Add SHA256 integrity verification

2025-12-17 09:45:26 +00:00 · 2025-06-29 21:29:44 +01:00 · 2025-06-29 21:29:44 +01:00 · 573a57159d
commit 573a57159d
parent 91720a8f78
3 changed files with 20 additions and 8 deletions
--- a/README.md
+++ b/README.md
@ -1,6 +1,6 @@
 # Debian & Ubuntu Server Setup & Hardening Script

-**Version:** 4.2
+**Version:** 4.3

 **Last Updated:** 2025-06-29

@ -45,20 +45,20 @@ This script automates the initial setup and security hardening of a fresh Debian

 ### 1. Download the Script

-```bash
+```
 wget https://raw.githubusercontent.com/buildplan/setup_harden_server/refs/heads/main/setup_harden_debian_ubuntu.sh
 chmod +x setup_harden_debian_ubuntu.sh
 ```

 ### 2. Run Interactively (Recommended)

-```bash
+```
 sudo ./setup_harden_debian_ubuntu.sh
 ```

 ### 3. Run in Quiet Mode (for Automation)

-```bash
+```
 sudo ./setup_harden_debian_ubuntu.sh --quiet
 ```

@ -66,6 +66,17 @@ sudo ./setup_harden_debian_ubuntu.sh --quiet
 >
 > Ensure your VPS provider’s firewall allows the custom SSH port, backup server’s SSH port (e.g., 23 for Hetzner Storage Box), and Tailscale traffic (UDP 41641 for direct connections).

+### Verify Script Integrity (Optional but Recommended)
+
+After downloading the script, verify its integrity:
+
+```
+wget https://raw.githubusercontent.com/buildplan/setup_harden_server/main/setup_harden_debian_ubuntu.sh
+wget https://raw.githubusercontent.com/buildplan/setup_harden_server/main/setup_harden_debian_ubuntu.sh.sha256
+
+sha256sum -c setup_harden_debian_ubuntu.sh.sha256
+```
+
 ## What It Does

 | Task | Description |
@ -237,4 +248,4 @@ If Tailscale fails to connect:

 ## [MIT](https://github.com/buildplan/setup_harden_server/blob/main/LICENSE) License

-This script is open-source and provided "as is" without warranty. Use at your own risk.
+This script is open-source and provided "as is" without warranty. Use at your own risk.
--- a/setup_harden_debian_ubuntu.sh
+++ b/setup_harden_debian_ubuntu.sh
@ -1,8 +1,9 @@
 #!/bin/bash

 # Debian 12 and Ubuntu Server Hardening Interactive Script
-# Version: 4.2 | 2025-06-29
+# Version: 4.3 | 2025-06-29
 # Changelog:
+# - v4.3: Add SHA256 integrity verification
 # - v4.2: Added Security Audit Tools (Integrating Lynis and Optionally Debsecan) & option to do Backup Testing
 #	  Fixed debsecan compatibility (Debian-only), added global BACKUP_LOG, added backup testing
 # - v4.1: Added tailscale config to connect to tailscale or headscale server
@ -87,7 +88,7 @@ print_header() {
    echo -e "${CYAN}╔═════════════════════════════════════════════════════════════════╗${NC}"
    echo -e "${CYAN}║                                                                 ║${NC}"
    echo -e "${CYAN}║       DEBIAN/UBUNTU SERVER SETUP AND HARDENING SCRIPT           ║${NC}"
-    echo -e "${CYAN}║                     v4.2 | 2025-06-29                           ║${NC}"
+    echo -e "${CYAN}║                     v4.3 | 2025-06-29                           ║${NC}"
    echo -e "${CYAN}║                                                                 ║${NC}"
    echo -e "${CYAN}╚═════════════════════════════════════════════════════════════════╝${NC}"
    echo
--- a/setup_harden_debian_ubuntu.sh.sha256
+++ b/setup_harden_debian_ubuntu.sh.sha256
@ -1 +1 @@
-544da099cf092741fc02c3c06b130ea1535e89ef65f9bd18f9afa8142773050f  setup_harden_debian_ubuntu.sh
+f92a4a494689d7c9d6bc42a87ce6a325f1d40099cf1b8f3cb29c8eea9e3f6ce2  setup_harden_debian_ubuntu.sh