#!/bin/bash # Original script by : github repo - fornesia, rzengineer and fawzya # Modified by : FordSenpai # ================================================== # Initializing Var export DEBIAN_FRONTEND=noninteractive OS=`uname -m`; MYIP=$(wget -qO- ipv4.icanhazip.com); MYIP2="s/xxxxxxxxx/$MYIP/g"; # Root Directory cd # Disable IPV6 echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6 sed -i '$ i\echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6' /etc/rc.local # Install wget and curl apt-get update;apt-get -y install wget curl; # Local Time Manila ln -fs /usr/share/zoneinfo/Asia/Manila /etc/localtime # Local Configuration sed -i 's/AcceptEnv/#AcceptEnv/g' /etc/ssh/sshd_config service ssh restart # Update apt-get update # Install Essential Packages apt-get -y install nano iptables dnsutils openvpn screen whois ngrep unzip unrar echo "clear" >> .bashrc echo 'echo -e "\e[0m "' >> .bashrc echo 'echo -e "\e[94m :::::::::: :::::::: ::::::::: :::::::: "' >> .bashrc echo 'echo -e "\e[94m :+: :+: :+: :+: :+: :+: :+: "' >> .bashrc echo 'echo -e "\e[94m +:+ +:+ +:+ +:+ +:+ +:+ +:+ "' >> .bashrc echo 'echo -e "\e[94m +#+#+#+#: +#+ +#: +#+ #+#++: +#+ +:+ "' >> .bashrc echo 'echo -e "\e[94m +#+ +#+ +#+ +#+ +#+ +#+ +#+ "' >> .bashrc echo 'echo -e "\e[94m #+# #+# #+# #+# #+# #+# #+# "' >> .bashrc echo 'echo -e "\e[94m ### ######## ### ### ######## "' >> .bashrc echo 'echo -e "\e[91m VPS Script by FordSenpai "' >> .bashrc echo 'echo -e "\e[0m"' >> .bashrc echo 'echo -e "\e[92m [accounts/options/server] "' >> .bashrc echo 'echo -e "\e[0m "' >> .bashrc # Install WebServer apt-get -y install nginx # WebServer Configuration cd rm /etc/nginx/sites-enabled/default rm /etc/nginx/sites-available/default wget -O /etc/nginx/nginx.conf "https://raw.githubusercontent.com/johndesu090/AutoScriptDeb8/master/Files/Nginx/nginx.conf" mkdir -p /home/vps/public_html echo "

AutoScriptVPS by FordSenpai

" > /home/vps/public_html/index.html echo "

For More Info Visit My Github Repository

" >> /home/vps/public_html/index.html echo "

You Can Also Contact Me at Facebook and Youtube

" >> /home/vps/public_html/index.html wget -O /etc/nginx/conf.d/vps.conf "https://raw.githubusercontent.com/johndesu090/AutoScriptDeb8/master/Files/Nginx/vps.conf" service nginx restart # Install OpenVPN apt-get -y install openvpn easy-rsa openssl iptables cp -r /usr/share/easy-rsa/ /etc/openvpn mkdir /etc/openvpn/easy-rsa/keys sed -i 's|export KEY_COUNTRY="US"|export KEY_COUNTRY="PH"|' /etc/openvpn/easy-rsa/vars sed -i 's|export KEY_PROVINCE="CA"|export KEY_PROVINCE="Tarlac"|' /etc/openvpn/easy-rsa/vars sed -i 's|export KEY_CITY="SanFrancisco"|export KEY_CITY="Tarlac"|' /etc/openvpn/easy-rsa/vars sed -i 's|export KEY_ORG="Fort-Funston"|export KEY_ORG="JohnFordTV"|' /etc/openvpn/easy-rsa/vars sed -i 's|export KEY_EMAIL="me@myhost.mydomain"|export KEY_EMAIL="exodia090@gmail.com"|' /etc/openvpn/easy-rsa/vars sed -i 's|export KEY_OU="MyOrganizationalUnit"|export KEY_OU="JohnFordTV"|' /etc/openvpn/easy-rsa/vars sed -i 's|export KEY_NAME="EasyRSA"|export KEY_NAME="FirdSenpai"|' /etc/openvpn/easy-rsa/vars sed -i 's|export KEY_OU=changeme|export KEY_OU=FordSenpai|' /etc/openvpn/easy-rsa/vars # Create Diffie-Helman Pem openssl dhparam -out /etc/openvpn/dh2048.pem 2048 # Create PKI cd /etc/openvpn/easy-rsa cp openssl-1.0.0.cnf openssl.cnf . ./vars ./clean-all export EASY_RSA="${EASY_RSA:-.}" "$EASY_RSA/pkitool" --initca $* # Create key server export EASY_RSA="${EASY_RSA:-.}" "$EASY_RSA/pkitool" --server server # Setting KEY CN export EASY_RSA="${EASY_RSA:-.}" "$EASY_RSA/pkitool" client # cp /etc/openvpn/easy-rsa/keys/{server.crt,server.key,ca.crt} /etc/openvpn cd cp /etc/openvpn/easy-rsa/keys/server.crt /etc/openvpn/server.crt cp /etc/openvpn/easy-rsa/keys/server.key /etc/openvpn/server.key cp /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn/ca.crt # Setting Server cd /etc/openvpn/ wget "https://raw.githubusercontent.com/johndesu090/AutoScriptDeb8/master/Files/OpenVPN/server.conf" # set time GMT +8 ln -fs /usr/share/zoneinfo/Asia/Manila /etc/localtime # Create OpenVPN Config cd mkdir -p /home/vps/public_html cd /home/vps/public_html/ wget "https://raw.githubusercontent.com/johndesu090/AutoScriptDeb8/master/Files/OpenVPN/client.ovpn" sed -i $MYIP2 /home/vps/public_html/client.ovpn; echo '' >> /home/vps/public_html/client.ovpn cat /etc/openvpn/ca.crt >> /home/vps/public_html/client.ovpn echo '' >> /home/vps/public_html/client.ovpn wget "https://raw.githubusercontent.com/johndesu090/AutoScriptDeb8/master/Files/OpenVPN/clientssl.ovpn" sed -i $MYIP2 /home/vps/public_html/clientssl.ovpn; echo '' >> /home/vps/public_html/clientssl.ovpn cat /etc/openvpn/ca.crt >> /home/vps/public_html/clientssl.ovpn echo '' >> /home/vps/public_html/clientssl.ovpn wget "https://raw.githubusercontent.com/johndesu090/AutoScriptDeb8/master/Files/Stunnel%20Client/stunnel.conf" sed -i $MYIP2 /home/vps/public_html/stunnel.conf; cd /home/vps/public_html/ tar -czf /home/vps/public_html/client.tar.gz client.ovpn clientssl.ovpn stunnel.conf cd # Restart OpenVPN /etc/init.d/openvpn restart # Setting UFW apt-get install ufw ufw allow ssh ufw allow 3306/tcp sed -i 's|DEFAULT_INPUT_POLICY="DROP"|DEFAULT_INPUT_POLICY="ACCEPT"|' /etc/default/ufw sed -i 's|DEFAULT_FORWARD_POLICY="DROP"|DEFAULT_FORWARD_POLICY="ACCEPT"|' /etc/default/ufw cd /etc/ufw/ wget "https://raw.githubusercontent.com/johndesu090/AutoScriptDeb8/master/Files/OpenVPN/before.rules" cd ufw enable ufw status ufw disable # set ipv4 forward echo 1 > /proc/sys/net/ipv4/ip_forward sed -i 's|#net.ipv4.ip_forward=1|net.ipv4.ip_forward=1|' /etc/sysctl.conf # Install BadVPN cd wget -O /usr/bin/badvpn-udpgw "https://github.com/johndesu090/AutoScriptDeb8/raw/master/Files/BadVPN/badvpn-udpgw" if [ "$OS" == "x86_64" ]; then wget -O /usr/bin/badvpn-udpgw "https://github.com/johndesu090/AutoScriptDeb8/raw/master/Files/BadVPN/badvpn-udpgw64" fi sed -i '$ i\screen -AmdS badvpn badvpn-udpgw --listen-addr 127.0.0.1:7300' /etc/rc.local chmod +x /usr/bin/badvpn-udpgw screen -AmdS badvpn badvpn-udpgw --listen-addr 127.0.0.1:7300 # SSH Configuration cd sed -i '/Port 22/a Port 144' /etc/ssh/sshd_config sed -i '/Port 22/a Port 81' /etc/ssh/sshd_config sed -i 's/Port 22/Port 22/g' /etc/ssh/sshd_config service ssh restart # Install Dropbear apt-get -y install busybox dropbear* sed -i 's/NO_START=1/NO_START=0/g' /etc/default/dropbear sed -i 's/DROPBEAR_PORT=22/DROPBEAR_PORT=442/g' /etc/default/dropbear sed -i 's/DROPBEAR_EXTRA_ARGS=/DROPBEAR_EXTRA_ARGS="-p 82 -p 142"/g' /etc/default/dropbear echo "/bin/false" >> /etc/shells echo "/usr/sbin/nologin" >> /etc/shells service ssh restart service dropbear restart # Install Squid3 cd apt-get -y install squid3 wget -O /etc/squid/squid.conf "https://raw.githubusercontent.com/johndesu090/AutoScriptDeb8/master/Files/Squid/squid3.conf" sed -i $MYIP2 /etc/squid/squid.conf; service squid restart # Install WebMin cd apt-get -y install webmin sed -i 's/ssl=1/ssl=0/g' /etc/webmin/miniserv.conf service webmin restart # Install Stunnel apt-get -y install stunnel4 cd /etc/stunnel/ openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -sha256 -subj '/CN=127.0.0.1/O=localhost/C=US' -keyout /etc/stunnel/stunnel.pem -out /etc/stunnel/stunnel.pem sudo touch stunnel.conf echo "client = no" > /etc/stunnel/stunnel.conf echo "pid = /var/run/stunnel.pid" >> /etc/stunnel/stunnel.conf echo "[openvpn]" >> /etc/stunnel/stunnel.conf echo "accept = 444" >> /etc/stunnel/stunnel.conf echo "connect = 127.0.0.1:1194" >> /etc/stunnel/stunnel.conf echo "cert = /etc/stunnel/stunnel.pem" >> /etc/stunnel/stunnel.conf sudo sed -i -e 's/ENABLED=0/ENABLED=1/g' /etc/default/stunnel4 iptables -A INPUT -p tcp --dport 444 -j ACCEPT sudo cp /etc/stunnel/stunnel.pem ~ echo "client = yes\ndebug = 6\n[openvpn]\naccept = 127.0.0.1:3306\nconnect = $IPADDRESS:444\nTIMEOUTclose = 0\nverify = 0\nsni = m.facebook.com" > /var/www/html/stunnel.conf service stunnel4 restart # Install Fail2Ban apt-get -y install fail2ban; service fail2ban restart # Install DDOS Deflate cd apt-get -y install dnsutils dsniff wget "https://github.com/johndesu090/AutoScriptDeb8/raw/master/Files/Others/ddos-deflate-master.zip" unzip ddos-deflate-master.zip cd ddos-deflate-master ./install.sh cd rm -rf ddos-deflate-master.zip # Banner rm /etc/issue.net wget -O /etc/issue.net "https://raw.githubusercontent.com/johndesu090/AutoScriptDeb8/master/Files/Others/issue.net" sed -i 's@#Banner@Banner@g' /etc/ssh/sshd_config sed -i 's@DROPBEAR_BANNER=""@DROPBEAR_BANNER="/etc/issue.net"@g' /etc/default/dropbear service ssh restart service dropbear restart # XML Parser cd apt-get -y --force-yes -f install libxml-parser-perl # Setting Iptables cat > /etc/iptables.up.rules <<-END *nat :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -j SNAT --to-source xxxxxxxxx -A POSTROUTING -o eth0 -j MASQUERADE -A POSTROUTING -s 192.168.100.0/24 -o eth0 -j MASQUERADE -A POSTROUTING -s 10.1.0.0/24 -o eth0 -j MASQUERADE COMMIT *filter :INPUT ACCEPT [19406:27313311] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [9393:434129] :fail2ban-ssh - [0:0] -A FORWARD -i eth0 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i ppp0 -o eth0 -j ACCEPT -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh -A INPUT -p ICMP --icmp-type 8 -j ACCEPT -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT -A INPUT -p tcp --dport 142 -m state --state NEW -j ACCEPT -A INPUT -p tcp --dport 144 -m state --state NEW -j ACCEPT -A INPUT -p tcp --dport 143 -m state --state NEW -j ACCEPT -A INPUT -p tcp --dport 109 -m state --state NEW -j ACCEPT -A INPUT -p tcp --dport 110 -m state --state NEW -j ACCEPT -A INPUT -p tcp --dport 444 -m state --state NEW -j ACCEPT -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT -A INPUT -p tcp --dport 3306 -m state --state NEW -j ACCEPT -A INPUT -p udp --dport 3306 -m state --state NEW -j ACCEPT -A INPUT -p tcp --dport 1732 -m state --state NEW -j ACCEPT -A INPUT -p udp --dport 1732 -m state --state NEW -j ACCEPT -A INPUT -p tcp --dport 1194 -m state --state NEW -j ACCEPT -A INPUT -p udp --dport 1194 -m state --state NEW -j ACCEPT -A INPUT -p tcp --dport 3128 -m state --state NEW -j ACCEPT -A INPUT -p udp --dport 3128 -m state --state NEW -j ACCEPT -A INPUT -p tcp --dport 7300 -m state --state NEW -j ACCEPT -A INPUT -p udp --dport 7300 -m state --state NEW -j ACCEPT -A INPUT -p tcp --dport 3355 -m state --state NEW -j ACCEPT -A INPUT -p udp --dport 3355 -m state --state NEW -j ACCEPT -A INPUT -p tcp --dport 10000 -m state --state NEW -j ACCEPT -A fail2ban-ssh -j RETURN COMMIT *raw :PREROUTING ACCEPT [158575:227800758] :OUTPUT ACCEPT [46145:2312668] COMMIT *mangle :PREROUTING ACCEPT [158575:227800758] :INPUT ACCEPT [158575:227800758] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [46145:2312668] :POSTROUTING ACCEPT [46145:2312668] COMMIT END sed -i $MYIP2 /etc/iptables.up.rules; iptables-restore < /etc/iptables.up.rules cat > /etc/rc.local <<-END #!/bin/sh -e exit 0 END chmod +x /etc/rc.local sed -i '$ i\echo "nameserver 8.8.8.8" > /etc/resolv.conf' /etc/rc.local sed -i '$ i\echo "nameserver 8.8.4.4" >> /etc/resolv.conf' /etc/rc.local sed -i '$ i\iptables-restore < /etc/iptables.up.rules' /etc/rc.local # Install Screenfetch apt-get -y install lsb-release scrot wget -O screenfetch "https://raw.githubusercontent.com/johndesu090/AutoScriptDeb8/master/Files/Others/screenfetch" chmod +x screenfetch # Download Commands cd /usr/bin wget https://github.com/johndesu090/AutoScriptDeb8/raw/master/Files/Menu/Menu.tar.gz tar -xzvf Menu.tar.gz rm Menu.tar.gz sed -i -e 's/\r$//' accounts sed -i -e 's/\r$//' bench-network sed -i -e 's/\r$//' clearcache sed -i -e 's/\r$//' connections sed -i -e 's/\r$//' create sed -i -e 's/\r$//' create_random sed -i -e 's/\r$//' create_trial sed -i -e 's/\r$//' delete_expired sed -i -e 's/\r$//' diagnose sed -i -e 's/\r$//' edit_dropbear sed -i -e 's/\r$//' edit_openssh sed -i -e 's/\r$//' edit_openvpn sed -i -e 's/\r$//' edit_ports sed -i -e 's/\r$//' edit_squid3 sed -i -e 's/\r$//' edit_stunnel4 sed -i -e 's/\r$//' locked_list sed -i -e 's/\r$//' menu sed -i -e 's/\r$//' options sed -i -e 's/\r$//' ram sed -i -e 's/\r$//' reboot_sys sed -i -e 's/\r$//' reboot_sys_auto sed -i -e 's/\r$//' restart_services sed -i -e 's/\r$//' server sed -i -e 's/\r$//' set_multilogin_autokill sed -i -e 's/\r$//' set_multilogin_autokill_lib sed -i -e 's/\r$//' show_ports sed -i -e 's/\r$//' speedtest sed -i -e 's/\r$//' user_delete sed -i -e 's/\r$//' user_details sed -i -e 's/\r$//' user_details_lib sed -i -e 's/\r$//' user_extend sed -i -e 's/\r$//' user_list sed -i -e 's/\r$//' user_lock sed -i -e 's/\r$//' user_unlock # AutoReboot Tools echo "10 0 * * * root /usr/local/bin/reboot_sys" > /etc/cron.d/reboot_sys echo "0 1 * * * root delete_expired" > /etc/cron.d/delete_expired echo "*0 */2 * * * root clearcache" > /etc/cron.d/clearcache # Set Permissions cd /usr/bin chmod +x create chmod +x accounts chmod +x create chmod +x create_random chmod +x create_trial chmod +x user_list chmod +x user_details chmod +x user_details_lib chmod +x user_extend chmod +x user_delete chmod +x user_lock chmod +x user_unlock chmod +x connections chmod +x delete_expired chmod +x locked_list chmod +x options chmod +x set_multilogin_autokill chmod +x set_multilogin_autokill_lib chmod +x restart_services chmod +x edit_ports chmod +x show_ports chmod +x edit_openssh chmod +x edit_dropbear chmod +x edit_stunnel4 chmod +x edit_openvpn chmod +x edit_squid3 chmod +x reboot_sys chmod +x reboot_sys_auto chmod +x clearcache chmod +x server chmod +x ram chmod +x diagnose chmod +x bench-network chmod +x speedtest # Finishing cd chown -R www-data:www-data /home/vps/public_html service nginx start service openvpn restart service cron restart service ssh restart service dropbear restart service squid3 restart service webmin restart rm -rf ~/.bash_history && history -c rm -f /root/AutoScriptDebian echo "unset HISTFILE" >> /etc/profile # grep ports opensshport="$(netstat -ntlp | grep -i ssh | grep -i 0.0.0.0 | awk '{print $4}' | cut -d: -f2)" dropbearport="$(netstat -nlpt | grep -i dropbear | grep -i 0.0.0.0 | awk '{print $4}' | cut -d: -f2)" stunnel4port="$(netstat -nlpt | grep -i stunnel | grep -i 0.0.0.0 | awk '{print $4}' | cut -d: -f2)" openvpnport="$(netstat -nlpt | grep -i openvpn | grep -i 0.0.0.0 | awk '{print $4}' | cut -d: -f2)" squidport="$(cat /etc/squid3/squid.conf | grep -i http_port | awk '{print $2}')" nginxport="$(netstat -nlpt | grep -i nginx| grep -i 0.0.0.0 | awk '{print $4}' | cut -d: -f2)" # Info clear echo -e "" echo -e "\e[94m[][][]======================================[][][]" echo -e "\e[0m " echo -e "\e[94m AutoScriptVPS by FordSenpai " echo -e "\e[94m https://facebook.com/johndesu090 " echo -e "\e[94m Services " echo -e "\e[94m " echo -e "\e[94m OpenSSH : "$opensshport echo -e "\e[94m Dropbear : "$dropbearport echo -e "\e[94m SSL : "$stunnel4port echo -e "\e[94m OpenVPN : "3306 echo -e "\e[94m Port Squid : "3355 echo -e "\e[94m Nginx : "$nginxport echo -e "\e[94m " echo -e "\e[94m Other Features Included " echo -e "\e[94m " echo -e "\e[94m Timezone : Asia/Manila (GMT +7) " echo -e "\e[94m Webmin : http://$MYIP:10000/ " echo -e "\e[94m IPV6 : [OFF] " echo -e "\e[94m Cron Scheduler : [ON] " echo -e "\e[94m Fail2Ban : [ON] " echo -e "\e[94m DDOS Deflate : [ON] " echo -e "\e[94m LibXML Parser : {ON] " echo -e "\e[0m " echo -e "\e[94m[][][]======================================[][][]\e[0m" echo -e "\e[0m " read -n1 -r -p " Press Any Key To Show Commands " menu cd