Add SHA256 integrity verification

README.md

@@ -1,6 +1,6 @@
 # Debian & Ubuntu Server Setup & Hardening Script
 
-**Version:** 4.2
+**Version:** 4.3
 
 **Last Updated:** 2025-06-29
 
@@ -45,20 +45,20 @@ This script automates the initial setup and security hardening of a fresh Debian
 
 ### 1. Download the Script
 
-```bash
+```
 wget https://raw.githubusercontent.com/buildplan/setup_harden_server/refs/heads/main/setup_harden_debian_ubuntu.sh
 chmod +x setup_harden_debian_ubuntu.sh
 ```
 
 ### 2. Run Interactively (Recommended)
 
-```bash
+```
 sudo ./setup_harden_debian_ubuntu.sh
 ```
 
 ### 3. Run in Quiet Mode (for Automation)
 
-```bash
+```
 sudo ./setup_harden_debian_ubuntu.sh --quiet
 ```
 
@@ -66,6 +66,17 @@ sudo ./setup_harden_debian_ubuntu.sh --quiet
 >
 > Ensure your VPS provider’s firewall allows the custom SSH port, backup server’s SSH port (e.g., 23 for Hetzner Storage Box), and Tailscale traffic (UDP 41641 for direct connections).
 
+### Verify Script Integrity (Optional but Recommended)
+
+After downloading the script, verify its integrity:
+
+```
+wget https://raw.githubusercontent.com/buildplan/setup_harden_server/main/setup_harden_debian_ubuntu.sh
+wget https://raw.githubusercontent.com/buildplan/setup_harden_server/main/setup_harden_debian_ubuntu.sh.sha256
+
+sha256sum -c setup_harden_debian_ubuntu.sh.sha256
+```
+
 ## What It Does
 
 | Task | Description |

setup_harden_debian_ubuntu.sh

@@ -1,8 +1,9 @@
 #!/bin/bash
 
 # Debian 12 and Ubuntu Server Hardening Interactive Script
-# Version: 4.2 | 2025-06-29
+# Version: 4.3 | 2025-06-29
 # Changelog:
+# - v4.3: Add SHA256 integrity verification
 # - v4.2: Added Security Audit Tools (Integrating Lynis and Optionally Debsecan) & option to do Backup Testing
 #	  Fixed debsecan compatibility (Debian-only), added global BACKUP_LOG, added backup testing
 # - v4.1: Added tailscale config to connect to tailscale or headscale server
@@ -87,7 +88,7 @@ print_header() {
     echo -e "${CYAN}╔═════════════════════════════════════════════════════════════════╗${NC}"
     echo -e "${CYAN}║                                                                 ║${NC}"
     echo -e "${CYAN}║       DEBIAN/UBUNTU SERVER SETUP AND HARDENING SCRIPT           ║${NC}"
-    echo -e "${CYAN}║                     v4.2 | 2025-06-29                           ║${NC}"
+    echo -e "${CYAN}║                     v4.3 | 2025-06-29                           ║${NC}"
     echo -e "${CYAN}║                                                                 ║${NC}"
     echo -e "${CYAN}╚═════════════════════════════════════════════════════════════════╝${NC}"
     echo

setup_harden_debian_ubuntu.sh.sha256

@@ -1 +1 @@
-544da099cf092741fc02c3c06b130ea1535e89ef65f9bd18f9afa8142773050f  setup_harden_debian_ubuntu.sh
+f92a4a494689d7c9d6bc42a87ce6a325f1d40099cf1b8f3cb29c8eea9e3f6ce2  setup_harden_debian_ubuntu.sh