- Update & upgrade packages before installing
- Alma, Rocky, CentOS: Install `epel-release` package
- Debian 12: Install `python3-systemd` package
- openSUSE: Enable `USERGROUPS_ENAB` in `/etc/login.defs` so groups gets
auto-created for new users
- fix: Capture unrecognized OS as failure
- fix: quotes removed from `emptylog` in jail.local
- refactor: Remove separate fn for Linux fail2ban
- fix: Check fail2ban config validity before starting the service
- fix: FreeBSD: enable fail2ban before starting the service
- Display the credentials on console
- Removed option to hide credentials on console
- Log file in `/var/log` and not in current directory
- Remove SSH private key after displaying its on console
- POSIX compliant usage of `sed` with `-i.tmp` for FreeBSD
- Reverting on error, moved to its own method
- refactor: Better variable names
- chore: Better logging; begin, success, failure
operation
- Split "User creation" & "Granting new user sudo" into separate methods
- new: Abort on user creation failure
- new: Abort on sudo privilege failure
- Removed user existence check; it is done during argument parsing
- Consistent console & file logs; start, success & failure
- FreeBSD, Fedora, SUSE: Add `wheel` group to sudoer & add user to
`wheel` group
- Debian, Ubuntu: Add user to `sudo` group
- feat: Add log-level to file logs
- refactor: Calculate duration inside `formatted_execution_duration`
- refactor: Console log display `OK` -> `DONE`
- fix: Debian/Ubuntu: Set default TZ -> UTC to let the installation
continue without getting stuck
- fix: Use local variable to store `JAIL_LOCAL_FILE` in
`update_fail2ban_jail_local_file`
- feat: Give user option to quit before starting the script
- Script name internally changed to `linux-init-harden` -> `server-init-harden`
- Removed unnecessary comments
- Better function names explaining when they do
- Console log format simplified: OK, FAIL, WARN, INFO with colors
- Log file to contain everything else with timestamp
- User creation optional and only happens when -u <username> is provided
- SSH config: PubkeyAuthentication setting added
- Script now supports: debian, ubuntu, fedora & freebsd
- Service management fallbacks: service, systemctl, init.d
- UFW: enable ssh, http, https
- Fail2ban: WIP
feat(test): Docker file to test across all active debian, ubuntu & fedora dist
refactor(script): improve code organization and logging
- Group functions into helper and operations sections
- Order operations chronologically
- Enhance console log formatting and messages
- Update usage examples and comments
- Improve error handling and output logging
- Use darker color for credentials output for security
- Add shellcheck disable comments where necessary
- Added license
- Sane defaults in the example
- Marked stable
Script
- Bumped the version to 1.0
- Fixed bug - While reverting user creation revert always fails - was an issue with reseting the exit code
- Bugfix - Does not show all operation succeed when schedule apt download was not executed
- Prettier recap
- Logs updated
- root password change made possible from non-root user
Readme
- Added Screenshots
- Added FAQ section with - Non-Idempotency explained, rerun consequences expained, Listed all files that script edits and creates, Explained how to execute as non-root user
- Examples refined
- Informed that no software is even uninstalled
-
