bachir/debion-web-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/bachy/debian-lamp

Browse Source
This commit is contained in:
root
2015-03-12 23:48:33 +01:00
parent 1e22b92b85 8ff23dab0e
commit 090a9ea0a6
2 changed files with 82 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

167
install-debian-server.sh
View File

@@ -7,14 +7,14 @@
# http://web-74.com/blog/reseaux/gerer-le-deploiement-facilement-avec-git/
#
echo '\033[95m
____ __ _ _ __ ____
/ __ \___ / /_ (_)___ _____ ________ ______ _____ _____ (_)___ _____/ /_____ _/ / /
/ / / / _ \/ __ \/ / __ `/ __ \ / ___/ _ \/ ___/ | / / _ \/ ___/ / / __ \/ ___/ __/ __ `/ / /
/ /_/ / __/ /_/ / / /_/ / / / / (__ ) __/ / | |/ / __/ / / / / / (__ ) /_/ /_/ / / /
/_____/\___/_.___/_/\__,_/_/ /_/ /____/\___/_/ |___/\___/_/ /_/_/ /_/____/\__/\__,_/_/_/
echo '
____ __ _ _____
/ __ \___ / /_ (_)___ _____ / ___/___ ______ _____ _____
/ / / / _ \/ __ \/ / __ `/ __ \ \__ \/ _ \/ ___/ | / / _ \/ ___/
/ /_/ / __/ /_/ / / /_/ / / / / ___/ / __/ / | |/ / __/ /
/_____/\___/_.___/_/\__,_/_/ /_/ /____/\___/_/ |___/\___/_/
\033[0m'
'
echo "\033[35;1mThis script has been tested only on Linux Debian 7 \033[0m"
echo "Please run this script as root"
@@ -26,41 +26,39 @@ if [ "$yn" != "y" ]; then
exit
fi
echo '\033[95m
echo '
__ ______ __________ ___ ____ ______
/ / / / __ \/ ____/ __ \/ | / __ \/ ____/
/ / / / /_/ / / __/ /_/ / /| | / / / / __/
/ /_/ / ____/ /_/ / _, _/ ___ |/ /_/ / /___
\____/_/ \____/_/ |_/_/ |_/_____/_____/
\033[0m'
'
apt-get update
apt-get upgrade
# get the current position
_cwd="$(pwd)"
echo '\033[95m
echo '
__ _____ ____ ____ _______ __
/ / / / | / __ \/ __ \/ ____/ | / /
/ /_/ / /| | / /_/ / / / / __/ / |/ /
/ __ / ___ |/ _, _/ /_/ / /___/ /| /
/_/ /_/_/ |_/_/ |_/_____/_____/_/ |_/
\033[0m'
'
echo "\033[35;1mInstalling harden \033[0m"
sleep 3
apt-get install harden
echo "Harden instaled"
echo "033[92;1m* * *033[Om"
echo '\033[95m
echo '
______________ _______ _____ __ __
/ ____/ _/ __ \/ ____/ | / / | / / / /
/ /_ / // /_/ / __/ | | /| / / /| | / / / /
/ __/ _/ // _, _/ /___ | |/ |/ / ___ |/ /___/ /___
/_/ /___/_/ |_/_____/ |__/|__/_/ |_/_____/_____/
\033[0m'
'
echo "\033[35;1mInstalling ufw and setup firewall (allowing only ssh and http) \033[0m"
sleep 3
apt-get install ufw
@@ -71,14 +69,13 @@ ufw status verbose
echo "ufw installed and firwall configured"
echo "033[92;1m* * *033[Om"
echo '\033[95m
echo '
__ _______ __________
/ / / / ___// ____/ __ \
/ / / /\__ \/ __/ / /_/ /
/ /_/ /___/ / /___/ _, _/
\____//____/_____/_/ |_|
\033[0m'
'
echo "\033[35;1mCreate new user (you will be asked a user name and a password) \033[0m"
sleep 3
echo -n "Enter user name: "
@@ -92,14 +89,13 @@ dpkg-statoverride --update --add root admin 4750 /bin/su
echo "user $user configured"
echo "033[92;1m* * *033[Om"
echo '\033[95m
echo '
__________ __ __
/ ___/ ___// / / /
\__ \\__ \/ /_/ /
___/ /__/ / __ /
/____/____/_/ /_/
\033[0m'
'
while [ "$securssh" != "y" ] && [ "$securssh" != "n" ]
do
echo -n "Securing ssh (disabling root login)? [y|n] "
@@ -121,15 +117,14 @@ echo "033[92;1m* * *033[Om"
echo "\033[35;1mInstalling AMP web server \033[0m"
echo '\033[95m
echo '
___ __ ___
/ | ____ ____ ______/ /_ ___ |__ \
/ /| | / __ \/ __ `/ ___/ __ \/ _ \__/ /
/ ___ |/ /_/ / /_/ / /__/ / / / __/ __/
/_/ |_/ .___/\__,_/\___/_/ /_/\___/____/
/_/
\033[0m'
'
echo "\033[35;1mInstalling Apache2 \033[0m"
sleep 3
apt-get install apache2
@@ -145,15 +140,14 @@ service apache2 restart
echo "Apache2 installed"
echo "033[92;1m* * *033[Om"
echo '\033[95m
echo '
__ ___ __
/ |/ /_ ___________ _/ /
/ /|_/ / / / / ___/ __ `/ /
/ / / / /_/ (__ ) /_/ / /
/_/ /_/\__, /____/\__, /_/
/____/ /_/
\033[0m'
'
echo "\033[35;1minstalling Mysql \033[0m"
sleep 3
apt-get install mysql-server
@@ -161,14 +155,13 @@ mysql_secure_installation
echo "mysql installed"
echo "033[92;1m* * *033[Om"
echo '\033[95m
echo '
____ __ ______
/ __ \/ / / / __ \
/ /_/ / /_/ / /_/ /
/ ____/ __ / ____/
/_/ /_/ /_/_/
\033[0m'
'
echo "\033[35;1mInstalling PHP \033[0m"
sleep 3
apt-get install php5 php-pear php5-gd
@@ -191,28 +184,26 @@ apt-get install php5-mysql
echo "php installed"
echo "033[92;1m* * *033[Om"
echo '\033[95m
echo '
__ __ ___ ___ __ _
____ / /_ ____ / |/ /_ __/ | ____/ /___ ___ (_)___
/ __ \/ __ \/ __ \/ /|_/ / / / / /| |/ __ / __ `__ \/ / __ \
/ /_/ / / / / /_/ / / / / /_/ / ___ / /_/ / / / / / / / / / /
/ .___/_/ /_/ .___/_/ /_/\__, /_/ |_\__,_/_/ /_/ /_/_/_/ /_/
/_/ /_/ /____/
\033[0m'
'
echo "\033[35;1mInstalling phpMyAdmin \033[0m"
apt-get install phpmyadmin
echo "phpMyAdmin installed"
echo "033[92;1m* * *033[Om"
echo '\033[95m
echo '
__ __
_ __/ /_ ____ _____/ /_
| | / / __ \/ __ \/ ___/ __/
| |/ / / / / /_/ (__ ) /_
|___/_/ /_/\____/____/\__/
\033[0m'
'
echo "\033[35;1mVHOST install \033[0m"
while [ "$vh" != "y" ] && [ "$vh" != "n" ]
do
@@ -261,14 +252,13 @@ else
fi
echo "033[92;1m* * *033[Om"
echo '\033[95m
echo '
___ __ __
/ |_ _______/ /_____ _/ /_
/ /| | | /| / / ___/ __/ __ `/ __/
/ ___ | |/ |/ (__ ) /_/ /_/ / /_
/_/ |_|__/|__/____/\__/\__,_/\__/
\033[0m'
'
echo "\033[35;1mInstalling Awstat \033[0m"
sleep 3
apt-get install awstats
@@ -283,73 +273,71 @@ echo "Awstat installed"
echo "033[92;1m* * *033[Om"
echo '\033[95m
______________ _______
/_ __/ ____/ |/ / __ \
/ / / __/ / /|_/ / /_/ /
/ / / /___/ / / / ____/
/_/ /_____/_/ /_/_/
\033[0m'
# echo '
# ______________ _______
# /_ __/ ____/ |/ / __ \
# / / / __/ / /|_/ / /_/ /
# / / / /___/ / / / ____/
# /_/ /_____/_/ /_/_/
# '
# function check_tmp_secured {
function check_tmp_secured {
# temp1=`grep -w "/var/tempFS /tmp ext3 loop,nosuid,noexec,rw 0 0" /etc/fstab | wc -l`
# temp2=`grep -w "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" /etc/fstab | wc -l`
temp1=`grep -w "/var/tempFS /tmp ext3 loop,nosuid,noexec,rw 0 0" /etc/fstab | wc -l`
temp2=`grep -w "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" /etc/fstab | wc -l`
# if [ $temp1 -gt 0 ] || [ $temp2 -gt 0 ]; then
# return 1
# else
# return 0
# fi
# } # End function check_tmp_secured
if [ $temp1 -gt 0 ] || [ $temp2 -gt 0 ]; then
return 1
else
return 0
fi
} # End function check_tmp_secured
# function secure_tmp_tmpfs {
function secure_tmp_tmpfs {
# cp /etc/fstab /etc/fstab.bak
# # Backup /tmp
# cp -Rpf /tmp /tmpbackup
cp /etc/fstab /etc/fstab.bak
# Backup /tmp
cp -Rpf /tmp /tmpbackup
# rm -rf /tmp
# mkdir /tmp
rm -rf /tmp
mkdir /tmp
# mount -t tmpfs -o rw,noexec,nosuid tmpfs /tmp
# chmod 1777 /tmp
# echo "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" >> /etc/fstab
mount -t tmpfs -o rw,noexec,nosuid tmpfs /tmp
chmod 1777 /tmp
echo "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" >> /etc/fstab
# # Restore /tmp
# cp -Rpf /tmpbackup/* /tmp/ >/dev/null 2>&1
# Restore /tmp
cp -Rpf /tmpbackup/* /tmp/ >/dev/null 2>&1
# #Remove old tmp dir
# rm -rf /tmpbackup
#Remove old tmp dir
rm -rf /tmpbackup
# # Backup /var/tmp and link it to /tmp
# mv /var/tmp /var/tmpbackup
# ln -s /tmp /var/tmp
# Backup /var/tmp and link it to /tmp
mv /var/tmp /var/tmpbackup
ln -s /tmp /var/tmp
# # Copy the old data back
# cp -Rpf /var/tmpold/* /tmp/ >/dev/null 2>&1
# # Remove old tmp dir
# rm -rf /var/tmpbackup
# Copy the old data back
cp -Rpf /var/tmpold/* /tmp/ >/dev/null 2>&1
# Remove old tmp dir
rm -rf /var/tmpbackup
# echo -e "\033[35;1m /tmp and /var/tmp secured using tmpfs. \033[0m"
# } # End function secure_tmp_tmpfs
echo -e "\033[35;1m /tmp and /var/tmp secured using tmpfs. \033[0m"
} # End function secure_tmp_tmpfs
# check_tmp_secured
# if [ $? = 0 ]; then
# secure_tmp_tmpfs
# else
# echo -e "\033[35;1mFunction canceled. /tmp already secured. \033[0m"
# fi
check_tmp_secured
if [ $? = 0 ]; then
secure_tmp_tmpfs
else
echo -e "\033[35;1mFunction canceled. /tmp already secured. \033[0m"
fi
echo '\033[95m
echo '
____ __
/ __ \_________ ____ ___ ____ / /_
/ /_/ / ___/ __ \/ __ `__ \/ __ \/ __/
/ ____/ / / /_/ / / / / / / /_/ / /_
/_/ /_/ \____/_/ /_/ /_/ .___/\__/
/_/
\033[0m'
'
#installing better prompt and some goodies for root
echo "\033[35;1mInstalling shell prompt for root \033[0m"
sleep 3
@@ -358,12 +346,11 @@ source ~/.bashrc
echo "done"
echo "033[92;1m* * *033[Om"
echo '\033[95m
echo '
__
___ ____ ____/ /
/ _ \/ __ \/ __ /
/ __/ / / / /_/ /
\___/_/ /_/\__,_/
\033[0m'
'
echo "\033[35;1m* * script done * * \033[0m"

9
readme.md
View File

@@ -23,8 +23,9 @@ chmod a+x install-debian-server.sh
## ref
http://www.debian.org/doc/manuals/securing-debian-howto/
https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics
https://www.linode.com/docs/websites/lamp/lamp-server-on-debian-7-wheezy
https://www.evernote.com/Home.action#n=28425519-ee9f-4efc-a13b-5426f4b31a78&ses=1&sh=5&sds=5&x=git%2520deploy&
http://www.debian.org/doc/manuals/securing-debian-howto/
https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics
https://www.linode.com/docs/websites/lamp/lamp-server-on-debian-7-wheezy
https://www.evernote.com/Home.action#n=28425519-ee9f-4efc-a13b-5426f4b31a78&ses=1&sh=5&sds=5&x=git%2520deploy&
https://github.com/Mins/TuxLite