diff --git a/du_setup.sh b/du_setup.sh index b180234..efe8405 100644 --- a/du_setup.sh +++ b/du_setup.sh @@ -3467,10 +3467,13 @@ main() { touch "$LOG_FILE" && chmod 600 "$LOG_FILE" log "Starting Debian/Ubuntu hardening script." - # Existing system checks + # --- PRELIMINARY CHECKS --- + print_header check_system + run_update_check + check_dependencies - # Handle --cleanup-only flag + # --- HANDLE SPECIAL OPERATIONAL MODES --- if [[ "$CLEANUP_ONLY" == "true" ]]; then print_info "Running in cleanup-only mode..." detect_environment @@ -3479,7 +3482,6 @@ main() { exit 0 fi - # Handle --cleanup-preview flag if [[ "$CLEANUP_PREVIEW" == "true" ]]; then print_info "Running cleanup preview mode..." detect_environment @@ -3488,27 +3490,17 @@ main() { exit 0 fi - # Normal flow - detect environment first + # --- NORMAL EXECUTION FLOW --- + # Detect environment used for the summary report at the end. detect_environment - - # Run cleanup unless --skip-cleanup is set - if [[ "$SKIP_CLEANUP" == "false" ]]; then - cleanup_provider_packages - else - print_info "Skipping provider cleanup (--skip-cleanup flag set)." - log "Provider cleanup skipped via --skip-cleanup flag." - fi - - run_update_check - print_header - check_dependencies + # --- CORE SETUP AND HARDENING --- collect_config install_packages setup_user configure_system - configure_ssh configure_firewall configure_fail2ban + configure_ssh configure_auto_updates configure_time_sync configure_kernel_hardening @@ -3517,6 +3509,16 @@ main() { setup_backup configure_swap configure_security_audit + + # --- PROVIDER PACKAGE CLEANUP --- + if [[ "$SKIP_CLEANUP" == "false" ]]; then + cleanup_provider_packages + else + print_info "Skipping provider cleanup (--skip-cleanup flag set)." + log "Provider cleanup skipped via --skip-cleanup flag." + fi + + # --- FINAL STEPS --- final_cleanup generate_summary }