Skip to content

unknown41760/self-signed-cert-script

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
README.md
README.md
 
 
self_signed_cert.sh
self_signed_cert.sh
 
 

Repository files navigation

Script for installing the 3x‑UI panel for VLESS and 10‑year certificates

Based on

Antenka's code from repo https://github.com/anten-ka/self-signed-cert-script-by-antenka

📚 Description

This script automatically installs:

The 3X‑UI panel for managing VPN protocols. A self‑signed SSL certificate valid for 10 years.

🛠️ What will be installed?

OpenSSL qrencode 3X‑UI

Secure server beforehand

🔑 1. Secure SSH Access

# Edit the SSH daemon configuration
sudo nano /etc/ssh/sshd_config

Change the default SSH port

(Replace 2222 with whatever port you wish to use.)

# Inside /etc/ssh/sshd_config
Port 2222
# Restart SSH to apply changes
sudo systemctl restart ssh

Disable root login

# Inside /etc/ssh/sshd_config
PermitRootLogin no

Use SSH keys instead of passwords

# On your local machine
ssh-keygen -t ed25519
# Copy the public key to the VPS (adjust port if you changed it)
ssh-copy-id -p 2222 user@your-vps-ip

Disable password authentication

# Inside /etc/ssh/sshd_config
PasswordAuthentication no

🛡️ 2. Firewall Setup

Ubuntu / Debian (UFW)

# Allow the new SSH port
sudo ufw allow 2222/tcp
sudo ufw enable
sudo ufw status

CentOS / RedHat (firewalld)

# Add the new SSH port permanently
sudo firewall-cmd --permanent --add-port=2222/tcp
sudo firewall-cmd --reload

🔐 3. Keep System Updated

Debian / Ubuntu

sudo apt update && sudo apt upgrade -y

CentOS / RHEL

sudo yum update -y

🚨 4. Install Fail2Ban

# Install
sudo apt install fail2ban -y   # Debian/Ubuntu
sudo yum install fail2ban -y   # CentOS/RHEL
# Enable and start the service
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

🔍 5. Monitor Users & Processes

# Create a non‑root user
adduser myuser
usermod -aG sudo myuser   # Ubuntu – add to sudo group
# Check logs
sudo journalctl -xe
sudo tail -f /var/log/auth.log

🧰 6. Optional but Recommended

# Install intrusion detection tools
sudo apt install rkhunter chkrootkit   # Debian/Ubuntu
sudo yum install rkhunter chkrootkit   # CentOS/RHEL
# Enable automatic security updates (Ubuntu/Debian)
sudo apt install unattended-upgrades
# Enable two‑factor authentication for SSH
sudo apt install libpam-google-authenticator
# Then configure /etc/pam.d/sshd and /etc/ssh/sshd_config accordingly

Tip: After any change to sshd_config, always verify the syntax before restarting:

sudo sshd -t

If it reports syntax OK, you can safely restart.

🚀 How to use?

1. Clone the repository

sudo apt update && sudo apt install -y git curl openssl qrencode systemd && rm -rf ~/self-signed-cert-script && git clone https://github.com/unknown41760/self-signed-cert-script.git && cd self-signed-cert-script && chmod +x self_signed_cert.sh && sudo ./self_signed_cert.sh

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages