Irvyne/debian-post-install.sh

## debian-post-install.sh
#!/bin/bash

#######################################
#  Created by Thibaud BARDIN (Irvyne) #
#######################################

SUDO=''
APTITUDE_PARAM=''
DOTDEB_REPO='true'
MARIADB_REPO='true'
RABBITMQ_REPO='false'
NODE='false'
SECURITY_IPTABLES='false'
SECURITY_PORTSENTRY='false'
SECURITY_FAIL2BAN='false'
SECURITY_RKHUNTER='false'
SECURITY_LOGWATCH='false'
SECURITY_MYSQL='false'
SOURCES_LIST_DIR=/etc/apt/sources.list.d

#################
# Configuration #
#################

# Question: Use Sudo?
echo "Do you want to run script as sudo?"
select yn in "Yes" "No"; do
case $yn in
    Yes ) SUDO='sudo'; break;;
    No )  SUDO=''; break;;
esac
done

# Question: Automatically Install Packages?
echo "Do you want to install automatically packages without asking (aptitude install -y ...)?"
select yn in "Yes" "No"; do
case $yn in
    Yes ) APTITUDE_PARAM='-y'; break;;
    No )  APTITUDE_PARAM=''; break;;
esac
done

# Question: Dotdeb Repo?
echo "Install Dotdeb Repo?"
select yn in "Yes" "No"; do
case $yn in
    Yes ) DOTDEB_REPO='true'; break;;
    No )  DOTDEB_REPO='false'; break;;
esac
done

# Question: MariaDB Repo?
echo "Install MariaDB Repo?"
select yn in "Yes" "No"; do
case $yn in
    Yes ) MARIADB_REPO='true'; break;;
    No )  MARIADB_REPO='false'; break;;
esac
done

# Question: RabbitMQ Repo?
echo "Install RabbitMQ Repo?"
select yn in "Yes" "No"; do
case $yn in
    Yes ) RABBITMQ_REPO='true'; break;;
    No )  RABBITMQ_REPO='false'; break;;
esac
done

# Question: Node+NPM?
echo "Install Node+NPM?"
select yn in "Yes" "No"; do
case $yn in
    Yes ) NODE='true'; break;;
    No )  NODE='false'; break;;
esac
done

# Question: Iptables?
echo "[SECURITY] Install Iptables?"
select yn in "Yes" "No"; do
case $yn in
    Yes ) SECURITY_IPTABLES='true'; break;;
    No )  SECURITY_IPTABLES='false'; break;;
esac
done

# Question: Portsentry?
echo "[SECURITY] Install Portsentry?"
select yn in "Yes" "No"; do
case $yn in
    Yes ) SECURITY_PORTSENTRY='true'; break;;
    No )  SECURITY_PORTSENTRY='false'; break;;
esac
done

# Question: Fail2ban?
echo "[SECURITY] Install Fail2ban?"
select yn in "Yes" "No"; do
case $yn in
    Yes ) SECURITY_FAIL2BAN='true'; break;;
    No )  SECURITY_FAIL2BAN='false'; break;;
esac
done

# Question: Rkhunter?
echo "[SECURITY] Install Rkhunter?"
select yn in "Yes" "No"; do
case $yn in
    Yes ) SECURITY_RKHUNTER='true'; break;;
    No )  SECURITY_RKHUNTER='false'; break;;
esac
done

# Question: Logwatch?
echo "[SECURITY] Install Logwatch?"
select yn in "Yes" "No"; do
case $yn in
    Yes ) SECURITY_LOGWATCH='true'; break;;
    No )  SECURITY_LOGWATCH='false'; break;;
esac
done

# Question: Secure MySQL?
echo "[SECURITY] Secure MySQL Installation?"
select yn in "Yes" "No"; do
case $yn in
    Yes ) SECURITY_MYSQL='true'; break;;
    No )  SECURITY_MYSQL='false'; break;;
esac
done

echo -e "\n#################\n# Configuration #\n#################\n"

if [ "$SUDO" = '' ]; then
    echo "[SUDO] => false"
else
    echo "[SUDO] => true"
fi
echo "[APTITUDE_PARAM] => $APTITUDE_PARAM"
echo "[DOTDEB_REPO] => $DOTDEB_REPO"
echo "[MARIADB_REPO] => $MARIADB_REPO"
echo "[RABBITMQ_REPO] => $RABBITMQ_REPO"
echo "[NODE] => $NODE"
echo "[SECURITY_IPTABLES] => $SECURITY_IPTABLES"
echo "[SECURITY_PORTSENTRY] => $SECURITY_PORTSENTRY"
echo "[SECURITY_FAIL2BAN] => $SECURITY_FAIL2BAN"
echo "[SECURITY_RKHUNTER] => $SECURITY_RKHUNTER"
echo "[SECURITY_LOGWATCH] => $SECURITY_LOGWATCH"
echo "[SECURITY_MYSQL] => $SECURITY_MYSQL"
echo "[SOURCES_LIST_DIR] => $SOURCES_LIST_DIR"
echo -e "\n"

# Question: Configuration OK?
echo "[IMPORTANT] Are you OK with the below configuration (Yes => Continue | No => Abort)?"
select yn in "Yes" "No"; do
case $yn in
    Yes ) echo -e "\n################\n# Installation #\n################\n"; break;;
    No )  echo -e "\n###########\n# Aborted #\n###########\n"; exit; break;;
esac
done

################
# Installation #
################

# Install dependencies
$SUDO aptitude update &&
$SUDO aptitude install $APTITUDE_PARAM python-software-properties wget curl zip unzip git git-core chkconfig checkinstall htop

# Configure Dotdeb Repo
if [ "$DOTDEB_REPO" = 'true' ]; then
    wget -O - http://www.dotdeb.org/dotdeb.gpg | apt-key add -
    echo -e "deb http://packages.dotdeb.org wheezy all\ndeb-src http://packages.dotdeb.org wheezy all\n\ndeb http://packages.dotdeb.org wheezy-php55 all\ndeb-src http://packages.dotdeb.org wheezy-php55 all" | $SUDO tee $SOURCES_LIST_DIR/dotdeb.list
fi

# Configure MariaDB Repo
if [ "$MARIADB_REPO" = 'true' ]; then
    apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db
    echo -e "deb http://ftp.utexas.edu/mariadb/repo/10.1/debian wheezy main\ndeb-src http://ftp.utexas.edu/mariadb/repo/10.1/debian wheezy main" | $SUDO tee $SOURCES_LIST_DIR/mariadb.list
fi

# Configure RabbitMQ Repo
if [ "$RABBITMQ_REPO" = 'true' ]; then
    wget -O - http://www.rabbitmq.com/rabbitmq-signing-key-public.asc | apt-key add -
    echo -e "deb http://www.rabbitmq.com/debian/ testing main" | $SUDO tee $SOURCES_LIST_DIR/rabbitmq.list
fi

# Update and install PHP + Nginx + MariaDB
$SUDO aptitude update &&
$SUDO aptitude full-upgrade $APTITUDE_PARAM &&
$SUDO aptitude install $APTITUDE_PARAM php5-cli php5-curl php5-fpm php5-gd php5-geoip php5-intl php5-mcrypt php5-mysqlnd php5-xdebug nginx mariadb-server

# Installing NodeJS and NPM
if [ "$NODE" = 'true' ]; then
    src=$(mktemp -d) && cd $src
    wget -N http://nodejs.org/dist/node-latest.tar.gz
    tar -xzvf node-latest.tar.gz && cd node-v*
    ./configure
    fakeroot checkinstall -y --install=no --pkgversion $(echo $(pwd) | sed -n -re's/.+node-v(.+)$/\1/p') make -j$(($(nproc)+1)) install
    dpkg -i node_*
fi

# Installing/Updating NPM (only if NodeJS is installed as a package) - Not mandatory but update to last NPM version de NPM version included in NodeJS
if [ "$NODE" = 'true' ]; then
    curl https://www.npmjs.org/install.sh | $SUDO sh
fi

# Install common Node packages
if [ "$NODE" = 'true' ]; then
    npm install -g less uglify-js uglifycss
fi

# Install Composer
curl -sS https://getcomposer.org/installer | php &&
$SUDO mv composer.phar /usr/local/bin/composer

# Install NTP
$SUDO aptitude install $APTITUDE_PARAM ntp &&
$SUDO /etc/init.d/ntp restart &&
echo -e "###\n# Editing '/etc/ntp' by modifying \"server X.debian.pool.ntp.org\" by \"server X.fr.pool.ntp.org\" or another locale\n###\n"

exit

################
# Securisation #
################

# Filter traffic with Iptables
if [ "$SECURITY_IPTABLES" = 'true' ]; then
    $SUDO aptitude install $APTITUDE_PARAM iptables iptables-persistent
    echo -e "###\n# Configure Iptables\n###\n"
    #TODO
fi

# Avoid port scanning with Portsentry
if [ "$SECURITY_PORTSENTRY" = 'true' ]; then
    $SUDO aptitude install $APTITUDE_PARAM portsentry
    echo -e "Configure Portsentry\n"
    #TODO
fi

# fail2ban
if [ "$SECURITY_FAIL2BAN" = 'true' ]; then
    $SUDO aptitude install $APTITUDE_PARAM fail2ban
    echo -e "Configure Fail2ban\n"
    #TODO
fi

# Avoid rootkit and backdoors with Rkhunter
if [ "$SECURITY_RKHUNTER" = 'true' ]; then
    $SUDO aptitude install $APTITUDE_PARAM rkhunter
    echo -e "Configure Rkhunter\n"
    # TODO
fi

# Receive summarized logs via email with Logwatch
if [ "$SECURITY_LOGWATCH" = 'true' ]; then
    $SUDO aptitude install $APTITUDE_PARAM logwatch
    echo -e "Configure Logwatch\n"
    # TODO
fi

# Secure MySQL
if [ "$SECURITY_MYSQL" = 'true' ]; then
    $SUDO mysql_secure_installation
fi
	#!/bin/bash

	#######################################
	# Created by Thibaud BARDIN (Irvyne) #
	#######################################

	SUDO=''
	APTITUDE_PARAM=''
	DOTDEB_REPO='true'
	MARIADB_REPO='true'
	RABBITMQ_REPO='false'
	NODE='false'
	SECURITY_IPTABLES='false'
	SECURITY_PORTSENTRY='false'
	SECURITY_FAIL2BAN='false'
	SECURITY_RKHUNTER='false'
	SECURITY_LOGWATCH='false'
	SECURITY_MYSQL='false'
	SOURCES_LIST_DIR=/etc/apt/sources.list.d

	#################
	# Configuration #
	#################

	# Question: Use Sudo?
	echo "Do you want to run script as sudo?"
	select yn in "Yes" "No"; do
	case $yn in
	Yes ) SUDO='sudo'; break;;
	No ) SUDO=''; break;;
	esac
	done

	# Question: Automatically Install Packages?
	echo "Do you want to install automatically packages without asking (aptitude install -y ...)?"
	select yn in "Yes" "No"; do
	case $yn in
	Yes ) APTITUDE_PARAM='-y'; break;;
	No ) APTITUDE_PARAM=''; break;;
	esac
	done

	# Question: Dotdeb Repo?
	echo "Install Dotdeb Repo?"
	select yn in "Yes" "No"; do
	case $yn in
	Yes ) DOTDEB_REPO='true'; break;;
	No ) DOTDEB_REPO='false'; break;;
	esac
	done

	# Question: MariaDB Repo?
	echo "Install MariaDB Repo?"
	select yn in "Yes" "No"; do
	case $yn in
	Yes ) MARIADB_REPO='true'; break;;
	No ) MARIADB_REPO='false'; break;;
	esac
	done

	# Question: RabbitMQ Repo?
	echo "Install RabbitMQ Repo?"
	select yn in "Yes" "No"; do
	case $yn in
	Yes ) RABBITMQ_REPO='true'; break;;
	No ) RABBITMQ_REPO='false'; break;;
	esac
	done

	# Question: Node+NPM?
	echo "Install Node+NPM?"
	select yn in "Yes" "No"; do
	case $yn in
	Yes ) NODE='true'; break;;
	No ) NODE='false'; break;;
	esac
	done

	# Question: Iptables?
	echo "[SECURITY] Install Iptables?"
	select yn in "Yes" "No"; do
	case $yn in
	Yes ) SECURITY_IPTABLES='true'; break;;
	No ) SECURITY_IPTABLES='false'; break;;
	esac
	done

	# Question: Portsentry?
	echo "[SECURITY] Install Portsentry?"
	select yn in "Yes" "No"; do
	case $yn in
	Yes ) SECURITY_PORTSENTRY='true'; break;;
	No ) SECURITY_PORTSENTRY='false'; break;;
	esac
	done

	# Question: Fail2ban?
	echo "[SECURITY] Install Fail2ban?"
	select yn in "Yes" "No"; do
	case $yn in
	Yes ) SECURITY_FAIL2BAN='true'; break;;
	No ) SECURITY_FAIL2BAN='false'; break;;
	esac
	done

	# Question: Rkhunter?
	echo "[SECURITY] Install Rkhunter?"
	select yn in "Yes" "No"; do
	case $yn in
	Yes ) SECURITY_RKHUNTER='true'; break;;
	No ) SECURITY_RKHUNTER='false'; break;;
	esac
	done

	# Question: Logwatch?
	echo "[SECURITY] Install Logwatch?"
	select yn in "Yes" "No"; do
	case $yn in
	Yes ) SECURITY_LOGWATCH='true'; break;;
	No ) SECURITY_LOGWATCH='false'; break;;
	esac
	done

	# Question: Secure MySQL?
	echo "[SECURITY] Secure MySQL Installation?"
	select yn in "Yes" "No"; do
	case $yn in
	Yes ) SECURITY_MYSQL='true'; break;;
	No ) SECURITY_MYSQL='false'; break;;
	esac
	done

	echo -e "\n#################\n# Configuration #\n#################\n"

	if [ "$SUDO" = '' ]; then
	echo "[SUDO] => false"
	else
	echo "[SUDO] => true"
	fi
	echo "[APTITUDE_PARAM] => $APTITUDE_PARAM"
	echo "[DOTDEB_REPO] => $DOTDEB_REPO"
	echo "[MARIADB_REPO] => $MARIADB_REPO"
	echo "[RABBITMQ_REPO] => $RABBITMQ_REPO"
	echo "[NODE] => $NODE"
	echo "[SECURITY_IPTABLES] => $SECURITY_IPTABLES"
	echo "[SECURITY_PORTSENTRY] => $SECURITY_PORTSENTRY"
	echo "[SECURITY_FAIL2BAN] => $SECURITY_FAIL2BAN"
	echo "[SECURITY_RKHUNTER] => $SECURITY_RKHUNTER"
	echo "[SECURITY_LOGWATCH] => $SECURITY_LOGWATCH"
	echo "[SECURITY_MYSQL] => $SECURITY_MYSQL"
	echo "[SOURCES_LIST_DIR] => $SOURCES_LIST_DIR"
	echo -e "\n"

	# Question: Configuration OK?
	echo "[IMPORTANT] Are you OK with the below configuration (Yes => Continue \| No => Abort)?"
	select yn in "Yes" "No"; do
	case $yn in
	Yes ) echo -e "\n################\n# Installation #\n################\n"; break;;
	No ) echo -e "\n###########\n# Aborted #\n###########\n"; exit; break;;
	esac
	done

	################
	# Installation #
	################

	# Install dependencies
	$SUDO aptitude update &&
	$SUDO aptitude install $APTITUDE_PARAM python-software-properties wget curl zip unzip git git-core chkconfig checkinstall htop

	# Configure Dotdeb Repo
	if [ "$DOTDEB_REPO" = 'true' ]; then
	wget -O - http://www.dotdeb.org/dotdeb.gpg \| apt-key add -
	echo -e "deb http://packages.dotdeb.org wheezy all\ndeb-src http://packages.dotdeb.org wheezy all\n\ndeb http://packages.dotdeb.org wheezy-php55 all\ndeb-src http://packages.dotdeb.org wheezy-php55 all" \| $SUDO tee $SOURCES_LIST_DIR/dotdeb.list
	fi

	# Configure MariaDB Repo
	if [ "$MARIADB_REPO" = 'true' ]; then
	apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db
	echo -e "deb http://ftp.utexas.edu/mariadb/repo/10.1/debian wheezy main\ndeb-src http://ftp.utexas.edu/mariadb/repo/10.1/debian wheezy main" \| $SUDO tee $SOURCES_LIST_DIR/mariadb.list
	fi

	# Configure RabbitMQ Repo
	if [ "$RABBITMQ_REPO" = 'true' ]; then
	wget -O - http://www.rabbitmq.com/rabbitmq-signing-key-public.asc \| apt-key add -
	echo -e "deb http://www.rabbitmq.com/debian/ testing main" \| $SUDO tee $SOURCES_LIST_DIR/rabbitmq.list
	fi

	# Update and install PHP + Nginx + MariaDB
	$SUDO aptitude update &&
	$SUDO aptitude full-upgrade $APTITUDE_PARAM &&
	$SUDO aptitude install $APTITUDE_PARAM php5-cli php5-curl php5-fpm php5-gd php5-geoip php5-intl php5-mcrypt php5-mysqlnd php5-xdebug nginx mariadb-server

	# Installing NodeJS and NPM
	if [ "$NODE" = 'true' ]; then
	src=$(mktemp -d) && cd $src
	wget -N http://nodejs.org/dist/node-latest.tar.gz
	tar -xzvf node-latest.tar.gz && cd node-v*
	./configure
	fakeroot checkinstall -y --install=no --pkgversion $(echo $(pwd) \| sed -n -re's/.+node-v(.+)$/\1/p') make -j$(($(nproc)+1)) install
	dpkg -i node_*
	fi

	# Installing/Updating NPM (only if NodeJS is installed as a package) - Not mandatory but update to last NPM version de NPM version included in NodeJS
	if [ "$NODE" = 'true' ]; then
	curl https://www.npmjs.org/install.sh \| $SUDO sh
	fi

	# Install common Node packages
	if [ "$NODE" = 'true' ]; then
	npm install -g less uglify-js uglifycss
	fi

	# Install Composer
	curl -sS https://getcomposer.org/installer \| php &&
	$SUDO mv composer.phar /usr/local/bin/composer

	# Install NTP
	$SUDO aptitude install $APTITUDE_PARAM ntp &&
	$SUDO /etc/init.d/ntp restart &&
	echo -e "###\n# Editing '/etc/ntp' by modifying \"server X.debian.pool.ntp.org\" by \"server X.fr.pool.ntp.org\" or another locale\n###\n"

	exit

	################
	# Securisation #
	################

	# Filter traffic with Iptables
	if [ "$SECURITY_IPTABLES" = 'true' ]; then
	$SUDO aptitude install $APTITUDE_PARAM iptables iptables-persistent
	echo -e "###\n# Configure Iptables\n###\n"
	#TODO
	fi

	# Avoid port scanning with Portsentry
	if [ "$SECURITY_PORTSENTRY" = 'true' ]; then
	$SUDO aptitude install $APTITUDE_PARAM portsentry
	echo -e "Configure Portsentry\n"
	#TODO
	fi

	# fail2ban
	if [ "$SECURITY_FAIL2BAN" = 'true' ]; then
	$SUDO aptitude install $APTITUDE_PARAM fail2ban
	echo -e "Configure Fail2ban\n"
	#TODO
	fi

	# Avoid rootkit and backdoors with Rkhunter
	if [ "$SECURITY_RKHUNTER" = 'true' ]; then
	$SUDO aptitude install $APTITUDE_PARAM rkhunter
	echo -e "Configure Rkhunter\n"
	# TODO
	fi

	# Receive summarized logs via email with Logwatch
	if [ "$SECURITY_LOGWATCH" = 'true' ]; then
	$SUDO aptitude install $APTITUDE_PARAM logwatch
	echo -e "Configure Logwatch\n"
	# TODO
	fi

	# Secure MySQL
	if [ "$SECURITY_MYSQL" = 'true' ]; then
	$SUDO mysql_secure_installation
	fi