From 9fbfefa34284b5e67496216ec004f2a3160c7294 Mon Sep 17 00:00:00 2001 From: buildplan Date: Fri, 15 Aug 2025 14:14:57 +0100 Subject: [PATCH 1/9] compatibility with Debian 13 --- du_setup.sh | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/du_setup.sh b/du_setup.sh index 587115f..c23a199 100644 --- a/du_setup.sh +++ b/du_setup.sh @@ -1,8 +1,9 @@ #!/bin/bash -# Debian 12 and Ubuntu Server Hardening Interactive Script -# Version: 0.63 | 2025-08-10 +# Debian and Ubuntu Server Hardening Interactive Script +# Version: 0.64 | 2025-08-15 # Changelog: +# - v0.64: Tested at Debian 13 to confirm it works as expected # - v0.63: Added ssh install in key packages # - v0.62: Added fix for fail2ban by creating empty ufw log file # - v0.61: Display Lynis suggestions in summary, hide tailscale auth key, cleanup temp files @@ -63,7 +64,7 @@ set -euo pipefail # Exit on error, undefined vars, pipe failures # --- Update Configuration --- -CURRENT_VERSION="0.63" +CURRENT_VERSION="0.64" SCRIPT_URL="https://raw.githubusercontent.com/buildplan/du_setup/refs/heads/main/du_setup.sh" CHECKSUM_URL="${SCRIPT_URL}.sha256" @@ -124,7 +125,7 @@ print_header() { echo -e "${CYAN}╔═════════════════════════════════════════════════════════════════╗${NC}" echo -e "${CYAN}║ ║${NC}" echo -e "${CYAN}║ DEBIAN/UBUNTU SERVER SETUP AND HARDENING SCRIPT ║${NC}" - echo -e "${CYAN}║ v0.62 | 2025-08-06 ║${NC}" + echo -e "${CYAN}║ v0.64 | 2025-08-15 ║${NC}" echo -e "${CYAN}║ ║${NC}" echo -e "${CYAN}╚═════════════════════════════════════════════════════════════════╝${NC}" echo @@ -362,11 +363,11 @@ check_system() { if [[ -f /etc/os-release ]]; then source /etc/os-release ID=$ID # Populate global ID variable - if [[ $ID == "debian" && $VERSION_ID == "12" ]] || \ + if [[ $ID == "debian" && $VERSION_ID =~ ^(12|13)$ ]] || \ [[ $ID == "ubuntu" && $VERSION_ID =~ ^(20.04|22.04|24.04)$ ]]; then print_success "Compatible OS detected: $PRETTY_NAME" else - print_warning "Script not tested on $PRETTY_NAME. This is for Debian 12 or Ubuntu 20.04/22.04/24.04 LTS." + print_warning "Script not tested on $PRETTY_NAME. This is for Debian 12/13 or Ubuntu 20.04/22.04/24.04 LTS." if ! confirm "Continue anyway?"; then exit 1; fi fi else @@ -660,6 +661,11 @@ setup_user() { configure_system() { print_section "System Configuration" + + # Warn about /tmp being a RAM-backed filesystem on Debian 13+ + print_info "Note: Debian 13 uses tmpfs for /tmp by default (stored in RAM)" + print_info "Large temporary files may consume system memory" + mkdir -p "$BACKUP_DIR" && chmod 700 "$BACKUP_DIR" cp /etc/hosts "$BACKUP_DIR/hosts.backup" cp /etc/fstab "$BACKUP_DIR/fstab.backup" From e1ccb35307e34e2df988fbce7001c4cd916203a5 Mon Sep 17 00:00:00 2001 From: buildplan Date: Fri, 15 Aug 2025 14:17:37 +0100 Subject: [PATCH 2/9] update sha256 for v0.64 --- du_setup.sh.sha256 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/du_setup.sh.sha256 b/du_setup.sh.sha256 index c1f91fa..7ceebdd 100644 --- a/du_setup.sh.sha256 +++ b/du_setup.sh.sha256 @@ -1 +1 @@ -200bec06b7eb818616fc8073e4aa479c2dd3aa8c262a2e273173d31cda0286a3 du_setup.sh +39dfc5716377b3468ecacd9f7a557fedca0397720c3652e5b14d8788241df789 du_setup.sh From d9fa7f82c112685fdd7b77e899496bc8dc0b0b9f Mon Sep 17 00:00:00 2001 From: buildplan Date: Fri, 15 Aug 2025 14:22:56 +0100 Subject: [PATCH 3/9] version bump v0.64 --- README.md | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index dbc4f3a..4cac535 100644 --- a/README.md +++ b/README.md @@ -2,18 +2,19 @@ [![Shell Script Linter](https://github.com/buildplan/du_setup/actions/workflows/lint.yml/badge.svg)](https://github.com/buildplan/du_setup/actions/workflows/lint.yml) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) -[![Compatibility](https://img.shields.io/badge/Compatibility-Debian%2012%20%7C%20Ubuntu%2022.04%20%2F%2024.04-orange)](https://www.debian.org/) +[![Debian Compatibility](https://img.shields.io/badge/Compatibility–Debian%2012%7C13-blue)](https://www.debian.org/releases/) +[![Ubuntu Compatibility](https://img.shields.io/badge/Compatibility–Ubuntu%2020.04%7C22.04%7C24.04%7C26.04-blue)](https://ubuntu.com/download/server) [![Shell](https://img.shields.io/badge/Shell-Bash%204.4%2B-green)](https://www.gnu.org/software/bash/) [![Type](https://img.shields.io/badge/Type-Setup%20%26%20Hardening-blue)](https://github.com/buildplan/du_setup) -**Version:** v0.63 +**Version:** v0.64 -**Last Updated:** 2025-08-10 +**Last Updated:** 2025-08-15 **Compatible With:** - * Debian 12 - * Ubuntu 22.04, 24.04 (24.10 & 25.04 experimental) + * Debian 12, 13 + * Ubuntu 20.04, 22.04, 24.04 (24.10 & 25.04 experimental) ## Overview @@ -82,12 +83,12 @@ sha256sum du_setup.sh Compare the output hash to the one below. They must match exactly. -`200bec06b7eb818616fc8073e4aa479c2dd3aa8c262a2e273173d31cda0286a3` +`39dfc5716377b3468ecacd9f7a557fedca0397720c3652e5b14d8788241df789` Or echo the hash to check, it should output: `du_setup.sh: OK` ``` -echo 200bec06b7eb818616fc8073e4aa479c2dd3aa8c262a2e273173d31cda0286a3 du_setup.sh | sha256sum --check - +echo 39dfc5716377b3468ecacd9f7a557fedca0397720c3652e5b14d8788241df789 du_setup.sh | sha256sum --check - ``` ### 3\. Run the Script @@ -177,7 +178,7 @@ After rebooting, verify the setup: ## Tested On - * Debian 12 + * Debian 12, 13 * Ubuntu 22.04, 24.04 - 24.10 & 25.04 (experimental) * Cloud providers: DigitalOcean, Oracle Cloud, OVH Cloud, Hetzner, Netcup * Backup destinations: Hetzner Storage Box (SSH, port 23), custom SSH servers From ff7f32db80e86228a099a720c7cbc7d681fad064 Mon Sep 17 00:00:00 2001 From: buildplan Date: Fri, 15 Aug 2025 14:32:26 +0100 Subject: [PATCH 4/9] version bump v0.64 --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4cac535..ec41208 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,8 @@ [![Shell Script Linter](https://github.com/buildplan/du_setup/actions/workflows/lint.yml/badge.svg)](https://github.com/buildplan/du_setup/actions/workflows/lint.yml) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) -[![Debian Compatibility](https://img.shields.io/badge/Compatibility–Debian%2012%7C13-blue)](https://www.debian.org/releases/) -[![Ubuntu Compatibility](https://img.shields.io/badge/Compatibility–Ubuntu%2020.04%7C22.04%7C24.04%7C26.04-blue)](https://ubuntu.com/download/server) +[![Debian Compatibility](https://img.shields.io/badge/Compatibility–Debian%2012%7C13-CRIMSON?style=flat&logo=debian&logoColor=white)](https://www.debian.org/releases/) +[![Ubuntu Compatibility](https://img.shields.io/badge/Compatibility–Ubuntu%2022.04%7C24.04-ORANGE?style=flat&logo=ubuntu&logoColor=white)](https://ubuntu.com/download/server) [![Shell](https://img.shields.io/badge/Shell-Bash%204.4%2B-green)](https://www.gnu.org/software/bash/) [![Type](https://img.shields.io/badge/Type-Setup%20%26%20Hardening-blue)](https://github.com/buildplan/du_setup) From 0ec2ad901b1351bd303325a41bd84b63d1900ca3 Mon Sep 17 00:00:00 2001 From: buildplan Date: Fri, 15 Aug 2025 14:35:03 +0100 Subject: [PATCH 5/9] version bump v0.64 --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ec41208..92ed282 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,8 @@ [![Shell Script Linter](https://github.com/buildplan/du_setup/actions/workflows/lint.yml/badge.svg)](https://github.com/buildplan/du_setup/actions/workflows/lint.yml) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) -[![Debian Compatibility](https://img.shields.io/badge/Compatibility–Debian%2012%7C13-CRIMSON?style=flat&logo=debian&logoColor=white)](https://www.debian.org/releases/) -[![Ubuntu Compatibility](https://img.shields.io/badge/Compatibility–Ubuntu%2022.04%7C24.04-ORANGE?style=flat&logo=ubuntu&logoColor=white)](https://ubuntu.com/download/server) +[![Debian Compatibility](https://img.shields.io/badge/Compatibility–Debian%2012%7C13-%23A81D33?style=flat&logo=debian&logoColor=white)](https://www.debian.org/releases/) +[![Ubuntu Compatibility](https://img.shields.io/badge/Compatibility–Ubuntu%2022.04%7C24.04-%23E95420?style=flat&logo=ubuntu&logoColor=white)](https://ubuntu.com/download/server) [![Shell](https://img.shields.io/badge/Shell-Bash%204.4%2B-green)](https://www.gnu.org/software/bash/) [![Type](https://img.shields.io/badge/Type-Setup%20%26%20Hardening-blue)](https://github.com/buildplan/du_setup) From d83709447049bb9609574618adf1e8b76415c623 Mon Sep 17 00:00:00 2001 From: buildplan Date: Fri, 15 Aug 2025 14:36:28 +0100 Subject: [PATCH 6/9] version bump v0.64 --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 92ed282..b3a6dc2 100644 --- a/README.md +++ b/README.md @@ -2,10 +2,10 @@ [![Shell Script Linter](https://github.com/buildplan/du_setup/actions/workflows/lint.yml/badge.svg)](https://github.com/buildplan/du_setup/actions/workflows/lint.yml) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) -[![Debian Compatibility](https://img.shields.io/badge/Compatibility–Debian%2012%7C13-%23A81D33?style=flat&logo=debian&logoColor=white)](https://www.debian.org/releases/) -[![Ubuntu Compatibility](https://img.shields.io/badge/Compatibility–Ubuntu%2022.04%7C24.04-%23E95420?style=flat&logo=ubuntu&logoColor=white)](https://ubuntu.com/download/server) [![Shell](https://img.shields.io/badge/Shell-Bash%204.4%2B-green)](https://www.gnu.org/software/bash/) [![Type](https://img.shields.io/badge/Type-Setup%20%26%20Hardening-blue)](https://github.com/buildplan/du_setup) +[![Debian Compatibility](https://img.shields.io/badge/Compatibility–Debian%2012%7C13-%23A81D33?style=flat&logo=debian&logoColor=white)](https://www.debian.org/releases/) +[![Ubuntu Compatibility](https://img.shields.io/badge/Compatibility–Ubuntu%2022.04%7C24.04-%23E95420?style=flat&logo=ubuntu&logoColor=white)](https://ubuntu.com/download/server) **Version:** v0.64 From 5d9ea774215b227f8275122ca67734177304dae4 Mon Sep 17 00:00:00 2001 From: buildplan Date: Fri, 15 Aug 2025 14:37:08 +0100 Subject: [PATCH 7/9] version bump v0.64 --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b3a6dc2..5933426 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,11 @@ # Debian & Ubuntu Server Setup & Hardening Script +[![Debian Compatibility](https://img.shields.io/badge/Compatibility–Debian%2012%7C13-%23A81D33?style=flat&logo=debian&logoColor=white)](https://www.debian.org/releases/) +[![Ubuntu Compatibility](https://img.shields.io/badge/Compatibility–Ubuntu%2022.04%7C24.04-%23E95420?style=flat&logo=ubuntu&logoColor=white)](https://ubuntu.com/download/server) [![Shell Script Linter](https://github.com/buildplan/du_setup/actions/workflows/lint.yml/badge.svg)](https://github.com/buildplan/du_setup/actions/workflows/lint.yml) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) [![Shell](https://img.shields.io/badge/Shell-Bash%204.4%2B-green)](https://www.gnu.org/software/bash/) [![Type](https://img.shields.io/badge/Type-Setup%20%26%20Hardening-blue)](https://github.com/buildplan/du_setup) -[![Debian Compatibility](https://img.shields.io/badge/Compatibility–Debian%2012%7C13-%23A81D33?style=flat&logo=debian&logoColor=white)](https://www.debian.org/releases/) -[![Ubuntu Compatibility](https://img.shields.io/badge/Compatibility–Ubuntu%2022.04%7C24.04-%23E95420?style=flat&logo=ubuntu&logoColor=white)](https://ubuntu.com/download/server) **Version:** v0.64 From db5f228a390ad1cb13674ee49eaeace26fe9925f Mon Sep 17 00:00:00 2001 From: buildplan Date: Fri, 15 Aug 2025 14:40:33 +0100 Subject: [PATCH 8/9] version bump v0.64 --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 5933426..bdb3d58 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Debian & Ubuntu Server Setup & Hardening Script -[![Debian Compatibility](https://img.shields.io/badge/Compatibility–Debian%2012%7C13-%23A81D33?style=flat&logo=debian&logoColor=white)](https://www.debian.org/releases/) -[![Ubuntu Compatibility](https://img.shields.io/badge/Compatibility–Ubuntu%2022.04%7C24.04-%23E95420?style=flat&logo=ubuntu&logoColor=white)](https://ubuntu.com/download/server) +[![Debian Compatibility](https://img.shields.io/badge/Compatibility–Debian%2012%7C13-lightgrey?style=flat&labelColor=555&logo=debian&logoColor=%23A81D33)](https://www.debian.org/releases/) +[![Ubuntu Compatibility](https://img.shields.io/badge/Compatibility–Ubuntu%2022.04%7C24.04-lightgrey?style=flat&labelColor=555&logo=ubuntu&logoColor=%23E95420)](https://ubuntu.com/download/server) [![Shell Script Linter](https://github.com/buildplan/du_setup/actions/workflows/lint.yml/badge.svg)](https://github.com/buildplan/du_setup/actions/workflows/lint.yml) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) [![Shell](https://img.shields.io/badge/Shell-Bash%204.4%2B-green)](https://www.gnu.org/software/bash/) From 0900cd7422e097ce4b55fef1e9454a3f3b921c1f Mon Sep 17 00:00:00 2001 From: buildplan Date: Fri, 15 Aug 2025 14:43:58 +0100 Subject: [PATCH 9/9] version bump v0.64 --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index bdb3d58..f687c4c 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Debian & Ubuntu Server Setup & Hardening Script -[![Debian Compatibility](https://img.shields.io/badge/Compatibility–Debian%2012%7C13-lightgrey?style=flat&labelColor=555&logo=debian&logoColor=%23A81D33)](https://www.debian.org/releases/) -[![Ubuntu Compatibility](https://img.shields.io/badge/Compatibility–Ubuntu%2022.04%7C24.04-lightgrey?style=flat&labelColor=555&logo=ubuntu&logoColor=%23E95420)](https://ubuntu.com/download/server) +[![Debian Compatibility](https://img.shields.io/badge/Compatibility–Debian%2012%7C13-%23A81D33?style=flat&labelColor=555&logo=debian&logoColor=white)](https://www.debian.org/releases/) +[![Ubuntu Compatibility](https://img.shields.io/badge/Compatibility–Ubuntu%2022.04%7C24.04-%23E95420?style=flat&labelColor=555&logo=ubuntu&logoColor=white)](https://ubuntu.com/download/server) [![Shell Script Linter](https://github.com/buildplan/du_setup/actions/workflows/lint.yml/badge.svg)](https://github.com/buildplan/du_setup/actions/workflows/lint.yml) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) [![Shell](https://img.shields.io/badge/Shell-Bash%204.4%2B-green)](https://www.gnu.org/software/bash/)