Skip to content

Instantly share code, notes, and snippets.

@holms
Last active December 14, 2015 08:09
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save holms/5055877 to your computer and use it in GitHub Desktop.
debian wheezy update and basic server setup script
#!/bin/bash
# Text color variables
txtund=$(tput sgr 0 1) # Underline
txtbld=$(tput bold) # Bold
bldred=${txtbld}$(tput setaf 1) # red
bldblu=${txtbld}$(tput setaf 4) # blue
bldwht=${txtbld}$(tput setaf 7) # white
txtrst=$(tput sgr0) # Reset
info=${bldwht}*${txtrst} # Feedback
pass=${bldblu}*${txtrst}
warn=${bldred}*${txtrst}
ques=${bldblu}?${txtrst}
if [[ $(id -u) -ne 0 ]] ; then
echo "Please run this script with root privilegues!" ;
exit 2 ;
fi
DEBIAN_OK=`cat /etc/debian_version`
if [[ "$DEBIAN_OK" = "" ]] ; then
echo "This is not a debian server...";
exit;
fi
dpkg-reconfigure locales
read -p "Please enter the server hostname (e.g. server123)? " HOSTNAME
CHECK=`echo $HOSTNAME | grep -E "[^[:alnum:]\-]"`
if [[ "$CHECK" != "" ]] ; then
echo "$HOSTNAME is not a valid hostname!" ;
exit 2;
fi
read -p "Please enter the server domain name (mydomain.com)? " FQDNNAME
CHECK=`echo $FQDNNAME | grep -E "[^[:alnum:]\-\.-]"`
if [[ "$CHECK" != "" ]] ; then
echo "$FQDNNAME is no valid domain name!" ;
exit 2;
fi
FQDNNAME="$HOSTNAME.$FQDNNAME"
read -p "So the server name should be $HOSTNAME ($FQDNNAME) (y/n)? " DOIT
if [[ "$DOIT" != "j" && "$DOIT" != "y" ]] ; then
echo "Aborted!" ;
exit 0 ;
fi
read -p "Do you want to use the <stable> or <testing> distribution? [stable] " DISTRIB
if [[ "$DISTRIB" = "" ]] ; then
DISTRIB="stable" ;
fi
if [[ "$DISTRIB" != "testing" && "$DISTRIB" != "stable" ]] ; then
echo "aborted!" ;
exit 0 ;
fi
read -p "We will install lots of packages now! Shall we start (y/n)? " DOIT
if [[ "$DOIT" != "j" && "$DOIT" != "y" ]] ; then
echo "Aborted." ;
exit 0 ;
fi
SERVERIP=`ifconfig | grep -i 'inet addr:' | sed -r "s/.*inet\s+addr:\s*([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)\s+.*/\1.\2.\3.\4/" | grep -v 'addr:127.0.' | head -n 1`
OK="no"
while [[ "$OK" = "no" ]] ; do
read -p "Main-IP of the server (has to be set up in ifconfig already) [$SERVERIP]: " SETSERVERIP ;
if [[ "$SETSERVERIP" = "" ]] ; then
SETSERVERIP="$SERVERIP" ;
fi
CHECK=`ifconfig | grep ":$SETSERVERIP "`;
if [[ "$CHECK" = "" ]] ; then
echo "$warn IP not found in ifconfig" ;
else
OK="yes" ;
fi
done
SERVERIP="$SETSERVERIP" ;
printr "\n$info Setting hostname: \n"
cp /etc/hosts /etc/hosts.save
cp /etc/hostname /etc/hostname.save
if [[ -e /etc/mailname ]] ; then
cp /etc/mailname /etc/mailname.save ;
fi
CHECK=`grep "$SERVERIP" /etc/hosts`
if [[ "$CHECK" = "" ]] ; then
echo "$SERVERIP $FQDNNAME $HOSTNAME" >> /etc/hosts ;
else
sed -i -r "s/^[^0-9]*$SERVERIP\s+.*$/$SERVERIP $FQDNNAME $HOSTNAME/" /etc/hosts ;
fi
echo "$HOSTNAME" > /etc/hostname
echo "$FQDNNAME" > /etc/mailname
hostname $HOSTNAME
/etc/init.d/hostname.sh start
printf "\n$info Updating apt-get:\n"
apt-get update
apt-get -q -y --force-yes install bc
printf "\n$info Backup sources.list:\n"
cp /etc/apt/sources.list /etc/apt/sources.list.save ;
printf "\n$info Update sources.list:\n"
cat > /etc/apt/sources.list << EOF
#Testing
deb http://ftp.lt.debian.org/debian/ testing main contrib non-free
deb-src http://ftp.lt.debian.org/debian/ testing main contrib non-free
#Testing Security http://secure-testing-master.debian.net/
deb http://security.debian.org wheezy/updates main contrib non-free
deb-src http://security.debian.org wheezy/updates main contrib non-free
#Testing Proposed Updates
deb http://ftp.lt.debian.org/debian/ testing-proposed-updates main contrib non-free
deb-src http://ftp.lt.debian.org/debian/ testing-proposed-updates main contrib non-free
EOF
DONE="no" ;
STEP=1 ;
while [[ "$DONE" = "no" && "$STEP" -lt "7" ]] ; do
STEP=`echo "$STEP + 1" | bc`;
echo "STEP: $STEP";
## update apt
CHECK=`apt-get update -qq 2>&1 | grep -E "^W:" | grep 'NO_PUBKEY'`;
echo "CHECK: $CHECK";
if [[ "$CHECK" != "" ]] ; then
PUBKEY=`echo "$CHECK" | sed -r "s/.*(NO_PUBKEY)\s+([0-9a-zA-Z]+)(\s+|$).*/\2/" | head -n 1` ;
echo "PUBKEY: $PUBKEY";
CHECK=`echo "$PUBKEY" | grep -E "[^A-Za-z0-9]"`
echo "CHECK2: $CHECK";
if [[ "$CHECK" = "" ]] ; then
echo "Importiere Public key $PUBKEY." ;
gpg --keyserver pgp.mit.edu --recv "$PUBKEY";
gpg --export --armor "$PUBKEY" | apt-key add - ;
fi
else
DONE="yes" ;
fi
done
apt-get -q -y dist-upgrade
## check for ssh option
printf "\n\n$info Fixing ssh options...\n\n"
CHECK=`grep -e '^SSHD_OOM_ADJUST=-17' /etc/default/ssh`
if [[ "$CHECK" != "" ]] ; then
sed -i s/SSHD_OOM_ADJUST=-17/#SSHD_OOM_ADJUST=-17/ /etc/default/ssh;
echo "unset SSHD_OOM_ADJUST" >> /etc/default/ssh ;
fi
## adding user deploy
printf "\n\n$info Adding user deploy...\n\n"
useradd deploy
mkdir -p /home/deploy
mkdir -p /home/deploy/.ssh
chmod 700 /home/deploy/.ssh
touch /home/deploy/.ssh/authorized_keys
chmod 400 /home/deploy/.ssh/authorized_keys
chown deploy:deploy /home/deploy -R
sudo usermod -aG sudo deploy
perl -p -i.old -e "s/PermitRootLogin yes/PermitRootLogin no/g" /etc/ssh/sshd_config
service ssh restart
printf "\n\n$info Installing puppet...\n\n"
apt-get -y install ruby rubygems
gem install --no-rdoc --no-ri puppet
printf "\n\n$info Installing other packages...\n\n"
apt-get install fail2ban zsh nano vim binutils unzip bzip2 arj unrar vim git
#apt-get -q -y install ssh openssh-server ntp ntpdate postfix binutils sudo unzip bzip2 arj lzop cabextract apt-listchanges daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl libexpat1 ssl-cert exec mcrypt imagemagick
printf "\n\nRemoving unneeded services...\n\n"
update-rc.d -f exim remove
update-inetd --remove daytime
update-inetd --remove telnet
update-inetd --remove time
update-inetd --remove finger
update-inetd --remove talk
update-inetd --remove ntalk
update-inetd --remove ftp
update-inetd --remove discard
printf "\n\n$info Remove apache...\n\n"
apt-get --purge remove apache2 apache2-doc apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment