From 559feac68f87dcb247a2445c7fff7fbf4dd93882 Mon Sep 17 00:00:00 2001 From: Bachir Soussi Chiadmi Date: Tue, 10 Apr 2018 21:26:39 +0200 Subject: [PATCH] updated readme --- install.sh | 172 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 172 insertions(+) create mode 100755 install.sh diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..9796a2b --- /dev/null +++ b/install.sh @@ -0,0 +1,172 @@ +#!/bin/sh +# bachir soussi chiadmi +# +# http://www.pontikis.net/blog/debian-9-stretch-rc3-web-server-setup-php7-mariadb +# http://web-74.com/blog/reseaux/gerer-le-deploiement-facilement-avec-git/ +# + +echo -e '\033[35m + ____ __ _ _____ + / __ \___ / /_ (_)___ _____ / ___/___ ______ _____ _____ + / / / / _ \/ __ \/ / __ `/ __ \ \__ \/ _ \/ ___/ | / / _ \/ ___/ + / /_/ / __/ /_/ / / /_/ / / / / ___/ / __/ / | |/ / __/ / +/_____/\___/_.___/_/\__,_/_/ /_/ /____/\___/_/ |___/\___/_/ + +\033[0m' +echo -e "\033[35;1mThis script has been tested only on Linux Debian 9 \033[0m" + +if [ "$EUID" -ne 0 ]; then + echo -e "Please run as root" + exit +fi + +echo -n "Should we start? [Y|n] " +read yn +yn=${yn:-y} +if [ "$yn" != "y" ]; then + echo -e "aborting script!" + exit +fi + +# get the current position +_cwd="$(pwd)" + +. bin/upgrade.sh +. bin/misc.sh +. bin/firewall.sh +. bin/fail2ban.sh +. bin/knockd.sh +. bin/user.sh +. bin/email.sh + +while [ "$securssh" != "yes" ] && [ "$securssh" != "no" ] +do +echo -n "Securing ssh (disabling root login)? [yes|no] " +read securssh +# securssh=${securssh:-y} +done +if [ "$securssh" = "yes" ]; then + . bin/ssh.sh +else + echo -e 'root user can still conect through ssh' +fi + + +echo -n "Should we install ftp server? [Y|n] " +read yn +yn=${yn:-y} +if [ "$yn" = "y" ]; then + . bin/ftp.sh +else + echo -e 'ftp server not installed' +fi + +while [ "$lemp" != "yes" ] && [ "$lemp" != "no" ] +do + echo -n "Should we install lemp ? [yes|no] " + read lemp +done +if [ "$lemp" = "yes" ]; then + . bin/lemp.sh +else + echo -e 'lemp server not installed' +fi + +while [ "$_install_vhost" != "yes" ] && [ "$_install_vhost" != "no" ] +do + echo -n "Should we install a vhost ? [yes|no] " + read _install_vhost +done +if [ "$_install_vhost" = "yes" ]; then + . bin/vhost.sh +else + echo -e 'no vhost installed' +fi + +while [ "$_install_zabbix_agent" != "yes" ] && [ "$_install_zabbix_agent" != "no" ] +do + echo -n "Should we install zabbix-agent ? [yes|no] " + read _install_zabbix_agent +done +if [ "$_install_zabbix_agent" = "yes" ]; then + . bin/zabbix.sh +else + echo -e 'zabbix-agent not installed' +fi + +# urbackup + +. bin/dotfiles.sh +. bin/autoupdate.sh + +# echo -e '\033[35m +# ______________ _______ +# /_ __/ ____/ |/ / __ \ +# / / / __/ / /|_/ / /_/ / +# / / / /___/ / / / ____/ +# /_/ /_____/_/ /_/_/ +# \033[0m' +# function check_tmp_secured { + +# temp1=`grep -w "/var/tempFS /tmp ext3 loop,nosuid,noexec,rw 0 0" /etc/fstab | wc -l` +# temp2=`grep -w "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" /etc/fstab | wc -l` + +# if [ $temp1 -gt 0 ] || [ $temp2 -gt 0 ]; then +# return 1 +# else +# return 0 +# fi +# } # End function check_tmp_secured + +# function secure_tmp_tmpfs { + +# cp /etc/fstab /etc/fstab.bak +# # Backup /tmp +# cp -Rpf /tmp /tmpbackup + +# rm -rf /tmp +# mkdir /tmp + +# mount -t tmpfs -o rw,noexec,nosuid tmpfs /tmp +# chmod 1777 /tmp +# echo -e "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" >> /etc/fstab + +# # Restore /tmp +# cp -Rpf /tmpbackup/* /tmp/ >/dev/null 2>&1 + +# #Remove old tmp dir +# rm -rf /tmpbackup + +# # Backup /var/tmp and link it to /tmp +# mv /var/tmp /var/tmpbackup +# ln -s /tmp /var/tmp + +# # Copy the old data back +# cp -Rpf /var/tmpold/* /tmp/ >/dev/null 2>&1 +# # Remove old tmp dir +# rm -rf /var/tmpbackup + +# echo -e "\033[35;1m /tmp and /var/tmp secured using tmpfs. \033[0m" +# } # End function secure_tmp_tmpfs + +# check_tmp_secured +# if [ $? = 0 ]; then +# secure_tmp_tmpfs +# else +# echo -e "\033[35;1mFunction canceled. /tmp already secured. \033[0m" +# fi + +# TODO add warning message on ssh connection if system needs updates + +# TODO install and configure tmux + + + +echo -e '\033[35m + __ + ___ ____ ____/ / + / _ \/ __ \/ __ / +/ __/ / / / /_/ / +\___/_/ /_/\__,_/ +\033[0m' +echo -e "\033[35;1m* * script done * * \033[0m"