2024-05-24 08:11:13 -06:00
|
|
|
#!/bin/bash
|
|
|
|
|
2024-05-24 08:29:43 -06:00
|
|
|
LOG_FILE="$(dirname "$0")/setup.log"
|
|
|
|
|
|
|
|
# Log function
|
|
|
|
log() {
|
|
|
|
echo "$1" | tee -a "$LOG_FILE"
|
|
|
|
}
|
|
|
|
|
2024-05-24 08:42:10 -06:00
|
|
|
# Function to check if the script is run as root
|
|
|
|
check_root() {
|
|
|
|
if [ "$EUID" -ne 0 ]; then
|
|
|
|
log "Please run as root"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
}
|
2024-05-24 08:11:13 -06:00
|
|
|
|
|
|
|
# Function to detect the OS and package manager
|
|
|
|
detect_os() {
|
|
|
|
if [[ -f /etc/os-release ]]; then
|
2024-05-24 08:29:43 -06:00
|
|
|
# shellcheck source=/dev/null
|
2024-05-24 08:11:13 -06:00
|
|
|
source /etc/os-release
|
|
|
|
OS=$ID
|
|
|
|
else
|
2024-05-24 08:29:43 -06:00
|
|
|
log "Unable to detect the operating system. Please enter it manually (e.g., ubuntu, debian, centos):"
|
2024-05-24 08:11:13 -06:00
|
|
|
read -r OS
|
|
|
|
fi
|
|
|
|
|
|
|
|
case $OS in
|
|
|
|
ubuntu|debian)
|
|
|
|
PKG_MANAGER="apt"
|
|
|
|
;;
|
|
|
|
centos|fedora)
|
|
|
|
PKG_MANAGER="yum"
|
|
|
|
;;
|
|
|
|
*)
|
2024-05-24 08:29:43 -06:00
|
|
|
log "Unknown operating system. Please enter the package manager (e.g., apt, yum):"
|
2024-05-24 08:11:13 -06:00
|
|
|
read -r PKG_MANAGER
|
2024-05-24 08:29:43 -06:00
|
|
|
log "Please enter the command to update the package list (e.g., 'apt update && apt upgrade' or 'yum update'):"
|
|
|
|
read -r UPDATE_CMD
|
|
|
|
log "Please enter the command to install a package (e.g., 'apt install -y {package_name}' or 'yum install -y {package_name}'):"
|
|
|
|
log "Do not include the {package_name} part, just the 'apt install -y' part"
|
|
|
|
read -r INSTALL_CMD
|
2024-05-24 08:11:13 -06:00
|
|
|
;;
|
|
|
|
esac
|
|
|
|
}
|
|
|
|
|
2024-05-24 08:42:10 -06:00
|
|
|
# Function to prompt for yes/no input
|
|
|
|
prompt_yes_no() {
|
|
|
|
while true; do
|
|
|
|
read -r -p "$1 (y/n): " REPLY
|
|
|
|
case "$REPLY" in
|
|
|
|
[Yy]* ) return 0 ;;
|
|
|
|
[Nn]* ) return 1 ;;
|
|
|
|
* ) log "Please answer yes or no." ;;
|
|
|
|
esac
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
2024-05-24 08:11:13 -06:00
|
|
|
# Function to secure SSH
|
|
|
|
secure_ssh() {
|
2024-05-24 08:29:43 -06:00
|
|
|
log "Securing SSH..."
|
2024-05-24 08:11:13 -06:00
|
|
|
SSH_PORT=$((RANDOM % 64512 + 1024))
|
2024-05-24 08:29:43 -06:00
|
|
|
log "New SSH port: $SSH_PORT"
|
2024-05-24 08:11:13 -06:00
|
|
|
|
|
|
|
sed -i "s/#Port 22/Port $SSH_PORT/" /etc/ssh/sshd_config
|
|
|
|
sed -i "s/PermitRootLogin yes/PermitRootLogin no/" /etc/ssh/sshd_config
|
|
|
|
sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config
|
|
|
|
sed -i "s/#PubkeyAuthentication yes/PubkeyAuthentication yes/" /etc/ssh/sshd_config
|
|
|
|
|
2024-05-24 08:29:43 -06:00
|
|
|
log "Please enter your public key:"
|
2024-05-24 08:11:13 -06:00
|
|
|
read -r PUBLIC_KEY
|
|
|
|
|
|
|
|
mkdir -p ~/.ssh
|
|
|
|
echo "$PUBLIC_KEY" > ~/.ssh/authorized_keys
|
|
|
|
chmod 600 ~/.ssh/authorized_keys
|
|
|
|
chmod 700 ~/.ssh
|
|
|
|
|
|
|
|
systemctl restart sshd
|
|
|
|
}
|
|
|
|
|
|
|
|
# Function to setup firewall
|
|
|
|
setup_firewall() {
|
|
|
|
if command -v ufw &>/dev/null; then
|
2024-05-24 08:29:43 -06:00
|
|
|
log "UFW is already installed. Opening SSH port $SSH_PORT."
|
2024-05-24 08:11:13 -06:00
|
|
|
ufw allow "$SSH_PORT"/tcp
|
|
|
|
elif command -v firewall-cmd &>/dev/null; then
|
2024-05-24 08:29:43 -06:00
|
|
|
log "Firewalld is already installed. Opening SSH port $SSH_PORT."
|
2024-05-24 08:11:13 -06:00
|
|
|
firewall-cmd --permanent --add-port="$SSH_PORT"/tcp
|
|
|
|
firewall-cmd --reload
|
|
|
|
else
|
2024-05-24 08:42:10 -06:00
|
|
|
if prompt_yes_no "No firewall detected. Do you want to install UFW?"; then
|
2024-05-24 08:11:13 -06:00
|
|
|
if [[ $PKG_MANAGER == "apt" ]]; then
|
|
|
|
apt update && apt install -y ufw
|
|
|
|
elif [[ $PKG_MANAGER == "yum" ]]; then
|
|
|
|
yum install -y ufw
|
2024-05-24 08:29:43 -06:00
|
|
|
else
|
|
|
|
$UPDATE_CMD && $INSTALL_CMD ufw
|
2024-05-24 08:11:13 -06:00
|
|
|
fi
|
|
|
|
ufw allow "$SSH_PORT"/tcp
|
|
|
|
ufw enable
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2024-05-24 08:42:10 -06:00
|
|
|
if prompt_yes_no "Do you want to open additional ports?"; then
|
2024-05-24 08:29:43 -06:00
|
|
|
log "Please enter the ports and protocols to open (comma-separated, e.g., 80/tcp,443/tcp,8080/udp):"
|
2024-05-24 08:11:13 -06:00
|
|
|
read -r ADDITIONAL_PORTS
|
|
|
|
IFS=',' read -r -a PORT_ARRAY <<< "$ADDITIONAL_PORTS"
|
2024-05-24 08:29:43 -06:00
|
|
|
for PORT_PROTOCOL in "${PORT_ARRAY[@]}"; do
|
|
|
|
IFS='/' read -r PORT PROTOCOL <<< "$PORT_PROTOCOL"
|
2024-05-24 08:11:13 -06:00
|
|
|
if command -v ufw &>/dev/null; then
|
2024-05-24 08:29:43 -06:00
|
|
|
ufw allow "$PORT/$PROTOCOL"
|
2024-05-24 08:11:13 -06:00
|
|
|
elif command -v firewall-cmd &>/dev/null; then
|
2024-05-24 08:29:43 -06:00
|
|
|
firewall-cmd --permanent --add-port="$PORT/$PROTOCOL"
|
2024-05-24 08:11:13 -06:00
|
|
|
fi
|
|
|
|
done
|
|
|
|
if command -v firewall-cmd &>/dev/null; then
|
2024-05-24 08:42:10 -06:00
|
|
|
firewall_cmd --reload
|
2024-05-24 08:11:13 -06:00
|
|
|
fi
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
# Function to perform system update
|
|
|
|
system_update() {
|
|
|
|
if [[ $PKG_MANAGER == "apt" ]]; then
|
|
|
|
apt update && apt upgrade -y
|
|
|
|
elif [[ $PKG_MANAGER == "yum" ]]; then
|
|
|
|
yum update -y
|
2024-05-24 08:29:43 -06:00
|
|
|
else
|
|
|
|
$UPDATE_CMD && $INSTALL_CMD upgrade -y
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
# Function to run additional setup
|
|
|
|
run_additional_setup() {
|
2024-05-24 08:42:10 -06:00
|
|
|
if prompt_yes_no "Do you want to run additional setup scripts?"; then
|
2024-05-24 08:29:43 -06:00
|
|
|
SCRIPT_DIR=$(dirname "$0")
|
|
|
|
if [[ -f "$SCRIPT_DIR/extender.sh" ]]; then
|
|
|
|
bash "$SCRIPT_DIR/extender.sh" | tee -a "$LOG_FILE"
|
|
|
|
else
|
|
|
|
log "No extender.sh script found in the script directory."
|
|
|
|
fi
|
2024-05-24 08:11:13 -06:00
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2024-05-24 08:34:29 -06:00
|
|
|
# Function to add additional users
|
|
|
|
add_users() {
|
2024-05-24 08:42:10 -06:00
|
|
|
if prompt_yes_no "Do you want to add additional users?"; then
|
|
|
|
while true; do
|
|
|
|
log "Enter the username:"
|
|
|
|
read -r USERNAME
|
|
|
|
log "Enter the password:"
|
|
|
|
read -r -s PASSWORD
|
|
|
|
useradd -m "$USERNAME"
|
|
|
|
echo "$USERNAME:$PASSWORD" | chpasswd
|
|
|
|
|
|
|
|
if prompt_yes_no "Do you want to grant sudo access to $USERNAME?"; then
|
|
|
|
usermod -aG sudo "$USERNAME"
|
|
|
|
log "$USERNAME has been granted sudo access."
|
|
|
|
fi
|
2024-05-24 08:34:29 -06:00
|
|
|
|
2024-05-24 08:42:10 -06:00
|
|
|
if prompt_yes_no "Do you want to add a public key for $USERNAME?"; then
|
|
|
|
log "Please enter the public key:"
|
|
|
|
read -r PUBLIC_KEY
|
|
|
|
su - "$USERNAME" -c "mkdir -p ~/.ssh && echo '$PUBLIC_KEY' >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys && chmod 700 ~/.ssh"
|
|
|
|
log "Public key added for $USERNAME."
|
|
|
|
fi
|
2024-05-24 08:34:29 -06:00
|
|
|
|
2024-05-24 08:42:10 -06:00
|
|
|
if ! prompt_yes_no "Do you want to add another user?"; then
|
|
|
|
break
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
# Function to set up the MOTD
|
|
|
|
setup_motd() {
|
|
|
|
if prompt_yes_no "Do you want to set up the Message of the Day (MOTD)?"; then
|
|
|
|
log "Please enter the MOTD content:"
|
|
|
|
read -r MOTD_CONTENT
|
|
|
|
echo "$MOTD_CONTENT" > /etc/motd
|
|
|
|
log "MOTD has been set."
|
|
|
|
fi
|
2024-05-24 08:34:29 -06:00
|
|
|
}
|
|
|
|
|
2024-05-24 08:11:13 -06:00
|
|
|
# Main script execution
|
2024-05-24 08:42:10 -06:00
|
|
|
check_root
|
2024-05-24 08:11:13 -06:00
|
|
|
detect_os
|
2024-05-24 08:29:43 -06:00
|
|
|
log "Detected OS: $OS, Package Manager: $PKG_MANAGER"
|
2024-05-24 08:42:10 -06:00
|
|
|
if ! prompt_yes_no "Is this correct?"; then
|
2024-05-24 08:29:43 -06:00
|
|
|
log "Please enter the correct OS and package manager:"
|
2024-05-24 08:11:13 -06:00
|
|
|
read -r OS PKG_MANAGER
|
2024-05-24 08:29:43 -06:00
|
|
|
if [[ $PKG_MANAGER != "apt" && $PKG_MANAGER != "yum" ]]; then
|
|
|
|
log "Please enter the command to update the package list (e.g., 'apt update' or 'yum update'):"
|
|
|
|
read -r UPDATE_CMD
|
|
|
|
log "Please enter the command to install a package (e.g., 'apt install -y' or 'yum install -y'):"
|
|
|
|
read -r INSTALL_CMD
|
|
|
|
fi
|
2024-05-24 08:11:13 -06:00
|
|
|
fi
|
|
|
|
|
2024-05-24 08:42:10 -06:00
|
|
|
if prompt_yes_no "Do you want to secure SSH?"; then
|
2024-05-24 08:11:13 -06:00
|
|
|
secure_ssh
|
|
|
|
fi
|
|
|
|
|
2024-05-24 08:42:10 -06:00
|
|
|
if prompt_yes_no "Do you want to set up a firewall?"; then
|
2024-05-24 08:11:13 -06:00
|
|
|
setup_firewall
|
|
|
|
fi
|
|
|
|
|
2024-05-24 08:42:10 -06:00
|
|
|
if prompt_yes_no "Do you want to perform a system update?"; then
|
2024-05-24 08:11:13 -06:00
|
|
|
system_update
|
|
|
|
fi
|
|
|
|
|
2024-05-24 08:29:43 -06:00
|
|
|
log "Setup complete. Summary of actions performed:"
|
|
|
|
[[ $SECURE_SSH == "yes" ]] && log "- SSH secured on port $SSH_PORT"
|
|
|
|
[[ $SETUP_FIREWALL == "yes" ]] && log "- Firewall configured with SSH port $SSH_PORT"
|
|
|
|
[[ $UPDATE_SYSTEM == "yes" ]] && log "- System updated"
|
|
|
|
|
|
|
|
# Run additional setup if requested
|
|
|
|
run_additional_setup
|
2024-05-24 08:34:29 -06:00
|
|
|
|
|
|
|
# Add additional users if requested
|
|
|
|
add_users
|
2024-05-24 08:42:10 -06:00
|
|
|
|
|
|
|
# Set up MOTD if requested
|
|
|
|
setup_motd
|