سخت‌سازی امنیت سرور

#!/bin/bash

# Server Security Hardening Checklist

echo "======================================"
echo "   SERVER SECURITY AUDIT"
echo "======================================"
echo ""

ISSUES=0

echo "[1] Checking root login..."
if grep -q "^PermitRootLogin yes" /etc/ssh/sshd_config 2>/dev/null; then
    echo "⚠️  WARNING: Root login is enabled"
    ISSUES=$((ISSUES+1))
else
    echo "✓ Root login is disabled"
fi

echo "[2] Checking password authentication..."
if grep -q "^PasswordAuthentication yes" /etc/ssh/sshd_config 2>/dev/null; then
    echo "⚠️  WARNING: Password authentication is enabled"
    ISSUES=$((ISSUES+1))
else
    echo "✓ Password authentication is disabled"
fi

echo "[3] Checking firewall..."
if command -v ufw &> /dev/null; then
    if ufw status | grep -q "Status: active"; then
        echo "✓ UFW firewall is active"
    else
        echo "⚠️  WARNING: UFW firewall is inactive"
        ISSUES=$((ISSUES+1))
    fi
else
    echo "⚠️  WARNING: UFW is not installed"
    ISSUES=$((ISSUES+1))
fi

echo "[4] Checking Fail2ban..."
if systemctl is-active --quiet fail2ban; then
    echo "✓ Fail2ban is active"
else
    echo "⚠️  WARNING: Fail2ban is not active"
    ISSUES=$((ISSUES+1))
fi

echo "[5] Checking automatic updates..."
if [ -f /etc/apt/apt.conf.d/50unattended-upgrades ]; then
    echo "✓ Automatic updates configured"
else
    echo "⚠️  WARNING: Automatic updates not configured"
    ISSUES=$((ISSUES+1))
fi

echo "[6] Checking open ports..."
OPEN_PORTS=$(netstat -tuln | grep LISTEN | wc -l)
echo "Open ports: $OPEN_PORTS"

echo ""
echo "======================================"
echo "   AUDIT SUMMARY"
echo "======================================"
echo "Issues found: $ISSUES"

if [ $ISSUES -eq 0 ]; then
    echo "✓ Server security looks good!"
else
    echo "⚠️  Please fix the issues above"
fi

sudo chmod +x security_audit.sh
sudo ./security_audit.sh