Home Original page

GitHub - cynegeirus/linux-initialization-script: A production-grade initialization script for Ubuntu-based public servers such as VPS, VDS, and cloud instances. Designed for engineers who want a clean, fast, and secure system from the very first minute.

🛡️ Public Server Bootstrap Script

A production-grade initialization script for Ubuntu-based public servers such as VPS, VDS, and cloud instances. Designed for engineers who want a clean, fast, and secure system from the very first minute.

This project focuses on three things only:

Security. Performance. Reliability.

No bloat. No magic. Just solid engineering.

🎯 Purpose

This script automates the complete base setup of a freshly installed Ubuntu server by handling:

  • System updates and base configuration
  • Docker environment preparation
  • Kernel and network performance tuning
  • SSH protection with Fail2Ban
  • Optional IPv6 deactivation
  • Automatic reboot after completion

Perfect for:

  • Public-facing servers
  • Production VMs
  • Cloud instances
  • Edge and gateway systems

✨ Key Features

  • One-command full system bootstrap
  • Clean and deterministic configuration
  • Modern TCP stack tuning with BBR
  • High file descriptor limits for heavy workloads
  • Hardened SSH access with Fail2Ban
  • Docker + Docker Compose ready out of the box
  • Zero-interaction installation (fully automated)

📦 What Gets Installed

Core Utilities

  • vim, nano, wget, curl, jq
  • net-tools, bzip2, locales

Security

  • ufw
  • fail2ban

Container Stack

  • docker.io
  • Latest Docker Compose (fetched from GitHub releases)

Performance Tools

  • ethtool
  • cpufrequtils
  • iproute2

⚡ Quick Start

chmod +x setup.sh
sudo ./setup.sh

That’s it. The system will reboot automatically when everything is ready.

⚙️ Default System Configuration

Time & Locale

  • Timezone: Europe/Istanbul
  • Locale: en_US.UTF-8

File Limits

* soft nofile 65535
* hard nofile 65535

Network & Kernel Tuning

The script applies a balanced performance profile:

  • Increased socket buffers
  • Higher backlog limits
  • Optimized TCP memory settings
  • BBR congestion control enabled
  • Optional IPv6 deactivation

Result: Lower latency, higher throughput, better stability under load.

🔐 Security Model

SSH Protection with Fail2Ban

  • Monitors /var/log/auth.log
  • Tracks failed SSH login attempts
  • 2 failures within 10 minutes → permanent ban
  • Zero tolerance for brute-force attacks

This setup is intentionally strict and designed for public servers.

🧩 Customization

The script is intentionally simple to modify. You can safely adapt:

  • DNS servers
  • Sysctl tuning values
  • Fail2Ban thresholds
  • IPv6 enable/disable logic
  • Package list

Everything is transparent. No hidden logic.

🧾 Requirements

  • Ubuntu 22.04 LTS or newer
  • Root or sudo privileges
  • Active internet connection during installation

🏗️ Design Philosophy

This project follows a few clear principles:

  • Deterministic over dynamic
  • Explicit over implicit
  • Minimal over bloated
  • Battle-tested over trendy

It is not a “do everything” script. It is a do the important things right script.

📄 License

This project is licensed under the MIT License. You are free to use, modify, and distribute it in personal or commercial projects.

🤝 Support & Contributions

Found a bug? Have an idea? Want to improve it?

You can:

  • Open an Issue
  • Send a Pull Request
  • Or contact directly

📧 akin.bicer@outlook.com.tr