debian-web-server/install.sh

#!/bin/sh
# bachir soussi chiadmi
#
# http://www.pontikis.net/blog/debian-9-stretch-rc3-web-server-setup-php7-mariadb
# http://web-74.com/blog/reseaux/gerer-le-deploiement-facilement-avec-git/
#

echo -e '\033[35m
    ____       __    _                _____
   / __ \___  / /_  (_)___ _____     / ___/___  ______   _____  _____
  / / / / _ \/ __ \/ / __ `/ __ \    \__ \/ _ \/ ___/ | / / _ \/ ___/
 / /_/ /  __/ /_/ / / /_/ / / / /   ___/ /  __/ /   | |/ /  __/ /
/_____/\___/_.___/_/\__,_/_/ /_/   /____/\___/_/    |___/\___/_/

\033[0m'
echo -e "\033[35;1mThis script has been tested only on Linux Debian 9 \033[0m"

if [ "$EUID" -ne 0 ]; then
  echo -e "Please run as root"
  exit
fi

echo -n "Should we start? [Y|n] "
read yn
yn=${yn:-y}
if [ "$yn" != "y" ]; then
  echo -e "aborting script!"
  exit
fi

# get the current position
_cwd="$(pwd)"

. bin/upgrade.sh
. bin/misc.sh
. bin/firewall.sh
. bin/fail2ban.sh
. bin/knockd.sh
. bin/user.sh
. bin/email.sh

while [ "$securssh" != "yes" ] && [ "$securssh" != "no" ]
do
echo -n "Securing ssh (disabling root login)? [yes|no] "
read securssh
# securssh=${securssh:-y}
done
if [ "$securssh" = "yes" ]; then
  . bin/ssh.sh
else
  echo -e 'root user can still conect through ssh'
fi


echo -n "Should we install ftp server? [Y|n] "
read yn
yn=${yn:-y}
if [ "$yn" = "y" ]; then
  . bin/ftp.sh
else
  echo -e 'ftp server not installed'
fi

while [ "$lemp" != "yes" ] && [ "$lemp" != "no" ]
do
  echo -n "Should we install lemp ? [yes|no] "
  read lemp
done
if [ "$lemp" = "yes" ]; then
  . bin/lemp.sh
else
  echo -e 'lemp server not installed'
fi

while [ "$_install_vhost" != "yes" ] && [ "$_install_vhost" != "no" ]
do
  echo -n "Should we install a vhost ? [yes|no] "
  read _install_vhost
done
if [ "$_install_vhost" = "yes" ]; then
  . bin/vhost.sh
else
  echo -e 'no vhost installed'
fi

while [ "$_install_zabbix_agent" != "yes" ] && [ "$_install_zabbix_agent" != "no" ]
do
  echo -n "Should we install zabbix-agent ? [yes|no] "
  read _install_zabbix_agent
done
if [ "$_install_zabbix_agent" = "yes" ]; then
  . bin/zabbix.sh
else
  echo -e 'zabbix-agent not installed'
fi

# urbackup

. bin/dotfiles.sh
. bin/autoupdate.sh

# echo -e '\033[35m
#   ______________  _______
#  /_  __/ ____/  |/  / __ \
#   / / / __/ / /|_/ / /_/ /
#  / / / /___/ /  / / ____/
# /_/ /_____/_/  /_/_/
# \033[0m'
# function check_tmp_secured {

#   temp1=`grep -w "/var/tempFS /tmp ext3 loop,nosuid,noexec,rw 0 0" /etc/fstab | wc -l`
#   temp2=`grep -w "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" /etc/fstab | wc -l`

#   if [ $temp1  -gt 0 ] || [ $temp2 -gt 0 ]; then
#       return 1
#   else
#       return 0
#   fi
# } # End function check_tmp_secured

# function secure_tmp_tmpfs {

#   cp /etc/fstab /etc/fstab.bak
#   # Backup /tmp
#   cp -Rpf /tmp /tmpbackup

#   rm -rf /tmp
#   mkdir /tmp

#   mount -t tmpfs -o rw,noexec,nosuid tmpfs /tmp
#   chmod 1777 /tmp
#   echo -e "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" >> /etc/fstab

#   # Restore /tmp
#   cp -Rpf /tmpbackup/* /tmp/ >/dev/null 2>&1

#   #Remove old tmp dir
#   rm -rf /tmpbackup

#   # Backup /var/tmp and link it to /tmp
#   mv /var/tmp /var/tmpbackup
#   ln -s /tmp /var/tmp

#   # Copy the old data back
#   cp -Rpf /var/tmpold/* /tmp/ >/dev/null 2>&1
#   # Remove old tmp dir
#   rm -rf /var/tmpbackup

#   echo -e "\033[35;1m /tmp and /var/tmp secured using tmpfs. \033[0m"
# } # End function secure_tmp_tmpfs

# check_tmp_secured
# if [ $? = 0  ]; then
#     secure_tmp_tmpfs
# else
#     echo -e "\033[35;1mFunction canceled. /tmp already secured. \033[0m"
# fi

# TODO add warning message on ssh connection if system needs updates

# TODO install and configure tmux



echo -e '\033[35m
                  __
  ___  ____  ____/ /
 / _ \/ __ \/ __  /
/  __/ / / / /_/ /
\___/_/ /_/\__,_/
\033[0m'
echo -e "\033[35;1m* * script done * * \033[0m"