added cyberpanel install script

CyberpanelInstall.sh

@@ -0,0 +1,83 @@
+#!/bin/sh
+OUTPUT=$(cat /etc/*release)
+
+if echo $OUTPUT | grep -q "CentOS Linux 7" ; then
+    echo "Checking and installing curl and wget"
+    yum install curl wget -y 1> /dev/null
+    yum update curl wget ca-certificates -y 1> /dev/null
+    SERVER_OS="CentOS"
+
+elif echo $OUTPUT | grep -q "CentOS Linux 8" ; then
+    echo -e "\nDetecting Centos 8...\n"
+    SERVER_OS="CentOS8"
+    yum install curl wget -y 1> /dev/null
+    yum update curl wget ca-certificates -y 1> /dev/null
+
+elif echo $OUTPUT | grep -q "AlmaLinux 8" ; then
+    echo -e "\nDetecting AlmaLinux 8...\n"
+    SERVER_OS="CentOS8"
+    yum install curl wget -y 1> /dev/null
+    yum update curl wget ca-certificates -y 1> /dev/null
+
+elif echo $OUTPUT | grep -q "AlmaLinux 9" ; then
+    echo -e "\nDetecting AlmaLinux 9...\n"
+    SERVER_OS="CentOS8"
+    yum install curl wget -y 1> /dev/null
+    yum update curl wget ca-certificates -y 1> /dev/null
+
+elif echo $OUTPUT | grep -q "CloudLinux 7" ; then
+    echo "Checking and installing curl and wget"
+    yum install curl wget -y 1> /dev/null
+    yum update curl wget ca-certificates -y 1> /dev/null
+    SERVER_OS="CloudLinux"
+
+elif echo $OUTPUT | grep -q "CloudLinux 8" ; then
+    echo "Checking and installing curl and wget"
+    yum install curl wget -y 1> /dev/null
+    yum update curl wget ca-certificates -y 1> /dev/null
+    SERVER_OS="CloudLinux"
+
+elif echo $OUTPUT | grep -q "Ubuntu 18.04" ; then
+    apt install -y -qq wget curl
+    SERVER_OS="Ubuntu"
+
+elif echo $OUTPUT | grep -q "Ubuntu 20.04" ; then
+    apt install -y -qq wget curl
+    SERVER_OS="Ubuntu"
+
+elif echo $OUTPUT | grep -q "Ubuntu 22.04" ; then
+    apt install -y -qq wget curl
+    SERVER_OS="Ubuntu"
+
+elif echo $OUTPUT | grep -q "Ubuntu 24.04" ; then
+    apt install -y -qq wget curl
+    SERVER_OS="Ubuntu"
+
+elif echo $OUTPUT | grep -q "Ubuntu 26.04" ; then
+    apt install -y -qq wget curl
+    SERVER_OS="Ubuntu"
+
+elif echo $OUTPUT | grep -q "openEuler 20.03" ; then
+    echo -e "\nDetecting openEuler 20.03...\n"
+    SERVER_OS="openEuler"
+    yum install curl wget -y 1> /dev/null
+    yum update curl wget ca-certificates -y 1> /dev/null
+
+elif echo $OUTPUT | grep -q "openEuler 22.03" ; then
+    echo -e "\nDetecting openEuler 22.03...\n"
+    SERVER_OS="openEuler"
+    yum install curl wget -y 1> /dev/null
+    yum update curl wget ca-certificates -y 1> /dev/null
+
+else
+    echo -e "\nUnable to detect your OS...\n"
+    echo -e "\nCyberPanel is supported on Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Ubuntu 24.04, Ubuntu 26.04, AlmaLinux 8, AlmaLinux 9 and CloudLinux 7.x...\n"
+    exit 1
+fi
+
+rm -f cyberpanel.sh
+rm -f install.tar.gz
+
+curl --silent -o cyberpanel.sh "https://cyberpanel.sh/?dl&$SERVER_OS" 2>/dev/null
+chmod +x cyberpanel.sh
+./cyberpanel.sh $@

README.md

@@ -1,3 +1,51 @@
-# server-scripts
+# Server Scripts
+
+Collection of automation scripts for server setup and SSH configuration.
+
+These scripts are hosted on Gitea and can be accessed via short links or direct raw URLs.
+
+---
+
+## 📦 Available Scripts
+
+### 🛠 server-prep.sh
+Prepares a fresh server (packages, updates, base config)
+
+- Short URL: http://bit.ly/4dYp6ug
+
+---
+
+### 🔐 sshupdate.sh
+Configures SSH (keys, security hardening, etc.)
+
+- Short URL: https://bit.ly/4vkvVNQ
+
+---
+
+## 🚀 Usage
+
+### ✅ Recommended Method (Safe)
+
+Download → Inspect → Run
+
+#### Server Prep
+bash
+curl -L -o server-prep.sh http://bit.ly/4dYp6ug
+less server-prep.sh
+chmod +x server-prep.sh
+./server-prep.sh
+
+curl -s http://bit.ly/4dYp6ug | bash
+curl -s https://bit.ly/4vkvVNQ | bash
+
+### example workflow
+
+
+# server setup
+curl -L -o server-prep.sh http://bit.ly/4dYp6ug
+bash server-prep.sh
+
+# ssh setup
+curl -L -o sshupdate.sh https://bit.ly/4vkvVNQ
+bash sshupdate.sh
 
-test2

serverprep.sh

@@ -62,7 +62,8 @@ mkdir -p /etc/systemd/system/ssh.socket.d
 cat > /etc/systemd/system/ssh.socket.d/override.conf <<EOF
 [Socket]
 ListenStream=
-ListenStream=${SSH_PORT}
+ListenStream=0.0.0.0:${SSH_PORT}
+ListenStream=[::]:${SSH_PORT}
 EOF
 
 # Keep sshd_config aligned
@@ -114,3 +115,31 @@ if [[ ! "$DISABLE_UFW" =~ ^[Nn]$ ]]; then
 else
   ufw allow ${SSH_PORT}/tcp
   ufw allow 80/tcp
+  ufw allow 443/tcp
+  ufw --force enable
+fi
+
+# -------------------------------
+# Fail2Ban
+# -------------------------------
+systemctl enable fail2ban
+systemctl start fail2ban
+
+# -------------------------------
+# Finish
+# -------------------------------
+IP_ADDR=$(hostname -I | awk '{print $1}')
+
+echo ""
+echo "==============================="
+echo " ✅ SERVER READY"
+echo "==============================="
+
+echo "Hostname: $NEW_HOSTNAME"
+echo "Timezone: $NEW_TZ"
+echo "SSH Port: $SSH_PORT"
+echo "IP: $IP_ADDR"
+
+echo ""
+echo "⚠️ TEST SSH NOW:"
+echo "ssh -p $SSH_PORT root@$IP_ADDR"

sshupdate.sh

@@ -2,14 +2,94 @@
 
 set -e
 
-echo "==============================="
-echo " SSH Configuration Script"
-echo "==============================="
+# ===============================
+# CONFIG VALUES (EDIT HERE)
+# ===============================
+SSH_PORT="48291"
 
-SSHD_CONFIG="/etc/ssh/sshd_config"
+echo "==============================="
+echo " Server Prep Script"
+echo "==============================="
 
 # -------------------------------
-# Install SSH Key
+# Prompt for hostname
+# -------------------------------
+read -p "Enter new hostname (FQDN recommended): " NEW_HOSTNAME
+
+if [ -z "$NEW_HOSTNAME" ]; then
+  echo "Hostname cannot be empty"
+  exit 1
+fi
+
+hostnamectl set-hostname "$NEW_HOSTNAME"
+
+# -------------------------------
+# Timezone
+# -------------------------------
+read -p "Enter timezone [default: America/Chicago]: " NEW_TZ
+NEW_TZ=${NEW_TZ:-America/Chicago}
+
+timedatectl set-timezone "$NEW_TZ"
+timedatectl set-ntp true
+
+# -------------------------------
+# System update
+# -------------------------------
+apt update && apt upgrade -y
+
+# -------------------------------
+# Base packages
+# -------------------------------
+apt install -y \
+  curl \
+  ca-certificates \
+  gnupg \
+  lsb-release \
+  apt-transport-https \
+  software-properties-common \
+  fail2ban \
+  net-tools \
+  unzip \
+  jq
+
+# -------------------------------
+# SSH CONFIG (MODERN - socket)
+# -------------------------------
+echo "Configuring SSH socket on port ${SSH_PORT}..."
+
+mkdir -p /etc/systemd/system/ssh.socket.d
+
+cat > /etc/systemd/system/ssh.socket.d/override.conf <<EOF
+[Socket]
+ListenStream=
+ListenStream=${SSH_PORT}
+EOF
+
+# Keep sshd_config aligned
+sed -i "s/^#*Port .*/Port ${SSH_PORT}/" /etc/ssh/sshd_config
+
+# SSH auth settings
+sed -i "s/^#*PasswordAuthentication.*/PasswordAuthentication yes/" /etc/ssh/sshd_config
+
+if ! grep -q "^KbdInteractiveAuthentication" /etc/ssh/sshd_config; then
+  echo "KbdInteractiveAuthentication yes" >> /etc/ssh/sshd_config
+else
+  sed -i "s/^KbdInteractiveAuthentication.*/KbdInteractiveAuthentication yes/" /etc/ssh/sshd_config
+fi
+
+if ! grep -q "^ChallengeResponseAuthentication" /etc/ssh/sshd_config; then
+  echo "ChallengeResponseAuthentication yes" >> /etc/ssh/sshd_config
+else
+  sed -i "s/^ChallengeResponseAuthentication.*/ChallengeResponseAuthentication yes/" /etc/ssh/sshd_config
+fi
+
+systemctl daemon-reexec
+systemctl daemon-reload
+systemctl restart ssh.socket
+systemctl restart ssh
+
+# -------------------------------
+# SSH KEY INSTALL
 # -------------------------------
 echo "Installing SSH key..."
 
@@ -21,71 +101,45 @@ chmod 700 ~/.ssh
 grep -qxF "$SSH_KEY" ~/.ssh/authorized_keys 2>/dev/null || echo "$SSH_KEY" >> ~/.ssh/authorized_keys
 chmod 600 ~/.ssh/authorized_keys
 
-echo "✅ Key installed"
+echo "✅ SSH key added"
 
 # -------------------------------
-# Backup config
+# Firewall
 # -------------------------------
-cp ${SSHD_CONFIG} ${SSHD_CONFIG}.bak.$(date +%s)
+read -p "Disable UFW? (Y/n): " DISABLE_UFW
 
-# -------------------------------
-# SSH SETTINGS
-# -------------------------------
-echo "Updating SSH settings..."
-
-# Pubkey
-if grep -q "^PubkeyAuthentication" "$SSHD_CONFIG"; then
-  sed -i "s/^PubkeyAuthentication.*/PubkeyAuthentication yes/" "$SSHD_CONFIG"
+if [[ ! "$DISABLE_UFW" =~ ^[Nn]$ ]]; then
+  systemctl stop ufw || true
+  systemctl disable ufw || true
 else
-  echo "PubkeyAuthentication yes" >> "$SSHD_CONFIG"
+  ufw allow ${SSH_PORT}/tcp
+  ufw allow 80/tcp
+  ufw allow 443/tcp
+  ufw --force enable
 fi
 
-# Password (initially enabled for safety)
-if grep -q "^PasswordAuthentication" "$SSHD_CONFIG"; then
-  sed -i "s/^PasswordAuthentication.*/PasswordAuthentication yes/" "$SSHD_CONFIG"
-else
-  echo "PasswordAuthentication yes" >> "$SSHD_CONFIG"
-fi
-
-# KbdInteractive ✅
-if grep -q "^KbdInteractiveAuthentication" "$SSHD_CONFIG"; then
-  sed -i "s/^KbdInteractiveAuthentication.*/KbdInteractiveAuthentication yes/" "$SSHD_CONFIG"
-else
-  echo "KbdInteractiveAuthentication yes" >> "$SSHD_CONFIG"
-fi
-
-# ChallengeResponse
-if grep -q "^ChallengeResponseAuthentication" "$SSHD_CONFIG"; then
-  sed -i "s/^ChallengeResponseAuthentication.*/ChallengeResponseAuthentication yes/" "$SSHD_CONFIG"
-else
-  echo "ChallengeResponseAuthentication yes" >> "$SSHD_CONFIG"
-fi
-
-systemctl restart ssh
-
-echo "✅ SSH restarted"
-
 # -------------------------------
-# Optional Lockdown
+# Fail2Ban
 # -------------------------------
-read -p "Disable password login? (y/N): " DISABLE_PASS
+systemctl enable fail2ban
+systemctl start fail2ban
 
-if [[ "$DISABLE_PASS" =~ ^[Yy]$ ]]; then
-  sed -i "s/^#*PasswordAuthentication.*/PasswordAuthentication no/" "$SSHD_CONFIG"
-  systemctl restart ssh
-  echo "✅ Password login disabled"
-fi
-
-read -p "Disable root login? (y/N): " DISABLE_ROOT
-
-if [[ "$DISABLE_ROOT" =~ ^[Yy]$ ]]; then
-  sed -i "s/^#*PermitRootLogin.*/PermitRootLogin no/" "$SSHD_CONFIG"
-  systemctl restart ssh
-  echo "✅ Root login disabled"
-fi
+# -------------------------------
+# Finish
+# -------------------------------
+IP_ADDR=$(hostname -I | awk '{print $1}')
 
 echo ""
 echo "==============================="
-echo " ✅ SSH CONFIG COMPLETE"
+echo " ✅ SERVER READY"
 echo "==============================="
-echo "⚠️ Test SSH access before closing your session"
+
+echo "Hostname: $NEW_HOSTNAME"
+echo "Timezone: $NEW_TZ"
+echo "SSH Port: $SSH_PORT"
+echo "IP: $IP_ADDR"
+
+echo ""
+echo "⚠️ TEST SSH NOW:"
+echo "ssh -p $SSH_PORT root@$IP_ADDR"
+``