#!/bin/bash # 10/04/2024 ## Checklist ## # - Install useful tools # - Disable UFW (with Ubuntu) or Firewalld (CentOS) # - Disable SELinux # - Permit root login via SSH # - Grant execution permission for the rc.local script # - Disable Pstate # - Fix CentOS 6 repo os=$(grep "^ID=" /etc/os-release | cut -d '=' -f2 | tr -d '"') version=$(grep "VERSION_ID=" /etc/os-release | cut -d '=' -f2 | tr -d '"') publicIP=$(curl ipinfo.io/ip) cpuInfo=$(lscpu | egrep 'Model name|Socket|^CPU$s$' | tr -s " ") memoryInfo=$(free -mh | grep Mem | awk '{print $2}' | tr -s " ") diskInfo=$(df -h / --output=size | tail -1 | tr -s " ") centPackage=("tcpdump" "telnet" "net-tools" "vim" "screen" "bind-utils" "epel-release" "jq" "smartmontools") ubtPackage=("tcpdump" "telnet" "vim" "iptables-persistent" "jq" "smartmontools") echo "=== Server Info Summary ===" echo -e "$cpuInfo \nRam: $memoryInfo \nRoot: $diskInfo \nOS: $os - $version" sleep 5 clear sleep 1 # Permit root login via SSH sed -i.bak '/PermitRootLogin/d' /etc/ssh/sshd_config echo "PermitRootLogin yes" >> /etc/ssh/sshd_config # Add additional SSH configuration echo "=== Add additional SSH configuration ===" grep -qxF '# KeepAlive Options' /etc/ssh/sshd_config || echo -e "\n# KeepAlive Options" >> /etc/ssh/sshd_config grep -qxF 'UseDNS no' /etc/ssh/sshd_config || echo "UseDNS no" >> /etc/ssh/sshd_config grep -qxF 'ClientAliveInterval 0' /etc/ssh/sshd_config || echo "ClientAliveInterval 0" >> /etc/ssh/sshd_config grep -qxF 'ClientAliveCountMax 0' /etc/ssh/sshd_config || echo "ClientAliveCountMax 0" >> /etc/ssh/sshd_config grep -qxF 'GSSAPIAuthentication no' /etc/ssh/sshd_config || echo "GSSAPIAuthentication no" >> /etc/ssh/sshd_config # Restart SSH service to apply new configurations if systemctl is-active --quiet sshd; then echo "Restarting sshd..." systemctl restart sshd elif systemctl is-active --quiet ssh; then echo "Restarting ssh..." systemctl restart ssh else echo "Neither sshd nor ssh is active." fi pstate=$(grep "intel_pstate=disable" /etc/default/grub) if [[ $pstate == "" ]]; then echo 'GRUB_CMDLINE_LINUX_DEFAULT="intel_pstate=disable"' >> /etc/default/grub fi case $os in "ubuntu") ufw disable &> /dev/null apt update -y apt install psmisc -y apt install htop -y apt upgrade -y systemctl stop chronyd systemctl disable chronyd grub-mkconfig -o /boot/grub/grub.cfg for i in "${ubtPackage[@]}"; do apt install $i -y; done ;; "centos") if [[ $version == "6" ]]; then mv /etc/yum.repos.d/CentOS* /root/ touch /etc/yum.repos.d/CISP.repo cat < /etc/yum.repos.d/CISP.repo [CISP] name=CISP Repository baseurl=http://mirror.cisp.com/CentOS/6/os/x86_64/ enabled=1 gpgcheck=1 gpgkey=http://mirror.cisp.com/CentOS/6/os/x86_64/RPM-GPG-KEY-CentOS-6 EOF elif [[ $version == "7" ]]; then # Xử lý cho CentOS 7 mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak cat < /etc/yum.repos.d/CentOS-Base.repo [base] name=CentOS-\$releasever - Base baseurl=https://mirror.vietnix.vn/centos-vault/7.9.2009/os/\$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 [updates] name=CentOS-\$releasever - Updates baseurl=https://mirror.vietnix.vn/centos-vault/7.9.2009/updates/\$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 [extras] name=CentOS-\$releasever - Extras baseurl=https://mirror.vietnix.vn/centos-vault/7.9.2009/extras/\$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 [centosplus] name=CentOS-\$releasever - Plus baseurl=https://mirror.vietnix.vn/centos-vault/7.9.2009/centosplus/\$basearch/ gpgcheck=1 enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 EOF # Vô hiệu hóa SELinux sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config setenforce 0 # Dừng và vô hiệu hóa các dịch vụ không cần thiết systemctl stop firewalld systemctl disable firewalld systemctl mask firewalld systemctl stop chronyd systemctl disable chronyd # Cập nhật hệ thống và cài đặt các gói cần thiết yum update -y yum install -y psmisc htop wget net-tools vim # Tạo file cấu hình GRUB mới [ -d /sys/firmware/efi ] && grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg || grub2-mkconfig -o /boot/grub2/grub.cfg # Cấp quyền thực thi cho rc.local chmod +x /etc/rc.local # Cài đặt các gói từ mảng `centPackage` nếu có for i in "${centPackage[@]}"; do yum install -y $i done else systemctl stop firewalld systemctl disable firewalld systemctl mask --now firewalld systemctl stop chronyd systemctl disable chronyd yum update -y yum install psmisc -y yum install htop -y yum upgrade -y [ -d /sys/firmware/efi ] && grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg || grub2-mkconfig -o /boot/grub2/grub.cfg # Grant execution permission for rc.local script chmod +x /etc/rc.local sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config for i in "${centPackage[@]}"; do yum install $i -y; done fi ;; *) echo "OS not supported" ;; esac echo "=== Disable chrony ===" systemctl disable chronyd.service systemctl stop chronyd.service clear echo "=== Check internet connections ===" dig @8.8.8.8 google.com +noall +answer &> /dev/null if [[ $? != 0 ]]; then echo "Cannot resolve google.com. Check UDP connection" else echo "UDP connection working fine" fi echo "" ### Check international traffic request_ID=$(curl -s -H "Accept: application/json" https://check-host.net/check-ping\?host\=$publicIP\&max_nodes\=3 | jq -r '."request_id"') sleep 10 result=$(curl -s -H "Accept: application/json" https://check-host.net/check-result/$request_ID) list_host=$(jq 'keys | .[]' <<< $result) while IFS= read -r line; do OK=$(echo $result | jq ".$line" | grep "OK" | wc -l) echo "Host: $line === $OK/4" done <<< "$list_host" # Clear bash history and truncate wtmp file history -c history -w truncate -s 0 /var/log/wtmp echo "Bash history cleared and wtmp file truncated." ### Reboot block ### echo -e "\n\n\n\n" echo "Your server will reboot in 5 seconds" sleep 1 echo "Your server will reboot in 4 seconds" sleep 1 echo "Your server will reboot in 3 seconds" sleep 1 echo "Your server will reboot in 2 seconds" sleep 1 echo "Your server will reboot in 1 second" sleep 1 /sbin/reboot