-
Notifications
You must be signed in to change notification settings - Fork 0
/
provision_ubuntu_server.sh
51 lines (33 loc) · 1.12 KB
/
provision_ubuntu_server.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#!/bin/sh
source ./conf
mkdir -p $OUTPUT_PATH
mkdir -p $CB_OUTPUT_PATH
echo "ubuntu:$PASS"
echo "ubuntu:$PASS" | sudo chpasswd
sudo sed -i -e 's/ubuntu ALL=(ALL) NOPASSWD:ALL/ubuntu ALL=(ALL:ALL) ALL/g' /etc/sudoers.d/90-cloud-init-users
sudo apt-get update -q
sudo apt-get install -y git curl sudo bash
sudo apt-get -y install linux-image-extra-$(uname -r)
curl -sSL https://get.docker.com/ubuntu/ | sudo sh
sudo service docker restart
sudo bash setup.sh
sudo apt-get install ufw
sudo ufw disable
sudo ufw default deny incoming
sudo ufw default deny outgoing
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 3306/tcp
sudo ufw allow 8888/tcp
sudo ufw allow out to any port 25
sudo ufw allow out to any port 53
sudo ufw allow out to any port 80
sudo ufw allow out to any port 443
sudo ufw allow out to any port 9418
sudo ufw enable
echo y | sudo ufw enable
sudo apt-get install -y fail2ban
sudo apt-get install -y logwatch
sudo sed -i -e 's/\/usr\/sbin\/logwatch --output mail/\/usr\/sbin\/logwatch --output mail --mailto $LOGWATCH_EMAIL --detail high/g' /etc/cron.daily/00logwatch
source ~/.bashrc