All Projects → TheOnodrim → Shield

TheOnodrim / Shield

Licence: GPL-3.0 license
Harden and secure your Debian or Debian based OS, with this simple zero-configuration Debian bash script

Programming Languages

shell
77523 projects

Projects that are alternatives of or similar to Shield

ppa-packaging
Semi-automated script to create binary packages for (multiple versions of) Ubuntu
Stars: ✭ 15 (-6.25%)
Mutual labels:  debian
v2ray-deb
v2ray debian/ubuntu安装包
Stars: ✭ 143 (+793.75%)
Mutual labels:  debian
wsl-distrod
Distrod is a meta-distro for WSL 2 which installs Ubuntu, Arch, Debian, Gentoo, etc. with systemd in a minute for you. Distrod also has built-in auto-start feature on Windows startup and port forwarding ability.
Stars: ✭ 1,637 (+10131.25%)
Mutual labels:  debian
docker-library
Collection of Dockerfiles
Stars: ✭ 20 (+25%)
Mutual labels:  debian
Bazel bin
Bazel's pre-built binaries for armv7l / aarch64 / x86_64.
Stars: ✭ 23 (+43.75%)
Mutual labels:  debian
TensorFlow-Raspberry-Pi
TensorFlow installation wheels for Raspberry Pi 32-bit OS
Stars: ✭ 18 (+12.5%)
Mutual labels:  debian
kafka role
Ansible role to install Apache Kafka
Stars: ✭ 18 (+12.5%)
Mutual labels:  debian
rabbitmq-server-release
RabbitMQ packaging and release engineering bits that do not belong to the Concourse pipelines.
Stars: ✭ 13 (-18.75%)
Mutual labels:  debian
debian-headless
Create a debian headless/remote installation image
Stars: ✭ 92 (+475%)
Mutual labels:  debian
wnpp.debian.net
🌍 Code powering website "Debian Packages that Need Lovin'" created in 2009
Stars: ✭ 38 (+137.5%)
Mutual labels:  debian
spotify-deb-install
MOVED: https://gitlab.com/q3aql/spotify-deb-install
Stars: ✭ 15 (-6.25%)
Mutual labels:  debian
raspbian10-buster
Raspbian 10 (Buster) Lite Setup: with Wireguard, Pi-hole, Unbound
Stars: ✭ 54 (+237.5%)
Mutual labels:  debian
debianopt-repo
Additional debian repository for awesome open-source projects.
Stars: ✭ 47 (+193.75%)
Mutual labels:  debian
pacstall
An AUR-inspired package manager for Ubuntu
Stars: ✭ 842 (+5162.5%)
Mutual labels:  debian
ansible-role-harden-linux
Ansible role for hardening Linux
Stars: ✭ 99 (+518.75%)
Mutual labels:  harden
vs-code-container-with-ssl
Launch your own Code Server container with preloaded SDKs for React, Python, C#, Cloud CLIs, secured by SSL Reverse Proxy.
Stars: ✭ 54 (+237.5%)
Mutual labels:  debian
consul role
Ansible role to install Consul (cluster of) server/agent
Stars: ✭ 14 (-12.5%)
Mutual labels:  debian
dotfiles
Config files for my linux rice
Stars: ✭ 60 (+275%)
Mutual labels:  debian
mirotalk
🚀 WebRTC - P2P - Simple, Secure, Fast Real-Time Video Conferences Up to 4k and 60fps, compatible with all browsers and platforms.
Stars: ✭ 1,593 (+9856.25%)
Mutual labels:  debian
sicherboot
Unmaintained systemd-boot integration with secure boot support; consider https://github.com/Foxboron/sbctl instead.
Stars: ✭ 31 (+93.75%)
Mutual labels:  debian


Logo
Shield:

Photo Source: https://image.freepik.com/free-vector/golden-shield-retro-design_12454-5380.jpg

Shield is a single file bash script, made to harden and secure your Debian or Debian based OS. This project has been thoroughly tested and checked for errors.

If you liked it:

Feel free to star my project, I have worked quite hard on this project.

Usage:

Clone the script and follow these instruction below, and then run it as root and select which sections to run when prompted.

   1. git clone https://github.com/TheOnodrim/Shield.git
   2. cd Shield
   3. chmod +x Shield.sh
   4. ./Shield.sh

Warning:

This shell script restricts the ssh key to the admin user.

Supported OS types:

  • Debian 10
  • Debian 8
  • Debian based OS's

What does the hardening script do?

  • Adds a legal banner to /etc/motd, /etc/issue and /etc/issue.net
  • Adds an automatic updater
  • Adds a daily cronjob to update system packages on the server
  • Configures the iptables
  • Configures the kernel
  • Disables core dumps
  • Disables firewire and usb storage
  • Disables uncommon filesystems
  • Disables uncommon network protocols
  • Enables process accounting
  • Installs and configures auditd with reasonable rules
  • Installs and sets up aide
  • Installs fail2ban
  • Installs packages recommended by lynis
  • Moves /tmp to /tmpfs
  • Purges old and removed packages
  • Remounts /dev, /tmp, /run and /proc to be more restrictive
  • Restricts access to compilers
  • Restricts access to /root
  • Restrics ssh key to admin user
  • Restricts logins
  • Restricts ssh, and enables ssh only for the admin user
  • Updates system packages and the package list
  • Sets up rkhunter and chkrootkit
  • Disables thunderbolt
  • Sets up psad
  • Protects physical console access
  • Sets up shorewall
  • Installs logwatch
  • Enables disk quotas
  • Enables process accounting
  • Restricts core file access
  • Creates a daily cronjob that runs certain security based applications and opens security related log files.
  • Installs and sets up SElinux
  • Sets up Two-Factor Authentication
  • Sets up email notifications when sudo is run
  • Installs and sets up Open VPN

Contributing:

Please open issues and pull requests on anything you come across.

Reaching out to me:

If you have anything you would like to tell me, simply create an issue with the title To Repository Owner.

Screenshots:

alt text

Note

As of Wednesday, November 17th, 2021 this repository has been archive. On Monday, May 30th, 2022 I have unarchived this repository for a few minor changes and will rearchive it again.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].