server_optimize

server_optimize.sh

@@ -0,0 +1,84 @@
+#!/bin/bash
+
+set -ex
+
+version="${1}"
+[[ -z "${version}" ]] && version="${hostname#*-}"
+
+if [[ $EUID -ne 0 ]]; then
+    echo "This script must be run as root" 1>&2
+    sudo "$0" "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9"
+    exit 0
+else
+    echo "Als ROOT angemeldet!!!"
+fi
+echo "Als root Angemeldet"
+
+if [ -z "${hostname}" ]; then
+    if [ -f "/usr/bin/systemctl" ]; then
+        if [ -f "/etc/hostname.example" ]; then
+            hostname="$(cat /etc/hostname.example)"
+        else
+            cp /etc/hostname /etc/hostname.example
+            hostname="$(cat /etc/hostname)"
+        fi
+    else
+        if ! [ -f "/etc/conf.d/hostname.example" ]; then
+            cp /etc/conf.d/hostname /etc/conf.d/hostname.example
+        fi
+        temphostname="$(cat /etc/conf.d/hostname.example)"
+        #hostname="${temphostname%?}"
+        hostname="${temphostname:10:$((${#temphostname})) - 11}"
+    fi
+fi
+
+function makesshsecure() {
+
+    #sshd -T |grep permitrootlogin
+
+    sed -e 's|PermitRootLogin=.*$|PermitRootLogin=\ no|' -i /etc/ssh/sshd_config
+    sed -e 's|Port=.*$|Port=\ 2020|' -i /etc/ssh/sshd_config
+
+    systemctl restart sshd.service
+
+    cat /etc/services
+}
+
+function makesshsecure() {
+    apt install tcpd -y
+
+    nano -w /etc/hosts.allow
+
+    nano -w /etc/hosts.deny
+}
+
+function makeiptables() {
+
+    apt install iptables-persistent
+
+    iptables-save > /etc/iptables/rules.v4
+    ip6tables-save > /etc/iptables/rules.v6
+}
+
+function makefail2ban() {
+    apt install fail2ban
+
+    cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
+
+    nano -w /etc/fail2ban/jail.local
+
+    systemctl restart fail2ban.service
+}
+
+function makeuser() {
+    echo "%wheel ALL=(ALL)" >> /etc/sudoers
+    adduser user1 wheel
+}
+
+makesshsecure
+sleep 1
+makeiptables
+sleep 1
+makefail2ban
+sleep 1
+makeuser