Add UFW bash installation script

2022-12-22 08:25:34 +01:00 · 2022-12-22 08:25:34 +01:00 · 32afd217a9
commit 32afd217a9
parent 8f69ccf45b
5 changed files with 52 additions and 3 deletions
--- a/BashScripts/README.md
+++ b/BashScripts/README.md
@ -12,6 +12,12 @@ sudo su -c "bash <(wget -qO- https://git.myspace.nu/MySpace/Docs/raw/branch/mast
 sudo su -c "bash <(wget -qO- https://git.myspace.nu/MySpace/Docs/raw/branch/master/BashScripts/install-mysql.sh)"
 ```

+## Install UFW (and disable iptables)
+
+```bash
+sudo su -c "bash <(wget -qO- https://git.myspace.nu/MySpace/Docs/raw/branch/master/BashScripts/install-ufw.sh)"
+```
+
 ## Install Bind

 ```bash
--- a/BashScripts/install-apache.sh
+++ b/BashScripts/install-apache.sh
@ -9,7 +9,7 @@ mkdir /home/$REALUSER/www 2>>install.log &

 #apt install docker.io

-# apt update 2>>install.log &&
+apt update -qq 2>>install.log
 apt install apache2 -y 2>>install.log &&
 apt install samba -y 2>>install.log &&

--- a/BashScripts/install-mysql.sh
+++ b/BashScripts/install-mysql.sh
@ -20,10 +20,10 @@ fi
 read -e -p "Enter desired root password:" ROOTPASSWORD
 if mysql -e "SELECT user,host FROM mysql.user WHERE host = '192.168.%.%';" | grep -q 'root'; then
 	echo "Altering root user with password $ROOTPASSWORD"
-	mysql -e "ALTER USER 'root'@'192.168.%.%' IDENTIFIED BY '$ROOTPASSWORD';"
+	mysql -e "ALTER USER 'root'@'192.168.%.%' IDENTIFIED WITH mysql_native_password BY '$ROOTPASSWORD';"
 else
 	echo "Adding root user with password $ROOTPASSWORD"
-	mysql -e "CREATE USER 'root'@'192.168.%.%' IDENTIFIED BY '$ROOTPASSWORD';"
+	mysql -e "CREATE USER 'root'@'192.168.%.%' IDENTIFIED WITH mysql_native_password BY '$ROOTPASSWORD';"
 fi
 mysql -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.%.%' WITH GRANT OPTION;"
 mysql -e "FLUSH PRIVILEGES;"
--- a/BashScripts/install-ubuntu-dc.sh
+++ b/BashScripts/install-ubuntu-dc.sh
@ -8,6 +8,8 @@ if [[ $EUID -ne 0 ]]; then
 fi
 REALUSER=$(logname)

+apt update -qq 2>>install.log
+
 IP=$(ip route get 8.8.8.8 | sed -n '/src/{s/.*src *\([^ ]*\).*/\1/p;q}')
 GATEWAY=$(/sbin/ip route | awk '/default/ { print $3 }')
 OS_VERSION=$(grep -oP 'VERSION_ID="\K[\d.]+' /etc/os-release)
--- a/BashScripts/install-ufw.sh
+++ b/BashScripts/install-ufw.sh
@ -0,0 +1,41 @@
+# Install using: sudo su -c "bash <(wget -qO- /url/to/install-ufw.sh)"
+
+# Make sure script is ran as root
+if [[ $EUID -ne 0 ]]; then
+	exec sudo /bin/bash "$0" "$@"
+fi
+REALUSER=$(logname)
+
+apt update -qq 2>>install.log
+
+iptables --list >/dev/null 2>&1 && (
+	echo "Disabling iptables..."
+	# Accept all traffic first to avoid ssh lockdown  via iptables firewall rules #
+	iptables -P INPUT ACCEPT
+	iptables -P FORWARD ACCEPT
+	iptables -P OUTPUT ACCEPT
+	# Flush All Iptables Chains/Firewall rules #
+	iptables -F
+	# Delete all Iptables Chains #
+	iptables -X
+	# Flush all counters too #
+	iptables -Z 
+	# Flush and delete all nat and  mangle #
+	iptables -t nat -F
+	iptables -t nat -X
+	iptables -t mangle -F
+	iptables -t mangle -X
+	iptables -t raw -F
+	iptables -t raw -X
+)
+
+ufw status >/dev/null 2>&1 || (
+	echo "Installing UFW..."
+	apt install ufw -y 2>>install.log
+	ufw default allow outgoing 2>>install.log
+	ufw default deny incoming 2>>install.log
+	ufw allow ssh 2>>install.log
+	ufw enable 2>>install.log
+)
+
+echo 'Installation complete'