pratik/server_init_harden
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(docs): refine project description for clarity and accuracy & remove old files

Browse Source
This commit is contained in:
Pratik Tripathy
2024-12-21 19:53:41 +05:30
parent 534b2f50a6
commit 2f2d4142d4
2 changed files with 80 additions and 284 deletions
Download Patch File Download Diff File Expand all files Collapse all files

206
Failure-test
View File

@@ -1,206 +0,0 @@
Step 1 Failure > expectation
- Delete user + delete home directory
- Exit
- Ubuntu 14
- Works as expected.
- Shows error & Revert status
- Ubuntu 16
- Works as expected.
- Ubuntu 18
- Works as expected.
- Debian 8
- Works as expected
- Debian 9
- Works as expected
Step 2 Failure > expectation
- Delete user + delete home directory
- Exit
- Ubuntu 14
- Works as expected
- Ubuntu 16
- Works as expected.
- Ubuntu 18
- Works as expected.
- Debian 8
Works as expected
- Debian 9
- Works as expected
Step 3 Failure > expectation
- Reset the attributes of "authorized_keys"
- Delete user + delete home directory
- Exit
- Ubuntu 14
- Works as expected
- Ubuntu 16
- Works as expected.
- Ubuntu 18
- Works as expected.
- Debian 8
Works as expected
- Debian 9
- Works as expected
Step 4 Failure > expectation
- Restore backup files in /etc/apt folder and sub-folders
- Differs for each provider (Hetzner specially)
- Script continues
- Ubuntu 14
- Works as expected
- Ubuntu 16
- Works as expected.
- Ubuntu 18
- Works as expected.
- Debian 8
Works as expected
- Debian 9
- Works as expected
Step 5 Failure > expectation
- Continue to Step 8
- Ubuntu 14
- Works as expected
- Ubuntu 16
- Works as expected.
- Ubuntu 18
- Works as expected.
- Debian 8
Works as expected
- Debian 9
- Works as expected
Step 6 Failure > expectation
- Disable UFW
- Continue to next Step
- Ubuntu 14
- Works as expected
- Ubuntu 16
- Works as expected.
- Ubuntu 18
- Works as expected.
- Debian 8
Works as expected
- Debian 9
- Works as expected
Step 7 Failure > expectation
- For 1st run of the script Restore /etc/fail2ban/jail.conf
- For 2nd run of the script restore /etc/fail2ban/jail.local
- Restore /etc/fail2ban/jail.d/defaults-debian.conf file if present
- Continue to next step
- Ubuntu 14
- Works as expected
- Ubuntu 16
- Works as expected.
- Ubuntu 18
- Works as expected.
- Debian 8
Works as expected
- Debian 9
- Works as expected
Step 8 Failure > expectation
- Display that something did not complete successfully
- Continue to next step
- Ubuntu 14
- Works as expected
- Ubuntu 16
- Works as expected.
- Ubuntu 18
- Works as expected.
- Debian 8
Works as expected
- Debian 9
- Works as expected
Step 9 Failure > expectation
- Reset the attributes of "authorized_keys"
- Delete user + delete home directory
- [If opted] Restore backup files in /etc/apt folder and sub-folders
- Disable UFW
- For 1st run of the script Restore /etc/fail2ban/jail.conf
- For 2nd run of the script restore /etc/fail2ban/jail.local
- Restore /etc/fail2ban/jail.d/defaults-debian.conf file if present
- Restore the /etc/ssh/sshd_config file
- Exit
- Ubuntu 14
- Works as expected
- Ubuntu 16
- Works as expected.
- Ubuntu 18
- Works as expected.
- Debian 8
Works as expected
- Debian 9
- Works as expected
## Testing
- [x] Test - ([Digital Ocean](https://m.do.co/c/90b426e9b307 "Get $100 free credit")) - Debian 9.6
- [x] Test - ([Digital Ocean](https://m.do.co/c/90b426e9b307 "Get $100 free credit")) - Debian 8.10
- [x] Test - ([Digital Ocean](https://m.do.co/c/90b426e9b307 "Get $100 free credit")) - Ubuntu 14.04.5
- [x] Test - ([Digital Ocean](https://m.do.co/c/90b426e9b307 "Get $100 free credit")) - Ubuntu 16.04.5
- [x] Test - ([Digital Ocean](https://m.do.co/c/90b426e9b307 "Get $100 free credit")) - Ubuntu 18.04.5
- [x] Test - ([Digital Ocean](https://m.do.co/c/90b426e9b307 "Get $100 free credit")) - Ubuntu 18.10
- [x] Test - ([Hetzner](https://www.hetzner.com/)) - Debian 9
- [x] Test - ([Hetzner](https://www.hetzner.com/)) - Ubuntu 16.04.5
- [x] Test - ([Hetzner](https://www.hetzner.com/)) - Ubuntu 18.04.1
- [x] Test - ([OVH](https://www.ovh.com)) - Debian 9
- [x] Test - ([OVH](https://www.ovh.com)) - Debian 8
- [x] Test - ([OVH](https://www.ovh.com)) - Ubuntu 14.04
- [x] Test - ([OVH](https://www.ovh.com)) - Ubuntu 16.04
- [x] Test - ([OVH](https://www.ovh.com)) - Ubuntu 18.04
- [x] Test failures - Debian 9 - Step 1
- [x] Test failures - Debian 9 - Step 2
- [x] Test failures - Debian 9 - Step 3
- [x] Test failures - Debian 9 - Step 4
- [x] Test failures - Debian 9 - Step 5
- [x] Test failures - Debian 9 - Step 6
- [x] Test failures - Debian 9 - Step 7
- [x] Test failures - Debian 9 - Step 8
- [x] Test failures - Debian 9 - Step 9
- [x] Test failures - Debian 8 - Step 1
- [x] Test failures - Debian 8 - Step 2
- [x] Test failures - Debian 8 - Step 3
- [x] Test failures - Debian 8 - Step 4
- [x] Test failures - Debian 8 - Step 5
- [x] Test failures - Debian 8 - Step 6
- [x] Test failures - Debian 8 - Step 7
- [x] Test failures - Debian 8 - Step 8
- [x] Test failures - Debian 8 - Step 9
- [x] Test failures - Ubuntu 14.04 - Step 1
- [x] Test failures - Ubuntu 14.04 - Step 2
- [x] Test failures - Ubuntu 14.04 - Step 3
- [x] Test failures - Ubuntu 14.04 - Step 4
- [x] Test failures - Ubuntu 14.04 - Step 5
- [x] Test failures - Ubuntu 14.04 - Step 6
- [x] Test failures - Ubuntu 14.04 - Step 7
- [x] Test failures - Ubuntu 14.04 - Step 8
- [x] Test failures - Ubuntu 14.04 - Step 9
- [x] Test failures - Ubuntu 16.04 - Step 1
- [x] Test failures - Ubuntu 16.04 - Step 2
- [x] Test failures - Ubuntu 16.04 - Step 3
- [x] Test failures - Ubuntu 16.04 - Step 4
- [x] Test failures - Ubuntu 16.04 - Step 5
- [x] Test failures - Ubuntu 16.04 - Step 6
- [x] Test failures - Ubuntu 16.04 - Step 7
- [x] Test failures - Ubuntu 16.04 - Step 8
- [x] Test failures - Ubuntu 16.04 - Step 9
- [x] Test failures - Ubuntu 18.04 - Step 1
- [x] Test failures - Ubuntu 18.04 - Step 2
- [x] Test failures - Ubuntu 18.04 - Step 3
- [x] Test failures - Ubuntu 18.04 - Step 4
- [x] Test failures - Ubuntu 18.04 - Step 5
- [x] Test failures - Ubuntu 18.04 - Step 6
- [x] Test failures - Ubuntu 18.04 - Step 7
- [x] Test failures - Ubuntu 18.04 - Step 8
- [x] Test failures - Ubuntu 18.04 - Step 9
- [x] Test - How it behaves on repeat execution

4
README.md
View File

@@ -1,6 +1,6 @@
# Linux Server Hardener # Linux Server Hardener
Bash script that automates server security hardening on a new Linux server. A robust POSIX-compliant shell script that automates security hardening for Linux systems through SSH hardening, intrusion detection, firewall configuration, and granular access controls. This production-grade solution ensures consistent security baselines while maintaining compatibility across major Linux distributions.
## **WARNING** ## **WARNING**
@@ -16,12 +16,14 @@ This script can potentially make your server inaccessible if not used properly.
After running the script, you MUST: After running the script, you MUST:
1. **Save the SSH Private Key** 1. **Save the SSH Private Key**
- Copy the entire private key content (starts with `-----BEGIN OPENSSH PRIVATE KEY-----`) - Copy the entire private key content (starts with `-----BEGIN OPENSSH PRIVATE KEY-----`)
- Store it securely on your local machine as `id_ed25519` or similar - Store it securely on your local machine as `id_ed25519` or similar
- Keep it strictly private and NEVER share it with anyone - Keep it strictly private and NEVER share it with anyone
- Without this key, you cannot access your server - Without this key, you cannot access your server
2. **Save the Key Passphrase** 2. **Save the Key Passphrase**
- Store the generated passphrase securely - Store the generated passphrase securely
- Required every time you use the private key - Required every time you use the private key
- Keep it secret like a password - Keep it secret like a password