dnviti/almalinux-postinstall.sh

## almalinux-postinstall.sh
#!/bin/bash

if [[ $USER != "root" ]]
then
    echo "Script must be run as root"
    exit 1
fi

AAA=$(grep "Port " /etc/ssh/sshd_config)
OLD_SSH_PORT=${AAA:5:99}
NEW_SSH_PORT=$(( $RANDOM % 99 + 22100 ))

read -p "Please enter a non-root user to enable docker: " SCRIPT_USER
read -p "Please enter the VPN Gateway IP you are using: " VPN_GW_IP

if [[ $VPN_GW_IP == "" ]]
then
    echo "You must enter a VPN Gateway IP"
    exit 1
fi

if [[ $SCRIPT_USER == "" ]]
then
    echo "You must enter a non root user as parameter"
	exit 1
fi

## Docker Install
dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
dnf remove podman buildah
dnf install -y docker-ce docker-ce-cli containerd.io
systemctl start docker.service
systemctl enable docker.service
usermod -aG docker $SCRIPT_USER
curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

## Docker Post-Install
groupadd docker
usermod -aG docker $SCRIPT_USER
mkdir /home/docker
chown -R $SCRIPT_USER:docker /home/docker

## SSH Config
sed -i "s/Port $OLD_SSH_PORT/Port $NEW_SSH_PORT/g" /etc/ssh/sshd_config
sed -i "s/PermitRootLogin yes/PermitRootLogin no/g" /etc/ssh/sshd_config
dnf install policycoreutils-python-utils
semanage port -a -t ssh_port_t -p tcp $NEW_SSH_PORT
firewall-cmd --remove-service=ssh --zone=public --permanent
firewall-cmd --remove-service=cockpit --zone=public --permanent
firewall-cmd --remove-service=dhcpv6-client --zone=public --permanent
firewall-cmd --permanent --zone=work --add-port=$NEW_SSH_PORT/tcp
firewall-cmd --permanent --zone=work --add-source=$VPN_GW_IP/24
dnf install epel-release -y
dnf install fail2ban -y
systemctl enable --now fail2ban
tee -a /etc/fail2ban/jail.conf > /dev/null <<EOT

[ssh]
enabled = true
port = $NEW_SSH_PORT
filter = sshd
logpath = /var/log/auth.log
EOT

## Forza DHCP
dnf install dhclient -y
dhclient -v

## User Output
echo "New SSH Port: $NEW_SSH_PORT"
echo "Warning! System will be restarted, please save the generated SSH port"
sudo read -p "Press [Enter] to reboot system"
sudo reboot
	#!/bin/bash

	if [[ $USER != "root" ]]
	then
	echo "Script must be run as root"
	exit 1
	fi

	AAA=$(grep "Port " /etc/ssh/sshd_config)
	OLD_SSH_PORT=${AAA:5:99}
	NEW_SSH_PORT=$(( $RANDOM % 99 + 22100 ))

	read -p "Please enter a non-root user to enable docker: " SCRIPT_USER
	read -p "Please enter the VPN Gateway IP you are using: " VPN_GW_IP

	if [[ $VPN_GW_IP == "" ]]
	then
	echo "You must enter a VPN Gateway IP"
	exit 1
	fi

	if [[ $SCRIPT_USER == "" ]]
	then
	echo "You must enter a non root user as parameter"
	exit 1
	fi

	## Docker Install
	dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
	dnf remove podman buildah
	dnf install -y docker-ce docker-ce-cli containerd.io
	systemctl start docker.service
	systemctl enable docker.service
	usermod -aG docker $SCRIPT_USER
	curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
	chmod +x /usr/local/bin/docker-compose

	## Docker Post-Install
	groupadd docker
	usermod -aG docker $SCRIPT_USER
	mkdir /home/docker
	chown -R $SCRIPT_USER:docker /home/docker

	## SSH Config
	sed -i "s/Port $OLD_SSH_PORT/Port $NEW_SSH_PORT/g" /etc/ssh/sshd_config
	sed -i "s/PermitRootLogin yes/PermitRootLogin no/g" /etc/ssh/sshd_config
	dnf install policycoreutils-python-utils
	semanage port -a -t ssh_port_t -p tcp $NEW_SSH_PORT
	firewall-cmd --remove-service=ssh --zone=public --permanent
	firewall-cmd --remove-service=cockpit --zone=public --permanent
	firewall-cmd --remove-service=dhcpv6-client --zone=public --permanent
	firewall-cmd --permanent --zone=work --add-port=$NEW_SSH_PORT/tcp
	firewall-cmd --permanent --zone=work --add-source=$VPN_GW_IP/24
	dnf install epel-release -y
	dnf install fail2ban -y
	systemctl enable --now fail2ban
	tee -a /etc/fail2ban/jail.conf > /dev/null <<EOT

	[ssh]
	enabled = true
	port = $NEW_SSH_PORT
	filter = sshd
	logpath = /var/log/auth.log
	EOT

	## Forza DHCP
	dnf install dhclient -y
	dhclient -v

	## User Output
	echo "New SSH Port: $NEW_SSH_PORT"
	echo "Warning! System will be restarted, please save the generated SSH port"
	sudo read -p "Press [Enter] to reboot system"
	sudo reboot