -eq 0 ]; then
|
|
echo "✅ Authentification SMTP réussie !"
|
|
AUTH_OK=true
|
|
rm /tmp/.msmtp_test
|
|
else
|
|
echo "❌ Échec. Vérifiez le mot de passe ou la connexion réseau."
|
|
rm /tmp/.msmtp_test
|
|
fi
|
|
done
|
|
|
|
# --- 3. INSTALLATION ---
|
|
echo "--- Installation des paquets ---"
|
|
DEBIAN_FRONTEND=noninteractive apt update
|
|
DEBIAN_FRONTEND=noninteractive apt install -y msmtp msmtp-mta bsd-mailx ufw fail2ban unattended-upgrades curl
|
|
|
|
# --- 4. CONFIGURATION MSMTP ---
|
|
echo "--- Configuration MSMTP ---"
|
|
cat > /etc/msmtprc <<EOF
|
|
defaults
|
|
auth on
|
|
tls on
|
|
tls_trust_file /etc/ssl/certs/ca-certificates.crt
|
|
logfile /var/log/msmtp.log
|
|
|
|
account default
|
|
host $SMTP_HOST
|
|
port $SMTP_PORT
|
|
from $SMTP_USER
|
|
user $SMTP_USER
|
|
password $SMTP_PASS
|
|
EOF
|
|
chmod 600 /etc/msmtprc
|
|
ln -sf /usr/bin/msmtp /usr/sbin/sendmail
|
|
|
|
# --- 5. SCRIPT DE SURVEILLANCE ---
|
|
echo "--- Création du check santé ---"
|
|
# On utilise cat directement ici car on est déjà en root
|
|
cat > /usr/local/bin/sys_check.sh <<EOF
|
|
#!/bin/bash
|
|
THRESHOLD=90
|
|
EMAIL="$DEST_EMAIL"
|
|
HOST="\$(hostname)"
|
|
|
|
DISK_USAGE=\$(df / | awk 'NR==2 {print \$5}' | sed 's/%//')
|
|
RAM_USAGE=\$(free | grep Mem | awk '{print int(\$3/\$2 * 100)}')
|
|
|
|
if [ "\$DISK_USAGE" -gt "\$THRESHOLD" ] || [ "\$RAM_USAGE" -gt "\$THRESHOLD" ]; then
|
|
MESSAGE="ALERTE sur \$HOST\nDisque: \$DISK_USAGE% | RAM: \$RAM_USAGE%\nDate: \$(date)"
|
|
echo -e "\$MESSAGE" | mail -s "⚠️ ALERTE : \$HOST" "\$EMAIL"
|
|
fi
|
|
EOF
|
|
chmod +x /usr/local/bin/sys_check.sh
|
|
|
|
# --- 6. SÉCURITÉ & AUTOMATISATION ---
|
|
echo "--- Activation Sécurité & Cron ---"
|
|
ufw allow 22/tcp
|
|
ufw --force enable
|
|
systemctl restart fail2ban
|
|
(crontab -l 2>/dev/null | grep -v "sys_check.sh" ; echo "0 * * * * /usr/local/bin/sys_check.sh") | crontab -
|
|
|
|
# --- 7. RAPPORT FINAL ---
|
|
echo "Le déploiement est terminé avec succès sur $HOSTNAME." | mail -s "[OK] Setup Admin : $HOSTNAME" "$DEST_EMAIL"
|
|
|
|
echo "✅ Terminé avec succès !" |