setup linode vps

install.sh

 #!/bin/bash
##################################################
#
#   Arquivos que devem estar neste diretório
#
#   rm info.php.txt
#   rm install.sh
#   rm iptables_basic.txt
#   rm jail.local.txt
#   rm phpmyadmin-https-server.txt
#   rm bash_aliases.txt
#
##################################################


echo "Digite o nome do usuário que usará o sudo:"
read USUARIO

echo "Digite a senha dele:"
read USERSENHA


echo
echo "capturando IP..."

echo "Digite a senha para o usuário root do mysql:"
read MYSQLPW

echo
echo "capturando IP..."

IPNUM=`ifconfig eth0 | grep "inet addr" | awk -F: '{print $2}' | awk '{print $1}'`

echo "IP encontrado: $IPNUM"



echo
echo 'Digite o hostname: (ex. hydrogen)'
read HOSTNAME

echo $HOSTNAME > /etc/hostname
hostname -F /etc/hostname

sed -i "/. *ubuntu$/a$IPNUM\t$HOSTNAME" /etc/hosts




echo
echo "criando usuário $USUARIO ..."

useradd --create-home --shell "/bin/bash" --user-group --groups "sudo" "$USUARIO"
echo "$USUARIO:$USERSENHA" | chpasswd
touch /home/$USUARIO/.bash_aliases
cat bash_aliases.txt > /home/$USUARIO/.bash_aliases





echo
echo "corrigindo/definindo locales..."

sed -i '$ a\pt_BR.UTF-8 UTF-8' /var/lib/locales/supported.d/local

dpkg-reconfigure locales > /dev/null 2>&1

sed -i '$ a\LC_ALL=pt_BR.UTF-8\nLANG=pt_BR.UTF-8' /etc/environment


dpkg-reconfigure tzdata

echo
echo "atualizando o sistema..."



apt-get update > /dev/null 2>&1
apt-get upgrade -y --show-upgraded > /dev/null 2>&1



echo
echo "configurando diretórios e permissões ssh..."
mkdir .ssh
mv id_rsa.pub .ssh/authorized_keys
chown -R $USUARIO:$USUARIO .ssh
chmod 700 .ssh
chmod 600 .ssh/authorized_keys

echo
echo "configurando sshd_config..."
sed -i '/Port 22/c\Port 63' /etc/ssh/sshd_config
sed -i '/PasswordAuthentication yes/c\PasswordAuthentication no' /etc/ssh/sshd_config
sed -i '/PermitRootLogin yes/c\PermitRootLogin no' /etc/ssh/sshd_config

echo
echo "reiniciando ssh..."
service ssh restart





echo
echo "configurando firewall..."
touch /etc/iptables.firewall.rules
cat iptables_basic.txt > /etc/iptables.firewall.rules
sed -i '$ a\\n' /etc/iptables.firewall.rules
iptables-restore < /etc/iptables.firewall.rules
iptables -L

touch /etc/network/if-pre-up.d/firewall
sed -i '$ a\#!/bin/sh\n/sbin/iptables-restore < /etc/iptables.firewall.rules' /etc/network/if-pre-up.d/firewall
chmod +x /etc/network/if-pre-up.d/firewall



echo
echo "configurando seguraça extra com fial2Ban"
apt-get install -y fail2ban
touch /etc/fail2ban/jail.local
cat jail.local.txt > /etc/fail2ban/jail.local
service fail2ban restart





echo
echo "conferindo hostname..."
hostname

echo
echo "conferindo FQDN..."
hostname -f

echo
echo "preparando para instalar nginx..."
apt-get install -y python-software-properties
add-apt-repository -y ppa:nginx/stable

apt-get update > /dev/null 2>&1
apt-get -y upgrade --show-upgraded > /dev/null 2>&1

echo
echo "instalando nginx..."
apt-get install -y nginx
echo
echo "configurando nginx..."
sed -i '/80 default_server/d' /etc/nginx/sites-available/default
service nginx start


echo
echo "instalando php-fpm..."
apt-get install -y php5-fpm
apt-get install -y php5-xcache

echo
echo "configurando para usar socket unix evitando possível tcp overhead"
sed -i '/127.0.0.1:9000/c\listen = /tmp/php5-fpm.sock' /etc/php5/fpm/pool.d/www.conf

echo
echo "configurando servidor default..."
sed -i '/# pass the PHP scripts/c\\tlocation ~ \.php$ {\n\t\ttry_files $uri =404;\n\t\tinclude /etc/nginx/fastcgi_params;\n\t\tfastcgi_pass unix:/tmp/php5-fpm.sock;\n\t\tfastcgi_index index.php;\n\t\tfastcgi_param SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name;\n\t}' /etc/nginx/sites-available/default

echo
echo "recarregando php e reiniciando nginx..."
service php5-fpm reload
service nginx restart

echo
echo "criando uma pagina de testes..."
touch /usr/share/nginx/html/info.php
cat info.php.txt > /usr/share/nginx/html/info.php
sed -i '$ a\\n' /usr/share/nginx/html/info.php



echo
echo "instalando mysql..."

echo "mysql-server-5.1 mysql-server/root_password password $MYSQLPW" | debconf-set-selections
echo "mysql-server-5.1 mysql-server/root_password_again password $MYSQLPW" | debconf-set-selections
apt-get install -y mysql-server  mysql-client php5-mysql

sed -i '/#max_connections/c\max_connections        = 75' /etc/mysql/my.cnf
sed -i '/key_buffer = /c\key_buffer = 16M' /etc/mysql/my.cnf
sed -i '/max_allowed_packet/c\max_allowed_packet      = 1M' /etc/mysql/my.cnf
sed -i '/#table_cache/c\#table_cache            = 32' /etc/mysql/my.cnf
service mysql restart
service php5-fpm reload
apt-get install -y phpmyadmin
service nginx  restart
mkdir /etc/nginx/ssl
cd /etc/nginx/ssl


echo
echo '******** Instalando SLL...pressione ENTER para continuar...'
echo

openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=BR/ST=qqRua/L=RJ/O=Dis/CN=bonates.com" -keyout server.key -out server.csr
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=BR/ST=qqRua/L=RJ/O=Dis/CN=bonates.com" -keyout server.key -out server.crt
#echo
#echo 'o passo a seguir te pedirá uma senha. Digite-a e guarde-a para o futuro.'

#openssl genrsa -des3 -out server.key 1024

#echo
#echo 'o passo a seguir te pedirá a senha recém criada.'
#echo 'na sequencia uma serie de info será solicitada'
#echo 'atente para a pergunta Common Name/FQDN e digite o domínio ou IP'

#openssl req -new -key server.key -out server.csr

#cp server.key server.key.org

#echo
#echo 'o passo a seguir te pedirá a senha recém criada.'

#openssl rsa -in server.key.org -out server.key
#openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

cd

sed -i '/ deny access to .htaccess/c\\tlocation /phpMyAdmin {\n\t\trewrite ^/* / last;\n\t}\n\n' /etc/nginx/sites-available/default

sed  -e '/# HTTPS server/r phpmyadmin-https-server.txt' -e 'x;$G' /etc/nginx/sites-available/default > /etc/nginx/sites-available/default.tmp
mv /etc/nginx/sites-available/default.tmp /etc/nginx/sites-available/default

sed -i '/Subsystem sftp/c\Subsystem sftp internal-sftp' /etc/ssh/sshd_config
sed -i '/ChallengeResponseAuthentication no/c\ChallengeResponseAuthentication yes' /etc/ssh/sshd_config
sed -i '$ a\\n\nMatch group filetransfer' /etc/ssh/sshd_config
sed -i '$ a\ChrootDirectory %h' /etc/ssh/sshd_config
sed -i '$ a\X11Forwarding no' /etc/ssh/sshd_config
sed -i '$ a\AllowTcpForwarding no' /etc/ssh/sshd_config
sed -i '$ a\ForceCommand internal-sftp' /etc/ssh/sshd_config




echo
echo 'criando usuário filer...'

addgroup filetransfer
useradd --create-home --shell "/bin/bash" --user-group --groups "filetransfer" "filer"
echo "filer:db1234" | chpasswd
chown root:root /home/filer
chmod 755 /home/filer
cd /home/filer
mkdir docs public_html
chown filer:filer *

service ssh restart
service php5-fpm reload
service nginx restart


echo 'limpando...'
sed -i '/^#$/d' /etc/nginx/sites-available/default > /dev/null 2>&1
sed -i '/^#/d' /etc/nginx/sites-available/default > /dev/null 2>&1
sed -i '/^\t#/d' /etc/nginx/sites-available/default > /dev/null 2>&1
sed -i '/^\t\t#/d' /etc/nginx/sites-available/default > /dev/null 2>&1
sed -i '/^\t\t\t#/d' /etc/nginx/sites-available/default > /dev/null 2>&1
sed -i '/^$/d' /etc/nginx/sites-available/default > /dev/null 2>&1
sed -i '/^\t$/d' /etc/nginx/sites-available/default > /dev/null 2>&1
sed -i '/^\t\t$/d' /etc/nginx/sites-available/default > /dev/null 2>&1
sed -i '/^\t\t\t$/d' /etc/nginx/sites-available/default > /dev/null 2>&1

cd

rm info.php.txt
rm install.sh
rm iptables_basic.txt
rm jail.local.txt
rm phpmyadmin-https-server.txt
rm bash_aliases.txt

echo **********************
echo
echo 'fim do procedimento!'
echo
echo **********************