Home Esplora Aiuto
Accedi
bachir
/
debian-web-server
1
1
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Albero (Tree): d5b3d5f1e0
Rami (Branch) Tag
debian-web-s...
/
install-debian-server.sh

install-debian-server.sh 6.1 KB
Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196 
  1. #!/bin/sh
    2. 

  2. # bachir soussi chiadmi
    3. 

  3. #
    4. 

  4. # http://www.debian.org/doc/manuals/securing-debian-howto/
    5. 

  5. # https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics
    6. 

  6. # https://www.linode.com/docs/websites/lamp/lamp-server-on-debian-7-wheezy/
    7. 

  7. # http://web-74.com/blog/reseaux/gerer-le-deploiement-facilement-avec-git/
    8. 

  8. #
    9. 

  9. 

  10. echo -e "\033[35;1mThis script has been tested only on Linux Debian 7 \033[0m"
    11. 

  11. echo "Please run this script as root"
    12. 

  12. 

  13. echo -n "Should we start? [Y:n]"
    14. 

  14. read yn
    15. 

  15. yn=${yn:-y}
    16. 

  16. if [ "$yn" != 'y']; then
    17. 

  17.   echo "aborting script!"
    18. 

  18.   exit
    19. 

  19. fi
    20. 

  20. 

  21. echo "* * *"
    22. 

  22. 

  23. exit
    24. 

  24. 

  25. apt-get update
    26. 

  26. apt-get upgrade
    27. 

  27. 

  28. # get the current position
    29. 

  29. _cwd="$(pwd)"
    30. 

  30. 

  31. echo -e "\033[35;1mInstalling harden \033[0m"
    32. 

  32. sleep 5
    33. 

  33. apt-get install harden
    34. 

  34. echo "Harden instaled"
    35. 

  35. echo "* * *"
    36. 

  36. 

  37. echo -e "\033[35;1mInstalling ufw and setup firewall (allowing only ssh and http) \033[0m"
    38. 

  38. sleep 5
    39. 

  39. apt-get install ufw
    40. 

  40. ufw allow ssh
    41. 

  41. ufw allow http
    42. 

  42. ufw enable
    43. 

  43. ufw status verbose
    44. 

  44. echo "ufw installed and firwall configured"
    45. 

  45. echo "* * *"
    46. 

  46. 

  47. echo -e "\033[35;1mCreate new user (you will be asked a user name and a password) \033[0m"
    48. 

  48. sleep 5
    49. 

  49. read -p "Enter user name: " user
    50. 

  50. # read -p "Continue? (Y/N): " confirm && [[ $confirm == [yY] || $confirm == [yY][eE][sS] ]] || exit 1
    51. 

  51. adduser "$user"
    52. 

  52. echo "adding $user to admin group and limiting su to the admin group"
    53. 

  53. groupadd admin
    54. 

  54. usermod -a -G admin "$user"
    55. 

  55. dpkg-statoverride --update --add root admin 4750 /bin/su
    56. 

  56. echo "user $user configured"
    57. 

  57. echo "* * *"
    58. 

  58. 

  59. read -e -p "Securing ssh (disabling root login) [Y:n]" -i "y" securssh
    60. 

  60. if [$securssh = 'y']; then
    61. 

  61.   sed -i 's/PermitRootLogin\ yes/PermitRootLogin no/g' /etc/ssh/sshd_config
    62. 

  62.   sed -i 's/PermitEmptyPasswords\ yes/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
    63. 

  63.   sed -i 's/Protocol\ [0-9]/Protocol 2/g' /etc/ssh/sshd_config
    64. 

  64.   echo "SSH secured"
    65. 

  65. else
    66. 

  66.   echo 'root user can stile coonect through ssh'
    67. 

  67. fi
    68. 

  68. echo "* * *"
    69. 

  69. 

  70. echo -e "\033[35;1mInstalling AMP web server \033[0m"
    71. 

  71. echo -e "\033[35;1mInstalling Apache2 \033[0m"
    72. 

  72. sleep 5
    73. 

  73. apt-get install apache2
    74. 

  74. a2enmod rewrite
    75. 

  75. service apache2 restart
    76. 

  76. echo "Apache2 installed"
    77. 

  77. echo "* * *"
    78. 

  78. 

  79. echo -e "\033[35;1minstalling Mysql \033[0m"
    80. 

  80. sleep 5
    81. 

  81. apt-get install mysql-server
    82. 

  82. mysql_secure_installation
    83. 

  83. echo "mysql installed"
    84. 

  84. echo "* * *"
    85. 

  85. 

  86. echo -e "\033[35;1mInstalling PHP \033[0m"
    87. 

  87. sleep 5
    88. 

  88. apt-get install php5 php-pear php5-gd
    89. 

  89. echo "Configuring PHP"
    90. 

  90. cp /etc/php5/apache2/php.ini /etc/php5/apache2/php.ini.back
    91. 

  91. sed -i "s/max_execution_time\ =\ [0-9]\+/max_execution_time = 60/g" /etc/php5/apache2/php.ini
    92. 

  92. sed -i "s/max_input_time\ =\ [0-9]\+/max_input_time = 60/g" /etc/php5/apache2/php.ini
    93. 

  93. sed -i "s/memory_limit\ =\ [0-9]\+M/memory_limit = 512M/g" /etc/php5/apache2/php.ini
    94. 

  94. sed -i "s/;\?error_reporting\ =\ [^\n]\+/error_reporting = E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR/g" /etc/php5/apache2/php.ini
    95. 

  95. sed -i "s/;\?display_errors\ =\ On/display_errors = Off/g" /etc/php5/apache2/php.ini
    96. 

  96. sed -i "s/;\?log_errors\ =\ Off/log_errors = On/g" /etc/php5/apache2/php.ini
    97. 

  97. # following command doesn't work, make teh change manualy
    98. 

  98. #sed -ri ":a;$!{N;ba};s/;\?\ \?error_log\ =\ [^\n]\+([^\n]*\n(\n|$))/error_log = \/var\/log\/php\/error.log\1/g" /etc/php5/apache2/php.ini
    99. 

  99. echo "register_globals = Off" >> /etc/php5/apache2/php.ini
    100. 

  100. 

  101. mkdir /var/log/php
    102. 

  102. chown www-data /var/log/php
    103. 

  103. 

  104. apt-get install php5-mysql
    105. 

  105. echo "php installed"
    106. 

  106. echo "* * *"
    107. 

  107. 

  108. echo -e "\033[35;1mInstalling Awstat \033[0m"
    109. 

  109. sleep 5
    110. 

  110. apt-get install awstats
    111. 

  111. echo "Awstat installed"
    112. 

  112. echo "* * *"
    113. 

  113. 

  114. read -e -p "Should we install a vhost? [Y:n]" vh
    115. 

  115. if [ $vh = "y"]; then
    116. 

  116.   read -p "hostname ? " _host_name
    117. 

  117.   cp "$_cwd"/assets/example.org.conf /etc/apache2/sites-available/"$_host_name".conf
    118. 

  118.   sed -ir "s/example\.org/$_host_name/g" /etc/apache2/sites-available/"$_host_name".conf
    119. 

  119. 

  120.   mkdir -p /srv/www/"$_host_name"/public_html
    121. 

  121.   mkdir /srv/www/"$_host_name"/logs
    122. 

  122.   #set proper right to user will handle the app
    123. 

  123.   chown -R root:admin  /srv/www/"$_host_name"/
    124. 

  124.   chmod -R g+w /srv/www/"$_host_name"/
    125. 

  125.   chmod -R g+r /srv/www/"$_host_name"/
    126. 

  126. 

  127.   # create a shortcut to the site
    128. 

  128.   mkdir /home/"$user"/www/
    129. 

  129.   chown "$user":admin /home/"$user"/www/
    130. 

  130.   ln -s /srv/www/"$_host_name" /home/"$user"/www/"$_host_name"
    131. 

  131. 

  132.   #activate the vhost
    133. 

  133.   a2ensite "$_host_name".conf
    134. 

  134. 

  135.   #restart apache
    136. 

  136.   service apache2 restart
    137. 

  137.   echo "vhost $_host_name configured"
    138. 

  138. else
    139. 

  139.   echo "Vhost installation aborted"
    140. 

  140. fi
    141. 

  141. echo "* * *"
    142. 

  142. 

  143. #installing better prompt and some goodies for root
    144. 

  144. echo -e "\033[35;1mInstalling shell prompt for root \033[0m"
    145. 

  145. sleep 5
    146. 

  146. git clone git://github.com/bachy/dotfiles-server.git ~/.dotfiles-server && cd ~/.dotfiles-server && ./install.sh && cd -
    147. 

  147. source ~/.bashrc
    148. 

  148. echo "done"
    149. 

  149. echo "* * *"
    150. 

  150. 

  151. #    __  _______ __________
    152. 

  152. #   / / / / ___// ____/ __ \
    153. 

  153. #  / / / /\__ \/ __/ / /_/ /
    154. 

  154. # / /_/ /___/ / /___/ _, _/
    155. 

  155. # \____//____/_____/_/ |_|
    156. 

  156. 

  157. # setup user environment
    158. 

  158. echo -e "\033[35;1mInstalling shell prompt for $user \033[0m"
    159. 

  159. sleep 5
    160. 

  160. cd ~
    161. 

  161. git clone git://github.com/bachy/dotfiles-server.git ~/.dotfiles-server && cd ~/.dotfiles-server && ./install.sh && cd -
    162. 

  162. cd ~
    163. 

  163. source .bashrc
    164. 

  164. echo "done"
    165. 

  165. echo "* * *"
    166. 

  166. 

  167. # setup bare repositorie to push to
    168. 

  168. echo -e "\033[35;1msetup git repositories for $_host_name \033[0m"
    169. 

  169. sleep 5
    170. 

  170. mkdir ~/git-repositories
    171. 

  171. mkdir ~/git-repositories/"$_host_name".git
    172. 

  172. cd ~/git-repositories/"$_host_name".git
    173. 

  173. git init --bare
    174. 

  174. 

  175. # setup git repo on site folder
    176. 

  176. cd /srv/www/"$_host_name"/public_html/
    177. 

  177. git init
    178. 

  178. # link to the bare repo
    179. 

  179. git remote add origin ~/git-repositories/"$_host_name".git
    180. 

  180. 

  181. # create hooks that will update the site repo
    182. 

  182. cd ~
    183. 

  183. cp "$_cwd"/assets/git-pre-receive ~/git-repositories/"$_host_name".git/hooks/pre-receive
    184. 

  184. cp "$_cwd"/assets/git-post-receive ~/git-repositories/"$_host_name".git/hooks/post-receive
    185. 

  185. 

  186. sed -ir "s/PRODDIR=\"www\"/PRODDIR=\/srv\/www\/$_host_name\/public_html/g" ~/git-repositories/"$_host_name".git/hooks/pre-receive
    187. 

  187. sed -ir "s/PRODDIR=\"www\"/PRODDIR=\/srv\/www\/$_host_name\/public_html/g" ~/git-repositories/"$_host_name".git/hooks/post-receive
    188. 

  188. 

  189. cd ~/git-repositories/"$_host_name".git/hooks/
    190. 

  190. chmod +x post-receive pre-receive
    191. 

  191. 

  192. # done
    193. 

  193. echo "git repos for $_host_name install succeed"
    194. 

  194. echo "your site stay now to ~/www/$_host_name"
    195. 

  195. echo "you can push updates on prod branch through $user@IP.IP.IP.IP:git-repositories/$_host_name.git"
    196. 

  196. echo "* * *"
    197.