Skip to content

Instantly share code, notes, and snippets.

@gardner
Last active November 22, 2019 22:33
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save gardner/f89144704607c3f761231d0bd09daf0f to your computer and use it in GitHub Desktop.
Provision Scaleway C2L Debian Buster instance as a high bandwidth i2p relay with fail2ban and rkhunter
#!/bin/bash
# Update Debian
apt-get update && apt-get upgrade -y && apt-get install apt-transport-https fail2ban rkhunter -y
# Remove apt versions of lynis (should not be required on new instance)
apt-get remove --purge lynis
# Add lynis apt repo
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C80E383C3DE9F082E01391A0366C67DE91CA5D5F
echo 'Acquire::Languages "none";' > /etc/apt/apt.conf.d/99disable-translations
echo "deb https://packages.cisofy.com/community/lynis/deb/ buster main" > /etc/apt/sources.list.d/cisofy-lynis.list
# Add i2p apt repo
cat << EOF > /etc/apt/sources.list.d/i2p.list
deb https://deb.i2p2.de/ buster main
deb-src https://deb.i2p2.de/ buster main
EOF
curl -o i2p-debian-repo.key.asc https://geti2p.net/_static/i2p-debian-repo.key.asc
apt-key add i2p-debian-repo.key.asc
apt-get update
# Install i2p and lynis
apt-get install i2p i2p-keyring lynis -y
# Configure fail2ban with useful defaults
cat << EOF > /etc/fail2ban/jail.local
[DEFAULT]
bantime = 3600
maxretry = 3
[sshd]
enabled = true
EOF
service fail2ban restart
# Upsert function for sshd_config
function update_sshd {
if grep $1 /etc/ssh/sshd_config; then
echo Replacing $1 $2
sed -i 's/^$1.*/$1 $2/' /etc/ssh/sshd_config
else
echo Adding $1 $2
echo "$1 $2" >> /etc/ssh/sshd_config
fi
}
# Upsert the config lynis recommends
update_sshd AllowTcpForwarding no
update_sshd ClientAliveCountMax 3
update_sshd Compression no
update_sshd MaxAuthTries 3
update_sshd MaxSessions 3
update_sshd AllowAgentForwarding no
service ssh restart
# Configure i2p to start
cat << EOF > /etc/default/i2p
# Defaults for i2p initscript (/etc/init.d/i2p)
# This is a posix shell fragment
# [automatically edited by postinst, do not change line format ]
# Run 'dpkg-reconfigure -plow i2p' to change these values.
RUN_DAEMON="true"
I2PUSER="i2psvc"
ULIMIT="8192"
CONFINE_WITH_APPARMOR="true"
# The next value is also wrapper.java.maxmemory in /etc/i2p/wrapper.config
MEMORYLIMIT="8192"
EOF
service i2p restart
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment