Created
March 21, 2023 09:15
-
-
Save nstankov-bg/aeabd9c19d79a368e35c98f645c98b5c to your computer and use it in GitHub Desktop.
ubuntu_packer_gpt4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -euo pipefail | |
export DEBIAN_FRONTEND=noninteractive | |
# Install Docker | |
curl -fsSL https://get.docker.com -o get-docker.sh | |
sh get-docker.sh | |
rm get-docker.sh | |
# Add the user to the 'docker' group | |
usermod -aG docker $SUDO_USER | |
# Install Docker Compose v2 | |
curl -fsSL https://raw.githubusercontent.com/docker/compose-cli/main/scripts/install/install_linux.sh -o get-docker-compose-v2.sh | |
DOCKER_CHANNEL=edge sh get-docker-compose-v2.sh | |
rm get-docker-compose-v2.sh | |
# Install Buildx CLI plugin | |
BUILDX_VERSION="v0.10.4" | |
mkdir -p ~/.docker/cli-plugins | |
curl -fsSL https://github.com/docker/buildx/releases/download/${BUILDX_VERSION}/buildx-${BUILDX_VERSION}.linux-amd64 -o ~/.docker/cli-plugins/docker-buildx | |
chmod a+x ~/.docker/cli-plugins/docker-buildx | |
# Enable experimental features for Buildx | |
echo "{\"experimental\": \"enabled\"}" | sudo tee /etc/docker/daemon.json >/dev/null | |
# Restart Docker service | |
systemctl restart docker | |
echo "Docker, Docker Compose v2, and Buildx have been installed and configured." |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -euo pipefail | |
export DEBIAN_FRONTEND=noninteractive | |
# Update and upgrade packages | |
apt-get update | |
apt-get upgrade -y | |
# Install necessary packages | |
apt-get install -y \ | |
ufw \ | |
fail2ban \ | |
unattended-upgrades | |
# Enable and configure the Uncomplicated Firewall (ufw) | |
ufw default deny incoming | |
ufw default allow outgoing | |
ufw allow ssh | |
ufw enable | |
# Configure fail2ban to protect against brute-force attacks | |
systemctl enable fail2ban | |
systemctl start fail2ban | |
# Configure unattended upgrades | |
cat >/etc/apt/apt.conf.d/50unattended-upgrades <<EOL | |
Unattended-Upgrade::Allowed-Origins { | |
"\${distro_id}:\${distro_codename}"; | |
"\${distro_id}:\${distro_codename}-security"; | |
"\${distro_id}:\${distro_codename}-updates"; | |
}; | |
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true"; | |
Unattended-Upgrade::Remove-Unused-Dependencies "true"; | |
Unattended-Upgrade::Automatic-Reboot "false"; | |
EOL | |
cat >/etc/apt/apt.conf.d/20auto-upgrades <<EOL | |
APT::Periodic::Update-Package-Lists "1"; | |
APT::Periodic::Download-Upgradeable-Packages "1"; | |
APT::Periodic::AutocleanInterval "7"; | |
APT::Periodic::Unattended-Upgrade "1"; | |
EOL | |
systemctl enable unattended-upgrades | |
systemctl start unattended-upgrades | |
# Disable root login | |
sed -i 's/^PermitRootLogin.*/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config | |
# Limit sudo sessions to 60 minutes | |
echo "Defaults timestamp_timeout=60" >>/etc/sudoers | |
echo "System hardening complete." |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -euo pipefail | |
export DEBIAN_FRONTEND=noninteractive | |
apt-get update | |
apt-get upgrade -y | |
# Install required packages | |
apt-get install -y \ | |
curl \ | |
unzip \ | |
jq \ | |
apt-transport-https \ | |
ca-certificates \ | |
software-properties-common | |
# Install AWS CLI | |
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" | |
unzip awscliv2.zip | |
./aws/install | |
rm awscliv2.zip | |
rm -rf aws | |
# Install Packer | |
curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add - | |
apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | |
apt-get update | |
apt-get install -y packer | |
# Install Terraform | |
curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add - | |
apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | |
apt-get update | |
apt-get install -y terraform | |
# Clean up | |
apt-get autoremove -y | |
apt-get clean | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment