187 lines
4.0 KiB
Bash
Executable File
187 lines
4.0 KiB
Bash
Executable File
#!/bin/bash
|
|
# determined-server-setup (dss)
|
|
# Written by Josh Mudge
|
|
# Ad Mejorem Dei Glorium
|
|
|
|
version=$(curl -s https://git.coolaj86.com/josh/dss/raw/branch/master/VERSION | cat)
|
|
|
|
# Get options from CLI arguments
|
|
|
|
usr=$USER
|
|
init=0
|
|
clean=0
|
|
log=0
|
|
authlog=0
|
|
update=0
|
|
mon=0
|
|
|
|
while [[ $# -gt 0 ]]
|
|
do
|
|
key="$1"
|
|
|
|
case $key in
|
|
--init)
|
|
init=1
|
|
shift # past argument
|
|
;;
|
|
--clean)
|
|
clean=1
|
|
shift # past argument
|
|
;;
|
|
--log)
|
|
log=1
|
|
shift # past argument
|
|
;;
|
|
--authlog)
|
|
authlog="$2"
|
|
shift # past argument
|
|
;;
|
|
--user)
|
|
usr="$2"
|
|
shift # past argument
|
|
;;
|
|
--user2)
|
|
user2="$2"
|
|
shift # past argument
|
|
;;
|
|
--user3)
|
|
user3="$2"
|
|
shift # past argument
|
|
;;
|
|
--update)
|
|
update=1
|
|
shift # past argument
|
|
;;
|
|
--monitor)
|
|
mon=1
|
|
shift # past argument
|
|
;;
|
|
--mon-setup)
|
|
mon=2
|
|
shift # past argument
|
|
;;
|
|
--email)
|
|
email=1
|
|
shift # past argument
|
|
;;
|
|
--logfile)
|
|
logfile=1
|
|
shift # past argument
|
|
;;
|
|
blacklist)
|
|
blacklist="$2"
|
|
shift # past argument
|
|
;;
|
|
-h|help)
|
|
echo "dss $version"
|
|
echo "Usage: dss [OPTION]"
|
|
echo "You can run the following commands:"
|
|
echo "dss --clean # Update the server and cleanup uneeded files and programs. Use with caution."
|
|
echo "dss --log # Print the system log."
|
|
echo "dss --authlog 1 # Print the SSH authentication log. Use 'dss authlog attacks' to show attacks on your SSH server."
|
|
echo "dss --user USERNAME --init # Setup server with server utilities and enable automatic security updates."
|
|
exit 1
|
|
;;
|
|
-v|version)
|
|
echo "dss $version"
|
|
exit 1
|
|
;;
|
|
*)
|
|
# unknown option
|
|
if test -z "${unknown}"
|
|
then
|
|
unknown=$1
|
|
else
|
|
echo "dss $version"
|
|
echo "dss --user USERNAME --init # Setup server with server utilities and enable automatic security updates."
|
|
exit 1
|
|
fi
|
|
;;
|
|
esac
|
|
shift # past argument or value
|
|
done
|
|
|
|
if test $init = 1
|
|
then
|
|
# Update server
|
|
sudo apt-get update
|
|
sudo apt-get upgrade -y
|
|
|
|
# Install server utilities
|
|
sudo apt-get install -y screen curl nano htop fail2ban rsync man shellcheck git software-properties-common
|
|
|
|
# Prompt user to set up automatic security updates.
|
|
sudo apt-get install -y unattended-upgrades
|
|
sudo dpkg-reconfigure -plow unattended-upgrades
|
|
|
|
# Harden ssh
|
|
if determined-harden-ssh --user $usr
|
|
then
|
|
echo "dss" | sudo tee /home/.dssv1.7
|
|
else
|
|
"You cannot create root user and disable root login, that won't work... See 'dss help'"
|
|
exit
|
|
fi
|
|
|
|
elif test $log = 1
|
|
then
|
|
|
|
sudo cat /var/log/syslog
|
|
|
|
elif test $authlog = 1
|
|
then
|
|
sudo cat /var/log/auth.log
|
|
|
|
elif test $authlog = attacks
|
|
then
|
|
sudo cat /var/log/auth.log | grep "Invalid user"
|
|
sudo cat /var/log/auth.log | grep "Connection closed"
|
|
exit
|
|
|
|
elif test ! -z $blacklist
|
|
then
|
|
echo "Note to self: add blacklist function, empty elif is not allowed in BASH."
|
|
# Blacklist code
|
|
|
|
elif test $update = 1
|
|
then
|
|
# Update Linux and determined-setup
|
|
sudo apt-get update
|
|
sudo apt-get upgrade
|
|
curl -s "https://git.coolaj86.com/josh/raw/master/dss/setup.sh" | bash
|
|
|
|
elif test $clean = 1
|
|
then
|
|
# Update
|
|
sudo apt-get update
|
|
sudo apt-get upgrade
|
|
|
|
# Cleanup
|
|
sudo apt-get clean
|
|
sudo apt-get autoremove
|
|
|
|
elif test $mon = 1
|
|
then
|
|
|
|
cd /home
|
|
./sysmon.sh -- email $email
|
|
|
|
elif test $mon = 2
|
|
then
|
|
|
|
dss init
|
|
curl -sO "https://git.coolaj86.com/josh/raw/master/dss/sysmon.sh"
|
|
sudo mv sysmon.sh /home/.sysmon.sh
|
|
( sudo crontab -l ; echo "14 1 * * * /bin/bash -c "/home/.sysmon.sh --email $email"" &> "$logfile" ) | sudo crontab -
|
|
|
|
else
|
|
echo "dss $version"
|
|
echo "Usage: dss [OPTION]"
|
|
echo "You can run the following commands:"
|
|
echo "dss --clean # Update the server and cleanup uneeded files and programs. Use with caution."
|
|
echo "dss --log # Print the system log."
|
|
echo "dss --authlog 1 # Print the SSH authentication log. Use 'dss authlog attacks' to show attacks on your SSH server."
|
|
echo "dss --user USERNAME init # Setup server with server utilities and enable automatic security updates."
|
|
exit 1
|
|
fi
|