FirstServerSetup/FirstServerSetup.sh at master · DKarakis/FirstServerSetup · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
#1 - Let's update Yum instance
echo "Would you like to update Yum? [y,n]"
read input
if [[ $input == "Y" || $input == "y" ]]; then
        yum -y update
else
        echo "Stopped by user"
fi

#2 - Let's install Vim instance
echo "Would you like to install Vim? [y,n] "
read input
if [[ $input == "Y" || $input == "y" ]]; then
        sudo yum install -y vim
else
        echo "Stopped by user"
fi

#3 - Let's read SSH Pub Key
echo "Please insert ssh folder address."
read folder

mkdir ~/.ssh
chmod 700 ~/.ssh
cat id_rsa.pub >> folder
chmod 600 ~/.ssh/authorized_keys
mv folder ~/.ssh

#4.1 - SSH Password Disable
echo "Would you like to disable ssh password when login ? 1/2 [y,n] "
read input
if [[ $input == "Y" || $input == "y" ]]; then
        sed -i '/PubkeyAuthentication/c\PubkeyAuthentication yes' /etc/ssh/sshd_config
else
        echo "Stopped by user"
fi


#4.2 - SSH Password Disable
echo "Would you like to disable ssh password when login? 2/2 [y,n] "
read input
if [[ $input == "Y" || $input == "y" ]]; then
        sed -i '/PasswordAuthentication/c\PasswordAuthentication no' /etc/ssh/sshd_config
else
        echo "Stopped by user"
fi

#5 - Sending mail every login
echo "Would you like to send mail everytime when user logged in? [y,n] "
read input
if [[ $input == "Y" || $input == "y" ]]; then
echo "Enter your email address. [mail@domail.com] "
read input
echo echo "Alert! - Root Shell Access (ServerName) on:' `date` `who` | mail -s "Alert!: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" $input" > ~/.bashrc
else
        echo "Stopped by user"
fi

#6 - SSH Restart
echo "Would you like to restart SSH service? [y,n] "
read input
if [[ $input == "Y" || $input == "y" ]]; then
        sudo service sshd restart
else
        echo "Stopped by user"
fi

#8 - Fail2Ban Installation
echo "Would you like to install Epel Release? [y,n] "
read input
if [[ $input == "Y" || $input == "y" ]]; then
        sudo yum install epel-release
else
        echo "Stopped by user"
fi


#9 - Fail2Ban Installation
echo "Would you like to install Fail2Ban? [y,n] "
read input
if [[ $input == "Y" || $input == "y" ]]; then
        sudo yum install fail2ban -y
else
        echo "Stopped by user"
fi


#10 - Fail2Ban first boot
echo "Would you like Fail2Ban to run in first boot? [y,n] "
read input
if [[ $input == "Y" || $input == "y" ]]; then
        sudo systemctl enable fail2ban
else
        echo "Stopped by user"
fi

#11 - Fail2Ban Creating a Conf File
echo "Would you like to create config file for Fail2Ban? [y,n] "
read input
if [[ $input == "Y" || $input == "y" ]]; then
        echo "[DEFAULT]
# Ban hosts for one hour:
bantime = 3600

# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport

[sshd]
enabled = true
" > /etc/fail2ban/jail.local
else
        echo "Stopped by user"
fi


#12 - Fail2Ban Restart
echo "Would you like to restart Fail2Ban? [y,n] "
read input
if [[ $input == "Y" || $input == "y" ]]; then
        service fail2ban restart
else
        echo "Stopped by user"
fi

echo "All is done. Happy coding :) "