Merge pull request #18 from buildplan/main

sync with main
2025-12-29 16:14:59 +00:00 · 2025-06-29 22:50:05 +01:00
parent 4208e764a8 8d73fa0917
commit fa4266511b
3 changed files with 21 additions and 7 deletions
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # Debian & Ubuntu Server Setup & Hardening Script

-**Version:** 4.2
+**Version:** 4.3

 **Last Updated:** 2025-06-29

@@ -45,20 +45,31 @@ This script automates the initial setup and security hardening of a fresh Debian

 ### 1. Download the Script

-```bash
+```
 wget https://raw.githubusercontent.com/buildplan/setup_harden_server/refs/heads/main/setup_harden_debian_ubuntu.sh
 chmod +x setup_harden_debian_ubuntu.sh
 ```

+#### Verify Script Integrity (Optional but Recommended)
+
+After downloading the script, verify its integrity:
+
+```
+wget https://raw.githubusercontent.com/buildplan/setup_harden_server/main/setup_harden_debian_ubuntu.sh
+wget https://raw.githubusercontent.com/buildplan/setup_harden_server/main/setup_harden_debian_ubuntu.sh.sha256
+
+sha256sum -c setup_harden_debian_ubuntu.sh.sha256
+```
+
 ### 2. Run Interactively (Recommended)

-```bash
+```
 sudo ./setup_harden_debian_ubuntu.sh
 ```

 ### 3. Run in Quiet Mode (for Automation)

-```bash
+```
 sudo ./setup_harden_debian_ubuntu.sh --quiet
 ```

@@ -66,6 +77,7 @@ sudo ./setup_harden_debian_ubuntu.sh --quiet
 >
 > Ensure your VPS provider’s firewall allows the custom SSH port, backup server’s SSH port (e.g., 23 for Hetzner Storage Box), and Tailscale traffic (UDP 41641 for direct connections).

+
 ## What It Does

 | Task | Description |
@@ -237,4 +249,4 @@ If Tailscale fails to connect:

 ## [MIT](https://github.com/buildplan/setup_harden_server/blob/main/LICENSE) License

-This script is open-source and provided "as is" without warranty. Use at your own risk.
+This script is open-source and provided "as is" without warranty. Use at your own risk.
--- a/setup_harden_debian_ubuntu.sh
+++ b/setup_harden_debian_ubuntu.sh
@@ -1,8 +1,9 @@
 #!/bin/bash

 # Debian 12 and Ubuntu Server Hardening Interactive Script
-# Version: 4.2 | 2025-06-29
+# Version: 4.3 | 2025-06-29
 # Changelog:
+# - v4.3: Add SHA256 integrity verification
 # - v4.2: Added Security Audit Tools (Integrating Lynis and Optionally Debsecan) & option to do Backup Testing
 #	  Fixed debsecan compatibility (Debian-only), added global BACKUP_LOG, added backup testing
 # - v4.1: Added tailscale config to connect to tailscale or headscale server
@@ -87,7 +88,7 @@ print_header() {
    echo -e "${CYAN}╔═════════════════════════════════════════════════════════════════╗${NC}"
    echo -e "${CYAN}║                                                                 ║${NC}"
    echo -e "${CYAN}║       DEBIAN/UBUNTU SERVER SETUP AND HARDENING SCRIPT           ║${NC}"
-    echo -e "${CYAN}║                     v4.2 | 2025-06-29                           ║${NC}"
+    echo -e "${CYAN}║                     v4.3 | 2025-06-29                           ║${NC}"
    echo -e "${CYAN}║                                                                 ║${NC}"
    echo -e "${CYAN}╚═════════════════════════════════════════════════════════════════╝${NC}"
    echo
--- a/setup_harden_debian_ubuntu.sh.sha256
+++ b/setup_harden_debian_ubuntu.sh.sha256
@@ -0,0 +1 @@
+f92a4a494689d7c9d6bc42a87ce6a325f1d40099cf1b8f3cb29c8eea9e3f6ce2  setup_harden_debian_ubuntu.sh
				`@@ -0,0 +1 @@`
				`f92a4a494689d7c9d6bc42a87ce6a325f1d40099cf1b8f3cb29c8eea9e3f6ce2 setup_harden_debian_ubuntu.sh`