{"id":27969621,"url":"https://github.com/koompi/vps-tools","last_synced_at":"2026-06-19T06:32:52.496Z","repository":{"id":291724370,"uuid":"978548593","full_name":"koompi/vps-tools","owner":"koompi","description":"initial vps sec setup scrip","archived":false,"fork":false,"pushed_at":"2025-05-06T07:44:28.000Z","size":20,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-08-11T04:02:07.843Z","etag":null,"topics":["cloud","koompi","linux","vps"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/koompi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-05-06T06:47:02.000Z","updated_at":"2025-05-08T05:51:10.000Z","dependencies_parsed_at":"2025-05-06T08:35:45.284Z","dependency_job_id":"784b32f3-8a60-47cb-b62c-268a3db6721f","html_url":"https://github.com/koompi/vps-tools","commit_stats":null,"previous_names":["koompi/vps-tools"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/koompi/vps-tools","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/koompi%2Fvps-tools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/koompi%2Fvps-tools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/koompi%2Fvps-tools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/koompi%2Fvps-tools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/koompi","download_url":"https://codeload.github.com/koompi/vps-tools/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/koompi%2Fvps-tools/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34520431,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-19T02:00:06.005Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud","koompi","linux","vps"],"created_at":"2025-05-07T21:49:40.492Z","updated_at":"2026-06-19T06:32:52.477Z","avatar_url":"https://github.com/koompi.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# VPS Initial Setup Script\n\nA comprehensive bash script to secure and set up a new VPS (Virtual Private Server) on providers like Contabo, DigitalOcean, Linode, Vultr, etc. This script follows security best practices to harden your server against common threats.\n\n## Features\n\n- **Cross-Distribution Compatibility**\n  - Works on Debian/Ubuntu, RHEL/CentOS/Fedora, Arch Linux, and openSUSE\n  - Automatically detects the distribution and adapts configurations\n  - Uses appropriate package managers (apt, dnf/yum, pacman, zypper)\n  - Handles distribution-specific paths and service names\n- **System Updates and Package Management**\n  - Updates system packages using the native package manager\n  - Installs essential security and utility packages\n  - Handles package availability differences between distributions\n- **Team Access Management**\n  - Multiple SSH key support\n  - Create multiple user accounts for team members\n  - Individual SSH key management for each team member\n  - Configurable sudo privileges for team members\n- **Secure SSH Configuration**\n  - Custom SSH port\n  - Disable root login\n  - Strong ciphers and algorithms\n  - Public key authentication support\n- **Firewall Configuration**\n  - UFW for Debian and Arch-based systems\n  - firewalld for RHEL and SUSE-based systems\n  - Proper integration with fail2ban\n- **Intrusion Prevention with fail2ban**\n  - Customized for each distribution\n  - Proper log path detection\n  - Integration with the appropriate firewall\n- **Automatic Security Updates**\n  - unattended-upgrades for Debian/Ubuntu\n  - dnf-automatic for RHEL/CentOS/Fedora\n  - systemd timers for Arch and SUSE\n- **System Hardening**\n  - Secure shared memory\n  - Disable core dumps\n  - Secure sysctl settings\n- **Timezone and Hostname Configuration**\n\n## Requirements\n\n- A fresh VPS with any of these Linux distributions:\n  - Debian-based: Ubuntu, Debian, Linux Mint, Pop!\\_OS, etc.\n  - Red Hat-based: RHEL, CentOS, Fedora, Rocky Linux, AlmaLinux, etc.\n  - Arch-based: Arch Linux, Manjaro, EndeavourOS, etc.\n  - SUSE-based: openSUSE, SLES, etc.\n- Root access to the server\n\n## Usage\n\n1. Upload the script to your server:\n\n```bash\nscp vps_setup.sh root@your_server_ip:/root/\n```\n\n2. Connect to your server:\n\n```bash\nssh root@your_server_ip\n```\n\n3. Make the script executable:\n\n```bash\nchmod +x vps_setup.sh\n```\n\n4. Run the script:\n\n```bash\n./vps_setup.sh\n```\n\n5. Follow the prompts to configure your server.\n\n## Configuration Options\n\nDuring setup, you'll be prompted for the following information:\n\n- **Username**: Name for the new admin user\n- **SSH Port**: Custom port for SSH (default: 22)\n- **Timezone**: Server timezone (default: UTC)\n- **Hostname**: Server hostname (default: server)\n- **SSH Public Keys**: Multiple SSH public keys for team access (optional)\n- **Team Accounts**: Whether to create additional user accounts for team members\n- **Automatic Updates**: Whether to enable automatic security updates\n- **Fail2ban**: Whether to set up intrusion prevention\n- **UFW Firewall**: Whether to configure the firewall\n\n### Team Access Configuration\n\nIf you choose to create team member accounts, you'll be prompted for:\n\n- **Number of team members**: How many additional accounts to create\n- **Username** for each team member\n- **Sudo privileges** for each team member (yes/no)\n- **SSH public key** for each team member (optional)\n\nThe script will generate random passwords for all users and display them at the end of the setup process.\n\n## After Installation\n\nAfter running the script, you should:\n\n1. Log in with your new user account\n2. Change the default password immediately\n3. Share login credentials securely with team members\n4. Consider additional security measures:\n   - Set up logwatch email notifications\n   - Configure additional firewall rules as needed\n   - Set up regular backups\n   - Install and configure additional security tools\n\n### Managing Team Access\n\nAfter the initial setup, you can manage team access using these commands:\n\n#### Adding a New Team Member\n\n```bash\n# Create a new user account\nsudo adduser username\n\n# Add to sudo group (if needed)\nsudo usermod -aG sudo username\n\n# Create SSH directory and set permissions\nsudo mkdir -p /home/username/.ssh\nsudo chmod 700 /home/username/.ssh\nsudo touch /home/username/.ssh/authorized_keys\nsudo chmod 600 /home/username/.ssh/authorized_keys\nsudo chown -R username:username /home/username/.ssh\n\n# Add SSH key\necho \"ssh-rsa AAAA...\" | sudo tee -a /home/username/.ssh/authorized_keys\n```\n\n#### Removing a Team Member\n\n```bash\n# Remove user account and home directory\nsudo deluser --remove-home username\n\n# Or keep the home directory\nsudo deluser username\n```\n\n#### Revoking SSH Access Without Removing the Account\n\n```bash\n# Remove or comment out the user's key in their authorized_keys file\nsudo nano /home/username/.ssh/authorized_keys\n```\n\n## Security Considerations\n\nThis script implements several security best practices:\n\n- **No Root Login**: Disables direct root login via SSH\n- **Secure SSH**: Uses strong ciphers and algorithms\n- **Firewall**: Blocks all incoming connections except SSH\n- **Fail2ban**: Blocks IP addresses after multiple failed login attempts\n- **System Hardening**: Configures various kernel parameters for security\n- **Automatic Updates**: Keeps the system updated with security patches\n- **Team Access Management**:\n  - Individual user accounts with separate SSH keys\n  - Granular sudo privilege control\n  - Easy to add/remove team members\n\n### Team Access Security Best Practices\n\nWhen managing a server with multiple team members, consider these additional security practices:\n\n1. **Principle of Least Privilege**: Only grant sudo access to team members who absolutely need it\n2. **Regular Access Audits**: Periodically review who has access to your server\n3. **SSH Key Rotation**: Have team members rotate their SSH keys periodically\n4. **Access Logging**: Monitor and review login attempts and system access\n5. **Offboarding Process**: Have a clear process for removing access when team members leave\n\n## Customization\n\nYou can modify the script to suit your specific needs:\n\n- Add additional firewall rules\n- Install specific packages\n- Configure additional services\n- Adjust security parameters\n\n## Troubleshooting\n\nIf you encounter issues:\n\n1. **SSH Connection Issues**: Verify the SSH port and firewall settings\n2. **User Creation Problems**: Check if the user already exists\n3. **Firewall Blocking**: Temporarily disable UFW with `ufw disable`\n\n## Contributing\n\nContributions are welcome! Please feel free to submit a Pull Request.\n\n## License\n\nThis script is released under the MIT License.\n\n## Disclaimer\n\nThis script is provided as-is without any warranty. Always test in a non-production environment first and ensure you have backups before making significant changes to your server.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkoompi%2Fvps-tools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkoompi%2Fvps-tools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkoompi%2Fvps-tools/lists"}