fuadnafiz98 · October 5, 2025 07:31
diff --git a/minimal-server-setup.sh b/minimal-server-setup.sh
 #!/bin/bash

 # --- Configuration Variables ---
 EMAIL_FOR_FAIL2BAN="[email protected]"
 TIMEZONE="Asia/Dhaka"

 # --- Main Script ---
 [ "$EUID" -ne 0 ] && { echo "Run as root."; exit 1; }

 # Update & Install
 apt update -y &> /dev/null
 apt upgrade -y &> /dev/null
 apt install -y curl wget git nano vim htop iotop net-tools tree fail2ban rsyslog unattended-upgrades &> /dev/null

 # SSH Hardening
 SSH_CONFIG="/etc/ssh/sshd_config"
 cp "$SSH_CONFIG" "${SSH_CONFIG}.bak_$(date +%F)" &> /dev/null
 sed -i 's/^PermitEmptyPasswords yes/PermitEmptyPasswords no/g' "$SSH_CONFIG" &> /dev/null
 sed -i 's/^#PermitEmptyPasswords yes/PermitEmptyPasswords no/g' "$SSH_CONFIG" &> /dev/null
 systemctl restart sshd || service ssh restart &> /dev/null

 # Firewall (UFW)
 ufw allow ssh &> /dev/null
 ufw allow http &> /dev/null
 ufw allow https &> /dev/null
 ufw enable &> /dev/null

 # Time Synchronization
 timedatectl set-timezone "$TIMEZONE" &> /dev/null
 timedatectl set-ntp true &> /dev/null

 # Fail2Ban
 cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local &> /dev/null
 sed -i 's/^#enabled = true/enabled = true/g' /etc/fail2ban/jail.local &> /dev/null
 sed -i "s/^destemail = root@localhost/destemail = $EMAIL_FOR_FAIL2BAN/g" /etc/fail2ban/jail.local &> /dev/null
 sed -i 's/^#action = %(action_mwl)s/action = %(action_mwl)s/g' /etc/fail2ban/jail.local &> /dev/null
 systemctl restart fail2ban || service fail2ban restart &> /dev/null

 # Unattended Upgrades
 cat << EOF > /etc/apt/apt.conf.d/20auto-upgrades
 APT::Periodic::Update-Package-Lists "1";
 APT::Periodic::Unattended-Upgrade "1";
 EOF
 cat << EOF > /etc/apt/apt.conf.d/50unattended-upgrades
 Unattended-Upgrade::Allowed-Origins {
    "${distro_id}:${distro_codename}";
    "${distro_id}:${distro_codename}-security";
 };
 Unattended-Upgrade::Automatic-Reboot "true";
 Unattended-Upgrade::Automatic-Reboot-Time "03:00";
 EOF
 systemctl restart unattended-upgrades || service unattended-upgrades restart &> /dev/null

 # Final Cleanup
 apt update -y &> /dev/null
 apt upgrade -y &> /dev/null
 apt autoremove -y &> /dev/null
 apt clean &> /dev/null
	#!/bin/bash

	# --- Configuration Variables ---
	EMAIL_FOR_FAIL2BAN="[email protected]"
	TIMEZONE="Asia/Dhaka"

	# --- Main Script ---
	[ "$EUID" -ne 0 ] && { echo "Run as root."; exit 1; }

	# Update & Install
	apt update -y &> /dev/null
	apt upgrade -y &> /dev/null
	apt install -y curl wget git nano vim htop iotop net-tools tree fail2ban rsyslog unattended-upgrades &> /dev/null

	# SSH Hardening
	SSH_CONFIG="/etc/ssh/sshd_config"
	cp "$SSH_CONFIG" "${SSH_CONFIG}.bak_$(date +%F)" &> /dev/null
	sed -i 's/^PermitEmptyPasswords yes/PermitEmptyPasswords no/g' "$SSH_CONFIG" &> /dev/null
	sed -i 's/^#PermitEmptyPasswords yes/PermitEmptyPasswords no/g' "$SSH_CONFIG" &> /dev/null
	systemctl restart sshd \|\| service ssh restart &> /dev/null

	# Firewall (UFW)
	ufw allow ssh &> /dev/null
	ufw allow http &> /dev/null
	ufw allow https &> /dev/null
	ufw enable &> /dev/null

	# Time Synchronization
	timedatectl set-timezone "$TIMEZONE" &> /dev/null
	timedatectl set-ntp true &> /dev/null

	# Fail2Ban
	cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local &> /dev/null
	sed -i 's/^#enabled = true/enabled = true/g' /etc/fail2ban/jail.local &> /dev/null
	sed -i "s/^destemail = root@localhost/destemail = $EMAIL_FOR_FAIL2BAN/g" /etc/fail2ban/jail.local &> /dev/null
	sed -i 's/^#action = %(action_mwl)s/action = %(action_mwl)s/g' /etc/fail2ban/jail.local &> /dev/null
	systemctl restart fail2ban \|\| service fail2ban restart &> /dev/null

	# Unattended Upgrades
	cat << EOF > /etc/apt/apt.conf.d/20auto-upgrades
	APT::Periodic::Update-Package-Lists "1";
	APT::Periodic::Unattended-Upgrade "1";
	EOF
	cat << EOF > /etc/apt/apt.conf.d/50unattended-upgrades
	Unattended-Upgrade::Allowed-Origins {
	"${distro_id}:${distro_codename}";
	"${distro_id}:${distro_codename}-security";
	};
	Unattended-Upgrade::Automatic-Reboot "true";
	Unattended-Upgrade::Automatic-Reboot-Time "03:00";
	EOF
	systemctl restart unattended-upgrades \|\| service unattended-upgrades restart &> /dev/null

	# Final Cleanup
	apt update -y &> /dev/null
	apt upgrade -y &> /dev/null
	apt autoremove -y &> /dev/null
	apt clean &> /dev/null