Skip to content

Commit 276866e

Browse files
author
Hunter T
committed
func: increase portability through color variables
1 parent 2daf147 commit 276866e

3 files changed

Lines changed: 40 additions & 40 deletions

File tree

auditing/lynis-installer.sh

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -10,10 +10,10 @@
1010
#### [ Variables ]
1111

1212

13-
green=$'\033[0;32m'
14-
cyan=$'\033[0;36m'
15-
red=$'\033[1;31m'
16-
nc=$'\033[0m'
13+
green="$(printf '\033[0;32m')"
14+
cyan="$(printf '\033[0;36m')"
15+
red="$(printf '\033[1;31m')"
16+
nc="$(printf '\033[0m')"
1717

1818

1919
##### End of [ Variables ]
@@ -39,12 +39,12 @@ read -rp "We will now download lynis. Press [Enter] to continue."
3939
echo "Changing working directory to '/home/$SUDO_USER'..."
4040
cd /home/"$SUDO_USER" || {
4141
echo "${red}Failed to change working directory to '/home/$SUDO_USER'"
42-
echo "${cyan}Lynis will download to '$PWD'$nc"
42+
echo "${cyan}Lynis will download to '$PWD'${nc}"
4343
}
4444

4545
echo "Downloading lynis..."
4646
git clone https://github.com/CISOfy/lynis || {
47-
echo "${red}Failed to download lynis$nc" >&2
47+
echo "${red}Failed to download lynis${nc}" >&2
4848
echo -e "\nExiting..."
4949
exit 1
5050
}
@@ -53,7 +53,7 @@ chown -R root:root lynis
5353

5454
echo -e "\n${green}Lynis has been downloaded to your system"
5555
echo -e "${cyan}To perform a system scan with lynis, execute the following command in" \
56-
"the lynis root directory: sudo ./lynis audit system$nc"
56+
"the lynis root directory: sudo ./lynis audit system${nc}"
5757

5858

5959
#### End of [ Main ]

hardening/root-locker.sh

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -10,9 +10,9 @@
1010
#### [ Variables ]
1111

1212

13-
green=$'\033[0;32m'
14-
red=$'\033[1;31m'
15-
nc=$'\033[0m'
13+
green="$(printf '\033[0;32m')"
14+
red="$(printf '\033[1;31m')"
15+
nc="$(printf '\033[0m')"
1616

1717

1818
##### End of [ Variables ]
@@ -22,7 +22,7 @@ nc=$'\033[0m'
2222

2323
## Check if this script was executed with root privilege.
2424
if [[ $EUID != 0 ]]; then
25-
echo "${red}Please run this script as or with root privilege$nc" >&2
25+
echo "${red}Please run this script as or with root privilege${nc}" >&2
2626
echo -e "\nExiting..."
2727
exit 2
2828
fi
@@ -37,11 +37,11 @@ read -rp "We will now disable the root account. Press [Enter] to continue."
3737

3838
echo "Disabling root account..."
3939
passwd -dl root || {
40-
echo -e "\n${red}Failed to lock the root account$nc"
40+
echo -e "\n${red}Failed to lock the root account${nc}"
4141
exit 1
4242
}
4343

44-
echo -e "\n${green}The root account has been locked$nc"
44+
echo -e "\n${green}The root account has been locked${nc}"
4545

4646

4747
#### End of [ Main ]

hardening/sshd.sh

Lines changed: 27 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -15,10 +15,10 @@
1515

1616
config_file_bak="/etc/ssh/sshd_config.bak"
1717
config_file="/etc/ssh/sshd_config"
18-
green=$'\033[0;32m'
19-
cyan=$'\033[0;36m'
20-
red=$'\033[1;31m'
21-
nc=$'\033[0m'
18+
green="$(printf '\033[0;32m')"
19+
cyan="$(printf '\033[0;36m')"
20+
red="$(printf '\033[1;31m')"
21+
nc="$(printf '\033[0m')"
2222

2323

2424
##### End of [ Variables ]
@@ -28,15 +28,15 @@ nc=$'\033[0m'
2828

2929
## Check if the script was executed with root privilege.
3030
if [[ $EUID != 0 ]]; then
31-
echo "${red}Please run this script as or with root privilege$nc" >&2
31+
echo "${red}Please run this script as or with root privilege${nc}" >&2
3232
echo -e "\nExiting..."
3333
exit 2
3434
fi
3535

3636
## Confirm that 'sshd_config' exists.
3737
if [[ ! -f $config_file ]]; then
3838
echo "${red}'sshd_config' doesn't exist" >&2
39-
echo "${cyan}openssh-server may not be installed$nc"
39+
echo "${cyan}openssh-server may not be installed${nc}"
4040
echo -e "\nExiting..."
4141
exit 3
4242
fi
@@ -60,7 +60,7 @@ if [[ -f $config_file_bak ]]; then
6060
rm $config_file_bak && cp $config_file $config_file_bak || {
6161
echo "${red}Failed to back up sshd_config" >&2
6262
echo "${cyan}Please create a backup of the original 'sshd_config'" \
63-
"before continuing$nc"
63+
"before continuing${nc}"
6464
exit 1
6565
}
6666
;;
@@ -70,7 +70,7 @@ else
7070
cp $config_file $config_file_bak || {
7171
echo "${red}Failed to back up sshd_config" >&2
7272
echo "${cyan}Please create a backup of the original 'sshd_config' before" \
73-
"continuing$nc"
73+
"continuing${nc}"
7474
exit 1
7575
}
7676
fi
@@ -80,143 +80,143 @@ if grep -Eq '^LogLevel VERBOSE$' "$config_file"; then
8080
elif grep -Eq '^#?LogLevel(.*)?$' "$config_file"; then
8181
echo "Setting 'LogLevel VERBOSE'..."
8282
sed -Ei 's/^#?LogLevel(.*)?$/LogLevel VERBOSE/gm' "$config_file" \
83-
|| echo "${red}Failed to set 'LogLevel VERBOSE'$nc"
83+
|| echo "${red}Failed to set 'LogLevel VERBOSE'${nc}"
8484
fi
8585

8686
if grep -Eq '^LoginGraceTime 30$' "$config_file"; then
8787
echo "LoginGraceTime already set to '30'"
8888
elif grep -Eq '^#?LoginGraceTime(.*)?$' "$config_file"; then
8989
echo "Setting 'LoginGraceTime 30'..."
9090
sed -Ei 's/^#?LoginGraceTime(.*)?$/LoginGraceTime 30/gm' "$config_file" \
91-
|| echo "${red}Failed to set 'LoginGraceTime 30'$nc"
91+
|| echo "${red}Failed to set 'LoginGraceTime 30'${nc}"
9292
fi
9393

9494
if grep -Eq '^PermitRootLogin no$' "$config_file"; then
9595
echo "PermitRootLogin already set to 'no'"
9696
elif grep -Eq '^#?PermitRootLogin(.*)?$' "$config_file"; then
9797
echo "Setting 'PermitRootLogin no'..."
9898
sed -Ei 's/^#?PermitRootLogin(.*)?$/PermitRootLogin no/gm' "$config_file" \
99-
|| echo "${red}Failed to set 'PermitRootLogin no'$nc"
99+
|| echo "${red}Failed to set 'PermitRootLogin no'${nc}"
100100
fi
101101

102102
if grep -Eq '^MaxAuthTries 3$' "$config_file"; then
103103
echo "MaxAuthTries already set to '3'"
104104
elif grep -Eq '^#?MaxAuthTries(.*)?$' "$config_file"; then
105105
echo "Setting 'MaxAuthTries 3'..."
106106
sed -Ei 's/^#?MaxAuthTries(.*)?$/MaxAuthTries 3/gm' "$config_file" \
107-
|| echo "${red}Failed to set 'MaxAuthTries 3'$nc"
107+
|| echo "${red}Failed to set 'MaxAuthTries 3'${nc}"
108108
fi
109109

110110
if grep -Eq '^MaxSessions 2$' "$config_file"; then
111111
echo "MaxSessions already set to '2'"
112112
elif grep -Eq '^#?MaxSessions(.*)?$' "$config_file"; then
113113
echo "Setting 'MaxSessions 2'..."
114114
sed -Ei 's/^#?MaxSessions(.*)?$/MaxSessions 2/gm' "$config_file" \
115-
|| echo "${red}Failed to set 'MaxSessions 2'$nc"
115+
|| echo "${red}Failed to set 'MaxSessions 2'${nc}"
116116
fi
117117

118118
if grep -Eq '^PubkeyAuthentication yes$' "$config_file"; then
119119
echo "PubkeyAuthentication already set to 'yes'"
120120
elif grep -Eq '^#?PubkeyAuthentication(.*)?$' "$config_file"; then
121121
echo "Setting 'PubkeyAuthentication yes'..."
122122
sed -Ei 's/^#?PubkeyAuthentication(.*)?$/PubkeyAuthentication yes/gm' "$config_file" \
123-
|| echo "${red}Failed to set 'PubkeyAuthentication yes'$nc"
123+
|| echo "${red}Failed to set 'PubkeyAuthentication yes'${nc}"
124124
fi
125125

126126
if grep -Eq '^PermitEmptyPasswords no$' "$config_file"; then
127127
echo "PermitEmptyPasswords already set to 'no'"
128128
elif grep -Eq '^#?PermitEmptyPasswords(.*)?$' "$config_file"; then
129129
echo "Setting 'PermitEmptyPasswords no'..."
130130
sed -Ei 's/^#?PermitEmptyPasswords(.*)?$/PermitEmptyPasswords no/gm' "$config_file" \
131-
|| echo "${red}Failed to set 'PermitEmptyPasswords no'$nc"
131+
|| echo "${red}Failed to set 'PermitEmptyPasswords no'${nc}"
132132
fi
133133

134134
if grep -Eq '^ChallengeResponseAuthentication no$' "$config_file"; then
135135
echo "ChallengeResponseAuthentication already set to 'no'"
136136
elif grep -Eq '^#?ChallengeResponseAuthentication(.*)?$' "$config_file"; then
137137
echo "Setting 'ChallengeResponseAuthentication no'..."
138138
sed -Ei 's/^#?ChallengeResponseAuthentication(.*)?$/ChallengeResponseAuthentication no/gm' "$config_file" \
139-
|| echo "${red}Failed to set 'ChallengeResponseAuthentication no'$nc"
139+
|| echo "${red}Failed to set 'ChallengeResponseAuthentication no'${nc}"
140140
fi
141141

142142
if grep -Eq '^KbdInteractiveAuthentication no$' "$config_file"; then
143143
echo "KbdInteractiveAuthentication already set to 'no'"
144144
elif grep -Eq '^#?KbdInteractiveAuthentication(.*)?$' "$config_file"; then
145145
echo "Setting 'KbdInteractiveAuthentication no'..."
146146
sed -Ei 's/^#?KbdInteractiveAuthentication(.*)?$/KbdInteractiveAuthentication no/gm' "$config_file" \
147-
|| echo "${red}Failed to set 'KbdInteractiveAuthentication no'$nc"
147+
|| echo "${red}Failed to set 'KbdInteractiveAuthentication no'${nc}"
148148
fi
149149

150150
if grep -Eq '^UsePAM yes$' "$config_file"; then
151151
echo "UsePAM already set to 'yes'"
152152
elif grep -Eq '^#?UsePAM(.*)?$' "$config_file"; then
153153
echo "Setting 'UsePAM yes'..."
154154
sed -Ei 's/^#?UsePAM(.*)?$/UsePAM yes/gm' "$config_file" \
155-
|| echo "${red}Failed to set 'UsePAM yes'$nc"
155+
|| echo "${red}Failed to set 'UsePAM yes'${nc}"
156156
fi
157157

158158
if grep -Eq '^AllowAgentForwarding no$' "$config_file"; then
159159
echo "AllowAgentForwarding already set to 'no'"
160160
elif grep -Eq '^#?AllowAgentForwarding(.*)?$' "$config_file"; then
161161
echo "Setting 'AllowAgentForwarding no'..."
162162
sed -Ei 's/^#?AllowAgentForwarding(.*)?$/AllowAgentForwarding no/gm' "$config_file" \
163-
|| echo "${red}Failed to set 'AllowAgentForwarding no'$nc"
163+
|| echo "${red}Failed to set 'AllowAgentForwarding no'${nc}"
164164
fi
165165

166166
if grep -Eq '^AllowTcpForwarding no$' "$config_file"; then
167167
echo "AllowTcpForwarding already set to 'no'"
168168
elif grep -Eq '^#?AllowTcpForwarding(.*)?$' "$config_file"; then
169169
echo "Setting 'AllowTcpForwarding no'..."
170170
sed -Ei 's/^#?AllowTcpForwarding(.*)?$/AllowTcpForwarding no/gm' "$config_file" \
171-
|| echo "${red}Failed to set 'AllowTcpForwarding no'$nc"
171+
|| echo "${red}Failed to set 'AllowTcpForwarding no'${nc}"
172172
fi
173173

174174
if grep -Eq '^X11Forwarding no$' "$config_file"; then
175175
echo "X11Forwarding already set to 'no'"
176176
elif grep -Eq '^#?X11Forwarding(.*)?$' "$config_file"; then
177177
echo "Setting 'X11Forwarding no'..."
178178
sed -Ei 's/^#?X11Forwarding(.*)?$/X11Forwarding no/gm' "$config_file" \
179-
|| echo "${red}Failed to set 'X11Forwarding no'$nc"
179+
|| echo "${red}Failed to set 'X11Forwarding no'${nc}"
180180
fi
181181

182182
if grep -Eq '^PrintMotd no$' "$config_file"; then
183183
echo "PrintMotd already set to 'no'"
184184
elif grep -Eq '^#?PrintMotd(.*)?$' "$config_file"; then
185185
echo "Setting 'PrintMotd no'..."
186186
sed -Ei 's/^#?PrintMotd(.*)?$/PrintMotd no/gm' "$config_file" \
187-
|| echo "${red}Failed to set 'PrintMotd no'$nc"
187+
|| echo "${red}Failed to set 'PrintMotd no'${nc}"
188188
fi
189189

190190
if grep -Eq '^TCPKeepAlive no$' "$config_file"; then
191191
echo "TCPKeepAlive already set to 'no'"
192192
elif grep -Eq '^#?TCPKeepAlive(.*)?$' "$config_file"; then
193193
echo "Setting 'TCPKeepAlive no'..."
194194
sed -Ei 's/^#?TCPKeepAlive(.*)?$/TCPKeepAlive no/gm' "$config_file" \
195-
|| echo "${red}Failed to set 'TCPKeepAlive no'$nc"
195+
|| echo "${red}Failed to set 'TCPKeepAlive no'${nc}"
196196
fi
197197

198198
if grep -Eq '^Compression no$' "$config_file"; then
199199
echo "Compression already set to 'no'"
200200
elif grep -Eq '^#?Compression(.*)?$' "$config_file"; then
201201
echo "Setting 'Compression no'..."
202202
sed -Ei 's/^#?Compression(.*)?$/Compression no/gm' "$config_file" \
203-
|| echo "${red}Failed to set 'Compression no'$nc"
203+
|| echo "${red}Failed to set 'Compression no'${nc}"
204204
fi
205205

206206
if grep -Eq '^ClientAliveInterval 300$' "$config_file"; then
207207
echo "ClientAliveInterval already set to '300'"
208208
elif grep -Eq '^#?ClientAliveInterval(.*)?$' "$config_file"; then
209209
echo "Setting 'ClientAliveInterval 300'..."
210210
sed -Ei 's/^#?ClientAliveInterval(.*)?$/ClientAliveInterval 300/gm' "$config_file" \
211-
|| echo "${red}Failed to set 'ClientAliveInterval 300'$nc"
211+
|| echo "${red}Failed to set 'ClientAliveInterval 300'${nc}"
212212
fi
213213

214214
if grep -Eq '^ClientAliveCountMax 2$' "$config_file"; then
215215
echo "UseClientAliveCountMaxPAM already set to '2'"
216216
elif grep -Eq '^#?ClientAliveCountMax(.*)?$' "$config_file"; then
217217
echo "Setting 'ClientAliveCountMax 2'..."
218218
sed -Ei 's/^#?ClientAliveCountMax(.*)?$/ClientAliveCountMax 2/gm' "$config_file" \
219-
|| echo "${red}Failed to set 'ClientAliveCountMax 2'$nc"
219+
|| echo "${red}Failed to set 'ClientAliveCountMax 2'${nc}"
220220
fi
221221

222222
echo -e "\nRestarting sshd..."
@@ -226,7 +226,7 @@ echo -e "\n${green}Finished hardening sshd"
226226
echo -e "${cyan}It is highly recommended to manually:
227227
1) Change the default sshd port (22)
228228
2) Disable PasswordAuthentication in favor of PubkeyAuthentication
229-
3) Add 'AllowUsers [your username]' to the bottom of 'sshd_config'$nc"
229+
3) Add 'AllowUsers [your username]' to the bottom of 'sshd_config'${nc}"
230230

231231

232232
#### End of [ Main ]

0 commit comments

Comments
 (0)