aidan-ubuntu 5.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139
  1. #!/bin/bash
  2. #
  3. # ==================================================
  4. # initialisasi mariadb
  5. sudo apt update
  6. sudo apt-get install software-properties-common
  7. curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
  8. sudo apt install mariadb-server
  9. mysql_secure_installation
  10. # install php
  11. apt-get -y install apt-transport-https lsb-release ca-certificates curl
  12. add-apt-repository ppa:ondrej/php && apt-get update
  13. apt-get install php5.6-{cli,pdo,fpm,zip,gd,xml,mysql,cgi}
  14. apt-get install php7.3-{cli,pdo,fpm,zip,gd,xml,mysql,cgi}
  15. apt-get install php8.0-{cli,pdo,fpm,zip,gd,xml,mysql,cgi}
  16. # list='php php-dev php-fpm php-xml libmcrypt-dev php-pear php-intl php-enchant php-soap php-embed php-tidy php-bcmath php-gd php-xmlrpc php-zip php-ldap php-redis php-sqlite3 php-mysql php-mysqli php-curl php-memcache php-mbstring'
  17. # apt-get install $list -y
  18. # for i in $list_ver;do
  19. # list="
  20. # php${i} php${i}-php php${i}-fpm php${i}-cgi php${i}-xml php${i}-dev php${i}-intl php${i}-enchant php${i}-soap php${i}-embed php${i}-tidy php${i}-bcmath php${i}-gd php${i}-xmlrpc php${i}-zip php${i}-ldap php${i}-redis php${i}-sqlite3 php${i}-mysql php${i}-mysqli php${i}-curl php${i}-memcache php${i}-mbstring
  21. # ";
  22. # apt-get install $list -y
  23. # done
  24. # webmin
  25. wget https://software.virtualmin.com/gpl/scripts/install.sh
  26. bash install.sh
  27. systemctl enable webmin
  28. rm -fr install.sh
  29. # snycthing
  30. echo "deb https://apt.syncthing.net/ syncthing stable" | sudo tee /etc/apt/sources.list.d/syncthing.list
  31. curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
  32. sudo apt update && sudo apt install syncthing
  33. curl https://notabug.org/irwanmohi/test/raw/master/syncthing.txt | sudo tee /etc/systemd/system/syncthing@.service
  34. sudo systemctl daemon-reload
  35. sudo systemctl start syncthing@root
  36. sudo systemctl enable syncthing@root
  37. # maldet
  38. cd /usr/local/src
  39. wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
  40. tar zxvf maldetect-current.tar.gz
  41. cd maldetect-1.*
  42. ./install.sh
  43. # sed -i 's/email_alert="0"/email_alert="1"/g' /usr/local/maldetect/conf.maldet
  44. # sed -i 's/email_addr="you@domain.com"/email_addr="YOU@YOURDOMAIN.COM"/g' /usr/local/maldetect/conf.maldet
  45. # save ssh
  46. /bin/sed -i "s/#Port 22/Port 8288/g" /etc/ssh/sshd_config
  47. /bin/sed -i "s/#Protocol 2/Protocol 2/g" /etc/ssh/sshd_config
  48. /bin/sed -i "s/#UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config
  49. service sshd restart
  50. # csf
  51. apt -y install libwww-perl
  52. # yum install -y perl perl-libwww-perl perl-Time-HiRes unzip bind-utils
  53. cd /usr/local/src
  54. wget https://download.configserver.com/csf.tgz
  55. tar -xzf csf.tgz
  56. cd csf
  57. sh install.sh
  58. #csf configure
  59. /bin/sed -i "s/RESTRICT_SYSLOG\s*=.*$/RESTRICT_SYSLOG = \"3\"/g" /etc/csf/csf.conf
  60. /bin/sed -i "s/SYSLOG_CHECK\s*=.*$/SYSLOG_CHECK = \"3600\"/g" /etc/csf/csf.conf
  61. # By default, CSF will block allowed IP if they break rules.
  62. /bin/sed -i "s/IGNORE_ALLOW\s*=.*/IGNORE_ALLOW = \"1\"/g" /etc/csf/csf.conf
  63. #/bin/sed -i "s/LF_GLOBAL\s*=.*$/LF_GLOBAL = \"1800\"/g" /etc/csf/csf.conf
  64. #/bin/sed -i "s/GLOBAL_ALLOW\s*=.*$/GLOBAL_ALLOW = \"http:\/\/git\.buyscripts\.in\:10080\/boby\/firewall\/raw\/master\/allow\.txt\"/g" /etc/csf/csf.conf
  65. #/bin/sed -i "s/GLOBAL_DENY\s*=.*$/GLOBAL_DENY = \"http\:\/\/git\.buyscripts\.in\:10080\/boby\/firewall\/raw\/master\/deny.txt\"/g" /etc/csf/csf.conf
  66. # This option will notify you when a large amount of email is sent from a particular script on the server
  67. /bin/sed -i "s/LF_SCRIPT_ALERT\s*=.*$/LF_SCRIPT_ALERT = \"1\"/g" /etc/csf/csf.conf
  68. # This option ensures that almost all Linux accounts are checked with Process Tracking, not just the cPanel ones
  69. /bin/sed -i "s/PT_ALL_USERS\s*=.*$/PT_ALL_USERS = \"1\"/g" /etc/csf/csf.conf
  70. /bin/sed -i "s/TESTING = \"1\"/TESTING = \"0\"/g" /etc/csf/csf.conf
  71. # Disable IP blocking alert. You may get many, if you dont need to act on this, disable it
  72. /bin/sed -i "s/PT_USERMEM\s*=.*/PT_USERMEM = \"1024\"/g" /etc/csf/csf.conf
  73. /bin/sed -i "s/LF_NETBLOCK_ALERT\s*=.*/LF_NETBLOCK_ALERT = \"0\"/g" /etc/csf/csf.conf
  74. /bin/sed -i "s/LF_PERMBLOCK_ALERT\s*=.*/LF_PERMBLOCK_ALERT = \"0\"/g" /etc/csf/csf.conf
  75. # Disable all alerts
  76. # /bin/sed -i "s/LF_EMAIL_ALERT\s*=.*/LF_EMAIL_ALERT = \"0\"/g" /etc/csf/csf.conf
  77. # ONLY CPANEL
  78. if [ -d "/var/cpanel/" ]; then
  79. /bin/sed -i "s/SMTP_BLOCK\s*=.*/SMTP_BLOCK = \"1\"/g" /etc/csf/csf.conf
  80. fi
  81. # /bin/sed -i "s/LF_ALERT_TO\s*=.*$/LF_ALERT_TO = \"admin@serverok.in\"/g" /etc/csf/csf.conf
  82. systemctl restart csf.service
  83. csf -r
  84. #basic
  85. apt update
  86. apt -y upgrade
  87. apt -y install procps wget curl nmap whois vim git unzip telnet net-tools dnsutils tmux iftop
  88. curl -Ls https://github.com/serverok/server-setup/raw/master/data/.vimrc > ~/.vimrc
  89. echo "alias ll='ls -la --color'" >> ~/.bashrc
  90. echo "alias rm='rm -i'" >> ~/.bashrc
  91. echo "alias grep='grep --color=auto'" >> ~/.bashrc
  92. echo 'export HISTTIMEFORMAT="%d/%m/%y %T "' >> ~/.bashrc
  93. apt-get install -y sysstat
  94. sed -i 's/ENABLED="false"/ENABLED="true"/g' /etc/default/sysstat
  95. systemctl stop apparmor
  96. systemctl disable apparmor
  97. source ~/.bashrc
  98. # Cleanup and reboot
  99. rm -f /root/install.sh
  100. cp /dev/null /root/.bash_history
  101. clear
  102. echo -e ""
  103. echo -e "Script executed succesfully."
  104. echo -e ""
  105. read -n 1 -r -s -p $"Press enter to reboot..."
  106. echo -e ""
  107. reboot