GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → x08d → Lockdown.sh

x08d / Lockdown.sh

Licence: gpl-3.0
Lockdown your linux install. The simple zero config linux hardening script

Programming Languages

shell
77523 projects

Labels

linuxsecuritydebian

Projects that are alternatives of or similar to Lockdown.sh

debian-vm-install
Debian unattended VM installation with virt-install and pressed.cfg
Stars: ✭ 34 (-88.82%)
Mutual labels:  debian
Vim Lastplace
Intelligently reopen files at your last edit position in Vim.
Stars: ✭ 271 (-10.86%)
Mutual labels:  debian
Ffmpeg Build Script
The FFmpeg build script provides an easy way to build a static FFmpeg on OSX and Linux with non-free codecs included.
Stars: ✭ 290 (-4.61%)
Mutual labels:  debian
Hosting
This is a setup for a Tor based shared web hosting server
Stars: ✭ 254 (-16.45%)
Mutual labels:  debian
Polybar Themes
A huge collection of polybar themes with different styles, colors and variants.
Stars: ✭ 3,687 (+1112.83%)
Mutual labels:  debian
Raspap Webgui
Simple wireless AP setup & management for Debian-based devices
Stars: ✭ 3,383 (+1012.83%)
Mutual labels:  debian
zfs-installer
Shell script program that prepares ZFS on a system, and installs Linux
Stars: ✭ 137 (-54.93%)
Mutual labels:  debian
Quickbox Lite
Lightweigt QuickBox
Stars: ✭ 298 (-1.97%)
Mutual labels:  debian
Py2deb
Python to Debian package converter
Stars: ✭ 272 (-10.53%)
Mutual labels:  debian
Jitsi Meet
Jitsi Meet - Secure, Simple and Scalable Video Conferences that you use as a standalone app or embed in your web application.
Stars: ✭ 17,247 (+5573.36%)
Mutual labels:  debian
Homebox
A set of ansible scripts to build a personal mail server / private cloud / etc.
Stars: ✭ 260 (-14.47%)
Mutual labels:  debian
Howtopopbuntu
Tweaks for Debian & Ubuntu based Distro.
Stars: ✭ 267 (-12.17%)
Mutual labels:  debian
Btfs
A bittorrent filesystem based on FUSE.
Stars: ✭ 2,984 (+881.58%)
Mutual labels:  debian
debian-gaming-setup
(GitLab Mirror) An interactive shell script for installing recommended tools to game efficiently on Debian
Stars: ✭ 13 (-95.72%)
Mutual labels:  debian
Debian Media Box
“Debian 小药盒”,一个用来包装 Debian 安装介质的盒子设计和介绍用的说明书。
Stars: ✭ 294 (-3.29%)
Mutual labels:  debian
vzvol
vzvol is a general use ZFS zvol management tool, that handles creation, destruction, listing, and formatting with various FSes, in an easy to use single program
Stars: ✭ 27 (-91.12%)
Mutual labels:  debian
Pyflame
🔥 Pyflame: A Ptracing Profiler For Python. This project is deprecated and not maintained.
Stars: ✭ 2,930 (+863.82%)
Mutual labels:  debian
Robox
The tools needed to robotically create/configure/provision a large number of operating systems, for a variety of hypervisors, using packer.
Stars: ✭ 303 (-0.33%)
Mutual labels:  debian
Rpi23 Gen Image
Advanced Debian "stretch" and "buster" bootstrap script for RPi 0/1/2/3 and QEMU
Stars: ✭ 300 (-1.32%)
Mutual labels:  debian
Debian Packaging For The Modern Developer
Debian packaging tutorials for the modern developer
Stars: ✭ 284 (-6.58%)
Mutual labels:  debian
View All Similar Projects ➔

lockdown.sh



Lockdown.sh is a single file zero config shell script to be run to lockdown a newly installed linux os. Lockdown.sh aims to set a sensible baseline which can be built upon for specific needs.

  • Zero Config
  • Zero Install
  • Single file shell script

WARNING

This script changes the ssh port to 141. And restricts ssh to key only for the created admin user if an admin user is created.

Usage

Download and run the script as root, select which sections to run when prompted.

wget https://raw.githubusercontent.com/x08d/lockdown.sh/master/lockdown.sh
chmod +x ./lockdown.sh
./lockdown.sh

What does it do?

  • Updates packages
  • Restricts firewall to only allow ssh on 141
  • Installs fail2ban
  • Configures the kernel
  • Adds daily cronjob to update packages on server
  • Installs and configures auditd with sensible rules
  • Disables core dumps
  • Restricts logins
  • Create a new admin user
  • Restricts ssh and enables only the created admin user
  • Adds a legal banner to /etc/issue and /etc/issue.net
  • Installs packages recommended by lynis
  • Installs and sets up aide
  • Enables process accounting
  • Disables uncommon filesystems
  • Disables firewire and usb storage
  • Disables uncommon network protocols
  • Restricts access to /root
  • Restrict access to compilers
  • Moves tmp to tmpfs
  • Remounts /tmp /proc /dev /run to be more restrictive
  • Purges old and removed packages

Supported OS

  • Debian 10
  • Debian 8
  • (Should work with most debian and debian based OS's)
  • Others are coming soon

Contributing

Please open pull requests and issues on github for anything you find.

References

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].