123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172 |
- #!/bin/sh
- # bachir soussi chiadmi
- #
- # http://www.pontikis.net/blog/debian-9-stretch-rc3-web-server-setup-php7-mariadb
- # http://web-74.com/blog/reseaux/gerer-le-deploiement-facilement-avec-git/
- #
- echo -e '\033[35m
- ____ __ _ _____
- / __ \___ / /_ (_)___ _____ / ___/___ ______ _____ _____
- / / / / _ \/ __ \/ / __ `/ __ \ \__ \/ _ \/ ___/ | / / _ \/ ___/
- / /_/ / __/ /_/ / / /_/ / / / / ___/ / __/ / | |/ / __/ /
- /_____/\___/_.___/_/\__,_/_/ /_/ /____/\___/_/ |___/\___/_/
- \033[0m'
- echo -e "\033[35;1mThis script has been tested only on Linux Debian 9 \033[0m"
- if [ "$EUID" -ne 0 ]; then
- echo -e "Please run as root"
- exit
- fi
- echo -n "Should we start? [Y|n] "
- read yn
- yn=${yn:-y}
- if [ "$yn" != "y" ]; then
- echo -e "aborting script!"
- exit
- fi
- # get the current position
- _cwd="$(pwd)"
- . bin/upgrade.sh
- . bin/misc.sh
- . bin/firewall.sh
- . bin/fail2ban.sh
- . bin/knockd.sh
- . bin/user.sh
- . bin/email.sh
- while [ "$securssh" != "yes" ] && [ "$securssh" != "no" ]
- do
- echo -n "Securing ssh (disabling root login)? [yes|no] "
- read securssh
- # securssh=${securssh:-y}
- done
- if [ "$securssh" = "yes" ]; then
- . bin/ssh.sh
- else
- echo -e 'root user can still conect through ssh'
- fi
- echo -n "Should we install ftp server? [Y|n] "
- read yn
- yn=${yn:-y}
- if [ "$yn" = "y" ]; then
- . bin/ftp.sh
- else
- echo -e 'ftp server not installed'
- fi
- while [ "$lemp" != "yes" ] && [ "$lemp" != "no" ]
- do
- echo -n "Should we install lemp ? [yes|no] "
- read lemp
- done
- if [ "$lemp" = "yes" ]; then
- . bin/lemp.sh
- else
- echo -e 'lemp server not installed'
- fi
- while [ "$_install_vhost" != "yes" ] && [ "$_install_vhost" != "no" ]
- do
- echo -n "Should we install a vhost ? [yes|no] "
- read _install_vhost
- done
- if [ "$_install_vhost" = "yes" ]; then
- . bin/vhost.sh
- else
- echo -e 'no vhost installed'
- fi
- while [ "$_install_zabbix_agent" != "yes" ] && [ "$_install_zabbix_agent" != "no" ]
- do
- echo -n "Should we install zabbix-agent ? [yes|no] "
- read _install_zabbix_agent
- done
- if [ "$_install_zabbix_agent" = "yes" ]; then
- . bin/zabbix.sh
- else
- echo -e 'zabbix-agent not installed'
- fi
- # urbackup
- . bin/dotfiles.sh
- . bin/autoupdate.sh
- # echo -e '\033[35m
- # ______________ _______
- # /_ __/ ____/ |/ / __ \
- # / / / __/ / /|_/ / /_/ /
- # / / / /___/ / / / ____/
- # /_/ /_____/_/ /_/_/
- # \033[0m'
- # function check_tmp_secured {
- # temp1=`grep -w "/var/tempFS /tmp ext3 loop,nosuid,noexec,rw 0 0" /etc/fstab | wc -l`
- # temp2=`grep -w "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" /etc/fstab | wc -l`
- # if [ $temp1 -gt 0 ] || [ $temp2 -gt 0 ]; then
- # return 1
- # else
- # return 0
- # fi
- # } # End function check_tmp_secured
- # function secure_tmp_tmpfs {
- # cp /etc/fstab /etc/fstab.bak
- # # Backup /tmp
- # cp -Rpf /tmp /tmpbackup
- # rm -rf /tmp
- # mkdir /tmp
- # mount -t tmpfs -o rw,noexec,nosuid tmpfs /tmp
- # chmod 1777 /tmp
- # echo -e "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" >> /etc/fstab
- # # Restore /tmp
- # cp -Rpf /tmpbackup/* /tmp/ >/dev/null 2>&1
- # #Remove old tmp dir
- # rm -rf /tmpbackup
- # # Backup /var/tmp and link it to /tmp
- # mv /var/tmp /var/tmpbackup
- # ln -s /tmp /var/tmp
- # # Copy the old data back
- # cp -Rpf /var/tmpold/* /tmp/ >/dev/null 2>&1
- # # Remove old tmp dir
- # rm -rf /var/tmpbackup
- # echo -e "\033[35;1m /tmp and /var/tmp secured using tmpfs. \033[0m"
- # } # End function secure_tmp_tmpfs
- # check_tmp_secured
- # if [ $? = 0 ]; then
- # secure_tmp_tmpfs
- # else
- # echo -e "\033[35;1mFunction canceled. /tmp already secured. \033[0m"
- # fi
- # TODO add warning message on ssh connection if system needs updates
- # TODO install and configure tmux
- echo -e '\033[35m
- __
- ___ ____ ____/ /
- / _ \/ __ \/ __ /
- / __/ / / / /_/ /
- \___/_/ /_/\__,_/
- \033[0m'
- echo -e "\033[35;1m* * script done * * \033[0m"
|