diff --git a/bootstrap.sh b/bootstrap.sh
new file mode 100755
index 0000000..918e191
--- /dev/null
+++ b/bootstrap.sh
@@ -0,0 +1,84 @@
+# **************************************************************************** #
+#                                                                              #
+#                                                         :::      ::::::::    #
+#    bootstrap.sh                                       :+:      :+:    :+:    #
+#                                                     +:+ +:+         +:+      #
+#    By: gbaconni@student.42lausanne.ch             +#+  +:+       +#+         #
+#                                                 +#+#+#+#+#+   +#+            #
+#    Created: 2021/11/04 10:58:16 by gbaconni          #+#    #+#              #
+#    Updated: 2021/11/04 11:36:38 by gbaconni         ###   lausanne.ch        #
+#                                                                              #
+# **************************************************************************** #
+#!/bin/bash -e -x
+
+ft_editor ()
+{
+	update-alternatives --set editor /usr/bin/vim.basic
+	ln -snf /usr/bin/vim.basic /etc/alternatives/editor
+}
+
+ft_ssh ()
+{
+	port=${1-4242}
+	sed -i'.orig' -r 's/^#?(Port) .*/\1 '${port}'/; s/^#?(PermitRootLogin) .*/\1 no/;' /etc/ssh/sshd_config
+	install -D -d -o gbaconni -g gbaconni -m 0700 ~gbaconni/.ssh
+	install -o gbaconni -g gbaconni -m 0600 /dev/null ~gbaconni/.ssh/authorized_keys
+	echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1Ol5Sfn9XTleGg6PDSRu9+Bs/V+dWmY+EeIQuE/3XH4XxQjguip0e7lLvP1emmnHYrRzD913MbTpYIEidcxQdk/1bauYcMoW01Sx5nG1I+pkdgnQP4p06995/2hM1GPuY7WSDKOMydu1zuJ/7N9TlzItGwV5bivc7tjISdep/rhugFI5ApfcdhEyst+M8T40+s7CRkgnatqx+s8xmzvRIFf4jf/u76FegxYqC5tV30AkUIF/CTpCcENRiQkCTIpwkt55Y0Rk0YnWhM1D1HDyNQizmud38R5B9spfKZH6sOhuzUtRNKE1jVdAdl7fEaCT4Y7kYW2HF7sa7uy+IlNRbebDg5HHfy91c2pyUkl65QQOWfqLm0P3J9i5xywmRenVrLxe8P9Cs00CJGdfXaaE2f/5K7nkphVIXE8nCqye2I50ifNYktWdcWQdD4nJpDzFAZllJqSKobdGOn9qW9h8dPrTTB3dTRroRTXoIZRHCKRE8lL+jVTKLlMcMyLUgAXrsJ0ehmuskaDdQc9Mm9i7/2J84RLfs64zsLkC5xqhBaw4Er4GuZ3r1LHS09iqKCQ1T52wJ9ZTHjVd6auikevWf3beLj5NQy25b1bAoWFmfg3fhsg7pbcyqHeSSPuCoXfuaqA5+Fz4ARTdXSodmriqCmM6YUzWMUX1+VZIXaVr5bw== gbaconni' > ~gbaconni/.ssh/authorized_keys
+}
+
+ft_groups ()
+{
+	groupadd -f -r sudo
+	groupadd -f user42
+	usermod -a -G sudo,user42 gbaconni
+}
+
+ft_policy ()
+{
+	sed -i'.orig' -r 's/^#?(PASS_MAX_DAYS).*/\1\t30/; s/^#?(PASS_MIN_DAYS).*/\1\t2/; s/^#?(PASS_WARN_AGE).*/\1\t7/; s/^#?(PASS_MIN_LEN).*/\1\t10/;' /etc/login.defs
+	sed -i'.orig' -r 's/^[# ]*(minlen =)/\1 10/; s/^[# ]*([ud]credit =)/\1 -1/; s/^[# ]*(maxrepeat =)/\1 3/; s/^[# ]*(usercheck =)/\1 1/; s/^[# ]*(difok =)/\1 7/;' /etc/security/pwquality.conf
+	chage -M 30 -m 2 -W 7 gbaconni
+}
+
+ft_sudo ()
+{
+	install -D -d /var/log/sudo
+	echo -e 'passwd_tries=3\nbadpass_message="I am sorry. I am afraid you cannot do that."\nlog_input\nlog_output\niolog_dir="/var/log/sudo"\nrequiretty\nsecure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"' | sed 's/^/Defaults\t/' > /etc/sudoers.d/sudo
+	chmod 0440 /etc/sudoers.d/sudo
+}
+
+ft_rc_local ()
+{
+	systemctl enable rc-local.service
+	echo '#!/bin/sh -e' > /etc/rc.local
+	echo '' >> /etc/rc.local
+	echo 'exit 0' >> /etc/rc.local
+	chmod +x /etc/rc.local
+}
+
+ft_ufw ()
+{
+	cp /etc/rc.local /etc/rc.local.orig
+	echo '#!/bin/sh' > /etc/rc.local
+	echo '/usr/sbin/ufw enable' >> /etc/rc.local
+	echo '/usr/sbin/ufw allow ssh' >> /etc/rc.local
+	echo '/usr/sbin/ufw allow proto tcp from any to any port 4242' >> /etc/rc.local
+	echo 'mv -f /etc/rc.local /etc/rc.local.baco' >> /etc/rc.local
+	echo 'mv -f /etc/rc.local.orig /etc/rc.local' >> /etc/rc.local
+	echo 'test -x /etc/rc.local && /etc/rc.local' >> /etc/rc.local
+	echo 'exit 0' >> /etc/rc.local
+}
+
+main ()
+{
+	ft_editor
+	ft_ssh
+	ft_groups
+	ft_policy
+	ft_sudo
+	ft_rc_local
+	ft_ufw 4242
+	return 0
+}
+
+exit main $@