BirkhoffLee · March 16, 2017 09:45 · BirkhoffLee · Mar 15, 2017 · BirkhoffLee · Mar 15, 2017
diff --git a/installMySQL.sh b/installMySQL.sh
 #!/bin/bash

 # Settings
 USERNAME="mysqluser"
 SSH_PUBKEY="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClxraaf0yoYrLWhxD1gdFopR/20Z54spf4ecbAXTch42HLpMimFh18qNa4easbeP8SPjt94arV+BxHFmCaK41YsP1tJL/5I1DsnPyYew5ZJjWGBeGF7nMvht5ostKPOa+tpuQP/z5goE7gQxF+46nMnO2q7bHG4+6xl4fLq+yoWY8vpBgW6RUTPPExhHXaV+KxFBmroW1AXvcM2nxnrAQFcG6mvPhnIUpDjYtUvq48lch34MwuX+ckPYXCBinDTekS/ZV9/H4XjVsv/Uay3cAz5VG5SuwXsSCJfgMJFGw86wYRcFe401rnG1LnWJczHPCtzA6CuY25UdptcQYCH+lV [email protected]"

 # Check permissions
 if [[ $(id -u) -ne 0 ]]; then
   printf "The script must be run as root! \n"
   exit 1
 fi

 # Update system & Install packages
 echo 'precedence ::ffff:0:0/96  100' >> /etc/gai.conf
 apt-get update
 DEBIAN_FRONTEND=noninteractive apt-get -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" upgrade
 apt-get install unattended-upgrades curl fail2ban git mysql-server -y

 # Create a group called nopwsudo,
 # which allows nopassword-sudoing,
 # and full root access.
 groupadd nopwsudo
 echo "%nopwsudo ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers

 # Create the user.
 useradd -s /bin/bash $USERNAME

 # Set the user's home directory up
 mkdir /home/$USERNAME
 mkdir /home/$USERNAME/.ssh
 chmod 700 /home/$USERNAME/.ssh

 # Add my SSH key to the user's ssh authorized keys
 echo "$SSH_PUBKEY" > /home/$USERNAME/.ssh/authorized_keys
 chmod 400 /home/$USERNAME/.ssh/authorized_keys

 # Recursively set the user's home directory's contents' permissions
 chown $USERNAME:$USERNAME /home/$USERNAME -R

 # Add the user to the nopwsudo group
 usermod -aG nopwsudo $USERNAME

 # Prevent root logging in from SSH
 sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config

 # Force use Public Key authentication
 sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config

 # Restart the SSH service
 service ssh restart

 # Automated security updates
 echo 'APT::Periodic::Update-Package-Lists "1";
 APT::Periodic::Download-Upgradeable-Packages "1";
 APT::Periodic::AutocleanInterval "7";
 APT::Periodic::Unattended-Upgrade "1";' > /etc/apt/apt.conf.d/10periodic

 echo 'Unattended-Upgrade::Allowed-Origins {
    "Ubuntu lucid-security";
    //"Ubuntu lucid-updates";
 };' > /etc/apt/apt.conf.d/50unattended-upgrades

 # Clean downloaded archive files
 apt-get autoclean
 apt-get clean

 # Configure
 mysql_secure_installation
 apt-get install phpmyadmin -y
 apt-get install python-letsencrypt-apache apache2-utils -y
 letsencrypt --apache
 letsencrypt renew --dry-run --agree-tos

 clear

 # End
 echo "Done!"
	#!/bin/bash

	# Settings
	USERNAME="mysqluser"
	SSH_PUBKEY="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClxraaf0yoYrLWhxD1gdFopR/20Z54spf4ecbAXTch42HLpMimFh18qNa4easbeP8SPjt94arV+BxHFmCaK41YsP1tJL/5I1DsnPyYew5ZJjWGBeGF7nMvht5ostKPOa+tpuQP/z5goE7gQxF+46nMnO2q7bHG4+6xl4fLq+yoWY8vpBgW6RUTPPExhHXaV+KxFBmroW1AXvcM2nxnrAQFcG6mvPhnIUpDjYtUvq48lch34MwuX+ckPYXCBinDTekS/ZV9/H4XjVsv/Uay3cAz5VG5SuwXsSCJfgMJFGw86wYRcFe401rnG1LnWJczHPCtzA6CuY25UdptcQYCH+lV [email protected]"

	# Check permissions
	if [[ $(id -u) -ne 0 ]]; then
	printf "The script must be run as root! \n"
	exit 1
	fi

	# Update system & Install packages
	echo 'precedence ::ffff:0:0/96 100' >> /etc/gai.conf
	apt-get update
	DEBIAN_FRONTEND=noninteractive apt-get -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" upgrade
	apt-get install unattended-upgrades curl fail2ban git mysql-server -y

	# Create a group called nopwsudo,
	# which allows nopassword-sudoing,
	# and full root access.
	groupadd nopwsudo
	echo "%nopwsudo ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers

	# Create the user.
	useradd -s /bin/bash $USERNAME

	# Set the user's home directory up
	mkdir /home/$USERNAME
	mkdir /home/$USERNAME/.ssh
	chmod 700 /home/$USERNAME/.ssh

	# Add my SSH key to the user's ssh authorized keys
	echo "$SSH_PUBKEY" > /home/$USERNAME/.ssh/authorized_keys
	chmod 400 /home/$USERNAME/.ssh/authorized_keys

	# Recursively set the user's home directory's contents' permissions
	chown $USERNAME:$USERNAME /home/$USERNAME -R

	# Add the user to the nopwsudo group
	usermod -aG nopwsudo $USERNAME

	# Prevent root logging in from SSH
	sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config

	# Force use Public Key authentication
	sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config

	# Restart the SSH service
	service ssh restart

	# Automated security updates
	echo 'APT::Periodic::Update-Package-Lists "1";
	APT::Periodic::Download-Upgradeable-Packages "1";
	APT::Periodic::AutocleanInterval "7";
	APT::Periodic::Unattended-Upgrade "1";' > /etc/apt/apt.conf.d/10periodic

	echo 'Unattended-Upgrade::Allowed-Origins {
	"Ubuntu lucid-security";
	//"Ubuntu lucid-updates";
	};' > /etc/apt/apt.conf.d/50unattended-upgrades

	# Clean downloaded archive files
	apt-get autoclean
	apt-get clean

	# Configure
	mysql_secure_installation
	apt-get install phpmyadmin -y
	apt-get install python-letsencrypt-apache apache2-utils -y
	letsencrypt --apache
	letsencrypt renew --dry-run --agree-tos

	clear

	# End
	echo "Done!"