Jshielder V2.4 - Hardening Script For Linux Servers/ Secure Lamp-Lemp Deployer/ Cis Benchmark G
JSHielder is an Open Source Bash Script developed to help SysAdmin together with developers secure in that place Linux Servers inward which they volition hold upwardly deploying whatever spider web application or services. This tool automates the procedure of installing all the necessary packages to host a spider web application together with Hardening a Linux server amongst picayune interaction from the user. Newly added script follows CIS Benchmark Guidance to found a Secure configuration posture for Linux systems.
This tool is a Bash Script that hardens the Linux Server safety automatically together with the steps followed are:
- Configures a Hostname
- Reconfigures the Timezone
- Updates the entire System
- Creates a New Admin user together with therefore you lot tin create create your server safely without the need of doing remote connections amongst root.
- Helps user Generate Secure RSA Keys, together with therefore that remote access to your server is done exclusive from your local pc together with no Conventional password
- Configures, Optimize together with secures the SSH Server (Some Settings Following CIS Benchmark)
- Configures IPTABLES Rules to protect the server from mutual attacks
- Disables unused FileSystems together with Network protocols
- Protects the server against Brute Force attacks past times installing a configuring fail2ban
- Installs together with Configure Artillery equally a Honeypot, Monitoring, Blocking together with Alerting tool
- Installs PortSentry
- Install, configure, together with optimize MySQL
- Install the Apache Web Server
- Install, configure together with secure PHP
- Secure Apache via configuration file together with amongst installation of the Modules ModSecurity, ModEvasive, Qos together with SpamHaus
- Secures NginX amongst the Installation of ModSecurity NginX module
- Installs RootKit Hunter
- Secures Root Home together with Grub Configuration Files
- Installs Unhide to help Detect Malicious Hidden Processes
- Installs Tiger, Influenza A virus subtype H5N1 Security Auditing together with Intrusion Prevention system
- Restrict Access to Apache Config Files
- Disables Compilers
- Creates Daily Cron chore for System Updates
- Kernel Hardening via sysctl configuration File (Tweaked)
- /tmp Directory Hardening
- PSAD IDS installation
- Enables Process Accounting
- Enables Unattended Upgrades
- MOTD together with Banners for Unauthorized access
- Disables USB Support for Improved Security (Optional)
- Configures a Restrictive Default UMASK
- Configures together with enables Auditd
- Configures Auditd rules next CIS Benchmark
- Sysstat install
- ArpWatch install
- Additional Hardening steps next CIS Benchmark
- Secures Cron
- Automates the procedure of setting a GRUB Bootloader Password
- Secures Boot Settings
- Sets Secure File Permissions for Critical System Files
#NEW!!
- LEMP Deployment amongst ModSecurity
CIS Benchmark JShielder Script Added
- Separate Hardening Script Following CIS Benchmark Guidance https://www.cisecurity.org/benchmark/ubuntu_linux/
To Run the tool
./jshielder.sh
As the Root user
Issues
Having Problems, delight opened upwardly a New Issue for JShielder on Github.
Distro Availability
- Ubuntu Server 16.04LTS
- Ubuntu Server 18.04LTS
ChangeLog
v2.4 Added LEMP Deployment amongst ModSecurity
v2.3 More Hardening steps Following about CIS Benchmark items for LAMP Deployer
v2.2.1 Removed suhosing installation on Ubuntu 16.04, Fixed MySQL Configuration, GRUB Bootloader Setup function, Server IP right away obtain via ip road to non rely on interface naming
v2.2 Added novel Hardening selection next CIS Benchmark Guidance
v2.1 Hardened SSH Configuration, Tweaked Kernel Security Config, Fixed iptables rules non loading on Boot. Added auditd, sysstat, arpwatch install.
v2.0 More Deployment Options, Selection Menu, PHP Suhosin installation, Cleaner Code,
v1.0 - New Code
Developed past times Jason Soto
https://www.jasonsoto.com
https://github.com/jsitech
Twitter = @JsiTech
