maxinet.conf.sample

# Configuration file for <script_name>.conf:
# Author: Arafat Ali | Email: arafat@sofibox.com | Web: sofibox.com
# =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~="
# 0) Very important!! Make sure the hostname at the remote server is set correctly before running this script.
#    For remote server's hostname, it must match the variable C_BOX_HOSTNAME_FQHN in this config file.
#    Warning, do not set your local OS' hostname same as your remote server's hostname beacuse the script might have the ability to repartition your local OS' disk drive;
#    AKA destructive behavior. The script will not deploy a new server if the remote hostname does not match the variable C_BOX_HOSTNAME_FQHN in this config file.
# 1) Fill appropriate variable in config file <script_name>.conf before running setup. Make sure this file is in the same path within the script.
# 2) The file <script_name>.conf contains sensitive information, setup will auto destroy this file after you have finished installation for security.
#    Do not run this script if you are running multiple users in the system because the information data from the config file might be leaked to other users
#    The main purpose of this script is to initialize server from scratch not to run it under a live system with multiple users.
#    If you are intended to run some features from this script in a live system, make sure that you do not have other users logged in the same live system.
# 3) Make sure you have the original backup / copy of this modified <script_name>.conf file, because setup will auto destory it at the end of the script.
#    To disable auto destroy change this setting C_AUTO_DESTROY_CONFIG=false
#    Make sure to secure this backup config file to avoid unauthorized use
#    eg: you can backup this config file with gpg
# 4) The default script name should be <script_name>.conf. If you want to change this config name, modify the variable inside the script:
#   eg: CONFIG_FILE="YOUR_NEW_CONFIG_NAME.conf"
# 5) The config file will be validated by the script at the beginning, if it contains error, it will halt the script and ask to correct it
# 6) The config accepts the following variable patterns (same as bash variable name convention):
#    eg: 1) abc=2 #OK variable name is valid and contains assignment 2) abc= #NOT-OK because missing assignment 3) abc #NOT-OK because missing assignment
#        4) @ok=abc #NOT-OK because variable name contains invalid char 5) ok.=abc #NOT-OK because variable name contains invalid char
#        6) _ok=abc #OK variable name is valid with underscore
# 7) In addition of that, this config file also will be validated by the script using linux source command, and other regex patterns that exist in the script.
# 8) It is recommend not to use password that contains the following character for specific function to avoid weird behaviour:
#    eg: # ! ' / \ $ &
#    If you still need this character in password, you need to escape the character before passing into the script for processing.
# 9) Warning, do not use password that contains the following character in mysql or mariadb password because they do not support this character:
#    eg: < > )
# 10) Warning for Directadmin installation type, the user password only accept the maximum of 64 characters. More than this will have problem with API.
#    The script can notify you if it contains more than this character for Directadmin
#    In addition of that, Directadmin cannot use this character in password because it will not work with API
#    eg: + (script will check this)
# 11) Each of the variable name in this config should begin with the following characters to represent this variable is from config file: C_
#    eg: C_ADMIN_NAME
# 12) A new planned feature will be included in the script where you do not have to edit this config file to store variable information, you could configure this within the script
# 13) The Directadmin username owner1, admin1, reseller1 and user1 are reserved for this script. You will get error if you try to use these usernames
# 14) Each role (OWNER, ADMIN, RESELLER, USER) must have at least 1 user created with index 1
# 15) Use ascending index number when creating directadmin user (do not skip the number):
#    eg: This is OK: ADMIN_USERNAME1 -> ADMIN_USERNAME2 -> ADMIN_USERNAME3 -> ADMIN_USERNAME[N+1]
#    eg: This is not OK: ADMIN_USERNAME1 -> ADMIN_USERNAME4
# # Be careful some characters are not accepted by phpMyAdmin. Bash has trouble with character #!.
# 16) When the script is trying to upload ISO file into cloud storage eg: dropbox, it needs to be authenticated manually first with the following
#     app scope (this can not be automated for security):
#     files.metadata.write / read , files.content.write / read , sharing.write / read
#     Anything goes wrong, removed ~/.dropbox_uploader to start from scratch
#     Fill in authentication information from ~/.dropbox_uploader into this config file for the following variables:
#     C_DROPBOX_CONFIGFILE_VERSION="2.0"
#     C_DROPBOX_OAUTH_APP_KEY="FILL_IN_"
#     C_DROPBOX_OAUTH_APP_SECRET="FILL_IN"
#     C_DROPBOX_OAUTH_REFRESH_TOKEN="FILL_IN"
# 17) Please fill in your current public IP at this variable to prevent lock out during setup C_HOST_PUBLIC_IP
# =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~="
# C_CONFIG_VERSION:
# This variable is the version of this config file. This is the main variable used by script to determine if source contain valid value
C_CONFIG_VERSION="1.0"


# C_HOST_PUBLIC_IP:
# This variable is used to store the current host public IP.
# This IP address is useful for example to allow firewall to ignore this IP during setup
# The possible values are any IPv4 or IPv6
# You should leave this variable empty and let the script retrieve your current host public IP.
# possible values are any IPv6 or IPv4 host public IP
C_HOST_PUBLIC_IP=""


# C_HOST_TYPE:
# This variable is used to store the type of host (whether it is local or remote)
# If you are unsure, please do not assign this value manually, let the script determine it automatically
C_HOST_TYPE=""


# C_HIDE_SENSITIVE_TEXT:
# This variable is used to hide sensitive information on the terminal such as username, password, port.
# The script will create a new template file in <script_name>/conf/sensitive_label that contains all variables from this config files based on the value of true or false
# The sensitive_label variable will have a new name beginning with the following characters: LABEL_
# eg: LABEL_C_ADMIN_PASSWORD="C_ADMIN_PASSWORD" (if C_HIDE_SENSITIVE_TEXT=true)
# eg2: LABEL_C_ADMIN_PASSWORD="${C_ADMIN_PASSWORD}" (if C_HIDE_SENSITIVE_TEXT=false)
# After that it will source the template file to obtain the correct label information for hiding / showing sensitive information from variable inside config file
# Some sensitive variables might came directly within the script (not from the config file). So, some hardcoded ifelse conditions also are included in the script to hide or show this information based on the value of C_HIDE_SENSITIVE_TEXT
# This feature is useful for script demonstration to hide sensitive information from public
# Possible values are: true, false
C_HIDE_SENSITIVE_TEXT=false

# C_LOG_VERBOSITY_LEVEL:
# This variable is used to show logging level for each script command. This is normally used in _echo() function with the option --verbose passed
# The logging feature will have the following display format when using with _echo() with --verbose 4:
# eg: [log_label]<OTHERSTRING>: Other output
# eg2: [warning][maxinet]: This file has been deleted without reason
# Without an option --verbose the default log level is 6 (info)
# For advanced or expert logging use 8 (expert) to display everything and use 7 (debug) for development.
# Using 6 is the the default log level (this will ignore level 7 (debug) logging, so any debugging display will be hidden)
# Some of their possible values are: ([0]="emerg" [1]="alert" [2]="crit" [3]="err" [4]="warning" [5]="notice" [6]="info" [7]="debug" [8]="expert")
# Warning, verbose level 7 and more might contain sensitive information.
C_LOG_VERBOSITY_LEVEL="6"

# C_AUTO_DESTROY_CONFIG:
# This variable is used to destroy this main config file after it has finished installation at the end of the script.
# By default the script will notify within 120 seconds that it will destroy the config file (you can cancel this operation within the terminal by pressing CTRL+C)
# If no action is taken during 120 seconds, it will execute a low level deletion using shred command to completely destroy the file (unrecoverable).
# Make sure that you have the backup config file in a secure place before it is being destroyed.
# Possible values are: true, false
C_AUTO_DESTROY_CONFIG=true

# C_SPIN_PROGRESS:
# This variable is used to display progress bar animation within the function _echo().
# This variable is used too hold progress spin character, useful to display a long or delay statement.
# Example of the progress spin: ".oO@*"
C_SPIN_PROGRESS="/-\|"

# C_PIP_ALWAYS_UPDATE:
# This variable is use to enable update of the pip components once when executing a specific function for the first time that requires this pip command.
# For example you can enable this setting to update pip3 component for linode-cli once when script is running. This will avoid pip warning message that there is a new version that needs upgrade
# By enabling this option, you will always have the latest pip installation including the components before the script is executed the pip components.
# Possible values are: true, false
C_PIP_ALWAYS_UPDATE=true

# C_COMPANY_ID:
# This variable is used to store company ID that the script requires for display purpose.
C_COMPANY_ID="codegix"

# USE_MULTI_LOG_FILE:
# This variable is used to enable multiple log files or single log file
# If you enable this option, the script will generate multiple log files with the datetime stamp including random string using following format:
# eg: <script_name>-31-03-2020_11-56-16.12345-report.log
# If this option is set to false, you will only have one single log file in /<script_path>/log/<script_name>-report.log
# Possible values are: true, false
C_USE_MULTI_LOG_FILE=true


# C_PRE_AUTORUN_SETUP:
# This variable is used to automatically continue server remote installation when it has finished installing Operating System
# For example after finished installing operating system with automated installation method, it will run the installation script by executing --setup option
# If this option is not enable, after finished installing operating system, it will shutdown the operating system and do nothing else
# You can turn on the offline operating system by triggering the following command: <script_name> --start-server
# After that you could run the following command in the terminal to continue the setup automatically:
# <script_name> --push-ssh-script --sp ${BOX_HOSTNAME_FQDN}:${LABEL_SSH_PORT} --gu root:${LABEL_ROOT_USERNAME} --push-maxinet-setup-script"
# You can obtain all the above variables from config files
# possible values are: true, false
C_PRE_AUTORUN_SETUP=true

# C_HOST_MAX_PROCESSOR:
# This variable is used to set the number of processor for parallel processing based on the total of processor core
# For example, you could increase this value to the maximum of processor core to speedup creating ISO file that requires higher processing power
# The possible value should not contain more than the maximum of the total processor cores, the script will validate this
# For most modern processors, the minimum and default value is "2". If you set the value to "1", some functions might display warning that the process will run slower
C_HOST_MAX_PROCESSOR="2"

# C_SERVER_TYPE:
# This variable is used to set the server installation type
# "directadmin" - Install directadmin server with security hardened feature (this server installation type is fully compatible with Directadmin)
# "general" - Install basic server LEMP or LAMP stack (with security hardened feature)
# "laravel" - Installation of a single server of laravel coming soon (with security hardened feature)
# "magento" - Installation of a single server of magento coming soon (with security hardened feature)
# "joomla" - Installation of a single server of joomla coming soon (with security hardened feature)
# "wordpress" - Installation of a single server of wordpress coming soon (with security hardened feature)
# "odoo" - Installation of a single server of odoo coming soon (with security hardened feature)
# "prestashop" - Installation of a single server of prestashop coming soon (with security hardened feature)
C_SERVER_TYPE="directadmin"

# C_USE_CUSTOM_WEB_CONFIG is used to set custom script called (websetup) for setting up specific website configuration.
# For example, a prestashop website called test.com needs to have custom php config to match prestashop requirement
# By enabling this feature, this website test.com will have its own configuration.
# Currently, this feature only compatible with private repo
# Possible values are: true, false
C_USE_CUSTOM_WEB_CONFIG=false

# C_DISK_ENCRYPTION is used to create full disk encryption or use normal partition during OS installation.
# The encryption will use LUKS method. This option should be enabled for VPS that support full disk encryption such as linode
# Possible values are: true, false
C_DISK_ENCRYPTION=true

# Disable this variable C_ENABLE_DISK_QUOTA might improve performance (quota is optional feature to be used for server)
C_ENABLE_DISK_QUOTA=true

# C_LVM_GROUP_NAME:
# This variable is used to give the volume group name for Logical Volume Manager.
# This name will be used by fstab, such as to configure secure mount option that is required for security
# Leave this as default, and do not change this variable between OS installation and server installation.
# WARNING, putting different values between OS installation and server installation will cause the fstab to be corrupted because it could not detect proper LVM group name
# Possible values are any valid name for a LVM group name
C_LVM_GROUP_NAME="vgbox"


# C_LUKS_PASS:
# This variable is used to store LUKS disk encryption password
# If C_DISK_ENCRYPTION is set, it will use this password to encrypt disk partition during OS installation
C_LUKS_PASS="123abc!123!"

# SECURE_GRUB:
# This variable is used whether to secure the bootloader with password during boot:
# Note this feature might also available in some OS preseed files such as Debian preseed file but it is recommend to use this variable instead of changing the preseed file.
# Note by default this feature is temporarily disable because we do not yet have the ability to remote unlock grub-bootloader for automatic installation when the option C_PRE_AUTORUN_SETUP is set
# If you want to enable this option, set C_PRE_AUTORUN_SETUP=false. You need to manually unlock the server bootloader password if you want to continue managing the server
# Possible values are: true, false
C_SECURE_GRUB=false

# C_GRUB_UNAME:
# This variable is used to specify username to set for grub bootloader user
C_GRUB_UNAME="codegix123"

# C_GRUB_PASS:
# This variable is used to specify password to set for grub bootloader password
C_GRUB_PASS="123abc!!123"

# C_ROOT_USERNAME:
# This variable is used to specify the root username
# Warning, you do not want to change this root username to something else because everything should begin with root
# This option is left here for technical reason
C_ROOT_USERNAME="root"

C_ROOT_USERGROUP="root"

# C_INITIAL_ROOT_PASSWORD:
# This variable is used to specify the root password temporarily during operating system installation
# The password should not be used for deployment or login purpose
C_INITIAL_ROOT_PASSWORD="123aa!!"

# C_INITIAL_ROOT_RESCUE_PASSWORD:
# Similar like C_INITIAL_ROOT_PASSWORD but it is for rescue operating system
# The password should not be used for deployment or login purpose
C_INITIAL_ROOT_RESCUE_PASSWORD="123aa!!"

# C_ROOT_USERPASS:
# This variable is used to specify the main root password
# The password should secure and it will be used for deployment
# The script will change the operating system root password from C_INITIAL_ROOT_PASSWORD into this password
# You might need to update this value if you changed root password manually in the system and you are intended to use this script for managing server
# eg: <script_name> --ssh-login root (or maxinet --login) , this will login into the server using C_ROOT_USERPASS
C_ROOT_USERPASS="123!!123!!123A"

# C_ROOT_EMAIL:
# This variable is used to specify email used by both root operating system and directadmin server owner
C_ROOT_EMAIL="owner@codegix.com"

# C_ADMIN_NAME:
# This variable is used to specify admin global full name.
# The purpose of this is for display purpose in system and various function in the scripts
# By default, for directadmin installation, it will use this name as the owner of the system
C_ADMIN_NAME="Arafat Ali"

# C_ADMIN_EMAIL:
# This variable is used to specify admin global email.
# Various script functions will use this email such as for displaying script header, sending email in CSF, GPG key identifier and directadmin ticket notification
C_ADMIN_EMAIL="admin@codegix.com"

# Whether to run own DNS service (do not enable this if you only run external DNS)
C_ENABLE_BIND=false
# When enable secure the custom directory with password
C_SECURE_LOGIN_ROUTE=true
# If set to true, it will not create temporary custom login for phpmyadmin
C_PHPMYADMIN_SECURE_ROUTE="false"
# Create phpmyadmin custom route here instead of using /pma, begin with /: eg /dbx123a.
C_PHPMYADMIN_CUSTOM_NAME="MyDB"
C_PHPMYADMIN_LOGIN_ROUTE="/dbprivate"
C_HTTPASSWD_PHPMYADMIN_USERNAME="dbuser51"
C_HTTPASSWD_PHPMYADMIN_PASS="putsecurephpmyhttpdpassword_here"
# If set to true, it will not create temporary custom login for roundcube
C_ROUNDCUBE_SECURE_ROUTE="false"
# Create roundcube custom route here instead of using /roundcube, begin with /: eg /mailx123
C_ROUNDCUBE_CUSTOM_NAME="MyMail"
C_ROUNDCUBE_LOGIN_ROUTE="/mailprivate"
C_HTTPASSWD_ROUNDCUBE_USERNAME="mailuser11"
C_HTTPASSWD_ROUNDCUBE_PASS="putsecureroundcubehttpdpasswordhere"
C_APACHE_SERVER_STATUS_ROUTE="/sofibox-status-private144"
C_APACHE_SERVER_INFO_ROUTE="/server-info-private123"
C_APACHE_SERVER_ROUTE_USERNAME="apserv11"
C_APACHE_SERVER_ROUTE_PASS="xxxO123_long_passwordhere"
# Can be either public repository or private repo
C_SETUP_GIT_URL="https://token@github.com/sofibox/maxinet.git"
C_GIT_TOKEN="The github TOKEN_KEY to access private repo for various scripts. Public repo will be available soon"
# To reduce server bot attack on SSH, you must change this SSH PORT
C_RESCUE_SSH_PORT="833"
C_SSH_PORT="892"
C_DROP_BEAR_PORT="8222"
C_SSH_USERNAME="sshuser911"
C_SSH_USERPASS="*long-secured-password*"
# This one for SSH Public Key. I generate this from puttygen
# You can leave this empty, or do anything because the script has its own ssh key, if script has trouble finding key file then it will use this:
C_SSH_PUBLIC_KEY="ssh-rsa AAAAWEUjt3Wm414*****k7PDKne/3dQ== sun.codegix.com-auth"
# Planned feature
C_SSH_PASSPHRASE="PUT_SSH_PASSPHRASE_HERE"

# C_USE_LATEST_ISO:
# This variable is used to enable the --create-iso option to use latest ISO file from the web to create OS server automated installation.
# Currently only Debian operating system is supported
# Possible values are: true, false
C_USE_LATEST_ISO=false
C_BOX_ISO_OS_NAME="debian"
C_OS_SELECT_VERSION="11.6.0"
# Useful for creating ISO
C_OS_SET_CODE_NAME="bullseye"
# possible value: cfq, noop, deadline
# noob for SSD (testing)
C_OS_IO_SCHEDULER="cfq"
# values: custom, normal, console | do not use console if system support GUI, else you will see blank UI
# only use console for system that does not support graphic display, for example linode lish without glish.
# This feature has been removed temporarily from the script (will leave this variable for technical reason)
C_BOX_OS_INSTALL_UI="normal"
# Possible values: vps, dedicated, collocation
C_BOX_TYPE="vps"
# Specify the main disk
C_BOX_MAIN_DISK="/dev/sda"
# Partition size information
C_BOX_MAIN_DISK_RAW_SIZE="800000"
C_BOX_BOOT_DISK_RAW_SIZE="1024"
#C_BOX_RESCUE_DISK_RAW_SIZE="512"
# Partition scheme
C_BOX_BOOT_SIZE="1024"
C_BOX_ROOT_SIZE="50000"
C_BOX_TMP_SIZE="4096"
C_BOX_SWAP_SIZE="4096"
# -1 = largest available size (put last so can expand easier), -1 means infinity
C_BOX_HOME_SIZE="-1" #"size-in-MB" # or put -1 for infinity
C_BOX_RAM="32GB"
C_BOX_DOMAIN="sofihost.com"
# C_BOX_HOSTNAME_FQHN:
# This is an important variable to define a full qualified host name for a server
# This value also is a reference to the variable to other external DNS such as C_LINODE_LABEL
# It must be a full qualified host name value, else the script will ask to correct this.
# The external server will have this unique label name and will rename automatically as this host name
C_BOX_HOSTNAME_FQHN="server.sofihost.com"
# OPTIONAL variable, if not specified it will take the host name from C_BOX_HOSTNAME_FQHN
# this is sensitive variable must be declared as empty even it is autogenerate value
C_BOX_HOSTNAME=""
C_BOX_TIMEZONE="Asia/Kuala_Lumpur"
C_BOX_COUNTRY_NAME="Malaysia"
C_BOX_COUNTRY_CODE="MY"
C_BOX_LANGUAGE_CODE="en"
C_BOX_LOCALE="en_US.UTF-8"
C_BOX_KEYBOARD="us"

# Name servers up to 4
C_BOX_NS1="ns1.sofibox.com"
C_BOX_NS2="ns2.sofibox.com"
C_BOX_NS3="ns3.sofibox.com"
C_BOX_NS4="ns4.sofibox.com"

C_USE_DEFAULT_ETH0=true
# C_NIC_INTERFACE_NAME:
# This variable is used to change the OS network interface name.
# Using eth0 is the default. It is recommend to use the default name convention eth0
# use auto = let the naming convention decide (planned feature)
C_NIC_INTERFACE_NAME="eth0"
C_IPV4_ADD0="IPV4_ADDRESS" #eg: "123.111.50.185"
# You can have additional IP starting with index 1 eg:
#C_IPV4_ADD1="139.162.3.114"
C_IPV4_DEF_GATEWAY0="IPV4_DEFAULT_GATEWAY" #eg: "123.111.50.1"
C_IPV4_NETMASK0="/24"
C_IPV4_NETMASK_IP0="255.255.255.0"
C_IPV6_ADD0="IPV6_ADDRESS" #eg: "2400:8902::a02d:91ee:fe05:4db2"
C_IPV6_DEF_GATEWAY0="fe80::1"
C_IPV6_NETMASK0="/64" # or /128
# For /etc/resolv.conf
C_NAME_SERVER1="123.11.11.5"
C_NAME_SERVER2="123.11.14.5"
C_NAME_SERVER3="112.33.21.5"
#interactive=user need to press enter, auto=forced reboot (no user interaction), disabled - no reboot
# Script will check if reboot is required during installation, you can manually press enter or use auto to auto reboot
C_ENABLE_SETUP_REBOOT="auto"
#OSSEC_INS_TYPE="agent" #or local or hybrid
# ====== CSF SETTING ==========
# CSF port setting: Remember, no space. This variable can be empty string
# 11211 - required by memcached, 8080 and 5060 required by speedtest.net
# Range example-- 30000:44444
C_CSF_EXTRA_ALLOW_PORTS="30000:35999,11211,8080,5060"
#CONNLIMIT="22;5,80;20,443;20"
#PORTFLOOD="22;tcp;5;300,80;tcp;20;5,443;tcp;20;5"
C_CSF_SYSLOG_CHECK="3600"
C_CSF_DENY_IP_LIMIT="2500"
#Google Recaptcha useful to setting up messenger v1 for Directadmin
C_GOOGLE_RECAPTCHA_SITE_V2="*recaptcha-v2-site-key*"
C_GOOGLE_RECAPTCHA_SECRET_V2="*recaptcha-v2-secret-key*"
C_GOOGLE_RECAPTCHA_SITE_V3="*recaptcha-v3-site-key*"
C_GOOGLE_RECAPTCHA_SECRET_V3="*recaptcha-v3-secret-key*"

# Roundcube setting #
C_ENABLE_ROUNDCUBE_RCGUARD=true
# For using with existing key, it must match the cert and this C_GPG_OWNER_EMAIL
C_GPG_OWNER_EMAIL="user@server.com"
C_GPG_PASSPHRASE="GPG_PASSWORD_HERE"
# Remember to push the existing cert during installation if set to true
C_GPG_USE_EXISTING_KEY=false
C_GPG_CACHE_DURATION="34560000" #34560000

# =~=~ For maxiwall / suricata / AIPDB =~=~
# Select version for suricata. Best is to use version 6 and above because version 6 has a new different packages need to include
# Working = 6.0.1 | version 6.0.2 (both version required rustup.
# SURICATA_SELECT_VERSION=backport: This will use the latest backport version that is more up to date
# The latest version of suricata on Debian bullseye is 6.0.1 the backport version is 6.0.9
# The variable assignment can be a version number or a text backport, latest, current or distro.
# For version number, it will not work if the version number specified is still in beta released due to the different download URL
# Note version 6.0.9 has a small bug that it show error about kernel compatibility when not running as daemon but it is working fine
# distro is stable but lack of features
C_SURICATA_SELECT_VERSION="6.0.10"

# AIPDB CONFIGURATION
C_ABUSEIPDB_REPORT_THRESHOLD=900
C_ABUSEIPDB_OUTPUT_MAX_LIMIT=500
# Need to modify this API URL if they change this like from v2 to v3
C_ABUSEIPDB_API_CHECK_URL="https://api.abuseipdb.com/api/v2/check"
C_ABUSEIPDB_API_REPORT_URL="https://api.abuseipdb.com/api/v2/report"
# The main abuseAIPDB key
C_ABUSEIPDB_API_KEY="TOKEN"

# GREYNOISE CONFIGURATION
C_GREYNOISE_OUTPUT_MAX_LIMIT=500
C_GREYNOISE_API_CHECK_URL="https://api.greynoise.io/v3/community"
C_GREYNOISE_API_KEY="TOKEN"

# VIRUSTOTAL CONFIGURATION
C_VIRUSTOTAL_OUTPUT_MAX_LIMIT=500
C_VIRUSTOTAL_API_CHECK_URL="https://www.virustotal.com/api/v3/ip_addresses"
C_VIRUSTOTAL_API_KEY="TOKEN"
# =~=~ End maxiwall =~=~#

# External/Internal DNS provider

# provider can be linode, digitalocean, amazonaws and more, put value [local] to disable this feature and use internal DNS
# Leave this variable empty for technical reason
C_DNS_PROVIDER_NAME=""
# Leave this variable empty for technical reason
C_DNS_PROVIDER_USER=""
# C_AUTO_CREATE_EXTERNAL_DNS_RECORD is used to automatically copy local DNS records into external DNS records.
# Normally this is used to speed up directadmin user creation and you have confirmed the local DNS records match the external records
# This option also effect the hostname external DNS record whether to copy from local DNS or not
C_AUTO_CREATE_EXTERNAL_DNS_RECORD=true
# C_ENABLE_DNS_PROPAGATION_CHECKER is use to enable the main domain and hostname propagation. Leave this enabled unless you have reason to disable
C_ENABLE_DNS_PROPAGATION_CHECKER=true
# Format <provider_name>:<provider_username>:<api_key>

# Can be aws, digitalocean, linode, local ...
C_DNS_PROVIDER_NAME="linode"
# For linode configuration
# Linode API username is set here
C_LINODE_API_USERNAME="maxibi"
# If you change the API key, remove this file /root/.config/linode-cli, and linode will re-add the new key automatically
C_LINODE_API_KEY="LINODE_API_KEY_HERE"
C_LINODE_API_URL="https://api.linode.com/v4"
C_LINODE_API_PORT="443"
# Linode has a special terminal server called lish
C_LINODE_TERMINAL_SERVER="lish-singapore.linode.com"

# Disk and label related
C_LINODE_OS_CONFIG_LABEL="OS_Config"
C_LINODE_BOOT_CONFIG_LABEL="Boot_Config"
C_LINODE_RESCUE_CONFIG_LABEL="Rescue_Config"
C_LINODE_OS_DISK_LABEL="OS_Disk"
C_LINODE_BOOT_DISK_LABEL="Boot_Disk"
C_LINODE_RESCUE_DISK_LABEL="Rescue_Disk"
# For external DNS, the linode label should reference this.
C_LINODE_LABEL="${C_BOX_HOSTNAME_FQHN}"

# For amazonaws configuration

# For digitalocean configuration

# For OVH configuration

# Put latest or or alternative version number of rustc (example to downgrade to 1.52.0)
# Latest version of rustc is 1.65 on 3rd December 2022
C_INSTALL_RUSTC_VERSION="latest"

# Or set to false to disable yq installation
# Latest: 4.3.12
C_YQ_VERSION=false

# C_ENABLE_DNSSEC:
# This option enable the DNS feature of DNSSEC for a server
# Note that this feature is only tested in Directadmin. Default value is false
# Some DNS provider does not support DNSSEC. Before enabling this option, check the compatibility.
# This option is turned off by default
# Possible values: true, false
C_ENABLE_DNSSEC=false

# GOTIFY configuration
# Temporarily disable to enable SSL certificate later and check for vulnerabilities:
C_GOTIFY_INSTALLATION=false
C_GOTIFY_SYSTEM_USERNAME="gotify"
C_GOTIFY_SYSTEM_GROUP="gotify"
# 0 (No notification) , 1-3 (Icon in notification bar)
# 4-7 (Icon in notification bar + Sound), 8-10 (Icon in notification bar + Sound + Vibration)
C_GOTIFY_PUSH_PRIORITY=10
C_GOTIFY_VERSION="2.1.7" # Previous 2.0.23 (work)
C_GOTIFY_PLATFORM="linux-amd64"
C_GOTIFY_PORT="8722"
C_GOTIFY_SSL_PORT="8907"
C_GOTIFY_ADMIN_USERNAME="admin"
C_GOTIFY_ADMIN_PASSWORD="gotifypassword++"
C_GOTIFY_APP_NAME="test.server.com"
# This variable C_GOTIFY_APP_DESCRIPTION is optional and be empty
C_GOTIFY_APP_DESCRIPTION=""
C_GOTIFY_CLI_VERSION="2.2.2"

# Dropbox (Note, this value can be obtained first start of dbxcli. it cannot be automated at this moment)
# For security reason, do not use full scope dropbox, use app scope
C_DROPBOX_CONFIGFILE_VERSION="2.0"
C_DROPBOX_OAUTH_APP_KEY="KEY"
C_DROPBOX_OAUTH_APP_SECRET="KEY"

# This is for system mail (use for notification, or reports)
# Email username
C_SMTP_SYSTEM_MAIL_USER="mailuser"
# Mail domain
C_SMTP_SYSTEM_MAIL_DOMAIN="gmail.com"
# For gmail use app password
C_SMTP_SYSTEM_MAIL_PASSWORD="mpsssepsousda2xx"
# The smtp domain
C_SMTP_SYSTEM_MAIL_SMTP_URL="smtp.gmail.com"
# The authentication port
C_SMTP_SYSTEM_MAIL_PORT="587"
# Format email(<name_description>)
C_SMTP_SYSTEM_MAIL_FROM="arafatx@gmail.com(Arafat)"

#################################################################################################
############################# Start directadmin related configuration ###########################
#################################################################################################

# This should be always false, only use this if the directadmin installation has problem to finish
# It will use some common known pre fixes before directadmin installation
# This bug normally happen if a new software is released on directadmin side
# Default should be false
C_DA_ENABLE_PRE_INSTALL_TEMP_FIX=false

#C_DA_AUTO_SELECT_API_PROTOCOL:
# Automatically select https protocol if available to use with API
# Note 1: This feature is beta (enable this if API has error with SSL.)
C_DA_AUTO_SELECT_API_PROTOCOL=true

# Note: Latest directadmin recommends to use auto switch for installation (the staff said it will give latest packages)
# IMPORTANT ** NEW: The setup.sh has been updated to not accept interactive installation anymore! (but might be temporary)
# New version will be released as mentioned here: https://forum.directadmin.com/threads/license-key-hashes-new-method-for-installs-setup-sh-and-getlicense-sh.65099/#post-339425
# So the option 3 here does not work any more at this moment
# C_DA_INSTALL_TYPE: is used to specify directadmin installation type. Currently it has 4 types:
# 1) custom = use your own setting during DA installation (provide options.conf and php_extensions.conf),
# 2) ori = let DA decide what to install default things providing some details using auto
# 3) interactive = ask question what to install (require input from user) - Note this value does not work at this moment
# 4) auto = Automated everything by directadmin as default packages (include CSF installation)
# 5) auto-option= Install directadmin using automatic mode and during installation use options.conf based on config files
# 6) auto-custom= Install directadmin using automatic mode when completed customize packages based on config file
# Note, this script was designed to use custom type. Recommend to use auto-option for new version
C_DA_INSTALL_TYPE="custom"

# stable, current, beta, alpha
C_DA_VERSION_CHANNEL="stable"

# C_DA_CLIENT_ID:
# This is the directadmin client/user ID license obtained in the directadmin client area
C_DA_CLIENT_ID="12345"

# C_DA_LICENSE_ID:
# This is the directadmin license ID obtained in the directadmin client area
C_DA_LICENSE_ID="123456"

# C_DA_LICENSE_KEY:
# This is the directadmin license KEY and should be used for installation
C_DA_LICENSE_KEY="*+awwwsdsdswwJwHwddAISswyHsCS9sBw="

# C_DA_PORT:
# This is the directadmin port. You should change this port to reduce bruteforce attack
# The default port is 2222 which is less secure
# Please note that if you use custom port other than 2222, you will lose the ability to use one click sign in feature in directadmin
# because one click sign in feature only with 2222
C_DA_PORT="2233"

# C_DA_[ROLE]_HELPER:
# This is used to set online help file in directadmin
C_DA_ADMIN_HELPER="codegix.com/directadmin/help/admin"
C_DA_RESELLER_HELPER="codegix.com/directadmin/help/reseller"
C_DA_USER_HELPER="codegix.com/directadmin/help/user"

# C_DA_INSTALL_REDIS:
# This is used to enable and install redis cache
C_DA_INSTALL_REDIS=true

# C_DA_INSTALL_MEMCACHED:
# This is used to enable and install memcached cache
C_DA_INSTALL_MEMCACHED=true

# C_DA_INSTALL_GEOIP:
# This is used to enable and install geoip
C_DA_INSTALL_GEOIP=true

# C_DA_AUTO_ADD_IPV46_ENTRY:
# This is a feature to add automatically ipv6 or ipv4 config file in directadmin.
# When this option is enabled (true), we do not need to manually add IPv6 through directadmin GUI.
# The script will automatically add IPv6 or IPv4 if they are missing.
# Note that if this variable is set to false, the installation will generate directadmin login link and try to open directadmin port for you to keyin IPv6 IP address manually
# So, if this option is set to false, the script will pause for user input to press enter
C_DA_AUTO_ADD_IPV46_ENTRY=true

# C_DA_AUTO_LINK_IP:
# This variable is used to enable IPv4 and IPv6 linking automatically during installation.
# Note that if you disable this option, the script will try to open directadmin port for you to link IPv6 and IPv4 manually through web interface
# So, you are required an input to press enter
C_DA_AUTO_LINK_IP=true

# C_DA_LOGIN_METHOD:
# This variable is used as login style method in directadmin. This login method is mentioned in the directadmin API documentation
# Possible values are:
# sign-as = This will use da login method with piping: "admin|client". Using this sign-as method, this will log as the client from admin by just by referring the username (benefit: no need to know the client passwords)
# direct-login = login directly using username and password (disadvantage: need to know directadmin client username and password)
C_DA_LOGIN_METHOD="sign-as"

# Global variable for disabling all user backup restoration
# To allow user backup restoration automatically put this value to true but you must have existing backup inside secure folder: secure/backup/admin_backups
C_DA_ENABLE_USER_BACKUP_RESTORE=false

# This is the directadmin backup password. Use to decrypt backup automatically during restoration
C_DA_USER_BACKUP_PASSWORD="PASSWORD_HERE"

# C_DA_ENABLE_DOMAIN_AUTO_SSL is used to enable or disable DA AUTO SSL feature
# If this is enabled, all domains will be requested SSL certificate automatically in the background
# Important note: At this moment the certificate that is being used is a server shared certificates
# The shared certificate will not be restored via admin_backups tool if you did backup the certificate.
# Only certificate created by pasting key or requested via letsencrypt checkbox through GUI can be restored.
# By default Directadmin enable this AUTO SSL feature after installation.
# In order to disable the feature put the value to false and the script will disable the AUTO SSL automatically after DA has finished installed
# To allow domain to automatically request SSL, then put this variable to true
# Another note: Directadmin AUTO SSL only work with user domain SLL not hostname SSL. For hostname SSL use C_ENABLE_DA_HOST_SSL
# This config should be set to true by default unless have reason to stop auto SSL
C_DA_ENABLE_DOMAIN_AUTO_SSL=false

# C_ENABLE_DA_HOST_SSL is used to enable server/host domain SSL. Leave this this option enabled for security
C_ENABLE_DA_HOST_SSL=true

# This will restore the SSL certificate for hostname without requesting new
# Only enable this, if you reached the hostname SSL limit request
# And also make sure the crt file is at ssl/certificates/hostname.crt
# By default should be disable (if rate limit reached for all providers, then enable this)
C_DA_ENABLE_HOSTNAME_SSL_RESTORE=false

# This will use manual method to restore SSL certificate, if it failed it will use old method to request new certificate (requesting manually via letsencrypt.sh)
# To allow user domain SSL restoration put this to true but if C_DA_DISABLE_DOMAIN_AUTO_SSL is set to false, this setting has no effect
# Only use this option if the users' backup files do not have SSL certificates and you really need the SSL restoration manually when you have the backup certificates
# Regarding to the user backup restore, when C_DA_DISABLE_USER_BACKUP_RESTORE is set to false and each user backup config is enabled it will restore previous certificate (if exist)
# That means if this is set to true, it will replace the backup SSL certificate (do not enable this without reason)
C_DA_ENABLE_USER_DOMAIN_SSL_RESTORE=false

# C_DA_ENABLE_ZEROSSL_CERTIFICATE is used to enable zerossl certificate for website which has more rate limit for big hosting.
# This is a new test feature in directadmin
# I have many dedicated servers so using letsencryppt is not enough for customers
# If you don't want to use zerossl put this variable to false
# Note if you enable this, the old method of requesting certificate via letsencrypt will be disabled and it will use zerossl instead.
# To disable zerossl manually and revert to the old method just remove the file /root/.zerossl and that will revert to using letsencrypt for requesting ssl certificate
C_DA_ENABLE_ZEROSSL_CERTIFICATE=true

# DA_ADMIN_SQLPASS is for DA sql password (eg: phpmyadmin login) Password cannot contains this character [ ] <> and )
C_DA_ADMIN_SQLPASS="PASSWORD"
# Remember cannot contains this character & for DA_ROOT_SQL_PASS
C_DA_ROOT_SQLPASS="PASSWORD"
# The roundcube database password
C_DA_ROUNDCUBE_SQLPASS="PASSWORD"
# Disable custom dangerous PHP functions in DA. Leave value empty "" to enable all PHP dangerous options (not recommend)
C_DA_PHP_DISABLE_DANGEROUS_FUNCTION=( \
"exec" "system" "passthru" "shell_exec" "dl" "popen" "show_source" "posix_kill" \
"posix_mkfifo" "posix_getpwuid" "posix_setpgid" "posix_setsid" "posix_setuid" "posix_setgid" \
"posix_seteuid" "posix_setegid" "posix_uname" \
)
# Enable WPCLI to install wordpress automatically when domain is created or modified (refer to tutorial how to install this) # TODO
C_DA_WP_CLI_ENABLE=true

# Disable or enable security header for all domain
C_DA_ENABLE_DOMAIN_SECURITY_HEADER=true

# Enable or disable hsts header. To disable put value to false
# To enable globally for all domains put "global:<number_of_second>"
# (Planned feature) To enable only specific domain just put <number_of_seconds>,then
# the script will look at C_DA_<ROLE>_ENABLE_DOMAIN_HSTS=("domain.com")
# this option required C_DA_ENABLE_DOMAIN_SECURITY_HEADER set to true
C_DA_ENABLE_DOMAIN_HSTS="global:31536000"

# START hook scripts related configs

# This variable is used to output log file for each individual directadmin da custom hook script call. The file name of the log is <da_hook_name>.<script_name>.log
# The individual da custom hook script log file will be placed at:
# /usr/local/directadmin/scripts/custom/aa_hook_scripts/scripts/<da_hook_name>/<da_hook_name>.<script_name>.log
C_AA_ENABLE_DA_HOOK_SCRIPT_LOG=true

# This variable is used whether to combine the individual da custom hook script log file into a one file at this location:
# /usr/local/directadmin/scripts/custom/aa_hook_scripts/all_hook_scripts.log
# By using this option, you can watch all the custom hook script log using tail -f all_hook_scripts.log or using dacli command: dacli view-hookscript-log
# This is similar to directadmin all_pre.sh and all_post.sh hook scripts except you have more control to select specific hook scripts to display output.
# This options required C_DA_ENABLE_HOOK_SCRIPT_LOG = true, else it will show nothing
C_AA_ENABLE_GLOBAL_HOOK_LOG=true

# This variable will enable/disable log for disabled da hook
# When a da hook is not enabled in AA_ENABLE_HOOKS list, it will show a small notice like below:
# [brute_force_notify_pre->aa_main.sh][14:04:17.612942]: Skipped, this hook is not enabled in .... /aa_hook_scripts/aa_options.conf
# To disable this notification set this variable to false. Set this to true/yes for hook script debugging purposes
C_DA_AA_ENABLE_LOG_FOR_DISABLED_DA_HOOK=false

# This option is used to install da custom hook script. When you enable this option for example filemanager_pre, the following files/folders will be created
# 1) A da hook folder name will be created at:
# /usr/local/directadmin/scripts/custom/aa_hook_scripts/scripts/filemanager_pre
# 2) An individual custom hook script options.conf will be created if it does not exist here:
# /usr/local/directadmin/scripts/custom/aa_hook_scripts/scripts/filemanager_pre/options.conf
# If the file options.conf is a new file, it will have a default variable RUN_HOOK_SCRIPT_LIST=(""), in which you can use it to arrange da hook script execution order later
# 3) A da hook folder name will be created at:
# /usr/local/directadmin/scripts/custom/filemanager_pre
# 4) A main da hook script file called aa_main.sh will be created here (with execution permission):
# /usr/local/directadmin/scripts/custom/filemanager_pre/aa_main.sh
C_AA_INSTALL_DA_HOOKS=("all_backups_post" "all_backups_pre" "all_pre" "all_post" "all_restores_post" "autoresponder_delete_pre" \
"autoresponder_set_post" "autoresponder_set_pre" "backup_save_pre" "brute_force_notify_pre" "check_letsencrypt_expiries_post" \
"check_partitions_notice_post" "cmd_site_backup_pre" "cmd_user_backup_pre" "connection_info_post" "cron_set_post" "cron_set_pre" \
"database_create_post" "database_create_pre" "database_delete_post" "database_delete_pre" "database_destroy_user_post" \
"database_user_create_post" "database_user_password_change_post" "database_user_password_change_pre" "dkim_create_post" \
"dns_create_post" "dns_delete_post" "dns_raw_save_post" "dns_write_post" "dnssec_sign_post" "domain_change_post" "domain_change_pre" \
"domain_create_post" "domain_create_pre" "domain_destroy_post" "domain_destroy_pre" "domain_modify_post" "domain_modify_pre" \
"domain_pointer_create_post" "domain_pointer_create_pre" "domain_pointer_destroy_post" "domain_pointer_destroy_pre" \
"email_change_pass_post" "email_change_pass_pre" "email_create_post" "email_create_pre" "email_destroy_post" "email_destroy_pre" \
"email_filter_write_post" "email_filter_write_pre" "file_manage_upload_post" "filemanager_pre" "forwarder_create_post" \
"forwarder_create_pre" "forwarder_delete_post" "forwarder_delete_pre" "ftp_change_pass_post" "ftp_change_pass_pre" "ftp_create_post" \
"ftp_delete_post" "ftp_modify_post" "ip_change_post" "ip_change_pre" "ipsconf_write_post" "lestencrypt_post" "letsencrypt_pre" \
"load_spike_notice_post" "load_spike_notice_pre" "login_key_create_post" "login_key_modify_post" "lost_password_pre" \
"mailing_list_save_post" "named_action_post" "notifyAdmins_post" "one_click_pma_login_post" "other_disk_usage" \
"overusage_notice_post" "overusage_notice_pre" "package_copy_post" "package_copy_pre" "package_delete_post" "package_delete_pre" \
"package_rename_post" "package_rename_pre" "package_write_post" "package_write_pre" "public_html_link_set_post" \
"public_html_link_set_pre" "reseller_destroy_pre" "reseller_modify_post" "reseller_modify_pre" "rotate_log_post" "rspamd_destroy_pre" \
"rspamd_edit_post" "rspamd_edit_pre" "sendmail_pre" "sendSystemMessage_post" "sendSystemMessage_pre" "service_down_notice" \
"session_create_pre" "session_destroy_pre" "spam_script_chmod_0_post" "spamassassin_destroy_pre" "spamassassin_edit_post" \
"spamassassin_edit_pre" "ssl_save_post" "ssl_save_pre" "subdomain_create_post" "subdomain_create_pre" "subdomain_destroy_post" \
"subdomain_destroy_pre" "tally_post" "tally_pre" "tally_rotation_post" "tally_user_post" "taskq_dns_post" "update_post" \
"user_activate_post" "user_activate_pre" "user_backup_compress_pre" "user_backup_failed" "user_backup_post" "user_backup_pre" \
"user_backup_success" "user_create_post" "user_create_post_confirmed" "user_create_pre" "user_destroy_post" "user_destroy_pre" \
"user_httpd_write_post" "user_httpd_write_pre" "user_info_modify_post" "user_modify_post" "user_modify_pre" "user_password_change_post" \
"user_password_change_pre" "user_restore_fail_post" "user_restore_post" "user_restore_post_pre_cleanup" "user_restore_pre" \
"user_suspend_post" "user_suspend_pre" "vacation_set_post" "vacation_set_pre")

# This will enable individual da hook script
C_AA_ENABLE_DA_HOOKS=("user_restore_fail_post" "user_restore_post" "filemanager_pre")

# This variable is for directadmin.conf. It will enable/disable the ability to pass custom variables between hook scripts
C_DA_HOOK_CUSTOM_VARS=1

# This variable is for directadmin.conf. It will enable/disable output script for dns_write_post hook even if no error appear
C_DA_SPECIAL_EXIT_CODE=42

# This variable is for directadmin.conf. It will enable/disable ENV variable output for all_pre and all_post scripts
# Only enable for debugging because the output are useless for production
C_DA_ALWAYS_LOAD_ALL_SCRIPT_ENV_VARS=0

# END hook scripts related configs

#------------------------------------------------------------------
# Start directadmin.conf options ( Directadmin version: 1.63.1 )  #
#------------------------------------------------------------------

# Example, for directadmin certification group
C_DA_SECURE_ACCESS_GROUP=access
# Ability to generate debug output from tokenizer when running DA in debug mode
C_DA_TOKENIZER_DEBUG=1
# Directadmin execution timeout in second
C_DA_TIMEOUT="120"
# Directadmin session timeout in minutes
C_DA_SESSION_MINUTES="2880"
# Directadmin maxfilesize to upload in file manager in bytes
C_DA_MAXFILESIZE="5368709120"
# Directadmin maximum username (including sql username). Changing this requires MySQL 5.7.8+ or MariaDB 10.x+
# default value is 14
C_DA_MAX_USERNAME_LENGTH="30"
# Set login history total
C_DA_LOGIN_HISTORY="10"
# Force password creation to use hard password
C_DA_ENFORCE_DIFFICULT_PASSWORDS=1
# Allow backup encryption option
C_DA_ALLOW_BACKUP_ENCRYPTION=1
# Deprecated variable in the new DA version
# C_DA_DISABLE_IPCHECK="1"
C_DA_ALLOW_FOREIGN_KEY="0"
# Default is 0
C_DA_SIMPLE_DISK_USAGE="1"
C_DA_ZIP="1"
# Default is 0
C_DA_AWSTATS="0"
# Default is 0
C_DA_WEBALIZER="0"
# Default is 1
C_DA_ROTATION="0"
# Default is 0 (disable),
# 1 Enable automatically when creating domain, 2 Enable DKIM option in UI for user
C_DA_DKIM=1
# Default is 1 (enable),
C_DA_COUNT_POP_USAGE=0
# Default is 0 (disabled)
C_DA_PURGE_SPAM_DAYS=1
# Default is 0 (disabled)
C_DA_SKIP_HOMETARGZ_IN_BACKUPS=0
# Default is 0 (disabled)
C_DA_SKIP_DOMAINS_IN_BACKUPS=0
# Default is 0 (disabled)
C_DA_SKIP_IMAP_IN_BACKUPS=0
# Default is 0 (disabled)
C_DA_SKIP_DATABASES_IN_BACKUPS=0
# Default is 1 (show all)
C_DA_SHOW_DB_USAGE=0
# Default is 1 (enabled)
C_DA_SHOW_POINTERS_IN_LIST=1
# Default is 1 (enabled)
C_DA_CHECK_SUBDOMAIN_OWNER=1
# Enable or disable bruteforce
# UNLISTED variable for API using CMD_API_ADMIN_SETTINGS:
C_DA_USER_BRUTECOUNT=100
C_DA_BRUTEFORCE=1
# This will hide or show bruteforce user count
C_DA_USER_BRUTECOUNT=1
C_DA_EXEMPT_LOCAL_BLOCK=1
C_DA_BRUTE_FORCE_TIME_LIMIT=1200
C_DA_CLEAR_BLACKLIST_IP_TIME=86400
# This will hide bruteforce notification (will speed up ticket system)
C_DA_HIDE_BRUTE_FORCE_NOTIFICATIONS=1
# forward email attack:
C_DA_ALTERNATE_EMAIL="youremail@gmail.com"
C_DA_IP_BRUTECOUNT=100
#  In days
C_DA_CLEAR_BRUTE_LOG_ENTRY_TIME=4
# In hours
C_DA_CLEAR_BRUTE_LOG_TIME=24
# In hours
C_DA_UNBLOCK_BRUTE_IP_TIME=4320
C_DA_BRUTE_FORCE_LOG_SCANNER=1
C_DA_BRUTE_FORCE_SCAN_APACHE_LOGS=2
C_DA_BRUTE_DOS_COUNT=100
C_DA_CHECK_PARTITIONS=2
C_DA_PARTITION_USAGE_THRESHOLD=95
# 0 = .tar, 1 = tar.gz, 2 = .zstd (default is zstd)
C_DA_BACKUP_GZIP=2
C_DA_DEMODOCSROOT="./data/skins/evolution"
C_DA_LOST_PASSWORD=0
C_DA_RBL_ENABLED=1
C_DA_VIRTUAL_LIMIT=1000
C_DA_PER_EMAIL_LIMIT=300
# Default is -1 equal to rely on user file, 0 is unlimited, or specify value like 500
C_DA_MAX_PER_EMAIL_SEND_LIMIT=0
C_DA_USER_CAN_SET_EMAIL_LIMIT=1
# What this does is, when I navigate to server.host.com/webmail it will redirect to server.host.com/C_DA_WEBMAIL_LINK
# So better put dummy link
C_DA_WEBMAIL_LINK=roundcube
# Disable if don't use wildcard certificate
C_DA_DNS_TTL=0
# This will enable the strongest SSL certificate:
#keysize=prime256v1
#keysize=secp384r1
#keysize=secp521r1
# Most secure key now is secp521r1 with sha256
# But do note that secp521r1 is not supported by letsencrypt and most browser still don't support it so use secp384r1
C_DA_ECC_CERTIFICATES=1
# Choose the certificate size
# 2048, 4096, prime256v1, secp384r1
C_DA_CERTIFICATE_SIZE="secp384r1"
# This is certificate encryption algorithm for the SSL certificate (most common is sha256 is enough)
C_DA_CERTIFICATE_ENCRYPTION_ALGORITHM="sha256"

# This will enable host hsts via directadmin
# to disable just put false, to enable provide the value in second:
C_DA_ENABLE_HOST_HSTS="31536000"

# Deprecated variable
# This will hide directadmin version and license ID (da v1.62 has internal default 0)
# C_DA_SHOW_INFO_IN_HEADER=0

# This will hide directadmin version in web title
C_DA_SHOW_INFO_IN_TITLE=0

# This will sync restore
C_DA_TALLY_AFTER_RESTORE=2

# This setting is for AUTO SSL (This is commented because C_DA_ENABLE_DOMAIN_AUTO_SSL will determine the value for this)
# C_DA_ADMIN_SSL_CHECK_RETRIES=1

# This will make imap backup faster: https://www.directadmin.com/features.php?id=1834
C_DA_DIRECT_IMAP_BACKUP=1

# Set the jailshell option based on this: https://www.directadmin.com/features.php?id=2740
C_DA_JAIL=2

# This will enable checkbox for list of subdomain to request SSL certificate
C_DA_LETSENCRYPT_LIST="www:mail:ftp:pop:smtp"

# This will check the checkbox automatically for list of subdomains to request SSL certificate
C_DA_LETSENCRYPT_LIST_SELECTED="www:mail:ftp:pop:smtp"

# This will send notification if renew success
C_DA_LETSENCRYPT_RENEWAL_SUCCESS_NOTICE=0

# Option to make proftpd password unified (enabled by default)
C_DA_UNIFIED_FTP_PASSWORD_FILE=1

# Set php-fpm process
C_PHP_FPM_MAX_CHILDREN_DEFAULT=15

# Option to enable or disable two step authentication
C_DA_TWOSTEP_AUTH=1

# Option to block 2 step authentication
C_DA_BLOCK_IP_AFTER_FAILED_TWOSTEP_AUTH=1

# Set max attempt for 2 step authentication
C_DA_MAX_TWOSTEP_AUTH_ATTEMPTS=5

C_DA_TWOSTEP_AUTH_DISCREPANCY=1

C_DA_TWOSTEP_AUTH_TRUST_DAYS=30

# Number of minutes between the refresh of apache log list, used if brute_force_scan_apache_logs set to 2. Missing logs are always removed from the list, but new logs won't start scanning for this amount of time.
C_DA_BRUTE_FORCE_APACHE_LOG_LIST_UPDATE_INTERVAL=10

# A path of blacklisted IPs to be used in Brute Force Monitor.
C_DA_IP_BLACKLIST="/usr/local/directadmin/data/admin/ip_blacklist"

# A path of whitelisted IPs to be used in Brute Force Monitor.
C_DA_IP_WHITELIST="/usr/local/directadmin/data/admin/ip_whitelist"

# To ignore all attempts on suspended accounts by Brute Force Monitor.
C_DA_BRUTE_FORCE_IGNORE_ATTEMPTS_ON_SUSPENDED=1

# 0 : BFM will create a notification in DA Message System
# 1 : BFM will not create a ticket in DA Message System, but will only send an email notification to admin
C_DA_BRUTE_FORCE_NOTIFICATIONS_EMAIL_ONLY=1

# Option to include 2222 failed attempt in BFM blocks (CSF).
C_DA_INCLUDE_DIRECTADMIN_PORT_IN_BRUTE_FIREWALL=0

# A path to exim mainlog file to be scanned by Brute Force Monitor.
C_DA_BRUTE_FORCE_EXIM_LOG="/var/log/exim/mainlog"

# A path to exim paniclog file to be scanned by Brute Force Monitor. Not available in Debian clean install
C_DA_BRUTE_FORCE_EXIM_PANIC_LOG="/var/log/exim/paniclog"

# A path to exim rejectlog file to be scanned by Brute Force Monitor. Not available in Debian clean install
C_DA_BRUTE_FORCE_EXIM_REJECT_LOG="/var/log/exim/rejectlog"

# A path to main dovecot log file to be scanned by Brute Force Monitor. Not available in Debian clean install
C_DA_BRUTE_FORCE_MAIL_LOG="/var/log/maillog"

#A path to main system messages log file to be scanned by Brute Force Monitor.
C_DA_BRUTE_FORCE_MESSAGES_LOG="/var/log/messages"

#A path to main mysql log file to be scanned by Brute Force Monitor (for server with hostname 'server.hostname.tld').
C_DA_BRUTE_FORCE_MYSQL_LOG="/var/lib/mysql/${C_BOX_HOSTNAME_FQHN}.err"

#A path to PHPMyAdmin authentication log file to be scanned by Brute Force Monitor.
C_DA_BRUTE_FORCE_PMA_LOG="/var/www/html/phpMyAdmin/log/auth.log"

#A path to pureftpd log file to be scanned by Brute Force Monitor.
C_DA_BRUTE_FORCE_PUREFTPD_LOG="/var/log/pureftpd.log"

#A path to RoundCube log file to be scanned by Brute Force Monitor.
C_DA_BRUTE_FORCE_ROUNDCUBE_LOG="/var/www/html/roundcube/logs/errors"

#A path to OS secure log file to be scanned by Brute Force Monitor. Not available in Debian clean install
C_DA_BRUTE_FORCE_SECURE_LOG="/var/log/secure"

#---- End directadmin.conf settings ----
#---------------------------------------

#-------------------------------------------------------------------------
# Start custombuild options.conf options ( Directadmin version: 1.62.7 ) #
#-------------------------------------------------------------------------
C_DA_CB_VERSION="2.0"
C_DA_CB_FTP_SOFTWARE="pureftpd"
C_DA_CB_EXIMCONF_RELEASE="4.5"
# nginx, apache, nginx_apache, litespeed (litespeed is not tested)
C_DA_CB_WEBSERVER_SOFTWARE="nginx_apache"
# or owasp
C_DA_CB_INSTALL_MODSECURITY="yes"
C_DA_CB_MODSECURITY_RULESET="comodo"
# Format <sql_type>-<sql_version>
# or mysql-8.0
C_DA_CB_SQL_VERSION="mariadb-10.6"
# Format <7.3:php-fpm,7.4:php-fpm,8.0:php-fpm>
# php7.3:php-fpm means php version 7.3 with FPM mode
# the first order is the first PHP version (also used by directadmin system). Max is 4, extra argument will be ignored
C_DA_CB_PHP_VERSION="8.0:php-fpm,7.4:php-fpm,7.3:php-fpm"
# This for installing clamav
C_DA_CB_INSTALL_CLAMAV="yes"
# Put "latest" to install the latest version
# or specify version number if the latest version has problem
C_DA_CB_CLAMAV_VERSION="latest"
# Enable / disable clamav service
C_ENABLE_CLAMAV_SERVICE=false
# Enable / disable user directory access
C_DA_CB_USERDIR_ACCESS="no"
# This will install bubblewrap/jailshell
C_DA_CB_INSTALL_SANDBOX="yes"
# This will use the mirror (files.directadmin.com should be the first to use)
# or set fastest for the server to select faster server (might not get latest build)
C_DA_CB_DOWNLOADSERVER=files.directadmin.com
# Option to install CSF using directadmin custombuild. If put no it will install manually from source
C_DA_CB_INSTALL_CSF="yes"
#---- End custombuild options.conf settings ----
#-----------------------------------------------

#-------------------------------------------------
# Start Directadmin OWNER account(s) information #
#-------------------------------------------------

C_DA_OWNER_CREATOR1="root"
C_DA_OWNER_ROLE1="admin"
# This variable use to restore directadmin owner backup
C_DA_OWNER_RESTORE_USER_BACKUP1=true
# C_DA_OWNER_NAME[N]:
# This variable defined the directadmin owner full name. The owner full name is the initial admin installation created during directadmin installation
# The last character of N from the variable C_DA_OWNER_NAMEN is the total number of user as owner. For example to define the second owner's full name the next variable will be: C_DA_OWNER_NAME2
# However, you are not supposed to declare more than 1 owner user. Currently owner should only have 1 user in the directadmin system but admin and user should can have multiple users
C_DA_OWNER_NAME1="Box Owner"
# C_DA_OWNER_USERNAME[N]:
# This variable defined directadmin owner username.
# The default username in directadmin is admin which is not secure. Setup will change the default directadmin username from admin into this value.
# You must set this variable other than admin, so directadmin will not contains any admin username for security reason
C_DA_OWNER_USERNAME1="owner47"
# DA_ADMIN_USERPASS is for DA admin dashboard password
C_DA_OWNER_USERPASS1="PASSWORD"
# DA owner email will use $ROOT_EMAIL variable above but we can declare here too for future reference
C_DA_OWNER_SYSTEM_EMAIL1="owner@codegix.com"
# Note 1: For security reason owner should not have domain or web interfaces (no domain = no email)
# Note 2: There must be only one owner account in directadmin (that is the original admin account of directadmin)
#         So, C_DA_OWNER must always have index of 1
#---- End directadmin OWNER account(s) information  ----
#-------------------------------------------------------

#-------------------------------------------------
# Start Directadmin ADMIN account(s) information #
#-------------------------------------------------
# Note 1: For security reason, admin should not have domain or web interfaces (no domain = no email)
# Note 2: For security reason, only 1 admin should be created (even directadmin supports multiple admin creation).
#         So, C_DA_ADMIN must always have index of 1
# Note 3: So you actually have 2 admin accounts from C_DA_OWNER and C_DA_ADMIN
# Creator can be username or specify variable
C_DA_ADMIN_CREATOR1="${C_DA_OWNER_USERNAME1}"
C_DA_ADMIN_ROLE1="admin"
C_DA_ADMIN_RESTORE_USER_BACKUP1=true
C_DA_ADMIN_NAME1="Box Admin"
C_DA_ADMIN_USERNAME1="admin49"
C_DA_ADMIN_USERPASS1="PASSWORD"
C_DA_ADMIN_SYSTEM_EMAIL1="admin@codegix.com"

#---- End directadmin ADMIN account(s) information  ----
#-------------------------------------------------------

#----------------------------------------------------
# Start Directadmin RESELLER account(s) information #
#----------------------------------------------------
# Note 1: This is the directadmin main reseller account. You must create at least one reseller here with index 1
# Note 2: You can create another multiple resellers by using the next index number 2 ... N. eg: C_DA_RESELLER_UNAME2
# Note 3: You can have unlimited directadmin reseller accounts creation (based on directadmin license) using this variable.
C_DA_RESELLER_CREATOR1="${C_DA_ADMIN_USERNAME1}"
C_DA_RESELLER_ROLE1="reseller"
C_DA_RESELLER_RESTORE_USER_BACKUP1=true
# This will check first if SSL is OK (from backup), then no need to restore SSL (also this is run when auto SSL is disable)
C_DA_RESELLER_RESTORE_USER_DOMAIN_SSL1=true
C_DA_RESELLER_NAME1="Masternom Corporation"
C_DA_RESELLER_USERNAME1="maxi47"
C_DA_RESELLER_USERPASS1="PASSWORD!@1"
C_DA_RESELLER_SYSTEM_EMAIL1="webmaster@masternom.com"
# This is the main reseller package
C_DA_RESELLER_PACKAGE_NAME1="RESELLER_UNLIMITED"
# Create user domain here, can declare multiple domains here. The first domain in array is the default domain
# This variable required at least one domain (subdomain is optional)
# You can add unlimited subdomain with format: <rootdomain>:<subdomain1.subdomain2>,<anothersubdomain>, ...
# eg: C_DA_RESELLER_DOMAIN[N]=("maxibi.com:sales,login" "hacker32.com:secure,download,file" "arafatx.com")C_DA_RESELLER_DOMAIN1=("sofibox.com:sales,login,secure,svn,api,help,dashboard")
# Put wildcard record for this domain. To disable just let this variable empty with ""
# Format <domain.com>:<anotherdomain.com>:<anotheronedomain.com>: ...
C_DA_RESELLER_DOMAIN1=("masternom.com" "sofinang.com")
# Put wildcard record for this domain. To disable just let this variable empty with ""
# Format <domain.com>:<anotherdomain.com>:<anotheronedomain.com>: ...
C_DA_RESELLER_WILDCARD_DOMAIN1=("sofinang.com")
# shared or assign - If shared, domain will use the main ip from the server. Whereas for assign, it will use one of the ips from resellers
C_DA_RESELLER_IP_TYPE1="shared"
C_DA_RESELLER_ENABLE_DOMAIN_SSL1="yes"
# Below required + symbol
C_DA_RESELLER_SSL_SUBDOMAIN1=("letsencrypt:masternom.com:www+ftp+mail+pop+smtp+sales+secure+login+svn+api+help+dashboard")

C_DA_RESELLER_MAIL_ACCOUNT1=(\
"webmaster@masternom.com|||PASSWORD" \
"info@masternom.com|||PASSWORD" \
)

#<domain_name>:<db_name>:<db_user>|||<db_password>
C_DA_RESELLER_DB_ACCOUNT1=( \
"masternom.com:wdbn:wuser|||PASSWORD" \
"masternom.com:wdbn:wuser2|||PASSWORD" \
)
# Whether to enable or disable modsecurity for the subdomain
C_DA_RESELLER_MODSEC1=("masternom.com:sales+OFF:login+ON")
# Whether to enable domain hsts (provide value for max-age)
C_DA_RESELLER_ENABLE_DOMAIN_HSTS1=true
# Whether to restore SSL certificate from previous domain
C_DA_RESELLER_RESTORE_PREVIOUS_DOMAIN_SSL1=true
#------------------------------------------------------------
# Create extra reseller here with ascending value starting from 2:
# eg: C_DA_ADMIN_UNAME2


#---- End directadmin RESELLER account(s) information  ----
#----------------------------------------------------------

#------------------------------------------------
# Start Directadmin USER account(s) information #
#------------------------------------------------
# Note 1: This is the directadmin main user account. You must create at least one user here with index 1
# Note 2: You can create another multiple users by using the next index number 2 ... N. eg: C_DA_USER_UNAME2
# Note 3: You can have unlimited directadmin user accounts creation (based on directadmin license) using this variable.

C_DA_USER_CREATOR1="${C_DA_RESELLER_USERNAME1}"
C_DA_USER_ROLE1="user"
# This will restore user profile from backup (this will auto restore SSL if exist)
C_DA_USER_RESTORE_USER_BACKUP1=true
C_DA_USER_RESTORE_USER_DOMAIN_SSL1=true
# Create user full name / company name
C_DA_USER_NAME1="Maxibi ICT Solutions"
# Create the main username (minimum 2 character, script will check this condition including the maximum username)
C_DA_USER_USERNAME1="maxi32"
# Create user password, must be maximum of 64 characters and does not contain the plus character [+] (script will check)
C_DA_USER_USERPASS1="PASSWORD"
# Create user system email, where is used for DA to send email, system email should only have 1 email
C_DA_USER_SYSTEM_EMAIL1="webmaster@maxibi.com"
# Create user domain here, can declare multiple domains here. The first domain in array is the default domain
# This variable required at least one domain (subdomain is optional)
# You can add unlimited subdomain with format: <rootdomain>:<subdomain1.subdomain2>,<anothersubdomain>, ...
# eg: C_DA_USER_DOMAIN[N]=("maxibi.com:sales,login" "hacker32.com:secure,download,file" "arafatx.com")
C_DA_USER_DOMAIN1=("maxibi.com:sales,login")
# Put wildcard record for the following domain(s). Specify in array form
# To disable just let this variable empty with ""
C_DA_USER_WILDCARD_DOMAIN1=("maxibi.com")
# user package name, make sure this package name is created first by reseller (the code will check for you)
C_DA_USER_PACKAGE_NAME1="USER_UNLIMITED"
# enable/disable ssl certificate for all domains for this user enable="yes", disable="no"
C_DA_USER_ENABLE_DOMAIN_SSL1="yes"
# Define SSL provider for each domain here to request SSL certificate based on the provider
# <ssl_provider>:<root_domain>:<subdomain1.subdomain2,subdomain2.subdomain3,unlimited.subdomain.other>
# Note 1: ssl_provider can be letsencrypt, digicert etc.
# Note 2: The root domain should be ssled by default
C_DA_USER_SSL_SUBDOMAIN1=("letsencrypt:maxibi.com:www,ftp,mail,pop,smtp,sales")
# Create user account email, separated with ||| between email and password
# You can also leave this variable empty to disable this. eg: C_DA_USER_MAIL_ACCOUNT1=() or C_DA_USER_MAIL_ACCOUNT1=""
C_DA_USER_MAIL_ACCOUNT1=(\
"webmaster@maxibi.com|||PASSWORD" \
"info@maxibi.com|||PASSWORD" \
"sales@maxibi.com|||PASSWORD" \
)

# Create user database here. If you specify the same database username (db_user), it will use existing database username to create new database
# if the next database info has repeated username, you can leave the password empty
#<domain_name>:<db_name>:<db_user>|||<db_password>
C_DA_USER_DB_ACCOUNT1=( \
"maxibi.com:wdb:wusr|||PASSWORD" \
)
# This option is to enable or disable MOD security for specific website
C_DA_USER_MODSEC1=("maxibi.com:sales+OFF:login+ON") #TODO
# This will automatically install website platform and configure recommend values based on the platform type and version
# Format: <domain>:<platform_name>:<platform_version>
# The first array before :, represents the main website
C_DA_USER_CUSTOM_WEB_CONFIG1=("maxibi.com:wordpress:5.7") #TODO
#------------------------------------------------------------
# Create extra user here with assending value starting from 2:
# eg: C_DA_USER_USERNAME2

# User 2 variables:
#C_DA_USER_CREATOR2=
#C_DA_USER_ROLE2=
#C_DA_USER_RESTORE_USER_BACKUP2=
#C_DA_USER_RESTORE_USER_DOMAIN_SSL2=
#C_DA_USER_NAME2=
#C_DA_USER_USERNAME2=
#C_DA_USER_USERPASS2=
#C_DA_USER_SYSTEM_EMAIL2=
#C_DA_USER_DOMAIN2=
#C_DA_USER_WILDCARD_DOMAIN2=
#C_DA_USER_PACKAGE_NAME2=
#C_DA_USER_ENABLE_DOMAIN_SSL2=
#C_DA_USER_SSL_SUBDOMAIN2=
#C_DA_USER_MAIL_ACCOUNT2=
#C_DA_USER_DB_ACCOUNT2=
#C_DA_USER_MODSEC2=
#C_DA_USER_CUSTOM_WEB_CONFIG2=

# ----------------------

#---- End directadmin USER account(s) information  ----
#------------------------------------------------------

############################# End directadmin related configuration #############################
#################################################################################################