-
Notifications
You must be signed in to change notification settings - Fork 0
/
base_setup_pass_ssh_hostname.sh
162 lines (151 loc) · 4.58 KB
/
base_setup_pass_ssh_hostname.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
#!/bin/bash
clear
echo " ###############################################################"
echo " # Setup server config Netcup/Hetzner Ubuntu 18.04 and above #"
echo " # Setup server config Netcup/Hetzner Debian 10 #"
echo " ###############################################################"
echo ""
echo ""
echo "To EXIT this script press [ENTER]"
echo
read -p "To RUN this script press [Y]" -n 1 -r
echo
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
exit 1
fi
if [[ "$EUID" -ne 0 ]]; then
echo "Sorry, you need to run this as root"
exit 1
fi
if [[ -e /etc/debian_version ]]; then
echo "Debian Distribution"
else
echo "This is not a Debian Distribution."
exit 1
fi
#
# APT
#
echo "apt update and install"
apt update && apt upgrade -y && apt autoremove -y
apt install unattended-upgrades apt-listchanges -y
mkdir /root/script_backupfiles/
clear
#
# Password
#
echo "Set root password"
echo "This script creates a random password - use it, or not"
randompasswd=$(</dev/urandom tr -dc 'A-Za-z0-9!"#$%&'\''()*+,-./:;<=>?@[\]^_`{|}~' | head -c 44 ; echo)
echo "Random Password - mark it once, right mouse klick, enter, and again !"
echo "$randompasswd"
passwd
read -p "Press enter to continue / on fail press CRTL+C"
clear
#
# SSH
#
echo "Set ssh config"
read -p "Choose your SSH Port: (default 22) " -e -i 9837 sshport
ssh-keygen -f /etc/ssh/key1rsa -t rsa -b 4096 -N ""
ssh-keygen -f /etc/ssh/key2ecdsa -t ecdsa -b 521 -N ""
ssh-keygen -f /etc/ssh/key3ed25519 -t ed25519 -N ""
mv /etc/ssh/sshd_config /root/script_backupfiles/sshd_config.orig
echo "Port $sshport
HostKey /etc/ssh/key1rsa
HostKey /etc/ssh/key2ecdsa
HostKey /etc/ssh/key3ed25519
macs hmac-sha2-256,hmac-sha2-512,[email protected],[email protected],[email protected],[email protected]
PermitRootLogin yes
PasswordAuthentication yes
ChallengeResponseAuthentication no
UsePAM no
X11Forwarding no
PermitEmptyPasswords no
PrintMotd no
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
AcceptEnv LANG LC_*
Subsystem sftp internal-sftp" >> /etc/ssh/sshd_config
clear
#
# Network
#
echo "Set network config"
read -p "Your hostname :" -e -i remotehost hostnamex
hostnamectl set-hostname $hostnamex
if [ -f "/etc/netplan/50-cloud-init.yaml" ]; then
nano /etc/netplan/50-cloud-init.yaml
fi
if [ -f "/etc/network/interfaces.d/50-cloud-init.cfg" ]; then
nano /etc/network/interfaces.d/50-cloud-init.cfg
fi
# fix resolf conf
sed -i 's/127.0.1.1/#127.0.1.1/' /etc/hosts
echo 127.0.1.1 $hostnamex >> /etc/hosts
clear
#
# edit pam politics
#
echo "account required pam_nologin.so
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
@include common-session
session optional pam_mail.so standard noenv # [1]
session required pam_limits.so
session required pam_env.so # [1]
session required pam_env.so user_readenv=1 envfile=/etc/default/locale
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
" > /etc/pam.d/sshd
#
# Updates
#
echo "unattended-upgrades"
mv /etc/apt/apt.conf.d/50unattended-upgrades /root/script_backupfiles/50unattended-upgrades.orig
echo 'Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}";
"${distro_id}:${distro_codename}-security";
"${distro_id}ESM:${distro_codename}";
// "${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
};
Unattended-Upgrade::Package-Blacklist {
};
Unattended-Upgrade::DevRelease "false";
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "02:22";
' >> /etc/apt/apt.conf.d/50unattended-upgrades
echo '
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
' >> /etc/apt/apt.conf.d/20auto-upgrades
nano /etc/apt/apt.conf.d/50unattended-upgrades
nano /etc/apt/apt.conf.d/20auto-upgrades
sed -i "s@6,18:00@9,23:00@" /lib/systemd/system/apt-daily.timer
sed -i "s@12h@1h@" /lib/systemd/system/apt-daily.timer
sed -i "s@6:00@1:00@" /lib/systemd/system/apt-daily-upgrade.timer
clear
#
# reboot ssh
#
systemctl restart ssh && systemctl restart sshd
clear
#
# install mod bashrc from Dmitry thanks for him :)
#
#
cd
wget https://raw.githubusercontent.com/vadlike/baberedition/main/.bashrc -O .bashrc
clear
#
# END
#