Merge pull request #12 from StrangeRanger/dev

StrangeRanger · web-flow · commit 6a16545dd330 · 2024-04-13T12:51:13.000-07:00
diff --git a/auditing/Lynis Installer/CHANGELOG.md b/auditing/Lynis Installer/CHANGELOG.md
@@ -0,0 +1,58 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## v1.0.6 - 2024-04-13
+
+### Changed
+
+- Improved documentation of code.
+
+## v1.0.5 - 2022-07-13
+
+### Changed
+
+- Changed how the variables used to change the color of output text, are formatted, in the hopes of increasing portability.
+- Exit codes beyond 1, were reverted back to 1.
+
+## v1.0.4 - 2022-07-10
+
+### Changed
+
+- Modified exit codes.
+
+## v1.0.3 - 2020-12-01
+
+### Changed
+
+- Changed some of the output text.
+
+### Fixed
+
+- Added missing variable to `echo`, resulting in the text color to remain cyan.
+
+## v1.0.2 - N/A
+
+### Added
+
+- Added error catching when attempting to download lynis
+
+### Fixed
+
+- Fixed mistyped environmental variable from 'USER_SUDO' to 'SUDO_USER'
+
+## v1.0.1 - N/A
+
+### Added
+
+- Now prompts the user before performing actions
+
+### Fixed
+
+- Fixed script not wanting to run as root
+
+## v1.0.0 - N/A
+
+- Initial creation
diff --git a/auditing/Lynis Installer/lynis-installer b/auditing/Lynis Installer/lynis-installer
@@ -1,13 +1,16 @@
 #!/bin/bash
 #
-# A script for installing and running lynis with recommended options.
+# This script downloads a security auditing tool called Lynis, designed to scan a system
+# and identify security issues, and provides recommendations on how to better secure it.
+# Lynis, unless an error is encountered, will always be downloaded to the user's root
+# directory (/home/USERNAME/).
 #
-# Version: v1.0.5
+# Version: v1.0.6
 # License: MIT License
-#          Copyright (c) 2020-2023 Hunter T. (StrangeRanger)
+#          Copyright (c) 2020-2024 Hunter T. (StrangeRanger)
 #
 ########################################################################################
-#### [ Variables ]
+####[ Script Wide Variables ]###########################################################
 
 
 green="$(printf '\033[0;32m')"
@@ -16,9 +19,7 @@ red="$(printf '\033[1;31m')"
 nc="$(printf '\033[0m')"
 
 
-##### End of [ Variables ]
-########################################################################################
-#### [ Prepping ]
+####[ Prepping ]########################################################################
 
 
 ## Check if the script was executed with root privilege.
@@ -29,9 +30,7 @@ if [[ $EUID != 0 ]]; then
 fi
 
 
-#### End of [ Prepping ]
-########################################################################################
-#### [ Main ]
+####[ Main ]############################################################################
 
 
 read -rp "We will now download lynis. Press [Enter] to continue."
@@ -54,7 +53,3 @@ chown -R root:root lynis
 echo -e "\n${green}Lynis has been downloaded to your system"
 echo -e "${cyan}To perform a system scan with lynis, execute the following command in" \
     "the lynis root directory: sudo ./lynis audit system${nc}"
-
-
-#### End of [ Main ]
-########################################################################################
diff --git a/hardening/Root Locker/CHANGELOG.md b/hardening/Root Locker/CHANGELOG.md
@@ -0,0 +1,45 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## v1.0.6 - 2024-04-13
+
+### Changed
+
+- Improved documentation of code.
+
+## v1.0.5 - 2022-07-13
+
+### Changed
+
+- Changed how the variables used to change the color of output text, are formatted, in the hopes of increasing portability.
+- Exit codes beyond 1, were reverted back to 1.
+
+## v1.0.4 - 2022-07-10
+
+### Changed
+
+- Modified exit codes.
+- No longer backs up `/etc/shadow`.
+
+## v1.0.3 - 2020-12-01
+
+### Changed
+
+- Changed commenting style.
+
+### Fixed
+
+- Added missing variable to `echo`, resulting in the text color to remain cyan.
+
+## v1.0.2 - N/A
+
+### Changed
+
+- Changed placement of `read -p "We will now disable the root account. Press [Enter] to continue."`.
+
+## v1.0.0 - N/A
+
+- Initial creation.
diff --git a/hardening/Root Locker/root-locker b/hardening/Root Locker/root-locker
@@ -1,23 +1,23 @@
 #!/bin/bash
 #
-# Locks the root account and erases it's current password.
+# This script locks and removes the root account's password (if one is set). This
+# prevents users from successfully logging into the root account via su. Note that it
+# doesn't prevent users from becoming root via methods such as sudo su.
 #
-# Version: v1.0.5
+# Version: v1.0.6
 # License: MIT License
-#          Copyright (c) 2020-2023 Hunter T. (StrangeRanger)
+#          Copyright (c) 2020-2024 Hunter T. (StrangeRanger)
 #
 ########################################################################################
-#### [ Variables ]
+####[ Script Wide Variables ]###########################################################
 
 
 green="$(printf '\033[0;32m')"
 red="$(printf '\033[1;31m')"
 nc="$(printf '\033[0m')"
 
 
-##### End of [ Variables ]
-########################################################################################
-#### [ Prepping ]
+####[ Prepping ]########################################################################
 
 
 ## Check if this script was executed with root privilege.
@@ -28,9 +28,7 @@ if [[ $EUID != 0 ]]; then
 fi
 
 
-#### End of [ Prepping ]
-########################################################################################
-#### [ Main ]
+####[ Main ]############################################################################
 
 
 read -rp "We will now disable the root account. Press [Enter] to continue."
@@ -43,7 +41,3 @@ passwd -dl root || {
 }
 
 echo -e "\n${green}The root account has been locked${nc}"
-
-
-#### End of [ Main ]
-########################################################################################
diff --git a/hardening/SSHD Hardening/CHANGELOG.md b/hardening/SSHD Hardening/CHANGELOG.md
@@ -0,0 +1,63 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## v1.1.3 - 2024-04-13
+
+### Changed
+
+- Improved documentation and comments of code.
+
+## v1.1.1 - 2022-07-13
+
+### Changed
+
+- Changed how the variables used to change the color of output text, are formatted, in the hopes of increasing portability.
+- Exit codes beyond 1, were reverted back to 1.
+- Other efficiency changes.
+
+## v1.1.0 - 2022-07-10
+
+### Added
+
+- Sets `KbdInteractiveAuthentication` to `KbdInteractiveAuthentication no`.
+  - This setting is introduced in Ubuntu 22.04, seeming to replace `ChallengeResponseAuthentication`.
+- Asks if the end user would like to overwrite the existing backup of `sshd_config`, if it exists.
+
+### Changed
+
+- Modified exit codes.
+- Modified the output text, depending on whether the specific configurations have already been set.
+- Updated the flags and regex used by `sed` to set the configurations.
+
+## v1.0.3 - 2020-12-01
+
+### Changed
+
+- Changed commenting style.
+
+### Fixed
+
+- Added missing variable to `echo`, resulting in the text color to remain cyan.
+
+## v1.0.2 - N/A
+
+### Added
+
+- Checks if `sshd_config` exists before attempting to modify the file.
+
+## v1.0.1 - N/A
+
+### Added
+
+- Now prompts the user before performing actions.
+
+### Fixed
+
+- Fixed script not wanting to run as root.
+
+## v1.0.0
+
+- Initial creation.
diff --git a/hardening/SSHD Hardening/sshd b/hardening/SSHD Hardening/sshd
@@ -1,16 +1,17 @@
 #!/bin/bash
 #
-# Hardens sshd by modifying the configurations of '/etc/ssh/sshd_config'.
+# This script hardens the sshd-server, by modifying it's configuration file
+# (sshd_config).
 #
 # Note: This configures sshd_config to the recommendations of the security auditing tool
 #       knonw as Lynis (https://github.com/CISOfy/lynis).
 #
 # Version: v1.1.2
 # License: MIT License
-#          Copyright (c) 2020-2023 Hunter T. (StrangeRanger)
+#          Copyright (c) 2020-2024 Hunter T. (StrangeRanger)
 #
 ########################################################################################
-#### [ Variables ]
+####[ Script Wide Variables ]###########################################################
 
 
 config_file_bak="/etc/ssh/sshd_config.bak"
@@ -21,27 +22,25 @@ red="$(printf '\033[1;31m')"
 nc="$(printf '\033[0m')"
 
 
-#### End of [ Variables ]
-########################################################################################
-#### [ Functions ]
+####[ Functions ]#######################################################################
 
 
-########
+####
 # Cleanly exit the script.
 #
 # Arguments:
-#   $1 - required
-#       Exit status code.
-########
+#   - $1: exit_code (Required)
+#       - Description: The exit code to exit the script with.
+####
 clean_up() {
+    local exit_code="$1"
+
     echo -e "\nExiting..."
-    exit "$1"
+    exit "$exit_code"
 }
 
 
-#### End of [ Functions ]
-########################################################################################
-#### [ Prepping ]
+####[ Prepping ]########################################################################
 
 
 ## Check if the script was executed with root privilege.
@@ -58,9 +57,7 @@ if [[ ! -f $config_file ]]; then
 fi
 
 
-#### End of [ Prepping ]
-########################################################################################
-#### [ Main ]
+####[ Main ]############################################################################
 
 
 read -rp "We will now harden sshd. Press [Enter] to continue."
@@ -244,7 +241,3 @@ echo -e "${cyan}It is highly recommended to manually:
 1) Change the default sshd port (22)
 2) Disable PasswordAuthentication in favor of PubkeyAuthentication
 3) Add 'AllowUsers [your username]' to the bottom of 'sshd_config'${nc}"
-
-
-#### End of [ Main ]
-########################################################################################
