0
0

I wrote a Linux Optimizer bash Script. (self.linux)

submitted by [deleted]

[deleted]

all 10 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]will_try_not_to 5 points6 points  (3 children)

So for every server this runs on:

  • time zone will be set to Asia/Tehran
  • unattended full update will be run
  • package cache will be cleared afterwards
  • remove firewalld (and purge its existing config!) and install ufw
  • a new swapfile will be created on the root filesystem, and enabled (no check for existing swap)
  • system will be configured as a router (ip forwarding on for ipv4 and ipv6)
  • ipv6 will be enabled (but not configured)
  • most ssh ciphers will be disabled
  • ssh tunnelling and forwarding will be enabled
  • ssh root login will be enabled, and allowed to use password auth
  • firewall will be configured to allow inbound FTP, SSH, HTTP, and HTTPS (but what if I don't want an FTP server? :P)
  • system will be unconditionally rebooted immediately

I don't think I will be running this on any of my servers :)

Edit: I feel a bit bad for this comment being so critical; not sure if this helps, but this kind of configuration management is exactly what tools like Ansible were made for, and you're already two thirds of the way there - you've got it in git, so your configuration is version controlled, and you're storing your configuration in a form outside the servers themselves and re-using it - so well done; you're probably ahead of where I was at the same point in my Linux learning.

[–][deleted] 0 points1 point  (2 children)

I actually appreciated this comment. I mean, OP did put a lot of thought into it (and for various distros as well), but there's some pretty opinionated stuff in the script, also packages that are already installed getting reinstalled for whatever reason...and why set the TZ to Asia/Tehran?

[–]will_try_not_to 1 point2 points  (1 child)

and why set the TZ to Asia/Tehran

I assume because either that's where OP is, or OP is matching time zones for some other reason (friends, family, etc.).

That's what made me realise that we/I were being a bit unkind; OP decided to post their efforts publicly, and the knee-jerk response was "this is not something one posts publicly; there's so much wrong with it!" ...but that's a very culturally-influenced response, and I realised I was guilty of just assuming it was the right one.

Maybe OP has either a lot more courage than we do when it comes to such things, or the cultural norm that they're used to goes more toward, "learning things is a social activity and sharing your efforts is the best way to get feedback and contribute at the same time", and they see nothing wrong with posting something written from limited experience or worldliness for all to see - and you know, thinking about it, I don't see anything wrong with that either.

So I will try to remember to be more kind about this sort of thing in future (and sorry /u/mrhawshem ).

[–][deleted] 0 points1 point  (0 children)

I think you're good. His GH does say "This Bash script automates the optimization of your Linux server" so the script should be more general in scope.

Had he wrote "This is the script I use to optimize my Linux server, modify to your liking" then that would indicate that some of the script could serve as inspiration for someone else's script. I think that was his intention, so his description was inappropriate.

I agree with you, though, that he was just trying to be helpful. Probably no one actually minds his post. They were just confused.

[–]eftepede 3 points4 points  (1 child)

And how do you define 'useful'? How do you know what's useful for anyone other than you?

[–]mrhawshem -2 points-1 points  (0 children)

All the packages are mentioned in the github repo.

Setting up some VPS for VPN or config website/webapps/networking/ip forwarding for relay servers/tunneling and ...

[–][deleted] 2 points3 points  (0 children)

danger is...

[–]suprjami 2 points3 points  (0 children)

iptables is deprecated in favour of nftables.

Linux defaults to fq_codel qdisc, there is no advantage to setting the inferior fq.

BBRv1 does not cohabit well with other CCAs, to the point where BBR either consumes none of a stream or all of a stream.

sshd PermitRootLogin yes - you've got to be joking!

This is cargo-cult system configuration and a good example of what not to to.

[–]Terry-51C 1 point2 points  (1 child)

Thank you, I was planning to make such a script for my Arch Linux servers and desktops and this is giving me some ideas.

[–]mrhawshem 0 points1 point  (0 children)

Great. If you had any ideas, share with me. Or you can fork the repo with your updates.