From ea975a2b6addf51056b5bd85d9623484881b7a9f Mon Sep 17 00:00:00 2001 From: Bachir Soussi Chiadmi Date: Tue, 20 Oct 2015 16:01:21 +0200 Subject: [PATCH] added proftpd install and config --- assets/proftpd.conf | 11 ++++++ install-debian-server.sh | 85 +++++++++++++++++++++++++++------------- readme.md | 13 +++--- 3 files changed, 74 insertions(+), 35 deletions(-) create mode 100644 assets/proftpd.conf diff --git a/assets/proftpd.conf b/assets/proftpd.conf new file mode 100644 index 0000000..7cd312a --- /dev/null +++ b/assets/proftpd.conf @@ -0,0 +1,11 @@ +ServerName "exemple" + + + RequireValidShell off + + +DefaultRoot ~ ftpuser + + + DenyGroup !ftpuser + diff --git a/install-debian-server.sh b/install-debian-server.sh index fc05a17..4d27526 100755 --- a/install-debian-server.sh +++ b/install-debian-server.sh @@ -59,8 +59,7 @@ echo '\033[35m echo "\033[35;1mInstalling harden \033[0m" sleep 3 apt-get install harden -echo "Harden instaled" -echo "\033[92;1m* * *\033[Om" +echo "\033[92;1mHarden instaled\033[Om" echo '\033[35m ______________ _______ _____ __ __ @@ -76,8 +75,7 @@ ufw allow ssh ufw allow http ufw enable ufw status verbose -echo "ufw installed and firwall configured" -echo "\033[92;1m* * *\033[Om" +echo "\033[92;1mufw installed and firwall configured\033[Om" echo '\033[35m ______ _ _____ __ @@ -89,8 +87,7 @@ echo '\033[35m echo "\033[35;1mInstalling fall2ban \033[0m" apt-get install fail2ban cat "$_cwd"/assets/fail2ban.jail.conf > /etc/fail2ban/jail.conf -echo "fail2ban installed and configured" -echo "\033[92;1m* * *\033[Om" +echo "\033[92;1mfail2ban installed and configured\033[Om" echo '\033[35m __ __ __ @@ -109,10 +106,9 @@ read sq2 sed -i "s/7000,8000,9000/$sq1/g" /etc/knockd.conf sed -i "s/9000,8000,7000/$sq2/g" /etc/knockd.conf sed -i 's/START_KNOCKD=0/START_KNOCKD=1/g' /etc/default/knockd -echo "knockd installed and configured" +echo "\033[92;1mknockd installed and configured\033[Om" echo "\033[92;1mplease note these sequences for future knocking\033[Om" echo "opening : $sq1 ; closing : $sq2" -echo "\033[92;1m* * *\033[Om" echo '\033[35m __ _______ __________ @@ -131,8 +127,7 @@ echo "adding $user to admin group and limiting su to the admin group" groupadd admin usermod -a -G admin "$user" dpkg-statoverride --update --add root admin 4750 /bin/su -echo "user $user configured" -echo "\033[92;1m* * *\033[Om" +echo "\033[92;1muser $user configured\033[Om" echo '\033[35m __________ __ __ @@ -153,15 +148,54 @@ if [ "$securssh" = "y" ]; then sed -i 's/PermitEmptyPasswords\ yes/PermitEmptyPasswords no/g' /etc/ssh/sshd_config sed -i 's/Protocol\ [0-9]/Protocol 2/g' /etc/ssh/sshd_config service ssh reload - echo "SSH secured" + echo "\033[92;1mSSH secured\033[Om" else echo 'root user can still conect through ssh' fi -echo "\033[92;1m* * *\033[Om" + +echo '\033[35m + ______ _______ _____ + | ____|__ __| __ \ + | |__ | | | |__) | + | __| | | | ___/ + | | | | | | + |_| |_| |_| +\033[0m' + +echo -n "Should we install ftp server? [Y|n] " +read yn +yn=${yn:-y} +if [ "$yn" != "y" ]; then + echo "installing proftpd" + apt-get install proftpd + while [ "$_server_name" = "" ] + do + read -p "enter a server name ? " _server_name + if [ "$_server_name" != "" ]; then + read -p "is server name $_server_name correcte [y|n] " validated + if [ "$validated" = "y" ]; then + break + else + _server_name="" + fi + fi + done + + echo "Configuring proftpd" + cp "$_cwd"/assets/proftpd.conf /etc/proftpd/conf.d/"$_server_name".conf + sed -ir "s/example/$_server_name/g" /etc/proftpd/conf.d/"$_server_name".conf + + ufw allow ftp + + addgroup ftpuser + echo "ftp installtion done" + echo "to permit to a user to connect through ftp, add him to the ftpuser group" + echo "FTP users are jailed on their home by default" + +fi # TODO : allow ssh/ftp connection only from given ips - echo "\033[35;1mInstalling AMP web server \033[0m" echo '\033[35m @@ -184,8 +218,7 @@ sed -i 's/\trotate .*/\trotate 10/' /etc/logrotate.d/apache2 sed -i 's/ServerTokens .*/ServerTokens Prod/' /etc/apache2/conf.d/security sed -i 's/ServerSignature .*/ServerSignature Off/' /etc/apache2/conf.d/security service apache2 restart -echo "Apache2 installed" -echo "\033[92;1m* * *\033[Om" +echo "\033[92;1mApache2 installed\033[Om" echo '\033[35m __ ___ __ @@ -199,8 +232,7 @@ echo "\033[35;1minstalling Mysql \033[0m" sleep 3 apt-get install mysql-server mysql_secure_installation -echo "mysql installed" -echo "\033[92;1m* * *\033[Om" +echo "\033[92;1mmysql installed\033[Om" echo '\033[35m ____ __ ______ @@ -228,8 +260,7 @@ mkdir /var/log/php chown www-data /var/log/php apt-get install php5-mysql -echo "php installed" -echo "\033[92;1m* * *\033[Om" +echo "\033[92;1mphp installed\033[Om" echo '\033[35m __ __ ___ ___ __ _ @@ -241,8 +272,8 @@ echo '\033[35m \033[0m' echo "\033[35;1mInstalling phpMyAdmin \033[0m" apt-get install phpmyadmin -echo "phpMyAdmin installed" -echo "\033[92;1m* * *\033[Om" +echo "include /etc/phpmyadmin/apache.conf" >> /etc/apache2/apache2.conf +echo "\033[92;1mphpMyAdmin installed\033[Om" echo '\033[35m __ __ @@ -293,11 +324,10 @@ if [ "$vh" = "y" ]; then #restart apache service apache2 restart - echo "vhost $_host_name configured" + echo "\033[92;1mvhost $_host_name configured\033[Om" else echo "Vhost installation aborted" fi -echo "\033[92;1m* * *\033[Om" echo '\033[35m ___ __ __ @@ -316,8 +346,7 @@ if [ $temp -lt 1 ]; then fi # Disable Awstats from executing every 10 minutes. Put a hash in front of any line. sed -i 's/^[^#]/#&/' /etc/cron.d/awstats -echo "Awstat installed" -echo "\033[92;1m* * *\033[Om" +echo "\033[92;1mAwstat installed\033[Om" # echo '\033[35m @@ -390,8 +419,8 @@ sleep 3 echo "cloning github.com/bachy/dotfiles-server" git clone git://github.com/bachy/dotfiles-server.git ~/.dotfiles-server && cd ~/.dotfiles-server && ./install.sh && cd ~ source ~/.bashrc -echo "done" -echo "\033[92;1m* * *\033[Om" +echo "\033[92;1mDot files installed for root, you should installed them manually for $USER\033[0m" + echo '\033[35m __ @@ -400,4 +429,4 @@ echo '\033[35m / __/ / / / /_/ / \___/_/ /_/\__,_/ \033[0m' -echo "\033[35;1m* * script done * *\033[0m" +echo "\033[35;1m* * script done * * \033[0m" diff --git a/readme.md b/readme.md index 776bec7..a0d3544 100644 --- a/readme.md +++ b/readme.md @@ -4,7 +4,7 @@ on a fresh install 1 install git ``` -sudo apt-get git +sudo apt-get install git ``` 2 clone the repo @@ -23,9 +23,8 @@ chmod a+x install-debian-server.sh ## ref -http://www.debian.org/doc/manuals/securing-debian-howto/ -https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics -https://www.linode.com/docs/websites/lamp/lamp-server-on-debian-7-wheezy -https://www.evernote.com/Home.action#n=28425519-ee9f-4efc-a13b-5426f4b31a78&ses=1&sh=5&sds=5&x=git%2520deploy& -https://github.com/Mins/TuxLite - +http://www.debian.org/doc/manuals/securing-debian-howto/ +https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics +https://www.linode.com/docs/websites/lamp/lamp-server-on-debian-7-wheezy +https://www.evernote.com/Home.action#n=28425519-ee9f-4efc-a13b-5426f4b31a78&ses=1&sh=5&sds=5&x=git%2520deploy& +https://github.com/Mins/TuxLite