Dryusdan
/
scripts-vrac
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
scripts-vrac/install_server.sh

97 lines
4.2 KiB
Bash
Raw Permalink Blame History

#!/bin/sh
#WIP
# Install screen first
# install build package
apt update
apt install -y zlib1g-dev zlib1g libpcre3 libpcre3-dev build-essential git autoconf curl wget apt-transport-https rsync lego iptables-persistent etckeeper openvpn
useradd -m -s /bin/bash dryusdan
cp -R /root/.ssh /home/dryusdan
chown -R dryusdan:dryusdan /home/dryusdan
sed -ie "s/PermitRootLogin yes/PermitRootLogin no/" /etc/ssh/sshd_config
sed -ie "s/#PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config
git clone https://git.drycat.fr/Dryusdan/scripts-vrac.git /tmp/install
sh /tmp/install/compilation/nginx_compile_deb.sh
mv /tmp/install/nginx /etc
cp /tmp/install/systemd/nginx.service /etc/systemd/system
mkdir -p /etc/nginx/ssl/private/
wget -O- https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.pem | tee -a /etc/nginx/ssl/private/letsencrypt-certs.pem
openssl dhparam -out /etc/nginx/ssl/private/dhparam.pem 4096
systemctl daemon-reload
systemctl enable nginx
systemctl start nginx
curl -sL https://repos.influxdata.com/influxdb.key | apt-key add -
echo "deb https://repos.influxdata.com/debian stretch stable" | tee /etc/apt/sources.list.d/influxdb.list
apt update
apt -y install telegraf
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A INPUT -p ipv6-icmp -j ACCEPT
ip6tables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
ip6tables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
ip6tables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
ip6tables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
ip6tables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
ip6tables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A OUTPUT -o lo -j ACCEPT
ip6tables -A OUTPUT -p icmp -j ACCEPT
ip6tables -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
ip6tables -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
ip6tables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
ip6tables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
ip6tables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
ip6tables -P INPUT DROP
ip6tables -P FORWARD DROP
ip6tables -P OUTPUT ACCEPT
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
apt install -y fail2ban
cp /tmp/install/fail2ban/jail.d/defaults-debian.conf /etc/fail2ban/jail.d/defaults-debian.conf
cp -R /tmp/install/nginx/* /etc/nginx
# install php ext ?
#apt install php-apcu php-bcmath php-cli-prompt php-common php-composer-ca-bundle php-composer-semver php-composer-spdx-licenses php-gmp php-json-schema php-pear php-psr-log php-symfony-console php-symfony-filesystem php-symfony-finder php-symfony-polyfill-mbstring php-symfony-process php-zip php7.0-bcmath php7.0-cli php7.0-common php7.0-curl php7.0-dev php7.0-fpm php7.0-gmp php7.0-gd php7.0-imap php7.0-intl php7.0-json php7.0-mcrypt php7.0-mbstring php7.0-mysql php7.0-opcache php7.0-pspell php7.0-readline php7.0-recode php7.0-tidy php7.0-xml php7.0-zip
# Install composer ?
#apt install composer
# Install yarn
#curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
#apt update
#apt-get install -y nodejs
#curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
#echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
#apt-get update
#apt-get install -y yarn
Reference in New Issue View Git Blame Copy Permalink