Show HN: Lockdown.sh Simple shell script for locking down new linux installs

0
0
Show HN: Lockdown.sh Simple shell script for locking down new linux installs

Lockdown.sh is a single file zero config shell script to be velocity to lockdown a newly put in linux os. Lockdown.sh targets to house a useful baseline which is in a spot to be constructed upon for suppose wishes.

  • Zero Config
  • Zero Arrange
  • Single file POSIX shell script

WARNING

This script changes the ssh port to 141. And restricts ssh to key merely for the created admin particular person.

Utilization

Obtain and velocity the script as root, if prompted for one factor else take out y.

wget https://uncooked.githubusercontent.com/x08d/lockdown.sh/grasp/lockdown.sh
chmod +x ./lockdown.sh
./lockdown.sh

What does it get hold of?

  • Updates functions
  • Restricts firewall to most good allow ssh on 141
  • Installs fail2ban
  • Configures the kernel
  • Supplies each single day cronjob to replace functions on server
  • Installs and configures auditd with useful rules
  • Disables core dumps
  • Restricts logins
  • Obtain a model contemporary admin particular person
  • Restricts ssh and permits most good the created admin particular person
  • Supplies a moral banner to /and so forth/self-discipline and /and so forth/self-discipline.procure
  • Installs functions urged by lynis
  • Installs and units up aide
  • Allows route of accounting
  • Disables peculiar filesystems
  • Disables firewire and usb storage
  • Disables peculiar community protocols
  • Restricts get hold of admission to to /root
  • Limit get hold of admission to to compilers
  • Strikes tmp to tmpfs
  • Remounts /tmp /proc /dev /velocity to be additional restrictive
  • Purges weak and eliminated functions

Supported OS

  • Debian 10
  • Debian 8
  • (Will internet to work with most debian and debian principally primarily based OS’s)

Contributing

Please launch pull requests and factors on github for one factor else you seek for.

References

LEAVE A REPLY

Please enter your comment!
Please enter your name here