install-debian-server.sh 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604
  1. #!/bin/sh
  2. # bachir soussi chiadmi
  3. #
  4. # http://www.debian.org/doc/manuals/securing-debian-howto/
  5. # https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics
  6. # https://www.linode.com/docs/websites/lamp/lamp-server-on-debian-7-wheezy/
  7. # http://web-74.com/blog/reseaux/gerer-le-deploiement-facilement-avec-git/
  8. #
  9. echo '\033[35m
  10. ____ __ _ _____
  11. / __ \___ / /_ (_)___ _____ / ___/___ ______ _____ _____
  12. / / / / _ \/ __ \/ / __ `/ __ \ \__ \/ _ \/ ___/ | / / _ \/ ___/
  13. / /_/ / __/ /_/ / / /_/ / / / / ___/ / __/ / | |/ / __/ /
  14. /_____/\___/_.___/_/\__,_/_/ /_/ /____/\___/_/ |___/\___/_/
  15. \033[0m'
  16. echo "\033[35;1mThis script has been tested only on Linux Debian 7 \033[0m"
  17. echo "Please run this script as root"
  18. echo -n "Should we start? [Y|n] "
  19. read yn
  20. yn=${yn:-y}
  21. if [ "$yn" != "y" ]; then
  22. echo "aborting script!"
  23. exit
  24. fi
  25. # get the current position
  26. _cwd="$(pwd)"
  27. echo '\033[35m
  28. __ ______ __________ ___ ____ ______
  29. / / / / __ \/ ____/ __ \/ | / __ \/ ____/
  30. / / / / /_/ / / __/ /_/ / /| | / / / / __/
  31. / /_/ / ____/ /_/ / _, _/ ___ |/ /_/ / /___
  32. \____/_/ \____/_/ |_/_/ |_/_____/_____/
  33. \033[0m'
  34. apt-get update
  35. apt-get upgrade
  36. echo '\033[35m
  37. __ ____
  38. / |/ (_)_________
  39. / /|_/ / / ___/ ___/
  40. / / / / (__ ) /__
  41. /_/ /_/_/____/\___/
  42. \033[0m'
  43. apt-get install vim
  44. echo '\033[35m
  45. __ _____ ____ ____ _______ __
  46. / / / / | / __ \/ __ \/ ____/ | / /
  47. / /_/ / /| | / /_/ / / / / __/ / |/ /
  48. / __ / ___ |/ _, _/ /_/ / /___/ /| /
  49. /_/ /_/_/ |_/_/ |_/_____/_____/_/ |_/
  50. \033[0m'
  51. echo "\033[35;1mInstalling harden \033[0m"
  52. sleep 3
  53. apt-get install harden
  54. echo "\033[92;1mHarden instaled\033[Om"
  55. echo '\033[35m
  56. ______________ _______ _____ __ __
  57. / ____/ _/ __ \/ ____/ | / / | / / / /
  58. / /_ / // /_/ / __/ | | /| / / /| | / / / /
  59. / __/ _/ // _, _/ /___ | |/ |/ / ___ |/ /___/ /___
  60. /_/ /___/_/ |_/_____/ |__/|__/_/ |_/_____/_____/
  61. \033[0m'
  62. echo "\033[35;1mInstalling ufw and setup firewall (allowing only ssh and http) \033[0m"
  63. sleep 3
  64. apt-get install ufw
  65. ufw allow ssh
  66. ufw allow http
  67. ufw enable
  68. ufw status verbose
  69. echo "\033[92;1mufw installed and firwall configured\033[Om"
  70. echo '\033[35m
  71. ______ _ _____ __
  72. / ____/___ _(_) /__ \ / /_ ____ _____
  73. / /_ / __ `/ / /__/ // __ \/ __ `/ __ \
  74. / __/ / /_/ / / // __// /_/ / /_/ / / / /
  75. /_/ \__,_/_/_//____/_.___/\__,_/_/ /_/
  76. \033[0m'
  77. echo "\033[35;1mInstalling fall2ban \033[0m"
  78. apt-get install fail2ban
  79. cat "$_cwd"/assets/fail2ban.jail.conf > /etc/fail2ban/jail.conf
  80. service fail2ban restart
  81. echo "\033[92;1mfail2ban installed and configured\033[Om"
  82. echo '\033[35m
  83. __ __ __
  84. / /______ ____ _____/ /______/ /
  85. / //_/ __ \/ __ \/ ___/ //_/ __ /
  86. / ,< / / / / /_/ / /__/ ,< / /_/ /
  87. /_/|_/_/ /_/\____/\___/_/|_|\__,_/
  88. \033[0m'
  89. echo "\033[35;1mInstalling knockd \033[0m"
  90. sleep 3
  91. apt-get install knockd
  92. echo -n "define a sequence number for opening (as 7000,8000,9000) : "
  93. read sq1
  94. echo -n "define a sequence number for closing (as 9000,8000,7000) : "
  95. read sq2
  96. sed -i "s/7000,8000,9000/$sq1/g" /etc/knockd.conf
  97. sed -i "s/9000,8000,7000/$sq2/g" /etc/knockd.conf
  98. sed -i 's/START_KNOCKD=0/START_KNOCKD=1/g' /etc/default/knockd
  99. echo "\033[92;1mknockd installed and configured\033[Om"
  100. echo "\033[92;1mplease note these sequences for future knocking\033[Om"
  101. echo "opening : $sq1 ; closing : $sq2"
  102. echo '\033[35m
  103. __ _______ __________
  104. / / / / ___// ____/ __ \
  105. / / / /\__ \/ __/ / /_/ /
  106. / /_/ /___/ / /___/ _, _/
  107. \____//____/_____/_/ |_|
  108. \033[0m'
  109. echo "\033[35;1mCreate new user (you will be asked a user name and a password) \033[0m"
  110. sleep 3
  111. echo -n "Enter user name: "
  112. read user
  113. # read -p "Continue? (Y/N): " confirm && [[ $confirm == [yY] || $confirm == [yY][eE][sS] ]] || exit 1
  114. adduser "$user"
  115. echo "adding $user to admin group and limiting su to the admin group"
  116. groupadd admin
  117. usermod -a -G admin "$user"
  118. dpkg-statoverride --update --add root admin 4750 /bin/su
  119. echo "\033[92;1muser $user configured\033[Om"
  120. echo '\033[35m
  121. __ ______ ______
  122. / |/ / | / _/ /
  123. / /|_/ / /| | / // /
  124. / / / / ___ |_/ // /___
  125. /_/ /_/_/ |_/___/_____/
  126. \033[0m'
  127. echo "\033[35;1mEnable mail sending for php \033[0m"
  128. # http://www.sycha.com/lamp-setup-debian-linux-apache-mysql-php#anchor13
  129. sleep 3
  130. dpkg-reconfigure exim4-config
  131. service exim4 restart
  132. # dkim spf
  133. # https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4
  134. echo "\033[35;1mConfiguring DKIM \033[0m"
  135. while [ "$installdkim" != "y" ] && [ "$installdkim" != "n" ]
  136. do
  137. echo -n "Should we install dkim for exim4 ? [y|n] "
  138. read installdkim
  139. done
  140. if [ "$installdkim" = "y" ]; then
  141. echo -n "Choose a domain for dkim: "
  142. read domain
  143. selector=$(date +%Y%m%d)
  144. mkdir /etc/exim4/dkim
  145. openssl genrsa -out /etc/exim4/dkim/"$domain"-private.pem 1024 -outform PEM
  146. openssl rsa -in /etc/exim4/dkim/"$domain"-private.pem -out /etc/exim4/dkim/"$domain".pem -pubout -outform PEM
  147. chown root:Debian-exim /etc/exim4/dkim/"$domain"-private.pem
  148. chmod 440 /etc/exim4/dkim/"$domain"-private.pem
  149. cp "$_cwd"/assets/exima4_dkim.conf /etc/exim4/conf.d/main/00_local_macros
  150. sed -ir "s/DOMAIN_TO_CHANGE/$domain/g" /etc/exim4/conf.d/main/00_local_macros
  151. sed -ir "s/DATE_TO_CHANGE/$selector/g" /etc/exim4/conf.d/main/00_local_macros
  152. update-exim4.conf
  153. service exim4 restart
  154. echo "please create a TXT entry in your dns zone : $selector._domainkey.$domain \n"
  155. echo "your public key is : \n"
  156. cat /etc/exim4/dkim/"$domain".pem
  157. echo "press any key to continue."
  158. read continu
  159. else
  160. echo 'dkim not installed'
  161. fi
  162. echo '\033[35m
  163. __________ __ __
  164. / ___/ ___// / / /
  165. \__ \\__ \/ /_/ /
  166. ___/ /__/ / __ /
  167. /____/____/_/ /_/
  168. \033[0m'
  169. while [ "$securssh" != "y" ] && [ "$securssh" != "n" ]
  170. do
  171. echo -n "Securing ssh (disabling root login)? [y|n] "
  172. read securssh
  173. # securssh=${securssh:-y}
  174. done
  175. if [ "$securssh" = "y" ]; then
  176. sed -i 's/PermitRootLogin\ yes/PermitRootLogin no/g' /etc/ssh/sshd_config
  177. sed -i 's/PermitEmptyPasswords\ yes/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
  178. sed -i 's/Protocol\ [0-9]/Protocol 2/g' /etc/ssh/sshd_config
  179. service ssh reload
  180. echo "\033[92;1mSSH secured\033[Om"
  181. else
  182. echo 'root user can still conect through ssh'
  183. fi
  184. echo '\033[35m
  185. ______ _______ _____
  186. | ____|__ __| __ \
  187. | |__ | | | |__) |
  188. | __| | | | ___/
  189. | | | | | |
  190. |_| |_| |_|
  191. \033[0m'
  192. echo -n "Should we install ftp server? [Y|n] "
  193. read yn
  194. yn=${yn:-y}
  195. if [ "$yn" != "y" ]; then
  196. echo "installing proftpd"
  197. apt-get install proftpd
  198. while [ "$_server_name" = "" ]
  199. do
  200. read -p "enter a server name ? " _server_name
  201. if [ "$_server_name" != "" ]; then
  202. read -p "is server name $_server_name correcte [y|n] " validated
  203. if [ "$validated" = "y" ]; then
  204. break
  205. else
  206. _server_name=""
  207. fi
  208. fi
  209. done
  210. echo "Configuring proftpd"
  211. cp "$_cwd"/assets/proftpd.conf /etc/proftpd/conf.d/"$_server_name".conf
  212. sed -ir "s/example/$_server_name/g" /etc/proftpd/conf.d/"$_server_name".conf
  213. ufw allow ftp
  214. addgroup ftpuser
  215. echo "ftp installtion done"
  216. echo "to permit to a user to connect through ftp, add him to the ftpuser group"
  217. echo "FTP users are jailed on their home by default"
  218. fi
  219. # TODO : allow ssh/ftp connection only from given ips
  220. echo "\033[35;1mInstalling AMP web server \033[0m"
  221. echo '\033[35m
  222. ___ __ ___
  223. / | ____ ____ ______/ /_ ___ |__ \
  224. / /| | / __ \/ __ `/ ___/ __ \/ _ \__/ /
  225. / ___ |/ /_/ / /_/ / /__/ / / / __/ __/
  226. /_/ |_/ .___/\__,_/\___/_/ /_/\___/____/
  227. /_/
  228. \033[0m'
  229. echo "\033[35;1mInstalling Apache2 \033[0m"
  230. sleep 3
  231. apt-get install apache2
  232. a2enmod rewrite
  233. cat "$_cwd"/assets/apache2.conf > /etc/apache2/apache2.conf
  234. # Change logrotate for Apache2 log files to keep 10 days worth of logs
  235. sed -i 's/\tweekly/\tdaily/' /etc/logrotate.d/apache2
  236. sed -i 's/\trotate .*/\trotate 10/' /etc/logrotate.d/apache2
  237. # Remove Apache server information from headers.
  238. sed -i 's/ServerTokens .*/ServerTokens Prod/' /etc/apache2/conf.d/security
  239. sed -i 's/ServerSignature .*/ServerSignature Off/' /etc/apache2/conf.d/security
  240. service apache2 restart
  241. echo "\033[92;1mApache2 installed\033[Om"
  242. echo '\033[35m
  243. __ ___ __
  244. / |/ /_ ___________ _/ /
  245. / /|_/ / / / / ___/ __ `/ /
  246. / / / / /_/ (__ ) /_/ / /
  247. /_/ /_/\__, /____/\__, /_/
  248. /____/ /_/
  249. \033[0m'
  250. echo "\033[35;1minstalling Mysql \033[0m"
  251. sleep 3
  252. apt-get install mysql-server
  253. mysql_secure_installation
  254. echo "\033[92;1mmysql installed\033[Om"
  255. echo '\033[35m
  256. ____ __ ______
  257. / __ \/ / / / __ \
  258. / /_/ / /_/ / /_/ /
  259. / ____/ __ / ____/
  260. /_/ /_/ /_/_/
  261. \033[0m'
  262. echo "\033[35;1mInstalling PHP \033[0m"
  263. sleep 3
  264. apt-get install php5 php-pear php5-gd
  265. echo "Configuring PHP"
  266. cp /etc/php5/apache2/php.ini /etc/php5/apache2/php.ini.back
  267. sed -i "s/max_execution_time\ =\ [0-9]\+/max_execution_time = 60/g" /etc/php5/apache2/php.ini
  268. sed -i "s/max_input_time\ =\ [0-9]\+/max_input_time = 60/g" /etc/php5/apache2/php.ini
  269. sed -i "s/memory_limit\ =\ [0-9]\+M/memory_limit = 512M/g" /etc/php5/apache2/php.ini
  270. sed -i "s/;\?error_reporting\ =\ [^\n]\+/error_reporting = E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR/g" /etc/php5/apache2/php.ini
  271. sed -i "s/;\?display_errors\ =\ On/display_errors = Off/g" /etc/php5/apache2/php.ini
  272. sed -i "s/;\?log_errors\ =\ Off/log_errors = On/g" /etc/php5/apache2/php.ini
  273. # following command doesn't work, make teh change manualy
  274. #sed -ri ":a;$!{N;ba};s/;\?\ \?error_log\ =\ [^\n]\+([^\n]*\n(\n|$))/error_log = \/var\/log\/php\/error.log\1/g" /etc/php5/apache2/php.ini
  275. echo "register_globals = Off" >> /etc/php5/apache2/php.ini
  276. mkdir /var/log/php
  277. chown www-data /var/log/php
  278. apt-get install php5-mysql
  279. echo "\033[92;1mphp installed\033[Om"
  280. echo '\033[35m
  281. __ __ ___ ___ __ _
  282. ____ / /_ ____ / |/ /_ __/ | ____/ /___ ___ (_)___
  283. / __ \/ __ \/ __ \/ /|_/ / / / / /| |/ __ / __ `__ \/ / __ \
  284. / /_/ / / / / /_/ / / / / /_/ / ___ / /_/ / / / / / / / / / /
  285. / .___/_/ /_/ .___/_/ /_/\__, /_/ |_\__,_/_/ /_/ /_/_/_/ /_/
  286. /_/ /_/ /____/
  287. \033[0m'
  288. echo "\033[35;1mInstalling phpMyAdmin \033[0m"
  289. apt-get install phpmyadmin
  290. # echo "include /etc/phpmyadmin/apache.conf" >> /etc/apache2/apache2.conf
  291. ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin.conf
  292. echo "\033[35;1msecuring phpMyAdmin \033[0m"
  293. sed -i "s/DirectoryIndex index.php/DirectoryIndex index.php\nAllowOverride all/"
  294. cp "$_cwd"/assets/phpmyadmin_htaccess > /usr/share/phpmyadmin/.htaccess
  295. echo -n "define a user name for phpmyadmin : "
  296. read un
  297. htpasswd -c /etc/phpmyadmin/.htpasswd $un
  298. service apache2 restart
  299. echo "\033[92;1mphpMyAdmin installed\033[Om"
  300. echo "\033[92;1mYou can access it at yourip/phpmyadmin\033[Om"
  301. echo '\033[35m
  302. __ __
  303. _ __/ /_ ____ _____/ /_
  304. | | / / __ \/ __ \/ ___/ __/
  305. | |/ / / / / /_/ (__ ) /_
  306. |___/_/ /_/\____/____/\__/
  307. \033[0m'
  308. echo "\033[35;1mVHOST install \033[0m"
  309. while [ "$vh" != "y" ] && [ "$vh" != "n" ]
  310. do
  311. echo -n "Should we install a vhost? [y|n] "
  312. read vh
  313. # vh=${vh:-y}
  314. done
  315. if [ "$vh" = "y" ]; then
  316. while [ "$_host_name" = "" ]
  317. do
  318. read -p "enter a hostname ? " _host_name
  319. if [ "$_host_name" != "" ]; then
  320. read -p "is hostname $_host_name correcte [y|n] " validated
  321. if [ "$validated" = "y" ]; then
  322. break
  323. else
  324. _host_name=""
  325. fi
  326. fi
  327. done
  328. cp "$_cwd"/assets/example.org.conf /etc/apache2/sites-available/"$_host_name".conf
  329. sed -ir "s/example\.org/$_host_name/g" /etc/apache2/sites-available/"$_host_name".conf
  330. mkdir -p /srv/www/"$_host_name"/public_html
  331. mkdir /srv/www/"$_host_name"/logs
  332. #set proper right to user will handle the app
  333. chown -R root:admin /srv/www/"$_host_name"/
  334. chmod -R g+w /srv/www/"$_host_name"/
  335. chmod -R g+r /srv/www/"$_host_name"/
  336. # create a shortcut to the site
  337. mkdir /home/"$user"/www/
  338. chown "$user":admin /home/"$user"/www/
  339. ln -s /srv/www/"$_host_name" /home/"$user"/www/"$_host_name"
  340. #activate the vhost
  341. a2ensite "$_host_name".conf
  342. #restart apache
  343. service apache2 restart
  344. echo "\033[92;1mvhost $_host_name configured\033[Om"
  345. else
  346. echo "Vhost installation aborted"
  347. fi
  348. echo '\033[35m
  349. __ ___ _ __ __ __ ___ _
  350. / |/ /__ ___ (_) /_ _/_/ / |/ /_ _____ (_)__
  351. / /|_/ / _ \/ _ \/ / __/ _/_/ / /|_/ / // / _ \/ / _ \
  352. /_/ /_/\___/_//_/_/\__/ /_/ /_/ /_/\_,_/_//_/_/_//_/
  353. \033[0m'
  354. echo "\033[35;1mInstalling Munin \033[0m"
  355. sleep 3
  356. # https://www.howtoforge.com/tutorial/server-monitoring-with-munin-and-monit-on-debian/
  357. apt-get install munin munin-node munin-plugins-extra
  358. # Configure Munin
  359. # enable plugins
  360. ln -s /usr/share/munin/plugins/mysql_ /etc/munin/plugins/mysql_
  361. ln -s /usr/share/munin/plugins/mysql_bytes /etc/munin/plugins/mysql_bytes
  362. ln -s /usr/share/munin/plugins/mysql_innodb /etc/munin/plugins/mysql_innodb
  363. ln -s /usr/share/munin/plugins/mysql_isam_space_ /etc/munin/plugins/mysql_isam_space_
  364. ln -s /usr/share/munin/plugins/mysql_queries /etc/munin/plugins/mysql_queries
  365. ln -s /usr/share/munin/plugins/mysql_slowqueries /etc/munin/plugins/mysql_slowqueries
  366. ln -s /usr/share/munin/plugins/mysql_threads /etc/munin/plugins/mysql_threads
  367. ln -s /usr/share/munin/plugins/apache_accesses /etc/munin/plugins/
  368. ln -s /usr/share/munin/plugins/apache_processes /etc/munin/plugins/
  369. ln -s /usr/share/munin/plugins/apache_volume /etc/munin/plugins/
  370. # ln -s /usr/share/munin/plugins/fail2ban /etc/munin/plugins/
  371. # dbdir, htmldir, logdir, rundir, and tmpldir
  372. sed -i 's/^#dbdir/dbdir/' /etc/munin/munin.conf
  373. sed -i 's/^#htmldir/htmldir/' /etc/munin/munin.conf
  374. sed -i 's/^#logdir/logdir/' /etc/munin/munin.conf
  375. sed -i 's/^#rundir/rundir/' /etc/munin/munin.conf
  376. sed -i 's/^#tmpldir/tmpldir/' /etc/munin/munin.conf
  377. sed -i "s/^\[localhost.localdomain\]/[${HOSTNAME}]/" /etc/munin/munin.conf
  378. # ln -s /etc/munin/apache24.conf /etc/apache2/conf-enabled/munin.conf
  379. sed -i 's/Require local/Require all granted\nOptions FollowSymLinks SymLinksIfOwnerMatch/g' /etc/munin/apache24.conf
  380. htpasswd -c /etc/munin/munin-htpasswd admin
  381. sed -i 's/Require all granted/AuthUserFile \/etc\/munin\/munin-htpasswd\nAuthName "Munin"\nAuthType Basic\nRequire valid-user/g' /etc/munin/apache24.conf
  382. service apache2 restart
  383. service munin-node restart
  384. echo "\033[92;1mMunin installed\033[Om"
  385. echo "\033[35;1mInstalling Monit \033[0m"
  386. sleep 3
  387. # https://www.howtoforge.com/tutorial/server-monitoring-with-munin-and-monit-on-debian/2/
  388. apt-get install monit
  389. # TODO setup monit rc
  390. cat "$_cwd"/assets/monitrc > /etc/monit/monitrc
  391. # TODO setup webaccess
  392. passok=0
  393. while [ "$passok" = "0" ]
  394. do
  395. echo -n "Write web access password to monit"
  396. read passwda
  397. echo -n "ReWrite web access password to monit"
  398. read passwdb
  399. if [ "$passwda" = "$passwdb" ]; then
  400. sed -i 's/PASSWD_TO_REPLACE/$passwda/g' /etc/monit/monitrc
  401. passok=1
  402. else
  403. echo "pass words don't match, please try again"
  404. fi
  405. done
  406. # TODO setup mail settings
  407. sed -i "s/server1\.example\.com/$HOSTNAME/g" /etc/monit/monitrc
  408. mkdir /var/www/html/monit
  409. echo "hello" > /var/www/html/monit/token
  410. service monit start
  411. echo "\033[92;1mMonit installed\033[Om"
  412. echo '\033[35m
  413. ___ __ __
  414. / |_ _______/ /_____ _/ /_
  415. / /| | | /| / / ___/ __/ __ `/ __/
  416. / ___ | |/ |/ (__ ) /_/ /_/ / /_
  417. /_/ |_|__/|__/____/\__/\__,_/\__/
  418. \033[0m'
  419. echo "\033[35;1mInstalling Awstat \033[0m"
  420. sleep 3
  421. apt-get install awstats
  422. # Configure AWStats
  423. temp=`grep -i sitedomain /etc/awstats/awstats.conf.local | wc -l`
  424. if [ $temp -lt 1 ]; then
  425. echo SiteDomain="$_host_name" >> /etc/awstats/awstats.conf.local
  426. fi
  427. # Disable Awstats from executing every 10 minutes. Put a hash in front of any line.
  428. sed -i 's/^[^#]/#&/' /etc/cron.d/awstats
  429. echo "\033[92;1mAwstat installed\033[Om"
  430. # echo '\033[35m
  431. # ______________ _______
  432. # /_ __/ ____/ |/ / __ \
  433. # / / / __/ / /|_/ / /_/ /
  434. # / / / /___/ / / / ____/
  435. # /_/ /_____/_/ /_/_/
  436. # \033[0m'
  437. # function check_tmp_secured {
  438. # temp1=`grep -w "/var/tempFS /tmp ext3 loop,nosuid,noexec,rw 0 0" /etc/fstab | wc -l`
  439. # temp2=`grep -w "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" /etc/fstab | wc -l`
  440. # if [ $temp1 -gt 0 ] || [ $temp2 -gt 0 ]; then
  441. # return 1
  442. # else
  443. # return 0
  444. # fi
  445. # } # End function check_tmp_secured
  446. # function secure_tmp_tmpfs {
  447. # cp /etc/fstab /etc/fstab.bak
  448. # # Backup /tmp
  449. # cp -Rpf /tmp /tmpbackup
  450. # rm -rf /tmp
  451. # mkdir /tmp
  452. # mount -t tmpfs -o rw,noexec,nosuid tmpfs /tmp
  453. # chmod 1777 /tmp
  454. # echo "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" >> /etc/fstab
  455. # # Restore /tmp
  456. # cp -Rpf /tmpbackup/* /tmp/ >/dev/null 2>&1
  457. # #Remove old tmp dir
  458. # rm -rf /tmpbackup
  459. # # Backup /var/tmp and link it to /tmp
  460. # mv /var/tmp /var/tmpbackup
  461. # ln -s /tmp /var/tmp
  462. # # Copy the old data back
  463. # cp -Rpf /var/tmpold/* /tmp/ >/dev/null 2>&1
  464. # # Remove old tmp dir
  465. # rm -rf /var/tmpbackup
  466. # echo -e "\033[35;1m /tmp and /var/tmp secured using tmpfs. \033[0m"
  467. # } # End function secure_tmp_tmpfs
  468. # check_tmp_secured
  469. # if [ $? = 0 ]; then
  470. # secure_tmp_tmpfs
  471. # else
  472. # echo -e "\033[35;1mFunction canceled. /tmp already secured. \033[0m"
  473. # fi
  474. echo '\033[35m
  475. ____ __ _______ __
  476. / __ \____ / /_ / ____(_) /__ _____
  477. / / / / __ \/ __/ / /_ / / / _ \/ ___/
  478. / /_/ / /_/ / /_ / __/ / / / __(__ )
  479. /_____/\____/\__/ /_/ /_/_/\___/____/
  480. \033[0m'
  481. #installing better prompt and some goodies for root
  482. echo "\033[35;1mInstalling shell prompt for root \033[0m"
  483. sleep 3
  484. echo "cloning github.com/bachy/dotfiles-server"
  485. git clone git://github.com/bachy/dotfiles-server.git ~/.dotfiles-server && cd ~/.dotfiles-server && ./install.sh && cd ~
  486. source ~/.bashrc
  487. echo "\033[92;1mDot files installed for root, you should installed them manually for $USER\033[0m"
  488. # TODO add warning message on ssh connection if system needs updates
  489. # TODO install and configure tmux
  490. echo '\033[35m
  491. ___ __ __ __ __ __
  492. / | __ __/ /_____ / / / /___ ____/ /___ _/ /____
  493. / /| |/ / / / __/ __ \ / / / / __ \/ __ / __ `/ __/ _ \
  494. / ___ / /_/ / /_/ /_/ / / /_/ / /_/ / /_/ / /_/ / /_/ __/
  495. /_/ |_\__,_/\__/\____/ \____/ .___/\__,_/\__,_/\__/\___/
  496. /_/
  497. \033[0m'
  498. # https://www.howtoforge.com/how-to-configure-automatic-updates-on-debian-wheezy
  499. # https://www.bisolweb.com/tutoriels/serveur-vps-ovh-partie-5-installation-apticron/
  500. echo "\033[35;1mInstalling apticron \033[0m"
  501. apt-get install apticron
  502. sleep 3
  503. echo -n "Enter an email: "
  504. read email
  505. sed -ir "s/EMAIL=\"root\"/EMAIL=\"$email\"/g" /etc/apticron/apticron.conf
  506. # sed -ir "s/# DIFF_ONLY=\"1\"/DIFF_ONLY=\"1\"/g" /etc/apticron/apticron.conf
  507. sed -ir "s/# NOTIFY_NEW=\"0\"/NOTIFY_NEW=\"0\"/g" /etc/apticron/apticron.conf
  508. echo "\033[92;1mApticron installed and configured\033[0m"
  509. echo '\033[35m
  510. __
  511. ___ ____ ____/ /
  512. / _ \/ __ \/ __ /
  513. / __/ / / / /_/ /
  514. \___/_/ /_/\__,_/
  515. \033[0m'
  516. echo "\033[35;1m* * script done * * \033[0m"