I wrote this script for myself but it seems like it would be useful for everyone. I could have written in functions but I didn't have time. Just find/replace each variable.

Notes.

* This must be on a fresh install. Period.
* This script infers that you are going to operate your machine as root.

It will:

--> Set up SSH
--> Set up your hostname
--> Set up a static IP
--> Set up BIND9 to cache DNS
--> Setup Apache2 with 1 virtual host + ports.conf
--> Setup PHP-CGI
--> Set up mpm_itk_module
--> Setup APC
--> Optimize Apache and PHP for 512MB (Got this part somewhere else)
--> Harden sysctl.conf
--> Install mod_security & mod_evasive
--> Install Google PageSpeed - mod_pagespeed
--> THE BEST PART - Setup Postfix to use your Gmail account for SMTP.

Once it finishes just upload your website to /srv/www/yourdomain.com/public and you're good to go.

It might have a couple of bugs... Let me know if you find one and I'll update it.

First:

ssh ----DOMAIN----
nano setup.sh
# Paste contents of script then Ctrl+x - Y - Enter
chmod +x setup.sh
./setup.sh

#!/bin/bash

#############################################################
#  Setup Ubuntu 11.04 32/64 Natty Web Server for WordPress  #
#  by Zach Browne - http://zachbrowne.com                   #
#############################################################

## Update and upgrade.
aptitude update && aptitude upgrade

## Setup SSH

mkdir ~/.ssh/
touch ~/.ssh/authorized_keys
echo "----YOUR-SSH-PUBLIC-KEY----" > ~/.ssh/authorized_keys

# Set up hosts file.
echo "scorpius" > /etc/hostname
hostname -F /etc/hostname
sed -i '1 a\----SERVER IP----\t\----YOUR FULL FQDN----\t\----HOSTNAME----' /etc/hosts

# Set up interfaces file for static IP.
cp /etc/network/{interfaces,interfaces.bak}
rm /etc/network/interfaces
touch /etc/network/interfaces
cat > /etc/network/interaces <<EOF
auto lo
iface lo inet loopback
 auto eth0 eth0:1
iface eth0 inet statics
 address ----SERVER IP----
 netmask 255.255.255.0
 gateway ----GATEWAY----
iface eth0:1 inet static
 address ----INTERNAL IP----
 netmask 255.255.128.0
EOF

# Set resolv.conf to rotate DNS
cp /etc/{resolv.conf,resolv.conf.bak}
rm /etc/resolv.conf
touch /etc/resolv.conf
cat > /etc/resolv.conf <<EOF
search members.linode.com
nameserver 72.14.188.5
nameserver 72.14.179.5
options rotate
EOF

# Restart networking.
/etc/init.d/networking restart

## Setup Apache2, PHP-CGI, APC, MySQL, and optimize server for VPS 512MB.

# Install apps for WordPress optimization
aptitude -y install apache2 apache2-mpm-itk mysql-server fontconfig-config javascript-common libdbd-mysql-perl libdbi-perl libfontconfig1 libfreetype6 libgd2-xpm libjpeg62 libjs-cropper libjs-jquery libjs-prototype libjs-scriptaculous libnet-daemon-perl libphp-phpmailer libphp-snoopy libplrpc-perl libt1-5 libxpm4 php-gettext php5-gd tinymce ttf-dejavu-core wwwconfig-common libapache2-mod-perl2 php5-cgi php-apc php5-mysql php5-curl php5-gd php5-imagick php5-mcrypt php5-common php5-pspell php5-snmp php5-xmlrpc php5-xsl imagemagick perl php-pear

# Enable modules
a2enmod actions rewrite 

# Enable APC
echo "extension=apc.so" > /etc/php5/conf.d/apc.ini 

# Configure PHP-CGI.
touch /etc/apache2/conf.d/php-cgi.conf
cat > /etc/apache2/conf.d/php-cgi.conf <<EOF
ScriptAlias /local-bin /usr/bin
AddHandler application/x-httpd-php5 php
Action application/x-httpd-php5 /local-bin/php-cgi
EOF

# Add IP to ports.conf.
cp /etc/apache2/{ports.conf,ports.conf.bak}
rm /etc/apache2/ports.conf
touch /etc/apache2/ports.conf
cat > /etc/apache2/ports.conf <<EOF
NameVirtualHost 72.14.187.136:80
Listen 80
EOF

# Create virtual directory & secure
mkdir -p /srv/www/----DOMAIN----/{public,logs}
chown -R www-data:www-data /srv/www/
find /srv/www/ -type d -exec chmod 755 {} \;


# Create virtual host.
touch /etc/apache2/sites-available/----DOMAIN----
cat > /etc/apache2/sites-available/----DOMAIN---- <<EOF
<VirtualHost ----SERVER-IP----:80>

      RewriteEngine On
      ServerName ----DOMAIN----
      ServerAdmin www@----DOMAIN----
      ServerAlias www.----DOMAIN----
      DocumentRoot /srv/www/----DOMAIN----/public/
      ErrorLog /srv/www/----DOMAIN----/logs/error.log
      CustomLog /srv/www/----DOMAIN----/logs/access.log combined

   <IfModule mpm_itk_module>
           AssignUserId www-data www-data
   </IfModule>

</VirtualHost>
EOF

# Create robots.txt file.
touch /srv/www/----DOMAIN----/public/robots.txt
cat > /srv/www/----DOMAIN----/public/robots.txt <<EOF
User-agent: *
EOF

## Optimize server.

# Remove Apache server information from headers. 
sed -i 's/ServerTokens .*/ServerTokens Prod/' /etc/apache2/conf.d/security
sed -i 's/ServerSignature .*/ServerSignature Off/' /etc/apache2/conf.d/security

# Tweak apache.conf.
cp /etc/apache2/{apache2.conf,apache2.conf.bak}
sed -i 's/\(^\s*StartServers\)\s*[0-9]*/\1         1/' /etc/apache2/apache2.conf
sed -i 's/\(^\s*MaxClients\)\s*[0-9]*/\1           45/' /etc/apache2/apache2.conf
sed -i 's/\(^\s*MinSpareThreads\)\s*[0-9]*/\1      2/' /etc/apache2/apache2.conf
sed -i 's/\(^\s*MaxSpareThreads\)\s*[0-9]*/\1      5/' /etc/apache2/apache2.conf
sed -i 's/\(^\s*ThreadLimit\)\s*[0-9]*/\1          15/' /etc/apache2/apache2.conf
sed -i 's/\(^\s*ThreadsPerChild\)\s*[0-9]*/\1      15/' /etc/apache2/apache2.conf
sed -i 's/\(^\s*MaxRequestsPerChild\)\s*[0-9]*/\1  5000/' /etc/apache2/apache2.conf

# Tweak php.ini.
phpinidir="/etc/php5/cgi/php.ini"
sed -i 's/^\(max_execution_time = \)[0-9]*/\1120/' $phpinidir
sed -i 's/^\(max_input_time = \)[0-9]*/\1300/' $phpinidir
sed -i 's/^\(memory_limit = \)[0-9]*M/\164M/' $phpinidir
sed -i 's/^\(post_max_size = \)[0-9]*M/\125M/' $phpinidir
sed -i 's/^\(upload_max_filesize = \)[0-9]*M/\125M/' $phpinidir
sed -i 's/disable_functions =/disable_functions = exec,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,dl,popen,show_source/' $phpinidir

# Harden sysctl.conf.
sed -i 's/^#net.ipv4.conf.all.accept_source_route = 0/net.ipv4.conf.all.accept_source_route = 0/' /etc/sysctl.conf
sed -i 's/^net.ipv4.conf.all.accept_source_route = 1/net.ipv4.conf.all.accept_source_route = 0/' /etc/sysctl.conf
sed -i 's/^#net.ipv6.conf.all.accept_source_route = 0/net.ipv6.conf.all.accept_source_route = 0/' /etc/sysctl.conf
sed -i 's/^net.ipv6.conf.all.accept_source_route = 1/net.ipv6.conf.all.accept_source_route = 0/' /etc/sysctl.conf

## Secure Apache2.

# Install mod_security & mod_evasive.
aptitude -y install libapache2-mod-evasive libapache-mod-security php5-suhosin
apt-get -f install

# Install PageSpeed Apache2 Module.
wget https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-beta_current_amd64.deb
dpkg -i mod-pagespeed-*.deb
apt-get -f install

## Install Postfix for use with Gmail.

# Install Postfix.
echo "postfix postfix/main_mailer_type select Internet Site" | debconf-set-selections
echo "postfix postfix/mailname string ----DOMAIN----" | debconf-set-selections
echo "postfix postfix/destinations string localhost.localdomain, localhost" | debconf-set-selections
aptitude -y install postfix

# Create main.cf file.
cp /etc/postfix/main.cf /etc/postfix/main.cf.bak
rm /etc/postfix/main.cf
touch /etc/postfix/main.cf
cat > /etc/postfix/main.cf  <<EOF
# Main settings
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=no
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# Host settings
myhostname = ----DOMAIN----
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =
relayhost = [smtp.gmail.com]:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only
default_transport = smtp
relay_transport = smtp
inet_protocols = all

# SASL Settings
smtp_use_tls=yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
EOF

# Create sasl_password file.
touch /etc/postfix/sasl_passwd
cat > /etc/postfix/sasl_passwd <<EOF
[smtp.gmail.com]:587   ----YOUR-GMAIL-ADDRESS----:----GMAIL PASSWORD----
EOF

# Increase file security.
chmod 400 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd
touch /etc/postfix/cacert.pem
cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem >> /etc/postfix/cacert.pem

# Activate site, restart Postfix & Apache2.
a2ensite ----DOMAIN----
/etc/init.d/apache2 restart
/etc/init.d/postfix restart

Good luck!

Zach[/code]

_________________
[bold]Zach Browne[/bold]
[em]Web Consultant[/em]
[a href=http://zachbrowne.com]zachbrowne.com[/a]