pratik/server_init_harden
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Redo major portion of the script

Browse Source 
- Console log format simplified: OK, FAIL, WARN, INFO with colors
- Log file to contain everything else with timestamp
- User creation optional and only happens when -u <username> is provided
- SSH config: PubkeyAuthentication setting added
- Script now supports: debian, ubuntu, fedora & freebsd
- Service management fallbacks: service, systemctl, init.d
- UFW: enable ssh, http, https
- Fail2ban: WIP

feat(test): Docker file to test across all active debian, ubuntu & fedora dist

refactor(script): improve code organization and logging

- Group functions into helper and operations sections
- Order operations chronologically
- Enhance console log formatting and messages
- Update usage examples and comments
- Improve error handling and output logging
- Use darker color for credentials output for security
- Add shellcheck disable comments where necessary
This commit is contained in:
Pratik Tripathy
2024-12-20 00:43:34 +05:30
parent 1b1ab6379d
commit e58d7058d4
2 changed files with 789 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
Dockerfile
View File

@@ -1,23 +1,33 @@
# Use Debian Slim as base image
FROM debian:stable-slim
# Fail2ban failed
# FROM debian:12-slim
# Install necessary dependencies
RUN apt-get update && apt-get install -y \
sudo \
curl \
&& rm -rf /var/lib/apt/lists/*
# UFW failed
# FROM debian:11-slim
# All good
FROM ubuntu:24.10
# All good
# FROM ubuntu:24.04
# All good
# FROM ubuntu:22.04
# Fail2ban failed
# FROM ubuntu:20.04
# User creation failed, Fail2ban failed
# FROM fedora:41
# User creation failed, Fail2ban failed
# FROM fedora:40
# RUN dnf update -y && dnf install -y sudo openssh-server && dnf clean all && systemctl enable sshd
RUN apt-get update && apt-get install -y sudo openssh-server && rm -rf /var/lib/apt/lists/* && service ssh start
# Set working directory
WORKDIR /script
# Copy the initialization script
COPY init-linux-harden.sh /script/
# Make the script executable
RUN chmod +x /script/init-linux-harden.sh
# Set entrypoint to run the script
ENTRYPOINT ["/bin/sh", "-c"]
COPY init-linux-harden.sh .
RUN chmod +x init-linux-harden.sh
# Default command to run the script
CMD ["/script/init-linux-harden.sh"]
CMD ["./init-linux-harden.sh", "-u", "test"]