max-mapper · January 4, 2016 01:49
diff --git a/initial.sh b/initial.sh
 #!/bin/bash
 # - updates ubuntu
 # - creates a sudo-able non-root user called $user_name (for logging into the server later and doing stuff)
 # - sets up ssh keys for that user by copying the over from /root/.ssh
 # - disables ssh root login (that's what $user_name is for)
 # - creates a system user "taco" for the taco process to run as
 # - sets up basic iptables firewall
 # 
 printf '\e[1;34m%b\e[m' "\nUpdating the system...\n"
 apt-get -y -qq update
 DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" dist-upgrade

 printf '\e[1;34m%b\e[m' "\nCreating user 'taco'...\n"
 adduser --system --group --gecos "" taco

 printf '\e[1;34m%b\e[m' "\nSetting up basic firewall...\n"
 apt-get -y -qq install ufw
 ufw allow ssh
 ufw allow http
 ufw allow https
 echo "y" | ufw enable
 ufw status

 NEW_USER="${NEW_USER:-admin}"

 if [ ! -d /home/$NEW_USER ]; then
  printf '\e[1;34m%b\e[m' "\nCreating user '$NEW_USER'...\n"
  adduser --disabled-password --gecos "" $NEW_USER
  mkdir /home/$NEW_USER/.ssh
  chmod 700 /home/$NEW_USER/.ssh

  printf '\e[1;34m%b\e[m' "\nAdding ssh keys to $NEW_USER...\n"
  cp /root/.ssh/authorized_keys /home/$NEW_USER/.ssh/
  chmod 400 /home/$NEW_USER/.ssh/authorized_keys
  chown $NEW_USER:$NEW_USER /home/$NEW_USER -R

  printf '\e[1;34m%b\e[m' "\nGranting sudo rights to $NEW_USER\n"
  adduser $NEW_USER sudo
  echo "admin    ALL = NOPASSWD: ALL" >> /etc/sudoers

  # make ssh a little more secure
  printf '\e[1;34m%b\e[m' "\nDisabling ssh root login...\n"
  sed -e 's/^PermitRootLogin .*$/PermitRootLogin no/' -i /etc/ssh/sshd_config
  sed -e 's/#\{0,1\}PasswordAuthentication .*$/PasswordAuthentication no/' -i /etc/ssh/sshd_config
  reload ssh
 fi

 exit
	#!/bin/bash
	# - updates ubuntu
	# - creates a sudo-able non-root user called $user_name (for logging into the server later and doing stuff)
	# - sets up ssh keys for that user by copying the over from /root/.ssh
	# - disables ssh root login (that's what $user_name is for)
	# - creates a system user "taco" for the taco process to run as
	# - sets up basic iptables firewall
	#
	printf '\e[1;34m%b\e[m' "\nUpdating the system...\n"
	apt-get -y -qq update
	DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" dist-upgrade

	printf '\e[1;34m%b\e[m' "\nCreating user 'taco'...\n"
	adduser --system --group --gecos "" taco

	printf '\e[1;34m%b\e[m' "\nSetting up basic firewall...\n"
	apt-get -y -qq install ufw
	ufw allow ssh
	ufw allow http
	ufw allow https
	echo "y" \| ufw enable
	ufw status

	NEW_USER="${NEW_USER:-admin}"

	if [ ! -d /home/$NEW_USER ]; then
	printf '\e[1;34m%b\e[m' "\nCreating user '$NEW_USER'...\n"
	adduser --disabled-password --gecos "" $NEW_USER
	mkdir /home/$NEW_USER/.ssh
	chmod 700 /home/$NEW_USER/.ssh

	printf '\e[1;34m%b\e[m' "\nAdding ssh keys to $NEW_USER...\n"
	cp /root/.ssh/authorized_keys /home/$NEW_USER/.ssh/
	chmod 400 /home/$NEW_USER/.ssh/authorized_keys
	chown $NEW_USER:$NEW_USER /home/$NEW_USER -R

	printf '\e[1;34m%b\e[m' "\nGranting sudo rights to $NEW_USER\n"
	adduser $NEW_USER sudo
	echo "admin ALL = NOPASSWD: ALL" >> /etc/sudoers

	# make ssh a little more secure
	printf '\e[1;34m%b\e[m' "\nDisabling ssh root login...\n"
	sed -e 's/^PermitRootLogin .*$/PermitRootLogin no/' -i /etc/ssh/sshd_config
	sed -e 's/#\{0,1\}PasswordAuthentication .*$/PasswordAuthentication no/' -i /etc/ssh/sshd_config
	reload ssh
	fi

	exit