From e7dbe538dc30489a2eec637c14cebf2b18f13b58 Mon Sep 17 00:00:00 2001 From: buildplan Date: Wed, 26 Nov 2025 11:06:12 +0000 Subject: [PATCH 1/5] improve summay and final system update --- du_setup.sh | 65 ++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 50 insertions(+), 15 deletions(-) diff --git a/du_setup.sh b/du_setup.sh index a88a0f3..91fdb88 100644 --- a/du_setup.sh +++ b/du_setup.sh @@ -1,8 +1,10 @@ #!/bin/bash # Debian and Ubuntu Server Hardening Interactive Script -# Version: 0.78.2 | 2025-11-25 +# Version: 0.78.3 | 2025-11-26 # Changelog: +# - v0.78.3: Update the summary to try to show the right environment detection based on finding personal VMs and cloud VPS. +# Run update & upgrade in the final step to ensure system is fully updated after restart. # - v0.78.2: In configure_system set choosen hostname from collect_config in the /etc/hosts # - v0.78.1: Collect config failure fixed on IPv6 only VPS. # - v0.78: Script tries to handles different environments: Direct Public IP, NAT/Router and Local VM only @@ -91,7 +93,7 @@ set -euo pipefail # --- Update Configuration --- -CURRENT_VERSION="0.78.2" +CURRENT_VERSION="0.78.3" SCRIPT_URL="https://raw.githubusercontent.com/buildplan/du_setup/refs/heads/main/du_setup.sh" CHECKSUM_URL="${SCRIPT_URL}.sha256" @@ -137,6 +139,8 @@ DETECTED_MANUFACTURER="" DETECTED_PRODUCT="" IS_CLOUD_PROVIDER=false IS_CONTAINER=false +ENVIRONMENT_TYPE="unknown" +DETECTED_PROVIDER_NAME="" SERVER_IP_V4="Unknown" SERVER_IP_V6="Not available" @@ -246,7 +250,7 @@ print_header() { printf '%s\n' "${CYAN}╔═════════════════════════════════════════════════════════════════╗${NC}" printf '%s\n' "${CYAN}║ ║${NC}" printf '%s\n' "${CYAN}║ DEBIAN/UBUNTU SERVER SETUP AND HARDENING SCRIPT ║${NC}" - printf '%s\n' "${CYAN}║ v0.78.2 | 2025-11-25 ║${NC}" + printf '%s\n' "${CYAN}║ v0.78.3 | 2025-11-25 ║${NC}" printf '%s\n' "${CYAN}║ ║${NC}" printf '%s\n' "${CYAN}╚═════════════════════════════════════════════════════════════════╝${NC}" printf '\n' @@ -5117,16 +5121,30 @@ configure_security_audit() { } final_cleanup() { - print_section "Final System Cleanup" - print_info "Running final system update and cleanup..." - if ! apt-get update -qq; then + print_section "Final System Update & Cleanup" + print_info "Performing final system upgrade (dist-upgrade) and cleanup..." + print_info "This may take a moment. Please wait..." + # Upgrade ALL packages (including kernels) + if ! apt-get update -qq >/dev/null 2>&1; then print_warning "Failed to update package lists during final cleanup." + log "Final apt-get update failed." fi - if ! apt-get upgrade -y -qq || ! apt-get --purge autoremove -y -qq || ! apt-get autoclean -y -qq; then - print_warning "Final system cleanup failed on one or more commands." + if ! DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade -y -qq -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" >> "$LOG_FILE" 2>&1; then + print_warning "Final system upgrade encountered issues. Check log for details." + log "Final apt-get dist-upgrade failed." + else + print_success "System packages (including kernels) upgraded successfully." + log "Final apt-get dist-upgrade completed." + fi + # Final cleanup + print_info "Removing unused packages..." + if ! apt-get --purge autoremove -y -qq >> "$LOG_FILE" 2>&1 || ! apt-get autoclean -y -qq >> "$LOG_FILE" 2>&1; then + print_warning "Cleanup commands encountered minor issues." + else + print_success "Unused packages removed." fi systemctl daemon-reload - print_success "Final system update and cleanup complete." + print_success "Final cleanup complete." log "Final system cleanup completed." } @@ -5277,16 +5295,33 @@ generate_summary() { fi printf '\n' + # --- Environment summary --- print_separator "Environment Information" printf "%-20s %s\n" "Virtualization:" "${DETECTED_VIRT_TYPE:-unknown}" printf "%-20s %s\n" "Manufacturer:" "${DETECTED_MANUFACTURER:-unknown}" printf "%-20s %s\n" "Product:" "${DETECTED_PRODUCT:-unknown}" - if [[ "$IS_CLOUD_PROVIDER" == "true" ]]; then - printf "%-20s %s\n" "Environment:" "${YELLOW}Cloud VPS${NC}" - elif [[ "$DETECTED_VIRT_TYPE" == "none" ]]; then - printf "%-20s %s\n" "Environment:" "${GREEN}Bare Metal${NC}" - else - printf "%-20s %s\n" "Environment:" "${CYAN}Personal VM${NC}" + + printf "%-20s " "Environment:" + case "$ENVIRONMENT_TYPE" in + commercial-cloud) + printf "%sCloud VPS%s\n" "$YELLOW" "$NC" + ;; + bare-metal) + printf "%sBare Metal%s\n" "$GREEN" "$NC" + ;; + uncertain-kvm) + printf "%sGeneric KVM (Likely Cloud VPS)%s\n" "$YELLOW" "$NC" + ;; + personal-vm) + printf "%sPersonal VM%s\n" "$CYAN" "$NC" + ;; + *) + printf "Unknown\n" + ;; + esac + + if [[ -n "$DETECTED_PROVIDER_NAME" ]]; then + printf "%-20s %s\n" "Detected Provider:" "$DETECTED_PROVIDER_NAME" fi printf '\n' From 0733e586510f9b6383af25d3020796c2b256afed Mon Sep 17 00:00:00 2001 From: buildplan Date: Wed, 26 Nov 2025 11:19:34 +0000 Subject: [PATCH 2/5] Improved environment information summary --- du_setup.sh | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/du_setup.sh b/du_setup.sh index 91fdb88..ad2265f 100644 --- a/du_setup.sh +++ b/du_setup.sh @@ -5212,10 +5212,10 @@ generate_summary() { printf " %-15s %s\n" "Admin User:" "$USERNAME" printf " %-15s %s\n" "Hostname:" "$SERVER_NAME" printf " %-15s %s\n" "SSH Port:" "$SSH_PORT" - if [[ "$SERVER_IP_V4" != "unknown" && "$SERVER_IP_V4" != "Unknown" ]]; then + if [[ "${SERVER_IP_V4:-}" != "unknown" && "${SERVER_IP_V4:-}" != "Unknown" ]]; then printf " %-15s %s\n" "Server IPv4:" "$SERVER_IP_V4" fi - if [[ "$SERVER_IP_V6" != "not available" && "$SERVER_IP_V6" != "Not available" ]]; then + if [[ "${SERVER_IP_V6:-}" != "not available" && "${SERVER_IP_V6:-}" != "Not available" ]]; then printf " %-15s %s\n" "Server IPv6:" "$SERVER_IP_V6" fi @@ -5295,12 +5295,27 @@ generate_summary() { fi printf '\n' - # --- Environment summary --- - print_separator "Environment Information" - printf "%-20s %s\n" "Virtualization:" "${DETECTED_VIRT_TYPE:-unknown}" - printf "%-20s %s\n" "Manufacturer:" "${DETECTED_MANUFACTURER:-unknown}" - printf "%-20s %s\n" "Product:" "${DETECTED_PRODUCT:-unknown}" + # --- System & Environment Information --- + print_separator "System & Environment Information" + # OS and Kernel Info + printf "%-20s %s\n" "OS:" "${PRETTY_NAME:-Unknown}" + printf "%-20s %s\n" "Kernel:" "$(uname -r)" + printf "%-20s %s\n" "Uptime:" "$(uptime -p 2>/dev/null || uptime | sed 's/.*up //;s/,.*//')" + + # Hardware/Virtualization Info + printf "%-20s %s\n" "Virtualization:" "${DETECTED_VIRT_TYPE:-unknown}" + if [[ "${DETECTED_MANUFACTURER:-unknown}" != "unknown" ]]; then + printf "%-20s %s\n" "Manufacturer:" "$DETECTED_MANUFACTURER" + fi + if [[ "${DETECTED_PRODUCT:-unknown}" != "unknown" ]]; then + printf "%-20s %s\n" "Product:" "$DETECTED_PRODUCT" + fi + if [[ "${DETECTED_BIOS_VENDOR:-unknown}" != "unknown" ]]; then + printf "%-20s %s\n" "BIOS Vendor:" "$DETECTED_BIOS_VENDOR" + fi + + # Environment Classification printf "%-20s " "Environment:" case "$ENVIRONMENT_TYPE" in commercial-cloud) From 87c241c20892ce20f41d52631f0e71b22d5097f5 Mon Sep 17 00:00:00 2001 From: buildplan Date: Wed, 26 Nov 2025 12:05:18 +0000 Subject: [PATCH 3/5] remove unused veriables --- du_setup.sh | 22 +++++----------------- 1 file changed, 5 insertions(+), 17 deletions(-) diff --git a/du_setup.sh b/du_setup.sh index ad2265f..aa1ed29 100644 --- a/du_setup.sh +++ b/du_setup.sh @@ -137,7 +137,6 @@ SKIP_CLEANUP=false # If true, skip cleanup tasks DETECTED_VIRT_TYPE="" DETECTED_MANUFACTURER="" DETECTED_PRODUCT="" -IS_CLOUD_PROVIDER=false IS_CONTAINER=false ENVIRONMENT_TYPE="unknown" DETECTED_PROVIDER_NAME="" @@ -486,7 +485,6 @@ detect_environment() { DETECTED_MANUFACTURER="$MANUFACTURER" DETECTED_PRODUCT="$PRODUCT" DETECTED_BIOS_VENDOR="${DETECTED_BIOS_VENDOR:-unknown}" - IS_CLOUD_PROVIDER="$IS_CLOUD_VPS" log "Environment detection: VIRT=$VIRT_TYPE, MANUFACTURER=$MANUFACTURER, PRODUCT=$PRODUCT, IS_CLOUD=$IS_CLOUD_VPS, TYPE=$ENVIRONMENT_TYPE" } @@ -5318,21 +5316,11 @@ generate_summary() { # Environment Classification printf "%-20s " "Environment:" case "$ENVIRONMENT_TYPE" in - commercial-cloud) - printf "%sCloud VPS%s\n" "$YELLOW" "$NC" - ;; - bare-metal) - printf "%sBare Metal%s\n" "$GREEN" "$NC" - ;; - uncertain-kvm) - printf "%sGeneric KVM (Likely Cloud VPS)%s\n" "$YELLOW" "$NC" - ;; - personal-vm) - printf "%sPersonal VM%s\n" "$CYAN" "$NC" - ;; - *) - printf "Unknown\n" - ;; + commercial-cloud) printf "%sCloud VPS%s\n" "$YELLOW" "$NC" ;; + bare-metal) printf "%sBare Metal%s\n" "$GREEN" "$NC" ;; + uncertain-kvm) printf "%sGeneric KVM (Likely Cloud VPS)%s\n" "$YELLOW" "$NC" ;; + personal-vm) printf "%sPersonal VM%s\n" "$CYAN" "$NC" ;; + *) printf "Unknown\n" ;; esac if [[ -n "$DETECTED_PROVIDER_NAME" ]]; then From d86e9b1eb8737881c6ada3fe22d11ba08ca30d7a Mon Sep 17 00:00:00 2001 From: buildplan Date: Wed, 26 Nov 2025 13:45:05 +0000 Subject: [PATCH 4/5] checksum v0.78.3 --- du_setup.sh.sha256 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/du_setup.sh.sha256 b/du_setup.sh.sha256 index f9196c2..c31dc46 100644 --- a/du_setup.sh.sha256 +++ b/du_setup.sh.sha256 @@ -1 +1 @@ -8b5af9116fc95b7a3d281ea711f74bd3ea2bee25b0d68101b64fc5b67dbbed59 du_setup.sh +fce60e9f65ec68b353215edf7a7da31caae62edc48944fd8fe6ea9883e95078d du_setup.sh From b7fdd5b456ac92b54bdfa995efa7c23ece8eaf5b Mon Sep 17 00:00:00 2001 From: buildplan Date: Wed, 26 Nov 2025 13:45:50 +0000 Subject: [PATCH 5/5] version and checksum --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index adf64db..ab8a214 100644 --- a/README.md +++ b/README.md @@ -7,9 +7,9 @@ ----- -**Version:** v0.78.2 +**Version:** v0.78.3 -**Last Updated:** 2025-11-25 +**Last Updated:** 2025-11-26 **Compatible With:** @@ -87,12 +87,12 @@ sha256sum du_setup.sh Compare the output hash to the one below. They must match exactly. -`8b5af9116fc95b7a3d281ea711f74bd3ea2bee25b0d68101b64fc5b67dbbed59` +`fce60e9f65ec68b353215edf7a7da31caae62edc48944fd8fe6ea9883e95078d` Or echo the hash to check, it should output: `du_setup.sh: OK` ```bash -echo 8b5af9116fc95b7a3d281ea711f74bd3ea2bee25b0d68101b64fc5b67dbbed59 du_setup.sh | sha256sum --check +echo fce60e9f65ec68b353215edf7a7da31caae62edc48944fd8fe6ea9883e95078d du_setup.sh | sha256sum --check ``` ### 3. Run the Script