Last active
May 24, 2018 17:05
-
-
Save jatkins/77e51c47408fc2fdf33b to your computer and use it in GitHub Desktop.
Brandz
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Add keys for external APT sources | |
wget -O- http://download.gluster.org/pub/gluster/glusterfs/LATEST/Debian/jessie/apt/pub.key | apt-key add - | |
wget -O- https://download.newrelic.com/548C16BF.gpg | apt-key add - | |
# Add external APT source list | |
echo deb http://download.gluster.org/pub/gluster/glusterfs/3.7/3.7.3/Debian/jessie/apt jessie main > /etc/apt/sources.list.d/gluster.list | |
echo deb http://apt.newrelic.com/debian/ newrelic non-free >> /etc/apt/sources.list.d/newrelic.list | |
# Perform APT actions | |
apt-get update | |
apt-get -y upgrade | |
apt-get -y dist-upgrade | |
apt-get -y autoremove | |
apt-get -y install newrelic-sysmond iptables-persistent vim ntp fail2ban sudo | |
# Set NewRelic license key | |
nrsysmond-config --set license_key=888095ca6dd874600482fc53713e4eeb724cf30f | |
dpkg-reconfigure tzdata | |
fallocate -l1G /swapfile | |
chmod 0600 /swapfile | |
mkswap /swapfile | |
echo -e "/swapfile\tnone\t\tswap\tsw\t0 0" >> /etc/fstab | |
echo "vm.swappiness=10" >> /etc/sysctl.conf | |
echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf | |
adduser --ingroup 27 --disabled-password caesar | |
mkdir /home/caesar/.ssh | |
chmod 700 /home/caesar/.ssh | |
cd /home/caesar/.ssh | |
touch authorized_keys | |
chmod 600 authorized_keys | |
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsCOqvgEuKrLwiQeyPwyXJ7/xiUAFFRva2YF/Y+e8V4q9XD4VaxnNZJoK4L5A/PF9ueQQF5qICfMR+1tebAPUZPbvjnMIsXwvo2f9xDLpNJKmvffNVrxPp3JMEC0Nqi9kLB36CS4a0xkEwIfudjeBGAjbYDsB6IMhIdnjzaCoXNz7C7IWJHExc2YwlbBlJOiThZw/aRI2zN+Vu6Flj+RANgqYtjB4KLeW7tEx+pxpi3d5MdWvTPdcfOkrDfWlGmHgVFqmGmniJeocdCVvtpZvyzVRMSspilxEx1XusALfcRS8TCkwdicKDsFwyag1+3XaD2K3QQMe6X9Ui2rG6C1u/" > authorized_keys | |
echo "YOU NEED TO REBOOT!!!!!!" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
$REMOTE_GFS_HOST="0.0.0.0" | |
apt-get -y install nginx php5-fpm php5-mysql php5-gd libssh2-php | |
sed -i s/\;cgi\.fix_pathinfo=1/cgi\.fix_pathinfo=0/g /etc/php5/fpm/php.ini |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
*filter | |
:INPUT ACCEPT [0:0] | |
:FORWARD ACCEPT [0:0] | |
:OUTPUT ACCEPT [0:0] | |
-A INPUT -i lo -j ACCEPT | |
-A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable | |
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
-A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT | |
-A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT | |
-A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT | |
-A INPUT -i eth1 -p tcp -m tcp --dport 24007 -s GFS_PEER_PRIVATE_IP -j ACCEPT | |
-A INPUT -i eth1 -p tcp -m tcp --dport 24008 -s GFS_PEER_PRIVATE_IP -j ACCEPT | |
-A INPUT -i eth1 -p tcp -m tcp --dport 49152:49153 -s GFS_PEER_PRIVATE_IP -j ACCEPT | |
-A INPUT -i eth1 -p tcp -m tcp --dport 111 -s GFS_PEER_PRIVATE_IP -j ACCEPT | |
-A INPUT -i eth1 -p udp -m udp --dport 111 -s GFS_PEER_PRIVATE_IP -j ACCEPT | |
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT | |
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 | |
-A INPUT -j REJECT --reject-with icmp-port-unreachable | |
-A FORWARD -j REJECT --reject-with icmp-port-unreachable | |
-A OUTPUT -j ACCEPT | |
COMMIT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment