A modified LAMP stack.
Installs New Relic
Creates a user for Commando.io
Configures SSH
Installs and configures Fail2Ban
Installs firewall via UFW
Sets the timezone
Installs MySQL and creates a user
And more!
#!/bin/bash # <UDF name="sshd_passwordauth" label="Use SSH password authentication?" oneof="Yes,No" default="No" example="Turn off password authentication if you have added a Public Key." /> # <UDF name="sshd_permitrootlogin" label="Permit SSH root login?" oneof="No,Yes" default="No" example="Root account should not be exposed." /> # <UDF name="sshd_permitemptypasswords" label="Permit empty passwords?" oneof="No,Yes" default="No" /> # <UDF name="sshd_port" label="SSH port" default="22" /> # <UDF name="sys_hostname" label="System hostname" default="myvps" example="Name of your server, i.e. linode1." /> # <UDF name="sys_fqdn" label="The server's Fully Qualified Domain Name" example="linode1.mydomain.com" /> # <UDF name="sys_timezone" oneof="America/New_York,America/Chicago,America/Denver,America/Los_Angeles" label="The server's timezone" /> # <UDF name="mysql_database_password" label="MySQL root Password" default="" /> # <UDF name="mysql_database" label="MySQL database name" example="MySQL database name, ASCII only." default="" /> # <UDF name="mysql_user" label="MySQL database user" example="MySQL database user name, ASCII only." default="" /> # <UDF name="mysql_password" label="MySQL user password" default="" /> # <UDF name="apache_group" Label="Enter the group for apache users" default="apache" example="EX: webserv" /> # <UDF name="apache_user" Label="Enter the username for the apache user (usually client code)" default="" example="EX: prmr" /> # <UDF name="deploy_key" Label="Enter the Deploy SSH key" default="" /> # <UDF name="commando_user" Label="Enter the username for the Commando.io user" default="" /> # <UDF name="commando_key" Label="Enter the SSH key for the Commando.io user" default="" /> # <UDF name="newrelic_key" Label="Enter the New Relic license key" default="" /> # <UDF name="paramore_group" Label="Enter the group for the paramore users" default="paramore" /> # <UDF name="sudo_group_nopassword" label="Allow sudo users to execute without a password?" oneof="No,Yes" default="Yes" /> # <UDF name="paramore_group_nopassword" label="Allow paramore users to execute without a password?" oneof="No,Yes" default="Yes" /> #set -e source <ssinclude StackScriptID="87402"> source <ssinclude StackScriptID="17899"> system_update postfix_install_loopback_only system_update_hostname "$SYS_HOSTNAME" #system_set_fqdn "$SYS_FQDN" "$SYS_HOSTNAME" #system_set_timezone "$SYS_TIMEZONE" # Install Apache apache_install && apache_tune 40 #apache_virtualhost_from_rdns a2enmod rewrite a2enmod ssl #apache_disable_default_site #a2dissite default #a2dissite default-ssl #apachectl graceful service apache2 restart # Install MySQL DB set +u # ignore undefined variables in Linode's SS1 mysql_install "$MYSQL_DATABASE_PASSWORD" && mysql_tune 30 mysql_create_database "$MYSQL_DATABASE_PASSWORD" "$MYSQL_DATABASE" mysql_create_user "$MYSQL_DATABASE_PASSWORD" "$MYSQL_USER" "$MYSQL_PASSWORD" mysql_grant_user "$MYSQL_DATABASE_PASSWORD" "$MYSQL_USER" "$MYSQL_DATABASE" set -u apt-get install -y automysqlbackup # Install PHP php_install_with_apache && php_tune apt-get install -y php5-gd apt-get install -y php5-curl # Configure SSH cp /etc/ssh/sshd_config /etc/ssh/sshd_config.BAK sed -i "s/PermitRootLogin yes/PermitRootLogin $SSHD_PERMITROOTLOGIN/g" /etc/ssh/sshd_config sed -i "s/#PasswordAuthentication yes/PasswordAuthentication $SSHD_PASSWORDAUTH/g" /etc/ssh/sshd_config sed -i "s/Port 22/Port 22122/g" /etc/ssh/sshd_config touch /tmp/restart-ssh # Setup fail2ban system_security_fail2ban "$SSHD_PORT" # Setup firewall #system_security_ufw_configure_basic "$SSHD_PORT" # Create User Groups groupadd $PARAMORE_GROUP groupadd $APACHE_GROUP #if [ "$PARAMORE_GROUP_NOPASSWORD" == "Yes" ]; then #system_visudo_paramore_group_nopass "$PARAMORE_GROUP" #fi # Create Web User useradd --shell /bin/bash --home /var/www --groups "$APACHE_GROUP" "$APACHE_USER" mkdir -p /var/www/.ssh echo "$DEPLOY_KEY" > /var/www/.ssh/authorized_keys chown -R $APACHE_USER:$APACHE_GROUP /var/www chmod 700 /var/www/.ssh chmod 600 /var/www/.ssh/authorized_keys # Create Commando.io User useradd --create-home --shell /bin/bash -g "$PARAMORE_GROUP" "$COMMANDO_USER" mkdir -p /home/$COMMANDO_USER/.ssh echo "$COMMANDO_KEY" > /home/$COMMANDO_USER/.ssh/authorized_keys chown -R $COMMANDO_USER:$PARAMORE_GROUP /home/$COMMANDO_USER chmod 700 /home/$COMMANDO_USER/.ssh chmod 600 /home/$COMMANDO_USER/.ssh/authorized_keys # lib-system - SS124 system_install_utils system_install_build system_install_git #Install New Relic #install_new_relic "$NEWRELIC_KEY" #goodstuff aptitude -y install wget vim less restart_services restart_initd_services