External/du_setup
1
0
Fork 0
mirror of https://github.com/buildplan/du_setup.git synced 2025-12-17 17:55:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #20 from buildplan/test

Browse Source 
repo and script name change
This commit is contained in:
buildplan 2025-06-30 10:49:06 +01:00 committed by GitHub
commit fc153ea017
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 24 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
README.md
View File

@ -1,8 +1,8 @@
# Debian & Ubuntu Server Setup & Hardening Script # Debian & Ubuntu Server Setup & Hardening Script
**Version:** 4.3 **Version:** v0.50
**Last Updated:** 2025-06-29 **Last Updated:** 2025-06-30
**Compatible With:** **Compatible With:**
@ -29,7 +29,7 @@ This script automates the initial setup and security hardening of a fresh Debian
* **Optional Software**: Offers interactive installation of: * **Optional Software**: Offers interactive installation of:
* Docker & Docker Compose * Docker & Docker Compose
* Tailscale (Mesh VPN) * Tailscale (Mesh VPN)
* **Comprehensive Logging**: Logs all actions to `/var/log/setup_harden_debian_ubuntu_*.log`. * **Comprehensive Logging**: Logs all actions to `/var/log/du_setup_*.log`.
* **Automation-Friendly**: Supports `--quiet` mode for automated provisioning. * **Automation-Friendly**: Supports `--quiet` mode for automated provisioning.
## Installation & Usage ## Installation & Usage
@ -46,8 +46,8 @@ This script automates the initial setup and security hardening of a fresh Debian
### 1\. Download & Prepare Script ### 1\. Download & Prepare Script
``` ```
wget https://raw.githubusercontent.com/buildplan/setup_harden_server/main/setup_harden_debian_ubuntu.sh wget https://raw.githubusercontent.com/buildplan/setup_harden_server/main/du_setup.sh
chmod +x setup_harden_debian_ubuntu.sh chmod +x du_setup.sh
``` ```
### 2\. Verify Script Integrity (Recommended) ### 2\. Verify Script Integrity (Recommended)
@ -60,35 +60,35 @@ This command downloads the official checksum file and automatically compares it
``` ```
# Download the official checksum file # Download the official checksum file
wget https://raw.githubusercontent.com/buildplan/setup_harden_server/main/setup_harden_debian_ubuntu.sh.sha256 wget https://raw.githubusercontent.com/buildplan/setup_harden_server/main/du_setup.sh.sha256
# Run the check (it should output: setup_harden_debian_ubuntu.sh: OK) # Run the check (it should output: du_setup.sh: OK)
sha256sum -c setup_harden_debian_ubuntu.sh.sha256 sha256sum -c du_setup.sh.sha256
``` ```
**Option B: Manual Check** **Option B: Manual Check**
``` ```
# Generate the hash of your downloaded script # Generate the hash of your downloaded script
sha256sum setup_harden_debian_ubuntu.sh sha256sum du_setup.sh
``` ```
Compare the output hash to the one below. They must match exactly. Compare the output hash to the one below. They must match exactly.
`c4ff92d755b8c862c0a5c885b0a1dfa68832a1a5465e1e9913386374202c6a7a` `86d08c58198c1b754329484f6bba79326d847649467851dfa89da250b3e6fd6b`
### 3\. Run the Script ### 3\. Run the Script
**Interactively (Recommended)** **Interactively (Recommended)**
``` ```
sudo ./setup_harden_debian_ubuntu.sh sudo ./du_setup.sh
``` ```
**Quiet Mode (For Automation)** **Quiet Mode (For Automation)**
``` ```
sudo ./setup_harden_debian_ubuntu.sh --quiet sudo ./du_setup.sh --quiet
``` ```
> **Warning**: The script pauses to verify SSH access on the new port before disabling old access methods. **Test the new SSH connection from a separate terminal before proceeding\!** > **Warning**: The script pauses to verify SSH access on the new port before disabling old access methods. **Test the new SSH connection from a separate terminal before proceeding\!**
@ -116,7 +116,7 @@ sudo ./setup_harden_debian_ubuntu.sh --quiet
## Logs & Backups ## Logs & Backups
* **Log Files**: `/var/log/setup_harden_debian_ubuntu_*.log` * **Log Files**: `/var/log/du_setup_*.log`
* **Backup Logs**: `/var/log/backup_rsync.log` (for remote backup operations) * **Backup Logs**: `/var/log/backup_rsync.log` (for remote backup operations)
* **Audit Logs**: `/var/log/setup_harden_security_audit_*.log` (for Lynis and debsecan results) * **Audit Logs**: `/var/log/setup_harden_security_audit_*.log` (for Lynis and debsecan results)
* **Configuration Backups**: `/root/setup_harden_backup_*` * **Configuration Backups**: `/root/setup_harden_backup_*`

19
setup_harden_debian_ubuntu.sh → du_setup.sh
View File

@ -1,8 +1,9 @@
#!/bin/bash #!/bin/bash
# Debian 12 and Ubuntu Server Hardening Interactive Script # Debian 12 and Ubuntu Server Hardening Interactive Script
# Version: 4.3 | 2025-06-29 # Version: 0.50 | 2025-06-30
# Changelog: # Changelog:
# - v0.50: versioning format change and repo name change
# - v4.3: Add SHA256 integrity verification # - v4.3: Add SHA256 integrity verification
# - v4.2: Added Security Audit Tools (Integrating Lynis and Optionally Debsecan) & option to do Backup Testing # - v4.2: Added Security Audit Tools (Integrating Lynis and Optionally Debsecan) & option to do Backup Testing
# Fixed debsecan compatibility (Debian-only), added global BACKUP_LOG, added backup testing # Fixed debsecan compatibility (Debian-only), added global BACKUP_LOG, added backup testing
@ -18,19 +19,19 @@
# README at GitHub: https://github.com/buildplan/setup_harden_server # README at GitHub: https://github.com/buildplan/setup_harden_server
# #
# Prerequisites: # Prerequisites:
# - Run as root on a fresh Debian 12 or Ubuntu server (e.g., sudo ./setup_harden_debian_ubuntu.sh or run as root ./setup_harden_debian_ubuntu.sh). # - Run as root on a fresh Debian 12 or Ubuntu server (e.g., sudo ./du_setup.sh or run as root ./du_setup.sh).
# - Internet connectivity is required for package installation. # - Internet connectivity is required for package installation.
# #
# Usage: # Usage:
# Download: wget https://raw.githubusercontent.com/buildplan/setup_harden_server/refs/heads/main/setup_harden_debian_ubuntu.sh # Download: wget https://raw.githubusercontent.com/buildplan/setup_harden_server/refs/heads/main/du_setup.sh
# Make it executable: chmod +x setup_harden_debian_ubuntu.sh # Make it executable: chmod +x du_setup.sh
# Run it: sudo ./setup_harden_debian_ubuntu.sh [--quiet] # Run it: sudo ./du_setup.sh [--quiet]
# #
# Options: # Options:
# --quiet: Suppress non-critical output for automation. (Not recommended always best to review all the options) # --quiet: Suppress non-critical output for automation. (Not recommended always best to review all the options)
# #
# Notes: # Notes:
# - The script creates a log file in /var/log/setup_harden_debian_ubuntu_*.log. # - The script creates a log file in /var/log/du_setup_*.log.
# - Critical configurations are backed up before modification. Backup files are at /root/setup_harden_backup_*. # - Critical configurations are backed up before modification. Backup files are at /root/setup_harden_backup_*.
# - A new admin user is created with a mandatory password or SSH key for authentication. # - A new admin user is created with a mandatory password or SSH key for authentication.
# - Root SSH login is disabled; all access is via the new user with sudo privileges. # - Root SSH login is disabled; all access is via the new user with sudo privileges.
@ -58,7 +59,7 @@ NC='\033[0m' # No Color
# Script variables # Script variables
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
LOG_FILE="/var/log/setup_harden_debian_ubuntu_$(date +%Y%m%d_%H%M%S).log" LOG_FILE="/var/log/du_setup_$(date +%Y%m%d_%H%M%S).log"
BACKUP_LOG="/var/log/backup_rsync.log" BACKUP_LOG="/var/log/backup_rsync.log"
VERBOSE=true VERBOSE=true
BACKUP_DIR="/root/setup_harden_backup_$(date +%Y%m%d_%H%M%S)" BACKUP_DIR="/root/setup_harden_backup_$(date +%Y%m%d_%H%M%S)"
@ -88,7 +89,7 @@ print_header() {
echo -e "${CYAN}╔═════════════════════════════════════════════════════════════════╗${NC}" echo -e "${CYAN}╔═════════════════════════════════════════════════════════════════╗${NC}"
echo -e "${CYAN}║ ║${NC}" echo -e "${CYAN}║ ║${NC}"
echo -e "${CYAN}║ DEBIAN/UBUNTU SERVER SETUP AND HARDENING SCRIPT ║${NC}" echo -e "${CYAN}║ DEBIAN/UBUNTU SERVER SETUP AND HARDENING SCRIPT ║${NC}"
echo -e "${CYAN}v4.3 | 2025-06-29 ${NC}" echo -e "${CYAN} v0.50 | 2025-06-30${NC}"
echo -e "${CYAN}║ ║${NC}" echo -e "${CYAN}║ ║${NC}"
echo -e "${CYAN}╚═════════════════════════════════════════════════════════════════╝${NC}" echo -e "${CYAN}╚═════════════════════════════════════════════════════════════════╝${NC}"
echo echo
@ -232,7 +233,7 @@ check_system() {
print_section "System Compatibility Check" print_section "System Compatibility Check"
if [[ $(id -u) -ne 0 ]]; then if [[ $(id -u) -ne 0 ]]; then
print_error "This script must be run as root (e.g., sudo ./setup_harden_debian_ubuntu.sh)." print_error "This script must be run as root (e.g., sudo ./du_setup.sh)."
exit 1 exit 1
fi fi
print_success "Running with root privileges." print_success "Running with root privileges."

1
du_setup.sh.sha256 Normal file
View File

@ -0,0 +1 @@
86d08c58198c1b754329484f6bba79326d847649467851dfa89da250b3e6fd6b du_setup.sh

1
setup_harden_debian_ubuntu.sh.sha256
View File

@ -1 +0,0 @@
c4ff92d755b8c862c0a5c885b0a1dfa68832a1a5465e1e9913386374202c6a7a setup_harden_debian_ubuntu.sh