NEWUSER=user PASSWORD= NEWAPACHEHOME=/home/$NEWUSER/php apt-g

1. NEWUSER=user
2. PASSWORD=
3. NEWAPACHEHOME=/home/$NEWUSER/php
4. apt-get update
5. apt-get upgrade
6. timedatectl set-timezone Asia/Singapore
7. adduser $NEWUSER --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --disabled-password
8. echo "$NEWUSER:$PASSWORD" | sudo chpasswd
9. adduser $NEWUSER sudo
10. sed -i 's/^PermitRootLogin yes/PermitRootLogin no'/ /etc/ssh/sshd_config
11.  
12. sed -i '/^TCPKeepAlive yes/a AllowTcpForwarding no' /etc/ssh/sshd_config
13. sed -i 's/^X11Forwarding yes/X11Forwarding no'/ /etc/ssh/sshd_config
14. sed -i '$ a AddressFamily inet' /etc/ssh/sshd_config
15. sed -i "$ a AllowUsers $NEWUSER" /etc/ssh/sshd_config
16. sed -i 's/^Port 22/Port 777'/ /etc/ssh/sshd_config
17. service ssh restart
18. apt-get install fail2ban
19. cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
20. sed -i '/^\[sshd\]/a enabled = true\nfilter = sshd' /etc/fail2ban/jail.local
21.  
22. sed -i 's/^\(bantime[ ]*=\) 600/\1 1800'/ /etc/fail2ban/jail.local
23. sed -i 's/^\(findtime[ ]*=\) 600/\1 1800'/ /etc/fail2ban/jail.local
24. sed -i 's/^\(maxretry[ ]*=\) 5/\1 3'/ /etc/fail2ban/jail.local
25. sed -i 's/^\(port[ ]*=\) ssh/\1 777'/ /etc/fail2ban/jail.local
26. service fail2ban restart
27. iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
28. iptables -A INPUT -p tcp --dport 777 -j ACCEPT
29. iptables -A INPUT -p tcp --dport 80 -j ACCEPT
30. iptables -I INPUT 1 -i lo -j ACCEPT
31. iptables -A INPUT -j DROP
32.  
33. DEBIAN_FRONTEND=noninteractive apt-get install iptables-persistent
34. iptables-save > /etc/iptables/rules.v4
35. iptables-save > /etc/iptables/rules.v6
36. sed -i '$ a net.ipv6.conf.all.disable_ipv6 = 1' /etc/sysctl.conf
37. sed -i '$ a net.ipv6.conf.default.disable_ipv6 = 1' /etc/sysctl.conf
38. sed -i '$ a net.ipv6.conf.lo.disable_ipv6 = 1' /etc/sysctl.conf
39. sysctl -p
40. apt-get install apache2
41. apt-get install php libapache2-mod-php php-mcrypt php-mysql
42. add-apt-repository ppa:ondrej/php
43. apt-get update
44.  
45. apt-get install php7.0 php5.6 php5.6-mysql php-gettext php5.6-mbstring php-xdebug libapache2-mod-php5.6 libapache2-mod-php7.0
46. a2dismod php7.0
47. a2enmod php5.6
48. sed -i 's/^ServerTokens OS/ServerTokens Prod'/ /etc/apache2/conf-available/security.conf
49. sed -i 's/^ServerSignature On/ServerSignature Off'/ /etc/apache2/conf-available/security.conf
50. sed -i "s_^<Directory /var/www/>_<Directory $NEWAPACHEHOME>"_ /etc/apache2/apache2.conf
51. sed -i 's/Options Indexes FollowSymLinks/Options None'/ /etc/apache2/apache2.conf
52. service apache2 restart
53. ln -sfn /usr/bin/php5.6 /etc/alternatives/php
54.  
55. /etc/alternatives/php
56. apt-get update
57. apt-get upgrade
58. DEBIAN_FRONTEND=noninteractive dpkg-reconfigure unattended-upgrades
59. sed -i '/-updates/s/^\/\///g' /etc/apt/apt.conf.d/50unattended-upgrades
60. sed -i '/-updates/a \\t"LP-PPA-ondrej-php:xenial";' /etc/apt/apt.conf.d/50unattended-upgrades
61. sed -i 's/\/\/Unattended-Upgrade::Automatic-Reboot "false";/Unattended-Upgrade::Automatic-Reboot "true";'/ /etc/apt/apt.conf.d/50unattended-upgrades
62. sed -i 's/APT::Periodic::Download-Upgradeable-Packages
63.  
64. 's/APT::Periodic::Download-Upgradeable-Packages "0";/APT::Periodic::Download-Upgradeable-Packages "1";'/ /etc/apt/apt.conf.d/10periodic
65. sed -i 's/APT::Periodic::AutocleanInterval "0";/APT::Periodic::AutocleanInterval "7";'/ /etc/apt/apt.conf.d/10periodic