Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- NEWUSER=user
- PASSWORD=
- NEWAPACHEHOME=/home/$NEWUSER/php
- apt-get update
- apt-get upgrade
- timedatectl set-timezone Asia/Singapore
- adduser $NEWUSER --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --disabled-password
- echo "$NEWUSER:$PASSWORD" | sudo chpasswd
- adduser $NEWUSER sudo
- sed -i 's/^PermitRootLogin yes/PermitRootLogin no'/ /etc/ssh/sshd_config
- sed -i '/^TCPKeepAlive yes/a AllowTcpForwarding no' /etc/ssh/sshd_config
- sed -i 's/^X11Forwarding yes/X11Forwarding no'/ /etc/ssh/sshd_config
- sed -i '$ a AddressFamily inet' /etc/ssh/sshd_config
- sed -i "$ a AllowUsers $NEWUSER" /etc/ssh/sshd_config
- sed -i 's/^Port 22/Port 777'/ /etc/ssh/sshd_config
- service ssh restart
- apt-get install fail2ban
- cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
- sed -i '/^\[sshd\]/a enabled = true\nfilter = sshd' /etc/fail2ban/jail.local
- sed -i 's/^\(bantime[ ]*=\) 600/\1 1800'/ /etc/fail2ban/jail.local
- sed -i 's/^\(findtime[ ]*=\) 600/\1 1800'/ /etc/fail2ban/jail.local
- sed -i 's/^\(maxretry[ ]*=\) 5/\1 3'/ /etc/fail2ban/jail.local
- sed -i 's/^\(port[ ]*=\) ssh/\1 777'/ /etc/fail2ban/jail.local
- service fail2ban restart
- iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
- iptables -A INPUT -p tcp --dport 777 -j ACCEPT
- iptables -A INPUT -p tcp --dport 80 -j ACCEPT
- iptables -I INPUT 1 -i lo -j ACCEPT
- iptables -A INPUT -j DROP
- DEBIAN_FRONTEND=noninteractive apt-get install iptables-persistent
- iptables-save > /etc/iptables/rules.v4
- iptables-save > /etc/iptables/rules.v6
- sed -i '$ a net.ipv6.conf.all.disable_ipv6 = 1' /etc/sysctl.conf
- sed -i '$ a net.ipv6.conf.default.disable_ipv6 = 1' /etc/sysctl.conf
- sed -i '$ a net.ipv6.conf.lo.disable_ipv6 = 1' /etc/sysctl.conf
- sysctl -p
- apt-get install apache2
- apt-get install php libapache2-mod-php php-mcrypt php-mysql
- add-apt-repository ppa:ondrej/php
- apt-get update
- apt-get install php7.0 php5.6 php5.6-mysql php-gettext php5.6-mbstring php-xdebug libapache2-mod-php5.6 libapache2-mod-php7.0
- a2dismod php7.0
- a2enmod php5.6
- sed -i 's/^ServerTokens OS/ServerTokens Prod'/ /etc/apache2/conf-available/security.conf
- sed -i 's/^ServerSignature On/ServerSignature Off'/ /etc/apache2/conf-available/security.conf
- sed -i "s_^<Directory /var/www/>_<Directory $NEWAPACHEHOME>"_ /etc/apache2/apache2.conf
- sed -i 's/Options Indexes FollowSymLinks/Options None'/ /etc/apache2/apache2.conf
- service apache2 restart
- ln -sfn /usr/bin/php5.6 /etc/alternatives/php
- /etc/alternatives/php
- apt-get update
- apt-get upgrade
- DEBIAN_FRONTEND=noninteractive dpkg-reconfigure unattended-upgrades
- sed -i '/-updates/s/^\/\///g' /etc/apt/apt.conf.d/50unattended-upgrades
- sed -i '/-updates/a \\t"LP-PPA-ondrej-php:xenial";' /etc/apt/apt.conf.d/50unattended-upgrades
- sed -i 's/\/\/Unattended-Upgrade::Automatic-Reboot "false";/Unattended-Upgrade::Automatic-Reboot "true";'/ /etc/apt/apt.conf.d/50unattended-upgrades
- sed -i 's/APT::Periodic::Download-Upgradeable-Packages
- 's/APT::Periodic::Download-Upgradeable-Packages "0";/APT::Periodic::Download-Upgradeable-Packages "1";'/ /etc/apt/apt.conf.d/10periodic
- sed -i 's/APT::Periodic::AutocleanInterval "0";/APT::Periodic::AutocleanInterval "7";'/ /etc/apt/apt.conf.d/10periodic
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement