naoty · January 4, 2012 23:58
diff --git a/gistfile1.sh b/gistfile1.sh
 # login as root
 naoty@local% ssh-keygen -R xxx.xxx.xxx.xxx
 naoty@local% ssh [email protected]

 # add admin user
 root@sakura% useradd naoty
 root@sakura% passwd naoty

 # limit su, sudo
 root@sakura% usermod -G wheel naoty
 root@sakura% visudo
    - # %wheel ALL=(ALL) ALL
    + %wheel ALL=(ALL) ALL
 root@sakura% vi /etc/login.defs
    + SU_WHEEL_ONLY yes
 root@sakura% exit

 # public key authentication
 naoty@local% scp .ssh/id_rsa.pub [email protected]:~
 naoty@local% ssh [email protected]
 naoty@sakura% mkdir .ssh
 naoty@sakura% chmod 700 .ssh
 naoty@sakura% mv id_rsa.pub .ssh/authorized_keys
 naoty@sakura% chmod 600 .ssh/authorized_keys
 naoty@sakura% sudo vi /etc/ssh/sshd_config
    - #PermitRootLogin yes
    + PermitRootLogin no
    - #PasswordAuthentication yes
    + PasswordAuthentication no
    - UsePAM yes
    - #UsePAM no
    + UsePAM no
 naoty@sakura% sudo /etc/init.d/sshd restart
 naoty@sakura% exit
 naoty@local% ssh sakura

 # vim, git, tig, tmux
 naoty@sakura% sudo yum -y update
 naoty@sakura% sudo yum -y install yum-priorities
 naoty@sakura% sudo vi /etc/yum.repos.d/CentOS-Base.repo
    [base]
    + priority=1
    
    [updates]
    + priority=1

    [addons]
    + priority=1

    [extras]
    + priority=1

    [centosplus]
    + priority=1

    [contrib]
    + priority=2
 naoty@sakura% sudo rpm -ihv http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
 naoty@sakura% sudo yum -y install vim-enhanced git tig tmux

 # dotfiles
 naoty@sakura% ssh-keygen -t rsa
 naoty@sakura% cat .ssh/id_rsa.pub # put public key into github.com
 naoty@sakura% git clone [email protected]:naoty/dotfiles.git -b server
 naoty@sakura% ln -s dotfiles/.gitconfig ~/.gitconfig
 naoty@sakura% ln -s dotfiles/.vimrc ~/.vimrc
 naoty@sakura% rm .bashrc && ln -s dotfiles/.bashrc ~/.bashrc && source .bashrc
 naoty@sakura% rm .bash_profile && ln -s dotfiles/.bash_profile ~/.bash_profile && source .bash_profile
 naoty@sakura% mkdir -p .vim/colors
 naoty@sakura% exit
 naoty@local% scp .vim/colors/railscasts.vim sakura:.vim/colors/
 naoty@local% ssh sakura

 # iptables
 naoty@sakura% sudo iptables -A INPUT -p tcp --dport sshd -j ACCEPT
 naoty@sakura% sudo iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
 naoty@sakura% sudo iptables -P INPUT DROP
 naoty@sakura% sudo service iptables save
 naoty@sakura% sudo service iptables restart

 # rvm
 naoty@sakura% cp /etc/pki/tls/certs/ca-bundle.crt .
 naoty@sakura% sudo curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt
 naoty@sakura% sudo bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer )
 naoty@sakura% su -
 root@sakura% usermod -a -G rvm naoty
 root@sakura% exit
 naoty@sakura% exit
 naoty@local% ssh sakura

 # ruby
 naoty@sakura% sudo yum install -y gcc-c++ patch readline readline-devel zlib zlib-devel libyaml-devel libffi-devel openssl-devel make bzip2 autoconf automake libtool bison
 naoty@sakura% rvm install 1.9.3
 naoty@sakura% rvm use 1.9.3 --default

 # nginx
 naoty@sakura% sudo yum -y install pcre pcre-devel zlib zlib-devel openssl openssl-devel
 naoty@sakura% cd /usr/local/src
 naoty@sakura% sudo wget http://nginx.org/download/nginx-1.0.11.tar.gz
 naoty@sakura% sudo tar xzf nginx-1.0.11.tar.gz
 naoty@sakura% cd nginx-1.0.11
 naoty@sakura% sudo ./configure --prefix=/usr/local/nginx-1.0.11 --with-http_ssl_module --with-http_realip_module
 naoty@sakura% sudo make
 naoty@sakura% sudo make install
 naoty@sakura% cd
 naoty@sakura% sudo ln -s /usr/local/nginx-1.0.11 /usr/local/nginx
 naoty@sakura% sudo mkdir /usr/local/nginx/conf/sites
 naoty@sakura% git clone git://gist.github.com/1723415.git gist-1723415 && sudo mv gist-1723415/nginx.conf /usr/local/nginx/conf/nginx.conf && rm -rf gist-1723415
 naoty@sakura% git clone git://gist.github.com/1730882.git gist-1730882 && sudo mv gist-1730882/nginx /etc/init.d/nginx && rm -rf gist-1730882
 naoty@sakura% sudo chmod +x /etc/init.d/nginx
 naoty@sakura% sudo chkconfig --add nginx
 naoty@sakura% sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
 naoty@sakura% sudo service iptables save
 naoty@sakura% sudo service iptables restart
 naoty@sakura% sudo /usr/local/nginx/sbin/nginx

 # git server
 naoty@sakura% sudo useradd git
 naoty@sakura% sudo passwd git
 naoty@sakura% sudo mkdir -m 700 /home/git/.ssh
 naoty@sakura% sudo chown git:git /home/git/.ssh
 naoty@sakura% sudo cp .ssh/authorized_keys /home/git/.ssh/
 naoty@sakura% sudo chown git:git /home/git/.ssh/authorized_keys

 # www
 naoty@sakura% sudo mkdir /var/www
 naoty@sakura% sudo chown naoty:naoty /var/www
	# login as root
	naoty@local% ssh-keygen -R xxx.xxx.xxx.xxx
	naoty@local% ssh [email protected]

	# add admin user
	root@sakura% useradd naoty
	root@sakura% passwd naoty

	# limit su, sudo
	root@sakura% usermod -G wheel naoty
	root@sakura% visudo
	- # %wheel ALL=(ALL) ALL
	+ %wheel ALL=(ALL) ALL
	root@sakura% vi /etc/login.defs
	+ SU_WHEEL_ONLY yes
	root@sakura% exit

	# public key authentication
	naoty@local% scp .ssh/id_rsa.pub [email protected]:~
	naoty@local% ssh [email protected]
	naoty@sakura% mkdir .ssh
	naoty@sakura% chmod 700 .ssh
	naoty@sakura% mv id_rsa.pub .ssh/authorized_keys
	naoty@sakura% chmod 600 .ssh/authorized_keys
	naoty@sakura% sudo vi /etc/ssh/sshd_config
	- #PermitRootLogin yes
	+ PermitRootLogin no
	- #PasswordAuthentication yes
	+ PasswordAuthentication no
	- UsePAM yes
	- #UsePAM no
	+ UsePAM no
	naoty@sakura% sudo /etc/init.d/sshd restart
	naoty@sakura% exit
	naoty@local% ssh sakura

	# vim, git, tig, tmux
	naoty@sakura% sudo yum -y update
	naoty@sakura% sudo yum -y install yum-priorities
	naoty@sakura% sudo vi /etc/yum.repos.d/CentOS-Base.repo
	[base]
	+ priority=1

	[updates]
	+ priority=1

	[addons]
	+ priority=1

	[extras]
	+ priority=1

	[centosplus]
	+ priority=1

	[contrib]
	+ priority=2
	naoty@sakura% sudo rpm -ihv http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
	naoty@sakura% sudo yum -y install vim-enhanced git tig tmux

	# dotfiles
	naoty@sakura% ssh-keygen -t rsa
	naoty@sakura% cat .ssh/id_rsa.pub # put public key into github.com
	naoty@sakura% git clone [email protected]:naoty/dotfiles.git -b server
	naoty@sakura% ln -s dotfiles/.gitconfig ~/.gitconfig
	naoty@sakura% ln -s dotfiles/.vimrc ~/.vimrc
	naoty@sakura% rm .bashrc && ln -s dotfiles/.bashrc ~/.bashrc && source .bashrc
	naoty@sakura% rm .bash_profile && ln -s dotfiles/.bash_profile ~/.bash_profile && source .bash_profile
	naoty@sakura% mkdir -p .vim/colors
	naoty@sakura% exit
	naoty@local% scp .vim/colors/railscasts.vim sakura:.vim/colors/
	naoty@local% ssh sakura

	# iptables
	naoty@sakura% sudo iptables -A INPUT -p tcp --dport sshd -j ACCEPT
	naoty@sakura% sudo iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
	naoty@sakura% sudo iptables -P INPUT DROP
	naoty@sakura% sudo service iptables save
	naoty@sakura% sudo service iptables restart

	# rvm
	naoty@sakura% cp /etc/pki/tls/certs/ca-bundle.crt .
	naoty@sakura% sudo curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt
	naoty@sakura% sudo bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer )
	naoty@sakura% su -
	root@sakura% usermod -a -G rvm naoty
	root@sakura% exit
	naoty@sakura% exit
	naoty@local% ssh sakura

	# ruby
	naoty@sakura% sudo yum install -y gcc-c++ patch readline readline-devel zlib zlib-devel libyaml-devel libffi-devel openssl-devel make bzip2 autoconf automake libtool bison
	naoty@sakura% rvm install 1.9.3
	naoty@sakura% rvm use 1.9.3 --default

	# nginx
	naoty@sakura% sudo yum -y install pcre pcre-devel zlib zlib-devel openssl openssl-devel
	naoty@sakura% cd /usr/local/src
	naoty@sakura% sudo wget http://nginx.org/download/nginx-1.0.11.tar.gz
	naoty@sakura% sudo tar xzf nginx-1.0.11.tar.gz
	naoty@sakura% cd nginx-1.0.11
	naoty@sakura% sudo ./configure --prefix=/usr/local/nginx-1.0.11 --with-http_ssl_module --with-http_realip_module
	naoty@sakura% sudo make
	naoty@sakura% sudo make install
	naoty@sakura% cd
	naoty@sakura% sudo ln -s /usr/local/nginx-1.0.11 /usr/local/nginx
	naoty@sakura% sudo mkdir /usr/local/nginx/conf/sites
	naoty@sakura% git clone git://gist.github.com/1723415.git gist-1723415 && sudo mv gist-1723415/nginx.conf /usr/local/nginx/conf/nginx.conf && rm -rf gist-1723415
	naoty@sakura% git clone git://gist.github.com/1730882.git gist-1730882 && sudo mv gist-1730882/nginx /etc/init.d/nginx && rm -rf gist-1730882
	naoty@sakura% sudo chmod +x /etc/init.d/nginx
	naoty@sakura% sudo chkconfig --add nginx
	naoty@sakura% sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
	naoty@sakura% sudo service iptables save
	naoty@sakura% sudo service iptables restart
	naoty@sakura% sudo /usr/local/nginx/sbin/nginx

	# git server
	naoty@sakura% sudo useradd git
	naoty@sakura% sudo passwd git
	naoty@sakura% sudo mkdir -m 700 /home/git/.ssh
	naoty@sakura% sudo chown git:git /home/git/.ssh
	naoty@sakura% sudo cp .ssh/authorized_keys /home/git/.ssh/
	naoty@sakura% sudo chown git:git /home/git/.ssh/authorized_keys

	# www
	naoty@sakura% sudo mkdir /var/www
	naoty@sakura% sudo chown naoty:naoty /var/www