AnnoyingTechnology · July 6, 2024 12:31 · AnnoyingTechnology · May 30, 2018
diff --git a/debian-security-tools.sh b/debian-security-tools.sh
 #!/bin/bash
 # update apt
 apt update
 # install proper tools
 apt install \
 # rkhunter : rootkit scanner
 rkhunter \
 # chkrootkit : another rootkit scanner
 chkrootkit \
 # debsums : checksums of system files for sanity checks
 debsums \ 
 # apt-listbugs : check for bugs before updates
 apt-listbugs \
 # knockd : open ports on demand
 knockd \
 # fail2ban : ban bruforce attacks
 fail2ban \
 # detect and block portscans (this one is commented out by default, because your server should either
 #    be placed behing a NAT router that only forwards required ports
 #    be running a set of IPTABLES rules that already block all but the required ports
 # portsentry \
 # needrestart : checks if system needs a restart after updates
 needrestart \
 # unattended-upgrades : applies reliable security upgrades on its own
 unattended-upgrades \
 # lynis : audits a system for best security practices
 lynis \
 # debsecan : list known vulnerabilities for current system
 debsecan \
 # auditd : keeps track of users actions/sessions
 auditd \
 # iptables-persistent : brings back your iptables rules after a reboot
 iptables-persistent
 # some of these tools should be set up to be ran by a cron, and to repport via email
	#!/bin/bash
	# update apt
	apt update
	# install proper tools
	apt install \
	# rkhunter : rootkit scanner
	rkhunter \
	# chkrootkit : another rootkit scanner
	chkrootkit \
	# debsums : checksums of system files for sanity checks
	debsums \
	# apt-listbugs : check for bugs before updates
	apt-listbugs \
	# knockd : open ports on demand
	knockd \
	# fail2ban : ban bruforce attacks
	fail2ban \
	# detect and block portscans (this one is commented out by default, because your server should either
	# be placed behing a NAT router that only forwards required ports
	# be running a set of IPTABLES rules that already block all but the required ports
	# portsentry \
	# needrestart : checks if system needs a restart after updates
	needrestart \
	# unattended-upgrades : applies reliable security upgrades on its own
	unattended-upgrades \
	# lynis : audits a system for best security practices
	lynis \
	# debsecan : list known vulnerabilities for current system
	debsecan \
	# auditd : keeps track of users actions/sessions
	auditd \
	# iptables-persistent : brings back your iptables rules after a reboot
	iptables-persistent
	# some of these tools should be set up to be ran by a cron, and to repport via email
No results found