BirkhoffLee/installMySQL.sh

## installMySQL.sh
#!/bin/bash

# Settings
USERNAME="mysqluser"
SSH_PUBKEY="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClxraaf0yoYrLWhxD1gdFopR/20Z54spf4ecbAXTch42HLpMimFh18qNa4easbeP8SPjt94arV+BxHFmCaK41YsP1tJL/5I1DsnPyYew5ZJjWGBeGF7nMvht5ostKPOa+tpuQP/z5goE7gQxF+46nMnO2q7bHG4+6xl4fLq+yoWY8vpBgW6RUTPPExhHXaV+KxFBmroW1AXvcM2nxnrAQFcG6mvPhnIUpDjYtUvq48lch34MwuX+ckPYXCBinDTekS/ZV9/H4XjVsv/Uay3cAz5VG5SuwXsSCJfgMJFGw86wYRcFe401rnG1LnWJczHPCtzA6CuY25UdptcQYCH+lV birkhoff@Birkhoffs-MBPR.local"

# Check permissions
if [[ $(id -u) -ne 0 ]]; then
   printf "The script must be run as root! \n"
   exit 1
fi

# Update system & Install packages
echo 'precedence ::ffff:0:0/96  100' >> /etc/gai.conf
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" upgrade
apt-get install unattended-upgrades curl fail2ban git mysql-server -y

# Create a group called nopwsudo,
# which allows nopassword-sudoing,
# and full root access.
groupadd nopwsudo
echo "%nopwsudo ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers

# Create the user.
useradd -s /bin/bash $USERNAME

# Set the user's home directory up
mkdir /home/$USERNAME
mkdir /home/$USERNAME/.ssh
chmod 700 /home/$USERNAME/.ssh

# Add my SSH key to the user's ssh authorized keys
echo "$SSH_PUBKEY" > /home/$USERNAME/.ssh/authorized_keys
chmod 400 /home/$USERNAME/.ssh/authorized_keys

# Recursively set the user's home directory's contents' permissions
chown $USERNAME:$USERNAME /home/$USERNAME -R

# Add the user to the nopwsudo group
usermod -aG nopwsudo $USERNAME

# Prevent root logging in from SSH
sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config

# Force use Public Key authentication
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config

# Restart the SSH service
service ssh restart

# Automated security updates
echo 'APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";' > /etc/apt/apt.conf.d/10periodic

echo 'Unattended-Upgrade::Allowed-Origins {
    "Ubuntu lucid-security";
    //"Ubuntu lucid-updates";
};' > /etc/apt/apt.conf.d/50unattended-upgrades

# Clean downloaded archive files
apt-get autoclean
apt-get clean

# Configure
mysql_secure_installation
apt-get install phpmyadmin -y
apt-get install python-letsencrypt-apache apache2-utils -y
letsencrypt --apache
letsencrypt renew --dry-run --agree-tos

clear

# End
echo "Done!"
	#!/bin/bash

	# Settings
	USERNAME="mysqluser"
	SSH_PUBKEY="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClxraaf0yoYrLWhxD1gdFopR/20Z54spf4ecbAXTch42HLpMimFh18qNa4easbeP8SPjt94arV+BxHFmCaK41YsP1tJL/5I1DsnPyYew5ZJjWGBeGF7nMvht5ostKPOa+tpuQP/z5goE7gQxF+46nMnO2q7bHG4+6xl4fLq+yoWY8vpBgW6RUTPPExhHXaV+KxFBmroW1AXvcM2nxnrAQFcG6mvPhnIUpDjYtUvq48lch34MwuX+ckPYXCBinDTekS/ZV9/H4XjVsv/Uay3cAz5VG5SuwXsSCJfgMJFGw86wYRcFe401rnG1LnWJczHPCtzA6CuY25UdptcQYCH+lV birkhoff@Birkhoffs-MBPR.local"

	# Check permissions
	if [[ $(id -u) -ne 0 ]]; then
	printf "The script must be run as root! \n"
	exit 1
	fi

	# Update system & Install packages
	echo 'precedence ::ffff:0:0/96 100' >> /etc/gai.conf
	apt-get update
	DEBIAN_FRONTEND=noninteractive apt-get -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" upgrade
	apt-get install unattended-upgrades curl fail2ban git mysql-server -y

	# Create a group called nopwsudo,
	# which allows nopassword-sudoing,
	# and full root access.
	groupadd nopwsudo
	echo "%nopwsudo ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers

	# Create the user.
	useradd -s /bin/bash $USERNAME

	# Set the user's home directory up
	mkdir /home/$USERNAME
	mkdir /home/$USERNAME/.ssh
	chmod 700 /home/$USERNAME/.ssh

	# Add my SSH key to the user's ssh authorized keys
	echo "$SSH_PUBKEY" > /home/$USERNAME/.ssh/authorized_keys
	chmod 400 /home/$USERNAME/.ssh/authorized_keys

	# Recursively set the user's home directory's contents' permissions
	chown $USERNAME:$USERNAME /home/$USERNAME -R

	# Add the user to the nopwsudo group
	usermod -aG nopwsudo $USERNAME

	# Prevent root logging in from SSH
	sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config

	# Force use Public Key authentication
	sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config

	# Restart the SSH service
	service ssh restart

	# Automated security updates
	echo 'APT::Periodic::Update-Package-Lists "1";
	APT::Periodic::Download-Upgradeable-Packages "1";
	APT::Periodic::AutocleanInterval "7";
	APT::Periodic::Unattended-Upgrade "1";' > /etc/apt/apt.conf.d/10periodic

	echo 'Unattended-Upgrade::Allowed-Origins {
	"Ubuntu lucid-security";
	//"Ubuntu lucid-updates";
	};' > /etc/apt/apt.conf.d/50unattended-upgrades

	# Clean downloaded archive files
	apt-get autoclean
	apt-get clean

	# Configure
	mysql_secure_installation
	apt-get install phpmyadmin -y
	apt-get install python-letsencrypt-apache apache2-utils -y
	letsencrypt --apache
	letsencrypt renew --dry-run --agree-tos

	clear

	# End
	echo "Done!"