首页 发现 帮助
登录
bachir
/
debian-web-server
1
1
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: 4fbfb64757
分支列表 标签列表
debian-web-s...
/
install-debian-server.sh

install-debian-server.sh 6.1 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195 
  1. #!/bin/sh
    2. 

  2. # bachir soussi chiadmi
    3. 

  3. #
    4. 

  4. # http://www.debian.org/doc/manuals/securing-debian-howto/
    5. 

  5. # https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics
    6. 

  6. # https://www.linode.com/docs/websites/lamp/lamp-server-on-debian-7-wheezy/
    7. 

  7. # http://web-74.com/blog/reseaux/gerer-le-deploiement-facilement-avec-git/
    8. 

  8. #
    9. 

  9. 

  10. echo -e "\033[35;1mThis script has been tested only on Linux Debian 7 \033[0m"
    11. 

  11. echo "Please run this script as root"
    12. 

  12. 

  13. echo -n "Should we start? [Y:n]"
    14. 

  14. read st
    15. 

  15. st=${st:-y}
    16. 

  16. if [start != 'y']; then
    17. 

  17.   exit
    18. 

  18. fi
    19. 

  19. 

  20. echo "* * *"
    21. 

  21. 

  22. exit
    23. 

  23. 

  24. apt-get update
    25. 

  25. apt-get upgrade
    26. 

  26. 

  27. # get the current position
    28. 

  28. _cwd="$(pwd)"
    29. 

  29. 

  30. echo -e "\033[35;1mInstalling harden \033[0m"
    31. 

  31. sleep 5
    32. 

  32. apt-get install harden
    33. 

  33. echo "Harden instaled"
    34. 

  34. echo "* * *"
    35. 

  35. 

  36. echo -e "\033[35;1mInstalling ufw and setup firewall (allowing only ssh and http) \033[0m"
    37. 

  37. sleep 5
    38. 

  38. apt-get install ufw
    39. 

  39. ufw allow ssh
    40. 

  40. ufw allow http
    41. 

  41. ufw enable
    42. 

  42. ufw status verbose
    43. 

  43. echo "ufw installed and firwall configured"
    44. 

  44. echo "* * *"
    45. 

  45. 

  46. echo -e "\033[35;1mCreate new user (you will be asked a user name and a password) \033[0m"
    47. 

  47. sleep 5
    48. 

  48. read -p "Enter user name: " user
    49. 

  49. # read -p "Continue? (Y/N): " confirm && [[ $confirm == [yY] || $confirm == [yY][eE][sS] ]] || exit 1
    50. 

  50. adduser "$user"
    51. 

  51. echo "adding $user to admin group and limiting su to the admin group"
    52. 

  52. groupadd admin
    53. 

  53. usermod -a -G admin "$user"
    54. 

  54. dpkg-statoverride --update --add root admin 4750 /bin/su
    55. 

  55. echo "user $user configured"
    56. 

  56. echo "* * *"
    57. 

  57. 

  58. read -e -p "Securing ssh (disabling root login) [Y:n]" -i "y" securssh
    59. 

  59. if [$securssh = 'y']; then
    60. 

  60.   sed -i 's/PermitRootLogin\ yes/PermitRootLogin no/g' /etc/ssh/sshd_config
    61. 

  61.   sed -i 's/PermitEmptyPasswords\ yes/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
    62. 

  62.   sed -i 's/Protocol\ [0-9]/Protocol 2/g' /etc/ssh/sshd_config
    63. 

  63.   echo "SSH secured"
    64. 

  64. else
    65. 

  65.   echo 'root user can stile coonect through ssh'
    66. 

  66. fi
    67. 

  67. echo "* * *"
    68. 

  68. 

  69. echo -e "\033[35;1mInstalling AMP web server \033[0m"
    70. 

  70. echo -e "\033[35;1mInstalling Apache2 \033[0m"
    71. 

  71. sleep 5
    72. 

  72. apt-get install apache2
    73. 

  73. a2enmod rewrite
    74. 

  74. service apache2 restart
    75. 

  75. echo "Apache2 installed"
    76. 

  76. echo "* * *"
    77. 

  77. 

  78. echo -e "\033[35;1minstalling Mysql \033[0m"
    79. 

  79. sleep 5
    80. 

  80. apt-get install mysql-server
    81. 

  81. mysql_secure_installation
    82. 

  82. echo "mysql installed"
    83. 

  83. echo "* * *"
    84. 

  84. 

  85. echo -e "\033[35;1mInstalling PHP \033[0m"
    86. 

  86. sleep 5
    87. 

  87. apt-get install php5 php-pear php5-gd
    88. 

  88. echo "Configuring PHP"
    89. 

  89. cp /etc/php5/apache2/php.ini /etc/php5/apache2/php.ini.back
    90. 

  90. sed -i "s/max_execution_time\ =\ [0-9]\+/max_execution_time = 60/g" /etc/php5/apache2/php.ini
    91. 

  91. sed -i "s/max_input_time\ =\ [0-9]\+/max_input_time = 60/g" /etc/php5/apache2/php.ini
    92. 

  92. sed -i "s/memory_limit\ =\ [0-9]\+M/memory_limit = 512M/g" /etc/php5/apache2/php.ini
    93. 

  93. sed -i "s/;\?error_reporting\ =\ [^\n]\+/error_reporting = E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR/g" /etc/php5/apache2/php.ini
    94. 

  94. sed -i "s/;\?display_errors\ =\ On/display_errors = Off/g" /etc/php5/apache2/php.ini
    95. 

  95. sed -i "s/;\?log_errors\ =\ Off/log_errors = On/g" /etc/php5/apache2/php.ini
    96. 

  96. # following command doesn't work, make teh change manualy
    97. 

  97. #sed -ri ":a;$!{N;ba};s/;\?\ \?error_log\ =\ [^\n]\+([^\n]*\n(\n|$))/error_log = \/var\/log\/php\/error.log\1/g" /etc/php5/apache2/php.ini
    98. 

  98. echo "register_globals = Off" >> /etc/php5/apache2/php.ini
    99. 

  99. 

  100. mkdir /var/log/php
    101. 

  101. chown www-data /var/log/php
    102. 

  102. 

  103. apt-get install php5-mysql
    104. 

  104. echo "php installed"
    105. 

  105. echo "* * *"
    106. 

  106. 

  107. echo -e "\033[35;1mInstalling Awstat \033[0m"
    108. 

  108. sleep 5
    109. 

  109. apt-get install awstats
    110. 

  110. echo "Awstat installed"
    111. 

  111. echo "* * *"
    112. 

  112. 

  113. read -e -p "Should we install a vhost? [Y:n]" vh
    114. 

  114. if [ $vh = "y"]; then
    115. 

  115.   read -p "hostname ? " _host_name
    116. 

  116.   cp "$_cwd"/assets/example.org.conf /etc/apache2/sites-available/"$_host_name".conf
    117. 

  117.   sed -ir "s/example\.org/$_host_name/g" /etc/apache2/sites-available/"$_host_name".conf
    118. 

  118. 

  119.   mkdir -p /srv/www/"$_host_name"/public_html
    120. 

  120.   mkdir /srv/www/"$_host_name"/logs
    121. 

  121.   #set proper right to user will handle the app
    122. 

  122.   chown -R root:admin  /srv/www/"$_host_name"/
    123. 

  123.   chmod -R g+w /srv/www/"$_host_name"/
    124. 

  124.   chmod -R g+r /srv/www/"$_host_name"/
    125. 

  125. 

  126.   # create a shortcut to the site
    127. 

  127.   mkdir /home/"$user"/www/
    128. 

  128.   chown "$user":admin /home/"$user"/www/
    129. 

  129.   ln -s /srv/www/"$_host_name" /home/"$user"/www/"$_host_name"
    130. 

  130. 

  131.   #activate the vhost
    132. 

  132.   a2ensite "$_host_name".conf
    133. 

  133. 

  134.   #restart apache
    135. 

  135.   service apache2 restart
    136. 

  136.   echo "vhost $_host_name configured"
    137. 

  137. else
    138. 

  138.   echo "Vhost installation aborted"
    139. 

  139. fi
    140. 

  140. echo "* * *"
    141. 

  141. 

  142. #installing better prompt and some goodies for root
    143. 

  143. echo -e "\033[35;1mInstalling shell prompt for root \033[0m"
    144. 

  144. sleep 5
    145. 

  145. git clone git://github.com/bachy/dotfiles-server.git ~/.dotfiles-server && cd ~/.dotfiles-server && ./install.sh && cd -
    146. 

  146. source ~/.bashrc
    147. 

  147. echo "done"
    148. 

  148. echo "* * *"
    149. 

  149. 

  150. #    __  _______ __________
    151. 

  151. #   / / / / ___// ____/ __ \
    152. 

  152. #  / / / /\__ \/ __/ / /_/ /
    153. 

  153. # / /_/ /___/ / /___/ _, _/
    154. 

  154. # \____//____/_____/_/ |_|
    155. 

  155. 

  156. # setup user environment
    157. 

  157. echo -e "\033[35;1mInstalling shell prompt for $user \033[0m"
    158. 

  158. sleep 5
    159. 

  159. cd ~
    160. 

  160. git clone git://github.com/bachy/dotfiles-server.git ~/.dotfiles-server && cd ~/.dotfiles-server && ./install.sh && cd -
    161. 

  161. cd ~
    162. 

  162. source .bashrc
    163. 

  163. echo "done"
    164. 

  164. echo "* * *"
    165. 

  165. 

  166. # setup bare repositorie to push to
    167. 

  167. echo -e "\033[35;1msetup git repositories for $_host_name \033[0m"
    168. 

  168. sleep 5
    169. 

  169. mkdir ~/git-repositories
    170. 

  170. mkdir ~/git-repositories/"$_host_name".git
    171. 

  171. cd ~/git-repositories/"$_host_name".git
    172. 

  172. git init --bare
    173. 

  173. 

  174. # setup git repo on site folder
    175. 

  175. cd /srv/www/"$_host_name"/public_html/
    176. 

  176. git init
    177. 

  177. # link to the bare repo
    178. 

  178. git remote add origin ~/git-repositories/"$_host_name".git
    179. 

  179. 

  180. # create hooks that will update the site repo
    181. 

  181. cd ~
    182. 

  182. cp "$_cwd"/assets/git-pre-receive ~/git-repositories/"$_host_name".git/hooks/pre-receive
    183. 

  183. cp "$_cwd"/assets/git-post-receive ~/git-repositories/"$_host_name".git/hooks/post-receive
    184. 

  184. 

  185. sed -ir "s/PRODDIR=\"www\"/PRODDIR=\/srv\/www\/$_host_name\/public_html/g" ~/git-repositories/"$_host_name".git/hooks/pre-receive
    186. 

  186. sed -ir "s/PRODDIR=\"www\"/PRODDIR=\/srv\/www\/$_host_name\/public_html/g" ~/git-repositories/"$_host_name".git/hooks/post-receive
    187. 

  187. 

  188. cd ~/git-repositories/"$_host_name".git/hooks/
    189. 

  189. chmod +x post-receive pre-receive
    190. 

  190. 

  191. # done
    192. 

  192. echo "git repos for $_host_name install succeed"
    193. 

  193. echo "your site stay now to ~/www/$_host_name"
    194. 

  194. echo "you can push updates on prod branch through $user@IP.IP.IP.IP:git-repositories/$_host_name.git"
    195. 

  195. echo "* * *"
    196.