Last active
October 22, 2021 21:37
-
-
Save Nezteb/1e0ccd82cc843b9c76e3b2bb929605eb to your computer and use it in GitHub Desktop.
A general script for me to set up Ubuntu 14.04 quickly.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Noah Betzen | |
# Ubuntu 14.04 Basic Setup | |
#################### VARIABLES TO CHANGE | |
SSHPORT=22 # change this if you want | |
WEBPORT=80 # change this if you want | |
HTTPSPORT=443 # change this if you want | |
#################### DO NOT EDIT BELOW THIS LINE | |
#################### INSTALL PACKAGES | |
apt-get update -y | |
# Long process to do dist upgrades noninteractively... | |
export DEBIAN_FRONTEND=noninteractive | |
unset UCF_FORCE_CONFFOLD | |
export UCF_FORCE_CONFFNEW=YES | |
ucf --purge /boot/grub/menu.lst | |
apt-get -y -o Dpkg::Options::="--force-confnew" --allow-downgrades --allow-remove-essential --allow-change-held-packages -fuy dist-upgrade | |
apt-get install -y linux-headers-`uname -r` | |
apt-get install -y build-essential curl wget zip unzip | |
apt-get install -y g++ gcc git | |
apt-get install -y fail2ban ufw | |
#apt-get install -y apache2 nginx | |
#apt-get install -y nodejs npm php5 golang | |
#DEBIAN_FRONTEND=noninteractive apt-get install -y mariadb-server | |
apt-get autoremove | |
#################### STOP SERVICES FOR NOW | |
service apache2 stop | |
service nginx stop | |
service mysql stop | |
#################### SET UP UFW | |
ufw --force disable | |
ufw --force reset | |
ufw logging on | |
ufw default deny incoming | |
ufw default deny outgoing | |
ufw allow out proto udp from any to 8.8.8.8 port 53 # dns out | |
#ufw allow out proto udp from any to any port 67 # dhcp out | |
#ufw allow in proto udp from any to any port 68 # dhcp in | |
ufw allow out proto tcp from any to any port 25 # smtp out | |
#ufw allow in proto tcp from any to any port 25 # smtp in | |
ufw allow out proto tcp from any to any port 465 # smtp out | |
#ufw allow in proto tcp from any to any port 465 # smtp in | |
ufw allow out proto tcp from any to any port 587 # smtp out | |
#ufw allow in proto tcp from any to any port 587 # smtp in | |
ufw allow out proto tcp from any to any port 80 # http out | |
ufw allow out proto tcp from any to any port 443 # https out | |
ufw allow in proto tcp from any to any port $SSHPORT # ssh in | |
ufw allow in proto tcp from any to any port $WEBPORT # web in | |
ufw allow in proto tcp from any to any port $HTTPSPORT # https in | |
IPV6=no # disable IPV6 | |
echo -e "\n" >> /etc/default/ufw # disable IPV6 | |
echo "IPV6=no" >> /etc/default/ufw # disable IPV6 | |
sudo sed -i '/icmp/ s/ACCEPT/DROP/' /etc/ufw/before.rules # disallow ICMP | |
ufw --force enable | |
ufw status numbered # show the new rules with numbers | |
#################### RECONFIGURE SSH | |
cat << EOF >> /etc/ssh/sshd_config | |
Port $SSHPORT | |
PermitRootLogin without-password | |
PasswordAuthentication no | |
EOF | |
service ssh restart |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment