beginner – UPDATED: Bash Script to configure new Debian installations

I have this bash script I worked on it and updated it, hoping to get advice and / or comment on it. code?

This script is executed directly after a new installation of Debian, make:

  • Highlight the syntax in nano,
  • Set up iptables,
  • Set up ssh,
  • Configure custom bashrc files
  • ls colors
  • Creates users on the system if necessary,
  • Check if the user has a defined password and sets it otherwise
  • Installs the non-free firmware and sets up apt with virtualbox deb file and multimedia deb sources.list.
  • Installs video and audio codecs, drives, and associated devices.
  • Set the flash for Mozilla Firefox and create a cron for weekly updates.
  • It updates the system.

There was talk of debconf but I have never heard of it.

Could you add practical, practical, or useful features to the program to set up new installations?

Is there anything in the program that I do not need?

Here is the code:

#! / bin / bash -x

shopt -s -o nounset
####### Catch signals that could stop the script
trap: SIGINT SIGQUIT SIGTERM
###################################

##################### Configuration system for sending e-mails with your google / gmail and sendmail account ##### ########### ##############
################## TODO TODO TODO TODO TODO TODO TODO TODO TODO TODO TODO TODO ################### ############ ##############


# Configuring Gmail as a sendmail messaging relay
#
#
#Introduction
#
#In this setup tutorial, we'll walk you through the sendmail configuration process as an email relay for your gmail or google apps account.
#This allows you to # send emails from your bash scripts, from your hosted website or from the command line using the mail command.
#Other examples where you can use this parameter is # for notification purposes such as failed backups, and so on.
#Sendmail is one of many utilities that can be configured to rely on a gmail account where others are #postfix, exim, ssmpt, and so on.
#In this tutorial, we will use Debian and sendmail for this task.
#Install the prerequisites
#
## CODE: apt-get to install sendmail mailutils sendmail-bin
#
# Create a Gmail authentication file
#
## CODE: mkdir -m 700 / etc / mail / authinfo /
## CODE: cd / etc / mail / authinfo /
#
#next we need to create an auth file with the following content. The file can have any name, in this example the name is gmail-auth:
#
# CODE: printf "AuthInfo:" U: root "" I: YOUR EMAIL ADDRESS GMAIL "" P: YOUR PASSWORD " n> gmail-auth
#
#Remove the email above with your email gmail or google apps.
#
# Please note that in the password example above, you must keep "P:" because it is not part of the current password.
#
# At the next step, we will need to create a hash card for the authentication file above:
#
## CODE: makemap hash gmail-auth < gmail-auth
#
#Configure your sendmail 
#
#Put bellow lines into your sendmail.mc configuration file right above first "MAILER" definition line: ######################################################
#
#define(`SMART_HOST',`[smtp.gmail.com]')dnl
#define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
#define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
#define(`confAUTH_OPTIONS', `A p')dnl
#TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
#define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
#FEATURE(`authinfo',`hash -o /etc/mail/authinfo/gmail-auth.db')dnl
#############################################################################################################################################################
#Do not put the above lines on the top of your sendmail.mc configuration file !
#
#In the next step we will need to re-build sendmail's configuration. To do that execute:
#
## CODE: make -C /etc/mail
#
#Reload sendmail service:
#
# CODE:/etc/init.d/sendmail reload
#
#and you are done.
#Configuration test
#
#Now you can send an email from your command line using mail command:
#
# CODE: echo "Just testing my sendmail gmail relay" | mail -s "Sendmail gmail Relay" "This email address is being protected from spambots."
#

######################### Trap signals and exit to send email on it #######################################################
#trap 'echo "Subject: Program finsihed execution" | sendmail -v "This email address is being protected from spambots."' exit # It will mail on normal exit
#trap 'echo "Subject: Program interrupted" | /usr/sbin/sendmail -v "This email address is being protected from spambots."' INT HUP
# it will mail on interrupt or hangup  of the process

################ Enter the working directory where all work happens ##########################################
cd "$WORK_DIR" | { echo "cd $WORK_DIR failed"; exit 127; }

# redirect all errors to a file                                                                    #### MUNA setja þetta í sshd_config="#HISTAMIN98"
if [ -w /tmp/svaka ]
then
    exec 2>debianConfigVersion5.3__ERRORS __. txt
other
echo "can not write the error file!"
exit 127
Fi
### ##################### # TODO #################################################### # TODO exec 3> cpSuccessCodes.txt ##
### ### #######


SCRIPTNAME = $ (base name "$ 0")

if [ "$UID" != 0 ]
    then
echo "This program should be started as root, coming out now ....."
to sleep 3
exit 1
Fi

if [ "$#" -eq 0 ]
then
echo "RUN AS ROOT ... Use if you want to create users: ... $ SCRIPTNAME USER_1 USER_2 USER_3 etc."
echo "If you create users, they will be set with a semi-hard password that you will have to change later as root with the passwd command"
echo
echo
echo "##################### OR ↓↓↓↓↓↓↓↓↓↓ ###### ########## ############### "
echo
echo
echo "RUN AS ROOT ... Use without creating users: $ SCRIPTNAME"
echo
to sleep 10

Fi

echo "Here begins the party!"
echo "Server configuration .......... please wait !!!!!"
to sleep 3

### ↓↓↓↓ Initializing VARIABLES ............ NEXT USE "declare VARIABLE" #####
OAUTH_TOKEN = d6637f7ccf109a0171a2f55d21b6ca43ff053616
WORK_DIR = / tmp / svaka
BASHRC = .bashrc
NANORC = .nanorc
BASHRCROOT = .bashrcroot
SOURCE = sources.list
PORT = ""

############ Orders
PWD = `pwd`

# ------------------------------------------------- ---------------------- ↓↓
export DEBIAN_FRONTEND = non-interactive
# ------------------------------------------------- ---------------------- ↑↑

###################################### make all files writable, executable and readable in the working directory #### ### ##
if ! chown -R root: root "$ WORK_DIR"
then
echo "WORK_DIR chown failure"
exit 127
Fi

if ! chmod -R 750 "$ WORK_DIR"
then
echo "chmod WORK_DIR failed"
exit 127
Fi

############################# Check if files exist and are writable ############# ############################

if [[ ! -f "$WORK_DIR"/.bashrc && ! -w "$WORK_DIR"/.bashrc ]]then
echo ".bashrc file missing or not writable .. quit now ....." && {exit 127; }
Fi
if [[ ! -f "$WORK_DIR"/.nanorc && ! -w "$WORK_DIR"/.nanorc ]]then
echo ".nanorc file missing or not writable .. quit now ....." && {exit 127; }
Fi
if [[ ! -f "$WORK_DIR"/.bashrcroot && ! -w "$WORK_DIR"/.bashrcroot ]]then
echo ".bashrcroot file missing or not writable..exit now ....." && {exit 127; }
Fi
if [[ ! -f "$WORK_DIR"/sources.list && ! -w "$WORK_DIR"/sources.list ]]then
echo "sources.list file missing or not writable..exiting now ....." && {exit 127; }
Fi

################### Check if PORT is set and if sshd_config is set and PORT is set in iptables ############# # #####
if [[ $PORT == "" ]]&& [[ ! `grep "#HISTAMIN98" /etc/ssh/sshd_config` ]]&& [[ ! `grep $PORT /etc/iptables.up.rules` ]]then
echo -n "Please select / provide the port number for ssh in the iptables installation file or the sshd_config file:"
read port ### when using the "-p" option, the value is stored in $ REPLY
PORT = $ port
Fi


################# Creating new users ###################### 1

creationNewUsers ()
{
for name in "$ @"
make
if id -u "$ name" #> / dev / null 2> & 1
then
echo "User: $ name exists .... now installing!"
to sleep 2
other
echo "User: $ name does not exist .... create now!"
useradd -m -s / bin / bash "$ name" #> / dev / null 2> & 1
to sleep 2
Fi
completed
}

### ########################## 3
################# Get users on the system ############################## #######

prepare_USERS.txt ()
{
awk -F: $ 3> = 1000 {print $ 1} & # 39; / / etc / passwd> "$ WORK_DIR" /USERS.txt

chmod 750 "$ WORK_DIR" /USERS.txt
if [[ ! -f "$WORK_DIR"/USERS.txt && ! -w "$WORK_DIR"/USERS.txt ]]then
echo "The USERS.txt file does not exist or is not writable ... it is exciting!"
to sleep 3
exit 127
Fi
#   if [[ ! "$@" == "" ]]# then
# for the user in "$ @"
#        make
# echo "$ user" >> /tmp/svaka/USERS.txt || {echo "write failure in USERS.txt"; exit 127; }
#        completed
# Fi
}
################################################# user passwords2
userPasswords ()
{
if [[ ! -f "$WORK_DIR"/USERS.txt && ! -w "$WORK_DIR"/USERS.txt ]]then
echo "The USERS.txt file does not exist or is not writable ... it is exciting!"
to sleep 3
exit 127
Fi
in user reading
make
if [ "$user" = root ]
        then
Carry on
Fi
if [[ $(passwd --status "$user" | awk '{print $2}') = NP ]]|| [[ $(passwd --status "$user" | awk '{print $2}') = L ]]then
echo "$ user does not have a password."
echo "Change password for $ user:"
to sleep 3
echo $ user: $ user "YOURSTRONGPASSWORDHERE12345Áá" | / usr / sbin / chpasswd
if [ "$?" = 0 ]
                then
echo "The password of the user $ user has been changed successfully"
to sleep 3
Fi
Fi
completed < "$WORK_DIR"/USERS.txt
}

################################################ setting up iptables ####################3
setUPiptables()
{
    #if ! grep -e '-A INPUT -p tcp --dport 80 -j ACCEPT' /etc/iptables.test.rules
    if [[ `/sbin/iptables-save | grep '^-' | wc -l` > 0]]then
echo "Iptables already set, jumping ..........!"
to sleep 2
other
if [ "$PORT" = "" ]
        then
echo "The port is not configured for iptables, configuration in progress ......."
echo -n "Port configuration now, insert port number:"
reading port
PORT = $ port
Fi
if [ ! -f /etc/iptables.test.rules ]
        then
touch /etc/iptables.test.rules
other
cat / dev / null> /etc/iptables.test.rules
Fi

cat << EOT >> /etc/iptables.test.rules
*filtered

# Allow all traffic loops (lo0) and leave all traffic at 127/8 that does not use lo0
-A INPUT -i lo -j ACCEPT
-An entrance! -i lo -d 127.0.0.0/8 -j REJECT

# Accepts all incoming connections established
-A INPUT -m state -state ESTABLISHED, RELATED -j ACCEPT

# Allow all outgoing traffic
# You can change this to allow certain traffic
-A EXIT -j ACCEPT

# Allow HTTP and HTTPS connections from anywhere (the normal ports of websites)
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -dport 443 -j ACCEPT

# Allow SSH connections
# The --dport number is the same as in / etc / ssh / sshd_config
-A INPUT -p tcp -m state -state NEW -dport $ PORT -j ACCEPT

# Now, you should read the iptables rules and determine if ssh access
# for everyone is really desired. Most likely, you will only allow access to certain IP addresses.

# Allow ping
# note that blocking other types of icmp packages is considered a bad idea by some
# remove -m icmp --icmp-type 8 of this line to allow all kinds of icmp:
# https://security.stackexchange.com/questions/22711
-A INPUT -p icmp -m icmp -icmp-type 8 -j ACCEPT

# log calls denied by iptables (access via the dmesg command)
-A INPUT -m limit --limit 5 / min -j LOG - prefix -log "iptables denied:" --log-level 7

# Reject all other incoming calls - refuse by default unless an explicitly permitted policy:
-UTILISATION -j REJECT
-Before -j REJECT

COMMIT
EOT
sed "s / ^[ t]* // "-i /etc/iptables.test.rules ## removes tabs and spaces
/ sbin / iptables-restore < /etc/iptables.test.rules || { echo "iptables-restore failed"; exit 127; }
        /sbin/iptables-save > /etc/iptables.up.rules || {echo "iptables-save failed"; exit 127; }
printf "#! / bin / bash  n / sbin / iptables-restore < /etc/iptables.up.rules" > /etc/network/if-pre-up.d/iptables ## creates a script to run iptables on startup
chmod + x /etc/network/if-pre-up.d/iptables || {echo "chmod + x failed"; exit 127; }
Fi
}

### 33 sshd_config4
setUPsshd ()
{
if grep "Port $ PORT" / etc / ssh / sshd_config
then
echo "sshd is already ready, jump!"
to sleep 3
other

if [ "$PORT" = "" ]
        then
echo "Port not defined"
to sleep 3
exit 12
Fi
users = ""
/ bin / cp -f "$ WORK_DIR" / sshd_config / etc / ssh / sshd_config
sed -i "s / Port 22300 / Port $ PORT /" / etc / ssh / sshd_config
for the user in `awk -F: $ 3> = 1000 {print $ 1} & # 39; & # 39; / etc / passwd`
make
users + = "$ {user}"
completed
if grep "AllowUsers" / etc / ssh / sshd_config
then
sed -i "/ AllowUsers / c  AllowUsers $ users" / etc / ssh / sshd_config
other
sed -i "6 a 
AllowUsers $ users "/ etc / ssh / sshd_config
Fi

chmod 644 / etc / ssh / sshd_config
/etc/init.d/ssh restart
Fi
}

##################### 3333 Clear or comment on the DVD / cd line from sources.list5
editSources ()
{
if grep & # 39; ^ # * cdrom deb: [Debian' /etc/apt/sources.list
    then
        echo "cd already commented out, skipping!"
    else
        sed -i '/deb cdrom:[Debian GNU/Linux/s/^/#/' /etc/apt/sources.list
    fi
}

####################################################33 update system6

updateSystem()
{
    apt update && apt upgrade -y
}


###############################################################7
############################# check if programs installed and/or install
checkPrograms()
{
    if [ ! -x /usr/bin/git ] && [ ! -x /usr/bin/wget ] && [ ! -x /usr/bin/curl ] && [ ! -x /usr/bin/gcc ] && [ ! -x /usr/bin/make ]
    then
echo "Some tools with which to work with data not found are now installed ......................"
to sleep 2
apt install -it git wget curl gcc make
Fi
}

### ## 3 update sources.list and install the software ######################################## ##########################
updateSources_installSoftware ()
{
if grep "deb http://www.deb-multimedia.org" /etc/apt/sources.list
then
echo "The sources are already installed, jumping!"
other
/ bin / cp -f "$ WORK_DIR" / "$ SOURCE" /etc/apt/sources.list || {echo "cp failed"; exit 127; }
chmod 644 /etc/apt/sources.list
wget http://www.deb-multimedia.org/pool/main/d/deb-multimedia-keyring/deb-multimedia-keyring_2016.8.1_all.deb || {echo "wget ​​failed"; exit 127; }
dpkg -i deb-multimedia-keyring_2016.8.1_all.deb
wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
updateSystem || {echo "update system failure"; exit 127; }
apt install -y vlc vlc-data browser-plugin-vlc mplayer youtube-dl libdvdcss2 libdvdnav4 libdvdread4 smplayer mencoder build-essential 
gstreamer1.0-libav gstreamer1.0-bad plugins gstreamer1.0-vaapi libfaac0 blade aacskeys libbdplus0 libbluray1 daring audacious-plugins 
deadbeef kodi audacity cinelerra handbrake-gtk ffmpeg amarok k3b || {echo "some software has not been installed !!!!!"; echo "some software has not been installed"; 
to sleep 10}
########################### Installing Flash in Mozilla Firefox ##################### ###########################
wget https://raw.githubusercontent.com/cybernova/fireflashupdate/master/fireflashupdate.sh || {echo "flash wget failure"; to sleep 4; exit 127; }
chmod + x fireflashupdate.sh || {echo "chmod flash failure"; to sleep 4; exit 127; }
./fireflashupdate.sh
########################## Configure update tool for weekly flash update ####### ######## ################### 3
root chown: root fireflashupdate.sh || {echo "failed flash failure"; to sleep 4; exit 127; }
/ bin / mv fireflashupdate.sh /etc/cron.weekly/fireflashupdate || {echo "the mv flash script failed"; to sleep 4; exit 127; }

Fi
}

#################### 33 CONFIGURATION PORTSENTRY ####################################################### ###########
#################### 3################################ 3 ## ######################################################################## ####### 33

setup_portsentry ()
{
if  ! grep -q <TCP_PORTS = "1,7,9,11,15,70,79 & /etc/portsentry/portsentry.conf
then
if [[ -f /etc/portsentry/portsentry.conf ]]then
/ bin / mv /etc/portsentry/portsentry.conf /etc/portsentry/portsentry.old
Fi
if [[ ! -x /usr/sbin/portsentry ]]then
apt install -y portsentry logcheck
/ bin / cp -f "$ WORK_DIR" /portsentry.conf /etc/portsentry/portsentry.conf || {echo "cp portsentry failed"; exit 127; }
/ usr / sbin / service portsentry restart || {echo "restart of the portsentry service failed"; exit 127; }
Fi
Fi
}

### ### ########################## 33
### ## 3 methods run here ↓ ######################################################################################## ####### 3
### ## ##
if [[ ! "$@" == "" ]]then
creationNewUsers "$ @"
Fi
prepare_USERS.txt
userpasswords
setUPiptables
setUPsshd
editSources
updateSystem
#setup_portsentry ###### 3 NEEDS WORK ###################################
checkPrograms
updateSources_installSoftware
### ### ##### ##### 3 ##
### ### ######## 3Methods
############################################# 3 Disable connection for www-data # ########
passwd -l www-data
firmware ###########################################
apt install -y linux-firmware-nonfree linux-firmware
apt install -y firmware-linux-free intel-microcode
to sleep 3
################ NANO SYNTAX-HIGHLIGHTING ###################### 3
if [ ! -d "$WORK_DIR"/nanorc  ]
then
if [ "$UID" != 0 ]
    then
echo "This program should be started as root, bye!"
exit 127

other
echo "Configure the Nanorc file for all users ... please, wait!"
if [[ $PWD == "$WORK_DIR" ]]then
echo "The program is in WORK_DIR ... success! ......."
other
echo "not in WORK_DIR ... TRY & # 39; cd WORK_DIR & # 39;"
cd "$ WORK_DIR" || {echo "cd failed"; exit 127; }
Fi
git clone https: // $ OAUTH_TOKEN: x-auth-basic@github.com/gnihtemoSgnihtemos/nanorc || {echo "git failed"; exit 127; }
chmod 755 "$ WORK_DIR" / nanorc || {echo "chmod nanorc failed"; exit 127; }
cd "$ WORK_DIR" / nanorc || {echo "cd failed"; exit 127; }
make install-global || {echo "make failed"; exit 127; }
/ bin / cp -f "$ WORK_DIR / $ NANORC" / etc / nanorc || {echo "cp failed"; exit 127; }
root chown: root / etc / nanorc || {echo "failed"; exit 127; }
chmod 644 / etc / nanorc || {echo "chmod failure"; exit 127; }
if [ "$?" = 0 ]
        then
echo "The implementation of a custom nanorc file succeeded!"
other
echo "The Nano configuration is NOT SUCCESSFUL!"
exit 127
Fi
echo "The nano configuration finished!"
Fi
Fi

################ LS_COLORS SETTINGS and basic file for all users ########################### ## ###
if ! grep $ eval (dircolors -b $ HOME / .dircolors) & # 39; /root/.bashrc
then
echo "bashrc root file setup .... wait please !!!"
if / bin / cp -f "$ WORK_DIR / $ BASHRCROOT" "$ HOME" /. bashrc
then
echo "Root bashrc copy reussi!"
to sleep 2
other
echo "Root bashrc cp failed, quit now!"
exit 127
Fi
root chown: root "$ HOME / .bashrc" || {echo "failed"; exit 127; }
chmod 644 "$ HOME / .bashrc" || {echo "failed to chmod"; exit 127; }
wget https://raw.github.com/trapd00r/LS_COLORS/master/LS_COLORS -O "$ HOME" /. dircolors || {echo "wget ​​failed"; exit 127; }
echo eval $ (dircolors -b $ HOME / .dircolors) & # 39; >> "$ HOME" /. bashrc || {echo "echo dircolors -b .... to bashrc failed"; exit 127; }
Fi
in user reading
make
if [ "$user" = root ]
    then
Carry on
Fi

sudo -i -u "$ user" user = "$ user" WORK_DIR = "$ WORK_DIR" BASHRC = "$ BASHRC" bash <<'EOF'
    if grep 'eval $(dircolors -b $HOME/.dircolors)' "$HOME"/.bashrc
    then
        :
    else
        echo "Setting users=Bashrc files!"
        if /bin/cp -f "$WORK_DIR"/"$BASHRC" "$HOME/.bashrc"
        then
            echo "Copy for $user (bashrc) succeeded!"
            sleep 2
        else
            echo "Couldn't cp .bashrc for user $user"
            exit 127
        fi
        chown $user:$user "$HOME/.bashrc" || { echo "chown failed"; exit 127; }
        chmod 644 "$HOME/.bashrc" || { echo "chmod failed"; exit 127; }
        wget https://raw.github.com/trapd00r/LS_COLORS/master/LS_COLORS -O "$HOME"/.dircolors || { echo "wget failed"; exit 127; }
        echo 'eval $(dircolors -b $HOME/.dircolors)' >> "$ HOME" /. bashrc
Fi
EOF
done <"$ WORK_DIR" /USERS.txt

echo "The configuration of your system is complete!"
to sleep 2
############# Restore control to these signals
trap SIGINT SIGQUIT SIGTERM
##############################
cd $ HOME || {echo "cd $ HOME failed"; exit 155; }
######### Remember that below echo to delete the installation files after installation / configuration .......
echo rm -rf / tmp / svaka || {echo "Can not delete the installation directory !!!!!!!!"; exit 155; }
exit 0