Last active
February 3, 2020 18:22
-
-
Save LiliOlczak/2cb261a6f03f09fcf04d7090a691e30c to your computer and use it in GitHub Desktop.
Basic configuration for a new Raspbian installation on RaspberryPi
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash/ | |
# Basic configuration for a new Raspbian installation on RaspberryPi | |
# Updates: | |
sudo apt update | |
sudo apt -y full-upgrade | |
# 1. SECURITY: ------------------------------------------ | |
touch $HOME/.ssh/authorized_keys | |
# Manually paste your RSA public key for SSH login to authorized_keys | |
#-------------- | |
# Fail2ban to prevent bruteforce attacks: | |
sudo apt -y install fail2ban | |
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local | |
#-------------- | |
# Adjust 010_$USER-nopasswd -> make password required for sudo-> change NOPASSWD to PASSWD: | |
## /etc/sudoers.d/010_$USER-nopasswd | |
sudo sed 's/NOPASSWD/PASSWD/' 010_$USER-nopasswd > temp.txt | |
sudo mv -f temp.txt /etc/sudoers.d/010_$USER-nopasswd | |
#----------------- | |
# Enable SSH: | |
sudo systemctl enable ssh | |
sudo systemctl start ssh | |
# Adjust sshd_config to disable password logins : | |
## change entries in file (/etc/ssh/sshd_config): | |
### ChallengeResponseAuthentication no | |
### PasswordAuthentication no | |
### UsePAM no | |
### Port: 1312 | |
sudo sed -e 's/#\?\(ChallengeResponseAuthentication\s*\).*$/\1 no/' -e 's/#\?\(PasswordAuthentication\s*\).*$/\1 no/' -e 's/#\?\(UsePAM\s*\).*$/\1 no/' -e 's/#\?\(Port\s*\).*$/\1 1312/' /etc/ssh/sshd_config > temp.txt | |
sudo mv -f temp.txt sshd_config | |
# Restart | |
sudo service ssh reload | |
#--------------------- | |
# 2. DUCK DNS: --------------------------------------------- | |
# create folder with url for duckdns | |
mkdir $HOME/duckdns | |
cd $HOME/duckdns | |
# TODO: replace this example-url | |
echo "url="https://www.duckdns.org/update?domains=exampledomain&token=a7c4d0ad-114e-40ef-ba1d-d217904a50f2&ip=" | curl -k -o ~/duckdns/duck.log -K -" >> duck.sh | |
chmod 700 duck.sh | |
# For first crontab execution | |
echo 1 | select-editor | |
# executes crontab in the background | |
crontab -e & | |
# Add crontab for duckdns update: | |
CRON_ADD="*/5 * * * * ~/duckdns/duck.sh >/dev/null 2>&1" | |
CRON=$(crontab -u $USER -l) | |
# modify crontab | |
printf "$CRON\n$CRON_ADD\n" | crontab -u $USER - | |
sudo service cron start | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment