wcypierre · December 20, 2015 13:09
diff --git a/debian_setup.sh b/debian_setup.sh
 #!/bin/bash
 # Made for Debian 7 with CLI
 apt-get remove --purge apache2 xinetd samba bind bind9 -y;
 apt-get update -y; 
 service apache2 stop;
 rm /etc/init.d/apache2;
 sleep 2;
 apt-get install dialog -y;
 dpkg-reconfigure locales;
 apt-get install g++-4.7 g++-4.6 g++-4.4 g++ gcc clang -y;
 #apt-get install gdb valgrind kmtrace mutextrace -y;
 sleep 2;
 #apt-get install styx lemon doxygen colorgcc colormake cppcheck cpputest cproto libboost-all-dev libboost-dev libboost-chrono-dev astyle bcpp ccache cccc ccbuild cloc cmake automake -y;
 sleep 2;
 #apt-get install stl-manual manpages-posix manpages-posix-dev -y;
 apt-get install sudo and aptitude -y;
 apt-get install debconf autoconf binutils bison debhelper -y;
 #apt-get install cpulimit htop ioping iotop -y;
 apt-get install vim nano emacs -y;
 apt-get install git git-core -y;
 #apt-get install zsh csh rsh -y;
 #apt-get install bashdb bc bash-completion -y;
 #apt-get install unrar p7zip-full -y;
 #apt-get install curl -y;
 #apt-get install lynx -y;
 apt-get install python python3 python-support python-pip -y;
 apt-get install makejail fakeroot -y;
 apt-get install php5-fpm nginx fail2ban zendframework php-apc php5-cli php5-curl phpunit -y;
 #apt-get remove --purge mysql-server* mysql-client* -y;

 mkdir -p /var/chroot/sshd/;
 makejail /usr/share/doc/makejail/examples/sshd.py;
 cd ~/;
 wget https://gist.github.com/wcypierre/6095848/raw/6fbc059fe95fe6d605ab7c9ada8e27a1a71c3da9/bin_lib_copy.sh;
 sh ./bin_lib_copy.sh ssh
 wget https://gist.github.com/wcypierre/6136797/raw/66fa8e35f4d27321628f4cec836395a4949a2aa8/sshd_config_client
 wget https://gist.github.com/wcypierre/6136792/raw/cf1d920f9e0981ae2420d198f8afbac54548b1f2/sshd_config_host
 cp sshd_config_host /etc/ssh/sshd_config
 cp sshd_config_client /var/chroot/sshd/etc/ssh/sshd_config
 cp /etc/passwd /var/chroot/sshd/etc/passwd;
 cp /etc/group /var/chroot/sshd/etc/group;
 cp /etc/shadow /var/chroot/sshd/etc/shadow;
 mkdir -p /var/chroot/sshd/home;
 mkdir -p /var/chroot/sshd/proc;
 mount -t proc proc /var/chroot/sshd/proc;
 echo "proc-ssh /var/chroot/sshd/proc  proc none 0 0" >> /etc/fstab
 wget https://gist.github.com/wcypierre/6138295/raw/fd0b9b5b09deb33b0f598d9cb765488507f9b5dc/ssh-chroot
 cp ssh-chroot /etc/init.d/ssh-chroot
 chmod 700 /etc/init.d/ssh-chroot
 echo "-a /var/chroot/sshd/dev/log" >> /etc/default/syslogd 
 cp /etc/pam.d/common-* /var/chroot/sshd/etc/pam.d/
 ssh-keygen -A
 cp /etc/ssh/ssh_host_key /var/chroot/sshd/etc/ssh/ssh_host_key
 cp /etc/ssh/ssh_host_key.pub /var/chroot/sshd/etc/ssh/ssh_host_key.pub
 cp /etc/ssh/ssh_host_dsa_key /var/chroot/sshd/etc/ssh/ssh_host_dsa_key
 cp /etc/ssh/ssh_host_rsa_key.pub /var/chroot/sshd/etc/ssh/ssh_host_rsa_key.pub
 cp /etc/ssh/ssh_host_ecdsa_key /var/chroot/sshd/etc/ssh/ssh_host_ecdsa_key
 cp /etc/ssh/ssh_host_ecdsa_key.pub /var/chroot/sshd/etc/ssh/ssh_host_ecdsa_key.pub
 echo "session required pam_chroot.so" >> /etc/pam.d/ssh
 /etc/init.d/ssh-chroot restart
 /etc/init.d/ssh-chroot restart
 /etc/init.d/ssh-chroot restart
 /etc/init.d/ssh restart

 echo "When you want to add user, you need to copy /etc/{passwd, group, shadow} to /var/chroot/sshd/{passwd, group, shadow}"
 echo "vm.swappiness=30" >> /etc/sysctl.conf;

 cd /usr/;
 git clone https://github.com/wcypierre/GateOne.git
 cd /usr/GateOne/;
 pip install tornado stdeb slimit cssmin
 python setup.py install
 cd /opt/gateone/;
 ./gateone.py &

 cd /etc/fail2ban/action.d/
 rm sendmail-whois-lines.conf
 wget https://gist.github.com/wcypierre/6145883/raw/7c7a9764fa7f51f9922d3bdd6bfd07296819d2f0/sendmail-whois-lines.conf
 cd /etc/fail2ban;
 rm jail.conf
 wget https://gist.github.com/wcypierre/6145891/raw/3b05db2d85d60502015b1aafedda174b3cb24236/jail.conf

 groupadd chroot

 cd /usr/bin
 wget https://gist.github.com/wcypierre/6146014/raw/85149dfeac7b62822d10216d4b75c0c2ba828bd8/user_add.sh

 rm /etc/nginx/sites-available/default
 cd /etc/nginx/sites-available/;
 wget https://gist.github.com/wcypierre/6146312/raw/4031e22b7376c00b70c566b3b5457628832e9fd6/default

 cd /etc/php5/fpm/;
 rm php.ini;
 wget https://gist.github.com/wcypierre/6146337/raw/f734c7cc3a76c6a00b66e63561f0a51c05da6c15/php.ini

 service apache2 stop;
 sleep 2;
 service nginx restart;
 service php5-fpm restart;

 # Copy xterm to enable nano
 mkdir -p /var/chroot/sshd/etc/terminfo/x
 cp /lib/terminfo/x/* /var/chroot/sshd/etc/terminfo/x/
 service ssh-chroot restart
 service ssh-chroot restart

 echo "TMOUT=1440
 readonly TMOUT
 export TMOUT" >> /etc/profile.d/autologout.sh

 echo "deb http://dl.ajaxplorer.info/repos/apt stable main
 deb-src http://dl.ajaxplorer.info/repos/apt stable main" >> /etc/apt/sources.list

 apt-get update -y; apt-get install ajaxplorer -y;

 cp /usr/share/doc/ajaxplorer/apache2.sample.conf /etc/apache2/sites-enabled/ajaxplorer.conf

 # edit /opt/gateone/settings/50limits.conf
	#!/bin/bash
	# Made for Debian 7 with CLI
	apt-get remove --purge apache2 xinetd samba bind bind9 -y;
	apt-get update -y;
	service apache2 stop;
	rm /etc/init.d/apache2;
	sleep 2;
	apt-get install dialog -y;
	dpkg-reconfigure locales;
	apt-get install g++-4.7 g++-4.6 g++-4.4 g++ gcc clang -y;
	#apt-get install gdb valgrind kmtrace mutextrace -y;
	sleep 2;
	#apt-get install styx lemon doxygen colorgcc colormake cppcheck cpputest cproto libboost-all-dev libboost-dev libboost-chrono-dev astyle bcpp ccache cccc ccbuild cloc cmake automake -y;
	sleep 2;
	#apt-get install stl-manual manpages-posix manpages-posix-dev -y;
	apt-get install sudo and aptitude -y;
	apt-get install debconf autoconf binutils bison debhelper -y;
	#apt-get install cpulimit htop ioping iotop -y;
	apt-get install vim nano emacs -y;
	apt-get install git git-core -y;
	#apt-get install zsh csh rsh -y;
	#apt-get install bashdb bc bash-completion -y;
	#apt-get install unrar p7zip-full -y;
	#apt-get install curl -y;
	#apt-get install lynx -y;
	apt-get install python python3 python-support python-pip -y;
	apt-get install makejail fakeroot -y;
	apt-get install php5-fpm nginx fail2ban zendframework php-apc php5-cli php5-curl phpunit -y;
	#apt-get remove --purge mysql-server* mysql-client* -y;

	mkdir -p /var/chroot/sshd/;
	makejail /usr/share/doc/makejail/examples/sshd.py;
	cd ~/;
	wget https://gist.github.com/wcypierre/6095848/raw/6fbc059fe95fe6d605ab7c9ada8e27a1a71c3da9/bin_lib_copy.sh;
	sh ./bin_lib_copy.sh ssh
	wget https://gist.github.com/wcypierre/6136797/raw/66fa8e35f4d27321628f4cec836395a4949a2aa8/sshd_config_client
	wget https://gist.github.com/wcypierre/6136792/raw/cf1d920f9e0981ae2420d198f8afbac54548b1f2/sshd_config_host
	cp sshd_config_host /etc/ssh/sshd_config
	cp sshd_config_client /var/chroot/sshd/etc/ssh/sshd_config
	cp /etc/passwd /var/chroot/sshd/etc/passwd;
	cp /etc/group /var/chroot/sshd/etc/group;
	cp /etc/shadow /var/chroot/sshd/etc/shadow;
	mkdir -p /var/chroot/sshd/home;
	mkdir -p /var/chroot/sshd/proc;
	mount -t proc proc /var/chroot/sshd/proc;
	echo "proc-ssh /var/chroot/sshd/proc proc none 0 0" >> /etc/fstab
	wget https://gist.github.com/wcypierre/6138295/raw/fd0b9b5b09deb33b0f598d9cb765488507f9b5dc/ssh-chroot
	cp ssh-chroot /etc/init.d/ssh-chroot
	chmod 700 /etc/init.d/ssh-chroot
	echo "-a /var/chroot/sshd/dev/log" >> /etc/default/syslogd
	cp /etc/pam.d/common-* /var/chroot/sshd/etc/pam.d/
	ssh-keygen -A
	cp /etc/ssh/ssh_host_key /var/chroot/sshd/etc/ssh/ssh_host_key
	cp /etc/ssh/ssh_host_key.pub /var/chroot/sshd/etc/ssh/ssh_host_key.pub
	cp /etc/ssh/ssh_host_dsa_key /var/chroot/sshd/etc/ssh/ssh_host_dsa_key
	cp /etc/ssh/ssh_host_rsa_key.pub /var/chroot/sshd/etc/ssh/ssh_host_rsa_key.pub
	cp /etc/ssh/ssh_host_ecdsa_key /var/chroot/sshd/etc/ssh/ssh_host_ecdsa_key
	cp /etc/ssh/ssh_host_ecdsa_key.pub /var/chroot/sshd/etc/ssh/ssh_host_ecdsa_key.pub
	echo "session required pam_chroot.so" >> /etc/pam.d/ssh
	/etc/init.d/ssh-chroot restart
	/etc/init.d/ssh-chroot restart
	/etc/init.d/ssh-chroot restart
	/etc/init.d/ssh restart

	echo "When you want to add user, you need to copy /etc/{passwd, group, shadow} to /var/chroot/sshd/{passwd, group, shadow}"
	echo "vm.swappiness=30" >> /etc/sysctl.conf;

	cd /usr/;
	git clone https://github.com/wcypierre/GateOne.git
	cd /usr/GateOne/;
	pip install tornado stdeb slimit cssmin
	python setup.py install
	cd /opt/gateone/;
	./gateone.py &

	cd /etc/fail2ban/action.d/
	rm sendmail-whois-lines.conf
	wget https://gist.github.com/wcypierre/6145883/raw/7c7a9764fa7f51f9922d3bdd6bfd07296819d2f0/sendmail-whois-lines.conf
	cd /etc/fail2ban;
	rm jail.conf
	wget https://gist.github.com/wcypierre/6145891/raw/3b05db2d85d60502015b1aafedda174b3cb24236/jail.conf

	groupadd chroot

	cd /usr/bin
	wget https://gist.github.com/wcypierre/6146014/raw/85149dfeac7b62822d10216d4b75c0c2ba828bd8/user_add.sh

	rm /etc/nginx/sites-available/default
	cd /etc/nginx/sites-available/;
	wget https://gist.github.com/wcypierre/6146312/raw/4031e22b7376c00b70c566b3b5457628832e9fd6/default

	cd /etc/php5/fpm/;
	rm php.ini;
	wget https://gist.github.com/wcypierre/6146337/raw/f734c7cc3a76c6a00b66e63561f0a51c05da6c15/php.ini

	service apache2 stop;
	sleep 2;
	service nginx restart;
	service php5-fpm restart;

	# Copy xterm to enable nano
	mkdir -p /var/chroot/sshd/etc/terminfo/x
	cp /lib/terminfo/x/* /var/chroot/sshd/etc/terminfo/x/
	service ssh-chroot restart
	service ssh-chroot restart

	echo "TMOUT=1440
	readonly TMOUT
	export TMOUT" >> /etc/profile.d/autologout.sh

	echo "deb http://dl.ajaxplorer.info/repos/apt stable main
	deb-src http://dl.ajaxplorer.info/repos/apt stable main" >> /etc/apt/sources.list

	apt-get update -y; apt-get install ajaxplorer -y;

	cp /usr/share/doc/ajaxplorer/apache2.sample.conf /etc/apache2/sites-enabled/ajaxplorer.conf

	# edit /opt/gateone/settings/50limits.conf