Home Explore Help
Sign In
bachir
/
debian-web-server
1
1
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: f7020aca9d
Branches Tags
debian-web-s...
/
install-debian-server.sh

install-debian-server.sh 2.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 
  1. #!/bin/sh
    2. 

  2. # bachir soussi chiadmi
    3. 

  3. #
    4. 

  4. # http://www.debian.org/doc/manuals/securing-debian-howto/
    5. 

  5. # https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics
    6. 

  6. # https://www.linode.com/docs/websites/lamp/lamp-server-on-debian-7-wheezy/
    7. 

  7. #
    8. 

  8. 

  9. echo "This script has been tested only on Linux Debian 7"
    10. 

  10. 

  11. echo "Installing harden"
    12. 

  12. apt-get install harden
    13. 

  13. 

  14. echo "Installing ufw and setup firewall (allowing only ssh and http)"
    15. 

  15. apt-get install ufw
    16. 

  16. ufw allow ssh
    17. 

  17. ufw allow http
    18. 

  18. ufw enable
    19. 

  19. ufw status verbose
    20. 

  20. 

  21. echo "Create new user (you will be asked a user name and a password)"
    22. 

  22. read -p "Enter user name: " user
    23. 

  23. # read -p "Continue? (Y/N): " confirm && [[ $confirm == [yY] || $confirm == [yY][eE][sS] ]] || exit 1
    24. 

  24. adduser "$user"
    25. 

  25. echo "adding $user to admin group and limiting su to the admin group"
    26. 

  26. groupadd admin
    27. 

  27. usermod -a -G admin "$user"
    28. 

  28. dpkg-statoverride --update --add root admin 4750 /bin/su
    29. 

  29. 

  30. echo "Securing ssh (disabling root login)"
    31. 

  31. sed -i 's/PermitRootLogin\ yes/PermitRootLogin no/g' /etc/ssh/sshd_config
    32. 

  32. sed -i 's/PermitEmptyPasswords\ yes/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
    33. 

  33. sed -i 's/Protocol\ [0-9]/Protocol 2/g' /etc/ssh/sshd_config
    34. 

  34. 

  35. echo "Installing AMP web server"
    36. 

  36. echo "Installing Apache2"
    37. 

  37. apt-get install apache2
    38. 

  38. a2enmod rewrite
    39. 

  39. service apache2 restart
    40. 

  40. echo "installing Mysql"
    41. 

  41. apt-get install mysql-server
    42. 

  42. mysql_secure_installation
    43. 

  43. echo "Installing PHP"
    44. 

  44. apt-get install php5 php-pear
    45. 

  45. echo "Configuring PHP"
    46. 

  46. cp /etc/php5/apache2/php.ini /etc/php5/apache2/php.ini.back
    47. 

  47. sed -i "s/max_execution_time\ =\ [0-9]\+/max_execution_time = 60/g" /etc/php5/apache2/php.ini
    48. 

  48. sed -i "s/max_input_time\ =\ [0-9]\+/max_input_time = 60/g" /etc/php5/apache2/php.ini
    49. 

  49. sed -i "s/memory_limit\ =\ [0-9]\+M/memory_limit = 512M/g" /etc/php5/apache2/php.ini
    50. 

  50. sed -i "s/;\?error_reporting\ =\ [^\n]\+/error_reporting = E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR/g" /etc/php5/apache2/php.ini
    51. 

  51. sed -i "s/;\?display_errors\ =\ On/display_errors = Off/g" /etc/php5/apache2/php.ini
    52. 

  52. sed -i "s/;\?log_errors\ =\ Off/log_errors = On/g" /etc/php5/apache2/php.ini
    53. 

  53. # following command doesn't work, make teh change manualy
    54. 

  54. #sed -ri ":a;$!{N;ba};s/;\?\ \?error_log\ =\ [^\n]\+([^\n]*\n(\n|$))/error_log = \/var\/log\/php\/error.log\1/g" /etc/php5/apache2/php.ini
    55. 

  55. echo "register_globals = Off" >> /etc/php5/apache2/php.ini
    56. 

  56. 

  57. mkdir /var/log/php
    58. 

  58. chown www-data /var/log/php
    59. 

  59. 

  60. apt-get install php5-mysql
    61. 

  61. 

  62. service apache2 restart
    63. 

  63.