-
Notifications
You must be signed in to change notification settings - Fork 2
/
ubuntu.sh
86 lines (77 loc) · 3.39 KB
/
ubuntu.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#!/bin/bash
echo "Congratulations for choosing the best linux distribution"
apt update -y
apt upgrade -y
apt-get install dialog htop denyhosts iotop iftop openssh-server vim sudo tree chrony curl wget man ncdu screen ranger apt-transport-https ca-certificates software-properties-common bc -y
source <(curl -s https://raw.githubusercontent.com/chasgames/EZ-Server-Provisioning/master/questions.sh)
if [ $cancel_catch -eq 1 ]; then
echo "ABORT ABORT - You cancelled something"
exit 1
fi
if [ $rootpw_choice != $rootpwconfirm_choice ]; then
echo "ABORT ABORT - Root password mistype"
exit 1
fi
#echo $cancel_catch
#echo $testing
#echo $hostname_choice
#echo $rootpw_choice
#echo $rootpwconfirm_choice
#echo $newusr_choice
#echo $newusrpw_choice
#echo $duo_choice
#echo "You have decided: $docker_choice"
# First Update all packages -y for no interactive
echo "Configuring packages"
echo "Removing SSH Root Login"
sed -re 's/^(PermitRootLogin)([[:space:]]+)yes/\1\2no/' -i.`date -I` /etc/ssh/sshd_config
# Configuring Chrony, way better than NTPd, much more reliable and stays in Sync.
echo "Maybe add some time sources here"
if cat /etc/passwd | grep $newusr_choice >/dev/null; then
echo "$newusr_choice exists!"
exit 1
else
echo "root:$rootpw_choice" | chpasswd
useradd $newusr_choice -s /bin/bash -m
echo "$newusr_choice:$newusrpw_choice" | chpasswd
usermod -aG sudo $newusr_choice
[ $? -eq 0 ] && echo "User has been added to system.. oh and it's a sudo!" || echo "Failed to add a user!"
fi
hostnamectl set-hostname $hostname_choice
#/etc/hosts aswell 127.0.0.1, 127.0.1.1 is just a bug for gnome in debian
sed -i "/^127.0.0.1/ s/$/ $(hostname)/" /etc/hosts
# Need to restart SSH for root password to take affect.
service ssh restart
if [ $docker_choice == "yes" ]; then
echo "installing Docker"
apt install apt-transport-https ca-certificates software-properties-common python-pip -y
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
apt update
apt install docker-ce -y
usermod -aG docker "$newusr_choice"
pip install --upgrade pip
pip install setuptools
pip install docker-compose
fi
if [ $duo_choice == "yes" ]; then
echo "installing Duo"
echo 'deb http://pkg.duosecurity.com/Ubuntu xenial main' | tee /etc/apt/sources.list.d/duosecurity.list
curl -s https://duo.com/APT-GPG-KEY-DUO | apt-key add -
apt update -y
apt install duo-unix
sed -i '/ikey =/c\ikey = '"$duointegration"'' /etc/duo/pam_duo.conf
sed -i '/skey =/c\skey = '"$duosecret"'' /etc/duo/pam_duo.conf
sed -i '/host =/c\host = '"$duoAPIhostname"'' /etc/duo/pam_duo.conf
sed -i '8 a\pushinfo = yes' /etc/duo/pam_duo.conf
sed -i '9 a\autopush = yes' /etc/duo/pam_duo.conf
sed -i '10 a\prompts = 1' /etc/duo/pam_duo.conf
sed -re 's/^(ChallengeResponseAuthentication)([[:space:]]+)no/\1\2yes/' -i.`date -I` /etc/ssh/sshd_config
sed -re 's/^(UsePAM)([[:space:]]+)no/\1\2yes/' -i.`date -I` /etc/ssh/sshd_config
sed -i '88 a\UseDNS no' /etc/ssh/sshd_config
sed -i '49 a\auth required /lib64/security/pam_duo.so' /etc/pam.d/sshd
service ssh restart
fi