voodoonofx/Cent7_base_install.sh

## Cent7_base_install.sh
#!/bin/bash
if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root"
   exit 1
fi

# Set the hostname correctly
echo "Hello! Please tell me the desired hostname now: "

read thishostname

echo "Setting hostname to: '$thishostname'"
sleep 5

hostname $thishostname
echo "$thishostname" > /etc/hostname
# Read the current IP Address. Fails if more than 1 IP address
IP=`ifconfig | grep -E -o "inet ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | grep -E -v "inet 127.0.0.1" | sed -r 's/inet ([0-9.]+)/\1/'`

# Setup SSH, with my public key
if test -f "~/.ssh/id_rsa"; then
  ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -q -N ""
fi
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAoRx5II7bgJNQ7svCfmhUsW4Iv3i7UFoVlmLMuPwxboaoo7vBwx/mhWtwOGMseP/TvifVJ6Dyyi3dSpG/Uph6kug27MI+OXeBTklxmcIrG9MKZOOGWv5hk9wECk9E8dnCAk6Ns7Q899f/qKbZiDkW7DFAnUk+nIS+N/M7QNbFQeU= rsa-key-20140421" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

echo "Installing some basic packages like epel and wget"
# Install some basics
yum -y install epel-release
yum -y install htop less vim wget rsync
yum -y update

echo "Setting the firewall to allow SSH and DNS"
# Deal with this god awful firewalld
firewall-cmd --permanent --add-port=22/tcp
firewall-cmd --zone=public --add-service=dns --permanent
firewall-cmd --reload
# for z in $(firewall-cmd --get-zones); do echo "Services allowed in $z zone: $(sudo firewall-cmd --list-services --zone=$z)"; done

echo "Installing local postfix for fail2ban email delivery"
# Install local postfix for admin email delivery
yum -y install postfix mailx
systemctl enable postfix
systemctl start postfix

echo "Installing fail2ban"
yum -y install fail2ban

# Setup the local config file
tee /etc/fail2ban/jail.d/00-local.conf << EOT
[DEFAULT]
bantime = 2147483
findtime = 3600
maxretry = 3
sender = fail2ban@example.com
destemail = root
action = %(action_mwl)s

[sshd]
enabled = true
EOT

# Enable it
systemctl enable fail2ban
systemctl start fail2ban

echo "Be sure to add $IP to /etc/hosts like this:"
echo "$IP  $thishostname"
echo ""
echo "If you'd like to check on banned IP addresses, you can use:"
echo "sudo ipset list f2b-sshd"
echo "Done. Please reboot now..."
	#!/bin/bash
	if [[ $EUID -ne 0 ]]; then
	echo "This script must be run as root"
	exit 1
	fi

	# Set the hostname correctly
	echo "Hello! Please tell me the desired hostname now: "

	read thishostname

	echo "Setting hostname to: '$thishostname'"
	sleep 5

	hostname $thishostname
	echo "$thishostname" > /etc/hostname
	# Read the current IP Address. Fails if more than 1 IP address
	IP=`ifconfig \| grep -E -o "inet ([0-9]{1,3}[\.]){3}[0-9]{1,3}" \| grep -E -v "inet 127.0.0.1" \| sed -r 's/inet ([0-9.]+)/\1/'`

	# Setup SSH, with my public key
	if test -f "~/.ssh/id_rsa"; then
	ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -q -N ""
	fi
	echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAoRx5II7bgJNQ7svCfmhUsW4Iv3i7UFoVlmLMuPwxboaoo7vBwx/mhWtwOGMseP/TvifVJ6Dyyi3dSpG/Uph6kug27MI+OXeBTklxmcIrG9MKZOOGWv5hk9wECk9E8dnCAk6Ns7Q899f/qKbZiDkW7DFAnUk+nIS+N/M7QNbFQeU= rsa-key-20140421" >> ~/.ssh/authorized_keys
	chmod 600 ~/.ssh/authorized_keys

	echo "Installing some basic packages like epel and wget"
	# Install some basics
	yum -y install epel-release
	yum -y install htop less vim wget rsync
	yum -y update

	echo "Setting the firewall to allow SSH and DNS"
	# Deal with this god awful firewalld
	firewall-cmd --permanent --add-port=22/tcp
	firewall-cmd --zone=public --add-service=dns --permanent
	firewall-cmd --reload
	# for z in $(firewall-cmd --get-zones); do echo "Services allowed in $z zone: $(sudo firewall-cmd --list-services --zone=$z)"; done

	echo "Installing local postfix for fail2ban email delivery"
	# Install local postfix for admin email delivery
	yum -y install postfix mailx
	systemctl enable postfix
	systemctl start postfix

	echo "Installing fail2ban"
	yum -y install fail2ban

	# Setup the local config file
	tee /etc/fail2ban/jail.d/00-local.conf << EOT
	[DEFAULT]
	bantime = 2147483
	findtime = 3600
	maxretry = 3
	sender = fail2ban@example.com
	destemail = root
	action = %(action_mwl)s

	[sshd]
	enabled = true
	EOT

	# Enable it
	systemctl enable fail2ban
	systemctl start fail2ban

	echo "Be sure to add $IP to /etc/hosts like this:"
	echo "$IP $thishostname"
	echo ""
	echo "If you'd like to check on banned IP addresses, you can use:"
	echo "sudo ipset list f2b-sshd"
	echo "Done. Please reboot now..."