Updates
This commit is contained in:
Pratik
24
README.md
24
README.md
@@ -30,30 +30,30 @@ Alpha testing. NOT production ready.
|
|||||||
The script is intended to be executed immediately after you have access to a *__new__* Linux server (most likely a VPS) as *__root__*.
|
The script is intended to be executed immediately after you have access to a *__new__* Linux server (most likely a VPS) as *__root__*.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# bash <(wget -q https://raw.githubusercontent.com/pratiktri/init-li-harden/master/init-linux-harden.sh -O -) --help
|
bash <(wget -q https://raw.githubusercontent.com/pratiktri/init-li-harden/master/init-linux-harden.sh -O -) --help
|
||||||
|
|
||||||
# bash <(wget -q https://raw.githubusercontent.com/pratiktri/init-li-harden/master/init-linux-harden.sh -O -) --username someusername --resetrootpwd --defaultsourcelist
|
bash <(wget -q https://raw.githubusercontent.com/pratiktri/init-li-harden/master/init-linux-harden.sh -O -) --username someusername --resetrootpwd --defaultsourcelist
|
||||||
|
|
||||||
# bash <(wget -q https://raw.githubusercontent.com/pratiktri/init-li-harden/master/init-linux-harden.sh -O -) --quiet
|
bash <(wget -q https://raw.githubusercontent.com/pratiktri/init-li-harden/master/init-linux-harden.sh -O -) --quiet
|
||||||
```
|
```
|
||||||
|
|
||||||
>> There are inherent risks involved with running scripts directly (without reviewing it first) from web - as done above. Everyone does it anyways, but you have been warned.
|
> There are inherent risks involved with running scripts directly (without reviewing it first) from web - as done above. Everyone does it anyways, but you have been warned.
|
||||||
|
|
||||||
# What does it do exactly?
|
# What does it do ?
|
||||||
Script performed the following operations:-
|
Script performed the following operations:-
|
||||||
|
|
||||||
1. [Create non-root user and give it "sudo" privilege](https://github.com/pratiktri/init-li-harden#1-create-non-root-user-and-give-it-sudo-privilege "Goto details of the step")
|
1. [Create non-root user and give it "sudo" privilege](https://github.com/pratiktri/init-li-harden#1-create-non-root-user-and-give-it-sudo-privilege "Goto details of the step")
|
||||||
2. [Generate passphrage protected *ed25519* SSH Keys](https://github.com/pratiktri/init-li-harden#2-generate-passphrage-protected-ed25519-ssh-keys-private--public "Goto details of the step")
|
2. [Generate passphrage protected *ed25519* SSH Keys](https://github.com/pratiktri/init-li-harden#2-generate-passphrage-protected-ed25519-ssh-keys-private--public "Goto details of the step")
|
||||||
3. [Secure "authorized_keys" file](https://github.com/pratiktri/init-li-harden#3-secure-authorized_keys-file "Goto details of the step")
|
3. [Secure "authorized_keys" file](https://github.com/pratiktri/init-li-harden#3-secure-authorized_keys-file "Goto details of the step")
|
||||||
4. [[Optionally] Reset the url for apt repo from VPS provided CDN to OS provided ones](https://github.com/pratiktri/init-li-harden#4-optionally-resets-the-url-from-which-apt-gets-software-from-resets-them-to-the-flavour-provided-urls "Goto details of the step")
|
4. [[Optionally] Reset the url for apt repo from VPS provided CDN to OS provided ones](https://github.com/pratiktri/init-li-harden#4-optionally-reset-the-url--for-apt-repo-from-vps-provided-cdn-to-os-provided-ones "Goto details of the step")
|
||||||
5. [Update + Upgrade + Install softwares (sudo curl screen ufw fail2ban)](https://github.com/pratiktri/init-li-harden#5-updates--upgrades--installs-required-softwares-sudo--screen-ufw-fail2ban "Goto details of the step")
|
5. [Update + Upgrade + Install softwares (sudo curl screen ufw fail2ban)](https://github.com/pratiktri/init-li-harden#5-updates--upgrades--installs-required-softwares-sudo--screen-ufw-fail2ban "Goto details of the step")
|
||||||
6. [Configure UFW](https://github.com/pratiktri/init-li-harden#6-configures-ufw "Goto details of the step")
|
6. [Configure UFW](https://github.com/pratiktri/init-li-harden#6-configure-ufw "Goto details of the step")
|
||||||
7. [Configure Fail2Ban](https://github.com/pratiktri/init-li-harden#7-configures-fail2ban "Goto details of the step")
|
7. [Configure Fail2Ban](https://github.com/pratiktri/init-li-harden#7-configure-fail2ban "Goto details of the step")
|
||||||
8. [Alter SSH options(/etc/ssh/sshd_config) to do the following:-](https://github.com/pratiktri/init-li-harden#8-alters-ssh-options "Goto details of the step")
|
8. [Alter SSH options(/etc/ssh/sshd_config) to do the following:-](https://github.com/pratiktri/init-li-harden#8-alter-ssh-options "Goto details of the step")
|
||||||
* Disable SSH login for *root* (PermitRootLogin no)
|
* Disable SSH login for *root* (PermitRootLogin no)
|
||||||
* Disable SSH login through password for all users (PasswordAuthentication no)
|
* Disable SSH login through password for all users (PasswordAuthentication no)
|
||||||
* Updates path for *authoried_keys* file
|
* Updates path for *authoried_keys* file
|
||||||
9. [[Optionally] Reset *root* password](https://github.com/pratiktri/init-li-harden#9-optionally-resets-root-password "Goto details of the step")
|
9. [[Optionally] Reset *root* password](https://github.com/pratiktri/init-li-harden#9-optionally-reset-root-password "Goto details of the step")
|
||||||
10. [On successfully completing above operations, display the following on screen:-](https://github.com/pratiktri/init-li-harden#10-on-successfully-completing-above-operations "Goto details of the step")
|
10. [On successfully completing above operations, display the following on screen:-](https://github.com/pratiktri/init-li-harden#10-on-successfully-completing-above-operations "Goto details of the step")
|
||||||
* Username
|
* Username
|
||||||
* User Password
|
* User Password
|
||||||
@@ -239,7 +239,7 @@ This script sets up Fail2ban as following:-
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
### 8. Alters SSH options
|
### 8. Alter SSH options
|
||||||
This step contines from step 3 to harden our ssh login. Here, we do edit */etc/ssh/sshd_config* file to achieve the following:-
|
This step contines from step 3 to harden our ssh login. Here, we do edit */etc/ssh/sshd_config* file to achieve the following:-
|
||||||
* Disable *root* login (**PermitRootLogin no**). No one needs to work on *root*. The new user created already has *root* privileges anyways.
|
* Disable *root* login (**PermitRootLogin no**). No one needs to work on *root*. The new user created already has *root* privileges anyways.
|
||||||
* Disable password login (**PasswordAuthentication no**). This ensures we can ONLY login though SSH Keys.
|
* Disable password login (**PasswordAuthentication no**). This ensures we can ONLY login though SSH Keys.
|
||||||
@@ -259,7 +259,7 @@ This step contines from step 3 to harden our ssh login. Here, we do edit */etc/s
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
### 9. [Optionally] Resets root password
|
### 9. [Optionally] Reset root password
|
||||||
Since, VPS providers sends you the password of your VPS's *root* user in email in plain text. So, password needs to be changed immediately. **Since we have disabled *root* login AND password login in the above step, changing *root* password might be an overkill**. But, still...
|
Since, VPS providers sends you the password of your VPS's *root* user in email in plain text. So, password needs to be changed immediately. **Since we have disabled *root* login AND password login in the above step, changing *root* password might be an overkill**. But, still...
|
||||||
|
|
||||||
Also most VPS providers these days, allow you to provide SSH Public Key in their website. If you have done that you can skip this step. **It is disabled by default anyways**.
|
Also most VPS providers these days, allow you to provide SSH Public Key in their website. If you have done that you can skip this step. **It is disabled by default anyways**.
|
||||||
|
|||||||
Reference in New Issue
Block a user