Skip to content

Instantly share code, notes, and snippets.

@kapitanluffy

kapitanluffy/provision_centos_server.sh

Forked from flacodirt/provision_centos_server.sh
Created June 21, 2013 00:51
Show Gist options
  • Save kapitanluffy/5828082 to your computer and use it in GitHub Desktop.
Save kapitanluffy/5828082 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @flacodirt flacodirt revised this gist Apr 23, 2013. 1 changed file with 2 additions and 0 deletions.
    2 changes: 2 additions & 0 deletions provision_centos_server.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -97,6 +97,8 @@ echo '# When you return, execute the script with the argument ADMIN to skip the
    echo '# Example: provision_centos_server.sh ADMIN'
    exit

    # PowerStack repo
    # rpm -Uvh http://download.powerstack.org/powerstack-release-0-2.noarch.rpm

    # SSH server force SSH keys only
    # (on workstation)
  2. @flacodirt flacodirt revised this gist Apr 7, 2013. 1 changed file with 6 additions and 0 deletions.
    6 changes: 6 additions & 0 deletions provision_centos_server.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -77,8 +77,14 @@ echo "AllowGroups $ADMINGROUP" >> /etc/ssh/sshd_config
    echo '# Change SSH port'
    echo -n 'Enter new SSH port: '
    read -e SSHPORT
    sed -i "s/#Port/Port/g" /etc/ssh/sshd_config
    sed -i "s/Port 22/Port $SSHPORT/g" /etc/ssh/sshd_config
    iptables -D INPUT -p tcp --dport 22 -j ACCEPT
    iptables -A INPUT -p tcp --dport $SSHPORT -j ACCEPT
    /sbin/service iptables save
    /sbin/service iptables restart
    /etc/init.d/sshd restart
    read -p "Press any key to begin updating and installing packages or [CTRL]+[C] to quit."

    echo '# Install common packages'
    sudo yum install -y wget telnet tar sudo perl python iptables man openssh openssl
  3. @flacodirt flacodirt created this gist Apr 7, 2013.
    163 changes: 163 additions & 0 deletions provision_centos_server.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,163 @@
    #!/bin/bash
    clear
    clear
    echo '#'
    echo '# CentOS 6.3 LAMP Server Provisioning Script'
    echo '#'
    echo '# This script will guide you through the initial server provisioning for a standard CentOS 6.3 LAMP server.'
    echo '#'
    echo '# [x] iptables lockdown'
    echo '# [x] Change root password'
    echo '# [x] Add administrators group'
    echo '# [x] Add administrators group to sudoers'
    echo '# [x] Add admin user'
    echo '# [x] Disable root remote login'
    echo '# [x] Install common packages'
    echo '# [x] Update server'
    echo '# [ ] Configure SSH Keys and restrict SSH logins by key only'
    echo '# [ ] Configure MySQL'
    echo '# [ ] Configure Apache'
    echo '# [ ] Configure PHP'
    echo '# [ ] Configure git'
    echo '# [ ] Configure vimrc options'
    echo '#'
    echo '# @author brockhensley'
    echo '# @version 1.0.1'
    echo '# @date Last updated April 6th 2013'
    echo '# @link brockhensley.com'
    echo '#'
    read -p "Press any key to begin provisioning or [CTRL]+[C] to quit."
    clear

    echo '# iptables lockdown'
    iptables -L -v -n
    iptables -P INPUT ACCEPT
    iptables -F
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    iptables -P INPUT DROP
    iptables -P FORWARD DROP
    iptables -P OUTPUT ACCEPT
    iptables -L -v -n
    /sbin/service iptables save
    /sbin/service iptables restart

    echo '# Change root password'
    echo 'Enter new password: '
    passwd

    echo '# Add administrators group'
    echo -n "Enter name for administrators group (Default: admins): "
    read -e ADMINSGROUP
    if [ -z "$ADMINSGROUP" ]
    then
    $ADMINSGROUP = 'admins'
    fi
    groupadd $ADMINSGROUP

    echo '# Add administrators group to sudoers'
    tstmp=$( date +%F-%H-%M-%S )
    cp /etc/sudoers /etc/sudoers.$tstmp.bak
    echo "%$ADMINSGROUP ALL = (ALL) ALL" >> /etc/sudoers

    echo '# Add admin user'
    echo -n "Enter name for administrator user: "
    read -e ADMINUSER
    useradd $ADMINUSER -G $ADMINSGROUP
    echo -n "Enter new password for $ADMINUSER: "
    passwd $ADMINUSER

    echo '# Disable root remote login'
    cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$tstmp.bak
    sed -i 's/# PermitRootLogin/PermitRootLogin/g' /etc/ssh/sshd_config
    sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
    echo "AllowGroups $ADMINGROUP" >> /etc/ssh/sshd_config

    echo '# Change SSH port'
    echo -n 'Enter new SSH port: '
    read -e SSHPORT
    sed -i "s/Port 22/Port $SSHPORT/g" /etc/ssh/sshd_config
    /etc/init.d/sshd restart

    echo '# Install common packages'
    sudo yum install -y wget telnet tar sudo perl python iptables man openssh openssl

    echo '# Update server'
    sudo yum update

    echo "# You will need to exit from SSH and log back into SSH (remember port $SSHPORT) as the admin ($ADMINUSER) from this point on"
    echo '# When you return, execute the script with the argument ADMIN to skip the completed steps'
    echo '# Example: provision_centos_server.sh ADMIN'
    exit


    # SSH server force SSH keys only
    # (on workstation)
    ssh-keygen -b 4096 -t rsa -f ~/.ssh/id_rsa
    ssh-copy-id -i ~/.ssh/id_rsa.pub $ADMINUSER@<YOUR_SERVER_IP>
    ssh-add
    # (may need to logoff/logon workstation if get Agent sign error)

    # (on server)
    chown -R $ADMINUSER:$ADMINUSER ~/.ssh
    chmod 700 ~/.ssh
    chmod 600 ~/.ssh/authorized_keys
    restorecon -Rv ~/.ssh
    sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$tstmp.bak
    sudo sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config

    # MySQL
    sudo yum install -y mysql-server
    sudo cp /etc/my.cnf /etc/my.cnf.$tstmp.bak
    echo -n "Enter new MySQL port: "
    read -e MYSQLPORT
    sudo sed -i "s/port=3306/port=$MYSQLPORT/g" /etc/my.cnf
    sudo service mysqld restart
    sudo /usr/bin/mysql_secure_installation

    # Apache
    sudo yum install -y httpd
    sudo vi /etc/httpd/conf/httpd.conf
    ServerName 127.0.0.1:80
    sudo vi /etc/httpd/conf.d/vhosts.conf
    NameVirtualHost *:80
    <VirtualHost *:80>
    ServerAdmin [email protected]
    DocumentRoot /var/www/vhosts/domain.com/public_html
    ServerName www.domain.com
    ServerAlias domain.com
    ErrorLog /var/www/vhosts/domain.com/logs/error_log
    CustomLog /var/www/vhosts/domain.com/logs/access_log common
    <Directory /var/www/vhosts/domain.com>
    Options All
    AllowOverride All
    </Directory>
    </VirtualHost>

    # PHP
    #lynx http://mirror.pnl.gov/epel/6/i386/repoview/epel-release.html
    wget http://mirror.pnl.gov/epel/6/i386/epel-release-6-8.noarch.rpm
    sudo rpm -Uvh epel-release-6-8.noarch.rpm
    sudo yum install -y php php-common php-cli php-gd php-mbstring php-mcrypt php-mysql php-pdo php-pear php-pecl-apc php-pecl-xdebug php-soap php-tidy php-xml php-xmlrpc
    sudo echo "xdebug.var_display_max_children=-1" >> /etc/php.d/xdebug.ini
    sudo echo "xdebug.var_display_max_data=-1" >> /etc/php.d/xdebug.ini
    sudo echo "xdebug.var_display_max_depth=-1" >> /etc/php.d/xdebug.ini

    # git
    sudo yum install -y git
    cd /var/www/vhosts
    git clone [email protected]:x/y.git
    sudo usermod -a -G apache $ADMINUSER
    sudo usermod -a -G $ADMINUSER apache
    # logoff/logon
    echo "umask 007" >> /etc/sysconfig/httpd
    sudo chgrp -R $ADMINUSER /var/www/vhosts/domain.com
    sudo chmod 2770 /var/www/vhosts/domain.com

    # vimrc options
    wget https://gist.github.com/dirte/5245083/raw/eed54c62294ee996816ac0481d03b7537f8bec35/.vimrc

    # bash options

    # alias