This repository was archived by the owner on Oct 7, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathinstallBase.sh
More file actions
113 lines (99 loc) · 2.83 KB
/
installBase.sh
File metadata and controls
113 lines (99 loc) · 2.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#!/bin/bash -
#
# Copyright (C) 2017 Tetras Libre <admin@tetras-libre.fr>
# Author: Curt, Sebastien <sebastien.curt@tetras-libre.fr>
#
# This program is free software: you can redistribute it and/or modify # it
# under the terms of the GNU General Public License as published by # the Free
# Software Foundation, either version 3 of the License, or # (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful, # but WITHOUT
# ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for
# more details.
#
# You should have received a copy of the GNU General Public License # along
# with this program. If not, see <http://www.gnu.org/licenses/>.
set -o nounset # Treat unset variables as an error
apt-get clean
# Add stable backports to source.list and set preferences
if ! $(grep -Rq "jessie-backports" /etc/apt/sources.list /etc/apt/sources.list.d)
then
(
echo -n "deb http://httpredir.debian.org/debian jessie-backports "
echo "main contrib non-free"
) > /etc/apt/sources.list.d/backports.list
fi
if ! $(grep -Rq "jessie-backports" /etc/apt/preferences /etc/apt/preferences.d)
then
(
echo "Package: python*"
echo "Pin: release a=jessie-backports"
echo "Pin-Priority: 900"
) > /etc/apt/preferences.d/backports
fi
if [ "${WEB_SERVER}" == "apache2" ]
then
export WEB_SERVER_PACKAGES="apache2 libapache2-mod-php"
else
export WEB_SERVER_PACKAGES="nginx-extras php-fpm"
fi
apt-get update
DEBIAN_FRONTEND='noninteractive' apt-get -qq install \
apt-transport-https \
aptitude \
certbot \
clamav \
clamav-daemon \
cpufrequtils \
dbus \
debian-goodies \
fail2ban \
git \
lm-sensors \
make \
ntp \
pandoc \
php \
php-apcu \
php-curl \
php-gd \
php-intl \
php-mcrypt \
php-mysql \
postfix \
openssh-server \
tar \
tmux \
ufw \
unattended-upgrades \
vim-nox \
${WEB_SERVER_PACKAGES} \
wget
# Configure UFW
ufw allow ssh
ufw allow http
ufw allow https
ufw enable
# Clamav entry for weekly analysis
systemctl enable clamav-daemon
systemctl start clamav-daemon
line="0 1 * * 1 $PWD/clamav-weekly.sh > /dev/null 2>&1"
(crontab -l; echo "${line}") | crontab -
# Health report
line="0 7 * * 1 $PWD/healthReport.sh -m 'Rapport de santé hebdomadaire' > /dev/null 2>&1"
(crontab -l; echo "${line}") | crontab -
# Allow maintenance operations:
mkdir -p /root/.ssh
cat id_rsa.pub >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
#Fail 2 ban
cp ./etc/fail2ban/* /etc/fail2ban
systemctl restart fail2ban
#Ssh
cp ./etc/ssh/* /etc/ssh
systemctl restart ssh
#eth0
echo -e "auto eth0\nallow-hotplug eth0\niface eth0 inet dhcp" \
>> /etc/network/interface