See last commit
This commit is contained in:
@@ -125,5 +125,8 @@ According to the libcloud's documentation "unlimited" attributes like for exampl
|
||||
* Don't blindly trust the scraped prices of the program output as they are not scraped by me but libcloud's library
|
||||
|
||||
# License 📜
|
||||
|
||||
[GPLv3](https://www.gnu.org/licenses/gpl-3.0.html)
|
||||
<p align="left">
|
||||
<a href="https://www.gnu.org/licenses/gpl-3.0.html">
|
||||
<img src="assets/images/gplv3.png?raw=true" width="250"/>
|
||||
</a>
|
||||
</p>
|
||||
|
||||
BIN
assets/images/gplv3.png
Normal file
BIN
assets/images/gplv3.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 35 KiB |
100
harden
100
harden
@@ -151,11 +151,111 @@ function hardenSSH {
|
||||
fi
|
||||
}
|
||||
|
||||
function getCorrectFirewall {
|
||||
local distro # Declare distro as a local variable
|
||||
distro="$(get_distro)" # Get the distribution name
|
||||
case "$distro" in # Use case to check for the distribution name
|
||||
"Ubuntu" | "Debian GNU/Linux") # If the distribution is Ubuntu or Debian
|
||||
apt install ufw -y # Install ufw
|
||||
printf "%s" "ufw" # Output ufw
|
||||
;;
|
||||
"CentOS Linux" | "Fedora" | "Red Hat Enterprise Linux Server") # If the distribution is CentOS, Fedora or RHEL
|
||||
dnf install firewalld -y # Install firewalld
|
||||
printf "%s" "firewalld" # Output firewalld
|
||||
;;
|
||||
|
||||
"openSUSE Leap") # If the distribution is OpenSUSE
|
||||
zypper install firewalld -y # Install firewalld
|
||||
printf "%s" "firewalld" # Output firewalld
|
||||
;;
|
||||
*)
|
||||
# If the distribution is none of the above, output unsupported distribution
|
||||
# and exit with error code 1
|
||||
printf "%s" "Unsupported distribution"
|
||||
exit 1 # Exit with error code 1
|
||||
;;
|
||||
esac
|
||||
|
||||
}
|
||||
|
||||
function getCorrectKernelSecurityModule {
|
||||
local distro # Declare distro as a local variable
|
||||
distro="$(get_distro)" # Get the distribution name
|
||||
case "$distro" in # Use case to check for the distribution name
|
||||
"Ubuntu") # If the distribution is Debian
|
||||
apt install apparmor-profiles -y # Install apparmor
|
||||
printf "%s" "apparmor" # Output apparmor
|
||||
;;
|
||||
"Debian GNU/Linux") # If the distribution is Debian
|
||||
apt install apparmor apparmor-utils auditd
|
||||
printf "%s" "apparmor" # Output apparmor
|
||||
;;
|
||||
"CentOS Linux" | "Fedora" | "Red Hat Enterprise Linux Server") # If the distribution is CentOS, Fedora or RHEL
|
||||
dnf install selinux -y # Install selinux
|
||||
printf "%s" "selinux" # Output selinux
|
||||
;;
|
||||
|
||||
"openSUSE Leap") # If the distribution is OpenSUSE
|
||||
zypper install libapparmor apparmor-profiles apparmor-utils apparmor-parser yast2-apparmor apparmor-docs -y # Install apparmor
|
||||
printf "%s" "apparmor" # Output apparmor
|
||||
;;
|
||||
*)
|
||||
# If the distribution is none of the above, output unsupported distribution
|
||||
# and exit with error code 1
|
||||
printf "%s" "Unsupported distribution"
|
||||
exit 1 # Exit with error code 1
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
function firewallInit {
|
||||
local firewall
|
||||
firewall="$(getCorrectFirewall)" # Get the correct firewall
|
||||
case "$firewall" in
|
||||
ufw)
|
||||
sudo ufw default allow outgoing # Allow outgoing connections
|
||||
sudo ufw default deny incoming # Deny incoming connections
|
||||
sudo ufw allow 22100/tcp # Allow ssh connections on port 22100
|
||||
sudo ufw enable # Enable the firewall
|
||||
sudo systemctl enable ufw # Enable the firewall on boot
|
||||
sudo systemctl start ufw # Start the firewall
|
||||
;;
|
||||
firewalld)
|
||||
sudo systemctl enable --now firewalld # Enable the firewall on boot and start it
|
||||
sudo firewall-cmd --permanent --add-port=22100/tcp # Allow ssh connections on port 22100
|
||||
sudo firewall-cmd --reload # Reload the firewall
|
||||
;;
|
||||
*)
|
||||
printf "%s" "Unsupported firewall"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
function kernelSecurityModuleInit {
|
||||
local kernelSecurityModule
|
||||
kernelSecurityModule="$(getCorrectKernelSecurityModule)" # Get the correct kernel security module
|
||||
case "$kernelSecurityModule" in
|
||||
apparmor)
|
||||
sudo systemctl enable --now apparmor # Enable the kernel security module on boot and start it
|
||||
;;
|
||||
selinux)
|
||||
sudo systemctl enable --now selinux # Enable the kernel security module on boot and start it
|
||||
;;
|
||||
*)
|
||||
printf "%s" "Unsupported kernel security module"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
# The main function will call the check_dependencies function and exit if it fails.
|
||||
# It will also output a message to the user to let them know that the script has finished.
|
||||
function main {
|
||||
check_dependencies || exit 1 # Check dependencies and exit if it fails
|
||||
harden_ssh || exit 1 # Harden ssh and exit if it fails
|
||||
firewallInit || exit 1 # Initialize the firewall and exit if it fails
|
||||
kernelSecurityModuleInit || exit 1 # Initialize the kernel security module and exit if it fails
|
||||
printf "%s" "Script finished" # Output message to the user
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user