forked from Interanet/server-bootstrap
initial commit
This commit is contained in:
35
scripts/security.sh
Normal file
35
scripts/security.sh
Normal file
@@ -0,0 +1,35 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -e
|
||||
|
||||
echo "================================="
|
||||
echo " Security Setup"
|
||||
echo "================================="
|
||||
|
||||
read -rp "Disable root SSH login? (y/n): " DISABLE_ROOT
|
||||
if [[ "$DISABLE_ROOT" == "y" ]]; then
|
||||
sed -i 's/^#PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
|
||||
fi
|
||||
|
||||
read -rp "Enable SSH key-only login (disable passwords)? (y/n): " KEY_ONLY
|
||||
if [[ "$KEY_ONLY" == "y" ]]; then
|
||||
sed -i 's/^#PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
|
||||
fi
|
||||
|
||||
read -rp "Restart SSH service now? (y/n): " RESTART_SSH
|
||||
if [[ "$RESTART_SSH" == "y" ]]; then
|
||||
systemctl restart ssh || systemctl restart sshd
|
||||
fi
|
||||
|
||||
echo
|
||||
read -rp "Enable UFW firewall? (y/n): " ENABLE_FIREWALL
|
||||
|
||||
if [[ "$ENABLE_FIREWALL" == "y" ]]; then
|
||||
apt update
|
||||
apt install -y ufw
|
||||
|
||||
ufw allow OpenSSH
|
||||
ufw --force enable
|
||||
fi
|
||||
|
||||
echo "Security setup complete"
|
||||
Reference in New Issue
Block a user