first commit

2 files changed, 246 insertions, 0 deletions

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..a5af902
--- /dev/null
+++ b/README.md
@@ -0,0 +1,120 @@
+# Server Setup Script
+
+A bash script to automate the initial setup of a Linux server with essential security configurations and tools.
+
+## Features
+
+- Creates a new user with sudo privileges
+- Sets up SSH key authentication for the new user
+- Updates system packages
+- Installs essential packages (ufw, fail2ban, htop, curl, wget, git, unzip)
+- Configures UFW firewall with SSH access
+- Sets up and starts Fail2Ban for intrusion prevention
+
+## Prerequisites
+
+- Root or sudo access on the target server
+- SSH keys already set up in `~/.ssh/authorized_keys` (optional but recommended)
+- Ubuntu/Debian-based Linux distribution
+
+## Usage
+
+1. Make the script executable:
+   ```bash
+   chmod +x serversetup.sh
+   ```
+
+2. Run the script with a username parameter:
+   ```bash
+   ./serversetup.sh <username>
+   ```
+
+   Example:
+   ```bash
+   ./serversetup.sh john
+   ```
+
+## What the Script Does
+
+### 1. User Management
+- Creates a new user account with the provided username
+- Adds the user to the sudo group for administrative privileges
+
+### 2. SSH Configuration
+- Creates `.ssh` directory for the new user
+- Copies existing SSH authorized keys to the new user (if available)
+- Sets proper permissions (700 for `.ssh`, 600 for `authorized_keys`)
+
+### 3. System Updates
+- Updates package lists
+- Upgrades all installed packages to latest versions
+
+### 4. Package Installation
+- **ufw**: Uncomplicated Firewall for easy firewall management
+- **fail2ban**: Intrusion prevention system
+- **htop**: Interactive process viewer
+- **curl**: Command-line tool for transferring data
+- **wget**: Network downloader
+- **git**: Version control system
+- **unzip**: Archive extraction utility
+
+### 5. Security Configuration
+- Configures UFW firewall to allow SSH connections
+- Enables UFW firewall
+- Enables and starts Fail2Ban service
+
+## Security Notes
+
+- The script allows SSH access through the firewall by default
+- Fail2Ban is configured with default settings to prevent brute force attacks
+- SSH key authentication is set up if keys are available
+- The new user has sudo privileges - ensure you trust this user
+
+## Customization
+
+You can modify the script to:
+- Install additional packages by adding them to the `apt install` line
+- Configure additional UFW rules
+- Customize Fail2Ban configuration by creating custom jail files
+
+## Troubleshooting
+
+### Common Issues
+
+1. **"Could not copy SSH keys" warning**
+   - This occurs if `~/.ssh/authorized_keys` doesn't exist
+   - You can manually set up SSH keys later
+
+2. **Permission denied errors**
+   - Ensure you're running the script with sudo privileges
+   - Check that the script is executable (`chmod +x serversetup.sh`)
+
+3. **Package installation failures**
+   - Ensure internet connectivity
+   - Try running `sudo apt update` manually first
+
+### Verification
+
+After running the script, verify the setup:
+
+```bash
+# Check if new user exists
+id <username>
+
+# Check UFW status
+sudo ufw status
+
+# Check Fail2Ban status
+sudo systemctl status fail2ban
+
+# Test SSH access with new user
+ssh <username>@<server-ip>
+```
+
+## License
+
+This script is provided as-is for educational and administrative purposes. Use at your own risk.
+
+## Contributing
+
+Feel free to submit issues or pull requests to improve this script.
diff --git a/serversetup.sh b/serversetup.sh
new file mode 100755
index 0000000..c6ce17d
--- /dev/null
+++ b/serversetup.sh
@@ -0,0 +1,126 @@
+# serversetup.sh
+#!/bin/bash
+
+# Check if username parameter is provided
+if [ -z "$1" ]; then
+    echo "Usage: $0 <username>"
+    echo "Please provide a username for the new user account"
+    exit 1
+fi
+
+USERNAME="$1"
+echo "Setting up server for user: $USERNAME"
+
+# Add new user
+sudo adduser "$USERNAME"
+sudo usermod -aG sudo "$USERNAME"
+# Set up SSH for the new user
+echo "Setting up SSH keys for $USERNAME..."
+sudo mkdir -p /home/"$USERNAME"/.ssh
+sudo cp ~/.ssh/authorized_keys /home/"$USERNAME"/.ssh/ 2>/dev/null || {
+    echo "Warning: Could not copy SSH keys. Make sure ~/.ssh/authorized_keys exists"
+}
+sudo chown -R "$USERNAME":"$USERNAME" /home/"$USERNAME"/.ssh
+sudo chmod 700 /home/"$USERNAME"/.ssh
+sudo chmod 600 /home/"$USERNAME"/.ssh/authorized_keys 2>/dev/null
+
+# Update the system
+echo "Updating system packages..."
+sudo apt update && sudo apt upgrade -y
+
+# Install necessary packages
+echo "Installing essential packages..."
+sudo apt install -y ufw fail2ban htop curl wget git unzip \
+    software-properties-common apt-transport-https ca-certificates
+
+# Enable and start UFW
+echo "Configuring UFW firewall..."
+sudo ufw default deny incoming
+sudo ufw default allow outgoing
+sudo ufw allow OpenSSH
+sudo ufw allow 80/tcp   # HTTP
+sudo ufw allow 443/tcp  # HTTPS
+sudo ufw --force enable  # --force prevents interactive prompt
+sudo ufw status
+
+
+# Set up swap file (if not exists)
+echo "Checking swap configuration..."
+if ! swapon --show | grep -q "/swapfile"; then
+    echo "Creating swap file..."
+    sudo fallocate -l 2G /swapfile
+    sudo chmod 600 /swapfile
+    sudo mkswap /swapfile
+    sudo swapon /swapfile
+    echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
+    echo "vm.swappiness=10" | sudo tee -a /etc/sysctl.conf
+else
+    echo "Swap already configured"
+fi
+
+# Configure SSH security
+echo "Hardening SSH configuration..."
+sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
+sudo sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
+sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
+sudo sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config
+sudo sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/' /etc/ssh/sshd_config
+sudo sed -i 's/X11Forwarding yes/X11Forwarding no/' /etc/ssh/sshd_config
+
+# Install and configure Fail2Ban
+echo "Setting up Fail2Ban..."
+sudo systemctl enable fail2ban
+sudo systemctl start fail2ban
+
+# Create custom fail2ban jail for SSH
+sudo tee /etc/fail2ban/jail.local > /dev/null <<EOF
+[DEFAULT]
+bantime = 1h
+findtime = 10m
+maxretry = 3
+
+[sshd]
+enabled = true
+port = ssh
+filter = sshd
+logpath = /var/log/auth.log
+maxretry = 3
+bantime = 1h
+EOF
+
+sudo systemctl restart fail2ban
+sudo systemctl status fail2ban --no-pager
+
+# Set up basic system monitoring
+echo "Setting up system monitoring..."
+# Create a simple system info script
+sudo tee /usr/local/bin/sysinfo > /dev/null <<'EOF'
+#!/bin/bash
+echo "=== System Information ==="
+echo "Hostname: $(hostname)"
+echo "Uptime: $(uptime -p)"
+echo "Load: $(cat /proc/loadavg)"
+echo "Memory: $(free -h | grep Mem | awk '{print $3 "/" $2}')"
+echo "Disk: $(df -h / | tail -1 | awk '{print $3 "/" $2 " (" $5 " used)"}')"
+echo "Active connections: $(ss -tuln | wc -l)"
+echo "Failed login attempts (last 10): $(grep "Failed password" /var/log/auth.log | tail -10 | wc -l)"
+EOF
+
+sudo chmod +x /usr/local/bin/sysinfo
+
+# Restart SSH service to apply security changes
+echo "Restarting SSH service to apply security settings..."
+sudo systemctl restart sshd
+
+echo "Server setup completed successfully!"
+echo "New user '$USERNAME' has been created with sudo privileges"
+echo "SSH keys have been copied (if available)"
+echo "Firewall and Fail2Ban are now active"
+echo "Automatic security updates are enabled"
+echo "SSH has been hardened (password auth disabled, root login disabled)"
+echo "Swap file created (2GB)"
+echo ""
+echo "Run 'sysinfo' to check system status"
+echo ""
+echo "IMPORTANT: Test SSH connection with new user before logging out!"
+echo "Connect with: ssh $USERNAME@<server-ip>"