From 76d3724af2ed0f9352cb42b310730bb2b86ac0ef Mon Sep 17 00:00:00 2001
From: Pratik <github@pratik.social>
Date: Wed, 13 Feb 2019 07:07:21 +0530
Subject: [PATCH] Added exit-code to file log Updated read me for -hide flag

---
 README.md            | 11 ++++++-----
 init-linux-harden.sh | 17 ++++++++++++++++-
 2 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 7f4ce55..65c2090 100644
--- a/README.md
+++ b/README.md
@@ -45,12 +45,13 @@ Run the script with below option to see all available options:-
 root@host:~# bash <(wget -q https://raw.githubusercontent.com/pratiktri/server_init_harden/master/init-linux-harden.sh -O -) --help
 
 Usage: sudo bash /dev/fd/63 [-u|--username username] [-r|--resetrootpwd] [--defaultsourcelist]
-  -u, --username            Username for your server (If omitted script will choose an username for you)
-  -r, --resetrootpwd        Reset current root password
-  -d, --defaultsourcelist   Updates /etc/apt/sources.list to download software from debian.org.
-                            NOTE - If you fail to update system after using it, you need to manually reset it. This script keeps a backup in the same folder.
+  -u, --username              Username for your server (If omitted script will choose an username for you)
+  -r, --resetrootpwd          Reset current root password
+  -hide, --hide-credentials   Credentials will hidden from the screen and can ONLY be found in the logfile (tail -n 20 /tmp/logfilename)
+  -d, --defaultsourcelist     Updates /etc/apt/sources.list to download software from debian.org
+                              NOTE - If you fail to update system after using it, you need to manually reset it. This script keeps a backup in the same folder
 
-Example: bash ./server_init_harden.sh --username myuseraccount --resetrootpwd
+Example: bash ./linux_init_harden.sh --username myuseraccount --resetrootpwd
 
 Below restrictions apply to username this script accepts - 
    - [a-zA-Z0-9] [-] [_] are allowed
diff --git a/init-linux-harden.sh b/init-linux-harden.sh
index 6625193..46f9541 100644
--- a/init-linux-harden.sh
+++ b/init-linux-harden.sh
@@ -373,6 +373,7 @@ function revert_create_user(){
     if [[ $exit_code -eq 0 ]]; then
         log_op_rev_status "Reverting - New User Creation" "SUCCESSFUL"
     else
+        file_log "Error Code - ${exit_code}"
         log_revert_error "Reverting - New User Creation"
     fi
 
@@ -390,6 +391,7 @@ function revert_create_ssh_key(){
     if [[ $exit_code -eq 0 ]]; then
         log_op_rev_status "Reverting - SSH Key Generation" "SUCCESSFUL"
     else
+        file_log "Error Code - ${exit_code}"
         log_revert_error "Reverting - SSH Key Generation"
     fi
 
@@ -416,6 +418,7 @@ function revert_secure_authorized_key(){
     if [[ $exit_code -eq 0 ]]; then
         log_op_rev_status "Reverting - SSH Key Authorization" "SUCCESSFUL"
     else
+        file_log "Error Code - ${exit_code}"
         log_revert_error "Reverting - SSH Key Authorization"
     fi
 
@@ -446,6 +449,7 @@ function revert_source_list_changes(){
     if [[ $exit_code -eq 0 ]]; then
         log_op_rev_status "Reverting - Source_list Changes" "SUCCESSFUL"
     else
+        file_log "Error Code - ${exit_code}"
         log_revert_error "Reverting - Source_list Changes"
     fi
 
@@ -491,7 +495,7 @@ function revert_config_fail2ban(){
     else
         # If /etc/fail2ban/jail.local/_bkp does NOT exists then this IS the 1st time script is run
         # You probably do NOT want the jail.local > which might be corrupted > which is why you are here
-        file_log "Removing /etc/fail2ban/jail.local as that might have been the culprit in this failure"
+        file_log "Removing /etc/fail2ban/jail.local"
         rm /etc/fail2ban/jail.local 2>> "$LOGFILE" >&2
         set_exit_code $?
     fi
@@ -510,6 +514,7 @@ function revert_config_fail2ban(){
     if [[ $exit_code -eq 0 ]]; then
         log_op_rev_status "Reverting - Fail2ban Config" "SUCCESSFUL"
     else
+        file_log "Error Code - ${exit_code}"
         log_revert_error "Reverting - Fail2ban Config"
     fi
 
@@ -536,6 +541,7 @@ function revert_schedule_updates() {
     if [[ $exit_code -eq 0 ]]; then
         log_op_rev_status "Reverting - Daily Update Download" "SUCCESSFUL"
     else
+        file_log "Error Code - ${exit_code}"
         log_revert_error "Reverting - Daily Update Download"
     fi
 
@@ -576,6 +582,7 @@ function revert_ssh_only_login(){
     if [[ $exit_code -eq 0 ]]; then
         log_op_rev_status "Reverting - SSH-only Login" "SUCCESSFUL"
     else
+        file_log "Error Code - ${exit_code}"
         log_revert_error "Reverting - SSH-only Login"
     fi
 
@@ -993,10 +1000,18 @@ fi
 
 setup_step_start "${STEP_TEXT[5]}"
 {
+    file_log "Cleaning apt cache"
+    apt-get -y clean && apt-get -y autoclean && apt-get -y autoremove
+
+    file_log "Updating apt-get"
     apt-get update
+
+    file_log "Downloading apt updates"
     export DEBIAN_FRONTEND=noninteractive ; apt-get upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
     apt-get install -y sudo curl screen ufw fail2ban
     set_exit_code $?
+
+    file_log "To install updates, run - sudo apt-get dist-upgrade"
 } 2>> "$LOGFILE" >&2
 
 setup_step_end "${STEP_TEXT[5]}"