External/du_setup
1
0
Fork 0
mirror of https://github.com/buildplan/du_setup.git synced 2025-12-29 16:14:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
321009e1e5e044644c53e967fa7687630211c5af
du_setup/README.md
buildplan 316d3804f7 Update README.md
2025-06-26 21:51:07 +01:00

115 lines
3.2 KiB
Markdown
Raw Blame History

## Debian & Ubuntu Server Setup & Hardening Script
**Version:** 3.8
**Last Updated:** 2025-06-26
**Compatible With:**
- Debian 12 (Bookworm)
- Ubuntu 20.04 LTS, 22.04 LTS, 24.04 LTS
---
## 📌 Overview
This script automates the secure provisioning and hardening of a fresh Debian or Ubuntu server. It covers essential system settings, user management, SSH hardening, firewall configuration, and optional installation of Docker and Tailscale.
It is designed to be **idempotent**, **safe**, and suitable for **production environments**.
---
## ⚙️ Features
- Root login disabled, new admin user creation
- SSH key-based login support and key detection
- UFW firewall configuration with custom port support
- SSH and system configuration backup and rollback safety
- Timezone and swap file setup
- Optional installation of:
- Docker & Docker Compose
- Tailscale (Mesh VPN)
- Logging to `/var/log/`
- Optional quiet mode for automated scripts
---
## 📥 Installation & Usage
### 1. Download the script
```
wget https://raw.githubusercontent.com/buildplan/setup_harden_server/refs/heads/main/setup_harden_debian_ubuntu.sh
chmod +x setup_harden_debian_ubuntu.sh
````
### 2. Run the script as root
```
sudo ./setup_harden_debian_ubuntu.sh
```
### 3. Optional: Run in quiet mode
```
sudo ./setup_harden_debian_ubuntu.sh --quiet
```
> 🔒 The script must be run as root (or with sudo privileges).
---
## 📂 What It Does
| Task | Description |
| ----------------------------- | ---------------------------------------------- |
| Admin User Creation | Creates new sudo user with password or SSH key |
| SSH Hardening | Disables root login, adjusts secure options |
| Firewall | UFW setup with customisable ports |
| Package Installation | Essential tools (curl, fail2ban, etc.) |
| System Config Backup | Creates backups before making changes |
| Swap File Setup | Creates a swap file with size selection |
| Timezone Selection | Interactive timezone configuration |
| Docker & Tailscale (optional) | Only installed when prompted |
---
## 🪵 Logs & Backups
* **Logs:** `/var/log/setup_harden_debian_ubuntu_*.log`
* **Config Backups:** `/root/setup_harden_backup_*`
* **SSHD Backup:** Restorable from the backup directory in case of issues
---
## 🧪 Tested On
* Debian 12
* Ubuntu 24.04
* VMs, and common VPS providers (OCI, DigitalOcean, etc.)
---
## ❗ Important Notes
* Always test in a VM or staging VPS before using in production.
* Run this script before setting up anything else on brand new VM/VPS.
* Ensure you have console or out-of-band access in case SSH becomes inaccessible.
* A system **reboot is recommended** after running the script.
---
## 🛠 Troubleshooting
* **SSH Locked Out?** Use the server console and restore:
```
cp /root/setup_harden_backup_*/sshd_config /etc/ssh/sshd_config
systemctl restart ssh
```
* **No internet?** The script requires internet access to install packages.
---
## 📝 License
This script is open-source and provided "as is" without warranty.
Use at your own risk.
Reference in New Issue View Git Blame Copy Permalink