mirror of
https://github.com/buildplan/du_setup.git
synced 2025-12-29 16:14:59 +00:00
Merge pull request #50 from buildplan/ip_address
Display both IPv6 and IPv4, while configuring and in the summary
This commit is contained in:
buildplan
@@ -7,9 +7,9 @@
|
||||
[](https://www.gnu.org/software/bash/)
|
||||
[](https://github.com/buildplan/du_setup)
|
||||
|
||||
**Version:** v0.65
|
||||
**Version:** v0.66
|
||||
|
||||
**Last Updated:** 2025-08-19
|
||||
**Last Updated:** 2025-08-26
|
||||
|
||||
**Compatible With:**
|
||||
|
||||
@@ -83,12 +83,12 @@ sha256sum du_setup.sh
|
||||
|
||||
Compare the output hash to the one below. They must match exactly.
|
||||
|
||||
`5b6b07eaa69643d2928d9bdcb847d74ac8d4a31d80be64b5b43efc33f10a9567`
|
||||
`552a23eb55417266e1b8c048f80b81323630c9dadbacdbf0fb1e3781cb5978b1`
|
||||
|
||||
Or echo the hash to check, it should output: `du_setup.sh: OK`
|
||||
|
||||
```
|
||||
echo 5b6b07eaa69643d2928d9bdcb847d74ac8d4a31d80be64b5b43efc33f10a9567 du_setup.sh | sha256sum --check -
|
||||
echo 552a23eb55417266e1b8c048f80b81323630c9dadbacdbf0fb1e3781cb5978b1 du_setup.sh | sha256sum --check -
|
||||
```
|
||||
|
||||
### 3\. Run the Script
|
||||
|
||||
94
du_setup.sh
94
du_setup.sh
@@ -1,8 +1,9 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Debian and Ubuntu Server Hardening Interactive Script
|
||||
# Version: 0.65 | 2025-08-19
|
||||
# Version: 0.66 | 2025-08-26
|
||||
# Changelog:
|
||||
# - v0.66: While configuring and in the summary, display both IPv6 and IPv4.
|
||||
# - v0.65: If reconfigure locales - appy newly configured locale to the current environment.
|
||||
# - v0.64: Tested at Debian 13 to confirm it works as expected
|
||||
# - v0.63: Added ssh install in key packages
|
||||
@@ -65,7 +66,7 @@
|
||||
set -euo pipefail # Exit on error, undefined vars, pipe failures
|
||||
|
||||
# --- Update Configuration ---
|
||||
CURRENT_VERSION="0.65"
|
||||
CURRENT_VERSION="0.66"
|
||||
SCRIPT_URL="https://raw.githubusercontent.com/buildplan/du_setup/refs/heads/main/du_setup.sh"
|
||||
CHECKSUM_URL="${SCRIPT_URL}.sha256"
|
||||
|
||||
@@ -126,7 +127,7 @@ print_header() {
|
||||
echo -e "${CYAN}╔═════════════════════════════════════════════════════════════════╗${NC}"
|
||||
echo -e "${CYAN}║ ║${NC}"
|
||||
echo -e "${CYAN}║ DEBIAN/UBUNTU SERVER SETUP AND HARDENING SCRIPT ║${NC}"
|
||||
echo -e "${CYAN}║ v0.65 | 2025-08-19 ║${NC}"
|
||||
echo -e "${CYAN}║ v0.66 | 2025-08-26 ║${NC}"
|
||||
echo -e "${CYAN}║ ║${NC}"
|
||||
echo -e "${CYAN}╚═════════════════════════════════════════════════════════════════╝${NC}"
|
||||
echo
|
||||
@@ -446,15 +447,26 @@ collect_config() {
|
||||
SSH_PORT=${SSH_PORT:-2222}
|
||||
if validate_port "$SSH_PORT"; then break; else print_error "Invalid port number."; fi
|
||||
done
|
||||
SERVER_IP=$(curl -s https://ifconfig.me 2>/dev/null || echo "unknown")
|
||||
print_info "Detected server IP: $SERVER_IP"
|
||||
SERVER_IP_V4=$(curl -4 -s https://ifconfig.me 2>/dev/null || echo "unknown")
|
||||
SERVER_IP_V6=$(curl -6 -s https://ifconfig.me 2>/dev/null || echo "not available")
|
||||
if [[ "$SERVER_IP_V4" != "unknown" ]]; then
|
||||
print_info "Detected server IPv4: $SERVER_IP_V4"
|
||||
fi
|
||||
if [[ "$SERVER_IP_V6" != "not available" ]]; then
|
||||
print_info "Detected server IPv6: $SERVER_IP_V6"
|
||||
fi
|
||||
echo -e "\n${YELLOW}Configuration Summary:${NC}"
|
||||
echo -e " Username: $USERNAME"
|
||||
echo -e " Hostname: $SERVER_NAME"
|
||||
echo -e " SSH Port: $SSH_PORT"
|
||||
echo -e " Server IP: $SERVER_IP"
|
||||
printf " %-15s %s\n" "Username:" "$USERNAME"
|
||||
printf " %-15s %s\n" "Hostname:" "$SERVER_NAME"
|
||||
printf " %-15s %s\n" "SSH Port:" "$SSH_PORT"
|
||||
if [[ "$SERVER_IP_V4" != "unknown" ]]; then
|
||||
printf " %-15s %s\n" "Server IPv4:" "$SERVER_IP_V4"
|
||||
fi
|
||||
if [[ "$SERVER_IP_V6" != "not available" ]]; then
|
||||
printf " %-15s %s\n" "Server IPv6:" "$SERVER_IP_V6"
|
||||
fi
|
||||
if ! confirm "\nContinue with this configuration?" "y"; then print_info "Exiting."; exit 0; fi
|
||||
log "Configuration collected: USER=$USERNAME, HOST=$SERVER_NAME, PORT=$SSH_PORT"
|
||||
log "Configuration collected: USER=$USERNAME, HOST=$SERVER_NAME, PORT=$SSH_PORT, IPV4=$SERVER_IP_V4, IPV6=$SERVER_IP_V6"
|
||||
}
|
||||
|
||||
install_packages() {
|
||||
@@ -621,7 +633,12 @@ setup_user() {
|
||||
echo -e "${CYAN}3. On your local machine, set permissions for the private key:${NC}"
|
||||
echo -e "${CYAN} chmod 600 ~/.ssh/${USERNAME}_key${NC}"
|
||||
echo -e "${CYAN}4. Connect to the server using:${NC}"
|
||||
echo -e "${CYAN} ssh -i ~/.ssh/${USERNAME}_key -p $SSH_PORT $USERNAME@$SERVER_IP${NC}"
|
||||
if [[ "$SERVER_IP_V4" != "unknown" ]]; then
|
||||
echo -e "${CYAN} ssh -i ~/.ssh/${USERNAME}_key -p $SSH_PORT $USERNAME@$SERVER_IP_V4${NC}"
|
||||
fi
|
||||
if [[ "$SERVER_IP_V6" != "not available" ]]; then
|
||||
echo -e "${CYAN} ssh -i ~/.ssh/${USERNAME}_key -p $SSH_PORT $USERNAME@$SERVER_IP_V6${NC}"
|
||||
fi
|
||||
echo
|
||||
echo -e "${PURPLE}ℹ The private key file ($TEMP_KEY_FILE) will be deleted after this step.${NC}"
|
||||
read -rp "$(echo -e "${CYAN}Press Enter after you have saved the keys securely...${NC}")"
|
||||
@@ -778,7 +795,14 @@ configure_ssh() {
|
||||
fi
|
||||
|
||||
print_warning "SSH Key Authentication Required for Next Steps!"
|
||||
echo -e "${CYAN}Test SSH access from a SEPARATE terminal now: ssh -p $CURRENT_SSH_PORT $USERNAME@$SERVER_IP${NC}"
|
||||
echo -e "${CYAN}Test SSH access from a SEPARATE terminal now:${NC}"
|
||||
if [[ "$SERVER_IP_V4" != "unknown" ]]; then
|
||||
echo -e "${CYAN} Using IPv4: ssh -p $CURRENT_SSH_PORT $USERNAME@$SERVER_IP_V4${NC}"
|
||||
fi
|
||||
if [[ "$SERVER_IP_V6" != "not available" ]]; then
|
||||
echo -e "${CYAN} Using IPv6: ssh -p $CURRENT_SSH_PORT $USERNAME@$SERVER_IP_V6${NC}"
|
||||
fi
|
||||
|
||||
if ! confirm "Can you successfully log in using your SSH key?"; then
|
||||
print_error "SSH key authentication is mandatory to proceed."
|
||||
return 1
|
||||
@@ -841,7 +865,12 @@ EOF
|
||||
fi
|
||||
|
||||
print_warning "CRITICAL: Test new SSH connection in a SEPARATE terminal NOW!"
|
||||
print_info "Use: ssh -p $SSH_PORT $USERNAME@$SERVER_IP"
|
||||
if [[ "$SERVER_IP_V4" != "unknown" ]]; then
|
||||
print_info "Use IPv4: ssh -p $SSH_PORT $USERNAME@$SERVER_IP_V4"
|
||||
fi
|
||||
if [[ "$SERVER_IP_V6" != "not available" ]]; then
|
||||
print_info "Use IPv6: ssh -p $SSH_PORT $USERNAME@$SERVER_IP_V6"
|
||||
fi
|
||||
|
||||
# Retry loop for SSH connection test
|
||||
local retry_count=0
|
||||
@@ -2320,10 +2349,15 @@ generate_summary() {
|
||||
|
||||
# --- Main Configuration Summary ---
|
||||
echo -e "${YELLOW}Configuration Summary:${NC}"
|
||||
printf " %-20s%s\n" "Admin User:" "$USERNAME"
|
||||
printf " %-20s%s\n" "Hostname:" "$SERVER_NAME"
|
||||
printf " %-20s%s\n" "SSH Port:" "$SSH_PORT"
|
||||
printf " %-20s%s\n" "Server IP:" "$SERVER_IP"
|
||||
printf " %-15s %s\n" "Admin User:" "$USERNAME"
|
||||
printf " %-15s %s\n" "Hostname:" "$SERVER_NAME"
|
||||
printf " %-15s %s\n" "SSH Port:" "$SSH_PORT"
|
||||
if [[ "$SERVER_IP_V4" != "unknown" ]]; then
|
||||
printf " %-15s %s\n" "Server IPv4:" "$SERVER_IP_V4"
|
||||
fi
|
||||
if [[ "$SERVER_IP_V6" != "not available" ]]; then
|
||||
printf " %-15s %s\n" "Server IPv6:" "$SERVER_IP_V6"
|
||||
fi
|
||||
|
||||
# --- Kernel Hardening Status ---
|
||||
if [[ -f /etc/sysctl.d/99-du-hardening.conf ]]; then
|
||||
@@ -2399,20 +2433,26 @@ generate_summary() {
|
||||
fi
|
||||
echo
|
||||
|
||||
# --- Post-Reboot Verification ---
|
||||
# --- Post-Reboot Verification Steps ---
|
||||
echo -e "${YELLOW}Post-Reboot Verification Steps:${NC}"
|
||||
printf " %-25s ${CYAN}%s${NC}\n" "- SSH access:" "ssh -p $SSH_PORT $USERNAME@$SERVER_IP"
|
||||
printf " %-25s ${CYAN}%s${NC}\n" "- Firewall rules:" "sudo ufw status verbose"
|
||||
printf " %-25s ${CYAN}%s${NC}\n" "- Time sync:" "chronyc tracking"
|
||||
printf " %-25s ${CYAN}%s${NC}\n" "- Fail2Ban sshd jail:" "sudo fail2ban-client status sshd"
|
||||
printf " %-25s ${CYAN}%s${NC}\n" "- Fail2Ban ufw jail:" "sudo fail2ban-client status ufw-probes"
|
||||
printf " %-25s ${CYAN}%s${NC}\n" "- Swap status:" "sudo swapon --show && free -h"
|
||||
printf " %-25s ${CYAN}%s${NC}\n" "- Kernel settings:" "sudo sysctl fs.protected_hardlinks kernel.yama.ptrace_scope"
|
||||
echo -e " - SSH access:"
|
||||
if [[ "$SERVER_IP_V4" != "unknown" ]]; then
|
||||
printf " %-26s ${CYAN}%s${NC}\n" "- Using IPv4:" "ssh -p $SSH_PORT $USERNAME@$SERVER_IP_V4"
|
||||
fi
|
||||
if [[ "$SERVER_IP_V6" != "not available" ]]; then
|
||||
printf " %-26s ${CYAN}%s${NC}\n" "- Using IPv6:" "ssh -p $SSH_PORT $USERNAME@$SERVER_IP_V6"
|
||||
fi
|
||||
printf " %-28s ${CYAN}%s${NC}\n" "- Firewall rules:" "sudo ufw status verbose"
|
||||
printf " %-28s ${CYAN}%s${NC}\n" "- Time sync:" "chronyc tracking"
|
||||
printf " %-28s ${CYAN}%s${NC}\n" "- Fail2Ban sshd jail:" "sudo fail2ban-client status sshd"
|
||||
printf " %-28s ${CYAN}%s${NC}\n" "- Fail2Ban ufw jail:" "sudo fail2ban-client status ufw-probes"
|
||||
printf " %-28s ${CYAN}%s${NC}\n" "- Swap status:" "sudo swapon --show && free -h"
|
||||
printf " %-28s ${CYAN}%s${NC}\n" "- Kernel settings:" "sudo sysctl fs.protected_hardlinks kernel.yama.ptrace_scope"
|
||||
if command -v docker >/dev/null 2>&1; then
|
||||
printf " %-25s ${CYAN}%s${NC}\n" "- Docker status:" "docker ps"
|
||||
printf " %-28s ${CYAN}%s${NC}\n" "- Docker status:" "docker ps"
|
||||
fi
|
||||
if command -v tailscale >/dev/null 2>&1; then
|
||||
printf " %-25s ${CYAN}%s${NC}\n" "- Tailscale status:" "tailscale status"
|
||||
printf " %-28s ${CYAN}%s${NC}\n" "- Tailscale status:" "tailscale status"
|
||||
fi
|
||||
if [[ -f /root/run_backup.sh ]]; then
|
||||
echo -e " Remote Backup:"
|
||||
|
||||
@@ -1 +1 @@
|
||||
5b6b07eaa69643d2928d9bdcb847d74ac8d4a31d80be64b5b43efc33f10a9567 du_setup.sh
|
||||
552a23eb55417266e1b8c048f80b81323630c9dadbacdbf0fb1e3781cb5978b1 du_setup.sh
|
||||
|
||||
Reference in New Issue
Block a user