updated readme

install.sh

@@ -0,0 +1,172 @@
+#!/bin/sh
+# bachir soussi chiadmi
+#
+# http://www.pontikis.net/blog/debian-9-stretch-rc3-web-server-setup-php7-mariadb
+# http://web-74.com/blog/reseaux/gerer-le-deploiement-facilement-avec-git/
+#
+
+echo -e '\033[35m
+    ____       __    _                _____
+   / __ \___  / /_  (_)___ _____     / ___/___  ______   _____  _____
+  / / / / _ \/ __ \/ / __ `/ __ \    \__ \/ _ \/ ___/ | / / _ \/ ___/
+ / /_/ /  __/ /_/ / / /_/ / / / /   ___/ /  __/ /   | |/ /  __/ /
+/_____/\___/_.___/_/\__,_/_/ /_/   /____/\___/_/    |___/\___/_/
+
+\033[0m'
+echo -e "\033[35;1mThis script has been tested only on Linux Debian 9 \033[0m"
+
+if [ "$EUID" -ne 0 ]; then
+  echo -e "Please run as root"
+  exit
+fi
+
+echo -n "Should we start? [Y|n] "
+read yn
+yn=${yn:-y}
+if [ "$yn" != "y" ]; then
+  echo -e "aborting script!"
+  exit
+fi
+
+# get the current position
+_cwd="$(pwd)"
+
+. bin/upgrade.sh
+. bin/misc.sh
+. bin/firewall.sh
+. bin/fail2ban.sh
+. bin/knockd.sh
+. bin/user.sh
+. bin/email.sh
+
+while [ "$securssh" != "yes" ] && [ "$securssh" != "no" ]
+do
+echo -n "Securing ssh (disabling root login)? [yes|no] "
+read securssh
+# securssh=${securssh:-y}
+done
+if [ "$securssh" = "yes" ]; then
+  . bin/ssh.sh
+else
+  echo -e 'root user can still conect through ssh'
+fi
+
+
+echo -n "Should we install ftp server? [Y|n] "
+read yn
+yn=${yn:-y}
+if [ "$yn" = "y" ]; then
+  . bin/ftp.sh
+else
+  echo -e 'ftp server not installed'
+fi
+
+while [ "$lemp" != "yes" ] && [ "$lemp" != "no" ]
+do
+  echo -n "Should we install lemp ? [yes|no] "
+  read lemp
+done
+if [ "$lemp" = "yes" ]; then
+  . bin/lemp.sh
+else
+  echo -e 'lemp server not installed'
+fi
+
+while [ "$_install_vhost" != "yes" ] && [ "$_install_vhost" != "no" ]
+do
+  echo -n "Should we install a vhost ? [yes|no] "
+  read _install_vhost
+done
+if [ "$_install_vhost" = "yes" ]; then
+  . bin/vhost.sh
+else
+  echo -e 'no vhost installed'
+fi
+
+while [ "$_install_zabbix_agent" != "yes" ] && [ "$_install_zabbix_agent" != "no" ]
+do
+  echo -n "Should we install zabbix-agent ? [yes|no] "
+  read _install_zabbix_agent
+done
+if [ "$_install_zabbix_agent" = "yes" ]; then
+  . bin/zabbix.sh
+else
+  echo -e 'zabbix-agent not installed'
+fi
+
+# urbackup
+
+. bin/dotfiles.sh
+. bin/autoupdate.sh
+
+# echo -e '\033[35m
+#   ______________  _______
+#  /_  __/ ____/  |/  / __ \
+#   / / / __/ / /|_/ / /_/ /
+#  / / / /___/ /  / / ____/
+# /_/ /_____/_/  /_/_/
+# \033[0m'
+# function check_tmp_secured {
+
+#   temp1=`grep -w "/var/tempFS /tmp ext3 loop,nosuid,noexec,rw 0 0" /etc/fstab | wc -l`
+#   temp2=`grep -w "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" /etc/fstab | wc -l`
+
+#   if [ $temp1  -gt 0 ] || [ $temp2 -gt 0 ]; then
+#       return 1
+#   else
+#       return 0
+#   fi
+# } # End function check_tmp_secured
+
+# function secure_tmp_tmpfs {
+
+#   cp /etc/fstab /etc/fstab.bak
+#   # Backup /tmp
+#   cp -Rpf /tmp /tmpbackup
+
+#   rm -rf /tmp
+#   mkdir /tmp
+
+#   mount -t tmpfs -o rw,noexec,nosuid tmpfs /tmp
+#   chmod 1777 /tmp
+#   echo -e "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" >> /etc/fstab
+
+#   # Restore /tmp
+#   cp -Rpf /tmpbackup/* /tmp/ >/dev/null 2>&1
+
+#   #Remove old tmp dir
+#   rm -rf /tmpbackup
+
+#   # Backup /var/tmp and link it to /tmp
+#   mv /var/tmp /var/tmpbackup
+#   ln -s /tmp /var/tmp
+
+#   # Copy the old data back
+#   cp -Rpf /var/tmpold/* /tmp/ >/dev/null 2>&1
+#   # Remove old tmp dir
+#   rm -rf /var/tmpbackup
+
+#   echo -e "\033[35;1m /tmp and /var/tmp secured using tmpfs. \033[0m"
+# } # End function secure_tmp_tmpfs
+
+# check_tmp_secured
+# if [ $? = 0  ]; then
+#     secure_tmp_tmpfs
+# else
+#     echo -e "\033[35;1mFunction canceled. /tmp already secured. \033[0m"
+# fi
+
+# TODO add warning message on ssh connection if system needs updates
+
+# TODO install and configure tmux
+
+
+
+echo -e '\033[35m
+                  __
+  ___  ____  ____/ /
+ / _ \/ __ \/ __  /
+/  __/ / / / /_/ /
+\___/_/ /_/\__,_/
+\033[0m'
+echo -e "\033[35;1m* * script done * * \033[0m"