Limit password usage to 30 days
The account will be disabled after 30 days of password expiration
Set the interval between password changes to 1 day
Warning will be issued 7 days before password expiration
Set the system default encryption algorithm to SHA512
Set the session timeout policy to 900 seconds
Create and join a group with the same name for the new user
Set the new user’s home directory permission to 0750
Set the home directory permission of the existing user to 0750
Delete unused users and software packages
Strengthen OpenSSH configuration (some configurations need to be manually configured)
Disable users without a home directory
Forbid new user to log in with SHELL
Function to prohibit uploading and user information
Disable the advertising component in motd
Disable the root account
Disable synchronous deletion of a user group

There are many features that are not listed, please refer to the files in the scripts directory for more information (code address at the end of the article).

Instructions

Step 1: Clone warehouse

Make sure Git is installed on the server, otherwise you need to install git with sudo apt install command:

git clone https://github.com/seatonjiang/aegis.git

If the connection is not possible due to network problems, you can use the domestic mirror warehouse, but the mirror warehouse will have a 30-minute delay:

git clone https://gitee.com/seatonjiang/aegis.git

Step 2: Edit configuration

Enter the project folder:

cd aegis

Check the configuration information in the configuration file (configuration file description below) :

vim aegis.conf

Step 3: Run the script

If you are a root account, you can run it directly, if you are a normal account, you need to run it using sudo, and you must run the script using bash:

sudo bash aegis.sh

Configuration file

# Verify each action after completion 
VERIFY='Y'

# Tips for adding production environments to motd 
PROD_TIPS='Y'

# Modify SSH port, recommended range from 10000-65535 select 
SSH_PORT='22'

# Change the time zone 
TIME_ZONE='Asia/Shanghai'

# Modify the host name (Tencent Cloud, Alibaba Cloud, Huawei Cloud automatically pull metadata) 
HOSTNAME='Ubuntu-Server'

# Modify DNS server (Tencent Cloud, Alibaba Cloud, Huawei Cloud automatically pull metadata) 
DNS_SERVER='119.29.29.29'

# Modify NTP server (Tencent Cloud, Alibaba Cloud, Huawei Cloud automatically pull metadata) 
NTP_SERVER='ntp.ntsc.ac.cn'

# Docker Compose version 
< span class = "HLJS - attr" > DOCKER_COMPOSE < / span > = < span class = "HLJS - string" > 'v2.2.3' < / span > < / code > < / pre >

Independent function

Aegis contains some independent functions that are not in the automatic script and need to be used separately with parameters. You can use the sudo bash aegis.sh –help command to view all independent functions.

- Clean up the trash
- Clear all system logs, cache files, backup files, and font files.

The image provided by some VPS service providers (not specifically referring to Tencent Cloud) is not standardized due to the production process, resulting in the packaging of some junk files into the image, it is recommended that friends using these service providers clean up the system garbage before initializing the system.

sudo bash aegis.sh --clear

Mount hard disk

Interactive mounting data disk (Tencent cloud will use flexible cloud hard disk soft link mount), data priceless, the operation process remember to be careful!

If the selected hard disk is already mounted, you will be prompted to unmount and format it.

sudo bash aegis.sh --fdisk

Modify port

Interactively modify the SSH port.

The recommended port number ranges from 10000 to 65535.

sudo bash aegis.sh --sshport

Install Docker

Install Docker service and set image acceleration (Tencent Cloud, Alibaba Cloud and Huawei Cloud automatically use their own acceleration addresses), and add the operation permission of non-root accounts.

After the installation is complete, please log out of the current account and log in again, and then test whether the related functions of Docker are normal.

sudo bash aegis.sh --docker

Uninstall monitoring

Delete various monitoring components installed on the server by the cloud vendor.

currently supports Tencent cloud monitoring components.

sudo bash aegis.sh --removeagent

Tool screenshot

Script execution

System security hardening tool for Ubuntu servers插图1

Login information

System security hardening tool for Ubuntu servers插图2

Mount hard disk

System security hardening tool for Ubuntu servers插图3

This project uses the GPL-3.0 open source protocol, and more functions can be read by yourself.

资源下载此资源为免费资源立即下载

Telegram:@John_Software

collect(0) Like (0)

Disclaimer: This article is published by a third party and represents the views of the author only and has nothing to do with this website. This site does not make any guarantee or commitment to the authenticity, completeness and timeliness of this article and all or part of its content, please readers for reference only, and please verify the relevant content. The publication or republication of articles by this website for the purpose of conveying more information does not mean that it endorses its views or confirms its description, nor does it mean that this website is responsible for its authenticity.

Ictcoder Free Source Code System security hardening tool for Ubuntu servers https://ictcoder.com/system-security-hardening-tool-for-ubuntu-servers/

lllll

Share free open-source source code

Previous article： PaddleOCR based C++ code modification and encapsulation. NET tool class library

Next article： CHINER is an open source and free database modeling tool

Q&A

Ordering Process

1. Automatic: After making an online payment, click the (Download) link to download the source code; 2. Manual: Contact the seller or the official to check if the template is consistent. Then, place an order and make payment online. The seller ships the goods, and both parties inspect and confirm that there are no issues. ICTcoder will then settle the payment for the seller. Note: Please ensure to place your order and make payment through ICTcoder. If you do not place your order and make payment through ICTcoder, and the seller sends fake source code or encounters any issues, ICTcoder will not assist in resolving them, nor can we guarantee your funds!

View details

Transactions and Disputes

1. Default transaction cycle for source code: The seller manually ships the goods within 1-3 days. The amount paid by the user will be held in escrow by ICTcoder until 7 days after the transaction is completed and both parties confirm that there are no issues. ICTcoder will then settle with the seller. In case of any disputes, ICTcoder will have staff to assist in handling until the dispute is resolved or a refund is made! If the buyer places an order and makes payment not through ICTcoder, any issues and disputes have nothing to do with ICTcoder, and ICTcoder will not be responsible for any liabilities!

View details

Matters needing attention

1. ICTcoder will permanently archive the transaction process between both parties and snapshots of the traded goods to ensure the authenticity, validity, and security of the transaction! 2. ICTcoder cannot guarantee services such as "permanent package updates" and "permanent technical support" after the merchant's commitment. Buyers are advised to identify these services on their own. If necessary, they can contact ICTcoder for assistance; 3. When both website demonstration and image demonstration exist in the source code, and the text descriptions of the website and images are inconsistent, the text description of the image shall prevail as the basis for dispute resolution (excluding special statements or agreements); 4. If there is no statement such as "no legal basis for refund" or similar content, any indication on the product that "once sold, no refunds will be supported" or other similar declarations shall be deemed invalid; 5. Before the buyer places an order and makes payment, the transaction details agreed upon by both parties via WhatsApp or email can also serve as the basis for dispute resolution (in case of any inconsistency between the agreement and the description of the conflict, the agreement shall prevail); 6. Since chat records and email records can serve as the basis for dispute resolution, both parties should only communicate with each other through the contact information left on the system when contacting each other, in order to prevent the other party from denying their own commitments. 7. Although the probability of disputes is low, it is essential to retain important information such as chat records, text messages, and email records, in case a dispute arises, so that ICTcoder can intervene quickly.

View details

ICTcoder reminds and declares

1. As a third-party intermediary platform, ICTcoder solely protects transaction security and the rights and interests of both buyers and sellers based on the transaction contract (product description, agreed content before the transaction); 2. For online trading projects not on the ICTcoder platform, any consequences are unrelated to this platform; regardless of the reason why the seller requests an offline transaction, please contact the administrator to report.

View details