A huge bash script for installing and securing debian based multi purpose webserver

The scripts lets you interactively perform the installation of a full web-server stack including the most common security packages, monitoring tools, etc. for debian (wheezy).

It is intended to be use as the basement for a "real full stack" node.js line of business application framework i am currently working on.

The script is still in pre alpha phase.

There are certainly a lot of improvements to do, so please try it, use it and maybe contribute to it.

Security is a big issue and no one can cope with it on his/ her own.

So please, don't leave me alone in my cold, dark chamber and provide some feedback.

Thanks guys.

Install a minimal debian (wheezy) system on a virtual or dedicated host (only ssh and system tools). connect with winscp or putty, login as root. put the configureserver.sh script in your root folder and

chmod 777 configureserver.sh
./configureserver.sh

tip: enable export LS_OPTIONS='--color=auto' in your .bashrc file to get colored output

tip: the root folder contains some nice .rc files

• avoid bash language issues by switching locals to en-us for better support on search matching and english command options
• provides a huge black-list of suspicious servers/ domains
• chooses the fastest mirror
• reminds you on setting the "A" & "MX" record, ssl ports, etc.
• takes you step by step through a whole production setup:
  • Ajenti
  • FreeSWICH
  • NFSD
  • PHP Tools
  • SELinux
  • Tripwire
  • Zpanel
  • adminer
  • apache
  • apparmor
  • apt-cacher
  • apt-listchanges
  • bash-completition
  • bind9
  • cache (not yet)
  • clamav
  • courier
  • ddclient
  • denyhosts
  • exim
  • force strong passwords
  • fwbuilder
  • icinga-web
  • iptables
  • java
  • l7-protocols
  • libapache-mod-evasive
  • libapache-mod-security
  • libvirt + kvm
  • logrotate
  • logwatch
  • lxc
  • mailman
  • memcached
  • misc. packers
  • moint
  • mono
  • munin
  • mysql/ mariadb - secures mysql automatically, removes annonimous users, disables remote login, etc.
  • nginx
  • nmap
  • npm
  • opcode
  • openssh - ease adding users to groups
  • openvpn
  • perl
  • php
  • php5-mysqld
  • phpmyadmin
  • postfix
  • proftpd
  • psad
  • puppet
  • pure-ftpd
  • python
  • rkhunter
  • ruby rake rack gems bundler
  • samba
  • shorewall
  • smartmontools
  • spamassassin
  • subversion
  • sudo
  • systemd
  • unattended-upgrades
  • update-manager
  • user quota (may have issues)
  • vim
  • virtualbox
  • webfonts
  • webmin

• testing
• better separation of daemons -> own users
• review and setting of minimal privileges/ access rights
• more detailed configuration
  • esp. domain & mail related stuff
• rephrase some hints
• add more comments to source
• improve vlan and ip v6 support
• (better) error logging, esp. easily overridden errors on sed, grep etc.
• more color