Last active
August 29, 2015 14:04
-
-
Save Irvyne/4d978ee1d6c327bb316e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
####################################### | |
# Created by Thibaud BARDIN (Irvyne) # | |
####################################### | |
SUDO='' | |
APTITUDE_PARAM='' | |
DOTDEB_REPO='true' | |
MARIADB_REPO='true' | |
RABBITMQ_REPO='false' | |
NODE='false' | |
SECURITY_IPTABLES='false' | |
SECURITY_PORTSENTRY='false' | |
SECURITY_FAIL2BAN='false' | |
SECURITY_RKHUNTER='false' | |
SECURITY_LOGWATCH='false' | |
SECURITY_MYSQL='false' | |
SOURCES_LIST_DIR=/etc/apt/sources.list.d | |
################# | |
# Configuration # | |
################# | |
# Question: Use Sudo? | |
echo "Do you want to run script as sudo?" | |
select yn in "Yes" "No"; do | |
case $yn in | |
Yes ) SUDO='sudo'; break;; | |
No ) SUDO=''; break;; | |
esac | |
done | |
# Question: Automatically Install Packages? | |
echo "Do you want to install automatically packages without asking (aptitude install -y ...)?" | |
select yn in "Yes" "No"; do | |
case $yn in | |
Yes ) APTITUDE_PARAM='-y'; break;; | |
No ) APTITUDE_PARAM=''; break;; | |
esac | |
done | |
# Question: Dotdeb Repo? | |
echo "Install Dotdeb Repo?" | |
select yn in "Yes" "No"; do | |
case $yn in | |
Yes ) DOTDEB_REPO='true'; break;; | |
No ) DOTDEB_REPO='false'; break;; | |
esac | |
done | |
# Question: MariaDB Repo? | |
echo "Install MariaDB Repo?" | |
select yn in "Yes" "No"; do | |
case $yn in | |
Yes ) MARIADB_REPO='true'; break;; | |
No ) MARIADB_REPO='false'; break;; | |
esac | |
done | |
# Question: RabbitMQ Repo? | |
echo "Install RabbitMQ Repo?" | |
select yn in "Yes" "No"; do | |
case $yn in | |
Yes ) RABBITMQ_REPO='true'; break;; | |
No ) RABBITMQ_REPO='false'; break;; | |
esac | |
done | |
# Question: Node+NPM? | |
echo "Install Node+NPM?" | |
select yn in "Yes" "No"; do | |
case $yn in | |
Yes ) NODE='true'; break;; | |
No ) NODE='false'; break;; | |
esac | |
done | |
# Question: Iptables? | |
echo "[SECURITY] Install Iptables?" | |
select yn in "Yes" "No"; do | |
case $yn in | |
Yes ) SECURITY_IPTABLES='true'; break;; | |
No ) SECURITY_IPTABLES='false'; break;; | |
esac | |
done | |
# Question: Portsentry? | |
echo "[SECURITY] Install Portsentry?" | |
select yn in "Yes" "No"; do | |
case $yn in | |
Yes ) SECURITY_PORTSENTRY='true'; break;; | |
No ) SECURITY_PORTSENTRY='false'; break;; | |
esac | |
done | |
# Question: Fail2ban? | |
echo "[SECURITY] Install Fail2ban?" | |
select yn in "Yes" "No"; do | |
case $yn in | |
Yes ) SECURITY_FAIL2BAN='true'; break;; | |
No ) SECURITY_FAIL2BAN='false'; break;; | |
esac | |
done | |
# Question: Rkhunter? | |
echo "[SECURITY] Install Rkhunter?" | |
select yn in "Yes" "No"; do | |
case $yn in | |
Yes ) SECURITY_RKHUNTER='true'; break;; | |
No ) SECURITY_RKHUNTER='false'; break;; | |
esac | |
done | |
# Question: Logwatch? | |
echo "[SECURITY] Install Logwatch?" | |
select yn in "Yes" "No"; do | |
case $yn in | |
Yes ) SECURITY_LOGWATCH='true'; break;; | |
No ) SECURITY_LOGWATCH='false'; break;; | |
esac | |
done | |
# Question: Secure MySQL? | |
echo "[SECURITY] Secure MySQL Installation?" | |
select yn in "Yes" "No"; do | |
case $yn in | |
Yes ) SECURITY_MYSQL='true'; break;; | |
No ) SECURITY_MYSQL='false'; break;; | |
esac | |
done | |
echo -e "\n#################\n# Configuration #\n#################\n" | |
if [ "$SUDO" = '' ]; then | |
echo "[SUDO] => false" | |
else | |
echo "[SUDO] => true" | |
fi | |
echo "[APTITUDE_PARAM] => $APTITUDE_PARAM" | |
echo "[DOTDEB_REPO] => $DOTDEB_REPO" | |
echo "[MARIADB_REPO] => $MARIADB_REPO" | |
echo "[RABBITMQ_REPO] => $RABBITMQ_REPO" | |
echo "[NODE] => $NODE" | |
echo "[SECURITY_IPTABLES] => $SECURITY_IPTABLES" | |
echo "[SECURITY_PORTSENTRY] => $SECURITY_PORTSENTRY" | |
echo "[SECURITY_FAIL2BAN] => $SECURITY_FAIL2BAN" | |
echo "[SECURITY_RKHUNTER] => $SECURITY_RKHUNTER" | |
echo "[SECURITY_LOGWATCH] => $SECURITY_LOGWATCH" | |
echo "[SECURITY_MYSQL] => $SECURITY_MYSQL" | |
echo "[SOURCES_LIST_DIR] => $SOURCES_LIST_DIR" | |
echo -e "\n" | |
# Question: Configuration OK? | |
echo "[IMPORTANT] Are you OK with the below configuration (Yes => Continue | No => Abort)?" | |
select yn in "Yes" "No"; do | |
case $yn in | |
Yes ) echo -e "\n################\n# Installation #\n################\n"; break;; | |
No ) echo -e "\n###########\n# Aborted #\n###########\n"; exit; break;; | |
esac | |
done | |
################ | |
# Installation # | |
################ | |
# Install dependencies | |
$SUDO aptitude update && | |
$SUDO aptitude install $APTITUDE_PARAM python-software-properties wget curl zip unzip git git-core chkconfig checkinstall htop | |
# Configure Dotdeb Repo | |
if [ "$DOTDEB_REPO" = 'true' ]; then | |
wget -O - http://www.dotdeb.org/dotdeb.gpg | apt-key add - | |
echo -e "deb http://packages.dotdeb.org wheezy all\ndeb-src http://packages.dotdeb.org wheezy all\n\ndeb http://packages.dotdeb.org wheezy-php55 all\ndeb-src http://packages.dotdeb.org wheezy-php55 all" | $SUDO tee $SOURCES_LIST_DIR/dotdeb.list | |
fi | |
# Configure MariaDB Repo | |
if [ "$MARIADB_REPO" = 'true' ]; then | |
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db | |
echo -e "deb http://ftp.utexas.edu/mariadb/repo/10.1/debian wheezy main\ndeb-src http://ftp.utexas.edu/mariadb/repo/10.1/debian wheezy main" | $SUDO tee $SOURCES_LIST_DIR/mariadb.list | |
fi | |
# Configure RabbitMQ Repo | |
if [ "$RABBITMQ_REPO" = 'true' ]; then | |
wget -O - http://www.rabbitmq.com/rabbitmq-signing-key-public.asc | apt-key add - | |
echo -e "deb http://www.rabbitmq.com/debian/ testing main" | $SUDO tee $SOURCES_LIST_DIR/rabbitmq.list | |
fi | |
# Update and install PHP + Nginx + MariaDB | |
$SUDO aptitude update && | |
$SUDO aptitude full-upgrade $APTITUDE_PARAM && | |
$SUDO aptitude install $APTITUDE_PARAM php5-cli php5-curl php5-fpm php5-gd php5-geoip php5-intl php5-mcrypt php5-mysqlnd php5-xdebug nginx mariadb-server | |
# Installing NodeJS and NPM | |
if [ "$NODE" = 'true' ]; then | |
src=$(mktemp -d) && cd $src | |
wget -N http://nodejs.org/dist/node-latest.tar.gz | |
tar -xzvf node-latest.tar.gz && cd node-v* | |
./configure | |
fakeroot checkinstall -y --install=no --pkgversion $(echo $(pwd) | sed -n -re's/.+node-v(.+)$/\1/p') make -j$(($(nproc)+1)) install | |
dpkg -i node_* | |
fi | |
# Installing/Updating NPM (only if NodeJS is installed as a package) - Not mandatory but update to last NPM version de NPM version included in NodeJS | |
if [ "$NODE" = 'true' ]; then | |
curl https://www.npmjs.org/install.sh | $SUDO sh | |
fi | |
# Install common Node packages | |
if [ "$NODE" = 'true' ]; then | |
npm install -g less uglify-js uglifycss | |
fi | |
# Install Composer | |
curl -sS https://getcomposer.org/installer | php && | |
$SUDO mv composer.phar /usr/local/bin/composer | |
# Install NTP | |
$SUDO aptitude install $APTITUDE_PARAM ntp && | |
$SUDO /etc/init.d/ntp restart && | |
echo -e "###\n# Editing '/etc/ntp' by modifying \"server X.debian.pool.ntp.org\" by \"server X.fr.pool.ntp.org\" or another locale\n###\n" | |
exit | |
################ | |
# Securisation # | |
################ | |
# Filter traffic with Iptables | |
if [ "$SECURITY_IPTABLES" = 'true' ]; then | |
$SUDO aptitude install $APTITUDE_PARAM iptables iptables-persistent | |
echo -e "###\n# Configure Iptables\n###\n" | |
#TODO | |
fi | |
# Avoid port scanning with Portsentry | |
if [ "$SECURITY_PORTSENTRY" = 'true' ]; then | |
$SUDO aptitude install $APTITUDE_PARAM portsentry | |
echo -e "Configure Portsentry\n" | |
#TODO | |
fi | |
# fail2ban | |
if [ "$SECURITY_FAIL2BAN" = 'true' ]; then | |
$SUDO aptitude install $APTITUDE_PARAM fail2ban | |
echo -e "Configure Fail2ban\n" | |
#TODO | |
fi | |
# Avoid rootkit and backdoors with Rkhunter | |
if [ "$SECURITY_RKHUNTER" = 'true' ]; then | |
$SUDO aptitude install $APTITUDE_PARAM rkhunter | |
echo -e "Configure Rkhunter\n" | |
# TODO | |
fi | |
# Receive summarized logs via email with Logwatch | |
if [ "$SECURITY_LOGWATCH" = 'true' ]; then | |
$SUDO aptitude install $APTITUDE_PARAM logwatch | |
echo -e "Configure Logwatch\n" | |
# TODO | |
fi | |
# Secure MySQL | |
if [ "$SECURITY_MYSQL" = 'true' ]; then | |
$SUDO mysql_secure_installation | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment