Last active
January 26, 2020 09:03
-
-
Save voodoonofx/e098b634d644da748c18f35e2e03d92b to your computer and use it in GitHub Desktop.
CentOS 7 Base Install
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
if [[ $EUID -ne 0 ]]; then | |
echo "This script must be run as root" | |
exit 1 | |
fi | |
# Set the hostname correctly | |
echo "Hello! Please tell me the desired hostname now: " | |
read thishostname | |
echo "Setting hostname to: '$thishostname'" | |
sleep 5 | |
hostname $thishostname | |
echo "$thishostname" > /etc/hostname | |
# Read the current IP Address. Fails if more than 1 IP address | |
IP=`ifconfig | grep -E -o "inet ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | grep -E -v "inet 127.0.0.1" | sed -r 's/inet ([0-9.]+)/\1/'` | |
# Setup SSH, with my public key | |
if test -f "~/.ssh/id_rsa"; then | |
ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -q -N "" | |
fi | |
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAoRx5II7bgJNQ7svCfmhUsW4Iv3i7UFoVlmLMuPwxboaoo7vBwx/mhWtwOGMseP/TvifVJ6Dyyi3dSpG/Uph6kug27MI+OXeBTklxmcIrG9MKZOOGWv5hk9wECk9E8dnCAk6Ns7Q899f/qKbZiDkW7DFAnUk+nIS+N/M7QNbFQeU= rsa-key-20140421" >> ~/.ssh/authorized_keys | |
chmod 600 ~/.ssh/authorized_keys | |
echo "Installing some basic packages like epel and wget" | |
# Install some basics | |
yum -y install epel-release | |
yum -y install htop less vim wget rsync | |
yum -y update | |
echo "Setting the firewall to allow SSH and DNS" | |
# Deal with this god awful firewalld | |
firewall-cmd --permanent --add-port=22/tcp | |
firewall-cmd --zone=public --add-service=dns --permanent | |
firewall-cmd --reload | |
# for z in $(firewall-cmd --get-zones); do echo "Services allowed in $z zone: $(sudo firewall-cmd --list-services --zone=$z)"; done | |
echo "Installing local postfix for fail2ban email delivery" | |
# Install local postfix for admin email delivery | |
yum -y install postfix mailx | |
systemctl enable postfix | |
systemctl start postfix | |
echo "Installing fail2ban" | |
yum -y install fail2ban | |
# Setup the local config file | |
tee /etc/fail2ban/jail.d/00-local.conf << EOT | |
[DEFAULT] | |
bantime = 2147483 | |
findtime = 3600 | |
maxretry = 3 | |
sender = fail2ban@example.com | |
destemail = root | |
action = %(action_mwl)s | |
[sshd] | |
enabled = true | |
EOT | |
# Enable it | |
systemctl enable fail2ban | |
systemctl start fail2ban | |
echo "Be sure to add $IP to /etc/hosts like this:" | |
echo "$IP $thishostname" | |
echo "" | |
echo "If you'd like to check on banned IP addresses, you can use:" | |
echo "sudo ipset list f2b-sshd" | |
echo "Done. Please reboot now..." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment