-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinstall.sh
executable file
·167 lines (143 loc) · 7.4 KB
/
install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
##########CONFIG##########
HOSTNAME=""
TIMEZONE="UTC"
#Unprivileged User Account
USER_NAME="admin";
#Unprivileged User Password
USER_PASSWORD=""
#Public Key for User
USER_SSHKEY=""
#FTP User Account
FTP_USER_NAME="sites"
#FTP User Password
FTP_USER_PASSWORD=""
#FTP User Group
FTP_USERGROUP="sites"
#SSH Port
#SSHD_PORT="22"
#SSH Protocol
#SSHD_PROTOCOL="2"
#SSH Allowed Groups
#SSHD_GROUPS="sshusers"
#SSH Permit Root Login
#SSHD_PERMITROOT="No"
#SSH Password Authentication
#SSHD_PASSWORDAUTH="Yes"
#Usergroup to use for Admin Accounts
SUDO_USERGROUP="wheel"
#Passwordless Sudo
SUDO_PASSWORDLESS="Do Not Require Password" #Require Password, Do Not Require Password
##########END CONFIG##########
PWD=$(pwd)
SCRIPTPATH=$(readlink -f $0)
BASEDIR=$(dirname $SCRIPTPATH)
#http://www.linode.com/stackscripts/view/?StackScriptID=1
source include/StackScriptBashLib.sh
# Install and Configure Sudo
aptitude -y install sudo
cp /etc/sudoers /etc/sudoers.tmp
chmod 0640 /etc/sudoers.tmp
test "$SUDO_PASSWORDLESS" == "Do Not Require Password" && (echo "%`echo $SUDO_USERGROUP | tr '[:upper:]' '[:lower:]'` ALL = NOPASSWD: ALL" >> /etc/sudoers.tmp)
test "$SUDO_PASSWORDLESS" == "Require Password" && (echo "%`echo $SUDO_USERGROUP | tr '[:upper:]' '[:lower:]'` ALL = (ALL) ALL" >> /etc/sudoers.tmp)
chmod 0440 /etc/sudoers.tmp
mv /etc/sudoers.tmp /etc/sudoers
# Configure SSHD
#echo "Port $SSHD_PORT" > /etc/ssh/sshd_config.tmp
#echo "Protocol $SSHD_PROTOCOL" >> /etc/ssh/sshd_config.tmp
#sed -n 's/\(HostKey .*\)/\1/p' < /etc/ssh/sshd_config >> /etc/ssh/sshd_config.tmp
#sed -n 's/\(UsePrivilegeSeparation .*\)/\1/p' < /etc/ssh/sshd_config >> /etc/ssh/sshd_config.tmp
#sed -n 's/\(KeyRegenerationInterval .*\)/\1/p' < /etc/ssh/sshd_config >> /etc/ssh/sshd_config.tmp
#sed -n 's/\(ServerKeyBits .*\)/\1/p' < /etc/ssh/sshd_config >> /etc/ssh/sshd_config.tmp
#sed -n 's/\(SyslogFacility .*\)/\1/p' < /etc/ssh/sshd_config >> /etc/ssh/sshd_config.tmp
#sed -n 's/\(LogLevel .*\)/\1/p' < /etc/ssh/sshd_config >> /etc/ssh/sshd_config.tmp
#sed -n 's/\(LoginGraceTime .*\)/\1/p' < /etc/ssh/sshd_config >> /etc/ssh/sshd_config.tmp
#echo "PermitRootLogin `echo $SSHD_PERMITROOT | tr '[:upper:]' '[:lower:]'`" >> /etc/ssh/sshd_config.tmp
#sed -n 's/\(StrictModes .*\)/\1/p' < /etc/ssh/sshd_config >> /etc/ssh/sshd_config.tmp
#sed -n 's/\(RSAAuthentication .*\)/\1/p' < /etc/ssh/sshd_config >> /etc/ssh/sshd_config.tmp
#sed -n 's/\(PubkeyAuthentication .*\)/\1/p' < /etc/ssh/sshd_config >> /etc/ssh/sshd_config.tmp
#sed -n 's/\(IgnoreRhosts .*\)/\1/p' < /etc/ssh/sshd_config >> /etc/ssh/sshd_config.tmp
#sed -n 's/\(RhostsRSAAuthentication .*\)/\1/p' < /etc/ssh/sshd_config >> /etc/ssh/sshd_config.tmp
#sed -n 's/\(HostbasedAuthentication .*\)/\1/p' < /etc/ssh/sshd_config >> /etc/ssh/sshd_config.tmp
#sed -n 's/\(PermitEmptyPasswords .*\)/\1/p' < /etc/ssh/sshd_config >> /etc/ssh/sshd_config.tmp
#sed -n 's/\(ChallengeResponseAuthentication .*\)/\1/p' < /etc/ssh/sshd_config >> /etc/ssh/sshd_config.tmp
#echo "PasswordAuthentication `echo $SSHD_PASSWORDAUTH | tr '[:upper:]' '[:lower:]'`" >> /etc/ssh/sshd_config.tmp
#sed -n 's/\(X11Forwarding .*\)/\1/p' < /etc/ssh/sshd_config >> /etc/ssh/sshd_config.tmp
#sed -n 's/\(X11DisplayOffset .*\)/\1/p' < /etc/ssh/sshd_config >> /etc/ssh/sshd_config.tmp
#sed -n 's/\(PrintMotd .*\)/\1/p' < /etc/ssh/sshd_config >> /etc/ssh/sshd_config.tmp
#sed -n 's/\(PrintLastLog .*\)/\1/p' < /etc/ssh/sshd_config >> /etc/ssh/sshd_config.tmp
#sed -n 's/\(TCPKeepAlive .*\)/\1/p' < /etc/ssh/sshd_config >> /etc/ssh/sshd_config.tmp
#sed -n 's/\(MaxStartups .*\)/\1/p' < /etc/ssh/sshd_config >> /etc/ssh/sshd_config.tmp
#sed -n 's/\(AcceptEnv .*\)/\1/p' < /etc/ssh/sshd_config >> /etc/ssh/sshd_config.tmp
#sed -n 's/\(Subsystem .*\)/\1/p' < /etc/ssh/sshd_config >> /etc/ssh/sshd_config.tmp
#sed -n 's/\(UsePAM .*\)/\1/p' < /etc/ssh/sshd_config >> /etc/ssh/sshd_config.tmp
#echo "AllowGroups `echo $SSHD_GROUPS | tr '[:upper:]' '[:lower:]'`" >> /etc/ssh/sshd_config.tmp
#chmod 0600 /etc/ssh/sshd_config.tmp
#mv /etc/ssh/sshd_config.tmp /etc/ssh/sshd_config
#touch /tmp/restart-ssh
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.tmp
# echo -e "\nPermitRootLogin `echo $SSHD_PERMITROOT | tr '[:upper:]' '[:lower:]'`" >> /etc/ssh/sshd_config.tmp
sudo sed -i 's/PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
# echo "PasswordAuthentication `echo $SSHD_PASSWORDAUTH | tr '[:upper:]' '[:lower:]'`" >> /etc/ssh/sshd_config.tmp
sudo sed -i 's/^PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
# echo "AllowGroups `echo $SSHD_GROUPS | tr '[:upper:]' '[:lower:]'`" >> /etc/ssh/sshd_config.tmp
chmod 0600 /etc/ssh/sshd_config.tmp
mv /etc/ssh/sshd_config.tmp /etc/ssh/sshd_config
touch /tmp/restart-ssh
# Create Groups
#groupadd $SSHD_GROUPS
groupadd $SUDO_USERGROUP
# Create User & Add SSH Key
USER_NAME_LOWER=`echo $USER_NAME | tr '[:upper:]' '[:lower:]'`
#useradd -m -s /bin/bash -G $SSHD_GROUPS,$SUDO_USERGROUP $USER_NAME_LOWER
useradd -m -s /bin/bash -G $SUDO_USERGROUP $USER_NAME_LOWER
echo "$USER_NAME_LOWER:$USER_PASSWORD" | sudo chpasswd
USER_HOME=`sed -n "s/$USER_NAME_LOWER:x:[0-9]*:[0-9]*:[^:]*:\(.*\):.*/\1/p" < /etc/passwd`
sudo -u $USER_NAME_LOWER mkdir $USER_HOME/.ssh
echo "$USER_SSHKEY" >> $USER_HOME/.ssh/authorized_keys
chmod 0600 $USER_HOME/.ssh/authorized_keys
chown $USER_NAME_LOWER:$USER_NAME_LOWER $USER_HOME/.ssh/authorized_keys
# Setup Hostname
echo $HOSTNAME > /etc/hostname
# Set Timezone
ln -sf /usr/share/zoneinfo/$TIMEZONE /etc/localtime
# Module Installations
aptitude -y install git screen yum vsftpd
# Config vsftpd
cp $BASEDIR/conf_files/vsftpd.conf /etc/vsftpd.conf
FTP_USER_NAME_LOWER=`echo $FTP_USER_NAME | tr '[:upper:]' '[:lower:]'`
groupadd $FTP_USERGROUP
useradd -m -g $FTP_USERGROUP $FTP_USER_NAME_LOWER
echo "$FTP_USER_NAME_LOWER:$FTP_USER_PASSWORD" | sudo chpasswd
FTP_USER_HOME=`sed -n "s/$FTP_USER_NAME_LOWER:x:[0-9]*:[0-9]*:[^:]*:\(.*\):.*/\1/p" < /etc/passwd`
sudo -u $FTP_USER_NAME_LOWER mkdir $FTP_USER_HOME/.ssh
touch $FTP_USER_HOME/.ssh/authorized_keys
chmod 0600 $FTP_USER_HOME/.ssh/authorized_keys
chown $FTP_USER_NAME_LOWER:$FTP_USER_NAME_LOWER $FTP_USER_HOME/.ssh/authorized_keys
sudo service vsftpd start
# Download Server Shield
git clone git://github.com/bluedragonz/server-shield.git /home/$USER_NAME/server-shield
sed -i.bak -e 's/yum --security/yum/g' /home/$USER_NAME/server-shield/sshield
chmod +x /home/$USER_NAME/server-shield/sshield
cp /home/$USER_NAME/server-shield/sshield /etc/init.d/sshield
chown -hR $USER_NAME /home/$USER_NAME/server-shield
#/etc/init.d/sshield start
# Download VladGh.com-LEMP
git clone git://github.com/vladgh/VladGh.com-LEMP.git /home/$USER_NAME/VladGh.com-LEMP
sed -i.bak -e 's/start-stop-daemon/\/sbin\/start-stop-daemon/g' /home/$USER_NAME/VladGh.com-LEMP/init_files/nginx
chown -hR $USER_NAME /home/$USER_NAME/VladGh.com-LEMP
# Replace nginx.conf, default site
cp $BASEDIR/conf_files/nginx.conf /home/$USER_NAME/VladGh.com-LEMP/conf_files/nginx.conf
cp $BASEDIR/conf_files/default /home/$USER_NAME/VladGh.com-LEMP/conf_files/default
# Install Webmin
echo "deb http://download.webmin.com/download/repository sarge contrib" >> /etc/apt/sources.list
echo "deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib" >> /etc/apt/sources.list
wget -P /root/ http://www.webmin.com/jcameron-key.asc
apt-key add /root/jcameron-key.asc
apt-get update
apt-get install webmin
# Install Glances
add-apt-repository ppa:arnaud-hartmann/glances-stable
apt-get update
apt-get install glances
# Restart Services
restartServices