Last active
January 5, 2018 04:02
-
-
Save peter279k/0b052dbe9f0187c14b4c9a9561be0731 to your computer and use it in GitHub Desktop.
VPS server is for Ubuntu 16.04 LTS after completing the initial Ubuntu installation. (Usage: bash /path/to/initial_ubuntu.sh)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #Firstly, we have to login the root user via ssh. | |
| # install some required package | |
| # set locales (zh_TW.UTF-8 or en_US.UTF-8) | |
| # some VPS hosting provider has not installed the sudo package. | |
| # You should run this command: "apt-get install sudo" by root manually. | |
| sudo locale-gen "en_US.UTF-8" | |
| sudo dpkg-reconfigure locales | |
| sudo echo 'LC_ALL="en_US.UTF-8"' > /etc/default/locale | |
| export USERNAME=$1 | |
| if [ "$USERNAME" = "" ] | |
| then | |
| echo 'please add the user name!' | |
| exit 1; | |
| fi | |
| apt-get update | |
| apt-get install sudo | |
| echo 'Upgrading the package...It will be let user type the yes | no' | |
| echo 'We have to notice that this upgrade package will be installed the Apache2 HTTP server...' | |
| # skip the kernel update (OpenVZ is not allowed updating the Kernel.) | |
| sudo apt-mark hold linux-image-generic linux-headers-generic | |
| sudo apt-get upgrade | |
| sudo apt-get install -y curl wget vim ufw | |
| sudo useradd -m $USERNAME | |
| sudo usermod -s /bin/bash $USERNAME | |
| sudo adduser $USERNAME sudo | |
| echo 'Please set password for the $USERNAME ...' | |
| sudo passwd $USERNAME | |
| sudo ufw enable | |
| sudo ufw default deny | |
| sudo ufw allow in ssh | |
| sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config | |
| sudo echo 'ClientAliveInterval 60' >> /etc/ssh/sshd_config | |
| sudo service ssh restart | |
| echo 'done. You should reboot now' | |
| # edit profile and bashrc | |
| #if [ -n "$BASH_VERSION" ]; then | |
| # include .bashrc if it exists | |
| # if [ -f "$HOME/.bashrc" ]; then | |
| # . "$HOME/.bashrc" | |
| # fi | |
| # fi | |
| # set current timezone | |
| sudo dpkg-reconfigure tzdata | |
| # create the .bashrc in home directory. | |
| # Please refer this link:https://gist.github.com/mvanderw/dfe5984b1e57a17cad87 to view the default .bashrc file | |
| # Prevent the Burte force attatck with the fail2ban | |
| # See more details are about this link: https://www.linode.com/docs/security/using-fail2ban-for-security | |
| sudo apt-get install fail2ban | |
| sudo cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local | |
| sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local | |
| # vim /etc/fail2ban/jail.local and edit the following settings. | |
| # "bantime" is the number of seconds that a host is banned. | |
| #bantime = 600 | |
| # A host is banned if it has generated "maxretry" during the last "findtime" | |
| # seconds. | |
| #findtime = 600 | |
| #maxretry = 3 | |
| # start the fail2ban client | |
| fail2ban-client start | |
| # check the fail2ban client status | |
| fail2ban-client status | |
| exit 0; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment