mysql_secure_installation

This commit is contained in:
Valentin 2024-02-23 15:46:03 +01:00
parent 4d93ea875c
commit 52b1f7d496
1 changed files with 33 additions and 13 deletions

View File

@ -1,10 +1,10 @@
#!/bin/bash #!/bin/bash
RED='\033[1;31m' PURPLE='\033[35m'
BOLD='\033[1m' BOLD='\033[1m'
RESET='\033[0m' RESET='\033[0m'
echo -e "${RED}${BOLD}Deployment Debian + Caddy + Directus + Nuxt${RESET}" echo -e "${PURPLE}${BOLD}Deployment Debian + Caddy + Directus + Nuxt${RESET}"
if [ "$EUID" -ne 0 ]; then if [ "$EUID" -ne 0 ]; then
echo "Please run as root" echo "Please run as root"
@ -14,10 +14,10 @@ fi
# #
# USER # USER
# #
echo -e "${RED}${BOLD}Create a user ? (y/n) ${RESET}" echo -e "${PURPLE}${BOLD}Create a user ? (y/n) ${RESET}"
read answer read answer
if [[ "$answer" == "y" ]]; then if [[ "$answer" == "y" ]]; then
echo -e "${RED}${BOLD}Create user${RESET}" echo -e "${PURPLE}${BOLD}Create user${RESET}"
read -p "Enter username: " username read -p "Enter username: " username
@ -26,7 +26,7 @@ if [[ "$answer" == "y" ]]; then
exit 1 exit 1
fi fi
echo -e "${RED}${BOLD}Generate and store the password somewhere safe${RESET}" echo -e "${PURPLE}${BOLD}Generate and store the password somewhere safe${RESET}"
read -s -p "Enter password: " password read -s -p "Enter password: " password
echo echo
useradd -m "$username" useradd -m "$username"
@ -35,16 +35,16 @@ if [[ "$answer" == "y" ]]; then
usermod -aG sudo $username usermod -aG sudo $username
echo -e "${RED}${BOLD}User '$username' created with password successfully.${RESET}" echo -e "${PURPLE}${BOLD}User '$username' created with password successfully.${RESET}"
fi fi
# #
# SSH # SSH
# #
echo -e "${RED}${BOLD}Setup SSH ? (y/n) ${RESET}" echo -e "${PURPLE}${BOLD}Setup SSH ? (y/n) ${RESET}"
read answer read answer
if [[ "$answer" == "y" ]]; then if [[ "$answer" == "y" ]]; then
echo -e "${RED}${BOLD}Setup SSH${RESET}" echo -e "${PURPLE}${BOLD}Setup SSH${RESET}"
touch /etc/ssh/sshd_config.d/custom.conf touch /etc/ssh/sshd_config.d/custom.conf
echo "PermitRootLogin no" >> /etc/ssh/sshd_config.d/custom.conf echo "PermitRootLogin no" >> /etc/ssh/sshd_config.d/custom.conf
@ -55,10 +55,10 @@ fi
# #
# FIREWALL AND FAIL2BAN # FIREWALL AND FAIL2BAN
# #
echo -e "${RED}${BOLD}Setup Firewall and Fail2ban ? (y/n) ${RESET}" echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban ? (y/n) ${RESET}"
read answer read answer
if [[ "$answer" == "y" ]]; then if [[ "$answer" == "y" ]]; then
echo -e "${RED}${BOLD}Setup Firewall and Fail2ban${RESET}" echo -e "${PURPLE}${BOLD}Setup Firewall and Fail2ban${RESET}"
apt install -y ufw fail2ban apt install -y ufw fail2ban
systemctl enable fail2ban systemctl enable fail2ban
ufw allow ssh ufw allow ssh
@ -70,15 +70,15 @@ fi
# TODO : ZABBIX AND URBACKUP # TODO : ZABBIX AND URBACKUP
# #
echo -e "${RED}${BOLD}TODO : Zabbix and Urbackup${RESET}" echo -e "${PURPLE}${BOLD}TODO : Zabbix and Urbackup${RESET}"
# #
# CADDY # CADDY
# #
echo -e "${RED}${BOLD}Install Caddy webserver ? (y/n) ${RESET}" echo -e "${PURPLE}${BOLD}Install Caddy webserver ? (y/n) ${RESET}"
read answer read answer
if [[ "$answer" == "y" ]]; then if [[ "$answer" == "y" ]]; then
echo -e "${RED}${BOLD}Install Caddy Webserver${RESET}" echo -e "${PURPLE}${BOLD}Install Caddy Webserver${RESET}"
apt install -y debian-keyring debian-archive-keyring apt-transport-https curl apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
@ -86,3 +86,23 @@ if [[ "$answer" == "y" ]]; then
apt install -y caddy apt install -y caddy
fi fi
#
# MARIADB
#
echo -e "${PURPLE}${BOLD}Install MariaDB ? (y/n) ${RESET}"
read answer
if [[ "$answer" == "y" ]]; then
apt install -y mariadb-server
echo -e "${PURPLE}${BOLD}Generate and store the password somewhere safe${RESET}"
echo -e "${PURPLE}${BOLD}Enter the MariaDB root password : ${RESET}"
read -s db_root_password
echo
echo "$db_root_password" | mysql_secure_installation
fi
echo -e "${PURPLE}${BOLD}Setup Directus database ? (y/n) ${RESET}"
read answer
if [[ "$answer" == "y" ]]; then
echo "yooooo"
fi