install.sh 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172
  1. #!/bin/sh
  2. # bachir soussi chiadmi
  3. #
  4. # http://www.pontikis.net/blog/debian-9-stretch-rc3-web-server-setup-php7-mariadb
  5. # http://web-74.com/blog/reseaux/gerer-le-deploiement-facilement-avec-git/
  6. #
  7. echo -e '\033[35m
  8. ____ __ _ _____
  9. / __ \___ / /_ (_)___ _____ / ___/___ ______ _____ _____
  10. / / / / _ \/ __ \/ / __ `/ __ \ \__ \/ _ \/ ___/ | / / _ \/ ___/
  11. / /_/ / __/ /_/ / / /_/ / / / / ___/ / __/ / | |/ / __/ /
  12. /_____/\___/_.___/_/\__,_/_/ /_/ /____/\___/_/ |___/\___/_/
  13. \033[0m'
  14. echo -e "\033[35;1mThis script has been tested only on Linux Debian 9 \033[0m"
  15. if [ "$EUID" -ne 0 ]; then
  16. echo -e "Please run as root"
  17. exit
  18. fi
  19. echo -n "Should we start? [Y|n] "
  20. read yn
  21. yn=${yn:-y}
  22. if [ "$yn" != "y" ]; then
  23. echo -e "aborting script!"
  24. exit
  25. fi
  26. # get the current position
  27. _cwd="$(pwd)"
  28. . bin/upgrade.sh
  29. . bin/misc.sh
  30. . bin/firewall.sh
  31. . bin/fail2ban.sh
  32. . bin/knockd.sh
  33. . bin/user.sh
  34. . bin/email.sh
  35. while [ "$securssh" != "yes" ] && [ "$securssh" != "no" ]
  36. do
  37. echo -n "Securing ssh (disabling root login)? [yes|no] "
  38. read securssh
  39. # securssh=${securssh:-y}
  40. done
  41. if [ "$securssh" = "yes" ]; then
  42. . bin/ssh.sh
  43. else
  44. echo -e 'root user can still conect through ssh'
  45. fi
  46. echo -n "Should we install ftp server? [Y|n] "
  47. read yn
  48. yn=${yn:-y}
  49. if [ "$yn" = "y" ]; then
  50. . bin/ftp.sh
  51. else
  52. echo -e 'ftp server not installed'
  53. fi
  54. while [ "$lemp" != "yes" ] && [ "$lemp" != "no" ]
  55. do
  56. echo -n "Should we install lemp ? [yes|no] "
  57. read lemp
  58. done
  59. if [ "$lemp" = "yes" ]; then
  60. . bin/lemp.sh
  61. else
  62. echo -e 'lemp server not installed'
  63. fi
  64. while [ "$_install_vhost" != "yes" ] && [ "$_install_vhost" != "no" ]
  65. do
  66. echo -n "Should we install a vhost ? [yes|no] "
  67. read _install_vhost
  68. done
  69. if [ "$_install_vhost" = "yes" ]; then
  70. . bin/vhost.sh
  71. else
  72. echo -e 'no vhost installed'
  73. fi
  74. while [ "$_install_zabbix_agent" != "yes" ] && [ "$_install_zabbix_agent" != "no" ]
  75. do
  76. echo -n "Should we install zabbix-agent ? [yes|no] "
  77. read _install_zabbix_agent
  78. done
  79. if [ "$_install_zabbix_agent" = "yes" ]; then
  80. . bin/zabbix.sh
  81. else
  82. echo -e 'zabbix-agent not installed'
  83. fi
  84. # urbackup
  85. . bin/dotfiles.sh
  86. . bin/autoupdate.sh
  87. # echo -e '\033[35m
  88. # ______________ _______
  89. # /_ __/ ____/ |/ / __ \
  90. # / / / __/ / /|_/ / /_/ /
  91. # / / / /___/ / / / ____/
  92. # /_/ /_____/_/ /_/_/
  93. # \033[0m'
  94. # function check_tmp_secured {
  95. # temp1=`grep -w "/var/tempFS /tmp ext3 loop,nosuid,noexec,rw 0 0" /etc/fstab | wc -l`
  96. # temp2=`grep -w "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" /etc/fstab | wc -l`
  97. # if [ $temp1 -gt 0 ] || [ $temp2 -gt 0 ]; then
  98. # return 1
  99. # else
  100. # return 0
  101. # fi
  102. # } # End function check_tmp_secured
  103. # function secure_tmp_tmpfs {
  104. # cp /etc/fstab /etc/fstab.bak
  105. # # Backup /tmp
  106. # cp -Rpf /tmp /tmpbackup
  107. # rm -rf /tmp
  108. # mkdir /tmp
  109. # mount -t tmpfs -o rw,noexec,nosuid tmpfs /tmp
  110. # chmod 1777 /tmp
  111. # echo -e "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" >> /etc/fstab
  112. # # Restore /tmp
  113. # cp -Rpf /tmpbackup/* /tmp/ >/dev/null 2>&1
  114. # #Remove old tmp dir
  115. # rm -rf /tmpbackup
  116. # # Backup /var/tmp and link it to /tmp
  117. # mv /var/tmp /var/tmpbackup
  118. # ln -s /tmp /var/tmp
  119. # # Copy the old data back
  120. # cp -Rpf /var/tmpold/* /tmp/ >/dev/null 2>&1
  121. # # Remove old tmp dir
  122. # rm -rf /var/tmpbackup
  123. # echo -e "\033[35;1m /tmp and /var/tmp secured using tmpfs. \033[0m"
  124. # } # End function secure_tmp_tmpfs
  125. # check_tmp_secured
  126. # if [ $? = 0 ]; then
  127. # secure_tmp_tmpfs
  128. # else
  129. # echo -e "\033[35;1mFunction canceled. /tmp already secured. \033[0m"
  130. # fi
  131. # TODO add warning message on ssh connection if system needs updates
  132. # TODO install and configure tmux
  133. echo -e '\033[35m
  134. __
  135. ___ ____ ____/ /
  136. / _ \/ __ \/ __ /
  137. / __/ / / / /_/ /
  138. \___/_/ /_/\__,_/
  139. \033[0m'
  140. echo -e "\033[35;1m* * script done * * \033[0m"