Skip to content

Instantly share code, notes, and snippets.

@sr-tamim

sr-tamim/Linux-server-setup-script.md

Last active March 30, 2025 11:31
Show Gist options
  • Save sr-tamim/6801fdab97a65d04adc09aaf84ee2c3d to your computer and use it in GitHub Desktop.
Save sr-tamim/6801fdab97a65d04adc09aaf84ee2c3d to your computer and use it in GitHub Desktop.
Download ZIP
A bash script which automates the initial setup process for a new Linux server
Raw
Linux-server-setup-script.md

Linux Server Setup Script

This script automates the initial setup process for a new Linux server, focusing on basic security and maintenance tasks. It is designed to save time and ensure consistency when configuring multiple servers.

Why Use This Script?

Manually setting up a Linux server can be time-consuming and prone to errors. This script automates the essential steps, ensuring that your server is configured securely and efficiently. It covers:

  1. Updating and upgrading system packages
  2. Creating a new user and granting sudo privileges
  3. Disabling root login via SSH
  4. Setting up SSH key authentication
  5. Configuring a firewall
  6. Setting up Fail2Ban or sshguard
  7. Enabling automatic security updates
  8. Configuring time synchronization
  9. Securing shared memory
  10. Installing and configuring Logwatch

How to Use This Script

  1. Download the Script: Save the Linux-server-setup.sh script to your local machine.

  2. Make the Script Executable: Run the following command to make the script executable:

    chmod +x Linux-server-setup.sh

  3. Run the Script with Sudo Privileges: Execute the script with sudo privileges to perform the setup tasks:

    sudo ./Linux-server-setup.sh

  4. Follow the Prompts: The script will prompt you for confirmation before performing each task. Follow the prompts to complete the setup.

Conclusion

Using this script will help you quickly and securely set up your Linux server, ensuring that all essential security and maintenance tasks are performed consistently.

For more detailed information on each step, refer to the Initial Linux Server Setup Guide.

Raw
Linux-server-setup.sh
#!/bin/bash
# Check if the script is run with sudo privileges
if [ "$EUID" -ne 0 ]; then
echo "Please run this script with sudo privileges."
exit 1
fi
# Function to prompt user for confirmation
confirm() {
read -r -p "$1 [y/N] " response
case "$response" in
[yY][eE][sS]|[yY])
true
;;
*)
false
;;
esac
}
# Function to clear the terminal
clear_terminal() {
if command -v tput &> /dev/null; then
tput reset
else
echo -ne "\033c"
fi
}
# Function to update and upgrade system packages
update_system() {
if confirm "Do you want to update and upgrade system packages?"; then
echo "Updating and upgrading system packages... Please wait."
if [ -f /etc/debian_version ]; then
sudo apt update && sudo apt upgrade -y
elif [ -f /etc/redhat-release ]; then
sudo dnf update -y
elif [ -f /etc/arch-release ]; then
sudo pacman -Syu
fi
clear_terminal
echo "System packages have been updated and upgraded."
fi
}
# Function to create a new user and grant sudo privileges
create_user() {
if confirm "Do you want to create a new user and grant sudo privileges?"; then
read -r -p "Enter the new username: " newuser
echo "Creating new user $newuser and granting sudo privileges... Please wait."
if [ -f /etc/debian_version ]; then
sudo adduser "$newuser"
sudo usermod -aG sudo "$newuser"
elif [ -f /etc/redhat-release ]; then
sudo adduser "$newuser"
sudo usermod -aG wheel "$newuser"
elif [ -f /etc/arch-release ]; then
sudo useradd -m -G wheel "$newuser"
sudo passwd "$newuser"
fi
clear_terminal
echo "New user $newuser has been created and added to the sudo group."
fi
}
# Function to disable root login via SSH
disable_root_ssh() {
if confirm "Do you want to disable root login via SSH?"; then
echo "Disabling root login via SSH... Please wait."
sudo mkdir -p /etc/ssh/sshd_config.d
echo "PermitRootLogin no" | sudo tee /etc/ssh/sshd_config.d/disable_root.conf
if [ -f /etc/debian_version ]; then
sudo systemctl restart ssh
else
sudo systemctl restart sshd
fi
clear_terminal
echo "Root login via SSH has been disabled."
fi
}
# Function to disable SSH login with password and allow SSH with authorized key only
setup_ssh_key_auth() {
if confirm "Do you want to disable SSH login with password and allow SSH with authorized key only?"; then
read -r -p "Enter the username for SSH key setup: " ssh_user
read -r -p "Enter the server IP address: " server_ip
echo "Please run the following command on your local machine to generate an SSH key pair:"
echo "ssh-keygen -t rsa -b 4096"
echo "Then run the following command on your local machine to copy the SSH key to the server:"
echo "ssh-copy-id $ssh_user@$server_ip"
read -r -p "Press Enter after you have generated and copied the SSH key..."
echo "Configuring SSH to disable password authentication and enable key authentication... Please wait."
sudo mkdir -p /etc/ssh/sshd_config.d
{
echo "PasswordAuthentication no"
echo "PubkeyAuthentication yes"
} | sudo tee /etc/ssh/sshd_config.d/ssh_key_auth.conf > /dev/null
if [ -f /etc/debian_version ]; then
sudo systemctl restart ssh
else
sudo systemctl restart sshd
fi
clear_terminal
echo "SSH login with password has been disabled and SSH key authentication has been enabled."
fi
}
# Function to setup UFW or firewalld
setup_firewall() {
if confirm "Do you want to setup a firewall?"; then
echo "Setting up firewall... Please wait."
if [ -f /etc/debian_version ]; then
sudo apt install ufw -y
sudo ufw allow OpenSSH
sudo ufw enable
elif [ -f /etc/redhat-release ]; then
sudo dnf install firewalld -y
sudo systemctl start firewalld
sudo systemctl enable firewalld
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload
elif [ -f /etc/arch-release ]; then
sudo pacman -S firewalld
sudo systemctl start firewalld
sudo systemctl enable firewalld
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload
fi
clear_terminal
echo "Firewall has been set up."
fi
}
# Function to setup Fail2Ban or sshguard
setup_fail2ban() {
if confirm "Do you want to setup Fail2Ban or sshguard?"; then
echo "Setting up Fail2Ban or sshguard... Please wait."
if [ -f /etc/debian_version ]; then
sudo apt install fail2ban -y
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo sed -i 's/^#enabled.*/enabled = true/' /etc/fail2ban/jail.local
sudo systemctl restart fail2ban
elif [ -f /etc/redhat-release ]; then
sudo dnf install fail2ban -y
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo sed -i 's/^#enabled.*/enabled = true/' /etc/fail2ban/jail.local
sudo systemctl restart fail2ban
elif [ -f /etc/arch-release ]; then
sudo pacman -S sshguard
sudo systemctl enable sshguard
sudo systemctl start sshguard
fi
clear_terminal
echo "Fail2Ban or sshguard has been set up."
fi
}
# Function to enable automatic security updates
enable_auto_updates() {
if confirm "Do you want to enable automatic security updates?"; then
echo "Enabling automatic security updates... Please wait."
if [ -f /etc/debian_version ]; then
sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure --priority=low unattended-upgrades
clear_terminal
echo "Automatic security updates have been enabled."
elif [ -f /etc/redhat-release ]; then
sudo dnf install dnf-automatic -y
sudo systemctl enable --now dnf-automatic.timer
clear_terminal
echo "Automatic security updates have been enabled."
elif [ -f /etc/arch-release ]; then
clear_terminal
echo "Automatic updates are not recommended on Arch Linux due to its rolling release nature. It's best to manually update the system regularly using the following command:"
echo "sudo pacman -Syu"
fi
fi
}
# Function to configure time synchronization
configure_time_sync() {
if confirm "Do you want to configure time synchronization?"; then
echo "Configuring time synchronization... Please wait."
if [ -f /etc/debian_version ]; then
sudo apt install chrony -y
sudo systemctl enable chrony
sudo systemctl start chrony
elif [ -f /etc/redhat-release ]; then
sudo dnf install chrony -y
sudo systemctl enable chrony
sudo systemctl start chrony
elif [ -f /etc/arch-release ]; then
sudo pacman -S ntp
sudo systemctl enable ntpd
sudo systemctl start ntpd
fi
clear_terminal
echo "Time synchronization has been configured."
fi
}
# Function to secure shared memory
secure_shared_memory() {
if confirm "Do you want to secure shared memory?"; then
echo "Securing shared memory... Please wait."
if [ -f /etc/debian_version ] || [ -f /etc/redhat-release ]; then
echo "tmpfs /run/shm tmpfs defaults,noexec,nosuid 0 0" | sudo tee -a /etc/fstab
elif [ -f /etc/arch-release ]; then
echo "tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0" | sudo tee -a /etc/fstab
fi
clear_terminal
echo "Shared memory has been secured."
fi
}
# Function to install and configure Logwatch
setup_logwatch() {
if confirm "Do you want to install and configure Logwatch?"; then
echo "Installing and configuring Logwatch... Please wait."
if [ -f /etc/debian_version ]; then
sudo apt install logwatch -y
elif [ -f /etc/redhat-release ]; then
sudo dnf install logwatch -y
elif [ -f /etc/arch-release ]; then
sudo pacman -S logwatch
fi
read -r -p "Enter the email address for Logwatch reports: " email
sudo sed -i "s/^MailTo.*/MailTo = $email/" /usr/share/logwatch/default.conf/logwatch.conf
sudo sed -i "s/^Range.*/Range = yesterday/" /usr/share/logwatch/default.conf/logwatch.conf
sudo sed -i "s/^Detail.*/Detail = Low/" /usr/share/logwatch/default.conf/logwatch.conf
clear_terminal
echo "Logwatch has been installed and configured."
fi
}
# Main script execution
update_system
create_user
disable_root_ssh
setup_ssh_key_auth
setup_firewall
setup_fail2ban
enable_auto_updates
configure_time_sync
secure_shared_memory
setup_logwatch
echo "Initial Linux server setup is complete."
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment