Last active
May 19, 2019 16:50
-
-
Save hartek/c9af1c4246bef5228f48ca8c9d51bdb8 to your computer and use it in GitHub Desktop.
Script that will perform basic configuration on a freshly-created Debian VPS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Move SSH access keys from root into debian | |
| cp -a /root/.ssh /home/debian/.ssh | |
| chown -R debian:debian /home/debian/.ssh | |
| echo "" > /root/.ssh/authorized_keys | |
| echo "[+] Reconfigured user permissions!" | |
| # Disallow sudo usage for debian | |
| mv /etc/sudoers.d/debian-cloud-init /etc/sudoers.d/debian-cloud-init~ | |
| echo "[+] Disallowed sudo usage for user debian!" | |
| # Change root password | |
| passwd | |
| echo "[+] Changed root password!" | |
| # Configure SSH service | |
| read -p "Enter SSH port: " ssh | |
| cp /etc/ssh/sshd_config /etc/ssh/sshd_config.back | |
| wget https://gist.githubusercontent.com/hartek/82decb8f0817d1a6ec8a10454e9134c4/raw/c4aa0d62231e1ecf269ce04a43deb263c9ae0cd5/sshd_config -O /etc/ssh/sshd_config | |
| sed -i "s/Port 22/Port $ssh/g" /etc/ssh/sshd_config | |
| systemctl reload ssh | |
| echo "[+] Reconfigured SSH!" | |
| # Install and configure ufw | |
| apt update | |
| apt install ufw -y | |
| ufw allow proto tcp to 0.0.0.0/0 port $ssh | |
| ufw --force enable | |
| ufw status | |
| echo "[+] Installed and configured UFW!" | |
| # Install and configure fail2ban | |
| apt install fail2ban -y | |
| cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local | |
| echo -e "[sshd]\nenabled = true\nport = $ssh\nbanaction = ufw\nbantime = 1200\nfindtime = 1200\nmaxretry = 5\n" > /etc/fail2ban/jail.d/sshd.conf | |
| systemctl reload fail2ban | |
| echo "[+] Installed and configured Fail2Ban!" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment