Kanu/Test
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7b1e511b5e738934b0524e2fc26eb5bbb1a3c21d
Test/scripts/bootstrap_ubuntu_lxc_security.sh
T

95 lines
2.4 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
if [[ "${EUID}" -ne 0 ]]; then
echo "Bitte als root ausführen (z. B. mit sudo)."
exit 1
fi
export DEBIAN_FRONTEND=noninteractive
APT_PACKAGES=(
apt-transport-https
ca-certificates
curl
wget
gnupg
lsb-release
software-properties-common
jq
unzip
git
vim
htop
tmux
ufw
fail2ban
unattended-upgrades
apt-listchanges
needrestart
auditd
rsyslog
logrotate
)
NODE_MAJOR="20"
CODEx_NPM_PACKAGE="@openai/codex"
echo "[1/8] Paketindex aktualisieren..."
apt-get update -y
echo "[2/8] Basispakete installieren..."
apt-get install -y "${APT_PACKAGES[@]}"
echo "[3/8] Automatische Sicherheitsupdates aktivieren..."
dpkg-reconfigure -f noninteractive unattended-upgrades || true
cat > /etc/apt/apt.conf.d/20auto-upgrades <<'AUTOU'
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
AUTOU
echo "[4/8] Fail2ban konfigurieren..."
if [[ -f /opt/bootstrap/config/fail2ban/jail.local ]]; then
install -m 0644 /opt/bootstrap/config/fail2ban/jail.local /etc/fail2ban/jail.local
elif [[ -f "$(dirname "$0")/../config/fail2ban/jail.local" ]]; then
install -m 0644 "$(dirname "$0")/../config/fail2ban/jail.local" /etc/fail2ban/jail.local
fi
systemctl enable fail2ban || true
systemctl restart fail2ban || true
echo "[5/8] UFW Basisregeln setzen (SSH, HTTP, HTTPS)..."
ufw allow OpenSSH || true
ufw allow 80/tcp || true
ufw allow 443/tcp || true
ufw --force enable || true
echo "[6/8] Node.js ${NODE_MAJOR} installieren..."
if ! command -v node >/dev/null 2>&1; then
mkdir -p /etc/apt/keyrings
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_${NODE_MAJOR}.x nodistro main" > /etc/apt/sources.list.d/nodesource.list
apt-get update -y
apt-get install -y nodejs
fi
echo "[7/8] npm aktualisieren und Codex CLI installieren..."
npm install -g npm@latest
npm install -g "${CODEx_NPM_PACKAGE}"
echo "[8/8] Dienste prüfen..."
systemctl enable unattended-upgrades || true
systemctl restart unattended-upgrades || true
systemctl enable auditd || true
systemctl restart auditd || true
echo
node --version || true
npm --version || true
fail2ban-client status || true
echo "Fertig. Empfohlen: SSH-Härtung und Benutzerrechte zusätzlich prüfen."
Reference in New Issue View Git Blame Copy Permalink