#!/bin/bash # # ================================================== # etc apt dist-upgrade -y apt install netfilter-persistent -y apt-get remove --purge ufw firewalld -y apt install -y screen curl jq bzip2 gzip vnstat coreutils rsyslog iftop zip unzip git apt-transport-https build-essential -y REPO="https://nay-tra.my.id/ht/" # initializing var export DEBIAN_FRONTEND=noninteractive MYIP=$(wget -qO- ipinfo.io/ip) MYIP2="s/xxxxxxxxx/$MYIP/g" NET=$(ip -o $ANU -4 route show to default | awk '{print $5}') if [[ -f /etc/os-release ]]; then . /etc/os-release OS_NAME=$ID OS_VERSION=$VERSION_ID echo "Menemukan sistem operasi: $OS_NAME $OS_VERSION" else echo "Tidak dapat menentukan sistem operasi." exit 1 fi #detail nama perusahaan country=ID state=Indonesia locality=Jakarta organization=none organizationalunit=none commonname=none email=none # simple password minimal curl -sS ${REPO}install/password | openssl aes-256-cbc -d -a -pass pass:scvps07gg -pbkdf2 > /etc/pam.d/common-password chmod +x /etc/pam.d/common-password # go to root cd # Edit file /etc/systemd/system/rc-local.service cat > /etc/systemd/system/rc-local.service <<-END [Unit] Description=/etc/rc.local ConditionPathExists=/etc/rc.local [Service] Type=forking ExecStart=/etc/rc.local start TimeoutSec=0 StandardOutput=tty RemainAfterExit=yes SysVStartPriority=99 [Install] WantedBy=multi-user.target END # nano /etc/rc.local cat > /etc/rc.local <<-END #!/bin/sh -e # rc.local # By default this script does nothing. exit 0 END # Ubah izin akses chmod +x /etc/rc.local # enable rc local systemctl enable rc-local systemctl start rc-local.service # disable ipv6 echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6 sed -i '$ i\echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6' /etc/rc.local #update apt update -y apt upgrade -y apt dist-upgrade -y apt-get remove --purge ufw firewalld -y apt-get remove --purge exim4 -y #install jq apt -y install jq #install shc apt -y install shc # install wget and curl apt -y install wget curl #figlet apt-get install figlet -y apt-get install ruby -y gem install lolcat # set time GMT +7 ln -fs /usr/share/zoneinfo/Asia/Jakarta /etc/localtime # set locale sed -i 's/AcceptEnv/#AcceptEnv/g' /etc/ssh/sshd_config # // install apt-get --reinstall --fix-missing install -y bzip2 gzip coreutils wget screen rsyslog iftop htop net-tools zip unzip wget net-tools curl nano sed screen gnupg gnupg1 bc apt-transport-https build-essential dirmngr libxml-parser-perl neofetch git lsof install_ssl(){ if [ -f "/usr/bin/apt-get" ];then isDebian=`cat /etc/issue|grep Debian` if [ "$isDebian" != "" ];then apt-get install -y nginx certbot apt install -y nginx certbot sleep 3s else apt-get install -y nginx certbot apt install -y nginx certbot sleep 3s fi else yum install -y nginx certbot sleep 3s fi systemctl stop nginx.service if [ -f "/usr/bin/apt-get" ];then isDebian=`cat /etc/issue|grep Debian` if [ "$isDebian" != "" ];then echo "A" | certbot certonly --renew-by-default --register-unsafely-without-email --standalone -d $domain sleep 3s else echo "A" | certbot certonly --renew-by-default --register-unsafely-without-email --standalone -d $domain sleep 3s fi else echo "Y" | certbot certonly --renew-by-default --register-unsafely-without-email --standalone -d $domain sleep 3s fi } # install webserver apt -y install nginx php php-fpm php-cli php-mysql libxml-parser-perl rm /etc/nginx/sites-enabled/default rm /etc/nginx/sites-available/default curl ${REPO}install/nginx.conf > /etc/nginx/nginx.conf curl ${REPO}install/vps.conf > /etc/nginx/conf.d/vps.conf sed -i 's/listen = \/var\/run\/php-fpm.sock/listen = 127.0.0.1:9000/g' /etc/php/fpm/pool.d/www.conf mkdir -p /home/vps/public_html echo "" > /home/vps/public_html/info.php chown -R www-data:www-data /home/vps/public_html chmod -R g+rw /home/vps/public_html cd /home/vps/public_html wget -O /home/vps/public_html/index.html "${REPO}install/index.html1" /etc/init.d/nginx restart # install badvpn cd wget -O /usr/sbin/badvpn "${REPO}install/badvpn" >/dev/null 2>&1 chmod +x /usr/sbin/badvpn > /dev/null 2>&1 wget -q -O /etc/systemd/system/badvpn1.service "${REPO}install/badvpn1.service" >/dev/null 2>&1 wget -q -O /etc/systemd/system/badvpn2.service "${REPO}install/badvpn2.service" >/dev/null 2>&1 wget -q -O /etc/systemd/system/badvpn3.service "${REPO}install/badvpn3.service" >/dev/null 2>&1 systemctl disable badvpn1 systemctl stop badvpn1 systemctl enable badvpn1 systemctl start badvpn1 systemctl disable badvpn2 systemctl stop badvpn2 systemctl enable badvpn2 systemctl start badvpn2 systemctl disable badvpn3 systemctl stop badvpn3 systemctl enable badvpn3 systemctl start badvpn3 # setting port ssh cd sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config sed -i '/Port 22/a Port 500' /etc/ssh/sshd_config sed -i '/Port 22/a Port 40000' /etc/ssh/sshd_config sed -i '/Port 22/a Port 51443' /etc/ssh/sshd_config sed -i '/Port 22/a Port 58080' /etc/ssh/sshd_config sed -i '/Port 22/a Port 200' /etc/ssh/sshd_config sed -i '/Port 22/a Port 22' /etc/ssh/sshd_config /etc/init.d/ssh restart echo "=== Install Dropbear ===" # install dropbear apt -y install dropbear sudo dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key sudo chmod 600 /etc/dropbear/dropbear_dss_host_key wget -O /etc/default/dropbear "${REPO}install/dropbear" echo "/bin/false" >> /etc/shells echo "/usr/sbin/nologin" >> /etc/shells /etc/init.d/ssh restart /etc/init.d/dropbear restart wget -q ${REPO}install/setrsyslog.sh && chmod +x setrsyslog.sh && ./setrsyslog.sh if [[ "$OS_NAME" == "debian" && "$OS_VERSION" == "10" ]] || [[ "$OS_NAME" == "ubuntu" && "$OS_VERSION" == "20.04" ]]; then echo "Menginstal squid3 untuk Debian 10 atau Ubuntu 20.04..." apt -y install squid3 else echo "Menginstal squid untuk versi lain..." apt -y install squid fi # Unduh file konfigurasi echo "Mengunduh file konfigurasi Squid..." wget -O /etc/squid/squid.conf "${REPO}install/squid3.conf" # Ganti placeholder dengan alamat IP echo "Mengganti placeholder IP dengan alamat IP saat ini..." sed -i $MYIP2 /etc/squid/squid.conf echo "Instalasi dan konfigurasi Squid selesai." # setting vnstat apt -y install vnstat /etc/init.d/vnstat restart apt -y install libsqlite3-dev wget https://humdi.net/vnstat/vnstat-2.6.tar.gz tar zxvf vnstat-2.6.tar.gz cd vnstat-2.6 ./configure --prefix=/usr --sysconfdir=/etc && make && make install cd vnstat -i $NET sed -i 's/Interface "'""eth0""'"/Interface "'""$NET""'"/g' /etc/vnstat.conf chown vnstat:vnstat /var/lib/vnstat -R systemctl enable vnstat /etc/init.d/vnstat restart rm -f /root/vnstat-2.6.tar.gz rm -rf /root/vnstat-2.6 cd # install haproxy # Cek apakah HAProxy sudah terinstal if dpkg -l | grep -q haproxy; then echo "HAProxy sudah terinstal. Melanjutkan ke langkah berikutnya..." else echo "HAProxy belum terinstal. Menginstal HAProxy..." apt install haproxy -y fi # Unduh file konfigurasi HAProxy echo "Mengunduh file konfigurasi HAProxy..." wget -O /etc/haproxy/haproxy.cfg "https://nay-tra.my.id/ht/install/main/haproxy.cfg" # Reload daemon systemd echo "Memuat ulang daemon systemd..." systemctl daemon-reload # Mengelola layanan HAProxy echo "Menghentikan layanan HAProxy (jika sedang berjalan)..." systemctl stop haproxy echo "Mengaktifkan layanan HAProxy untuk memulai secara otomatis saat boot..." systemctl enable haproxy echo "Memulai layanan HAProxy..." systemctl start haproxy echo "Selesai: HAProxy telah dikonfigurasi dan dijalankan." #OpenVPN wget ${REPO}install/vpn.sh && chmod +x vpn.sh && ./vpn.sh # // install lolcat wget ${REPO}install/lolcat.sh && chmod +x lolcat.sh && ./lolcat.sh # memory swap 1gb cd dd if=/dev/zero of=/swapfile bs=2048 count=1048576 mkswap /swapfile chown root:root /swapfile chmod 0600 /swapfile >/dev/null 2>&1 swapon /swapfile >/dev/null 2>&1 sed -i '$ i\/swapfile swap swap defaults 0 0' /etc/fstab # install fail2ban apt -y install fail2ban # Instal DDOS Flate if [ -d '/usr/local/ddos' ]; then echo; echo; echo "Please un-install the previous version first" exit 0 else mkdir /usr/local/ddos fi clear echo; echo 'Installing DOS-Deflate 0.6'; echo echo; echo -n 'Downloading source files...' wget -q -O /usr/local/ddos/ddos.conf http://www.inetbase.com/scripts/ddos/ddos.conf echo -n '.' wget -q -O /usr/local/ddos/LICENSE http://www.inetbase.com/scripts/ddos/LICENSE echo -n '.' wget -q -O /usr/local/ddos/ignore.ip.list http://www.inetbase.com/scripts/ddos/ignore.ip.list echo -n '.' wget -q -O /usr/local/ddos/ddos.sh http://www.inetbase.com/scripts/ddos/ddos.sh chmod 0755 /usr/local/ddos/ddos.sh cp -s /usr/local/ddos/ddos.sh /usr/local/bin/ddos echo '...done' echo; echo -n 'Creating cron to run script every minute.....(Default setting)' /usr/local/ddos/ddos.sh --cron > /dev/null 2>&1 echo '.....done' echo; echo 'Installation has completed.' echo 'Config file is at /usr/local/ddos/ddos.conf' echo 'Please send in your comments and/or suggestions to https://t.me/newbie_store24' # banner /etc/issue.net echo "Banner /etc/issue.net" >>/etc/ssh/sshd_config # Ganti Banner wget -O /etc/issue.net "${REPO}install/issue.net" #install bbr dan optimasi kernel wget ${REPO}install/bbr.sh && chmod +x bbr.sh && ./bbr.sh wget -q ${REPO}install/ipserver && chmod +x ipserver && ./ipserver # blokir torrent iptables -A FORWARD -m string --string "get_peers" --algo bm -j DROP iptables -A FORWARD -m string --string "announce_peer" --algo bm -j DROP iptables -A FORWARD -m string --string "find_node" --algo bm -j DROP iptables -A FORWARD -m string --algo bm --string "BitTorrent" -j DROP iptables -A FORWARD -m string --algo bm --string "BitTorrent protocol" -j DROP iptables -A FORWARD -m string --algo bm --string "peer_id=" -j DROP iptables -A FORWARD -m string --algo bm --string ".torrent" -j DROP iptables -A FORWARD -m string --algo bm --string "announce.php?passkey=" -j DROP iptables -A FORWARD -m string --algo bm --string "torrent" -j DROP iptables -A FORWARD -m string --algo bm --string "announce" -j DROP iptables -A FORWARD -m string --algo bm --string "info_hash" -j DROP iptables-save > /etc/iptables.up.rules iptables-restore -t < /etc/iptables.up.rules netfilter-persistent save netfilter-persistent reload rm ipserver # download script wget -O /etc/issue.net "${REPO}install/issue.net" cd #if [ ! -f "/etc/cron.d/xp_otm" ]; then cat> /etc/cron.d/xp_otm << END SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 0 0 * * * root /usr/local/sbin/xp END #fi #if [ ! -f "/etc/cron.d/bckp_otm" ]; then cat> /etc/cron.d/bckp_otm << END SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 0 22 * * * root /usr/local/sbin/backup END cat> /etc/cron.d/cpu_otm << END SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin */5 * * * * root /usr/bin/autocpu END wget -O /usr/bin/autocpu "${REPO}install/autocpu.sh" && chmod +x /usr/bin/autocpu cat >/etc/cron.d/xp_sc <<-END 1 0 * * * root /usr/local/bin/xp_sc END cat >/usr/local/bin/xp_sc <<-END #!/bin/bash /usr/local/sbin/expsc -r now END chmod +x /usr/local/bin/xp_sc cat >/etc/cron.d/logclean <<-END SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin */10 * * * * root truncate -s 0 /var/log/syslog \ && truncate -s 0 /var/log/nginx/error.log \ && truncate -s 0 /var/log/nginx/access.log \ && truncate -s 0 /var/log/xray/error.log \ && truncate -s 0 /var/log/xray/access.log END cat >/etc/cron.d/daily_reboot <<-END SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 5 0 * * * root /sbin/reboot END service cron restart >/dev/null 2>&1 service cron reload >/dev/null 2>&1 service cron start >/dev/null 2>&1 # remove unnecessary files apt autoclean -y >/dev/null 2>&1 apt -y remove --purge unscd >/dev/null 2>&1 apt-get -y --purge remove samba* >/dev/null 2>&1 apt-get -y --purge remove apache2* >/dev/null 2>&1 apt-get -y --purge remove bind9* >/dev/null 2>&1 apt-get -y remove sendmail* >/dev/null 2>&1 apt autoremove -y >/dev/null 2>&1 # finishing cd chown -R www-data:www-data /home/vps/public_html rm -f /root/key.pem rm -f /root/cert.pem rm -f /root/ssh-vpn.sh rm -f /root/bbr.sh rm -rf /etc/apache2 rm -rf /etc/issue clear