Photo Source: https://image.freepik.com/free-vector/golden-shield-retro-design_12454-5380.jpg
Shield is a single file bash script, made to harden and secure your Debian or Debian based OS. This project has been thoroughly tested and checked for errors.
Feel free to star my project, I have worked quite hard on this project.
Clone the script and follow these instruction below, and then run it as root and select which sections to run when prompted.
1. git clone https://github.com/TheOnodrim/Shield.git
2. cd Shield
3. chmod +x Shield.sh
4. ./Shield.sh
This shell script restricts the ssh key to the admin user.
- Debian 10
- Debian 8
- Debian based OS's
- Adds a legal banner to /etc/motd, /etc/issue and /etc/issue.net
- Adds an automatic updater
- Adds a daily cronjob to update system packages on the server
- Configures the iptables
- Configures the kernel
- Disables core dumps
- Disables firewire and usb storage
- Disables uncommon filesystems
- Disables uncommon network protocols
- Enables process accounting
- Installs and configures auditd with reasonable rules
- Installs and sets up aide
- Installs fail2ban
- Installs packages recommended by lynis
- Moves /tmp to /tmpfs
- Purges old and removed packages
- Remounts /dev, /tmp, /run and /proc to be more restrictive
- Restricts access to compilers
- Restricts access to /root
- Restrics ssh key to admin user
- Restricts logins
- Restricts ssh, and enables ssh only for the admin user
- Updates system packages and the package list
- Sets up rkhunter and chkrootkit
- Disables thunderbolt
- Sets up psad
- Protects physical console access
- Sets up shorewall
- Installs logwatch
- Enables disk quotas
- Enables process accounting
- Restricts core file access
- Creates a daily cronjob that runs certain security based applications and opens security related log files.
- Installs and sets up SElinux
- Sets up Two-Factor Authentication
- Sets up email notifications when sudo is run
- Installs and sets up Open VPN
Please open issues and pull requests on anything you come across.
If you have anything you would like to tell me, simply create an issue with the title To Repository Owner.
As of Wednesday, November 17th, 2021 this repository has been archive. On Monday, May 30th, 2022 I have unarchived this repository for a few minor changes and will rearchive it again.