API tools faq
paste
Advertisement
gnihtemoSgnihtemos

Shell Script...... debianConfigAwsome.5.0.sh

gnihtemoSgnihtemos
Apr 11th, 2019
544
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 16.17 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash -x
  2.  
  3. shopt -s -o nounset
  4. ####### Catch signals that could stop the script
  5. trap : SIGINT SIGQUIT SIGTERM
  6. #################################
  7.  
  8. # redirect all errors to a file                                                                    #### MUNA setja þetta í sshd_config="#HISTAMIN98"
  9. if [ -w /tmp/svaka ]
  10. then
  11.     exec 2>debianConfigVersion4.9__ERRORS__.txt
  12. else
  13.     echo "can't write error file!"
  14.     exit 127
  15. fi
  16. ##################################################################################################### exec 3>cpSuccessCodes.txt ##
  17.  
  18. SCRIPTNAME=$(basename "$0")
  19.  
  20. if [ "$UID" != 0 ]
  21.     then
  22.     echo "This program should be run as root, exiting! now....."
  23.     sleep 3
  24.     exit 1
  25. fi
  26.  
  27. if [ "$#" -eq 0 ]
  28. then
  29.     echo "RUN AS ROOT...Usage if you want to create users:...$SCRIPTNAME USER_1 USER_2 USER_3 etc."
  30.     echo "If you create users they will be set with a semi strong password which you need to change later as root with the passwd command"
  31.     echo
  32.     echo
  33.     echo "#################### ↓↓↓↓↓↓↓↓↓↓↓ OR ↓↓↓↓↓↓↓↓↓↓ #############################"
  34.     echo
  35.     echo
  36.     echo "RUN AS ROOT...Usage without creating users: $SCRIPTNAME"
  37.     echo
  38.     sleep 10
  39.  
  40. fi
  41.  
  42. echo "Here starts the party!"
  43. echo "Setting up server..........please wait!!!!!"
  44. sleep 3
  45.  
  46. ### ↓↓↓↓ NEXT TIME USE "declare VARIABLE" ↓↓↓↓↓↓↓↓↓↓ #####
  47. OAUTH_TOKEN=d6637f7ccf109a0171a2f55d21b6ca43ff053616
  48. WORK_DIR=/tmp/svaka
  49. BASHRC=.bashrc
  50. NANORC=.nanorc
  51. BASHRCROOT=.bashrcroot
  52. SOURCE=sources.list
  53. PORT=""
  54. #-----------------------------------------------------------------------↓↓
  55. export DEBIAN_FRONTEND=noninteractive
  56. #-----------------------------------------------------------------------↑↑
  57.  
  58. ############################### make all files writable, executable and readable in the working directory#########
  59. if ! chown -R root:root "$WORK_DIR"
  60. then
  61.     echo "chown WORK_DIR failed"
  62.     sleep 3
  63.     exit 127
  64. fi
  65.  
  66. if ! chmod -R 750 "$WORK_DIR"
  67. then
  68.     echo "chmod WORK_DIR failed"
  69.     sleep 3
  70.     exit 127
  71. fi
  72.  
  73. ############################################################## Check if files exist and are writable ########################################################
  74.  
  75. if [[ ! -f "$WORK_DIR"/.bashrc && ! -w "$WORK_DIR"/.bashrc ]]
  76. then
  77.     echo "missing .bashrc file or is not writable.. exiting now....." && { exit 127; }
  78. fi
  79. if [[ ! -f "$WORK_DIR"/.nanorc && ! -w "$WORK_DIR"/.nanorc ]]
  80. then
  81.     echo "missing .nanorc file or is not writable.. exiting now....." && { exit 127; }
  82. fi
  83.     if [[ ! -f "$WORK_DIR"/.bashrcroot && ! -w "$WORK_DIR"/.bashrcroot ]]
  84. then
  85.     echo "missing .bashrcroot file or is not writable..exiting now....." && { exit 127; }
  86. fi
  87. if [[ ! -f "$WORK_DIR"/sources.list && ! -w "$WORK_DIR"/sources.list ]]
  88. then
  89.     echo "missing sources.list file or is not writable..exiting now....." && { exit 127; }
  90. fi
  91.  
  92. ########################################### Check if PORT is set and if sshd_config is set and if PORT is set in iptables ###############################################3
  93. if [[ $PORT == "" ]] || [[ ! `grep "#HISTAMIN98" /etc/ssh/sshd_config` ]] || [[ ! `grep $PORT /etc/iptables.up.rules` ]]  ##[[ ! `/sbin/iptables-save | grep '^\-' | wc -l` > 0 ]]
  94. then
  95.     echo -n "Please select/provide the port-number for ssh in iptables setup or sshd_config file:"
  96.     read port ### when using the "-p" option then the value is stored in $REPLY
  97.     PORT=$port
  98. fi
  99.  
  100.  
  101. ################ Creating new users #####################1
  102.  
  103. creatingNewUsers()
  104. {
  105.     for name in "$@"
  106.     do
  107.         if id -u "$name" #>/dev/null 2>&1
  108.         then
  109.             echo "User: $name exists....setting up now!"
  110.             sleep 2
  111.         else
  112.             echo "User: $name does not exists....creating now!"            
  113.             useradd -m -s /bin/bash "$name" #>/dev/null 2>&1
  114.             sleep 2
  115.         fi
  116.     done
  117. }
  118.  
  119. ###########################################################################3
  120. ################# GET USERS ON THE SYSTEM ###################################
  121.  
  122. prepare_USERS.txt()
  123. {
  124.     awk -F: '$3 >= 1000 { print $1 }' /etc/passwd > "$WORK_DIR"/USERS.txt
  125.  
  126.     chmod 750 "$WORK_DIR"/USERS.txt
  127.     if [[ ! -f "$WORK_DIR"/USERS.txt && ! -w "$WORK_DIR"/USERS.txt ]]
  128.     then
  129.         echo "USERS.txt doesn't exist or is not writable..exiting!"
  130.         sleep 3
  131.         exit 127
  132.     fi
  133. #   if [[ ! "$@" == "" ]]
  134. #   then
  135. #        for user in "$@"
  136. #        do
  137. #            echo "$user" >> /tmp/svaka/USERS.txt || { echo "writing to USERS.txt failed"; exit 127; }
  138. #        done
  139. #    fi
  140. }
  141. ###########################################################################33
  142. ################33 user passwords2
  143. userPasswords()
  144. {
  145.     if [[ ! -f "$WORK_DIR"/USERS.txt && ! -w "$WORK_DIR"/USERS.txt ]]
  146.     then
  147.         echo "USERS.txt doesn't exist or is not writable..exiting!"
  148.         sleep 3
  149.         exit 127
  150.     fi
  151.     while read user
  152.     do
  153.         if [ "$user" = root ]
  154.         then
  155.             continue
  156.         fi
  157.         if [[ $(passwd --status "$user" | awk '{print $2}') = NP ]] || [[ $(passwd --status "$user" | awk '{print $2}') = L ]]
  158.         then
  159.             echo "$user doesn't have a password."
  160.             echo "Changing password for $user:"
  161.             sleep 3
  162.             echo $user:$user"YOURSTRONGPASSWORDHERE12345Áá" | /usr/sbin/chpasswd
  163.             if [ "$?" = 0 ]
  164.                 then
  165.                 echo "Password for user $user changed successfully"
  166.                 sleep 3
  167.             fi
  168.         fi
  169.     done < "$WORK_DIR"/USERS.txt
  170. }
  171.  
  172. ################################################ setting up iptables ####################3
  173. setUPiptables()
  174. {
  175.     #if ! grep -e '-A INPUT -p tcp --dport 80 -j ACCEPT' /etc/iptables.test.rules
  176.     if [[ `/sbin/iptables-save | grep '^\-' | wc -l` > 0 ]]
  177.     then
  178.         echo "Iptables already set, skipping..........!"
  179.         sleep 2
  180.     else
  181.         if [ "$PORT" = "" ]
  182.         then
  183.             echo "Port not set for iptables, setting now......."
  184.             echo -n "Setting port now, insert portnumber: "
  185.             read port
  186.             PORT=$port
  187.         fi
  188.         if [ ! -f /etc/iptables.test.rules ]
  189.         then
  190.             touch /etc/iptables.test.rules
  191.         else
  192.             cat /dev/null > /etc/iptables.test.rules
  193.         fi
  194.  
  195.         cat << EOT >> /etc/iptables.test.rules
  196.         *filter
  197.  
  198.         # Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
  199.         -A INPUT -i lo -j ACCEPT
  200.         -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
  201.  
  202.         # Accepts all established inbound connections
  203.         -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  204.  
  205.         # Allows all outbound traffic
  206.         # You could modify this to only allow certain traffic
  207.         -A OUTPUT -j ACCEPT
  208.  
  209.         # Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
  210.         -A INPUT -p tcp --dport 80 -j ACCEPT
  211.         -A INPUT -p tcp --dport 443 -j ACCEPT
  212.  
  213.         # Allows SSH connections
  214.         # The --dport number is the same as in /etc/ssh/sshd_config
  215.         -A INPUT -p tcp -m state --state NEW --dport $PORT -j ACCEPT
  216.  
  217.         # Now you should read up on iptables rules and consider whether ssh access
  218.         # for everyone is really desired. Most likely you will only allow access from certain IPs.
  219.  
  220.         # Allow ping
  221.         #  note that blocking other types of icmp packets is considered a bad idea by some
  222.         #  remove -m icmp --icmp-type 8 from this line to allow all kinds of icmp:
  223.         #  https://security.stackexchange.com/questions/22711
  224.         -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
  225.  
  226.         # log iptables denied calls (access via dmesg command)
  227.         -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
  228.  
  229.         # Reject all other inbound - default deny unless explicitly allowed policy:
  230.         -A INPUT -j REJECT
  231.         -A FORWARD -j REJECT
  232.  
  233.         COMMIT
  234. EOT
  235.         sed "s/^[ \t]*//" -i /etc/iptables.test.rules ## remove tabs and spaces
  236.         /sbin/iptables-restore < /etc/iptables.test.rules || { echo "iptables-restore failed"; exit 127; }
  237.         /sbin/iptables-save > /etc/iptables.up.rules || { echo "iptables-save failed"; exit 127; }
  238.         printf "#!/bin/bash\n/sbin/iptables-restore < /etc/iptables.up.rules" > /etc/network/if-pre-up.d/iptables ## create a script to run iptables on startup
  239.         chmod +x /etc/network/if-pre-up.d/iptables || { echo "chmod +x failed"; exit 127; }
  240.     fi
  241. }
  242.  
  243. ###################################################33 sshd_config4
  244. setUPsshd()
  245. {
  246.     if grep "Port $PORT" /etc/ssh/sshd_config
  247.     then
  248.         echo "sshd already set, skipping!"
  249.         sleep 3
  250.     else
  251.  
  252.         if [ "$PORT" = "" ]
  253.         then
  254.             echo "Port not set"
  255.             sleep 3
  256.             exit 12
  257.         fi
  258.         users=""
  259.         /bin/cp -f "$WORK_DIR"/sshd_config /etc/ssh/sshd_config
  260.         sed -i "s/Port 34504/Port $PORT/" /etc/ssh/sshd_config
  261.         for user in `awk -F: '$3 >= 1000 { print $1 }' /etc/passwd`
  262.         do
  263.             users+="${user} "
  264.         done
  265.         if grep "AllowUsers" /etc/ssh/sshd_config
  266.         then
  267.             sed -i "/AllowUsers/c\AllowUsers $users" /etc/ssh/sshd_config
  268.         else
  269.             sed -i "6 a \
  270.            AllowUsers $users" /etc/ssh/sshd_config
  271.         fi
  272.  
  273.         chmod 644 /etc/ssh/sshd_config
  274.         /etc/init.d/ssh restart
  275.     fi
  276. }
  277.  
  278. #################################################3333 Remove or comment out DVD/cd line from sources.list5
  279. editSources()
  280. {
  281.     if grep '^# *deb cdrom:\[Debian' /etc/apt/sources.list
  282.     then
  283.         echo "cd already commented out, skipping!"
  284.     else
  285.         sed -i '/deb cdrom:\[Debian GNU\/Linux/s/^/#/' /etc/apt/sources.list
  286.     fi
  287. }
  288.  
  289. ####################################################33 update system6
  290.  
  291. updateSystem()
  292. {
  293.     apt update && apt upgrade -y
  294. }
  295.  
  296.  
  297. ###############################################################7
  298. ############################# check if programs installed and/or install
  299. checkPrograms()
  300. {
  301.     if [ ! -x /usr/bin/git ] || [ ! -x /usr/bin/wget ] || [ ! -x /usr/bin/curl ] || [ ! -x /usr/bin/gcc ] || [ ! -x /usr/bin/make ]
  302.     then
  303.         echo "Some tools with which to work with data not found installing now......................"
  304.         sleep 2
  305.         apt install -y git wget curl gcc make
  306.     fi
  307. }
  308.  
  309. #####################################################3 update sources.list8
  310. updateSources()
  311. {
  312.     if grep "deb http://www.deb-multimedia.org" /etc/apt/sources.list
  313.     then
  314.         echo "Sources are setup already, skipping!"
  315.     else
  316.         /bin/cp -f "$WORK_DIR"/"$SOURCE" /etc/apt/sources.list || { echo "cp failed"; exit 127; }
  317.         chmod 644 /etc/apt/sources.list
  318.         wget http://www.deb-multimedia.org/pool/main/d/deb-multimedia-keyring/deb-multimedia-keyring_2016.8.1_all.deb || { echo "wget failed"; exit 127; }
  319.         dpkg -i deb-multimedia-keyring_2016.8.1_all.deb
  320.         wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
  321.         updateSystem || { echo "update system failed"; exit 127; }
  322.         apt install -y vlc vlc-data browser-plugin-vlc mplayer youtube-dl libdvdcss2 libdvdnav4 libdvdread4 smplayer mencoder build-essential
  323.         sleep 2
  324.     fi
  325. }
  326.  
  327. ###############################################33  SETUP PORTSENTRY ############################################################
  328. ##############################################3                     ############################################################33
  329.  
  330. setup_portsentry()
  331. {
  332.     if  ! grep -q '^TCP_PORTS="1,7,9,11,15,70,79' /etc/portsentry/portsentry.conf || [[ ! -f /etc/portsentry/portsentry.conf ]]
  333.     then
  334.         apt install -y portsentry logcheck
  335.         /bin/cp -f "$WORK_DIR"/portsentry.conf /etc/portsentry/portsentry.conf || { echo "cp portsentry failed"; exit 127; }
  336.         /usr/sbin/service portsentry restart || { echo "service portsentry restart failed"; exit 127; }
  337.     fi
  338. }
  339.  
  340. ###############################################################################################################################33
  341. #####################################################3 run methods here↓   ###################################################3
  342. #####################################################                      ###################################################
  343. if [[ ! "$@" == "" ]]
  344. then
  345.     creatingNewUsers "$@"
  346. fi
  347. prepare_USERS.txt
  348. userPasswords
  349. setUPiptables
  350. setUPsshd
  351. editSources
  352. updateSystem
  353. #setup_portsentry    ######3 NEEDS WORK ##################################
  354. checkPrograms
  355. updateSources
  356. ###########################################################################################################            #####3##
  357. ##############################################################################################################3Methods
  358. ##########################################3 Disable login for www-data #########
  359. passwd -l www-data
  360. #################################### firmware
  361. apt install -y firmware-linux-nonfree firmware-linux
  362. apt install -y firmware-linux-free intel-microcode
  363. sleep 3
  364. ################ NANO SYNTAX-HIGHLIGHTING #####################3
  365. if [ ! -d "$WORK_DIR"/nanorc  ]
  366. then
  367.     if [ "$UID" != 0 ]
  368.     then
  369.         echo "This program should be run as root, goodbye!"
  370.         exit 127
  371.  
  372.     else
  373.         echo "Setting up Nanorc file for all users....please, wait!"
  374.         git clone https://$OAUTH_TOKEN:x-auth-basic@github.com/gnihtemoSgnihtemos/nanorc || { echo "git failed"; exit 127; }
  375.         chmod 755 "$WORK_DIR"/nanorc || { echo "chmod nanorc failed"; exit 127; }
  376.         cd "$WORK_DIR"/nanorc || { echo "cd failed"; exit 127; }
  377.         make install-global || { echo "make failed"; exit 127; }
  378.         /bin/cp -f "$WORK_DIR/$NANORC" /etc/nanorc >&3 || { echo "cp failed"; exit 127; }
  379.         chown root:root /etc/nanorc || { echo "chown failed"; exit 127; }
  380.         chmod 644 /etc/nanorc || { echo "chmod failed"; exit 127; }
  381.         if [ "$?" = 0 ]
  382.         then
  383.             echo "Implementing a custom nanorc file succeeded!"
  384.         else
  385.             echo "Nano setup DID NOT SUCCEED!"
  386.             exit 127
  387.         fi
  388.         echo "Finished setting up nano!"
  389.     fi
  390. fi
  391.  
  392. ################ LS_COLORS SETTINGS and bashrc file for all users #############################
  393. if ! grep 'eval $(dircolors -b $HOME/.dircolors)' /root/.bashrc
  394. then
  395.     echo "Setting root bashrc file....please wait!!!!"
  396.     if /bin/cp -f "$WORK_DIR/$BASHRCROOT" "$HOME"/.bashrc
  397.     then
  398.         echo "Root bashrc copy succeeded!"
  399.     else
  400.         echo "Root bashrc cp failed, exiting now!"
  401.         exit 127
  402.     fi
  403.     chown root:root "$HOME/.bashrc" || { echo "chown failed"; exit 127; }
  404.     chmod 644 "$HOME/.bashrc" || { echo "failed to chmod"; exit 127; }
  405.     wget https://raw.github.com/trapd00r/LS_COLORS/master/LS_COLORS -O "$HOME"/.dircolors || { echo "wget failed"; exit 127; }
  406.     echo 'eval $(dircolors -b $HOME/.dircolors)' >> "$HOME"/.bashrc
  407. fi
  408. while read user
  409. do
  410.     if [ "$user" = root ]
  411.     then
  412.         continue
  413.     fi
  414.  
  415.     sudo -i -u "$user" user="$user" WORK_DIR="$WORK_DIR" BASHRC="$BASHRC" bash <<'EOF'
  416.     if grep 'eval $(dircolors -b $HOME/.dircolors)' "$HOME"/.bashrc
  417.     then
  418.         :
  419.     else
  420.         echo "Setting users=Bashrc files!"
  421.         if /bin/cp -f "$WORK_DIR"/"$BASHRC" "$HOME/.bashrc"
  422.         then
  423.             echo "Copy for $user (bashrc) succeeded!"
  424.             sleep 3
  425.         else
  426.             echo "Couldn't cp .bashrc for user $user"
  427.             exit 127
  428.         fi
  429.         chown $user:$user "$HOME/.bashrc" || { echo "chown failed"; exit 127; }
  430.         chmod 644 "$HOME/.bashrc" || { echo "chmod failed"; exit 127; }
  431.         wget https://raw.github.com/trapd00r/LS_COLORS/master/LS_COLORS -O "$HOME"/.dircolors || { echo "wget failed"; exit 127; }
  432.         echo 'eval $(dircolors -b $HOME/.dircolors)' >> "$HOME"/.bashrc
  433.     fi
  434. EOF
  435. done < "$WORK_DIR"/USERS.txt
  436.  
  437. echo "Finished setting up your system!"
  438. sleep 2
  439. ############ Give control back to these signals
  440. trap SIGINT SIGQUIT SIGTERM
  441. ############################
  442. cd $HOME || { echo "cd $HOME failed"; exit 155; }
  443. ######### REmember to uncomment below echo to remove the install files after installation/configuration.......↓↓↓
  444. echo rm -rf /tmp/svaka || { echo "Failed to remove the install directory!!!!!!!!"; exit 155; }
  445. exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!