CentOS - Install scripts for Digital Ocean and Puppet Enterprise

base.sh

# install the base packages
yum install nano git

firewall.sh

# flush all rules
iptables -F

# block null packets
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

# block syn-flood attacks
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

# block XMAS packets
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

# allow localhost
iptables -A INPUT -i lo -j ACCEPT

# allow 80 and 443 for webserver
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT

# allow SMTP on 465
iptables -A INPUT -p tcp -m tcp --dport 465 -j ACCEPT

# allow SSH access
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

# allow outgoing connections block everything else
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP

# save rules
iptables -L -n
iptables-save > /etc/sysconfig/iptables

# restart iptables
service iptables restart

puppet-agent.sh

# puppet enterprise install for agent nodes

# enable puppet labs repo for x64
sudo rpm -ivh https://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpm

# update yum
yum update

# install puppet
yum install puppet