What will this script do?
- Install useful packages such as tcpdump, mtr, zsh, perl and logrotate
- Setup automatic yum updates
- Set password policies
- Passwords will expire every 180 days
- Passwords may only be changed once a day
- Passwords will expire every 180 days
- Set OS policies
- Set idle users to be disconnected after 15 minutes
- Set idle users to be disconnected after 15 minutes
- Install (if it is not installed) and configure IPTables firewall
- Open specified TCP/UDP ports
- Set rules to block common attacks
- Syn Floods
- Fragmented Packets
- Malformed XMAS Packets
- Drop NULL packets
- Limit pings to 3 per second and bursts of 25
- Discourage Port Scanning
- Syn Floods
- Set up Connection Tracking
- Install DDoS Deflate
- More information about DDoS Deflate is available at http://deflate.medialayer.com/
- More information about DDoS Deflate is available at http://deflate.medialayer.com/
- Install CHKROOTKIT
- Scheduled to check daily for issues and email your Admin Email
- More information about CHKROOTKIT is available at http://www.chkrootkit.org/
- Scheduled to check daily for issues and email your Admin Email
- Install rkhunter (Root Kit Hunter)
- Scheduled to check daily for issues and email your Admin Email
- More information about rkhunter is available at http://www.rootkit.nl/projects/rootkit_hunter.html
- Scheduled to check daily for issues and email your Admin Email
- Install LSM (Linux Socket Monitor)
- Runs in the background and watches for changes in sockets
- Runs in the background and watches for changes in sockets
- Secure the SSH Daemon
- Change the SSH port to a random number
- Create an “admin” user
- Make it so only the “admin” user can be logged into over SSH
- Change the SSH port to a random number
- Open specified TCP/UDP ports
Downloading the Script
Modifying the Variables
You may customize TCPPORTS and UDPPORTS, however the defaults in there now should cover most common processes.
Run the Script
What to do afterwards
After it completes, you will get a message like:
|
1
2
3
4
5
6
7
8
9
10
11
12
|
******************************************
YOUR SERVER IS NOW HARDENED
------------------------------------------
SSH User: admin
SSH Pass: 254457cb9448226
SSH Port: 5575
Admin Email: admin@fake.lstn.net
******************************************
You must now reconnect to this server using the information above.
Changing the SSH port has caused this connection to freeze.
BEFORE CLOSING THIS WINDOW please note your information above.
|
