- Display red text for Revert Op display
- Switched to "service" from "systemctl" to accomodate Ubuntu 14 - Bugfix
This commit is contained in:
Pratik
@@ -11,7 +11,8 @@
|
|||||||
# OVH
|
# OVH
|
||||||
# Hetzner
|
# Hetzner
|
||||||
|
|
||||||
|
# TODO - fail2ban does not work on Ubuntu 14.04 => does NOT read the defaults-debian.conf file
|
||||||
|
# => Check what makes debian read it => something in fail2ban.conf file
|
||||||
|
|
||||||
SCRIPT_NAME=server_harden
|
SCRIPT_NAME=server_harden
|
||||||
SCRIPT_VERSION=0.2
|
SCRIPT_VERSION=0.2
|
||||||
@@ -187,6 +188,7 @@ cat <<INFORM | more
|
|||||||
then those credentials will be displayed at the end of all operations.
|
then those credentials will be displayed at the end of all operations.
|
||||||
- If script reports any error or something does not work as expected,
|
- If script reports any error or something does not work as expected,
|
||||||
please take a look at the log file at (${LOGFILE}).
|
please take a look at the log file at (${LOGFILE}).
|
||||||
|
- Operations are NOT idempotent
|
||||||
|
|
||||||
All backup files have extension (${BACKUP_EXTENSION})
|
All backup files have extension (${BACKUP_EXTENSION})
|
||||||
Script logs all operation into (${LOGFILE}) file.
|
Script logs all operation into (${LOGFILE}) file.
|
||||||
@@ -346,7 +348,7 @@ function revert_create_user(){
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ $success -eq 0 ]]; then
|
if [[ $success -eq 0 ]]; then
|
||||||
op_log "Reverting - New User Creation" "SUCCESSFUL"
|
op_rev_log "Reverting - New User Creation" "SUCCESSFUL"
|
||||||
file_log "Reverting New User Creation - Completed"
|
file_log "Reverting New User Creation - Completed"
|
||||||
else
|
else
|
||||||
error_restoring "Reverting - New User Creation"
|
error_restoring "Reverting - New User Creation"
|
||||||
@@ -370,7 +372,7 @@ function revert_create_ssh_key(){
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ $success -eq 0 ]]; then
|
if [[ $success -eq 0 ]]; then
|
||||||
op_log "Reverting - SSH Key Generation" "SUCCESSFUL"
|
op_rev_log "Reverting - SSH Key Generation" "SUCCESSFUL"
|
||||||
file_log "Reverting SSH Key Generation - Completed"
|
file_log "Reverting SSH Key Generation - Completed"
|
||||||
else
|
else
|
||||||
error_restoring "Reverting - SSH Key Generation"
|
error_restoring "Reverting - SSH Key Generation"
|
||||||
@@ -396,7 +398,7 @@ function revert_secure_authorized_key(){
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ $success -eq 0 ]]; then
|
if [[ $success -eq 0 ]]; then
|
||||||
op_log "Reverting - SSH Key Authorization" "SUCCESSFUL"
|
op_rev_log "Reverting - SSH Key Authorization" "SUCCESSFUL"
|
||||||
file_log "Reverting SSH Key Authorization - Completed"
|
file_log "Reverting SSH Key Authorization - Completed"
|
||||||
else
|
else
|
||||||
error_restoring "Reverting - SSH Key Authorization"
|
error_restoring "Reverting - SSH Key Authorization"
|
||||||
@@ -416,7 +418,7 @@ function revert_ssh_only_login(){
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ $success -eq 0 ]]; then
|
if [[ $success -eq 0 ]]; then
|
||||||
op_log "Reverting - SSH-only Login" "SUCCESSFUL"
|
op_rev_log "Reverting - SSH-only Login" "SUCCESSFUL"
|
||||||
file_log "Reverting SSH-only Login - Completed"
|
file_log "Reverting SSH-only Login - Completed"
|
||||||
else
|
else
|
||||||
error_restoring "Reverting - SSH-only Login"
|
error_restoring "Reverting - SSH-only Login"
|
||||||
@@ -443,7 +445,7 @@ function revert_source_list_changes(){
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ $success -eq 0 ]]; then
|
if [[ $success -eq 0 ]]; then
|
||||||
op_log "Reverting - Source_list Changes" "SUCCESSFUL"
|
op_rev_log "Reverting - Source_list Changes" "SUCCESSFUL"
|
||||||
file_log "Reverting Source_list Changes - Completed"
|
file_log "Reverting Source_list Changes - Completed"
|
||||||
else
|
else
|
||||||
error_restoring "Reverting - Source_list Changes"
|
error_restoring "Reverting - Source_list Changes"
|
||||||
@@ -464,7 +466,7 @@ function revert_config_UFW(){
|
|||||||
success=$?
|
success=$?
|
||||||
|
|
||||||
if [[ $success -eq 0 ]]; then
|
if [[ $success -eq 0 ]]; then
|
||||||
op_log "Reverting - UFW Configuration" "SUCCESSFUL"
|
op_rev_log "Reverting - UFW Configuration" "SUCCESSFUL"
|
||||||
file_log "Reverting UFW Configuration - Completed"
|
file_log "Reverting UFW Configuration - Completed"
|
||||||
else
|
else
|
||||||
error_restoring "Reverting - UFW Configuration"
|
error_restoring "Reverting - UFW Configuration"
|
||||||
@@ -495,7 +497,7 @@ function revert_config_fail2ban(){
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ $success -eq 0 ]]; then
|
if [[ $success -eq 0 ]]; then
|
||||||
op_log "Reverting - Fail2ban Config" "SUCCESSFUL"
|
op_rev_log "Reverting - Fail2ban Config" "SUCCESSFUL"
|
||||||
file_log "Reverting Fail2ban Config - Completed"
|
file_log "Reverting Fail2ban Config - Completed"
|
||||||
else
|
else
|
||||||
error_restoring "Reverting - Fail2ban Config"
|
error_restoring "Reverting - Fail2ban Config"
|
||||||
@@ -638,6 +640,12 @@ function op_log() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function op_rev_log(){
|
||||||
|
printf "${CRED}"
|
||||||
|
op_log "$1" "$2"
|
||||||
|
printf "${CEND}"
|
||||||
|
}
|
||||||
|
|
||||||
function recap (){
|
function recap (){
|
||||||
local purpose=$1
|
local purpose=$1
|
||||||
local status=$2
|
local status=$2
|
||||||
@@ -929,7 +937,13 @@ op_log "${OP_TEXT[3]}"
|
|||||||
set_op_code $?
|
set_op_code $?
|
||||||
file_log "Set SSH Authorization-Keys path -> AuthorizedKeysFile '%h\/\.ssh\/authorized_keys'"
|
file_log "Set SSH Authorization-Keys path -> AuthorizedKeysFile '%h\/\.ssh\/authorized_keys'"
|
||||||
|
|
||||||
systemctl restart sshd
|
{
|
||||||
|
service sshd restart 2>> "$LOGFILE" >&2
|
||||||
|
} || {
|
||||||
|
# Because Ubuntu 14.04 does not have sshd
|
||||||
|
service ssh restart 2>> "$LOGFILE" >&2
|
||||||
|
}
|
||||||
|
set_op_code $?
|
||||||
} 2>> "$LOGFILE" >&2
|
} 2>> "$LOGFILE" >&2
|
||||||
|
|
||||||
if [[ $OP_CODE -eq 0 ]]; then
|
if [[ $OP_CODE -eq 0 ]]; then
|
||||||
@@ -1036,7 +1050,7 @@ op_log "${OP_TEXT[5]}"
|
|||||||
{
|
{
|
||||||
apt-get update
|
apt-get update
|
||||||
apt-get upgrade -y
|
apt-get upgrade -y
|
||||||
apt-get install -y sudo systemd curl screen ufw fail2ban
|
apt-get install -y sudo curl screen ufw fail2ban
|
||||||
set_op_code $?
|
set_op_code $?
|
||||||
} 2>> "$LOGFILE" >&2
|
} 2>> "$LOGFILE" >&2
|
||||||
|
|
||||||
@@ -1116,8 +1130,9 @@ if [[ $InstallReqSoftwares -eq 2 ]]; then
|
|||||||
sed -ri "/^\[DEFAULT\]$/,/^# JAILS$/ s/^backend[[:blank:]]*=.*/backend = polling/" /etc/fail2ban/jail.local
|
sed -ri "/^\[DEFAULT\]$/,/^# JAILS$/ s/^backend[[:blank:]]*=.*/backend = polling/" /etc/fail2ban/jail.local
|
||||||
sed -ri "/^\[DEFAULT\]$/,/^# JAILS$/ s/^ignoreip[[:blank:]]*=.*/ignoreip = 127.0.0.1\/8 ::1 ${pub_ip}/" /etc/fail2ban/jail.local
|
sed -ri "/^\[DEFAULT\]$/,/^# JAILS$/ s/^ignoreip[[:blank:]]*=.*/ignoreip = 127.0.0.1\/8 ::1 ${pub_ip}/" /etc/fail2ban/jail.local
|
||||||
|
|
||||||
# TODO - Below - make it usable for Ubuntu as well
|
if [[ -f /etc/fail2ban/jail.d/defaults-debian.conf ]]; then
|
||||||
cp /etc/fail2ban/jail.d/defaults-debian.conf /etc/fail2ban/jail.d/defaults-debian.conf"$BACKUP_EXTENSION"
|
cp /etc/fail2ban/jail.d/defaults-debian.conf /etc/fail2ban/jail.d/defaults-debian.conf"$BACKUP_EXTENSION"
|
||||||
|
fi
|
||||||
|
|
||||||
cat <<FAIL2BAN > /etc/fail2ban/jail.d/defaults-debian.conf
|
cat <<FAIL2BAN > /etc/fail2ban/jail.d/defaults-debian.conf
|
||||||
[sshd]
|
[sshd]
|
||||||
@@ -1139,7 +1154,7 @@ FAIL2BAN
|
|||||||
|
|
||||||
set_op_code $?
|
set_op_code $?
|
||||||
|
|
||||||
systemctl restart fail2ban
|
service fail2ban start
|
||||||
set_op_code $?
|
set_op_code $?
|
||||||
} 2>> "$LOGFILE" >&2
|
} 2>> "$LOGFILE" >&2
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user