diff --git a/README.md b/README.md index 5804f35..75f6936 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Debian & Ubuntu Server Setup & Hardening Script -**Version:** 4.2 +**Version:** 4.3 **Last Updated:** 2025-06-29 @@ -45,20 +45,31 @@ This script automates the initial setup and security hardening of a fresh Debian ### 1. Download the Script -```bash +``` wget https://raw.githubusercontent.com/buildplan/setup_harden_server/refs/heads/main/setup_harden_debian_ubuntu.sh chmod +x setup_harden_debian_ubuntu.sh ``` +#### Verify Script Integrity (Optional but Recommended) + +After downloading the script, verify its integrity: + +``` +wget https://raw.githubusercontent.com/buildplan/setup_harden_server/main/setup_harden_debian_ubuntu.sh +wget https://raw.githubusercontent.com/buildplan/setup_harden_server/main/setup_harden_debian_ubuntu.sh.sha256 + +sha256sum -c setup_harden_debian_ubuntu.sh.sha256 +``` + ### 2. Run Interactively (Recommended) -```bash +``` sudo ./setup_harden_debian_ubuntu.sh ``` ### 3. Run in Quiet Mode (for Automation) -```bash +``` sudo ./setup_harden_debian_ubuntu.sh --quiet ``` @@ -66,6 +77,7 @@ sudo ./setup_harden_debian_ubuntu.sh --quiet > > Ensure your VPS provider’s firewall allows the custom SSH port, backup server’s SSH port (e.g., 23 for Hetzner Storage Box), and Tailscale traffic (UDP 41641 for direct connections). + ## What It Does | Task | Description | @@ -237,4 +249,4 @@ If Tailscale fails to connect: ## [MIT](https://github.com/buildplan/setup_harden_server/blob/main/LICENSE) License -This script is open-source and provided "as is" without warranty. Use at your own risk. \ No newline at end of file +This script is open-source and provided "as is" without warranty. Use at your own risk. diff --git a/setup_harden_debian_ubuntu.sh b/setup_harden_debian_ubuntu.sh index 76c4ba6..2e4e5d2 100644 --- a/setup_harden_debian_ubuntu.sh +++ b/setup_harden_debian_ubuntu.sh @@ -1,8 +1,9 @@ #!/bin/bash # Debian 12 and Ubuntu Server Hardening Interactive Script -# Version: 4.2 | 2025-06-29 +# Version: 4.3 | 2025-06-29 # Changelog: +# - v4.3: Add SHA256 integrity verification # - v4.2: Added Security Audit Tools (Integrating Lynis and Optionally Debsecan) & option to do Backup Testing # Fixed debsecan compatibility (Debian-only), added global BACKUP_LOG, added backup testing # - v4.1: Added tailscale config to connect to tailscale or headscale server @@ -87,7 +88,7 @@ print_header() { echo -e "${CYAN}╔═════════════════════════════════════════════════════════════════╗${NC}" echo -e "${CYAN}║ ║${NC}" echo -e "${CYAN}║ DEBIAN/UBUNTU SERVER SETUP AND HARDENING SCRIPT ║${NC}" - echo -e "${CYAN}║ v4.2 | 2025-06-29 ║${NC}" + echo -e "${CYAN}║ v4.3 | 2025-06-29 ║${NC}" echo -e "${CYAN}║ ║${NC}" echo -e "${CYAN}╚═════════════════════════════════════════════════════════════════╝${NC}" echo diff --git a/setup_harden_debian_ubuntu.sh.sha256 b/setup_harden_debian_ubuntu.sh.sha256 new file mode 100644 index 0000000..e584045 --- /dev/null +++ b/setup_harden_debian_ubuntu.sh.sha256 @@ -0,0 +1 @@ +f92a4a494689d7c9d6bc42a87ce6a325f1d40099cf1b8f3cb29c8eea9e3f6ce2 setup_harden_debian_ubuntu.sh