External/du_setup
1
0
Fork 0
mirror of https://github.com/buildplan/du_setup.git synced 2025-12-29 16:14:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

revised summary function to inculde kernal hardening

Browse Source
This commit is contained in:
buildplan
2025-07-15 14:03:44 +01:00
parent 96c5042daf
commit 78db1fcb39
1 changed files with 29 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
du_setup.sh
View File

@@ -2144,8 +2144,10 @@ final_cleanup() {
} }
generate_summary() { generate_summary() {
# Create the report file and set permissions first
touch "$REPORT_FILE" && chmod 600 "$REPORT_FILE" touch "$REPORT_FILE" && chmod 600 "$REPORT_FILE"
# Using a subshell to group all output and tee it to the report file
( (
print_section "Setup Complete!" print_section "Setup Complete!"
@@ -2155,37 +2157,49 @@ generate_summary() {
echo echo
echo -e "${YELLOW}Final Service Status Check:${NC}" echo -e "${YELLOW}Final Service Status Check:${NC}"
# --- Service Checks ---
for service in "$SSH_SERVICE" fail2ban chrony; do for service in "$SSH_SERVICE" fail2ban chrony; do
if systemctl is-active --quiet "$service"; then if systemctl is-active --quiet "$service"; then
printf " %-20s ${GREEN}✓ Active${NC}\n" "$service" printf " %-20s ${GREEN}✓ Active${NC}\n" "$service"
else else
printf " %-20s ${RED}✗ INACTIVE${NC}\n" "$service" printf " %-20s ${RED}✗ INACTIVE${NC}\n" "$service"
FAILED_SERVICES+=("$service")
fi fi
done done
if ufw status | grep -q "Status: active"; then if ufw status | grep -q "Status: active"; then
printf " %-20s ${GREEN}✓ Active${NC}\n" "ufw (firewall)" printf " %-20s ${GREEN}✓ Active${NC}\n" "ufw (firewall)"
else else
printf " %-20s ${RED}✗ INACTIVE${NC}\n" "ufw (firewall)" printf " %-20s ${RED}✗ INACTIVE${NC}\n" "ufw (firewall)"
FAILED_SERVICES+=("ufw")
fi fi
if command -v docker >/dev/null 2>&1; then if command -v docker >/dev/null 2>&1; then
if systemctl is-active --quiet docker; then if systemctl is-active --quiet docker; then
printf " %-20s ${GREEN}✓ Active${NC}\n" "docker" printf " %-20s ${GREEN}✓ Active${NC}\n" "docker"
else else
printf " %-20s ${RED}✗ INACTIVE${NC}\n" "docker" printf " %-20s ${RED}✗ INACTIVE${NC}\n" "docker"
FAILED_SERVICES+=("docker")
fi fi
fi fi
if command -v tailscale >/dev/null 2>&1; then if command -v tailscale >/dev/null 2>&1; then
if systemctl is-active --quiet tailscaled; then if systemctl is-active --quiet tailscaled && tailscale ip >/dev/null 2>&1; then
if tailscale ip >/dev/null 2>&1; then printf " %-20s ${GREEN}✓ Active & Connected${NC}\n" "tailscaled"
printf " %-20s ${GREEN}✓ Active & Connected${NC}\n" "tailscaled" tailscale ip 2>/dev/null > /tmp/tailscale_ips.txt || true
else
printf " %-20s ${YELLOW}⚠ Active but not connected${NC}\n" "tailscaled"
fi
else else
printf " %-20s ${RED}✗ INACTIVE${NC}\n" "tailscaled" if grep -q "Tailscale connection failed: tailscale up" "$LOG_FILE"; then
printf " %-20s ${RED}✗ INACTIVE (Connection Failed)${NC}\n" "tailscaled"
FAILED_SERVICES+=("tailscaled")
TS_COMMAND=$(grep "Tailscale connection failed: tailscale up" "$LOG_FILE" | tail -1 | sed 's/.*Tailscale connection failed: //')
TS_COMMAND=${TS_COMMAND:-""}
else
printf " %-20s ${YELLOW}⚠ Installed but not configured${NC}\n" "tailscaled"
TS_COMMAND=""
fi
fi fi
fi fi
if [[ "${AUDIT_RAN:-false}" == true ]]; then
printf " %-20s ${GREEN}✓ Performed${NC}\n" "Security Audit"
else
printf " %-20s ${YELLOW}⚠ Not Performed${NC}\n" "Security Audit"
fi
echo echo
# --- Main Configuration Summary --- # --- Main Configuration Summary ---
@@ -2255,11 +2269,11 @@ generate_summary() {
fi fi
# --- Security Audit Summary --- # --- Security Audit Summary ---
if [[ "$AUDIT_RAN" == true ]]; then if [[ "${AUDIT_RAN:-false}" == true ]]; then
echo -e " Security Audit: ${GREEN}Performed${NC}" echo -e " Security Audit: ${GREEN}Performed${NC}"
printf " %-17s%s\n" "- Audit Log:" "$AUDIT_LOG" printf " %-17s%s\n" "- Audit Log:" "${AUDIT_LOG:-N/A}"
printf " %-17s%s\n" "- Hardening Index:" "${HARDENING_INDEX:-Unknown}" printf " %-17s%s\n" "- Hardening Index:" "${HARDENING_INDEX:-Unknown}"
printf " %-17s%s\n" "- Vulnerabilities:" "$DEBSECAN_VULNS" printf " %-17s%s\n" "- Vulnerabilities:" "${DEBSECAN_VULNS:-N/A}"
else else
echo -e " Security Audit: ${RED}Not run${NC}" echo -e " Security Audit: ${RED}Not run${NC}"
fi fi
@@ -2285,9 +2299,9 @@ generate_summary() {
printf " %-23s ${CYAN}%s${NC}\n" "- Test backup:" "sudo /root/run_backup.sh" printf " %-23s ${CYAN}%s${NC}\n" "- Test backup:" "sudo /root/run_backup.sh"
printf " %-23s ${CYAN}%s${NC}\n" "- Check logs:" "sudo less $BACKUP_LOG" printf " %-23s ${CYAN}%s${NC}\n" "- Check logs:" "sudo less $BACKUP_LOG"
fi fi
if [[ "$AUDIT_RAN" == true ]]; then if [[ "${AUDIT_RAN:-false}" == true ]]; then
echo -e " Security Audit:" echo -e " Security Audit:"
printf " %-23s ${CYAN}%s${NC}\n" "- Check results:" "sudo less $AUDIT_LOG" printf " %-23s ${CYAN}%s${NC}\n" "- Check results:" "sudo less ${AUDIT_LOG:-/var/log/syslog}"
fi fi
echo echo
@@ -2295,11 +2309,11 @@ generate_summary() {
if [[ ${#FAILED_SERVICES[@]} -gt 0 ]]; then if [[ ${#FAILED_SERVICES[@]} -gt 0 ]]; then
print_warning "ACTION REQUIRED: The following services failed: ${FAILED_SERVICES[*]}. Verify with 'systemctl status <service>'." print_warning "ACTION REQUIRED: The following services failed: ${FAILED_SERVICES[*]}. Verify with 'systemctl status <service>'."
fi fi
if [[ -n "$TS_COMMAND" ]]; then if [[ -n "${TS_COMMAND:-}" ]]; then
print_warning "ACTION REQUIRED: Tailscale connection failed. Run the following command to connect manually:" print_warning "ACTION REQUIRED: Tailscale connection failed. Run the following command to connect manually:"
echo -e "${CYAN} $TS_COMMAND${NC}" echo -e "${CYAN} $TS_COMMAND${NC}"
fi fi
if [[ -f /root/run_backup.sh ]] && [[ "$KEY_COPY_CHOICE" != "1" ]]; then if [[ -f /root/run_backup.sh ]] && [[ "${KEY_COPY_CHOICE:-2}" != "1" ]]; then
print_warning "ACTION REQUIRED: Ensure the root SSH key (/root/.ssh/id_ed25519.pub) is copied to the backup destination." print_warning "ACTION REQUIRED: Ensure the root SSH key (/root/.ssh/id_ed25519.pub) is copied to the backup destination."
fi fi