-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathsetup.sh
More file actions
executable file
·132 lines (115 loc) · 3.04 KB
/
setup.sh
File metadata and controls
executable file
·132 lines (115 loc) · 3.04 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
#!/bin/bash
set -euo pipefail
# Prevent interactive prompts during package installation
export DEBIAN_FRONTEND=noninteractive
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
log() {
echo -e "${GREEN}[$(date +'%Y-%m-%dT%H:%M:%S%z')] $1${NC}"
}
error() {
echo -e "${RED}[ERROR] $1${NC}"
exit 1
}
warn() {
echo -e "${YELLOW}[WARN] $1${NC}"
}
# Check if running as root
if [[ $EUID -ne 0 ]]; then
error "This script must be run as root"
fi
# 1. System Updates
log "Updating system packages..."
apt-get update && apt-get upgrade -y
# 2. Install Essential Tools
log "Installing essential tools..."
apt-get install -y \
curl \
git \
ufw \
fail2ban \
unzip \
jq \
software-properties-common
# 3. Install Docker & Docker Compose
if ! command -v docker &> /dev/null; then
log "Installing Docker..."
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh
rm get-docker.sh
# Enable Docker to start on boot
systemctl enable docker
systemctl start docker
else
log "Docker already installed. Skipping..."
fi
# 4. Configure Firewall (UFW)
log "Configuring UFW firewall..."
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw allow 80/tcp
ufw allow 443/tcp
# Allow custom agent port if needed (default 8080 for agent)
ufw allow 8080/tcp
# Enable UFW non-interactively
if ! ufw status | grep -q "Status: active"; then
echo "y" | ufw enable
log "UFW enabled."
else
log "UFW already enabled."
fi
# 5. Configure Fail2Ban
log "Configuring Fail2Ban..."
# Create a local configuration to avoid overwriting defaults
if [ ! -f /etc/fail2ban/jail.local ]; then
cat > /etc/fail2ban/jail.local <<EOF
[DEFAULT]
bantime = 1h
findtime = 10m
maxretry = 5
[sshd]
enabled = true
EOF
systemctl restart fail2ban
log "Fail2Ban configured and restarted."
else
log "Fail2Ban configuration exists. Skipping..."
fi
# 6. Setup Log Rotation for Docker Containers
log "Configuring Docker log rotation..."
# Create daemon.json if it doesn't exist
if [ ! -f /etc/docker/daemon.json ]; then
cat > /etc/docker/daemon.json <<EOF
{
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
}
}
EOF
systemctl restart docker
log "Docker configured with log rotation."
else
warn "/etc/docker/daemon.json exists. Please manually verify log rotation settings."
fi
# 7. Create Dedicated User (Optional but recommended)
AGENT_USER="agent-runner"
if ! id "$AGENT_USER" &>/dev/null; then
log "Creating dedicated user: $AGENT_USER"
useradd -m -s /bin/bash "$AGENT_USER"
usermod -aG docker "$AGENT_USER"
log "User $AGENT_USER created and added to docker group."
else
log "User $AGENT_USER already exists."
fi
log "Setup complete! Please log out and log back in (or switch to $AGENT_USER) to use Docker without sudo."
log "To deploy your agent:"
log " 1. Switch to user: su - $AGENT_USER"
log " 2. Clone repo: git clone <your-repo-url>"
log " 3. Configure .env"
log " 4. Run: docker compose up -d"