#!/usr/bin/env bash # # install mcp # # set -o errexit set -o pipefail set -o nounset # installing dependencies apt update && apt upgrade -y && apt autoremove -y apt remove ubuntu-advantage-tools -y apt install -y ca-certificates curl gnupg mkdir -p /etc/apt/keyrings curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_18.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list apt update && apt install -y nodejs git unzip curl ca-certificates gnupg ufw fail2ban cockpit software-properties-common systemctl start cockpit # # configure ufw and start ufw # # ufw allow ssh ufw allow 9090/tcp service ufw start echo "y" | ufw enable # # configure fail2ban for seacure ssh and start fail2ban # # cat > /etc/fail2ban/jail.local << EOF [default] # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not # ban a host which matches an address in this list. Several addresses can be # defined using space separator. ignoreip = 127.0.0.1/8 # "bantime" is the number of seconds that a host is banned. bantime = 3600 banaction = ufw # The length of time between login attempts before a ban is set. # For example, if Fail2ban is set to ban an IP after five (3) failed log-in attempts, # those 3 attempts must occur within the set 10-minute findtime limit. # The findtime value should be a set number of seconds. findtime = 600 maxretry = 5 [ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth-fail2ban.log EOF cp resources/fail2ban/filter.d/* /etc/fail2ban/filter.d touch /var/log/fail2ban.log service fail2ban start echo -e "mcp installed"