From cc729afc3a11703104f8e9f17923f8cf821f1c3a Mon Sep 17 00:00:00 2001 From: Ali Date: Tue, 15 Jul 2025 19:16:06 +0100 Subject: [PATCH 1/5] syntax fix --- du_setup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/du_setup.sh b/du_setup.sh index b29da30..2ffdfa6 100644 --- a/du_setup.sh +++ b/du_setup.sh @@ -864,7 +864,7 @@ rollback_ssh_changes() { SSH_SERVICE="ssh.socket" print_info "Detected SSH socket activation: using ssh.socket." log "Rollback: Using ssh.socket for SSH service." - elif ! systemctl list-units --full -all --no-pager | grep -E "[[:space:]]$SSH_SERVICE[[:space:]]" >/dev/null 2>&1; then + elif ! systemctl list-units --full -all --no-pager | grep -E "[[:space:]]${SSH_SERVICE}[[:space:]]" >/dev/null 2>&1; then SSH_SERVICE="ssh.service" # Fallback for Ubuntu print_warning "SSH service $SSH_SERVICE not found, falling back to ssh.service." log "Rollback warning: Using fallback SSH service ssh.service." From 4ef3a40583f7016c324303557fe1c581b5e74327 Mon Sep 17 00:00:00 2001 From: Ali Date: Tue, 15 Jul 2025 19:20:26 +0100 Subject: [PATCH 2/5] add shellcheck ci --- du_setup.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/du_setup.sh b/du_setup.sh index 2ffdfa6..5c0e58f 100644 --- a/du_setup.sh +++ b/du_setup.sh @@ -1,8 +1,9 @@ #!/bin/bash # Debian 12 and Ubuntu Server Hardening Interactive Script -# Version: 0.59 | 2025-07-15 +# Version: 0.60 | 2025-07-15 # Changelog: +# - v0.60: CI for shellcheck # - v0.59: Add a new optional function that applies a set of recommended sysctl security settings to harden the kernel. # Script can now check for update and can run self-update. # - v0.58: improved fail2ban to parse ufw logs @@ -120,7 +121,7 @@ print_header() { echo -e "${CYAN}╔═════════════════════════════════════════════════════════════════╗${NC}" echo -e "${CYAN}║ ║${NC}" echo -e "${CYAN}║ DEBIAN/UBUNTU SERVER SETUP AND HARDENING SCRIPT ║${NC}" - echo -e "${CYAN}║ v0.59 | 2025-07-15 ║${NC}" + echo -e "${CYAN}║ v0.60 | 2025-07-15 ║${NC}" echo -e "${CYAN}║ ║${NC}" echo -e "${CYAN}╚═════════════════════════════════════════════════════════════════╝${NC}" echo From 9c202f770d2dd3ed524458acb0efa25704526132 Mon Sep 17 00:00:00 2001 From: Ali Date: Tue, 15 Jul 2025 19:22:31 +0100 Subject: [PATCH 3/5] shellcheck workflow --- .github/workflows/lint.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/workflows/lint.yml diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..db46fff --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,30 @@ +name: Shell Script Linter + +on: + push: + branches: [ "main", "test" ] + pull_request: + branches: [ "main" ] + +jobs: + shellcheck: + name: Shellcheck + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Install ShellCheck + run: sudo apt-get update && sudo apt-get install -y shellcheck + - name: Run Shellcheck (Show All Issues & Fail on Errors) + run: | + set -o pipefail + + echo "--- Checking for all warnings and style issues ---" + shellcheck -f gcc ./du_setup.sh | while IFS= read -r line; do + file=$(echo "$line" | cut -d: -f1) + line_no=$(echo "$line" | cut -d: -f2) + message=$(echo "$line" | cut -d: -f4-) + echo "::warning file=$file,line=$line_no::$message" + done || true + + echo "--- Checking for critical errors ---" + shellcheck --severity=error ./du_setup.sh From 1ce9433daea5d4fbb8d0b378c6333d67fedfffa8 Mon Sep 17 00:00:00 2001 From: Ali Date: Tue, 15 Jul 2025 19:22:58 +0100 Subject: [PATCH 4/5] update hash --- README.md | 6 +++--- du_setup.sh.sha256 | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 0bd2e79..77882df 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Debian & Ubuntu Server Setup & Hardening Script -**Version:** v0.59 +**Version:** v0.60 **Last Updated:** 2025-07-15 @@ -76,12 +76,12 @@ sha256sum du_setup.sh Compare the output hash to the one below. They must match exactly. -`9f0430e9d930fbdbd0bb5f148a6db1baa0290c14c697e1d56006630f0c3c19ae` +`882b87ef9b3f21ed2df0b76c395aa9ed8864f8e1dad3b4bee627c9c9e7f301b0` Or echo the hash to check, it should output: `du_setup.sh: OK` ``` -echo 9f0430e9d930fbdbd0bb5f148a6db1baa0290c14c697e1d56006630f0c3c19ae du_setup.sh | sha256sum --check - +echo 882b87ef9b3f21ed2df0b76c395aa9ed8864f8e1dad3b4bee627c9c9e7f301b0 du_setup.sh | sha256sum --check - ``` ### 3\. Run the Script diff --git a/du_setup.sh.sha256 b/du_setup.sh.sha256 index f2f1370..c974922 100644 --- a/du_setup.sh.sha256 +++ b/du_setup.sh.sha256 @@ -1 +1 @@ -9f0430e9d930fbdbd0bb5f148a6db1baa0290c14c697e1d56006630f0c3c19ae du_setup.sh +882b87ef9b3f21ed2df0b76c395aa9ed8864f8e1dad3b4bee627c9c9e7f301b0 du_setup.sh From 15af0cb9cdb59964d4b00231dfa2d7ddd65cc272 Mon Sep 17 00:00:00 2001 From: Ali Date: Tue, 15 Jul 2025 19:25:38 +0100 Subject: [PATCH 5/5] fency --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 77882df..ec90b47 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,11 @@ # Debian & Ubuntu Server Setup & Hardening Script +[![Shell Script Linter](https://github.com/buildplan/du_setup/actions/workflows/lint.yml/badge.svg)](https://github.com/buildplan/du_setup/actions/workflows/lint.yml) +[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) +[![Compatibility](https://img.shields.io/badge/Compatibility-Debian%2012%20%7C%20Ubuntu%2022.04%20%2F%2024.04-orange)](https://www.debian.org/) +[![Shell](https://img.shields.io/badge/Shell-Bash%204.4%2B-green)](https://www.gnu.org/software/bash/) +[![Type](https://img.shields.io/badge/Type-Setup%20%26%20Hardening-blue)](https://github.com/buildplan/du_setup) + **Version:** v0.60 **Last Updated:** 2025-07-15