mirror of
https://github.com/buildplan/du_setup.git
synced 2025-12-29 16:14:59 +00:00
added shellcheck workflow
This commit is contained in:
buildplan
30
.github/workflows/lint.yml
vendored
Normal file
30
.github/workflows/lint.yml
vendored
Normal file
@@ -0,0 +1,30 @@
|
|||||||
|
name: Shell Script Linter
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches: [ "main", "test" ]
|
||||||
|
pull_request:
|
||||||
|
branches: [ "main" ]
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
shellcheck:
|
||||||
|
name: Shellcheck
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
- name: Install ShellCheck
|
||||||
|
run: sudo apt-get update && sudo apt-get install -y shellcheck
|
||||||
|
- name: Run Shellcheck (Show All Issues & Fail on Errors)
|
||||||
|
run: |
|
||||||
|
set -o pipefail
|
||||||
|
|
||||||
|
echo "--- Checking for all warnings and style issues ---"
|
||||||
|
shellcheck -f gcc ./du_setup.sh | while IFS= read -r line; do
|
||||||
|
file=$(echo "$line" | cut -d: -f1)
|
||||||
|
line_no=$(echo "$line" | cut -d: -f2)
|
||||||
|
message=$(echo "$line" | cut -d: -f4-)
|
||||||
|
echo "::warning file=$file,line=$line_no::$message"
|
||||||
|
done || true
|
||||||
|
|
||||||
|
echo "--- Checking for critical errors ---"
|
||||||
|
shellcheck --severity=error ./du_setup.sh
|
||||||
12
README.md
12
README.md
@@ -1,6 +1,12 @@
|
|||||||
# Debian & Ubuntu Server Setup & Hardening Script
|
# Debian & Ubuntu Server Setup & Hardening Script
|
||||||
|
|
||||||
**Version:** v0.59
|
[](https://github.com/buildplan/du_setup/actions/workflows/lint.yml)
|
||||||
|
[](https://opensource.org/licenses/MIT)
|
||||||
|
[](https://www.debian.org/)
|
||||||
|
[](https://www.gnu.org/software/bash/)
|
||||||
|
[](https://github.com/buildplan/du_setup)
|
||||||
|
|
||||||
|
**Version:** v0.60
|
||||||
|
|
||||||
**Last Updated:** 2025-07-15
|
**Last Updated:** 2025-07-15
|
||||||
|
|
||||||
@@ -76,12 +82,12 @@ sha256sum du_setup.sh
|
|||||||
|
|
||||||
Compare the output hash to the one below. They must match exactly.
|
Compare the output hash to the one below. They must match exactly.
|
||||||
|
|
||||||
`9f0430e9d930fbdbd0bb5f148a6db1baa0290c14c697e1d56006630f0c3c19ae`
|
`882b87ef9b3f21ed2df0b76c395aa9ed8864f8e1dad3b4bee627c9c9e7f301b0`
|
||||||
|
|
||||||
Or echo the hash to check, it should output: `du_setup.sh: OK`
|
Or echo the hash to check, it should output: `du_setup.sh: OK`
|
||||||
|
|
||||||
```
|
```
|
||||||
echo 9f0430e9d930fbdbd0bb5f148a6db1baa0290c14c697e1d56006630f0c3c19ae du_setup.sh | sha256sum --check -
|
echo 882b87ef9b3f21ed2df0b76c395aa9ed8864f8e1dad3b4bee627c9c9e7f301b0 du_setup.sh | sha256sum --check -
|
||||||
```
|
```
|
||||||
|
|
||||||
### 3\. Run the Script
|
### 3\. Run the Script
|
||||||
|
|||||||
@@ -1,8 +1,9 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
# Debian 12 and Ubuntu Server Hardening Interactive Script
|
# Debian 12 and Ubuntu Server Hardening Interactive Script
|
||||||
# Version: 0.59 | 2025-07-15
|
# Version: 0.60 | 2025-07-15
|
||||||
# Changelog:
|
# Changelog:
|
||||||
|
# - v0.60: CI for shellcheck
|
||||||
# - v0.59: Add a new optional function that applies a set of recommended sysctl security settings to harden the kernel.
|
# - v0.59: Add a new optional function that applies a set of recommended sysctl security settings to harden the kernel.
|
||||||
# Script can now check for update and can run self-update.
|
# Script can now check for update and can run self-update.
|
||||||
# - v0.58: improved fail2ban to parse ufw logs
|
# - v0.58: improved fail2ban to parse ufw logs
|
||||||
@@ -120,7 +121,7 @@ print_header() {
|
|||||||
echo -e "${CYAN}╔═════════════════════════════════════════════════════════════════╗${NC}"
|
echo -e "${CYAN}╔═════════════════════════════════════════════════════════════════╗${NC}"
|
||||||
echo -e "${CYAN}║ ║${NC}"
|
echo -e "${CYAN}║ ║${NC}"
|
||||||
echo -e "${CYAN}║ DEBIAN/UBUNTU SERVER SETUP AND HARDENING SCRIPT ║${NC}"
|
echo -e "${CYAN}║ DEBIAN/UBUNTU SERVER SETUP AND HARDENING SCRIPT ║${NC}"
|
||||||
echo -e "${CYAN}║ v0.59 | 2025-07-15 ║${NC}"
|
echo -e "${CYAN}║ v0.60 | 2025-07-15 ║${NC}"
|
||||||
echo -e "${CYAN}║ ║${NC}"
|
echo -e "${CYAN}║ ║${NC}"
|
||||||
echo -e "${CYAN}╚═════════════════════════════════════════════════════════════════╝${NC}"
|
echo -e "${CYAN}╚═════════════════════════════════════════════════════════════════╝${NC}"
|
||||||
echo
|
echo
|
||||||
@@ -864,7 +865,7 @@ rollback_ssh_changes() {
|
|||||||
SSH_SERVICE="ssh.socket"
|
SSH_SERVICE="ssh.socket"
|
||||||
print_info "Detected SSH socket activation: using ssh.socket."
|
print_info "Detected SSH socket activation: using ssh.socket."
|
||||||
log "Rollback: Using ssh.socket for SSH service."
|
log "Rollback: Using ssh.socket for SSH service."
|
||||||
elif ! systemctl list-units --full -all --no-pager | grep -E "[[:space:]]$SSH_SERVICE[[:space:]]" >/dev/null 2>&1; then
|
elif ! systemctl list-units --full -all --no-pager | grep -E "[[:space:]]${SSH_SERVICE}[[:space:]]" >/dev/null 2>&1; then
|
||||||
SSH_SERVICE="ssh.service" # Fallback for Ubuntu
|
SSH_SERVICE="ssh.service" # Fallback for Ubuntu
|
||||||
print_warning "SSH service $SSH_SERVICE not found, falling back to ssh.service."
|
print_warning "SSH service $SSH_SERVICE not found, falling back to ssh.service."
|
||||||
log "Rollback warning: Using fallback SSH service ssh.service."
|
log "Rollback warning: Using fallback SSH service ssh.service."
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
9f0430e9d930fbdbd0bb5f148a6db1baa0290c14c697e1d56006630f0c3c19ae du_setup.sh
|
882b87ef9b3f21ed2df0b76c395aa9ed8864f8e1dad3b4bee627c9c9e7f301b0 du_setup.sh
|
||||||
|
|||||||
Reference in New Issue
Block a user