adding

install.sh

@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+#
+# install mcp
+#
+#
+
+set -o errexit
+set -o pipefail
+set -o nounset
+
+# installing dependencies
+apt update
+apt upgrade -y
+apt install -y git unzip curl ufw fail2ban cockpit
+
+systemctl start cockpit
+
+#
+# configure ufw and start
+#
+#
+ufw allow ssh
+ufw allow 9090/tcp
+
+service ufw start
+echo "y" | ufw enable
+
+#
+# configure fail2ban and start
+#
+#
+cat > /etc/fail2ban/jail.local << EOF
+[default]
+# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
+# ban a host which matches an address in this list. Several addresses can be
+# defined using space separator.
+ignoreip = 127.0.0.1/8
+
+# "bantime" is the number of seconds that a host is banned.
+bantime = 3600
+
+banaction = ufw
+
+# The length of time between login attempts before a ban is set.
+# For example, if Fail2ban is set to ban an IP after five (3) failed log-in attempts,
+# those 3 attempts must occur within the set 10-minute findtime limit.
+# The findtime value should be a set number of seconds.
+findtime = 600
+
+maxretry = 5
+
+[ssh]
+enabled  = true
+port     = ssh
+filter   = sshd
+logpath  = /var/log/auth-fail2ban.log
+EOF
+
+cp resources/fail2ban/filter.d/* /etc/fail2ban/filter.d
+touch /var/log/fail2ban.log
+service fail2ban start
+
+echo -e "mcp installed"

node.js

@@ -0,0 +1 @@
+spawn('curl -sL https://deb.nodesource.com/setup_' + $version + '.x | sudo -E bash -')

resources/fail2ban/filter.d/gitea-auth.conf

@@ -0,0 +1,3 @@
+[Definition]
+failregex =  .*Failed authentication attempt for .* from <HOST>
+ignoreregex =

resources/fail2ban/filter.d/woocommerce-auth.conf

@@ -0,0 +1,8 @@
+# woocommerce auth failed 
+
+[INCLUDES]
+before = common.conf
+
+[Definition]
+failregex = <HOST>.*POST.*(/account/).* 200
+ignoreregex =

resources/fail2ban/filter.d/wordpress-auth.conf

@@ -0,0 +1,8 @@
+# wordpress login failed 
+
+[INCLUDES]
+before = common.conf
+
+[Definition]
+failregex = <HOST>.*POST.*(wp-login\.php|xmlrpc\.php).* 200
+ignoreregex =

resources/fail2ban/jail.d/gitea.conf

@@ -0,0 +1,9 @@
+#
+
+[gitea]
+
+enabled  = true
+filter   = gitea
+port     = http,https
+logpath  = /var/lib/gitea/log/gitea.log
+maxretry = 3

resources/fail2ban/jail.d/mysql-auth.conf

@@ -0,0 +1,6 @@
+[mysqld-auth]
+
+enabled = true
+filter   = mysqld-auth
+port     = 3306
+logpath  = /var/log/mysql/error.log

resources/fail2ban/jail.d/nginx-badbots.conf

@@ -0,0 +1,9 @@
+# stop some known malicious bot request patterns
+
+[nginx-badbots]
+
+enabled  = true
+port     = http,https
+filter   = apache-badbots
+logpath  = /var/log/nginx/*access.log
+maxretry = 2

resources/fail2ban/jail.d/nginx-botsearch.conf

@@ -0,0 +1,7 @@
+[nginx-botsearch]
+
+enabled  = true
+port     = http,https
+filter   = nginx-botsearch
+logpath  = /var/log/nginx/*access.log
+maxretry = 2

resources/fail2ban/jail.d/nginx-http-auth.conf

@@ -0,0 +1,9 @@
+# ban clients that are searching for scripts on the website to execute and exploit,
+# only using if php not in use
+
+[nginx-http-auth]
+
+enabled  = true
+filter   = nginx-http-auth
+port     = http,https
+logpath  = /var/log/nginx/*error.log

resources/fail2ban/jail.d/nginx-nohome.conf

@@ -0,0 +1,7 @@
+[nginx-nohome]
+
+enabled  = true
+port     = http,https
+filter   = apache-nohome
+logpath  = /var/log/nginx/*access.log
+maxretry = 2

resources/fail2ban/jail.d/nginx-noscript.conf

@@ -0,0 +1,7 @@
+[nginx-noscript]
+
+enabled  = true
+port     = http,https
+filter   = apache-noscript
+logpath  = /var/log/nginx/*access.log
+maxretry = 2

resources/fail2ban/jail.d/nginx-req-limit.conf

@@ -0,0 +1,10 @@
+# dos 
+
+[nginx-req-limit]
+
+enabled  = true
+filter   = nginx-req-limit
+logpath  = /var/log/nginx/*error.log
+findtime = 600
+bantime  = 7200
+maxretry = 10

resources/fail2ban/jail.d/woocommerce.conf

@@ -0,0 +1,9 @@
+# 
+
+[woocommerce]
+
+enabled  = true
+port     = http,https
+filter   = woocommerce-auth
+logpath  = /var/log/nginx/*access.log
+maxretry = 3

resources/fail2ban/jail.d/wordpress.conf

@@ -0,0 +1,7 @@
+[wordpress]
+
+enabled  = true
+port     = http,https
+filter   = wordpress-auth
+logpath  = /var/log/nginx/*access.log
+maxretry = 3

resources/imateapot/_config.scss

@@ -0,0 +1 @@
+$color__body: white;

resources/imateapot/package.json

@@ -0,0 +1,17 @@
+{
+  "private": true,
+  "devDependencies": {
+    "html-webpack-plugin": "^5.5.0",
+    "laravel-mix": "^6.0.43",
+    "laravel-mix-purgecss": "^6.0.0",
+    "postcss-css-variables": "^0.18.0",
+    "resolve-url-loader": "^5.0.0",
+    "sass": "^1.49.9",
+    "sass-loader": "^12.6.0",
+    "svg-spritemap-webpack-plugin": "^4.4.0",
+    "svgo": "^2.8.0"
+  },
+  "dependencies": {
+    "@tiny-components/plain-ui": "^0.6.0"
+  }
+}

resources/imateapot/public/index.html

@@ -0,0 +1,20 @@
+<!doctype html>
+<html lang="en_EN">
+
+<head>
+    <meta charset="utf-8">
+    <meta http-equiv="x-ua-compatible" content="ie=edge">
+    <title>
+        I'm a Teapot
+    </title>
+    <meta name="viewport" content="width=device-width,initial-scale=1">
+    <link rel="stylesheet" href="/styles.css">
+</head>
+
+<body>
+    <main class="site-main">
+        <img class="teapot" src="/teapot.gif" width="675" height="450" alt="This is a Teapot" />
+    </main>
+</body>
+
+</html>

resources/imateapot/public/mix-manifest.json

@@ -0,0 +1,3 @@
+{
+    "/styles.css": "/styles.css?id=21756765218b7d9f7e87c67327b856fb"
+}

resources/imateapot/public/robots.txt

@@ -0,0 +1,2 @@
+User-agent: *
+Disallow: /

resources/imateapot/public/styles.css

@@ -0,0 +1 @@
+@font-face{font-display:swap;font-family:IBM Plex Mono;font-style:normal;font-weight:400;src:url(IBMPlexMono.eot);src:url(IBMPlexMono.eot?#iefix) format("embedded-opentype"),url(IBMPlexMono.woff2) format("woff2"),url(IBMPlexMono.woff) format("woff"),url(IBMPlexMono.ttf) format("truetype")}@font-face{font-display:swap;font-family:IBM Plex Mono;font-style:normal;font-weight:700;src:url(IBMPlexMono-Bold.eot);src:url(IBMPlexMono-Bold.eot?#iefix) format("embedded-opentype"),url(IBMPlexMono-Bold.woff2) format("woff2"),url(IBMPlexMono-Bold.woff) format("woff"),url(IBMPlexMono-Bold.ttf) format("truetype")}:root{--grid-columns:12;--grid-grid-spacing:15px;--grid-xs:576px;--grid-sm:768px;--grid-md:992px;--grid-lg:1200px;--grid-xlg:1600px;--grid-xxs-max:575px;--grid-xs-max:767px;--grid-sm-max:991px;--grid-md-max:1199px;--grid-lg-max:1599px;--body:#fff;--text:#363636;--text-contrast:#fff;--primary:#3e3e3e;--primary-contrast:#3e3e3e;--active:#717171;--active-contrast:#fff;--link:#363636;--link-hover:#d95959;--danger:#d95959;--danger-contrast:#ecacac;--info:#0090d4;--info-constrast:#3bc0ff;--success:#64ac64;--success-contrast:#a6d0a6;--warning:#f0ad4e;--warning-contrast:#f8d9ac;--background:#3e3e3e;--background-contrast:#fff;--background-alpha:rgba(0,0,0,.7);--border:#3e3e3e;--border-contrast:#fff;--font-family:IBM Plex Mono,sans-serif}html{-webkit-text-size-adjust:100%;font-size:100%;line-height:1.15}body,html{height:100%;margin:0}html{box-sizing:border-box}body{background-color:var(--body);color:var(--text);direction:ltr;font-family:var(--font-family);font-size:.9rem;line-height:1.618}@media only screen and (min-width:992px){body{font-size:1rem}}a{color:var(--link);text-decoration:none;transition:color .5s}a:hover{color:var(--link-hover)}a:focus{outline:none}main{display:block}*,:after,:before{box-sizing:inherit}.content a{-webkit-text-decoration-skip:ink edges;text-decoration-skip:ink edges;text-decoration:underline}@-webkit-keyframes loading-animation{0%{height:60px}50%{height:40px}to{height:60px}}@keyframes loading-animation{0%{height:60px}50%{height:40px}to{height:60px}}.color-active{color:var(--active)}.fill-active,.fill-active svg{fill:var(--active)}.border-color-active{border-color:var(--active)}.background-color-active{background-color:var(--active)}.site-main{align-items:center;display:flex;height:100%;justify-content:center;width:100%}@media only screen and (max-width:575px){.teapot{height:auto;width:100%}}@media only screen and (min-width:576px) and (max-width:767px){.teapot{height:auto;width:100%}}@media only screen and (min-width:768px) and (max-width:991px){.teapot{height:auto;width:100%}}

resources/imateapot/styles.scss

@@ -0,0 +1,28 @@
+@import
+    'config',
+    '@tiny-components/plain-ui/src/scss/plain-ui';
+
+.site-main {
+    width: 100%;
+    height: 100%;
+    display: flex;
+    justify-content: center;
+    align-items: center;
+}
+
+.teapot {
+    @include media-xxs-only() {
+        width: 100%;
+        height: auto;
+    }
+
+    @include media-xs-only() {
+        width: 100%;
+        height: auto;
+    }
+
+    @include media-sm-only() {
+        width: 100%;
+        height: auto;
+    }
+}

resources/imateapot/webpack.mix.js

@@ -0,0 +1,34 @@
+const mix = require('laravel-mix')
+const path = require('path')
+const fs = require('fs')
+
+require('laravel-mix-purgecss')
+
+/*
+ |--------------------------------------------------------------------------
+ | Mix Asset Management
+ |--------------------------------------------------------------------------
+ |
+ | Mix provides a clean, fluent API for defining some Webpack build steps
+ | for your Laravel application. By default, we are compiling the Sass
+ | file for your application, as well as bundling up your JS files.
+ |
+ */
+
+mix
+    .options({
+        terser: {
+            extractComments: false,
+        },
+        processCssUrls: false
+    })
+    .setPublicPath('./public')
+    .sass('styles.scss', 'public/styles.css')
+    .purgeCss({
+        extend: {
+            content: [
+                path.join(__dirname, 'public/*.html'),
+            ]
+        }
+    })
+    .version()