snippets/linux-setup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
master
linux-setup/debian-setup.sh
Newnius 0257adeba3 Update debian-setup.sh
2024-12-24 14:56:55 +00:00

133 lines
3.1 KiB
Bash
Raw Permalink Blame History

#!/bin/bash
### configuration ###
admin_user="newnius"
#####################
# check permission
if [ "$EUID" -ne 0 ]; then
echo "[ERROR] Please run with user root"
exit 1
fi
# check OS
file=/etc/apt/sources.list
if ! test -f "${file}"; then
echo "[ERROR] Only Debian is supported"
exit 1
fi
if ! grep -q debian "${file}"; then
echo "[ERROR] Only Debian is supported"
exit 1
fi
# check do once
file=/etc/passwd
if grep -q ${admin_user} "${file}"; then
echo "[ERROR] OS is already setup"
exit 0
fi
# install security updates
apt update
#uncomment as it may prompt update grub window
#apt upgrade -y
# install necessary tools
echo "[INFO] Installing necessary tools"
apt install -y curl vim git sudo ca-certificates apt-transport-https haveged tree cron
# set locale to
echo 'LANG=en_US.UTF-8' > /etc/default/locale
echo 'LC_ALL=en_US.UTF-8' >> /etc/default/locale
locale-gen "en_US.UTF-8"
localedef -i en_US -f UTF-8 en_US.UTF-8
# Vim no mouse select
touch ~/.vimrc # make sure file exists
sed -i '/set mouse-=a /d' ~/.vimrc
sed -i '/set mouse=a /d' ~/.vimrc
echo "set mouse-=a" >> ~/.vimrc
# install ssh service
if ! hash sshd 2>/dev/null; then
echo "[INFO] Installing ssh service"
apt install -y openssh-server openssh-client
fi
# Add admin user
echo "[INFO] Creating admin user"
ssh_pass=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32)
useradd $admin_user -m -s /bin/bash
echo $admin_user:$ssh_pass | chpasswd
# Add to sudoers
sed -i "/$admin_user/d" /etc/sudoers
sed -i "/User privilege specification/a $admin_user\tALL=(ALL:ALL) ALL" /etc/sudoers
# username ALL=(ALL:ALL) NOPASSWD:ALL
# update root password to random and forget it
echo "[INFO] Updating root password to random"
pass=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32)
echo root:$pass | chpasswd
# ssh, update port, decline root ligin
echo "[INFO] Updating ssh port"
ssh_port=$((RANDOM%65535+10000))
sed -i '/Port /d' /etc/ssh/sshd_config
echo "Port $ssh_port" >> /etc/ssh/sshd_config
sed -i '/^PermitRootLogin/d' /etc/ssh/sshd_config
echo "PermitRootLogin no" >> /etc/ssh/sshd_config
systemctl restart ssh
# install ntpdate
echo "[INFO] Configuring time sync service"
# from debian 12, ntp is replaced by ntpsec
sudo apt remove ntpdate
apt install -y ntpsec
ntpq -p
# enable bbr, requires 4.9.0 or higher
if [ "$(uname -r)" = "`echo -e "$(uname -r)\n4.9.0" | sort -V | head -n1`" ]; then
echo "[WARN] bbr is not supported on $(uname -r), skip"
else
echo "[INFO] Enabling bbr"
sed -i '/net.core.default_qdisc/d' /etc/sysctl.conf
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
sed -i '/net.ipv4.tcp_congestion_control/d' /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p
fi
# Disable ipv6
#sed -i '/net.ipv6.conf.all.disable_ipv6/d' /etc/sysctl.conf
#echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
#sysctl -p
# Disable ufw
# systemctl stop ufw
# systemctl disable ufw
# output
echo "[INFO] Setup finished"
res="SSH user:\t$admin_user\n \
SSH port:\t$ssh_port\n \
SSH password:\t$ssh_pass\n"
echo -e $res | expand --tabs=16
Reference in New Issue View Git Blame Copy Permalink