showfom/bash
showfom/bash
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update

Browse Source
This commit is contained in:
Xiufeng Guo 2022-06-29 20:39:11 +00:00
commit 0a2ff4daa3
Signed by: showfom
GPG Key ID: 29A7777777777777
2 changed files with 525 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README.md Normal file
View File

@ -0,0 +1,7 @@
## Bash Script for personal use
`debian.sh` - Initial Setup for Debian Server
## License
WTFPL

518
debian.sh Normal file
View File

@ -0,0 +1,518 @@
#!/bin/bash
#########################################################
# Function :Initial Server Setup with Debian Server #
# Platform :Debian 11.x Bullseye #
# Version :1.1 #
# Date :06-29-2022 #
# Author :Showfom Guo #
# Contact :i@m.ac #
# Company :xTom #
#########################################################
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
export PATH
set -euo pipefail
IFS=$'\n\t'
current_dir=$(cd -P -- "$(dirname -- "$0")" && pwd -P)
# Check system requirements, if it's not Debian, exit
if [ -f /etc/debian_version ]; then
printf "\E[0;32;40m"
echo "### Debian System Detected. Starting... ###"
printf "\E[0m"
else
printf "\E[0;31;40m"
echo "### This script is only for Debian. Exiting... ###"
printf "\E[0m"
exit 1
fi
# Check Debian Version, if it's not 10 or 11, exit
if [ "$(cat /etc/debian_version | cut -d'.' -f1)" != "10" ] && [ "$(cat /etc/debian_version | cut -d'.' -f1)" != "11" ]; then
printf "\E[0;31;40m"
echo "### This script is only for Debian 10 or 11. Exiting... ###"
printf "\E[0m"
exit 1
fi
# Check if user is root, if not, exit
if [ "$(id -u)" != "0" ]; then
printf "\E[0;31;40m"
echo "### This script must be run as root. Exiting... ###"
printf "\E[0m"
exit 1
fi
function change_apt_sources() {
printf "\E[0;35;40m"
echo '### Remove all apt sources files ###'
printf "\E[0m"
cp -r /etc/apt/sources.list /etc/apt/sources.list.$(date +"%Y_%m_%d_%I_%M_%p").bak
cp -r /etc/apt/sources.list.d /etc/apt/sources.list.d.$(date +"%Y_%m_%d_%I_%M_%p").bak
rm -rf /etc/apt/sources.list.d/*
printf "\E[0;35;40m"
echo '### Update system, install apt-transport-https and ca-certificates ###'
printf "\E[0m"
apt update
apt install apt-transport-https ca-certificates lsb-release -y
printf "\E[0;35;40m"
echo '### Replace the default sources.list with the new one ###'
printf "\E[0m"
codename=$(lsb_release -sc)
# If codename = buster, use the old sources.list
if [ "$codename" == "buster" ]; then
cat > /etc/apt/sources.list << EOF
deb https://mirror-cdn.xtom.com/debian/ $codename main contrib non-free
deb-src https://mirror-cdn.xtom.com/debian/ $codename main contrib non-free
deb https://mirror-cdn.xtom.com/debian-security/ $codename/updates main contrib non-free
deb-src https://mirror-cdn.xtom.com/debian-security/ $codename/updates main contrib non-free
deb https://mirror-cdn.xtom.com/debian/ $codename-updates main contrib non-free
deb-src https://mirror-cdn.xtom.com/debian/ $codename-updates main contrib non-free
deb https://mirror-cdn.xtom.com/debian/ $codename-backports main contrib non-free
deb-src https://mirror-cdn.xtom.com/debian/ $codename-backports main contrib non-free
EOF
else
cat > /etc/apt/sources.list << EOF
deb https://mirror-cdn.xtom.com/debian/ $codename main contrib non-free
deb-src https://mirror-cdn.xtom.com/debian/ $codename main contrib non-free
deb https://mirror-cdn.xtom.com/debian-security/ $codename-security main contrib non-free
deb-src https://mirror-cdn.xtom.com/debian-security/ $codename-security main contrib non-free
deb https://mirror-cdn.xtom.com/debian/ $codename-updates main contrib non-free
deb-src https://mirror-cdn.xtom.com/debian/ $codename-updates main contrib non-free
deb https://mirror-cdn.xtom.com/debian/ $codename-backports main contrib non-free
deb-src https://mirror-cdn.xtom.com/debian/ $codename-backports main contrib non-free
EOF
fi
printf "\E[0;35;40m"
echo '### Updating system... ###'
printf "\E[0m"
apt update
printf "\E[0;33;40m"
echo "### apt sources replaced ###"
printf "\E[0m"
}
function install_packages() {
printf "\E[0;35;40m"
echo '### Install the necessary packages ###'
printf "\E[0m"
apt install -y \
vim nano cron sudo \
net-tools dnsutils mtr-tiny traceroute \
wget curl host \
unzip rsync \
bash-completion git whois \
fail2ban iptables haveged gnupg vnstat lrzsz jq \
unattended-upgrades apt-listchanges
printf "\E[0;35;40m"
echo '### Updating system... ###'
printf "\E[0m"
apt update
apt upgrade -y
apt dist-upgrade -y
apt autoclean
apt autoremove -y
printf "\E[0;33;40m"
echo "### System upgraded ###"
printf "\E[0m"
}
function change_timezone() {
printf "\E[0;35;40m"
echo '### Change timezone to UTC and environment variables to en_US.UTF-8 ###'
printf "\E[0m"
rm -rf /etc/localtime
ln -s /usr/share/zoneinfo/UTC /etc/localtime
localectl set-locale LANG="en_US.UTF-8" LC_TIME="en_US.UTF-8" LANGUAGE="en_US.UTF-8"
printf "\E[0;33;40m"
echo "### Timezone changed to UTC ###"
printf "\E[0m"
}
function add_ssh_keys(){
printf "\E[0;35;40m"
echo '### Add SSH keys... ###'
printf "\E[0m"
mkdir -p /root/.ssh
cat > /root/.ssh/authorized_keys << EOF
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPn3FvKyi2pvUCU943a1FPUKV+rOElgPoOcxORGnEmdS p@m.ac-mobile
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINeLww3zlRtaZ5vSxMRKoUC8s2r3+wEirzGt0bFMCD1R p@m.ac-x1
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHAj4nbOal5A6nPPBFdjLG5a7JjW/BC6jif1yY1rbQS+ y@m.ac-2022
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQvrfn3+7e/qLYFkHt7Jmo+e+7QdD8vD/ECh3PC/gR6 i@m.ac-ed25519
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAlfvpoVibfQ36GwMjJt2PIF77Dup8T9/3frJwVBC33zSwHJiihfPZlfKiUfiOUP1io1kBs3fMhq1r+x708ilxKn/3NxtYFmUWTKpqQq6+t5KBAY+0Cy+WHnJlslg8M0/npf7mDr5HJf09eTn+krSGCUTo+Gd38P9aNp1WamMa6pIRQ27mWMSECDkB93LpPVI4p9t00Z8ArNS6DOaTRcW9+/VJ0S+wYKnTmGz9bvsliHIK1fSBCMtPH0ApZtsQSHmsjh75ACv6qbU2R9d0ur3OA5u3wtFXuCIIzZANJIfQP8ehXnNjmakJTbNtGjye9hErKuaBwy42Ekgw5gRiHRuxvdPM5P5fSy01+jPQb3JqaEQOtrlTaVyjja0Y8+MSA8LqGvgul8FsQ5fRafJo0D+ep2SblrYUCc1mTwWx5+Z7pgaW04dXeVVXXGJVkGvfcE74rOBqfgHe/FAsbW+9rVueDiwuXnkivz/Yeqp2uAQxAqJerpZUPx9mE7ouSTipBT8e2R7zXm65cfhmrHmrrzEo8kJfcxBj9ozzpj2S4RsTm2DvYo05tbzaSo/gC1pv4QIwFhPfz8IvmPOjNI2xdYhMLCZGAf4Rl2g8PCE8lgXTjOFxIUb11H2N1OJgPoXiiAGFBPhdQZardE+fIfjWlh0wW9yCtTk7CojT0l1DPR8F9PE= i@m.ac-rsa-4096
EOF
chmod 700 /root/.ssh
chmod 600 /root/.ssh/authorized_keys
printf "\E[0;33;40m"
echo "### SSH keys added ###"
printf "\E[0m"
}
function disable_ssh_password() {
printf "\E[0;35;40m"
echo '### Disable SSH password ###'
printf "\E[0m"
codename=$(lsb_release -sc)
if [ "$codename" == "buster" ]; then
cp -r /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +"%Y_%m_%d_%I_%M_%p").bak
sed -i -E 's/#?PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
sed -i -E 's/#?PermitRootLogin.*/PermitRootLogin without-password/' /etc/ssh/sshd_config
echo 'DebianBanner no' >> /etc/ssh/sshd_config
else
cat > /etc/ssh/sshd_config.d/disable_password.conf << EOF
PermitRootLogin without-password
PasswordAuthentication no
EOF
cat > /etc/ssh/sshd_config.d/hide_debian_banner.conf << EOF
DebianBanner no
EOF
fi
printf "\E[0;33;40m"
echo "### SSH password disabled ###"
printf "\E[0m"
}
function custom_fail2ban() {
printf "\E[0;35;40m"
echo '### Custom Fail2ban ###'
printf "\E[0m"
cat > /etc/fail2ban/jail.d/bantime.conf << EOF
[DEFAULT]
bantime = 1h
EOF
printf "\E[0;33;40m"
echo "### Custom Fail2ban configuration added ###"
printf "\E[0m"
}
function custom_bashrc() {
printf "\E[0;35;40m"
echo '### Custom .bashrc ###'
printf "\E[0m"
cp -r /root/.bashrc /root/.bashrc.$(date +"%Y_%m_%d_%I_%M_%p").bak
cat > /root/.bashrc << EOF
if [ -z "\$PS1" ]; then
return
fi
# Custom alias
alias ls='ls --color=auto'
alias ll='ls --color=auto -alF'
alias l='ls -A'
alias mtr='mtr --aslookup --show-ips'
PS1='\[\033[01;31m\]\u\[\033[01;33m\]@\[\033[01;36m\]\h \[\033[01;33m\]\w \[\033[01;35m\]\\$ \[\033[00m\]'
EOF
printf "\E[0;33;40m"
echo "### Custom .bashrc added ###"
printf "\E[0m"
}
function custom_vimrc() {
printf "\E[0;35;40m"
echo '### Custom .vimrc ###'
printf "\E[0m"
cat > /root/.vimrc << EOF
set nopaste
syntax on
set nu
set tabstop=4
set shiftwidth=4
set softtabstop=4
set expandtab
EOF
printf "\E[0;33;40m"
echo "### Custom .vimrc added ###"
printf "\E[0m"
}
function custom_inputrc() {
printf "\E[0;35;40m"
echo '### Custom .inputrc ###'
printf "\E[0m"
cat > /root/.inputrc << EOF
set enable-bracketed-paste off
EOF
printf "\E[0;33;40m"
echo "### Custom .inputrc added ###"
printf "\E[0m"
}
function custom_sysctl() {
printf "\E[0;35;40m"
echo '### Custom sysctl.conf ###'
printf "\E[0m"
cp -r /etc/sysctl.conf /etc/sysctl.conf.$(date +"%Y_%m_%d_%I_%M_%p").bak
cat /dev/null > /etc/sysctl.conf
cat > /etc/sysctl.d/local.conf << EOF
net.ipv4.ip_forward = 1
net.ipv4.conf.all.proxy_arp = 0
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.autoconf = 0
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.default.accept_ra = 0
net.ipv6.conf.default.accept_dad = 0
net.ipv6.conf.all.accept_dad = 0
net.core.rmem_default = 1212992
net.ipv4.neigh.default.gc_interval = 3600
net.ipv4.neigh.default.gc_stale_time = 3600
net.ipv4.neigh.default.gc_thresh1 = 2048
net.ipv4.neigh.default.gc_thresh2 = 4096
net.ipv4.neigh.default.gc_thresh3 = 8192
net.ipv6.neigh.default.base_reachable_time_ms = 3600
net.core.wmem_max = 134217728
net.core.rmem_max = 134217728
net.ipv4.tcp_rmem = 10240 87380 134217728
net.ipv4.tcp_wmem = 10240 87380 134217728
net.ipv4.tcp_slow_start_after_idle = 0
fs.inotify.max_user_watches = 819200
net.ipv4.tcp_max_syn_backlog = 32768
net.core.somaxconn = 2048
net.core.netdev_max_backlog = 32768
vm.vfs_cache_pressure = 100
vm.dirty_background_bytes = 52428800
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
net.ipv6.route.max_size = 1048576
fs.file-max = 1000000
vm.swappiness = 10
vm.dirty_ratio = 60
vm.dirty_background_ratio = 2
net.ipv6.ip6frag_high_thresh = 4194304
net.ipv6.ip6frag_low_thresh = 3145728
net.ipv4.ipfrag_high_thresh = 4194304
net.ipv4.ipfrag_low_thresh = 3145728
EOF
sysctl -p
printf "\E[0;33;40m"
echo "### Custom sysctl.conf added ###"
printf "\E[0m"
}
function add_nginx_repo() {
printf "\E[0;35;40m"
echo '### Add n.wtf Nginx repo ###'
printf "\E[0m"
curl -sS https://n.wtf/public.key | gpg --dearmor > /usr/share/keyrings/n.wtf.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/n.wtf.gpg] https://mirror-cdn.xtom.com/sb/nginx/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/n.wtf.list
printf "\E[0;33;40m"
echo "### n.wtf Nginx repo added ###"
printf "\E[0m"
}
function add_docker_repo() {
printf "\E[0;35;40m"
echo '### Add Docker CE repo ###'
printf "\E[0m"
curl -sS https://download.docker.com/linux/debian/gpg | gpg --dearmor > /usr/share/keyrings/docker-ce.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-ce.gpg] https://mirror-cdn.xtom.com/docker-ce/linux/debian $(lsb_release -sc) stable" > /etc/apt/sources.list.d/docker.list
printf "\E[0;33;40m"
echo "### Docker CE repo added ###"
printf "\E[0m"
}
function add_php_repo() {
printf "\E[0;35;40m"
echo '### Add Sury PHP repo ###'
printf "\E[0m"
wget -O /usr/share/keyrings/deb.sury.org-php.gpg https://packages.sury.org/php/apt.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://mirror-cdn.xtom.com/sury/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list
printf "\E[0;33;40m"
echo "### Sury PHP repo added ###"
printf "\E[0m"
}
function add_mariadb_repo() {
printf "\E[0;35;40m"
echo '### Add MariaDB repo ###'
printf "\E[0m"
curl -sS https://mariadb.org/mariadb_release_signing_key.asc | gpg --dearmor > /usr/share/keyrings/mariadb.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/mariadb.gpg] https://mirror-cdn.xtom.com/mariadb/repo/10.6/debian $(lsb_release -sc) main" > /etc/apt/sources.list.d/mariadb.list
printf "\E[0;33;40m"
echo "### MariaDB repo added ###"
printf "\E[0m"
}
function add_tor_repo() {
printf "\E[0;35;40m"
echo '### Add Tor repo ###'
printf "\E[0m"
wget -O /usr/share/keyrings/tor.gpg https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/tor.gpg] https://deb.torproject.org/torproject.org $(lsb_release -sc) main" > /etc/apt/sources.list.d/tor.list
printf "\E[0;33;40m"
echo "### Tor repo added ###"
printf "\E[0m"
}
function add_unattended_upgrades() {
printf "\E[0;35;40m"
echo '### Enable Unattended Upgrades ###'
printf "\E[0m"
cp -r /etc/apt/apt.conf.d/50unattended-upgrades /etc/apt/apt.conf.d/50unattended-upgrades.$(date +"%Y_%m_%d_%I_%M_%p").bak
cat > /etc/apt/apt.conf.d/50unattended-upgrades << EOF
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::Verbose "1";
APT::Periodic::AutocleanInterval "7";
Unattended-Upgrade::Mail "root";
Unattended-Upgrade::Origins-Pattern {
"origin=Debian,codename=\${distro_codename},label=Debian-Security";
"origin=Debian,codename=\${distro_codename}-security,label=Debian-Security";
};
Unattended-Upgrade::Package-Blacklist {
};
Unattended-Upgrade::Automatic-Reboot "false";
EOF
printf "\E[0;33;40m"
echo "### Unattended Upgrades enabled ###"
printf "\E[0m"
}
function add_acme_sh() {
printf "\E[0;35;40m"
echo '### Install acme.sh ###'
printf "\E[0m"
curl -sS https://get.acme.sh | bash -s email=david@xtom.com
/root/.acme.sh/acme.sh --upgrade --auto-upgrade
/root/.acme.sh/acme.sh --set-default-ca --server letsencrypt
printf "\E[0;33;40m"
echo "### acme.sh installation done ###"
printf "\E[0m"
}
function add_rclone() {
printf "\E[0;35;40m"
echo '### Install Rclone ###'
printf "\E[0m"
wget -O /tmp/rclone.deb https://downloads.rclone.org/rclone-current-linux-$(dpkg --print-architecture).deb
dpkg -i /tmp/rclone.deb
rm /tmp/rclone.deb
printf "\E[0;33;40m"
echo "### Rclone installation done ###"
printf "\E[0m"
}
function add_update_sh() {
printf "\E[0;35;40m"
echo '### Add update.sh ###'
printf "\E[0m"
cat > /root/update.sh << EOF
#!/bin/bash
apt-get update
apt-get upgrade -y
apt-get dist-upgrade -y
apt-get autoclean
apt-get autoremove -y
EOF
chmod +x /root/update.sh
/root/update.sh
printf "\E[0;33;40m"
echo "### update.sh added ###"
printf "\E[0m"
}
# Dialog box begins here
cmd=(dialog --title "Debian Server Initial Setup" --separate-output --checklist "Select options:" 22 76 16)
options=(1 "Install Packages" on # any option can be set to default to "on"
2 "Change APT Sources" on
3 "Change Timezone" on
4 "Add SSH Keys" on
5 "Disable SSH Password" on
6 "Custom Fail2ban" on
7 "Custom .bashrc" on
8 "Custom .vimrc" on
9 "Custom .inputrc" on
10 "Custom sysctl" on
11 "Enable Unattended Upgrades" on
12 "Add n.wtf Nginx Repo" on
13 "Add Docker CE Repo" off
14 "Add Sury PHP Repo" off
15 "Add MariaDB Repo" off
16 "Add Tor Project Repo" off
17 "Install acme.sh" off
18 "Install Rclone" off
19 "Add update.sh" on)
choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty)
clear
for choice in $choices
do
case $choice in
1)
install_packages
;;
2)
change_apt_sources
;;
3)
change_timezone
;;
4)
add_ssh_keys
;;
5)
disable_ssh_password
;;
6)
custom_fail2ban
;;
7)
custom_bashrc
;;
8)
custom_vimrc
;;
9)
custom_inputrc
;;
10)
custom_sysctl
;;
11)
add_unattended_upgrades
;;
12)
add_nginx_repo
;;
13)
add_docker_repo
;;
14)
add_php_repo
;;
15)
add_mariadb_repo
;;
16)
add_tor_repo
;;
17)
add_acme_sh
;;
18)
add_rclone
;;
19)
add_update_sh
;;
esac
done
printf "\E[0;36;40m"
echo '### Server Initial Setup Completed. ###'
echo 'Have a nice day.'
echo 'You may need to reboot your system to take affect.'
printf "\E[0m"