Add UFW bash installation script

Update install-bind.sh
2022-12-22 08:25:34 +01:00 · 2022-12-22 08:25:05 +01:00
6 changed files with 66 additions and 17 deletions
--- a/BashScripts/README.md
+++ b/BashScripts/README.md
@ -12,6 +12,12 @@ sudo su -c "bash <(wget -qO- https://git.myspace.nu/MySpace/Docs/raw/branch/mast
 sudo su -c "bash <(wget -qO- https://git.myspace.nu/MySpace/Docs/raw/branch/master/BashScripts/install-mysql.sh)"
 ```

+## Install UFW (and disable iptables)
+
+```bash
+sudo su -c "bash <(wget -qO- https://git.myspace.nu/MySpace/Docs/raw/branch/master/BashScripts/install-ufw.sh)"
+```
+
 ## Install Bind

 ```bash
--- a/BashScripts/install-apache.sh
+++ b/BashScripts/install-apache.sh
@ -9,7 +9,7 @@ mkdir /home/$REALUSER/www 2>>install.log &

 #apt install docker.io

-# apt update 2>>install.log &&
+apt update -qq 2>>install.log
 apt install apache2 -y 2>>install.log &&
 apt install samba -y 2>>install.log &&

--- a/BashScripts/install-bind.sh
+++ b/BashScripts/install-bind.sh
@ -6,33 +6,33 @@ if [[ $EUID -ne 0 ]]; then
 fi
 REALUSER=$(logname)

-apt update 2>>install.log
+apt update -qq 2>>install.log

-if ! ufw status | grep -q 'Status: active'; then
+ufw status >/dev/null 2>&1 || (
 	echo "Installing UFW..."
-	apt install ufw -y 2>>install.log &&
-	ufw default allow outgoing 2>>install.log &&
-	ufw default deny incoming 2>>install.log &&
-	ufw allow ssh 2>>install.log &&
+	apt install ufw -y 2>>install.log
+	ufw default allow outgoing 2>>install.log
+	ufw default deny incoming 2>>install.log
+	ufw allow ssh 2>>install.log
 	ufw enable 2>>install.log
-fi
-if nslookup 127.0.0.1 | grep -q 'command not found'; then
+)
+nslookup 127.0.0.1 >/dev/null 2>&1 || (
 	echo "Installing DNS utils..."
-	apt install dnsutils 2>>install.log
-fi
-if ! named -v | grep -q 'BIND'; then
+	apt install dnsutils -y 2>>install.log
+)
+named -v >/dev/null 2>&1 || (
 	echo "Installing BIND9..."
 	apt install bind9 -y 2>>install.log &&
-	ufw allow Bind9 -y 2>>install.log &&
+	ufw allow Bind9 2>>install.log &&
 	nslookup google.com 127.0.0.1
-fi
+)
 if ! grep -q "listen-on {" "/etc/bind/named.conf.options"; then
 	sed -i -e 's/^};/\tlisten-on { any; };\n};/mig' /etc/bind/named.conf.options
 fi
 if ! grep -q "allow-query" "/etc/bind/named.conf.options"; then
 	sed -i -e 's/^};/\tallow-query { any; };\n};/mig' /etc/bind/named.conf.options
 fi
-if ! grep -q "\tforwarders {" "/etc/bind/named.conf.options"; then
+if ! grep -q "forwarders { 1" "/etc/bind/named.conf.options"; then
 	sed -i -e 's/^};/\tforwarders { 1.1.1.1; 8.8.8.8; 8.8.4.4; };\n};/mig' /etc/bind/named.conf.options
 fi
 named-checkconf && systemctl restart bind9
--- a/BashScripts/install-mysql.sh
+++ b/BashScripts/install-mysql.sh
@ -20,10 +20,10 @@ fi
 read -e -p "Enter desired root password:" ROOTPASSWORD
 if mysql -e "SELECT user,host FROM mysql.user WHERE host = '192.168.%.%';" | grep -q 'root'; then
 	echo "Altering root user with password $ROOTPASSWORD"
-	mysql -e "ALTER USER 'root'@'192.168.%.%' IDENTIFIED BY '$ROOTPASSWORD';"
+	mysql -e "ALTER USER 'root'@'192.168.%.%' IDENTIFIED WITH mysql_native_password BY '$ROOTPASSWORD';"
 else
 	echo "Adding root user with password $ROOTPASSWORD"
-	mysql -e "CREATE USER 'root'@'192.168.%.%' IDENTIFIED BY '$ROOTPASSWORD';"
+	mysql -e "CREATE USER 'root'@'192.168.%.%' IDENTIFIED WITH mysql_native_password BY '$ROOTPASSWORD';"
 fi
 mysql -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.%.%' WITH GRANT OPTION;"
 mysql -e "FLUSH PRIVILEGES;"
--- a/BashScripts/install-ubuntu-dc.sh
+++ b/BashScripts/install-ubuntu-dc.sh
@ -8,6 +8,8 @@ if [[ $EUID -ne 0 ]]; then
 fi
 REALUSER=$(logname)

+apt update -qq 2>>install.log
+
 IP=$(ip route get 8.8.8.8 | sed -n '/src/{s/.*src *\([^ ]*\).*/\1/p;q}')
 GATEWAY=$(/sbin/ip route | awk '/default/ { print $3 }')
 OS_VERSION=$(grep -oP 'VERSION_ID="\K[\d.]+' /etc/os-release)
--- a/BashScripts/install-ufw.sh
+++ b/BashScripts/install-ufw.sh
@ -0,0 +1,41 @@
+# Install using: sudo su -c "bash <(wget -qO- /url/to/install-ufw.sh)"
+
+# Make sure script is ran as root
+if [[ $EUID -ne 0 ]]; then
+	exec sudo /bin/bash "$0" "$@"
+fi
+REALUSER=$(logname)
+
+apt update -qq 2>>install.log
+
+iptables --list >/dev/null 2>&1 && (
+	echo "Disabling iptables..."
+	# Accept all traffic first to avoid ssh lockdown  via iptables firewall rules #
+	iptables -P INPUT ACCEPT
+	iptables -P FORWARD ACCEPT
+	iptables -P OUTPUT ACCEPT
+	# Flush All Iptables Chains/Firewall rules #
+	iptables -F
+	# Delete all Iptables Chains #
+	iptables -X
+	# Flush all counters too #
+	iptables -Z 
+	# Flush and delete all nat and  mangle #
+	iptables -t nat -F
+	iptables -t nat -X
+	iptables -t mangle -F
+	iptables -t mangle -X
+	iptables -t raw -F
+	iptables -t raw -X
+)
+
+ufw status >/dev/null 2>&1 || (
+	echo "Installing UFW..."
+	apt install ufw -y 2>>install.log
+	ufw default allow outgoing 2>>install.log
+	ufw default deny incoming 2>>install.log
+	ufw allow ssh 2>>install.log
+	ufw enable 2>>install.log
+)
+
+echo 'Installation complete'
Author	SHA1	Message	Date
Johan	32afd217a9	Add UFW bash installation script	2022-12-22 08:25:34 +01:00
Johan	8f69ccf45b	Update install-bind.sh	2022-12-22 08:25:05 +01:00