Last active
December 16, 2015 04:09
-
-
Save dbonates/5375208 to your computer and use it in GitHub Desktop.
setup linode vps
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
################################################## | |
# | |
# Arquivos que devem estar neste diretório | |
# | |
# rm info.php.txt | |
# rm install.sh | |
# rm iptables_basic.txt | |
# rm jail.local.txt | |
# rm phpmyadmin-https-server.txt | |
# rm bash_aliases.txt | |
# | |
################################################## | |
echo "Digite o nome do usuário que usará o sudo:" | |
read USUARIO | |
echo "Digite a senha dele:" | |
read USERSENHA | |
echo | |
echo "capturando IP..." | |
echo "Digite a senha para o usuário root do mysql:" | |
read MYSQLPW | |
echo | |
echo "capturando IP..." | |
IPNUM=`ifconfig eth0 | grep "inet addr" | awk -F: '{print $2}' | awk '{print $1}'` | |
echo "IP encontrado: $IPNUM" | |
echo | |
echo 'Digite o hostname: (ex. hydrogen)' | |
read HOSTNAME | |
echo $HOSTNAME > /etc/hostname | |
hostname -F /etc/hostname | |
sed -i "/. *ubuntu$/a$IPNUM\t$HOSTNAME" /etc/hosts | |
echo | |
echo "criando usuário $USUARIO ..." | |
useradd --create-home --shell "/bin/bash" --user-group --groups "sudo" "$USUARIO" | |
echo "$USUARIO:$USERSENHA" | chpasswd | |
touch /home/$USUARIO/.bash_aliases | |
cat bash_aliases.txt > /home/$USUARIO/.bash_aliases | |
echo | |
echo "corrigindo/definindo locales..." | |
sed -i '$ a\pt_BR.UTF-8 UTF-8' /var/lib/locales/supported.d/local | |
dpkg-reconfigure locales > /dev/null 2>&1 | |
sed -i '$ a\LC_ALL=pt_BR.UTF-8\nLANG=pt_BR.UTF-8' /etc/environment | |
dpkg-reconfigure tzdata | |
echo | |
echo "atualizando o sistema..." | |
apt-get update > /dev/null 2>&1 | |
apt-get upgrade -y --show-upgraded > /dev/null 2>&1 | |
echo | |
echo "configurando diretórios e permissões ssh..." | |
mkdir .ssh | |
mv id_rsa.pub .ssh/authorized_keys | |
chown -R $USUARIO:$USUARIO .ssh | |
chmod 700 .ssh | |
chmod 600 .ssh/authorized_keys | |
echo | |
echo "configurando sshd_config..." | |
sed -i '/Port 22/c\Port 63' /etc/ssh/sshd_config | |
sed -i '/PasswordAuthentication yes/c\PasswordAuthentication no' /etc/ssh/sshd_config | |
sed -i '/PermitRootLogin yes/c\PermitRootLogin no' /etc/ssh/sshd_config | |
echo | |
echo "reiniciando ssh..." | |
service ssh restart | |
echo | |
echo "configurando firewall..." | |
touch /etc/iptables.firewall.rules | |
cat iptables_basic.txt > /etc/iptables.firewall.rules | |
sed -i '$ a\\n' /etc/iptables.firewall.rules | |
iptables-restore < /etc/iptables.firewall.rules | |
iptables -L | |
touch /etc/network/if-pre-up.d/firewall | |
sed -i '$ a\#!/bin/sh\n/sbin/iptables-restore < /etc/iptables.firewall.rules' /etc/network/if-pre-up.d/firewall | |
chmod +x /etc/network/if-pre-up.d/firewall | |
echo | |
echo "configurando seguraça extra com fial2Ban" | |
apt-get install -y fail2ban | |
touch /etc/fail2ban/jail.local | |
cat jail.local.txt > /etc/fail2ban/jail.local | |
service fail2ban restart | |
echo | |
echo "conferindo hostname..." | |
hostname | |
echo | |
echo "conferindo FQDN..." | |
hostname -f | |
echo | |
echo "preparando para instalar nginx..." | |
apt-get install -y python-software-properties | |
add-apt-repository -y ppa:nginx/stable | |
apt-get update > /dev/null 2>&1 | |
apt-get -y upgrade --show-upgraded > /dev/null 2>&1 | |
echo | |
echo "instalando nginx..." | |
apt-get install -y nginx | |
echo | |
echo "configurando nginx..." | |
sed -i '/80 default_server/d' /etc/nginx/sites-available/default | |
service nginx start | |
echo | |
echo "instalando php-fpm..." | |
apt-get install -y php5-fpm | |
apt-get install -y php5-xcache | |
echo | |
echo "configurando para usar socket unix evitando possível tcp overhead" | |
sed -i '/127.0.0.1:9000/c\listen = /tmp/php5-fpm.sock' /etc/php5/fpm/pool.d/www.conf | |
echo | |
echo "configurando servidor default..." | |
sed -i '/# pass the PHP scripts/c\\tlocation ~ \.php$ {\n\t\ttry_files $uri =404;\n\t\tinclude /etc/nginx/fastcgi_params;\n\t\tfastcgi_pass unix:/tmp/php5-fpm.sock;\n\t\tfastcgi_index index.php;\n\t\tfastcgi_param SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name;\n\t}' /etc/nginx/sites-available/default | |
echo | |
echo "recarregando php e reiniciando nginx..." | |
service php5-fpm reload | |
service nginx restart | |
echo | |
echo "criando uma pagina de testes..." | |
touch /usr/share/nginx/html/info.php | |
cat info.php.txt > /usr/share/nginx/html/info.php | |
sed -i '$ a\\n' /usr/share/nginx/html/info.php | |
echo | |
echo "instalando mysql..." | |
echo "mysql-server-5.1 mysql-server/root_password password $MYSQLPW" | debconf-set-selections | |
echo "mysql-server-5.1 mysql-server/root_password_again password $MYSQLPW" | debconf-set-selections | |
apt-get install -y mysql-server mysql-client php5-mysql | |
sed -i '/#max_connections/c\max_connections = 75' /etc/mysql/my.cnf | |
sed -i '/key_buffer = /c\key_buffer = 16M' /etc/mysql/my.cnf | |
sed -i '/max_allowed_packet/c\max_allowed_packet = 1M' /etc/mysql/my.cnf | |
sed -i '/#table_cache/c\#table_cache = 32' /etc/mysql/my.cnf | |
service mysql restart | |
service php5-fpm reload | |
apt-get install -y phpmyadmin | |
service nginx restart | |
mkdir /etc/nginx/ssl | |
cd /etc/nginx/ssl | |
echo | |
echo '******** Instalando SLL...pressione ENTER para continuar...' | |
echo | |
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=BR/ST=qqRua/L=RJ/O=Dis/CN=bonates.com" -keyout server.key -out server.csr | |
cp server.key server.key.org | |
openssl rsa -in server.key.org -out server.key | |
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=BR/ST=qqRua/L=RJ/O=Dis/CN=bonates.com" -keyout server.key -out server.crt | |
#echo | |
#echo 'o passo a seguir te pedirá uma senha. Digite-a e guarde-a para o futuro.' | |
#openssl genrsa -des3 -out server.key 1024 | |
#echo | |
#echo 'o passo a seguir te pedirá a senha recém criada.' | |
#echo 'na sequencia uma serie de info será solicitada' | |
#echo 'atente para a pergunta Common Name/FQDN e digite o domínio ou IP' | |
#openssl req -new -key server.key -out server.csr | |
#cp server.key server.key.org | |
#echo | |
#echo 'o passo a seguir te pedirá a senha recém criada.' | |
#openssl rsa -in server.key.org -out server.key | |
#openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt | |
cd | |
sed -i '/ deny access to .htaccess/c\\tlocation /phpMyAdmin {\n\t\trewrite ^/* / last;\n\t}\n\n' /etc/nginx/sites-available/default | |
sed -e '/# HTTPS server/r phpmyadmin-https-server.txt' -e 'x;$G' /etc/nginx/sites-available/default > /etc/nginx/sites-available/default.tmp | |
mv /etc/nginx/sites-available/default.tmp /etc/nginx/sites-available/default | |
sed -i '/Subsystem sftp/c\Subsystem sftp internal-sftp' /etc/ssh/sshd_config | |
sed -i '/ChallengeResponseAuthentication no/c\ChallengeResponseAuthentication yes' /etc/ssh/sshd_config | |
sed -i '$ a\\n\nMatch group filetransfer' /etc/ssh/sshd_config | |
sed -i '$ a\ChrootDirectory %h' /etc/ssh/sshd_config | |
sed -i '$ a\X11Forwarding no' /etc/ssh/sshd_config | |
sed -i '$ a\AllowTcpForwarding no' /etc/ssh/sshd_config | |
sed -i '$ a\ForceCommand internal-sftp' /etc/ssh/sshd_config | |
echo | |
echo 'criando usuário filer...' | |
addgroup filetransfer | |
useradd --create-home --shell "/bin/bash" --user-group --groups "filetransfer" "filer" | |
echo "filer:db1234" | chpasswd | |
chown root:root /home/filer | |
chmod 755 /home/filer | |
cd /home/filer | |
mkdir docs public_html | |
chown filer:filer * | |
service ssh restart | |
service php5-fpm reload | |
service nginx restart | |
echo 'limpando...' | |
sed -i '/^#$/d' /etc/nginx/sites-available/default > /dev/null 2>&1 | |
sed -i '/^#/d' /etc/nginx/sites-available/default > /dev/null 2>&1 | |
sed -i '/^\t#/d' /etc/nginx/sites-available/default > /dev/null 2>&1 | |
sed -i '/^\t\t#/d' /etc/nginx/sites-available/default > /dev/null 2>&1 | |
sed -i '/^\t\t\t#/d' /etc/nginx/sites-available/default > /dev/null 2>&1 | |
sed -i '/^$/d' /etc/nginx/sites-available/default > /dev/null 2>&1 | |
sed -i '/^\t$/d' /etc/nginx/sites-available/default > /dev/null 2>&1 | |
sed -i '/^\t\t$/d' /etc/nginx/sites-available/default > /dev/null 2>&1 | |
sed -i '/^\t\t\t$/d' /etc/nginx/sites-available/default > /dev/null 2>&1 | |
cd | |
rm info.php.txt | |
rm install.sh | |
rm iptables_basic.txt | |
rm jail.local.txt | |
rm phpmyadmin-https-server.txt | |
rm bash_aliases.txt | |
echo ********************** | |
echo | |
echo 'fim do procedimento!' | |
echo | |
echo ********************** |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment