Update README.md

2025-12-29 16:14:59 +00:00 · 2025-06-27 19:35:27 +01:00
parent 64bab89f17
commit 3c0844de2e
1 changed files with 29 additions and 24 deletions
--- a/README.md
+++ b/README.md
@@ -1,14 +1,15 @@
 # Debian & Ubuntu Server Setup & Hardening Script
-**Version:** 3.12
+**Version:** 3.13
 **Last Updated:** 2025-06-27
 **Compatible With:**
 - Debian 12
 - Ubuntu 22.04, 24.04, 24.10
---
+* * *
 ## Overview
@@ -16,7 +17,7 @@ This script automates the initial setup and security hardening of a fresh Debian
 It runs interactively, guiding the user through critical choices while automating the tedious but essential steps of securing a new server.
---
+* * *
 ## Features
@@ -28,12 +29,12 @@ It runs interactively, guiding the user through critical choices while automatin
 - **System Stability:** Sets up NTP time synchronization with `chrony` and can configure a swap file for systems with low RAM.
 - **Safety First:** Automatically backs up all critical configuration files before modification, with simple restoration instructions.
 - **Optional Software:** Provides optional, interactive installation for:
-  - Docker & Docker Compose
+    - Docker & Docker Compose
-  - Tailscale (Mesh VPN)
+    - Tailscale (Mesh VPN)
 - **Comprehensive Logging:** All actions are logged to `/var/log/setup_harden_debian_ubuntu_*.log`.
 - **Automation-Friendly:** Includes a `--quiet` mode to suppress non-essential output for use in automated provisioning workflows.
---
+* * *
 ## Installation & Usage
@@ -43,14 +44,14 @@ It runs interactively, guiding the user through critical choices while automatin
 - Root or `sudo` privileges.
 - Internet access for downloading packages.
-### 1. Download the Script
+### 1\. Download the Script
 ```
 wget https://raw.githubusercontent.com/buildplan/setup_harden_server/refs/heads/main/setup_harden_debian_ubuntu.sh
 chmod +x setup_harden_debian_ubuntu.sh
 ```
-### 2. Run the Script Interactively
+### 2\. Run the Script Interactively
 It is highly recommended to run the script interactively the first time.
@@ -58,40 +59,42 @@ It is highly recommended to run the script interactively the first time.
 sudo ./setup_harden_debian_ubuntu.sh
 ```
-### 3. Run in Quiet Mode (for automation - not recmmended)
+### 3\. Run in Quiet Mode (for automation - not recmmended)
 ```
 sudo ./setup_harden_debian_ubuntu.sh --quiet
 ```
 > :warning: **Critical Safety Check:** The script will pause and require you to test your new SSH connection from a separate terminal before it proceeds to disable old access methods. **Do not skip this step!**
 > 
 > *Make sure to check VPS providers firewall, you will have to open your selected custom SSH port there.*
---
+* * *
 ## What It Does in Detail
-| Task                    | Description                                                                 |
+| Task | Description |
-| ----------------------- | --------------------------------------------------------------------------- |
+| --- | --- |
-| **System Checks** | Verifies OS compatibility, root privileges, and internet connectivity.      |
+| **System Checks** | Verifies OS compatibility, root privileges, and internet connectivity. |
 | **Package Management** | Updates all packages and installs essential tools (`ufw`, `fail2ban`, `chrony`, etc.). |
 | **Admin User Creation** | Creates a new `sudo` user with a password and/or a provided SSH public key. |
-| **SSH Hardening** | Disables root login, enforces key-based auth, and sets a custom port.       |
+| **SSH Hardening** | Disables root login, enforces key-based auth, and sets a custom port. |
 | **Firewall Setup** | Configures UFW to deny incoming traffic by default and allow specific ports. |
-| **System Backups** | Creates timestamped backups of configs in `/root/` before modification.    |
+| **System Backups** | Creates timestamped backups of configs in `/root/` before modification. |
-| **Swap File Setup** | (Optional) Creates a swap file with a user-selected size.                  |
+| **Swap File Setup** | (Optional) Creates a swap file with a user-selected size. |
-| **Timezone & Locales** | (Optional) Interactive configuration for timezone and system locales.       |
+| **Timezone & Locales** | (Optional) Interactive configuration for timezone and system locales. |
 | **Docker Install** | (Optional) Installs and configures Docker Engine and adds the user to the `docker` group. |
-| **Tailscale Install** | (Optional) Installs the Tailscale client.                                   |
+| **Tailscale Install** | (Optional) Installs the Tailscale client. |
-| **Final Cleanup** | Removes unused packages and reloads system daemons.                         |
+| **Final Cleanup** | Removes unused packages and reloads system daemons. |
---
+* * *
 ## Logs & Backups
 - **Log Files:** `/var/log/setup_harden_debian_ubuntu_*.log`
 - **Configuration Backups:** `/root/setup_harden_backup_*`
---
+* * *
 ## Tested On
@@ -99,7 +102,7 @@ sudo ./setup_harden_debian_ubuntu.sh --quiet
 - Ubuntu 24.04 and 24.10
 - Cloud providers (DigitalOcean, Oracle Cloud, Hetzner, Netcup) and local VMs.
---
+* * *
 ## :exclamation: Important Notes
@@ -108,7 +111,7 @@ sudo ./setup_harden_debian_ubuntu.sh --quiet
 - Always test the script in a non-production environment (like a staging VM) before deploying to a live server.
 - Ensure you have out-of-band console access to your server in case you accidentally lock yourself out.
---
+* * *
 ## Troubleshooting
@@ -117,12 +120,14 @@ sudo ./setup_harden_debian_ubuntu.sh --quiet
 If you are locked out of SSH, use your provider's web console to perform the following steps:
 1.  **Remove the hardened configuration:**
    ```
    # This file overrides the main config, so it must be removed.
    rm /etc/ssh/sshd_config.d/99-hardening.conf
    ```
-
+    
 2.  **Restore the original `sshd_config` file:**
    ```
    # Find the latest backup directory
    LATEST_BACKUP=$(ls -td /root/setup_harden_backup_* | head -1)