Last active
October 11, 2015 13:07
Revisions
-
ericboehs revised this gist
Jan 23, 2013 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -118,7 +118,7 @@ ruby-switch --set ruby1.9.1 gem install rake bundler rails tmuxinator --no-rdoc --no-ri # Install heroku toolbelt wget -qO- https://toolbelt.heroku.com/install-ubuntu.sh | sh # Install NodeJS add-apt-repository -y ppa:chris-lea/node.js && apt-get update -
ericboehs revised this gist
Jan 23, 2013 . 1 changed file with 3 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -117,6 +117,9 @@ apt-get install -y ruby1.9.3 rubygems ruby-switch imagemagick libxslt-dev libxml ruby-switch --set ruby1.9.1 gem install rake bundler rails tmuxinator --no-rdoc --no-ri # Install heroku toolbelt curl -s https://toolbelt.heroku.com/install.sh | sh # Install NodeJS add-apt-repository -y ppa:chris-lea/node.js && apt-get update apt-get install -y nodejs npm nodejs-dev -
ericboehs revised this gist
Jan 3, 2013 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -105,7 +105,7 @@ chmod 440 /etc/sudoers.d/my_sudoers echo -e "vm.panic_on_oom=1\nkernel.panic=10" >> /etc/sysctl.conf # Install essentials apt-get install -y build-essential python-software-properties software-properties-common zsh curl netcat git htop ack-grep tmux vim-nox exuberant-ctags # Install databases (removed mysql and redis) add-apt-repository -y ppa:pitti/postgresql && apt-get update -
ericboehs revised this gist
Oct 20, 2012 . 1 changed file with 3 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -121,6 +121,9 @@ gem install rake bundler rails tmuxinator --no-rdoc --no-ri add-apt-repository -y ppa:chris-lea/node.js && apt-get update apt-get install -y nodejs npm nodejs-dev # Divert ack to ack-grep dpkg-divert --local --divert /usr/bin/ack --rename --add /usr/bin/ack-grep # Setup postgresql roles & relax security permissions su postgres -c "createuser -s $USER" sed -i 's/peer$/trust/g' /etc/postgresql/9.2/main/pg_hba.conf -
ericboehs revised this gist
Oct 15, 2012 . 1 changed file with 4 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -117,6 +117,10 @@ apt-get install -y ruby1.9.3 rubygems ruby-switch imagemagick libxslt-dev libxml ruby-switch --set ruby1.9.1 gem install rake bundler rails tmuxinator --no-rdoc --no-ri # Install NodeJS add-apt-repository -y ppa:chris-lea/node.js && apt-get update apt-get install -y nodejs npm nodejs-dev # Setup postgresql roles & relax security permissions su postgres -c "createuser -s $USER" sed -i 's/peer$/trust/g' /etc/postgresql/9.2/main/pg_hba.conf -
ericboehs revised this gist
Oct 10, 2012 . 1 changed file with 1 addition and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -126,8 +126,7 @@ service postgresql restart # Setup user and install dotfiles su $USER -c "mv ~/.bashrc ~/.bashrc.bak" su $USER -c "git clone git://github.com/ericboehs/dotfiles.git ~/.dotfiles" su $USER -c "cd ~/.dotfiles && git submodule update --init && rake install && cd vim && rake" su $USER -c "echo 'export GITHUB_USER=$GITHUB_USER' >> ~/.zsh/config.private" # Change default shell to zsh -
ericboehs revised this gist
Oct 10, 2012 . 1 changed file with 7 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -108,16 +108,20 @@ echo -e "vm.panic_on_oom=1\nkernel.panic=10" >> /etc/sysctl.conf apt-get install -y build-essential python-software-properties zsh curl netcat git htop ack-grep tmux vim-nox exuberant-ctags # Install databases (removed mysql and redis) add-apt-repository -y ppa:pitti/postgresql && apt-get update apt-get install -y sqlite3 libpq-dev postgresql-9.2 postgresql-contrib-9.2 memcached # Install ruby and related development libraries needed for gems apt-add-repository -y ppa:brightbox/ruby-ng && apt-get update apt-get install -y ruby1.9.3 rubygems ruby-switch imagemagick libxslt-dev libxml2-dev libssl-dev libsqlite3-dev ruby-switch --set ruby1.9.1 gem install rake bundler rails tmuxinator --no-rdoc --no-ri # Setup postgresql roles & relax security permissions su postgres -c "createuser -s $USER" sed -i 's/peer$/trust/g' /etc/postgresql/9.2/main/pg_hba.conf sed -i 's/md5$/trust/g' /etc/postgresql/9.2/main/pg_hba.conf service postgresql restart # Setup user and install dotfiles su $USER -c "mv ~/.bashrc ~/.bashrc.bak" -
ericboehs revised this gist
Oct 10, 2012 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -105,7 +105,7 @@ chmod 440 /etc/sudoers.d/my_sudoers echo -e "vm.panic_on_oom=1\nkernel.panic=10" >> /etc/sysctl.conf # Install essentials apt-get install -y build-essential python-software-properties zsh curl netcat git htop ack-grep tmux vim-nox exuberant-ctags # Install databases (removed mysql and redis) apt-get install -y sqlite3 postgresql postgresql-contrib-9.1 postgresql-client memcached -
ericboehs revised this gist
Oct 10, 2012 . 1 changed file with 4 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -105,14 +105,15 @@ chmod 440 /etc/sudoers.d/my_sudoers echo -e "vm.panic_on_oom=1\nkernel.panic=10" >> /etc/sysctl.conf # Install essentials apt-get install -y build-essential python-software-properties zsh curl git htop ack-grep tmux vim-nox exuberant-ctags # Install databases (removed mysql and redis) apt-get install -y sqlite3 postgresql postgresql-contrib-9.1 postgresql-client memcached # Install ruby and related development libraries needed for gems apt-add-repository -y ppa:brightbox/ruby-ng && apt-get update apt-get install -y ruby1.9.3 rubygems ruby-switch imagemagick libxslt-dev libxml2-dev libssl-dev libsqlite3-dev libpq-dev ruby-switch --set ruby1.9.1 gem install rake bundler rails tmuxinator --no-rdoc --no-ri # Setup postgresql roles -
ericboehs revised this gist
Oct 10, 2012 . 1 changed file with 13 additions and 11 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -8,41 +8,43 @@ USER=ericboehs SSH_PUBLIC_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApqtopvozpyuX+ELj9a78eFY0AmU5Zl3V3l2n7XW49ZVszdJFGX6l3Lsb9tZW1zNSPtt9hDzh7m4R/y0l/Qxzitk0xcQWyuIFIIifiqY2ZFgEPXKcZ/i+6E1rQL8f44eLkgIH8evTB15TPcIefbdWHlhLXn7WoG/aboC9TzLgtUG05m2Mtp8/gDYI93cZHgK9hLsuQR/iSbt3obx6id2bB4MQSjPu7wPpjVbsn6pglbbjgkE9qkERckLDAUDuFQfJRQUMjbJ01Vnp6w0D6Ffg8kE3VFnBxNc4eZHS/nvPTTd35ZhCnnOIQ5brfTAoMpvctlfoh0fjaWhXJbny39CHow== ericboehs@Airic.local" GITHUB_USER=$USER HOSTNAME=box.erc.bz LOCALE=en TIMEZONE=US/Central # Set a hostname echo "$HOSTNAME" > /etc/hostname hostname -F /etc/hostname # Set the locale locale-gen $LOCALE # Set the timezone echo "$TIMEZONE" > /etc/timezone dpkg-reconfigure -f noninteractive tzdata # Create an admin group /usr/sbin/groupadd admin # Add the admin group to the sudoers list (with no password) sed 's/admin ALL=(ALL) ALL/admin ALL=(ALL) NOPASSWD:ALL/g' /etc/sudoers > /tmp/sudoers.new mv /tmp/sudoers.new /etc/sudoers && chmod 440 /etc/sudoers # Create my admin user /usr/sbin/useradd -m -G admin -s /bin/bash -d /home/$USER $USER # Setup $USER for ssh access su $USER -c "mkdir ~/.ssh" su $USER -c "echo $SSH_PUBLIC_KEY >> ~/.ssh/authorized_keys" su $USER -c "chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys" # Disable root login via SSH (now would be a good time to test your new user if running this script interactively) sed 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config > /tmp/sshd_config.new mv /tmp/sshd_config.new /etc/ssh/sshd_config && chmod 644 /etc/ssh/sshd_config service ssh restart # Update package cache and upgrade packages DEBIAN_FRONTEND=noninteractive apt-get update apt-get upgrade -y -q -o Dpkg::Options::="--force-confold" @@ -108,7 +110,7 @@ apt-get install -y build-essential zsh curl git htop ack-grep tmux vim-nox exube # Install databases (removed mysql and redis) apt-get install -y sqlite3 postgresql postgresql-contrib-9.1 postgresql-client memcached # Install ruby and related development libraries needed for gems apt-get install -y ruby1.9.3 rubygems imagemagick libxslt-dev libxml2-dev libssl-dev libsqlite3-dev libpq-dev update-alternatives --set ruby /usr/bin/ruby1.9.1 gem install rake bundler rails tmuxinator --no-rdoc --no-ri @@ -119,8 +121,8 @@ su postgres -c "createuser -s $USER" # Setup user and install dotfiles su $USER -c "mv ~/.bashrc ~/.bashrc.bak" su $USER -c "git clone git://github.com/ericboehs/dotfiles.git ~/.dotfiles" su $USER -c "cd ~/.dotfiles && git submodule init && git submodule update " su $USER -c "cd ~/.dotfiles && rake install && cd ~/.dotfiles/vim && rake" su $USER -c "echo 'export GITHUB_USER=$GITHUB_USER' >> ~/.zsh/config.private" # Change default shell to zsh -
ericboehs created this gist
Oct 10, 2012 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,129 @@ #!/usr/bin/env bash ### # Run this script as root ### # Setup variables for this script USER=ericboehs SSH_PUBLIC_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApqtopvozpyuX+ELj9a78eFY0AmU5Zl3V3l2n7XW49ZVszdJFGX6l3Lsb9tZW1zNSPtt9hDzh7m4R/y0l/Qxzitk0xcQWyuIFIIifiqY2ZFgEPXKcZ/i+6E1rQL8f44eLkgIH8evTB15TPcIefbdWHlhLXn7WoG/aboC9TzLgtUG05m2Mtp8/gDYI93cZHgK9hLsuQR/iSbt3obx6id2bB4MQSjPu7wPpjVbsn6pglbbjgkE9qkERckLDAUDuFQfJRQUMjbJ01Vnp6w0D6Ffg8kE3VFnBxNc4eZHS/nvPTTd35ZhCnnOIQ5brfTAoMpvctlfoh0fjaWhXJbny39CHow== ericboehs@Airic.local" GITHUB_USER=$USER # Set a hostname echo "box.erc.bz" > /etc/hostname hostname -F /etc/hostname # Set the locale locale-gen en # Set the timezone echo "US/Central" > /etc/timezone dpkg-reconfigure -f noninteractive tzdata # Create an admin group /usr/sbin/groupadd admin # Add the admin group to the sudoers list (with no password) sed 's/admin ALL=(ALL) ALL/admin ALL=(ALL) NOPASSWD:ALL/g' /etc/sudoers > /tmp/sudoers.new mv /tmp/sudoers.new /etc/sudoers && chmod 440 /etc/sudoers # Create my user and make him an admin /usr/sbin/useradd -m -G admin -s /bin/bash -d /home/$USER $USER # Setup $USER user for ssh access su $USER -c "mkdir ~/.ssh" su $USER -c "echo $SSH_PUBLIC_KEY >> ~/.ssh/authorized_keys" su $USER -c "chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys" # Diable root login with SSH (now would be a good time to test your new user if running this script interactively) sed 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config > /tmp/sshd_config.new mv /tmp/sshd_config.new /etc/ssh/sshd_config && chmod 644 /etc/ssh/sshd_config service ssh restart # Update package cache and upgrade packages export DEBIAN_FRONTEND=noninteractive apt-get update apt-get upgrade -y -q -o Dpkg::Options::="--force-confold" # Install fail2ban (prevent repeated logins) apt-get install -y fail2ban cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local sed -i '/\[ssh-ddos\]/,+2 s/enabled = false/enabled = true/g' /etc/fail2ban/jail.local service fail2ban restart # Setup firewall cat << 'EOF' > /etc/iptables.firewall.rules *filter # Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0 -A INPUT -i lo -j ACCEPT -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT # Accept all established inbound connections -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow all outbound traffic - you can modify this to only allow certain traffic -A OUTPUT -j ACCEPT # Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL). -A INPUT -p tcp --dport 80 -j ACCEPT -A INPUT -p tcp --dport 443 -j ACCEPT # Allow ports for MOSH (mobile shell) -A INPUT -p udp --dport 60000:61000 -j ACCEPT # Allow SSH connections # The -dport number should be the same port number you set in sshd_config -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT # Allow ping -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT # Log iptables denied calls -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 # Reject all other inbound - default deny unless explicitly allowed policy -A INPUT -j REJECT -A FORWARD -j REJECT COMMIT EOF iptables-restore < /etc/iptables.firewall.rules echo '#!/bin/sh' > /etc/network/if-pre-up.d/firewall echo '/sbin/iptables-restore < /etc/iptables.firewall.rules' >> /etc/network/if-pre-up.d/firewall chmod +x /etc/network/if-pre-up.d/firewall # Email me on sudo echo "Defaults mail_always" > /etc/sudoers.d/my_sudoers echo "Defaults mailto='$USER@gmail.com'" >> /etc/sudoers.d/my_sudoers chmod 440 /etc/sudoers.d/my_sudoers # Reboot server when out of memory echo -e "vm.panic_on_oom=1\nkernel.panic=10" >> /etc/sysctl.conf # Install essentials apt-get install -y build-essential zsh curl git htop ack-grep tmux vim-nox exuberant-ctags # Install databases (removed mysql and redis) apt-get install -y sqlite3 postgresql postgresql-contrib-9.1 postgresql-client memcached # Install ruby and related development libraries need for gems apt-get install -y ruby1.9.3 rubygems imagemagick libxslt-dev libxml2-dev libssl-dev libsqlite3-dev libpq-dev update-alternatives --set ruby /usr/bin/ruby1.9.1 gem install rake bundler rails tmuxinator --no-rdoc --no-ri # Setup postgresql roles su postgres -c "createuser -s $USER" # Setup user and install dotfiles su $USER -c "mv ~/.bashrc ~/.bashrc.bak" su $USER -c "git clone git://github.com/ericboehs/dotfiles.git ~/.dotfiles" su $USER -c "cd ~/.dotfiles && git submodule init && git submodule update" su $USER -c "source /etc/profile && cd ~/.dotfiles && rake install && cd ~/.dotfiles/vim && rake" su $USER -c "echo 'export GITHUB_USER=$GITHUB_USER' >> ~/.zsh/config.private" # Change default shell to zsh chsh -s /bin/zsh $USER # Manually download code repositories