LiliOlczak/raspberrypi_setup.sh

## raspberrypi_setup.sh
#!/bin/bash/

# Basic configuration for a new Raspbian installation on RaspberryPi


# Updates:
sudo apt update
sudo apt -y full-upgrade

# 1. SECURITY: ------------------------------------------

touch $HOME/.ssh/authorized_keys
# Manually paste your RSA public key for SSH login to authorized_keys
#--------------

# Fail2ban to prevent bruteforce attacks:
sudo apt -y install fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
#--------------

# Adjust 010_$USER-nopasswd -> make password required for sudo->  change NOPASSWD to PASSWD:
## /etc/sudoers.d/010_$USER-nopasswd
sudo sed 's/NOPASSWD/PASSWD/' 010_$USER-nopasswd > temp.txt
sudo mv -f temp.txt /etc/sudoers.d/010_$USER-nopasswd

#-----------------
# Enable SSH:
sudo systemctl enable ssh
sudo systemctl start ssh

# Adjust sshd_config to disable password logins :
## change entries in file (/etc/ssh/sshd_config):
### ChallengeResponseAuthentication no
### PasswordAuthentication no
### UsePAM no
### Port: 1312
sudo sed -e 's/#\?\(ChallengeResponseAuthentication\s*\).*$/\1 no/' -e 's/#\?\(PasswordAuthentication\s*\).*$/\1 no/' -e 's/#\?\(UsePAM\s*\).*$/\1 no/' -e 's/#\?\(Port\s*\).*$/\1 1312/' /etc/ssh/sshd_config > temp.txt
sudo mv -f temp.txt sshd_config

# Restart
sudo service ssh reload

#---------------------

# 2. DUCK DNS: ---------------------------------------------

# create folder with url for duckdns
mkdir $HOME/duckdns
cd $HOME/duckdns
# TODO: replace this example-url
echo "url="https://www.duckdns.org/update?domains=exampledomain&token=a7c4d0ad-114e-40ef-ba1d-d217904a50f2&ip=" | curl -k -o ~/duckdns/duck.log -K -" >> duck.sh
chmod 700 duck.sh

# For first crontab execution
echo 1 | select-editor
# executes crontab in the background
crontab -e &

# Add crontab for duckdns update:
CRON_ADD="*/5 * * * * ~/duckdns/duck.sh >/dev/null 2>&1"
CRON=$(crontab -u $USER -l)
# modify crontab
printf "$CRON\n$CRON_ADD\n" | crontab -u $USER -

sudo service cron start
	#!/bin/bash/

	# Basic configuration for a new Raspbian installation on RaspberryPi


	# Updates:
	sudo apt update
	sudo apt -y full-upgrade

	# 1. SECURITY: ------------------------------------------

	touch $HOME/.ssh/authorized_keys
	# Manually paste your RSA public key for SSH login to authorized_keys
	#--------------

	# Fail2ban to prevent bruteforce attacks:
	sudo apt -y install fail2ban
	sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
	#--------------

	# Adjust 010_$USER-nopasswd -> make password required for sudo-> change NOPASSWD to PASSWD:
	## /etc/sudoers.d/010_$USER-nopasswd
	sudo sed 's/NOPASSWD/PASSWD/' 010_$USER-nopasswd > temp.txt
	sudo mv -f temp.txt /etc/sudoers.d/010_$USER-nopasswd

	#-----------------
	# Enable SSH:
	sudo systemctl enable ssh
	sudo systemctl start ssh

	# Adjust sshd_config to disable password logins :
	## change entries in file (/etc/ssh/sshd_config):
	### ChallengeResponseAuthentication no
	### PasswordAuthentication no
	### UsePAM no
	### Port: 1312
	sudo sed -e 's/#\?\(ChallengeResponseAuthentication\s\).$/\1 no/' -e 's/#\?\(PasswordAuthentication\s\).$/\1 no/' -e 's/#\?\(UsePAM\s\).$/\1 no/' -e 's/#\?\(Port\s\).$/\1 1312/' /etc/ssh/sshd_config > temp.txt
	sudo mv -f temp.txt sshd_config

	# Restart
	sudo service ssh reload

	#---------------------

	# 2. DUCK DNS: ---------------------------------------------

	# create folder with url for duckdns
	mkdir $HOME/duckdns
	cd $HOME/duckdns
	# TODO: replace this example-url
	echo "url="https://www.duckdns.org/update?domains=exampledomain&token=a7c4d0ad-114e-40ef-ba1d-d217904a50f2&ip=" \| curl -k -o ~/duckdns/duck.log -K -" >> duck.sh
	chmod 700 duck.sh

	# For first crontab execution
	echo 1 \| select-editor
	# executes crontab in the background
	crontab -e &

	# Add crontab for duckdns update:
	CRON_ADD="/5 * * * ~/duckdns/duck.sh >/dev/null 2>&1"
	CRON=$(crontab -u $USER -l)
	# modify crontab
	printf "$CRON\n$CRON_ADD\n" \| crontab -u $USER -

	sudo service cron start