StackScript to make a more secure Ubuntu server install out of the box

linode-secure-ubuntu-stackscript.sh

#!/bin/bash

# Setup script designed to get a Ubuntu 10.4 LTS server
# up and running with secure defaults.

# Documentation for StackScripts 
# is pretty sparse: see http://www.linode.com/stackscripts/

# User-inputted values for new Linode
# <UDF name="user_hostname" Label="Hostname for new Linode" />
# <UDF name="user_username" Label="Username for non-root account" />
# <UDF name="user_password" Label="Password for new user" />

# include basic commands and convenience utilities from
# http://www.linode.com/stackscripts/view/?StackScriptID=1
source <ssinclude StackScriptID="1">
# add some user commands for convenience
# all system_* functions are from here
# http://www.linode.com/stackscripts/view/?StackScriptID=123
source <ssinclude StackScriptID="123">

# =============
# Update system
# =============

# get system up to date
apt-get update && apt-get upgrade

# ==================
# Configure hostname
# ==================

# change hostname from Linode default
system_update_hostname "$USER_HOSTNAME"

# =================================
# Add a non-root user to the system
# =================================

# add user non-interactively
system_add_user "$USER_USERNAME" "$USER_PASSWORD" "sudo"
# add user to correct Ubuntu groups for SSH
usermod -a -G ssh $USER_USERNAME
# remove requirement for password to sudo
echo -e "\n$USER_USERNAME ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers

# install SSH key and fix permissions on user SSH keys
system_user_add_ssh_key "$USER_USERNAME" $USER_SSHKEY

# secure SSH from root login
system_sshd_permitrootlogin "no"
system_sshd_passwordauthentication "no"

# TODO: add iptables configuration