2014-06-03 11:12:38 +00:00
|
|
|
source setup/functions.sh # load our functions
|
2014-05-01 19:13:00 +00:00
|
|
|
|
2013-08-21 02:27:32 +00:00
|
|
|
# Base system configuration.
|
|
|
|
|
|
2014-05-06 13:57:11 +00:00
|
|
|
apt-get -qq update
|
|
|
|
|
apt-get -qq -y upgrade
|
2013-08-21 02:27:32 +00:00
|
|
|
|
2014-05-02 18:23:56 +00:00
|
|
|
# Install basic utilities.
|
|
|
|
|
|
2014-05-06 14:02:06 +00:00
|
|
|
apt_install python3 wget curl bind9-host
|
2014-03-16 20:50:24 +00:00
|
|
|
|
2013-08-21 02:27:32 +00:00
|
|
|
# Turn on basic services:
|
|
|
|
|
#
|
|
|
|
|
# ntp: keeps the system time correct
|
|
|
|
|
#
|
|
|
|
|
# fail2ban: scans log files for repeated failed login attempts and blocks the remote IP at the firewall
|
|
|
|
|
#
|
|
|
|
|
# These services don't need further configuration and are started immediately after installation.
|
|
|
|
|
|
2014-05-01 19:13:00 +00:00
|
|
|
apt_install ntp fail2ban
|
2013-08-21 02:27:32 +00:00
|
|
|
|
2014-05-02 02:39:45 +00:00
|
|
|
if [ -z "$DISABLE_FIREWALL" ]; then
|
|
|
|
|
# Turn on the firewall. First allow incoming SSH, then turn on the firewall.
|
|
|
|
|
# Other ports will be opened at the point where we set up those services.
|
|
|
|
|
#
|
|
|
|
|
# Various virtualized environments like Docker and some VPSs don't provide
|
|
|
|
|
# a kernel that supports iptables. To avoid error-like output in these cases,
|
|
|
|
|
# let us disable the firewall.
|
|
|
|
|
apt_install ufw
|
|
|
|
|
ufw_allow ssh;
|
|
|
|
|
ufw --force enable;
|
|
|
|
|
fi
|
