Server Security Hardening
Performs comprehensive security hardening check for Linux server and gives warnings.
Published: April 30, 2024
Detailed Information
This script performs comprehensive security audit for Linux server and detects security issues. Helps you quickly assess your server's security status.
What Does This Script Do?
This script performs security audit:
- Checks SSH root login
- Checks SSH password authentication
- Checks firewall status
- Checks Fail2ban status
- Checks automatic updates
- Lists open ports
- Reports security issues
Why Should You Use It?
Security audit is critical for server security:
- Quick Assessment: Quickly see server security status
- Issue Detection: Detect security vulnerabilities
- Regular Check: Perform regular security audits
How to Use
Step-by-Step Usage Guide
1. Run Script
sudo chmod +x security_audit.sh
sudo ./security_audit.sh2. Review Results
The script reports security status and lists issues.
3. Fix Issues
Use relevant scripts to fix reported issues.
Requirements
Requirements
- Root Privileges: Required for some checks
- netstat: For port checking
Use Cases
Use Cases
1. New Server Audit
Check security status when setting up a new server.
2. Regular Security Check
Regularly check server security.
Examples
Usage Examples
Example 1: Basic Usage
sudo ./security_audit.shCode
#!/bin/bash
# Server Security Hardening Checklist
echo "======================================"
echo " SERVER SECURITY AUDIT"
echo "======================================"
echo ""
ISSUES=0
echo "[1] Checking root login..."
if grep -q "^PermitRootLogin yes" /etc/ssh/sshd_config 2>/dev/null; then
echo "⚠️ WARNING: Root login is enabled"
ISSUES=$((ISSUES+1))
else
echo "✓ Root login is disabled"
fi
echo "[2] Checking password authentication..."
if grep -q "^PasswordAuthentication yes" /etc/ssh/sshd_config 2>/dev/null; then
echo "⚠️ WARNING: Password authentication is enabled"
ISSUES=$((ISSUES+1))
else
echo "✓ Password authentication is disabled"
fi
echo "[3] Checking firewall..."
if command -v ufw &> /dev/null; then
if ufw status | grep -q "Status: active"; then
echo "✓ UFW firewall is active"
else
echo "⚠️ WARNING: UFW firewall is inactive"
ISSUES=$((ISSUES+1))
fi
else
echo "⚠️ WARNING: UFW is not installed"
ISSUES=$((ISSUES+1))
fi
echo "[4] Checking Fail2ban..."
if systemctl is-active --quiet fail2ban; then
echo "✓ Fail2ban is active"
else
echo "⚠️ WARNING: Fail2ban is not active"
ISSUES=$((ISSUES+1))
fi
echo "[5] Checking automatic updates..."
if [ -f /etc/apt/apt.conf.d/50unattended-upgrades ]; then
echo "✓ Automatic updates configured"
else
echo "⚠️ WARNING: Automatic updates not configured"
ISSUES=$((ISSUES+1))
fi
echo "[6] Checking open ports..."
OPEN_PORTS=$(netstat -tuln | grep LISTEN | wc -l)
echo "Open ports: $OPEN_PORTS"
echo ""
echo "======================================"
echo " AUDIT SUMMARY"
echo "======================================"
echo "Issues found: $ISSUES"
if [ $ISSUES -eq 0 ]; then
echo "✓ Server security looks good!"
else
echo "⚠️ Please fix the issues above"
fiUsage
sudo chmod +x security_audit.sh
sudo ./security_audit.shTroubleshooting
Troubleshooting
Problem: "netstat: command not found"
Solution: Install net-tools:
sudo apt-get install net-tools