konsthol/SecDep
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

See last commit

Browse Source
This commit is contained in:
konsthol
2023-04-24 17:48:10 +03:00
parent e127b758b6
commit cd46eb5ac2
3 changed files with 105 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@@ -125,5 +125,8 @@ According to the libcloud's documentation "unlimited" attributes like for exampl
* Don't blindly trust the scraped prices of the program output as they are not scraped by me but libcloud's library * Don't blindly trust the scraped prices of the program output as they are not scraped by me but libcloud's library
# License 📜 # License 📜
<p align="left">
[GPLv3](https://www.gnu.org/licenses/gpl-3.0.html) <a href="https://www.gnu.org/licenses/gpl-3.0.html">
<img src="assets/images/gplv3.png?raw=true" width="250"/>
</a>
</p>

BIN
assets/images/gplv3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 35 KiB

100
harden
View File

@@ -151,11 +151,111 @@ function hardenSSH {
fi fi
} }
function getCorrectFirewall {
local distro # Declare distro as a local variable
distro="$(get_distro)" # Get the distribution name
case "$distro" in # Use case to check for the distribution name
"Ubuntu" | "Debian GNU/Linux") # If the distribution is Ubuntu or Debian
apt install ufw -y # Install ufw
printf "%s" "ufw" # Output ufw
;;
"CentOS Linux" | "Fedora" | "Red Hat Enterprise Linux Server") # If the distribution is CentOS, Fedora or RHEL
dnf install firewalld -y # Install firewalld
printf "%s" "firewalld" # Output firewalld
;;
"openSUSE Leap") # If the distribution is OpenSUSE
zypper install firewalld -y # Install firewalld
printf "%s" "firewalld" # Output firewalld
;;
*)
# If the distribution is none of the above, output unsupported distribution
# and exit with error code 1
printf "%s" "Unsupported distribution"
exit 1 # Exit with error code 1
;;
esac
}
function getCorrectKernelSecurityModule {
local distro # Declare distro as a local variable
distro="$(get_distro)" # Get the distribution name
case "$distro" in # Use case to check for the distribution name
"Ubuntu") # If the distribution is Debian
apt install apparmor-profiles -y # Install apparmor
printf "%s" "apparmor" # Output apparmor
;;
"Debian GNU/Linux") # If the distribution is Debian
apt install apparmor apparmor-utils auditd
printf "%s" "apparmor" # Output apparmor
;;
"CentOS Linux" | "Fedora" | "Red Hat Enterprise Linux Server") # If the distribution is CentOS, Fedora or RHEL
dnf install selinux -y # Install selinux
printf "%s" "selinux" # Output selinux
;;
"openSUSE Leap") # If the distribution is OpenSUSE
zypper install libapparmor apparmor-profiles apparmor-utils apparmor-parser yast2-apparmor apparmor-docs -y # Install apparmor
printf "%s" "apparmor" # Output apparmor
;;
*)
# If the distribution is none of the above, output unsupported distribution
# and exit with error code 1
printf "%s" "Unsupported distribution"
exit 1 # Exit with error code 1
;;
esac
}
function firewallInit {
local firewall
firewall="$(getCorrectFirewall)" # Get the correct firewall
case "$firewall" in
ufw)
sudo ufw default allow outgoing # Allow outgoing connections
sudo ufw default deny incoming # Deny incoming connections
sudo ufw allow 22100/tcp # Allow ssh connections on port 22100
sudo ufw enable # Enable the firewall
sudo systemctl enable ufw # Enable the firewall on boot
sudo systemctl start ufw # Start the firewall
;;
firewalld)
sudo systemctl enable --now firewalld # Enable the firewall on boot and start it
sudo firewall-cmd --permanent --add-port=22100/tcp # Allow ssh connections on port 22100
sudo firewall-cmd --reload # Reload the firewall
;;
*)
printf "%s" "Unsupported firewall"
exit 1
;;
esac
}
function kernelSecurityModuleInit {
local kernelSecurityModule
kernelSecurityModule="$(getCorrectKernelSecurityModule)" # Get the correct kernel security module
case "$kernelSecurityModule" in
apparmor)
sudo systemctl enable --now apparmor # Enable the kernel security module on boot and start it
;;
selinux)
sudo systemctl enable --now selinux # Enable the kernel security module on boot and start it
;;
*)
printf "%s" "Unsupported kernel security module"
exit 1
;;
esac
}
# The main function will call the check_dependencies function and exit if it fails. # The main function will call the check_dependencies function and exit if it fails.
# It will also output a message to the user to let them know that the script has finished. # It will also output a message to the user to let them know that the script has finished.
function main { function main {
check_dependencies || exit 1 # Check dependencies and exit if it fails check_dependencies || exit 1 # Check dependencies and exit if it fails
harden_ssh || exit 1 # Harden ssh and exit if it fails harden_ssh || exit 1 # Harden ssh and exit if it fails
firewallInit || exit 1 # Initialize the firewall and exit if it fails
kernelSecurityModuleInit || exit 1 # Initialize the kernel security module and exit if it fails
printf "%s" "Script finished" # Output message to the user printf "%s" "Script finished" # Output message to the user
} }