Created
January 2, 2012 22:43
-
-
Save nerdyworm/1552459 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Linode setup script | |
| # | |
| # Set host name | |
| # System Update && Upgrade | |
| # RVM | |
| # Ruby | |
| # set host name | |
| echo "trance-mixes" > /etc/hostname | |
| apt-get update | |
| apt-get upgrade | |
| # Standard Ruby and Rails Deps | |
| apt-get install build-essential zlib1g-dev libxml2-dev libxslt-dev libssl-dev git-core openssl libreadline6 libcurl4-openssl-dev | |
| apt-get install zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-0 libsqlite3-dev | |
| apt-get install libc6-dev ncurses-dev automake libtool bison libcurl4-openssl-dev sqlite3 libreadline6-dev | |
| # Trance Mix deps | |
| apt-get install libsndfile1 libsndfile1-dev libmagick9-dev ffmpeg postgresql postgresql-server-dev-8.4 | |
| # Iptable Rules | |
| echo "*filter | |
| # Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0 | |
| -A INPUT -i lo -j ACCEPT | |
| -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT | |
| # Accepts all established inbound connections | |
| -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| # Allows all outbound traffic | |
| # You can modify this to only allow certain traffic | |
| -A OUTPUT -j ACCEPT | |
| # Allows HTTP and HTTPS connections from anywhere (the normal ports for websites) | |
| -A INPUT -p tcp --dport 80 -j ACCEPT | |
| -A INPUT -p tcp --dport 443 -j ACCEPT | |
| # Allows SSH connections | |
| # | |
| # THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE | |
| # | |
| -A INPUT -p tcp -m state --state NEW --dport 30000 -j ACCEPT | |
| # Allow ping | |
| -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT | |
| # log iptables denied calls | |
| -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 | |
| # Reject all other inbound - default deny unless explicitly allowed policy | |
| -A INPUT -j REJECT | |
| -A FORWARD -j REJECT | |
| COMMIT" >> /etc/iptables.up.rules | |
| echo "#!/bin/sh | |
| /sbin/iptables-restore < /etc/iptables.up.rules" >> /etc/network/if-pre-up.d/iptables | |
| chmod +x /etc/network/if-pre-up.d/iptables | |
| echo "gem: --no-ri --no-rdoc" > ~/.gemrc | |
| ####### Begin Shit I have to do :( | |
| ## /etc/ssh/sshd_config | |
| # | |
| # PermitRootLogin no | |
| # PasswordAuthentication no | |
| ## users benjamin, ruby | |
| # usermod -a -G ruby,rvm,admin benjamin | |
| # username -a G rvm ruby | |
| ## /etc/hosts | |
| # 127.0.0.1 trance-mixes localhost |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment