hanif
4/3/2017 - 8:32 AM

Ubuntu 16.04 Provisioning Script

Ubuntu 16.04 Provisioning Script

provisioning.txt
content_copyfile_download
sudo apt update
sudo apt upgrade
adduser --disabled-password --gecos "" deploy
usermod -aG sudo deploy
mkdir -p /home/deploy/.ssh
touch /home/deploy/.ssh/authorized_keys
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDwMwu5N+5/QOS+vr+tL5QyFIo9mimbIb6lMzXAO6nPVNUexttZvHzoMYIxaQPXneLpbFwSE2OX7qGZ3L2Iz9ITi/uXVCeWPVJTe9hG5jITgXTFwqKzsYuaGTsYwR3dUNOMMCeqAQDLFMn5mkxfnKCj7h45dH/QHyKrAtj8flop8ZpSUw/sBC9vpIXiSlH50cOetdZ9O5NEcjZbuqKezCoQydrgG4L4ON1H7LyWLLTQazjPvg/fSDkUtPhglNzBqhbs+zcgnzFwAs7HHUzFvoxRc9eVqYiX5Hv4Prhq1aAfc0OKSEP92HVg8r/2/mCaPU7HfjfzvpErhu0DHMcQ8fgHGLxKk72qI4LXGKvplEEqio3H7Thb6cVsLt35P6RlE0/222XJsldlfr5gwljYD/VM4CyKBT5abBw4DOki2N2LhtFfeoPXxqxK8QeUvCE6nHPk58zKtnf1tl7vgpzCRrLU5gwk29+kFVj9VQjlln1O8XF9tCq9oyK4Y/u59gjU8u2LfaFiR3NdBJ3tuW6d2bovTmvfCuhgt9clELaN8QILtLn+CO637PsOv6T1hd7pJzJrpw3jwAx+bxnv1qt9oVOPe0dMUOEEf3KeRZQzO41sAeB8RQE6km7xHhR7rBmvRqdUeLDvdIZnWfKBRM34WeORCZCyTK4BPGy+0gdl459lww== hanif@github" >> /home/deploy/.ssh/authorized_keys
chown -R deploy:deploy /home/deploy/.ssh
chmod 0700 /home/deploy/.ssh
echo "deploy ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers

echo "
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile	%h/.ssh/authorized_keys
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
AllowUsers deploy
" > /etc/ssh/sshd_config
chmod 0644 /etc/ssh/sshd_config
service ssh reload

apt install vim nginx curl gcc g++ build-essential zip unzip bcrypt mcrypt imagemagick uuid golang nodejs python-software-properties software-properties-common docker.io letsencrypt git autoconf bison libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev

ufw default deny incoming
ufw allow ssh
ufw allow http
ufw allow https
systemctl enable ufw
systemctl start ufw