Skip to content

Commit

Permalink
Merge pull request #19 from StrangeRanger/dev
Browse files Browse the repository at this point in the history
  • Loading branch information
StrangeRanger authored Dec 21, 2024
2 parents 3e218dc + 740df0f commit 2b0250b
Show file tree
Hide file tree
Showing 7 changed files with 88 additions and 38 deletions.
6 changes: 6 additions & 0 deletions auditing/Lynis Installer/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## v1.0.8 - 2024-12-20

### Changed

- Improved the colorization of the output text.

## v1.0.7 - 2024-08-15

### Changed
Expand Down
31 changes: 18 additions & 13 deletions auditing/Lynis Installer/lynis-installer.bash
Original file line number Diff line number Diff line change
Expand Up @@ -5,43 +5,48 @@
# it. Unless an error is encountered, Lynis will always be downloaded to the current
# user's root directory (`/home/USERNAME/`).
#
# Version: v1.0.7
# Version: v1.0.8
# License: MIT License
# Copyright (c) 2020-2024 Hunter T. (StrangeRanger)
#
########################################################################################

C_YELLOW="$(printf '\033[1;33m')"
C_GREEN="$(printf '\033[0;32m')"
C_BLUE="$(printf '\033[0;34m')"
C_CYAN="$(printf '\033[0;36m')"
C_RED="$(printf '\033[1;31m')"
C_NC="$(printf '\033[0m')"

C_SUCCESS="${C_GREEN}==>${C_NC} "
C_ERROR="${C_RED}ERROR:${C_NC} "
C_WARNING="${C_YELLOW}WARNING:${C_NC} "
C_WARNING="${C_YELLOW}==>${C_NC} "
C_INFO="${C_BLUE}==>${C_NC} "
C_NOTE="${C_CYAN}==>${C_NC} "


read -rp "We will now download lynis. Press [Enter] to continue."
read -rp "${C_NOTE}We will now download lynis. Press [Enter] to continue."

[[ -d "$HOME/lynis" ]] && {
if [[ -d "$HOME/lynis" ]]; then
echo "${C_WARNING}Lynis is already downloaded to your system" >&2
echo "Current location: '$HOME/lynis'"
echo -e "\nExiting..."
echo "${C_NOTE} Current location: '$HOME/lynis'"
echo -e "\n${C_INFO}Exiting..."
exit 0
}
fi

echo "Changing working directory to '$HOME'..."
echo "${C_INFO}Changing working directory to '$HOME'..."
cd "$HOME" || {
echo "${C_ERROR}Failed to change working directory to '$HOME'" >&2
echo "${C_CYAN}Lynis will download to '$PWD'${C_NC}"
}

echo "Downloading lynis..."
echo "${C_INFO}Downloading lynis..."
git clone https://github.com/CISOfy/lynis || {
echo "${C_ERROR}Failed to download lynis" >&2
echo -e "\nExiting..."
echo -e "\n${C_INFO}Exiting..."
exit 1
}

echo -e "\n${C_GREEN}Lynis has been downloaded to your system"
echo -e "${C_CYAN}To perform a system scan with lynis, execute the following command" \
"in the lynis root directory: sudo ./lynis audit system${C_NC}"
echo -e "\n${C_SUCCESS}Lynis has been downloaded to your system"
echo -e "${C_NOTE}To perform a system scan with lynis, execute the following command" \
"in the lynis root directory: sudo ./lynis audit system"
6 changes: 6 additions & 0 deletions hardening/Root Locker/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## v1.0.8 - 2024-12-20

### Changed

- Improved the colorization of the output text.

## v1.0.7 - 2024-08-15

### Changed
Expand Down
25 changes: 16 additions & 9 deletions hardening/Root Locker/root-locker.bash
Original file line number Diff line number Diff line change
Expand Up @@ -2,36 +2,43 @@
#
# This script locks the root account, preventing users from directly logging in as root.
#
# Note:
# NOTE:
# Locking the root account doesn't prevent users from using something like `sudo su`
# to gain root access.
#
# Version: v1.0.7
# Version: v1.0.8
# License: MIT License
# Copyright (c) 2020-2024 Hunter T. (StrangeRanger)
#
########################################################################################

C_GREEN="$(printf '\033[0;32m')"
C_BLUE="$(printf '\033[0;34m')"
C_CYAN="$(printf '\033[0;36m')"
C_RED="$(printf '\033[1;31m')"
C_NC="$(printf '\033[0m')"

C_SUCCESS="${C_GREEN}==>${C_NC} "
C_ERROR="${C_RED}ERROR:${C_NC} "
C_INFO="${C_BLUE}==>${C_NC} "
C_NOTE="${C_CYAN}==>${C_NC} "


## Check if this script was executed with root privilege.
if [[ $EUID != 0 ]]; then
echo "${C_RED}Please run this script as or with root privilege${C_NC}" >&2
echo -e "\nExiting..."
echo "${C_ERROR}Please run this script as or with root privilege" >&2
echo -e "\n${C_INFO}Exiting..."
exit 1
fi


read -rp "We will now disable the root account. Press [Enter] to continue."
read -rp "${C_NOTE}We will now disable the root account. Press [Enter] to continue."

echo "Disabling root account..."
echo "${C_INFO}Disabling root account..."
usermod -L root || {
echo -e "${C_RED}ERROR:${C_NC} Failed to lock the root account" >&2
echo -e "\nExiting..."
echo -e "${C_ERROR}Failed to lock the root account" >&2
echo -e "\n${C_INFO}Exiting..."
exit 1
}

echo -e "\n${C_GREEN}The root account has been locked${C_NC}"
echo -e "\n${C_SUCCESS}The root account has been locked"
13 changes: 13 additions & 0 deletions hardening/SSHD Hardening/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,19 @@ All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## v2.0.2 - 2024-12-20

### Changed

- Remove trap for `SIGQUIT`.
- Move around traps and cases.

## v2.0.1 - 2024-10-30

### Fixed

- Fixed trapping logic and how errors are handled.

## v2.0.0 - 2024-08-15

Complete rewrite of the script. Below are just some of the differences in the new version.
Expand Down
35 changes: 22 additions & 13 deletions hardening/SSHD Hardening/harden-sshd.bash
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,14 @@
#
# This script hardens the ssh server by modifying its configuration file, 'sshd_config'.
#
# Note:
# NOTE:
# These configurations align with the recommendations of the security auditing tool
# known as Lynis (https://github.com/CISOfy/lynis).
#
# Version: v2.0.0
# TODO:
# - Impliment functionality to revert changes if the script fails.
#
# Version: v2.0.2
# License: MIT License
# Copyright (c) 2020-2024 Hunter T. (StrangeRanger)
#
Expand All @@ -33,7 +36,7 @@ readonly C_ERROR="${C_RED}ERROR:${C_NC} "
readonly C_INFO="${C_BLUE}==>${C_NC} "
readonly C_NOTE="${C_CYAN}==>${C_NC} "

# Associative array containing the configuration settings for sshd_config.
# Associative array containing the configuration settings for 'sshd_config'.
declare -A C_SSHD_CONFIG=(
["LogLevel"]="VERBOSE"
["LogLevelRegex"]='^#?LogLevel\s+.*$'
Expand Down Expand Up @@ -79,31 +82,37 @@ readonly C_SSHD_CONFIG


####
# Cleanly exit the script.
# Exit the script and display a message based on the exit code.
#
# PARAMETERS:
# - $1: exit_code (Required)
# - The exit code to exit the script with.
clean_exit() {
local exit_code="$1"

# Unset the EXIT trap to prevent re-entry.
trap - EXIT

case "$exit_code" in
0) exit 0 ;;
1) echo "" ;;
130) echo -e "\n${C_WARNING}User interrupt detected" ;;
*) echo -e "\n${C_RED}==>${C_NC} Exiting with code: $exit_code" ;;
0) ;;
1) echo "" ;;
129) echo -e "\n${C_WARNING}Hangup signal detected (SIGHUP)" ;;
130) echo -e "\n${C_WARNING}User interrupt detected (SIGINT)" ;;
143) echo -e "\n${C_WARNING}Termination signal detected (SIGTERM)" ;;
*) echo -e "\n${C_WARNING}Exiting with code: $exit_code" ;;
esac

echo -e "${C_INFO}Exiting..."
echo "Exiting..."
exit "$exit_code"
}


####[ Trapping Logic ]##################################################################


# Catch some of the most common signals.
trap 'clean_exit $?' EXIT INT TERM HUP QUIT ERR
trap 'clean_exit 129' SIGHUP
trap 'clean_exit 130' SIGINT
trap 'clean_exit 143' SIGTERM
trap 'clean_exit $?' EXIT


####[ Prepping ]########################################################################
Expand All @@ -129,7 +138,7 @@ fi
read -rp "${C_NOTE}We will now harden sshd. Press [Enter] to continue."

###
### [ Backup 'sshd_config' ]
### [ Back up 'sshd_config' ]
###

if [[ -f $C_CONFIG_FILE_BAK ]]; then
Expand Down
10 changes: 7 additions & 3 deletions hardening/UFW Cloudflare/ufw-cloudflare.bash
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
#
# Sets up UFW to only allow HTTP and HTTPS traffic from Cloudflare's IP ranges.
#
# Version: v1.0.0-beta.1
# Version: v1.0.0-beta.2
# License: MIT License
# Copyright (c) 2024 Hunter T. (StrangeRanger)
#
Expand Down Expand Up @@ -139,10 +139,14 @@ cleanup() {
}


####[ Trap Logic ]######################################################################
####[ Trapping Logic ]##################################################################


trap cleanup EXIT
trap 'clean_exit 130' SIGINT
trap 'clean_exit 143' SIGTERM
trap 'clean_exit 129' SIGHUP
trap 'clean_exit 131' SIGQUIT
trap 'clean_exit $?' EXIT


####[ Main ]############################################################################
Expand Down

0 comments on commit 2b0250b

Please sign in to comment.