chris-redbeed · October 19, 2020 13:13 · May 1, 2020 · May 1, 2020 · Apr 30, 2020
diff --git a/debian-setup.sh b/debian-setup.sh
@@ -1,5 +1,4 @@
 # Arch Linux Setup: https://gist.github.com/kevinkub/46ce7229ee4f17be710ddd7c5a80a3c3
-# Debain Linux Setup: https://gist.github.com/chris-redbeed/b3cee239532cee25b2357b4225e7f791
 
 # Change root password
 echo "# Change password of root user"

diff --git a/debian-setup.sh b/debian-setup.sh
@@ -1,3 +1,6 @@
+# Arch Linux Setup: https://gist.github.com/kevinkub/46ce7229ee4f17be710ddd7c5a80a3c3
+# Debain Linux Setup: https://gist.github.com/chris-redbeed/b3cee239532cee25b2357b4225e7f791
+
 # Change root password
 echo "# Change password of root user"
 passwd

diff --git a/debian-setup.sh b/debian-setup.sh
@@ -0,0 +1,104 @@
+# Change root password
+echo "# Change password of root user"
+passwd
+
+# Change hostname
+echo "# Change hostname"
+hostname
+hostname $hostname
+
+# Setup mirror-list
+echo "# Finding fastest mirrors"
+aptitude -y install netselect netselect-apt
+netselect-apt -c germany -t 15 -a amd64
+
+# Self-upgrade
+echo "# Update system"
+aptitude -y update && aptitude -y safe-upgrade
+
+# Create user
+echo "# Create new user"
+echo "Please enter username:"
+read username
+useradd -m $username
+passwd $username
+chsh -s /bin/bash $username
+echo "Please enter public key:"
+read publickey
+mkdir "/home/"$username"/.ssh/"
+echo $publickey > "/home/"$username"/.ssh/authorized_keys"
+
+# Configure sshd
+echo "# Configure sshd"
+echo "Please enter a ssh port:"
+read sshport
+echo "# Custom sshd configurations
+
+# Set the ssh port
+Port "$sshport"
+# Forbid root login
+PermitRootLogin no
+# End login-attempts after 30s
+LoginGraceTime 30s
+# Give only one try to auth
+MaxAuthTries 1
+# Use public key authentication only
+PubkeyAuthentication yes
+# Find the file in .ssh/authorized_keys
+AuthorizedKeysFile .ssh/authorized_keys
+# Use the pam authentication module
+UsePAM yes
+# Disable password auth
+PasswordAuthentication no
+# Limit the maximum number of not-logged-in connections to 2
+MaxStartups 2
+# Print no default message after login as this will be handeled by pam
+PrintMotd no
+# Load sftp-subsystem (default arch linux)
+Subsystem sftp /usr/lib/ssh/sftp-server
+# Add permissions for specific users
+AllowUsers "$username > /etc/ssh/sshd_config
+
+# Setup firewall
+echo "# Setup firewall with ufw."
+aptitude -y install ufw
+ufw default allow outgoing
+ufw default deny incoming
+ufw allow $sshport/tcp
+ufw limit $sshport/tcp
+ufw enable
+systemctl start ufw
+systemctl enable ufw
+
+# Setup auto-update
+echo "# Setup auto-update (unattended-upgrades)"
+aptitude -y install unattended-upgrades apt-listchanges
+
+# run "apt-get update" and "upgrade" daily
+echo 'APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";' >> /etc/apt/apt.conf.d/20auto-upgrades
+
+# add whiteliste for "Security" updates 
+echo 'Unattended-Upgrade::Origins-Pattern {
+        "origin=Debian,codename=${distro_codename},label=Debian-Security";
+};
+
+Unattended-Upgrade::Package-Blacklist {
+};' >> /etc/apt/apt.conf.d/50unattended-upgrades
+
+# add mail service (send root info)
+echo '[apt]
+frontend=pager
+confirm=false
+email_address=root
+save_seen=/var/lib/apt/listchanges.db
+which=news' >> /etc/apt/listchanges.conf
+
+# Setup timezone and ntp
+timedatectl set-timezone Europe/Berlin
+timedatectl set-ntp true 
+
+# Good to know:
+#   nginx: https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-debian-10
+#   php: https://www.itzgeek.com/how-tos/linux/debian/how-to-install-php-7-3-7-2-7-1-on-debian-10-debian-9-debian-8.html
+#   certbot https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-debian-10
No results found