konsthol/SecDep
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Version control is awful

Browse Source
This commit is contained in:
konsthol
2023-09-07 07:09:20 +03:00
parent a58ce909b0
commit 7d107bca67
2 changed files with 19 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
harden
View File

@@ -607,9 +607,9 @@ else
sudo ufw reload
fi
TOHERE
# Every 30 minutes check if there are any new ports used by docker and allow them in the firewall
# Every 20 minutes check if there are any new ports used by docker and allow them in the firewall
cat << TOHERE | sudo tee -a /var/spool/cron/crontabs/root > /dev/null 2>&1
*/30 * * * * /root/bin/dynamic_docker_ports_cronjob.sh
*/20 * * * * /root/bin/dynamic_docker_ports_cronjob.sh
TOHERE
sudo chmod +x /root/bin/dynamic_docker_ports_cronjob.sh
sudo systemctl restart cron
@@ -700,32 +700,32 @@ sudo systemctl restart cron
# It will also pass any arguments passed to the script to the dockerInit function.
# Then it will output a message to the user and reboot the system in 2 minutes.
function main {
printf "%s\n" "$SCRIPT_NAME script started"
printf "%s\n" "=> $SCRIPT_NAME script started <="
check_dependencies || exit 1 # Check dependencies and exit if it fails
printf "%s\n" "Dependencies installed"
printf "%s\n" "=> Dependencies installed <="
hardenSSH || exit 1 # Harden ssh and exit if it fails
printf "%s\n" "SSH hardened"
printf "%s\n" "=> SSH hardened <="
firewallInit || exit 1 # Initialize the firewall and exit if it fails
printf "%s\n" "Firewall initialized"
printf "%s\n" "=> Firewall initialized <="
kernelSecurityModuleInit || exit 1 # Initialize the kernel security module and exit if it fails
printf "%s\n" "Kernel security module initialized"
printf "%s\n" "=> Kernel security module initialized <="
configureFail2ban || exit 1 # Initialize fail2ban and exit if it fails
printf "%s\n" "Fail2ban configured"
printf "%s\n" "=> Fail2ban configured <="
# Call the dockerInit function with the arguments passed to the script
dockerInit "$@" || exit 1 # Initialize docker and exit if it fails
printf "%s\n" "Docker Rootless, docker-compose and gVisor installed and configured"
printf "%s\n" "Portainer and Watchtower along with any specified docker images from the command line or a docker-compose.yml file installed"
printf "%s\n" "=> Docker Rootless, docker-compose and gVisor installed and configured <="
printf "%s\n" "=> Portainer and Watchtower along with any specified docker images from the command line or a docker-compose.yml file installed <="
enableServices || exit 1 # Enable the services that need to be restarted and the firewall
printf "%s\n" "Services restarted and firewall enabled"
printf "%s\n" "=> Services restarted and firewall enabled <="
dynamicDockerPortsCronjob || exit 1 # Allow the ports used by docker in the firewall
printf "%s\n" "CronJob to adjust the ports used by docker and the firewall installed"
printf "%s\n" "=> CronJob to adjust the ports used by docker and the firewall installed <="
automaticUpdatesCronjob || exit 1 # Install a cronjob to update the system periodically
printf "%s\n" "CronJob to update the system installed"
printf "%s\n" "=> CronJob to update the system installed <="
# If the username is not secdep, delete the remaining users
[[ "$USER" != "secdep" ]] && deleteRemainingUsers || exit 1 # Delete possible remaining users
printf "%s\n" "Any unnecessary users deleted"
printf "%s\n" "$SCRIPT_NAME script finished" # Output message to the user
printf "%s\n" "System will reboot momentarily" # Output message to the user
printf "%s\n" "=> Any unnecessary users deleted <="
printf "%s\n" "=> $SCRIPT_NAME script finished <=" # Output message to the user
printf "%s\n" "=> System will reboot momentarily <=" # Output message to the user
# Reboot the system in 3 minutes with the shutdown command so that login before the reboot is not possible
# If the username is not secdep, reboot the system in 1 minute
# We reboot just in case there are any updates that need to be applied