install-debian-server.sh 3.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148
  1. #!/bin/sh
  2. # bachir soussi chiadmi
  3. #
  4. # http://www.pontikis.net/blog/debian-9-stretch-rc3-web-server-setup-php7-mariadb
  5. # http://web-74.com/blog/reseaux/gerer-le-deploiement-facilement-avec-git/
  6. #
  7. echo '\033[35m
  8. ____ __ _ _____
  9. / __ \___ / /_ (_)___ _____ / ___/___ ______ _____ _____
  10. / / / / _ \/ __ \/ / __ `/ __ \ \__ \/ _ \/ ___/ | / / _ \/ ___/
  11. / /_/ / __/ /_/ / / /_/ / / / / ___/ / __/ / | |/ / __/ /
  12. /_____/\___/_.___/_/\__,_/_/ /_/ /____/\___/_/ |___/\___/_/
  13. \033[0m'
  14. echo "\033[35;1mThis script has been tested only on Linux Debian 9 \033[0m"
  15. if [ "$EUID" -ne 0 ]; then
  16. echo "Please run as root"
  17. exit
  18. fi
  19. echo -n "Should we start? [Y|n] "
  20. read yn
  21. yn=${yn:-y}
  22. if [ "$yn" != "y" ]; then
  23. echo "aborting script!"
  24. exit
  25. fi
  26. # get the current position
  27. _cwd="$(pwd)"
  28. . bin/upgrade.sh
  29. . bin/misc.sh
  30. . bin/firewall.sh
  31. . bin/fail2ban.sh
  32. . bin/knockd.sh
  33. . bin/user.sh
  34. . bin/email.sh
  35. while [ "$securssh" != "yes" ] && [ "$securssh" != "no" ]
  36. do
  37. echo -n "Securing ssh (disabling root login)? [yes|no] "
  38. read securssh
  39. # securssh=${securssh:-y}
  40. done
  41. if [ "$securssh" = "yes" ]; then
  42. . bin/ssh.sh
  43. else
  44. echo 'root user can still conect through ssh'
  45. fi
  46. echo -n "Should we install ftp server? [Y|n] "
  47. read yn
  48. yn=${yn:-y}
  49. if [ "$yn" = "y" ]; then
  50. . bin/ftp.sh
  51. else
  52. echo 'ftp server not installed'
  53. fi
  54. while [ "$lemp" != "yes" ] && [ "$lemp" != "no" ]
  55. do
  56. echo -n "Should we install lemp ? [yes|no] "
  57. read lemp
  58. done
  59. if [ "$lemp" = "yes" ]; then
  60. . bin/lemp.sh
  61. else
  62. echo 'lemp server not installed'
  63. fi
  64. . bin/dotfiles.sh
  65. . bin/autoupdate.sh
  66. # echo '\033[35m
  67. # ______________ _______
  68. # /_ __/ ____/ |/ / __ \
  69. # / / / __/ / /|_/ / /_/ /
  70. # / / / /___/ / / / ____/
  71. # /_/ /_____/_/ /_/_/
  72. # \033[0m'
  73. # function check_tmp_secured {
  74. # temp1=`grep -w "/var/tempFS /tmp ext3 loop,nosuid,noexec,rw 0 0" /etc/fstab | wc -l`
  75. # temp2=`grep -w "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" /etc/fstab | wc -l`
  76. # if [ $temp1 -gt 0 ] || [ $temp2 -gt 0 ]; then
  77. # return 1
  78. # else
  79. # return 0
  80. # fi
  81. # } # End function check_tmp_secured
  82. # function secure_tmp_tmpfs {
  83. # cp /etc/fstab /etc/fstab.bak
  84. # # Backup /tmp
  85. # cp -Rpf /tmp /tmpbackup
  86. # rm -rf /tmp
  87. # mkdir /tmp
  88. # mount -t tmpfs -o rw,noexec,nosuid tmpfs /tmp
  89. # chmod 1777 /tmp
  90. # echo "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" >> /etc/fstab
  91. # # Restore /tmp
  92. # cp -Rpf /tmpbackup/* /tmp/ >/dev/null 2>&1
  93. # #Remove old tmp dir
  94. # rm -rf /tmpbackup
  95. # # Backup /var/tmp and link it to /tmp
  96. # mv /var/tmp /var/tmpbackup
  97. # ln -s /tmp /var/tmp
  98. # # Copy the old data back
  99. # cp -Rpf /var/tmpold/* /tmp/ >/dev/null 2>&1
  100. # # Remove old tmp dir
  101. # rm -rf /var/tmpbackup
  102. # echo -e "\033[35;1m /tmp and /var/tmp secured using tmpfs. \033[0m"
  103. # } # End function secure_tmp_tmpfs
  104. # check_tmp_secured
  105. # if [ $? = 0 ]; then
  106. # secure_tmp_tmpfs
  107. # else
  108. # echo -e "\033[35;1mFunction canceled. /tmp already secured. \033[0m"
  109. # fi
  110. # TODO add warning message on ssh connection if system needs updates
  111. # TODO install and configure tmux
  112. echo '\033[35m
  113. __
  114. ___ ____ ____/ /
  115. / _ \/ __ \/ __ /
  116. / __/ / / / /_/ /
  117. \___/_/ /_/\__,_/
  118. \033[0m'
  119. echo "\033[35;1m* * script done * * \033[0m"