Paramore Stack v.1.0

by paramore
41 deployments · 20 still active · last rev. 4 months ago

A modified LAMP stack.

Installs New Relic
Creates a user for Commando.io
Configures SSH
Installs and configures Fail2Ban
Installs firewall via UFW
Sets the timezone
Installs MySQL and creates a user
And more!

Compatible with: Debian 7, Debian 8, Ubuntu 12.04 LTS, Ubuntu 14.04 LTS
						#!/bin/bash

# <UDF name="sshd_passwordauth" label="Use SSH password authentication?" oneof="Yes,No" default="No" example="Turn off password authentication if you have added a Public Key." />
# <UDF name="sshd_permitrootlogin" label="Permit SSH root login?" oneof="No,Yes" default="No" example="Root account should not be exposed." />
# <UDF name="sshd_permitemptypasswords" label="Permit empty passwords?" oneof="No,Yes" default="No" />
# <UDF name="sshd_port" label="SSH port" default="22" />

# <UDF name="sys_hostname" label="System hostname" default="myvps" example="Name of your server, i.e. linode1." />
# <UDF name="sys_fqdn" label="The server's Fully Qualified Domain Name" example="linode1.mydomain.com" />
# <UDF name="sys_timezone" oneof="America/New_York,America/Chicago,America/Denver,America/Los_Angeles" label="The server's timezone" />

# <UDF name="mysql_database_password" label="MySQL root Password" default="" />
# <UDF name="mysql_database" label="MySQL database name" example="MySQL database name, ASCII only." default="" />
# <UDF name="mysql_user" label="MySQL database user" example="MySQL database user name, ASCII only." default="" />
# <UDF name="mysql_password" label="MySQL user password" default="" />

# <UDF name="apache_group" Label="Enter the group for apache users" default="apache" example="EX: webserv" />
# <UDF name="apache_user" Label="Enter the username for the apache user (usually client code)" default="" example="EX: prmr" />
# <UDF name="deploy_key" Label="Enter the Deploy SSH key" default="" />

# <UDF name="commando_user" Label="Enter the username for the Commando.io user" default="" />
# <UDF name="commando_key" Label="Enter the SSH key for the Commando.io user" default="" />

# <UDF name="newrelic_key" Label="Enter the New Relic license key" default="" />

# <UDF name="paramore_group" Label="Enter the group for the paramore users" default="paramore" />

# <UDF name="sudo_group_nopassword" label="Allow sudo users to execute without a password?" oneof="No,Yes" default="Yes" />
# <UDF name="paramore_group_nopassword" label="Allow paramore users to execute without a password?" oneof="No,Yes" default="Yes" />

#set -e

source <ssinclude StackScriptID="1">
source <ssinclude StackScriptID="17899">

system_update
postfix_install_loopback_only
system_update_hostname "$SYS_HOSTNAME"
#system_set_fqdn "$SYS_FQDN" "$SYS_HOSTNAME"
#system_set_timezone "$SYS_TIMEZONE"

# Install Apache
apache_install && apache_tune 40
#apache_virtualhost_from_rdns
a2enmod rewrite
a2enmod ssl
#apache_disable_default_site
#a2dissite default
#a2dissite default-ssl
#apachectl graceful
service apache2 restart

# Install MySQL DB
set +u # ignore undefined variables in Linode's SS1
mysql_install "$MYSQL_DATABASE_PASSWORD" && mysql_tune 30
mysql_create_database "$MYSQL_DATABASE_PASSWORD" "$MYSQL_DATABASE"
mysql_create_user "$MYSQL_DATABASE_PASSWORD" "$MYSQL_USER" "$MYSQL_PASSWORD"
mysql_grant_user "$MYSQL_DATABASE_PASSWORD" "$MYSQL_USER" "$MYSQL_DATABASE"
set -u
apt-get install -y automysqlbackup

# Install PHP
php_install_with_apache && php_tune
apt-get install -y php5-gd
apt-get install -y php5-curl

# Configure SSH
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.BAK
sed -i "s/PermitRootLogin yes/PermitRootLogin $SSHD_PERMITROOTLOGIN/g" /etc/ssh/sshd_config
sed -i "s/#PasswordAuthentication yes/PasswordAuthentication $SSHD_PASSWORDAUTH/g" /etc/ssh/sshd_config
sed -i "s/Port 22/Port 22122/g" /etc/ssh/sshd_config
touch /tmp/restart-ssh

# Setup fail2ban
system_security_fail2ban "$SSHD_PORT"

# Setup firewall
#system_security_ufw_configure_basic "$SSHD_PORT"

# Create User Groups
groupadd $PARAMORE_GROUP
groupadd $APACHE_GROUP

#if [ "$PARAMORE_GROUP_NOPASSWORD" == "Yes" ]; then
#system_visudo_paramore_group_nopass "$PARAMORE_GROUP"
#fi

# Create Web User
useradd --shell /bin/bash --home /var/www --groups "$APACHE_GROUP" "$APACHE_USER"
mkdir -p /var/www/.ssh
echo "$DEPLOY_KEY" > /var/www/.ssh/authorized_keys
chown -R $APACHE_USER:$APACHE_GROUP /var/www
chmod 700 /var/www/.ssh
chmod 600 /var/www/.ssh/authorized_keys

# Create Commando.io User
useradd --create-home --shell /bin/bash -g "$PARAMORE_GROUP" "$COMMANDO_USER"
mkdir -p /home/$COMMANDO_USER/.ssh
echo "$COMMANDO_KEY" > /home/$COMMANDO_USER/.ssh/authorized_keys
chown -R $COMMANDO_USER:$PARAMORE_GROUP /home/$COMMANDO_USER
chmod 700 /home/$COMMANDO_USER/.ssh
chmod 600 /home/$COMMANDO_USER/.ssh/authorized_keys

# lib-system - SS124
system_install_utils
system_install_build
system_install_git

#Install New Relic
#install_new_relic "$NEWRELIC_KEY"

#goodstuff
aptitude -y install wget vim less

restart_services
restart_initd_services