pratik/server_init_harden
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added exit-code to file log

Browse Source 
Updated read me for -hide flag
This commit is contained in:
Pratik
2019-02-13 07:07:21 +05:30
parent 17c4e244fa
commit 76d3724af2
2 changed files with 22 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
README.md
View File

@@ -45,12 +45,13 @@ Run the script with below option to see all available options:-
root@host:~# bash <(wget -q https://raw.githubusercontent.com/pratiktri/server_init_harden/master/init-linux-harden.sh -O -) --help root@host:~# bash <(wget -q https://raw.githubusercontent.com/pratiktri/server_init_harden/master/init-linux-harden.sh -O -) --help
Usage: sudo bash /dev/fd/63 [-u|--username username] [-r|--resetrootpwd] [--defaultsourcelist] Usage: sudo bash /dev/fd/63 [-u|--username username] [-r|--resetrootpwd] [--defaultsourcelist]
-u, --username Username for your server (If omitted script will choose an username for you) -u, --username Username for your server (If omitted script will choose an username for you)
-r, --resetrootpwd Reset current root password -r, --resetrootpwd Reset current root password
-d, --defaultsourcelist Updates /etc/apt/sources.list to download software from debian.org. -hide, --hide-credentials Credentials will hidden from the screen and can ONLY be found in the logfile (tail -n 20 /tmp/logfilename)
NOTE - If you fail to update system after using it, you need to manually reset it. This script keeps a backup in the same folder. -d, --defaultsourcelist Updates /etc/apt/sources.list to download software from debian.org
NOTE - If you fail to update system after using it, you need to manually reset it. This script keeps a backup in the same folder
Example: bash ./server_init_harden.sh --username myuseraccount --resetrootpwd Example: bash ./linux_init_harden.sh --username myuseraccount --resetrootpwd
Below restrictions apply to username this script accepts - Below restrictions apply to username this script accepts -
- [a-zA-Z0-9] [-] [_] are allowed - [a-zA-Z0-9] [-] [_] are allowed

17
init-linux-harden.sh
View File

@@ -373,6 +373,7 @@ function revert_create_user(){
if [[ $exit_code -eq 0 ]]; then if [[ $exit_code -eq 0 ]]; then
log_op_rev_status "Reverting - New User Creation" "SUCCESSFUL" log_op_rev_status "Reverting - New User Creation" "SUCCESSFUL"
else else
file_log "Error Code - ${exit_code}"
log_revert_error "Reverting - New User Creation" log_revert_error "Reverting - New User Creation"
fi fi
@@ -390,6 +391,7 @@ function revert_create_ssh_key(){
if [[ $exit_code -eq 0 ]]; then if [[ $exit_code -eq 0 ]]; then
log_op_rev_status "Reverting - SSH Key Generation" "SUCCESSFUL" log_op_rev_status "Reverting - SSH Key Generation" "SUCCESSFUL"
else else
file_log "Error Code - ${exit_code}"
log_revert_error "Reverting - SSH Key Generation" log_revert_error "Reverting - SSH Key Generation"
fi fi
@@ -416,6 +418,7 @@ function revert_secure_authorized_key(){
if [[ $exit_code -eq 0 ]]; then if [[ $exit_code -eq 0 ]]; then
log_op_rev_status "Reverting - SSH Key Authorization" "SUCCESSFUL" log_op_rev_status "Reverting - SSH Key Authorization" "SUCCESSFUL"
else else
file_log "Error Code - ${exit_code}"
log_revert_error "Reverting - SSH Key Authorization" log_revert_error "Reverting - SSH Key Authorization"
fi fi
@@ -446,6 +449,7 @@ function revert_source_list_changes(){
if [[ $exit_code -eq 0 ]]; then if [[ $exit_code -eq 0 ]]; then
log_op_rev_status "Reverting - Source_list Changes" "SUCCESSFUL" log_op_rev_status "Reverting - Source_list Changes" "SUCCESSFUL"
else else
file_log "Error Code - ${exit_code}"
log_revert_error "Reverting - Source_list Changes" log_revert_error "Reverting - Source_list Changes"
fi fi
@@ -491,7 +495,7 @@ function revert_config_fail2ban(){
else else
# If /etc/fail2ban/jail.local/_bkp does NOT exists then this IS the 1st time script is run # If /etc/fail2ban/jail.local/_bkp does NOT exists then this IS the 1st time script is run
# You probably do NOT want the jail.local > which might be corrupted > which is why you are here # You probably do NOT want the jail.local > which might be corrupted > which is why you are here
file_log "Removing /etc/fail2ban/jail.local as that might have been the culprit in this failure" file_log "Removing /etc/fail2ban/jail.local"
rm /etc/fail2ban/jail.local 2>> "$LOGFILE" >&2 rm /etc/fail2ban/jail.local 2>> "$LOGFILE" >&2
set_exit_code $? set_exit_code $?
fi fi
@@ -510,6 +514,7 @@ function revert_config_fail2ban(){
if [[ $exit_code -eq 0 ]]; then if [[ $exit_code -eq 0 ]]; then
log_op_rev_status "Reverting - Fail2ban Config" "SUCCESSFUL" log_op_rev_status "Reverting - Fail2ban Config" "SUCCESSFUL"
else else
file_log "Error Code - ${exit_code}"
log_revert_error "Reverting - Fail2ban Config" log_revert_error "Reverting - Fail2ban Config"
fi fi
@@ -536,6 +541,7 @@ function revert_schedule_updates() {
if [[ $exit_code -eq 0 ]]; then if [[ $exit_code -eq 0 ]]; then
log_op_rev_status "Reverting - Daily Update Download" "SUCCESSFUL" log_op_rev_status "Reverting - Daily Update Download" "SUCCESSFUL"
else else
file_log "Error Code - ${exit_code}"
log_revert_error "Reverting - Daily Update Download" log_revert_error "Reverting - Daily Update Download"
fi fi
@@ -576,6 +582,7 @@ function revert_ssh_only_login(){
if [[ $exit_code -eq 0 ]]; then if [[ $exit_code -eq 0 ]]; then
log_op_rev_status "Reverting - SSH-only Login" "SUCCESSFUL" log_op_rev_status "Reverting - SSH-only Login" "SUCCESSFUL"
else else
file_log "Error Code - ${exit_code}"
log_revert_error "Reverting - SSH-only Login" log_revert_error "Reverting - SSH-only Login"
fi fi
@@ -993,10 +1000,18 @@ fi
setup_step_start "${STEP_TEXT[5]}" setup_step_start "${STEP_TEXT[5]}"
{ {
file_log "Cleaning apt cache"
apt-get -y clean && apt-get -y autoclean && apt-get -y autoremove
file_log "Updating apt-get"
apt-get update apt-get update
file_log "Downloading apt updates"
export DEBIAN_FRONTEND=noninteractive ; apt-get upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" export DEBIAN_FRONTEND=noninteractive ; apt-get upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
apt-get install -y sudo curl screen ufw fail2ban apt-get install -y sudo curl screen ufw fail2ban
set_exit_code $? set_exit_code $?
file_log "To install updates, run - sudo apt-get dist-upgrade"
} 2>> "$LOGFILE" >&2 } 2>> "$LOGFILE" >&2
setup_step_end "${STEP_TEXT[5]}" setup_step_end "${STEP_TEXT[5]}"