Skip to content
This repository has been archived by the owner on May 31, 2022. It is now read-only.

TheOnodrim/Shield

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

383 Commits

Changelog.md

Changelog.md

 
 

LICENSE.md

LICENSE.md

 
 

README.md

README.md

 
 

Shield.sh

Shield.sh

 
 

Repository files navigation


Logo
Shield:

Photo Source: https://image.freepik.com/free-vector/golden-shield-retro-design_12454-5380.jpg

Shield is a single file bash script, made to harden and secure your Debian or Debian based OS. This project has been thoroughly tested and checked for errors.

If you liked it:

Feel free to star my project, I have worked quite hard on this project.

Usage:

Clone the script and follow these instruction below, and then run it as root and select which sections to run when prompted.

   1. git clone https://github.com/TheOnodrim/Shield.git
   2. cd Shield
   3. chmod +x Shield.sh
   4. ./Shield.sh

Warning:

This shell script restricts the ssh key to the admin user.

Supported OS types:

  • Debian 10
  • Debian 8
  • Debian based OS's

What does the hardening script do?

  • Adds a legal banner to /etc/motd, /etc/issue and /etc/issue.net
  • Adds an automatic updater
  • Adds a daily cronjob to update system packages on the server
  • Configures the iptables
  • Configures the kernel
  • Disables core dumps
  • Disables firewire and usb storage
  • Disables uncommon filesystems
  • Disables uncommon network protocols
  • Enables process accounting
  • Installs and configures auditd with reasonable rules
  • Installs and sets up aide
  • Installs fail2ban
  • Installs packages recommended by lynis
  • Moves /tmp to /tmpfs
  • Purges old and removed packages
  • Remounts /dev, /tmp, /run and /proc to be more restrictive
  • Restricts access to compilers
  • Restricts access to /root
  • Restrics ssh key to admin user
  • Restricts logins
  • Restricts ssh, and enables ssh only for the admin user
  • Updates system packages and the package list
  • Sets up rkhunter and chkrootkit
  • Disables thunderbolt
  • Sets up psad
  • Protects physical console access
  • Sets up shorewall
  • Installs logwatch
  • Enables disk quotas
  • Enables process accounting
  • Restricts core file access
  • Creates a daily cronjob that runs certain security based applications and opens security related log files.
  • Installs and sets up SElinux
  • Sets up Two-Factor Authentication
  • Sets up email notifications when sudo is run
  • Installs and sets up Open VPN

Contributing:

Please open issues and pull requests on anything you come across.

Reaching out to me:

If you have anything you would like to tell me, simply create an issue with the title To Repository Owner.

Screenshots:

alt text

Note

As of Wednesday, November 17th, 2021 this repository has been archive. On Monday, May 30th, 2022 I have unarchived this repository for a few minor changes and will rearchive it again.

About

Harden and secure your Debian or Debian based OS, with this simple zero-configuration Debian bash script

Topics

linux bash debian harden github-arctic-code-vault

Resources

Readme

License

GPL-3.0 license
Activity

Stars

18 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages