bradwright/linode-secure-ubuntu-stackscript.sh

## linode-secure-ubuntu-stackscript.sh
#!/bin/bash

# Setup script designed to get a Ubuntu 10.4 LTS server
# up and running with secure defaults.

# <UDF name="user_hostname" Label="Hostname for new Linode" />
# <UDF name="user_username" Label="Username for non-root account" />
# <UDF name="user_password" Label="Password for new user" />

# include basic commands and convenience utilities from
# http://www.linode.com/stackscripts/view/?StackScriptID=1
source <ssinclude StackScriptID="1">

# get system up to date
apt-get update && apt-get upgrade

# change hostname from Linode default
echo $USER_HOSTNAME > /etc/hostname
hostname -F /etc/hostname

# add hostname to hosts file so sudo doesn't break
echo -e "\n$(system_primary_ip)" >> /etc/hosts

# add a non-root user

# add user non-interactively
# TODO: fix default shell
useradd -d "/home/$USER_USERNAME" -m $USER_USERNAME
# set password non-interactively
echo "$USER_USERNAME:$USER_PASSWORD" | chpasswd
# add user to correct Ubuntu groups for SSH and sudo
usermod -a -G sudo,ssh $USER_USERNAME
# remove requirement for password to sudo
echo -e "\n$USER_USERNAME ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers

# install SSH key and fix permissions on user SSH keys
USER_HOME="/home/$USER_USERNAME"
mkdir "$USER_HOME/.ssh"
echo $USER_SSHKEY > "$USER_HOME/.ssh/authorized_keys"
chmod "$USER_HOME/.ssh/" 600
chmod "$USER_HOME/.ssh" 700
chown -r "$USER_HOME/.ssh" $USER_USERNAME:$USER_USERNAME

# secure SSH from root login
sed -e 's/^.*PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config | tee /etc/ssh/sshd_config
sed -e 's/^.*PasswordAuthentication.*$/PasswordAuthentication no/g' /etc/ssh/sshd_config | tee /etc/ssh/sshd_config

# TODO: add iptables configuration
	#!/bin/bash

	# Setup script designed to get a Ubuntu 10.4 LTS server
	# up and running with secure defaults.

	# <UDF name="user_hostname" Label="Hostname for new Linode" />
	# <UDF name="user_username" Label="Username for non-root account" />
	# <UDF name="user_password" Label="Password for new user" />

	# include basic commands and convenience utilities from
	# http://www.linode.com/stackscripts/view/?StackScriptID=1
	source <ssinclude StackScriptID="1">

	# get system up to date
	apt-get update && apt-get upgrade

	# change hostname from Linode default
	echo $USER_HOSTNAME > /etc/hostname
	hostname -F /etc/hostname

	# add hostname to hosts file so sudo doesn't break
	echo -e "\n$(system_primary_ip)" >> /etc/hosts

	# add a non-root user

	# add user non-interactively
	# TODO: fix default shell
	useradd -d "/home/$USER_USERNAME" -m $USER_USERNAME
	# set password non-interactively
	echo "$USER_USERNAME:$USER_PASSWORD" \| chpasswd
	# add user to correct Ubuntu groups for SSH and sudo
	usermod -a -G sudo,ssh $USER_USERNAME
	# remove requirement for password to sudo
	echo -e "\n$USER_USERNAME ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers

	# install SSH key and fix permissions on user SSH keys
	USER_HOME="/home/$USER_USERNAME"
	mkdir "$USER_HOME/.ssh"
	echo $USER_SSHKEY > "$USER_HOME/.ssh/authorized_keys"
	chmod "$USER_HOME/.ssh/" 600
	chmod "$USER_HOME/.ssh" 700
	chown -r "$USER_HOME/.ssh" $USER_USERNAME:$USER_USERNAME

	# secure SSH from root login
	sed -e 's/^.*PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config \| tee /etc/ssh/sshd_config
	sed -e 's/^.PasswordAuthentication.$/PasswordAuthentication no/g' /etc/ssh/sshd_config \| tee /etc/ssh/sshd_config

	# TODO: add iptables configuration