bashgen/README.md

Bash Script Generator

A web-based tool for generating comprehensive Linux server setup scripts. This FastAPI application allows administrators to configure and download a single bash script that automates common server baseline setup tasks.

Features

System Setup

• Initial system update & upgrade
• Automatic security updates (unattended-upgrades)
• Timezone configuration
• Hostname setup
• NTP time synchronization
• Swap file configuration

Security & Hardening

• SSH hardening (disable root login, strong ciphers, timeouts)
• Fail2ban intrusion prevention
• Pre-login and post-login banners
• SSH 2FA (Google Authenticator installation)

Docker & Services

• Docker + Docker Compose installation
• Docker admin user creation with restricted permissions
• Custom Docker data directory with ACL permissions
• UFW firewall configuration
• Network bonding/bridging (netplan)

User Management

• Admin user creation with sudo access
• SSH public key authentication setup

Monitoring & Utilities

• Monitoring tools (htop, iotop, net-tools, etc.)
• Build tools (build-essential, git, etc.)

Quick Start

Using Docker (Recommended)

cd bashgen
docker-compose up -d

Access the web interface at http://localhost:8083

Manual Setup

cd bashgen
python -m venv .venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate
pip install -r requirements.txt
uvicorn app:app --host 0.0.0.0 --port 8080

Usage

1. Open the web interface
2. Select the features you want to include
3. Configure parameters (hostname, timezone, ports, etc.)
4. Add system owner information
5. Paste SSH public keys (if creating admin user)
6. Download the generated .sh script
7. Run on your Ubuntu server: sudo bash setup-server.sh

Project Structure

bashgen/
├── app.py                 # FastAPI backend
├── requirements.txt       # Python dependencies
├── Dockerfile            # Docker image definition
├── docker-compose.yml    # Docker Compose configuration
├── templates/
│   ├── index.html        # Web form frontend
│   ├── script.sh.j2      # Bash script Jinja2 template
│   ├── loginbanner.md.template      # Pre-login SSH banner template
│   └── postloginbanner.md.template  # Post-login MOTD banner template
└── README.md             # This file

Banner Templates Setup

The application uses banner templates for SSH pre-login and post-login messages. These templates are included in the templates/ directory.

Using Default Templates

The application automatically uses the included templates:

• templates/loginbanner.md.template - Pre-login SSH banner
• templates/postloginbanner.md.template - Post-login MOTD banner

Customizing Banners

1. Edit the template files in the templates/ directory:

   • loginbanner.md.template - Customize your SSH pre-login warning banner
   • postloginbanner.md.template - Customize your post-login MOTD message

2. Placeholder variables you can use in templates:

   • [OWNER_NAME] - Will be replaced with the owner name from the form
   • [OWNER_WEBSITE] - Will be replaced with the owner website
   • [OWNER_EMAIL] - Will be replaced with the owner email

3. Example template content:

   System Owner:
     Name:    [OWNER_NAME]
     Website: [OWNER_WEBSITE]
     Email:   [OWNER_EMAIL]
   

4. For Docker deployment, the templates are copied into the container during build.

Local Development Setup

If running locally (not in Docker), create a workingscope/ directory in the parent directory:

# From the bashgen directory
mkdir -p ../workingscope
cp templates/loginbanner.md.template ../workingscope/loginbanner.md
cp templates/postloginbanner.md.template ../workingscope/postloginbanner.md

The application will automatically detect and use these files.

Requirements

• Python 3.11+
• Docker & Docker Compose (for containerized deployment)
• Ubuntu Server (for generated scripts)

License

This project is licensed under the MIT License - see the LICENSE file for details.

The MIT License is a permissive open-source license that allows you to:

• ✅ Use the code commercially
• ✅ Modify the code
• ✅ Distribute the code
• ✅ Use privately
• ✅ Include license and copyright notice

Creator

Created and maintained by Avni Ademi (@avni.ademi)

Contributing

Contributions are welcome and encouraged! This project thrives on community involvement.

How to Contribute

1. Fork the repository on GitLab
2. Create a feature branch (git checkout -b feature/amazing-feature)
3. Make your changes and test thoroughly
4. Commit your changes (git commit -m 'Add some amazing feature')
5. Push to the branch (git push origin feature/amazing-feature)
6. Open a Merge Request on GitLab

Contribution Ideas

• 🐛 Bug fixes and improvements
• ✨ New features and enhancements
• 📝 Documentation improvements
• 🎨 UI/UX improvements
• 🔒 Security enhancements
• 🧪 Test coverage
• 🌐 Translations
• 📦 Additional server setup options

Code of Conduct

• Be respectful and inclusive
• Welcome newcomers and help them learn
• Focus on constructive feedback
• Celebrate diversity of ideas and backgrounds

Questions?

Feel free to open an issue on GitLab or reach out to the maintainer.

Planned Features

See FEATURES.md for a list of planned features and enhancements.

Upcoming Features:

• 🛡️ CMMC Compliance Configuration - Comprehensive CMMC Level 1-3 compliance automation for DoD contractors
• 🔒 Automated CVE-based Security Patching - Monitor CVE databases and apply security patches automatically
• 🔐 VPN Server Setup - Configure WireGuard, OpenVPN, or IPSec VPN for organizations (with FIPS 140-2 support)
• 🛡️ Central SIEM Server - Set up centralized Security Information and Event Management (ELK, Wazuh, Graylog)
• 🐳 FIPS-Hardened Docker Images - Configure Docker with FIPS 140-2 validated images and crypto libraries
• 📊 Enhanced Monitoring - Integration with Prometheus, Grafana
• 🔐 SSL/TLS Certificate Management - Automated Let's Encrypt setup
• 💾 Backup Automation - Automated backup solutions
• 🌐 Multi-Distribution Support - Support for CentOS/RHEL, Debian, Alpine

---

Thank you for contributing! 🙏