m724/vpsmusthave
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
48 commits 1 branch 0 tags 99 KiB
Find a file
Exact
m724 97a6c0a92b
 Modernize 
- Improved readme
- Removed Docker tools
- Gemini-improved Debian secure.sh
2025-11-22 19:14:32 +01:00
alpine Update alpine/alpine-secure.sh 2025-08-09 20:28:28 +02:00
debian Modernize 2025-11-22 19:14:32 +01:00
freebsd Update freebsd/freebsd-secure.sh 2025-08-06 18:10:41 +02:00
README.md Modernize 2025-11-22 19:14:32 +01:00
variables Modernize 2025-11-22 19:14:32 +01:00

README.md

Useful scripts for common tasks for VPSes

(!) No guarantee the scripts will work, run only if you're able to revert or on a clean system.

Requirements

  • Tested on Debian 13, Alpine 3.21, FreeBSD 14.3
  • Working internet
  • Root permissions; scripts must be executed as root (sudo is fine)
  • if virtualized, it must be Full virtualization (e.g. KVM) and NOT OS-level virtualization (e.g. container, OpenVZ, LXC)

Tutorial

  1. CLONE this repo
  2. Fill in variables
  3. Run a script or scripts
    IMPORTANT: you must run this from the root (cloned repo) directory, that is ./debian/debian-secure.sh and as root

Scripts

  • tor-repo.sh - Adds the Tor repo.

  • secure.sh:

    • Creates a user
    • disallows root and password login
    • creates a WireGuard profile
    • restricts SSH to it

    If OS-level virtualization, install wireguard-go beforehand

Workflow idea

Relevant for Debian

  1. Update the system and reboot
  2. Remove bloat like exim or cron
  3. Setup systemd-networkd and remove other network managers
  4. Get a random IPv6 (security through obscurity)
  5. secure.sh
  6. Install mosh, byobu
  7. Save the connection info somewhere