Skip to content

Instantly share code, notes, and snippets.

@Nezteb
Last active October 22, 2021 21:37
Show Gist options
  • Save Nezteb/1e0ccd82cc843b9c76e3b2bb929605eb to your computer and use it in GitHub Desktop.
Save Nezteb/1e0ccd82cc843b9c76e3b2bb929605eb to your computer and use it in GitHub Desktop.
A general script for me to set up Ubuntu 14.04 quickly.
#!/bin/bash
# Noah Betzen
# Ubuntu 14.04 Basic Setup
#################### VARIABLES TO CHANGE
SSHPORT=22 # change this if you want
WEBPORT=80 # change this if you want
HTTPSPORT=443 # change this if you want
#################### DO NOT EDIT BELOW THIS LINE
#################### INSTALL PACKAGES
apt-get update -y
# Long process to do dist upgrades noninteractively...
export DEBIAN_FRONTEND=noninteractive
unset UCF_FORCE_CONFFOLD
export UCF_FORCE_CONFFNEW=YES
ucf --purge /boot/grub/menu.lst
apt-get -y -o Dpkg::Options::="--force-confnew" --allow-downgrades --allow-remove-essential --allow-change-held-packages -fuy dist-upgrade
apt-get install -y linux-headers-`uname -r`
apt-get install -y build-essential curl wget zip unzip
apt-get install -y g++ gcc git
apt-get install -y fail2ban ufw
#apt-get install -y apache2 nginx
#apt-get install -y nodejs npm php5 golang
#DEBIAN_FRONTEND=noninteractive apt-get install -y mariadb-server
apt-get autoremove
#################### STOP SERVICES FOR NOW
service apache2 stop
service nginx stop
service mysql stop
#################### SET UP UFW
ufw --force disable
ufw --force reset
ufw logging on
ufw default deny incoming
ufw default deny outgoing
ufw allow out proto udp from any to 8.8.8.8 port 53 # dns out
#ufw allow out proto udp from any to any port 67 # dhcp out
#ufw allow in proto udp from any to any port 68 # dhcp in
ufw allow out proto tcp from any to any port 25 # smtp out
#ufw allow in proto tcp from any to any port 25 # smtp in
ufw allow out proto tcp from any to any port 465 # smtp out
#ufw allow in proto tcp from any to any port 465 # smtp in
ufw allow out proto tcp from any to any port 587 # smtp out
#ufw allow in proto tcp from any to any port 587 # smtp in
ufw allow out proto tcp from any to any port 80 # http out
ufw allow out proto tcp from any to any port 443 # https out
ufw allow in proto tcp from any to any port $SSHPORT # ssh in
ufw allow in proto tcp from any to any port $WEBPORT # web in
ufw allow in proto tcp from any to any port $HTTPSPORT # https in
IPV6=no # disable IPV6
echo -e "\n" >> /etc/default/ufw # disable IPV6
echo "IPV6=no" >> /etc/default/ufw # disable IPV6
sudo sed -i '/icmp/ s/ACCEPT/DROP/' /etc/ufw/before.rules # disallow ICMP
ufw --force enable
ufw status numbered # show the new rules with numbers
#################### RECONFIGURE SSH
cat << EOF >> /etc/ssh/sshd_config
Port $SSHPORT
PermitRootLogin without-password
PasswordAuthentication no
EOF
service ssh restart
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment