Last active
December 31, 2015 03:49
-
-
Save thebaer/7930262 to your computer and use it in GitHub Desktop.
Initialize a new server with the essentials.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ~/.bashrc: executed by bash(1) for non-login shells. | |
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) | |
# for examples | |
# If not running interactively, don't do anything | |
[ -z "$PS1" ] && return | |
# don't put duplicate lines in the history. See bash(1) for more options | |
# ... or force ignoredups and ignorespace | |
HISTCONTROL=ignoredups:ignorespace | |
# append to the history file, don't overwrite it | |
shopt -s histappend | |
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1) | |
HISTSIZE=1000 | |
HISTFILESIZE=2000 | |
# check the window size after each command and, if necessary, | |
# update the values of LINES and COLUMNS. | |
shopt -s checkwinsize | |
# make less more friendly for non-text input files, see lesspipe(1) | |
[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" | |
# set variable identifying the chroot you work in (used in the prompt below) | |
if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then | |
debian_chroot=$(cat /etc/debian_chroot) | |
fi | |
# set a fancy prompt (non-color, unless we know we "want" color) | |
case "$TERM" in | |
xterm-color) color_prompt=yes;; | |
esac | |
# Use bash-completion, if available | |
[[ $PS1 && -f /usr/share/bash-completion/bash_completion ]] && \ | |
. /usr/share/bash-completion/bash_completion | |
# uncomment for a colored prompt, if the terminal has the capability; turned | |
# off by default to not distract the user: the focus in a terminal window | |
# should be on the output of commands, not on the prompt | |
#force_color_prompt=yes | |
if [ -n "$force_color_prompt" ]; then | |
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then | |
# We have color support; assume it's compliant with Ecma-48 | |
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such | |
# a case would tend to support setf rather than setaf.) | |
color_prompt=yes | |
else | |
color_prompt= | |
fi | |
fi | |
if [ "$color_prompt" = yes ]; then | |
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' | |
else | |
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\w\[\033[1m\]`__git_ps1`\[\033[00m\]\$ ' | |
fi | |
unset color_prompt force_color_prompt | |
# If this is an xterm set the title to user@host:dir | |
case "$TERM" in | |
xterm*|rxvt*) | |
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" | |
;; | |
*) | |
;; | |
esac | |
# enable color support of ls and also add handy aliases | |
if [ -x /usr/bin/dircolors ]; then | |
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" | |
alias ls='ls --color=auto' | |
#alias dir='dir --color=auto' | |
#alias vdir='vdir --color=auto' | |
alias grep='grep -n --color=auto' | |
alias fgrep='fgrep --color=auto' | |
alias egrep='egrep --color=auto' | |
fi | |
# some more ls aliases | |
alias ll='ls -alF' | |
alias la='ls -A' | |
alias l='ls -CF' | |
# Alias definitions. | |
# You may want to put all your additions into a separate file like | |
# ~/.bash_aliases, instead of adding them here directly. | |
# See /usr/share/doc/bash-doc/examples in the bash-doc package. | |
# Git shortcuts | |
alias undocommit='git reset --soft HEAD^' | |
alias recommit='git commit -c ORIG_HEAD' | |
if [ -f ~/.bash_aliases ]; then | |
. ~/.bash_aliases | |
fi | |
# enable programmable completion features (you don't need to enable | |
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile | |
# sources /etc/bash.bashrc). | |
if [ -f /etc/bash_completion ] && ! shopt -oq posix; then | |
. /etc/bash_completion | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
" Indentation | |
set smartindent | |
set tabstop=4 | |
set shiftwidth=4 | |
set nowrap | |
set pastetoggle=<F2> | |
" Make it so the screen scrolls when nearing the edge. | |
set scrolloff=10 | |
set sidescrolloff=15 | |
" Better search | |
set incsearch | |
" Ctrl-hjkl navigates windows. | |
nnoremap <C-h> <C-w>h | |
nnoremap <C-j> <C-w>j | |
nnoremap <C-k> <C-w>k | |
nnoremap <C-l> <C-w>l |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#/bin/sh | |
# | |
# Set up a new Ubuntu server with the basics. | |
# To be used after SSHing in for the first time (i.e. as root user) | |
# | |
# INSTALLATION: | |
# wget https://gist.github.com/thebaer/7930262/raw/init_server.sh | |
# chmod +x init_server.sh | |
# ./init_server.sh | |
# | |
# CONFIGURATION | |
# ----------------------------------------------- | |
USERNAME=matt | |
VIMRC=https://gist.github.com/thebaer/7930262/raw/.vimrc | |
BASHRC=https://gist.github.com/thebaer/7930262/raw/.bashrc | |
# *) Do initial installation | |
# ----------------------------------------------- | |
if [ ! -e /home/$USERNAME/.boominitialized ]; then | |
# Update packages | |
apt-get update | |
apt-get upgrade | |
# Add non-root user | |
echo | |
echo "Creating user $USERNAME..." | |
useradd -G sudo -m $USERNAME | |
passwd $USERNAME | |
chsh -s `which bash` $USERNAME | |
# Use SSH keys | |
echo | |
echo "Setting up $USERNAME SSH key..." | |
read -p "On your local machine run ssh-keygen -t rsa, then enter public key: " pubkey | |
mkdir /home/$USERNAME/.ssh | |
echo $pubkey > /home/$USERNAME/.ssh/authorized_keys | |
# Set up iptables | |
echo | |
echo "Setting up firewall..." | |
# Keep all current connections | |
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT | |
# Allow SSH | |
read -p "Select a new SSH port: " sshport | |
iptables -A INPUT -p tcp --dport $sshport -j ACCEPT | |
# Update SSH config with chosen port | |
sed -i "s/Port 22/Port $sshport/" /etc/ssh/sshd_config | |
# Open www | |
read -p "Open WWW port (y/n)? " openwww | |
[ "$openwww" == "y" -o "$openwww" == "yes" ] && iptables -A INPUT -p tcp --dport 80 -j ACCEPT | |
# Open SSL | |
read -p "Open SSL port (y/n)? " ssl | |
[ "$ssl" == "y" -o "$ssl" == "yes" ] && iptables -A INPUT -p tcp --dport 443 -j ACCEPT | |
# Drop any other connections | |
iptables -A INPUT -j DROP | |
# Keep loopback | |
iptables -I INPUT 1 -i lo -j ACCEPT | |
# Display results | |
echo | |
iptables -L -v | |
echo | |
# Persist iptables rules | |
apt-get install iptables-persistent | |
service iptables-persistent start | |
# Disable SSH passwords | |
echo | |
echo "Hardening SSH..." | |
sed -i 's/#PasswordAuthentication no/PasswordAuthentication no/' /etc/ssh/sshd_config | |
sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config | |
service ssh restart | |
# Secure shared memory | |
echo | |
echo "Securing shared memory..." | |
echo "tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0" >> /etc/fstab | |
# Basic software | |
echo | |
apt-get install git-core | |
apt-get install build-essential | |
apt-get install vim vim-runtime | |
# Get configuration files from GitHub | |
echo | |
echo "Getting user configurations..." | |
cd /home/$USERNAME/ | |
if [ -n "$VIMRC" ]; then | |
wget $VIMRC | |
fi | |
if [ -n "$BASHRC" ]; then | |
wget $BASHRC | |
fi | |
touch .boominitialized | |
chown -R $USERNAME:$USERNAME . | |
fi | |
# *) Additional install / general helpers | |
# ----------------------------------------------- | |
echo | |
echo " What else do you need installed?" | |
echo " 1. Apache" | |
echo " 2. Apache with PHP (LT install)" | |
echo " 3. MySQL" | |
echo " 4. phpMyAdmin" | |
echo " 5. Node" | |
echo " Utilities:" | |
echo " a) Open new firewall port" | |
echo | |
read -p "Choice: " choice | |
case "$choice" in | |
"1") | |
# Install Apache | |
sudo apt-get install apache2 | |
# Limit information given | |
sudo sed -i "s/ServerSignature On/ServerSignature Off" /etc/apache2/conf-available/security.conf | |
sudo sed -i "s/ServerTokens OS/ServerTokens Prod" /etc/apache2/conf-available/security.conf | |
# Enable modules | |
sudo a2enmod rewrite | |
# Default public directory | |
sudo chown -R $USERNAME:$USERNAME /var/www | |
ln -s /var/www /home/$USERNAME/www | |
;; | |
"2") | |
# Install Apache w/ PHP | |
sudo apt-get install apache2 | |
sudo apt-get install php5 libapache2-mod-php5 php5-curl php5-cli php5-gd php5-mysql | |
sudo apt-get install python-mysqldb python-pip | |
sudo pip install python-cloudfiles | |
# PHP config: | |
sudo sed -i "s/expose_php = On/expose_php = Off/" /etc/php5/apache2/php.ini | |
# Apache: | |
# Limit information given | |
sudo sed -i "s/ServerSignature On/ServerSignature Off" /etc/apache2/conf-available/security.conf | |
sudo sed -i "s/ServerTokens OS/ServerTokens Prod" /etc/apache2/conf-available/security.conf | |
# Enable modules | |
sudo a2enmod rewrite | |
sudo a2enmod ssl | |
sudo a2enmod headers | |
# Default public directory | |
sudo chown -R $USERNAME:$USERNAME /var/www | |
ln -s /var/www /home/$USERNAME/www | |
sudo service apache2 restart | |
;; | |
"3") | |
# Install MySQL | |
sudo apt-get install mysql-server mysql-client | |
;; | |
"4") | |
# Install phpmyadmin | |
sudo apt-get install phpmyadmin | |
# Additional configuration | |
# Change folder location for a little obscurity | |
echo | |
read -p "Pick an alias for phpmyadmin access: " phpma | |
sudo sed -i "s/Alias \/phpmyadmin /Alias \/$phpma /" /etc/phpmyadmin/apache.conf | |
# Only allow access from localhost | |
sudo sed -i "/DirectoryIndex index.php/a AllowOverride all\n\tOrder Deny,Allow\n\tDeny from all\n\tAllow from 127.0.0.1" /etc/phpmyadmin/apache.conf | |
# Load new configuration | |
sudo service apache2 reload | |
;; | |
"5") | |
# Install node | |
sudo apt-get install g++ curl libssl-dev apache2-utils | |
cd /tmp | |
git clone git://github.com/ry/node.git | |
cd node | |
./configure | |
make | |
sudo make install | |
;; | |
"a") | |
# Open a port in the firewall | |
read -p "Open which port? " port | |
sudo iptables -A INPUT -p tcp --dport $port -j ACCEPT | |
/etc/init.d/iptables-persistent save | |
;; | |
*) | |
# Invalid choice | |
echo "DOES NOT COMPUTE!" | |
;; | |
esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment