Last active
November 22, 2019 22:33
Star
You must be signed in to star a gist
Provision Scaleway C2L Debian Buster instance as a high bandwidth i2p relay with fail2ban and rkhunter
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Update Debian | |
apt-get update && apt-get upgrade -y && apt-get install apt-transport-https fail2ban rkhunter -y | |
# Remove apt versions of lynis (should not be required on new instance) | |
apt-get remove --purge lynis | |
# Add lynis apt repo | |
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C80E383C3DE9F082E01391A0366C67DE91CA5D5F | |
echo 'Acquire::Languages "none";' > /etc/apt/apt.conf.d/99disable-translations | |
echo "deb https://packages.cisofy.com/community/lynis/deb/ buster main" > /etc/apt/sources.list.d/cisofy-lynis.list | |
# Add i2p apt repo | |
cat << EOF > /etc/apt/sources.list.d/i2p.list | |
deb https://deb.i2p2.de/ buster main | |
deb-src https://deb.i2p2.de/ buster main | |
EOF | |
curl -o i2p-debian-repo.key.asc https://geti2p.net/_static/i2p-debian-repo.key.asc | |
apt-key add i2p-debian-repo.key.asc | |
apt-get update | |
# Install i2p and lynis | |
apt-get install i2p i2p-keyring lynis -y | |
# Configure fail2ban with useful defaults | |
cat << EOF > /etc/fail2ban/jail.local | |
[DEFAULT] | |
bantime = 3600 | |
maxretry = 3 | |
[sshd] | |
enabled = true | |
EOF | |
service fail2ban restart | |
# Upsert function for sshd_config | |
function update_sshd { | |
if grep $1 /etc/ssh/sshd_config; then | |
echo Replacing $1 $2 | |
sed -i 's/^$1.*/$1 $2/' /etc/ssh/sshd_config | |
else | |
echo Adding $1 $2 | |
echo "$1 $2" >> /etc/ssh/sshd_config | |
fi | |
} | |
# Upsert the config lynis recommends | |
update_sshd AllowTcpForwarding no | |
update_sshd ClientAliveCountMax 3 | |
update_sshd Compression no | |
update_sshd MaxAuthTries 3 | |
update_sshd MaxSessions 3 | |
update_sshd AllowAgentForwarding no | |
service ssh restart | |
# Configure i2p to start | |
cat << EOF > /etc/default/i2p | |
# Defaults for i2p initscript (/etc/init.d/i2p) | |
# This is a posix shell fragment | |
# [automatically edited by postinst, do not change line format ] | |
# Run 'dpkg-reconfigure -plow i2p' to change these values. | |
RUN_DAEMON="true" | |
I2PUSER="i2psvc" | |
ULIMIT="8192" | |
CONFINE_WITH_APPARMOR="true" | |
# The next value is also wrapper.java.maxmemory in /etc/i2p/wrapper.config | |
MEMORYLIMIT="8192" | |
EOF | |
service i2p restart |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment