Determined Server Setup
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

harden-server.sh 2.9KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150
  1. #!/bin/bash
  2. # Determined SSH Hardening
  3. # Written by Josh Mudge
  4. # Ad Mejorem Dei Glorium
  5. usr=$USER
  6. version="v1.4.3 Alpha"
  7. keyserver="git.coolaj86.com/josh/dss/raw/branch/master/"
  8. while [[ $# -gt 0 ]]
  9. do
  10. key="$1"
  11. case $key in
  12. setup)
  13. setup=1
  14. shift # past argument
  15. ;;
  16. --user)
  17. usr="$2"
  18. shift # past argument
  19. ;;
  20. --user2)
  21. user2="$2"
  22. shift # past argument
  23. ;;
  24. --user3)
  25. user3="$2"
  26. shift # past argument
  27. ;;
  28. --user4)
  29. user4="$2"
  30. shift # past argument
  31. ;;
  32. --user5)
  33. user5="$2"
  34. shift # past argument
  35. ;;
  36. -h|--help)
  37. echo determined-harden-ssh $version
  38. echo "Usage: determined-harden-ssh --user USERNAME"
  39. exit 1
  40. ;;
  41. *)
  42. # unknown option
  43. if [ -z "${user}" ]; then
  44. echo determined-harden-ssh $version
  45. echo "No admin user specified."
  46. echo "Usage: determined-harden-ssh --user USERNAME"
  47. else
  48. echo "unrecognized option '$1'"
  49. exit 1
  50. fi
  51. ;;
  52. esac
  53. shift # past argument or value
  54. done
  55. if test ! -z $usr
  56. then
  57. echo "Installing fail2ban and hardening SSH configuration."
  58. # Install fail2ban
  59. sudo apt-get install -y fail2ban curl openssh-server > /dev/null
  60. echo "Creating new user by the username $usr"
  61. echo "Disabling password based logins in favor of SSH keys."
  62. # SSH keys only, no passwords.
  63. sudo sed -i "s/PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config
  64. sudo sed -i "s/#PasswordAuthentication no/PasswordAuthentication no/g" /etc/ssh/sshd_config
  65. sudo sed -i "s/PermitRootLogin yes/PermitRootLogin prohibit-password/g" /etc/ssh/sshd_config
  66. mkdir .tssh
  67. cd .tssh
  68. curl -sLO https://git.coolaj86.com/josh/dss/raw/branch/master/create-user.bash
  69. curl -sLO https://$keyserver/$usr.pub
  70. sudo mv create-user.bash /usr/local/bin/determined-create-user
  71. sudo chmod +x /usr/local/bin/determined-create-user
  72. if determined-create-user $usr;
  73. then
  74. echo "Setting up non-root admin user(s)"
  75. else
  76. echo "User creation failed. Please fix the above error and try again."
  77. cd ..
  78. rm -rf .tssh
  79. exit
  80. fi
  81. if test ! -z $user2
  82. then
  83. curl -sLO https://$keyserver/$user2.pub
  84. ./create-user.bash $user2
  85. fi
  86. if test ! -z $user3
  87. then
  88. curl -sLO https://$keyserver/$user3.pub
  89. ./create-user.bash $user3
  90. fi
  91. if test ! -z $user4
  92. then
  93. curl -sLO https://$keyserver/$user4.pub
  94. ./create-user.bash $user4
  95. fi
  96. if test ! -z $user5
  97. then
  98. curl -sLO https://$keyserver/$user5.pub
  99. ./create-user.bash $user5
  100. fi
  101. cd ..
  102. rm -rf .tssh
  103. echo "Disabling root login."
  104. sudo sed -i "s/PermitRootLogin prohibit-password/PermitRootLogin no/g" /etc/ssh/sshd_config
  105. sudo sed -i "s/PermitRootLogin without-password/PermitRootLogin no/g" /etc/ssh/sshd_config
  106. echo "That's it, we're done :)"
  107. else
  108. echo determined-harden-ssh $version
  109. echo "No admin user specified."
  110. echo "Usage: ./harden-server.sh --user USERNAME"
  111. fi