External/du_setup
1
0
Fork 0
mirror of https://github.com/buildplan/du_setup.git synced 2025-12-29 16:14:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #45 from buildplan/improve

Browse Source 
minor Improvements
This commit is contained in:
buildplan
2025-08-03 23:20:10 +01:00
committed by GitHub
parent e3003470f3 f7d6432467
commit 831265c290
3 changed files with 18 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@@ -6,9 +6,9 @@
[![Shell](https://img.shields.io/badge/Shell-Bash%204.4%2B-green)](https://www.gnu.org/software/bash/) [![Shell](https://img.shields.io/badge/Shell-Bash%204.4%2B-green)](https://www.gnu.org/software/bash/)
[![Type](https://img.shields.io/badge/Type-Setup%20%26%20Hardening-blue)](https://github.com/buildplan/du_setup) [![Type](https://img.shields.io/badge/Type-Setup%20%26%20Hardening-blue)](https://github.com/buildplan/du_setup)
**Version:** v0.60 **Version:** v0.61
**Last Updated:** 2025-07-15 **Last Updated:** 2025-08-03
**Compatible With:** **Compatible With:**
@@ -82,12 +82,12 @@ sha256sum du_setup.sh
Compare the output hash to the one below. They must match exactly. Compare the output hash to the one below. They must match exactly.
`ba58fefc2ed4341a26fb80c2cade3fdcd6c56f708c80c728436e148e3fe99b3f` `5b64025825cccd64555d681d209656cfbcbfa75044ce8be351f5e2c662d800fc`
Or echo the hash to check, it should output: `du_setup.sh: OK` Or echo the hash to check, it should output: `du_setup.sh: OK`
``` ```
echo ba58fefc2ed4341a26fb80c2cade3fdcd6c56f708c80c728436e148e3fe99b3f du_setup.sh | sha256sum --check - echo 5b64025825cccd64555d681d209656cfbcbfa75044ce8be351f5e2c662d800fc du_setup.sh | sha256sum --check -
``` ```
### 3\. Run the Script ### 3\. Run the Script

17
du_setup.sh
View File

@@ -1,8 +1,9 @@
#!/bin/bash #!/bin/bash
# Debian 12 and Ubuntu Server Hardening Interactive Script # Debian 12 and Ubuntu Server Hardening Interactive Script
# Version: 0.60 | 2025-07-15 # Version: 0.61 | 2025-08-03
# Changelog: # Changelog:
# - v0.61: Display Lynis suggestions in summary, hide tailscale auth key, cleanup temp files
# - v0.60: CI for shellcheck # - v0.60: CI for shellcheck
# - v0.59: Add a new optional function that applies a set of recommended sysctl security settings to harden the kernel. # - v0.59: Add a new optional function that applies a set of recommended sysctl security settings to harden the kernel.
# Script can now check for update and can run self-update. # Script can now check for update and can run self-update.
@@ -60,7 +61,7 @@
set -euo pipefail # Exit on error, undefined vars, pipe failures set -euo pipefail # Exit on error, undefined vars, pipe failures
# --- Update Configuration --- # --- Update Configuration ---
CURRENT_VERSION="0.60" CURRENT_VERSION="0.61"
SCRIPT_URL="https://raw.githubusercontent.com/buildplan/du_setup/refs/heads/main/du_setup.sh" SCRIPT_URL="https://raw.githubusercontent.com/buildplan/du_setup/refs/heads/main/du_setup.sh"
CHECKSUM_URL="${SCRIPT_URL}.sha256" CHECKSUM_URL="${SCRIPT_URL}.sha256"
@@ -121,7 +122,7 @@ print_header() {
echo -e "${CYAN}╔═════════════════════════════════════════════════════════════════╗${NC}" echo -e "${CYAN}╔═════════════════════════════════════════════════════════════════╗${NC}"
echo -e "${CYAN}║ ║${NC}" echo -e "${CYAN}║ ║${NC}"
echo -e "${CYAN}║ DEBIAN/UBUNTU SERVER SETUP AND HARDENING SCRIPT ║${NC}" echo -e "${CYAN}║ DEBIAN/UBUNTU SERVER SETUP AND HARDENING SCRIPT ║${NC}"
echo -e "${CYAN}║ v0.60 | 2025-07-15${NC}" echo -e "${CYAN}║ v0.61 | 2025-08-03${NC}"
echo -e "${CYAN}║ ║${NC}" echo -e "${CYAN}║ ║${NC}"
echo -e "${CYAN}╚═════════════════════════════════════════════════════════════════╝${NC}" echo -e "${CYAN}╚═════════════════════════════════════════════════════════════════╝${NC}"
echo echo
@@ -1434,7 +1435,8 @@ install_tailscale() {
done done
fi fi
while true; do while true; do
read -rp "$(echo -e "${CYAN}Enter Tailscale pre-auth key: ${NC}")" AUTH_KEY read -sp "$(echo -e "${CYAN}Enter Tailscale pre-auth key: ${NC}")" AUTH_KEY
echo
if [[ "$TS_CONNECTION" == "1" && "$AUTH_KEY" =~ ^tskey-auth- ]]; then break if [[ "$TS_CONNECTION" == "1" && "$AUTH_KEY" =~ ^tskey-auth- ]]; then break
elif [[ "$TS_CONNECTION" == "2" && -n "$AUTH_KEY" ]]; then elif [[ "$TS_CONNECTION" == "2" && -n "$AUTH_KEY" ]]; then
print_warning "Ensure the pre-auth key is valid for your custom Tailscale server ($LOGIN_SERVER)." print_warning "Ensure the pre-auth key is valid for your custom Tailscale server ($LOGIN_SERVER)."
@@ -2175,6 +2177,8 @@ configure_security_audit() {
log "Lynis audit completed successfully." log "Lynis audit completed successfully."
# Extract hardening index # Extract hardening index
HARDENING_INDEX=$(grep -oP "Hardening index : \K\d+" "$AUDIT_LOG" || echo "Unknown") HARDENING_INDEX=$(grep -oP "Hardening index : \K\d+" "$AUDIT_LOG" || echo "Unknown")
#Extract top suggestions
grep "Suggestion:" /var/log/lynis-report.dat | head -n 5 > /tmp/lynis_suggestions.txt 2>/dev/null || true
# Append Lynis system log for persistence # Append Lynis system log for persistence
cat /var/log/lynis.log >> "$AUDIT_LOG" 2>/dev/null cat /var/log/lynis.log >> "$AUDIT_LOG" 2>/dev/null
else else
@@ -2362,6 +2366,10 @@ generate_summary() {
printf " %-17s%s\n" "- Audit Log:" "${AUDIT_LOG:-N/A}" printf " %-17s%s\n" "- Audit Log:" "${AUDIT_LOG:-N/A}"
printf " %-17s%s\n" "- Hardening Index:" "${HARDENING_INDEX:-Unknown}" printf " %-17s%s\n" "- Hardening Index:" "${HARDENING_INDEX:-Unknown}"
printf " %-17s%s\n" "- Vulnerabilities:" "${DEBSECAN_VULNS:-N/A}" printf " %-17s%s\n" "- Vulnerabilities:" "${DEBSECAN_VULNS:-N/A}"
if [[ -s /tmp/lynis_suggestions.txt ]]; then
echo -e " ${YELLOW}- Top Lynis Suggestions:${NC}"
sed 's/^/ /' /tmp/lynis_suggestions.txt
fi
else else
echo -e " Security Audit: ${RED}Not run${NC}" echo -e " Security Audit: ${RED}Not run${NC}"
fi fi
@@ -2434,6 +2442,7 @@ handle_error() {
main() { main() {
trap 'handle_error $LINENO' ERR trap 'handle_error $LINENO' ERR
trap 'rm -f /tmp/lynis_suggestions.txt /tmp/tailscale_*.txt /tmp/sshd_config_test.log /tmp/ssh*.log /tmp/sshd_restart*.log' EXIT
# --- Root Check --- # --- Root Check ---
if [[ $(id -u) -ne 0 ]]; then if [[ $(id -u) -ne 0 ]]; then

2
du_setup.sh.sha256
View File

@@ -1 +1 @@
ba58fefc2ed4341a26fb80c2cade3fdcd6c56f708c80c728436e148e3fe99b3f du_setup.sh 5b64025825cccd64555d681d209656cfbcbfa75044ce8be351f5e2c662d800fc du_setup.sh