Display Lynis suggestions and hide tailscale auth key

2025-12-29 16:14:59 +00:00 · 2025-08-03 22:57:35 +01:00
parent e3003470f3
commit ed192077e1
1 changed files with 10 additions and 2 deletions
--- a/du_setup.sh
+++ b/du_setup.sh
@@ -3,6 +3,7 @@
 # Debian 12 and Ubuntu Server Hardening Interactive Script
 # Version: 0.60 | 2025-07-15
 # Changelog:
+# - v0.61: Display Lynis suggestions in summary and hide tailscale auth key
 # - v0.60: CI for shellcheck
 # - v0.59: Add a new optional function that applies a set of recommended sysctl security settings to harden the kernel.
 #          Script can now check for update and can run self-update.
@@ -121,7 +122,7 @@ print_header() {
    echo -e "${CYAN}╔═════════════════════════════════════════════════════════════════╗${NC}"
    echo -e "${CYAN}║                                                                 ║${NC}"
    echo -e "${CYAN}║       DEBIAN/UBUNTU SERVER SETUP AND HARDENING SCRIPT           ║${NC}"
-    echo -e "${CYAN}║                      v0.60 | 2025-07-15                         ║${NC}"
+    echo -e "${CYAN}║                      v0.61 | 2025-08-03                         ║${NC}"
    echo -e "${CYAN}║                                                                 ║${NC}"
    echo -e "${CYAN}╚═════════════════════════════════════════════════════════════════╝${NC}"
    echo
@@ -1434,7 +1435,8 @@ install_tailscale() {
        done
    fi
    while true; do
-        read -rp "$(echo -e "${CYAN}Enter Tailscale pre-auth key: ${NC}")" AUTH_KEY
+        read -sp "$(echo -e "${CYAN}Enter Tailscale pre-auth key: ${NC}")" AUTH_KEY
+        echo
        if [[ "$TS_CONNECTION" == "1" && "$AUTH_KEY" =~ ^tskey-auth- ]]; then break
        elif [[ "$TS_CONNECTION" == "2" && -n "$AUTH_KEY" ]]; then
            print_warning "Ensure the pre-auth key is valid for your custom Tailscale server ($LOGIN_SERVER)."
@@ -2175,6 +2177,8 @@ configure_security_audit() {
            log "Lynis audit completed successfully."
            # Extract hardening index
            HARDENING_INDEX=$(grep -oP "Hardening index : \K\d+" "$AUDIT_LOG" || echo "Unknown")
+            #Extract top suggestions
+            grep "Suggestion:" /var/log/lynis-report.dat | head -n 5 > /tmp/lynis_suggestions.txt 2>/dev/null || true
            # Append Lynis system log for persistence
            cat /var/log/lynis.log >> "$AUDIT_LOG" 2>/dev/null
        else
@@ -2362,6 +2366,10 @@ generate_summary() {
        printf "    %-17s%s\n" "- Audit Log:" "${AUDIT_LOG:-N/A}"
        printf "    %-17s%s\n" "- Hardening Index:" "${HARDENING_INDEX:-Unknown}"
        printf "    %-17s%s\n" "- Vulnerabilities:" "${DEBSECAN_VULNS:-N/A}"
+        if [[ -s /tmp/lynis_suggestions.txt ]]; then
+            echo -e "    ${YELLOW}- Top Lynis Suggestions:${NC}"
+            sed 's/^/      /' /tmp/lynis_suggestions.txt
+        fi
    else
        echo -e "  Security Audit:     ${RED}Not run${NC}"
    fi