| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128 |
- #!/bin/bash
- #
- # ==================================================
- # initialisasi mariadb
- sudo apt update
- sudo apt-get install software-properties-common
- curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
- sudo apt install mariadb-server
- mysql_secure_installation
- # install php
- apt-get -y install apt-transport-https lsb-release ca-certificates curl
- add-apt-repository ppa:ondrej/php && apt-get update
- apt-get install php5.6-{cli,pdo,fpm,zip,gd,xml,mysql,cgi}
- apt-get install php7.3-{cli,pdo,fpm,zip,gd,xml,mysql,cgi}
- apt-get install php8.0-{cli,pdo,fpm,zip,gd,xml,mysql,cgi}
- # list='php php-dev php-fpm php-xml libmcrypt-dev php-pear php-intl php-enchant php-soap php-embed php-tidy php-bcmath php-gd php-xmlrpc php-zip php-ldap php-redis php-sqlite3 php-mysql php-mysqli php-curl php-memcache php-mbstring'
- # apt-get install $list -y
- # for i in $list_ver;do
- # list="
- # php${i} php${i}-php php${i}-fpm php${i}-cgi php${i}-xml php${i}-dev php${i}-intl php${i}-enchant php${i}-soap php${i}-embed php${i}-tidy php${i}-bcmath php${i}-gd php${i}-xmlrpc php${i}-zip php${i}-ldap php${i}-redis php${i}-sqlite3 php${i}-mysql php${i}-mysqli php${i}-curl php${i}-memcache php${i}-mbstring
- # ";
- # apt-get install $list -y
- # done
- # webmin
- wget https://software.virtualmin.com/gpl/scripts/install.sh
- bash install.sh
- systemctl enable webmin
- rm -fr install.sh
- # snycthing
- echo "deb https://apt.syncthing.net/ syncthing stable" | sudo tee /etc/apt/sources.list.d/syncthing.list
- curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
- sudo apt update && sudo apt install syncthing
- curl https://notabug.org/irwanmohi/test/raw/master/syncthing.txt | sudo tee /etc/systemd/system/syncthing@.service
- sudo systemctl daemon-reload
- sudo systemctl start syncthing@root
- sudo systemctl enable syncthing@root
- # maldet
- cd /usr/local/src
- wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
- tar zxvf maldetect-current.tar.gz
- cd maldetect-1.*
- ./install.sh
- # sed -i 's/email_alert="0"/email_alert="1"/g' /usr/local/maldetect/conf.maldet
- # sed -i 's/email_addr="you@domain.com"/email_addr="YOU@YOURDOMAIN.COM"/g' /usr/local/maldetect/conf.maldet
- # save ssh
- /bin/sed -i "s/#Port 22/Port 8288/g" /etc/ssh/sshd_config
- /bin/sed -i "s/#Protocol 2/Protocol 2/g" /etc/ssh/sshd_config
- /bin/sed -i "s/#UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config
- service sshd restart
- # csf
- apt -y install libwww-perl
- # yum install -y perl perl-libwww-perl perl-Time-HiRes unzip bind-utils
- cd /usr/local/src
- wget https://download.configserver.com/csf.tgz
- tar -xzf csf.tgz
- cd csf
- sh install.sh
- #csf configure
- /bin/sed -i "s/RESTRICT_SYSLOG\s*=.*$/RESTRICT_SYSLOG = \"3\"/g" /etc/csf/csf.conf
- /bin/sed -i "s/SYSLOG_CHECK\s*=.*$/SYSLOG_CHECK = \"3600\"/g" /etc/csf/csf.conf
- # By default, CSF will block allowed IP if they break rules.
- /bin/sed -i "s/IGNORE_ALLOW\s*=.*/IGNORE_ALLOW = \"1\"/g" /etc/csf/csf.conf
- #/bin/sed -i "s/LF_GLOBAL\s*=.*$/LF_GLOBAL = \"1800\"/g" /etc/csf/csf.conf
- #/bin/sed -i "s/GLOBAL_ALLOW\s*=.*$/GLOBAL_ALLOW = \"http:\/\/git\.buyscripts\.in\:10080\/boby\/firewall\/raw\/master\/allow\.txt\"/g" /etc/csf/csf.conf
- #/bin/sed -i "s/GLOBAL_DENY\s*=.*$/GLOBAL_DENY = \"http\:\/\/git\.buyscripts\.in\:10080\/boby\/firewall\/raw\/master\/deny.txt\"/g" /etc/csf/csf.conf
- # This option will notify you when a large amount of email is sent from a particular script on the server
- /bin/sed -i "s/LF_SCRIPT_ALERT\s*=.*$/LF_SCRIPT_ALERT = \"1\"/g" /etc/csf/csf.conf
- # This option ensures that almost all Linux accounts are checked with Process Tracking, not just the cPanel ones
- /bin/sed -i "s/PT_ALL_USERS\s*=.*$/PT_ALL_USERS = \"1\"/g" /etc/csf/csf.conf
- /bin/sed -i "s/TESTING = \"1\"/TESTING = \"0\"/g" /etc/csf/csf.conf
- # Disable IP blocking alert. You may get many, if you dont need to act on this, disable it
- /bin/sed -i "s/PT_USERMEM\s*=.*/PT_USERMEM = \"1024\"/g" /etc/csf/csf.conf
- /bin/sed -i "s/LF_NETBLOCK_ALERT\s*=.*/LF_NETBLOCK_ALERT = \"0\"/g" /etc/csf/csf.conf
- /bin/sed -i "s/LF_PERMBLOCK_ALERT\s*=.*/LF_PERMBLOCK_ALERT = \"0\"/g" /etc/csf/csf.conf
- # Disable all alerts
- # /bin/sed -i "s/LF_EMAIL_ALERT\s*=.*/LF_EMAIL_ALERT = \"0\"/g" /etc/csf/csf.conf
- # ONLY CPANEL
- if [ -d "/var/cpanel/" ]; then
- /bin/sed -i "s/SMTP_BLOCK\s*=.*/SMTP_BLOCK = \"1\"/g" /etc/csf/csf.conf
- fi
- # /bin/sed -i "s/LF_ALERT_TO\s*=.*$/LF_ALERT_TO = \"admin@serverok.in\"/g" /etc/csf/csf.conf
- systemctl restart csf.service
- csf -r
- #basic
- apt update
- apt -y upgrade
- apt -y install procps wget curl nmap whois vim git unzip telnet net-tools dnsutils tmux iftop
- curl -Ls https://github.com/serverok/server-setup/raw/master/data/.vimrc > ~/.vimrc
- echo "alias ll='ls -la --color'" >> ~/.bashrc
- echo "alias rm='rm -i'" >> ~/.bashrc
- echo "alias grep='grep --color=auto'" >> ~/.bashrc
- echo 'export HISTTIMEFORMAT="%d/%m/%y %T "' >> ~/.bashrc
- apt-get install -y sysstat
- sed -i 's/ENABLED="false"/ENABLED="true"/g' /etc/default/sysstat
- systemctl stop apparmor
- systemctl disable apparmor
- source ~/.bashrc
|
