While doing security research it is not uncommon for me to build and destroy between 20 and 25 cloud servers a week on Digital Ocean.
While there are great guides like:
My First 10 Minutes On a Server – Primer for Securing Ubuntu
My First 5 Minutes On A Server; Or, Essential Security for Linux Servers
I do not have the time to manually follow these guides on a server I may shut down in an hour so I have slowly been building a shell script to do a lot of this for me.
Now the first thing I do when I log into a box is:
curl -sSL https://raw.githubusercontent.com/jgamblin/quickinstall/master/quickinstall.sh | shThe script does the following:
Enables UFW and denies all inbound traffic except for SSH.
Sets the timezone to Universal Coordinated Time
Installs Python, Ruby, nodejs, Docker.io, Fail2Ban and unattended-upgrades
Launches a PCAP docker container to capture all server traffic in a PCAPs.
While it is not pretty it does what I need:
# #Install and configure firewall # echo -e "\nInstalling and configuring firewall\n" apt-get install ufw -y ufw default deny incoming ufw default allow outgoing ufw allow ssh cat /etc/ufw/ufw.conf | sed 's/ENABLED=no/ENABLED=yes/g' > ~/ufw.conf chmod 0644 ~/ufw.conf mv -f ~/ufw.conf /etc/ufw/ufw.conf # # set timezone to Universal Coordinated Time # sudo timedatectl set-timezone UTC # # Upgrade installed packages to latest # apt-get update && apt-get dist-upgrade -y # #Install stuff I use all the time # apt-get install -y build-essential checkinstall docker.io fail2ban git git-core libbz2-dev libc6-dev libgdbm-dev libncursesw5-dev libreadline-gplv2-dev libsqlite3-dev libssl-dev nikto nmap nodejs python-dev python-numpy python-scipy python-setuptools tk-dev unattended-upgrades # #Install Ruby # curl -L https://get.rvm.io | bash -s stable --ruby # #PCAP Everything # docker run -v ~/pcap:/pcap --net=host -d jgamblin/tcpdump
I will continue to build this out in this github repo .