185 lines
4.1 KiB
Bash
Executable File
185 lines
4.1 KiB
Bash
Executable File
#!/bin/sh
|
|
# bachir soussi chiadmi
|
|
#
|
|
# http://www.pontikis.net/blog/debian-9-stretch-rc3-web-server-setup-php7-mariadb
|
|
# http://web-74.com/blog/reseaux/gerer-le-deploiement-facilement-avec-git/
|
|
#
|
|
|
|
echo -e '\033[35m
|
|
____ __ _ _____
|
|
/ __ \___ / /_ (_)___ _____ / ___/___ ______ _____ _____
|
|
/ / / / _ \/ __ \/ / __ `/ __ \ \__ \/ _ \/ ___/ | / / _ \/ ___/
|
|
/ /_/ / __/ /_/ / / /_/ / / / / ___/ / __/ / | |/ / __/ /
|
|
/_____/\___/_.___/_/\__,_/_/ /_/ /____/\___/_/ |___/\___/_/
|
|
|
|
\033[0m'
|
|
echo -e "\033[35;1mThis script has been tested only on Linux Debian 10 \033[0m"
|
|
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "Please run as root"
|
|
exit
|
|
fi
|
|
|
|
echo -n "Should we start? [Y|n] "
|
|
read yn
|
|
yn=${yn:-y}
|
|
if [ "$yn" != "y" ]; then
|
|
echo "aborting script!"
|
|
exit
|
|
fi
|
|
|
|
# get the current position
|
|
_cwd="$(pwd)"
|
|
|
|
. bin/upgrade.sh
|
|
. bin/misc.sh
|
|
. bin/firewall.sh
|
|
. bin/fail2ban.sh
|
|
# . bin/knockd.sh
|
|
. bin/user.sh
|
|
. bin/email.sh
|
|
|
|
while [ "$securssh" != "yes" ] && [ "$securssh" != "no" ]
|
|
do
|
|
echo -n "Securing ssh (disabling root login)? [yes|no] "
|
|
read securssh
|
|
# securssh=${securssh:-y}
|
|
done
|
|
if [ "$securssh" = "yes" ]; then
|
|
. bin/ssh.sh
|
|
else
|
|
echo 'root user can still conect through ssh'
|
|
fi
|
|
|
|
|
|
echo -n "Should we install ftp server? [Y|n] "
|
|
read yn
|
|
yn=${yn:-y}
|
|
if [ "$yn" = "y" ]; then
|
|
. bin/ftp.sh
|
|
else
|
|
echo 'ftp server not installed'
|
|
fi
|
|
|
|
while [ "$lemp" != "yes" ] && [ "$lemp" != "no" ]
|
|
do
|
|
echo -n "Should we install lemp ? [yes|no] "
|
|
read lemp
|
|
done
|
|
if [ "$lemp" = "yes" ]; then
|
|
. bin/lemp.sh
|
|
else
|
|
echo 'lemp server not installed'
|
|
fi
|
|
|
|
while [ "$_install_vhost" != "yes" ] && [ "$_install_vhost" != "no" ]
|
|
do
|
|
echo -n "Should we install a vhost ? [yes|no] "
|
|
read _install_vhost
|
|
done
|
|
if [ "$_install_vhost" = "yes" ]; then
|
|
# TODO bug vhost.sh file does not exists ...
|
|
. bin/vhost.sh
|
|
else
|
|
echo 'no vhost installed'
|
|
fi
|
|
|
|
while [ "$_install_zabbix_agent" != "yes" ] && [ "$_install_zabbix_agent" != "no" ]
|
|
do
|
|
echo -n "Should we install zabbix-agent ? [yes|no] "
|
|
read _install_zabbix_agent
|
|
done
|
|
if [ "$_install_zabbix_agent" = "yes" ]; then
|
|
. bin/zabbix.sh
|
|
else
|
|
echo 'zabbix-agent not installed'
|
|
fi
|
|
|
|
while [ "$_install_urbackup" != "yes" ] && [ "$_install_urbackup" != "no" ]
|
|
do
|
|
echo -n "Should we install urbackup client ? [yes|no] "
|
|
read _install_urbackup
|
|
done
|
|
if [ "$_install_urbackup" = "yes" ]; then
|
|
. bin/urbackup.sh
|
|
else
|
|
echo 'urbackup client not installed'
|
|
fi
|
|
|
|
# ./install.sh: line 109: bin/dotfiles.sh: No such file or directory
|
|
. bin/dotfiles.sh
|
|
|
|
# . bin/autoupdate.sh
|
|
|
|
# echo -e '\033[35m
|
|
# ______________ _______
|
|
# /_ __/ ____/ |/ / __ \
|
|
# / / / __/ / /|_/ / /_/ /
|
|
# / / / /___/ / / / ____/
|
|
# /_/ /_____/_/ /_/_/
|
|
# \033[0m'
|
|
# function check_tmp_secured {
|
|
|
|
# temp1=`grep -w "/var/tempFS /tmp ext3 loop,nosuid,noexec,rw 0 0" /etc/fstab | wc -l`
|
|
# temp2=`grep -w "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" /etc/fstab | wc -l`
|
|
|
|
# if [ $temp1 -gt 0 ] || [ $temp2 -gt 0 ]; then
|
|
# return 1
|
|
# else
|
|
# return 0
|
|
# fi
|
|
# } # End function check_tmp_secured
|
|
|
|
# function secure_tmp_tmpfs {
|
|
|
|
# cp /etc/fstab /etc/fstab.bak
|
|
# # Backup /tmp
|
|
# cp -Rpf /tmp /tmpbackup
|
|
|
|
# rm -rf /tmp
|
|
# mkdir /tmp
|
|
|
|
# mount -t tmpfs -o rw,noexec,nosuid tmpfs /tmp
|
|
# chmod 1777 /tmp
|
|
# echo "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" >> /etc/fstab
|
|
|
|
# # Restore /tmp
|
|
# cp -Rpf /tmpbackup/* /tmp/ >/dev/null 2>&1
|
|
|
|
# #Remove old tmp dir
|
|
# rm -rf /tmpbackup
|
|
|
|
# # Backup /var/tmp and link it to /tmp
|
|
# mv /var/tmp /var/tmpbackup
|
|
# ln -s /tmp /var/tmp
|
|
|
|
# # Copy the old data back
|
|
# cp -Rpf /var/tmpold/* /tmp/ >/dev/null 2>&1
|
|
# # Remove old tmp dir
|
|
# rm -rf /var/tmpbackup
|
|
|
|
# echo -e "\033[35;1m /tmp and /var/tmp secured using tmpfs. \033[0m"
|
|
# } # End function secure_tmp_tmpfs
|
|
|
|
# check_tmp_secured
|
|
# if [ $? = 0 ]; then
|
|
# secure_tmp_tmpfs
|
|
# else
|
|
# echo -e "\033[35;1mFunction canceled. /tmp already secured. \033[0m"
|
|
# fi
|
|
|
|
# TODO add warning message on ssh connection if system needs updates
|
|
|
|
# TODO install and configure tmux
|
|
|
|
|
|
|
|
echo -e '\033[35m
|
|
__
|
|
___ ____ ____/ /
|
|
/ _ \/ __ \/ __ /
|
|
/ __/ / / / /_/ /
|
|
\___/_/ /_/\__,_/
|
|
\033[0m'
|
|
echo -e "\033[35;1m* * script done * * \033[0m"
|