Limit password usage to 30 days
The account will be disabled after 30 days of password expiration
Set the interval between password changes to 1 day
Warning will be issued 7 days before password expiration
Set the system default encryption algorithm to SHA512
Set the session timeout policy to 900 seconds
Create and join a group with the same name for the new user
Set the new user’s home directory permission to 0750
Set the home directory permission of the existing user to 0750
Delete unused users and software packages
Strengthen OpenSSH configuration (some configurations need to be manually configured)
Disable users without a home directory
Forbid new user to log in with SHELL
Function to prohibit uploading and user information
Disable the advertising component in motd
Disable the root account
Disable synchronous deletion of a user group

There are many features that are not listed, please refer to the files in the scripts directory for more information (code address at the end of the article).

Instructions

Step 1: Clone warehouse

Make sure Git is installed on the server, otherwise you need to install git with sudo apt install command:

git clone https://github.com/seatonjiang/aegis.git

If the connection is not possible due to network problems, you can use the domestic mirror warehouse, but the mirror warehouse will have a 30-minute delay:

git clone https://gitee.com/seatonjiang/aegis.git

Step 2: Edit configuration

Enter the project folder:

cd aegis

Check the configuration information in the configuration file (configuration file description below) :

vim aegis.conf

Step 3: Run the script

If you are a root account, you can run it directly, if you are a normal account, you need to run it using sudo, and you must run the script using bash:

sudo bash aegis.sh

Configuration file

# Verify each action after completion 
VERIFY='Y'

# Tips for adding production environments to motd 
PROD_TIPS='Y'

# Modify SSH port, recommended range from 10000-65535 select 
SSH_PORT='22'

# Change the time zone 
TIME_ZONE='Asia/Shanghai'

# Modify the host name (Tencent Cloud, Alibaba Cloud, Huawei Cloud automatically pull metadata) 
HOSTNAME='Ubuntu-Server'

# Modify DNS server (Tencent Cloud, Alibaba Cloud, Huawei Cloud automatically pull metadata) 
DNS_SERVER='119.29.29.29'

# Modify NTP server (Tencent Cloud, Alibaba Cloud, Huawei Cloud automatically pull metadata) 
NTP_SERVER='ntp.ntsc.ac.cn'

# Docker Compose version 
< span class = "HLJS - attr" > DOCKER_COMPOSE < / span > = < span class = "HLJS - string" > 'v2.2.3' < / span > < / code > < / pre >

Independent function

Aegis contains some independent functions that are not in the automatic script and need to be used separately with parameters. You can use the sudo bash aegis.sh –help command to view all independent functions.

- Clean up the trash
- Clear all system logs, cache files, backup files, and font files.

The image provided by some VPS service providers (not specifically referring to Tencent Cloud) is not standardized due to the production process, resulting in the packaging of some junk files into the image, it is recommended that friends using these service providers clean up the system garbage before initializing the system.

sudo bash aegis.sh --clear

Mount hard disk

Interactive mounting data disk (Tencent cloud will use flexible cloud hard disk soft link mount), data priceless, the operation process remember to be careful!

If the selected hard disk is already mounted, you will be prompted to unmount and format it.

sudo bash aegis.sh --fdisk

Modify port

Interactively modify the SSH port.

The recommended port number ranges from 10000 to 65535.

sudo bash aegis.sh --sshport

Install Docker

Install Docker service and set image acceleration (Tencent Cloud, Alibaba Cloud and Huawei Cloud automatically use their own acceleration addresses), and add the operation permission of non-root accounts.

After the installation is complete, please log out of the current account and log in again, and then test whether the related functions of Docker are normal.

sudo bash aegis.sh --docker

Uninstall monitoring

Delete various monitoring components installed on the server by the cloud vendor.

currently supports Tencent cloud monitoring components.

sudo bash aegis.sh --removeagent

Tool screenshot

Script execution

System security hardening tool for Ubuntu servers插图1

Login information

System security hardening tool for Ubuntu servers插图2

Mount hard disk

System security hardening tool for Ubuntu servers插图3

This project uses the GPL-3.0 open source protocol, and more functions can be read by yourself.

资源下载此资源为免费资源立即下载

Telegram:@John_Software

collect(0) Like (0)

Disclaimer: This article is published by a third party and represents the views of the author only and has nothing to do with this website. This site does not make any guarantee or commitment to the authenticity, completeness and timeliness of this article and all or part of its content, please readers for reference only, and please verify the relevant content. The publication or republication of articles by this website for the purpose of conveying more information does not mean that it endorses its views or confirms its description, nor does it mean that this website is responsible for its authenticity.

Ictcoder Free source code System security hardening tool for Ubuntu servers https://ictcoder.com/kyym/system-security-hardening-tool-for-ubuntu-servers.html

lllll

Share free open-source source code

Previous article： PaddleOCR based C++ code modification and encapsulation. NET tool class library

Next article： CHINER is an open source and free database modeling tool

Q&A

What is the delivery method?

1, automatic: after taking the photo, click the (download) link to download; 2. Manual: After taking the photo, contact the seller to issue it or contact the official to find the developer to ship.

View details

How long is the trading cycle?

1, the default transaction cycle of the source code: manual delivery of goods for 1-3 days, and the user payment amount will enter the platform guarantee until the completion of the transaction or 3-7 days can be issued, in case of disputes indefinitely extend the collection amount until the dispute is resolved or refunded!

View details

Matters needing attention

1. Heptalon will permanently archive the process of trading between the two parties and the snapshots of the traded goods to ensure that the transaction is true, effective and safe! 2, Seven PAWS can not guarantee such as "permanent package update", "permanent technical support" and other similar transactions after the merchant commitment, please identify the buyer; 3, in the source code at the same time there is a website demonstration and picture demonstration, and the site is inconsistent with the diagram, the default according to the diagram as the dispute evaluation basis (except for special statements or agreement); 4, in the absence of "no legitimate basis for refund", the commodity written "once sold, no support for refund" and other similar statements, shall be deemed invalid; 5, before the shooting, the transaction content agreed by the two parties on QQ can also be the basis for dispute judgment (agreement and description of the conflict, the agreement shall prevail); 6, because the chat record can be used as the basis for dispute judgment, so when the two sides contact, only communicate with the other party on the QQ and mobile phone number left on the systemhere, in case the other party does not recognize self-commitment. 7, although the probability of disputes is very small, but be sure to retain such important information as chat records, mobile phone messages, etc., in case of disputes, it is convenient for seven PAWS to intervene in rapid processing.

View details

Systemhere declaration

1. As a third-party intermediary platform, Qichou protects the security of the transaction and the rights and interests of both buyers and sellers according to the transaction contract (commodity description, content agreed before the transaction); 2, non-platform online trading projects, any consequences have nothing to do with mutual site; No matter the seller for any reason to require offline transactions, please contact the management report.

View details