shell-scripte-code/server_optimize.sh

122 lines
2.8 KiB
Bash
Raw Normal View History

2019-08-05 12:38:40 +02:00
#!/bin/bash
set -ex
version="${1}"
[[ -z "${version}" ]] && version="${hostname#*-}"
2019-08-05 13:43:33 +02:00
# while-schleife
while (( "$#" ))
do
echo ${1}
export ${1}="y"
shift
done
2019-08-05 12:38:40 +02:00
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
sudo "$0" "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9"
exit 0
else
echo "Als ROOT angemeldet!!!"
fi
echo "Als root Angemeldet"
2019-08-05 13:43:33 +02:00
sleep 5
2019-08-05 12:38:40 +02:00
function makesshsecure() {
#sshd -T |grep permitrootlogin
sed -e 's|PermitRootLogin=.*$|PermitRootLogin=\ no|' -i /etc/ssh/sshd_config
sed -e 's|Port=.*$|Port=\ 2020|' -i /etc/ssh/sshd_config
systemctl restart sshd.service
cat /etc/services
}
function makesshsecure() {
apt install tcpd -y
nano -w /etc/hosts.allow
nano -w /etc/hosts.deny
}
function makeiptables() {
2019-08-05 12:55:29 +02:00
apt install iptables-persistent -y
2019-08-05 12:38:40 +02:00
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
}
function makefail2ban() {
2019-08-05 12:55:29 +02:00
apt install fail2ban -y
2019-08-05 12:38:40 +02:00
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
nano -w /etc/fail2ban/jail.local
systemctl restart fail2ban.service
}
function makeuser() {
2019-08-05 13:43:33 +02:00
if ! cat /etc/group | grep wheel; then
groupadd wheel
fi
echo "root ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers
2019-08-05 12:38:40 +02:00
echo "%wheel ALL=(ALL)" >> /etc/sudoers
2019-08-05 13:43:33 +02:00
adduser user1
2019-08-05 12:38:40 +02:00
adduser user1 wheel
}
2019-08-05 12:55:29 +02:00
function userloginalert() {
2019-08-05 13:03:48 +02:00
apt install finger -y
echo "#!/bin/bash
2019-08-05 12:55:29 +02:00
echo "Login auf $(hostname) am $(date +%Y-%m-%d) um $(date +%H:%M)"
echo "Benutzer: $USER"
echo
2019-08-05 13:03:48 +02:00
finger" >> /opt/shell-login.sh
2019-08-05 12:55:29 +02:00
2019-08-05 13:03:48 +02:00
echo "/opt/shell-login.sh | mailx -s "SSH-Log-in auf ihrem Server $(cat /etc/hostname)" bahn01@online.de" > /etc/profile
chmod 755 /opt/shell-login.sh
}
function dailyupdates() {
2019-08-05 13:32:42 +02:00
echo "#!/bin/bash" > /etc/cron.daily/update-packages
2019-08-05 13:48:32 +02:00
echo "apt update && apt upgrade -y" >> /etc/cron.daily/update-packages
2019-08-05 13:32:42 +02:00
echo "ROOT" >> /etc/cron.daily/update-packages
echo "EXITVALUE=\$?" >> /etc/cron.daily/update-packages
2019-08-05 13:48:32 +02:00
echo "if [ \$EXITVALUE != 0 ]; then" >> /etc/cron.daily/update-packages
2019-08-05 13:03:48 +02:00
echo " /usr/bin/logger -t update-packages \"ALERT exited abnormally with [\$EXITVALUE]\"" >> /etc/cron.daily/update-packages
2019-08-05 13:32:42 +02:00
echo "fi" >> /etc/cron.daily/update-packages
echo "exit \$EXITVALUE" >> /etc/cron.daily/update-packages
chmod +x /etc/cron.daily/update-packages
2019-08-05 12:55:29 +02:00
}
2019-08-05 13:43:33 +02:00
if [ "${makesshsecure}" == "y" ] || [ "${all}" == "y" ]; then
makesshsecure
fi
if [ "${makeiptables}" == "y" ] || [ "${all}" == "y" ]; then
makeiptables
fi
if [ "${makefail2ban}" == "y" ] || [ "${all}" == "y" ]; then
makefail2ban
fi
if [ "${makeuser}" == "y" ] || [ "${all}" == "y" ]; then
makeuser
fi
if [ "${userloginalert}" == "y" ] || [ "${all}" == "y" ]; then
userloginalert
fi
if [ "${dailyupdates}" == "y" ] || [ "${all}" == "y" ]; then
dailyupdates
fi