Hardened LinuxGSM

by scrane
156 deployments · 126 still active · last rev. 7 months ago

This is a stackscript to install LinuxGSM on the Linode while hardening SSH to prevent some vectors of hack.

The following fields are used
Limited User Name - Creating a limited user to access the Linode with
Limited User Password - A password for the limited user on the Linode
SSH Pubkey - the public key to use when accessing the Linode via SSH
Hostname - local host name for your Linode
Fully qualified domain name - domain you'd like to use for your Linode
Game server - select the game server you'd like to deploy
Game server name - the outward facing name for your game server (i.e. what folks would see when logging in to Minecraft). Also functions as a limited user that cannot be directly accessed via SSH due to hardening.
Steam Game Server Login Token - A field that is required for the following games:
Ballistic Overkill
Brainbread 2
Black Mesa: Deathmatch
Counter Strike: Global Offensive (required)
Counter Strike: Source (required)
Day of Defeat: Source
Empires Mod
Garry’s Mod
No more Room in Hell (required)
Team Fortress 2
Tower Unite
Zombie Panic! Source

The Game Server Login Token is optional otherwise. You can generate one here: https://steamcommunity.com/dev/managegameservers

Compatible with: Debian 9
Includes: LinuxGSM Library
#<UDF name="ssuser" Label="Sudo user username?" example="username" />
#<UDF name="sspassword" Label="Sudo user password?" example="strongPassword" />
#<UDF name="steamuser" Label="Steam username (required for some game installations. Optional for most games." default="Optional" example="username" />
#<UDF name="steampassword" Label="Steam user password (required for some game installations. Optional for most games." default="Password" example="strongPassword" />
#<UDF name="sspubkey" Label="SSH pubkey (installed for root and sudo user)?" example="ssh-rsa ..." />
#<UDF name="hostname" label="Hostname" example="Local hostname">
#<UDF name="gslt" label="Steam Game Server Login Token" example="Required for some games (see notes), optional otherwise" default="optional" />
#<UDF name="fqdn" label="Fully Qualified Domain Name" example="Provide the domain name you'd like to use for your server">
#<udf name="gameserver" label="Game Server" oneOf="arkserver,arma3server,bb2server,bbserver,bdserver,bf1942server,bmdmserver,boserver,bsserver,bt1944server,ccserver,cod2server,cod4server,codserver,coduoserver,codwawserver,csczserver,csgoserver,csserver,cssserver,dabserver,dmcserver,dodserver,dodsserver,doiserver,dstserver,ecoserver,emserver,etlserver,fctrserver,fofserver,gesserver,gmodserver,hl2dmserver,hldmserver,hldmsserver,hwserver,insserver,jc2server,jc3server,kf2server,kfserver,l4d2server,l4dserver,mcserver,mtaserver,mumbleserver,nmrihserver,ns2cserver,ns2server,nsserver,opforserver,pcserver,pstbsserver,pvkiiserver,pzserver,q2server,q3server,qlserver,qwserver,ricochetserver,roserver,rustserver,rwserver,sampserver,sbserver,sdtdserver,squadserver,ss3server,stserver,svenserver,terrariaserver,tf2server,tfcserver,ts3server,tuserver,twserver,ut2k4server,ut3server,ut99server,vsserver,wetserver,zpsserver" example="Select your game for your game server">
#<UDF name="gamename" label="Game Server Name" example="Name of the game server within your game">

# Sets source library script
source <ssinclude StackScriptID="333596">

curl -o out.sh -L https://raw.githubusercontent.com/stevethepirate88/StackScripts/master/LinuxGSM_Hardened.sh

. ./out.sh