From ed192077e120239cec20436278a334008312d204 Mon Sep 17 00:00:00 2001
From: Ali Sufyan <alisufyan@Alis-MacBook-Air.local>
Date: Sun, 3 Aug 2025 22:57:35 +0100
Subject: [PATCH 1/5] Display Lynis suggestions and hide tailscale auth key

---
 du_setup.sh | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/du_setup.sh b/du_setup.sh
index c6d98a2..f7b873f 100644
--- a/du_setup.sh
+++ b/du_setup.sh
@@ -3,6 +3,7 @@
 # Debian 12 and Ubuntu Server Hardening Interactive Script
 # Version: 0.60 | 2025-07-15
 # Changelog:
+# - v0.61: Display Lynis suggestions in summary and hide tailscale auth key
 # - v0.60: CI for shellcheck
 # - v0.59: Add a new optional function that applies a set of recommended sysctl security settings to harden the kernel.
 #          Script can now check for update and can run self-update.
@@ -121,7 +122,7 @@ print_header() {
     echo -e "${CYAN}╔═════════════════════════════════════════════════════════════════╗${NC}"
     echo -e "${CYAN}║                                                                 ║${NC}"
     echo -e "${CYAN}║       DEBIAN/UBUNTU SERVER SETUP AND HARDENING SCRIPT           ║${NC}"
-    echo -e "${CYAN}║                      v0.60 | 2025-07-15                         ║${NC}"
+    echo -e "${CYAN}║                      v0.61 | 2025-08-03                         ║${NC}"
     echo -e "${CYAN}║                                                                 ║${NC}"
     echo -e "${CYAN}╚═════════════════════════════════════════════════════════════════╝${NC}"
     echo
@@ -1434,7 +1435,8 @@ install_tailscale() {
         done
     fi
     while true; do
-        read -rp "$(echo -e "${CYAN}Enter Tailscale pre-auth key: ${NC}")" AUTH_KEY
+        read -sp "$(echo -e "${CYAN}Enter Tailscale pre-auth key: ${NC}")" AUTH_KEY
+        echo
         if [[ "$TS_CONNECTION" == "1" && "$AUTH_KEY" =~ ^tskey-auth- ]]; then break
         elif [[ "$TS_CONNECTION" == "2" && -n "$AUTH_KEY" ]]; then
             print_warning "Ensure the pre-auth key is valid for your custom Tailscale server ($LOGIN_SERVER)."
@@ -2175,6 +2177,8 @@ configure_security_audit() {
             log "Lynis audit completed successfully."
             # Extract hardening index
             HARDENING_INDEX=$(grep -oP "Hardening index : \K\d+" "$AUDIT_LOG" || echo "Unknown")
+            #Extract top suggestions
+            grep "Suggestion:" /var/log/lynis-report.dat | head -n 5 > /tmp/lynis_suggestions.txt 2>/dev/null || true
             # Append Lynis system log for persistence
             cat /var/log/lynis.log >> "$AUDIT_LOG" 2>/dev/null
         else
@@ -2362,6 +2366,10 @@ generate_summary() {
         printf "    %-17s%s\n" "- Audit Log:" "${AUDIT_LOG:-N/A}"
         printf "    %-17s%s\n" "- Hardening Index:" "${HARDENING_INDEX:-Unknown}"
         printf "    %-17s%s\n" "- Vulnerabilities:" "${DEBSECAN_VULNS:-N/A}"
+        if [[ -s /tmp/lynis_suggestions.txt ]]; then
+            echo -e "    ${YELLOW}- Top Lynis Suggestions:${NC}"
+            sed 's/^/      /' /tmp/lynis_suggestions.txt
+        fi
     else
         echo -e "  Security Audit:     ${RED}Not run${NC}"
     fi

From 41867a124b6d6cb669fae087de3503cea9845ac8 Mon Sep 17 00:00:00 2001
From: Ali Sufyan <alisufyan@Alis-MacBook-Air.local>
Date: Sun, 3 Aug 2025 23:05:44 +0100
Subject: [PATCH 2/5] clean up temp files

---
 du_setup.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/du_setup.sh b/du_setup.sh
index f7b873f..c966502 100644
--- a/du_setup.sh
+++ b/du_setup.sh
@@ -3,7 +3,7 @@
 # Debian 12 and Ubuntu Server Hardening Interactive Script
 # Version: 0.60 | 2025-07-15
 # Changelog:
-# - v0.61: Display Lynis suggestions in summary and hide tailscale auth key
+# - v0.61: Display Lynis suggestions in summary, hide tailscale auth key, cleanup temp files
 # - v0.60: CI for shellcheck
 # - v0.59: Add a new optional function that applies a set of recommended sysctl security settings to harden the kernel.
 #          Script can now check for update and can run self-update.
@@ -61,7 +61,7 @@
 set -euo pipefail  # Exit on error, undefined vars, pipe failures
 
 # --- Update Configuration ---
-CURRENT_VERSION="0.60"
+CURRENT_VERSION="0.61"
 SCRIPT_URL="https://raw.githubusercontent.com/buildplan/du_setup/refs/heads/main/du_setup.sh"
 CHECKSUM_URL="${SCRIPT_URL}.sha256"
 
@@ -2442,6 +2442,7 @@ handle_error() {
 
 main() {
     trap 'handle_error $LINENO' ERR
+    trap 'rm -f /tmp/lynis_suggestions.txt /tmp/tailscale_*.txt /tmp/sshd_config_test.log /tmp/ssh*.log /tmp/sshd_restart*.log' EXIT
 
     # --- Root Check ---
     if [[ $(id -u) -ne 0 ]]; then

From 4c9eace2c843afa879eacd410ecd4140bc5c431a Mon Sep 17 00:00:00 2001
From: Ali Sufyan <alisufyan@Alis-MacBook-Air.local>
Date: Sun, 3 Aug 2025 23:06:57 +0100
Subject: [PATCH 3/5] update version

---
 du_setup.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/du_setup.sh b/du_setup.sh
index c966502..82f0057 100644
--- a/du_setup.sh
+++ b/du_setup.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # Debian 12 and Ubuntu Server Hardening Interactive Script
-# Version: 0.60 | 2025-07-15
+# Version: 0.61 | 2025-08-03
 # Changelog:
 # - v0.61: Display Lynis suggestions in summary, hide tailscale auth key, cleanup temp files
 # - v0.60: CI for shellcheck

From 44fd0a901db20aa6d9fcd0511902202bc266c196 Mon Sep 17 00:00:00 2001
From: Ali Sufyan <alisufyan@Alis-MacBook-Air.local>
Date: Sun, 3 Aug 2025 23:08:24 +0100
Subject: [PATCH 4/5] update hash

---
 du_setup.sh.sha256 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/du_setup.sh.sha256 b/du_setup.sh.sha256
index 02ec362..3c47de1 100644
--- a/du_setup.sh.sha256
+++ b/du_setup.sh.sha256
@@ -1 +1 @@
-ba58fefc2ed4341a26fb80c2cade3fdcd6c56f708c80c728436e148e3fe99b3f  du_setup.sh
+5b64025825cccd64555d681d209656cfbcbfa75044ce8be351f5e2c662d800fc  du_setup.sh

From f7d643246764d730c2d1395867ac913d8da4461e Mon Sep 17 00:00:00 2001
From: Ali Sufyan <alisufyan@Alis-MacBook-Air.local>
Date: Sun, 3 Aug 2025 23:15:49 +0100
Subject: [PATCH 5/5] update README

---
 README.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 070612a..55e1935 100644
--- a/README.md
+++ b/README.md
@@ -6,9 +6,9 @@
 [![Shell](https://img.shields.io/badge/Shell-Bash%204.4%2B-green)](https://www.gnu.org/software/bash/)
 [![Type](https://img.shields.io/badge/Type-Setup%20%26%20Hardening-blue)](https://github.com/buildplan/du_setup)
 
-**Version:** v0.60
+**Version:** v0.61
 
-**Last Updated:** 2025-07-15
+**Last Updated:** 2025-08-03
 
 **Compatible With:**
 
@@ -82,12 +82,12 @@ sha256sum du_setup.sh
 
 Compare the output hash to the one below. They must match exactly.
 
-`ba58fefc2ed4341a26fb80c2cade3fdcd6c56f708c80c728436e148e3fe99b3f`
+`5b64025825cccd64555d681d209656cfbcbfa75044ce8be351f5e2c662d800fc`
 
 Or echo the hash to check, it should output: `du_setup.sh: OK`
 
 ```
-echo ba58fefc2ed4341a26fb80c2cade3fdcd6c56f708c80c728436e148e3fe99b3f du_setup.sh | sha256sum --check -
+echo 5b64025825cccd64555d681d209656cfbcbfa75044ce8be351f5e2c662d800fc du_setup.sh | sha256sum --check -
 ```
 
 ### 3\. Run the Script