AnnoyingTechnology · July 6, 2024 12:31 · AnnoyingTechnology · May 30, 2018
diff --git a/debian-security-tools.sh b/debian-security-tools.sh
 #!/bin/bash
 # update apt
 apt update
 # rkhunter : rootkit scanner
 apt install rkhunter
 # chkrootkit : another rootkit scanner
 apt install chkrootkit
 # debsums : checksums of system files for sanity checks
 apt install debsums 
 # apt-listbugs : check for bugs before updates
 apt install apt-listbugs
 # knockd : open ports on demand
 apt install knockd
 # fail2ban : ban bruforce attacks
 apt install fail2ban
 # detect and block portscans (this one is commented out by default, because your server should either
 #    be placed behing a NAT router that only forwards required ports
 #    be running a set of IPTABLES rules that already block all but the required ports
 # apt install portsentry
 # needrestart : checks if system needs a restart after updates
 apt install needrestart
 # unattended-upgrades : applies reliable security upgrades on its own
 apt install unattended-upgrades
 # lynis : audits a system for best security practices
 apt install lynis
 # debsecan : list known vulnerabilities for current system
 apt install debsecan
 # auditd : keeps track of users actions/sessions
 apt install auditd
 # iptables-persistent : brings back your iptables rules after a reboot
 apt install iptables-persistent
 # some of these tools should be set up to be ran by a cron, and to repport via email
	#!/bin/bash
	# update apt
	apt update
	# rkhunter : rootkit scanner
	apt install rkhunter
	# chkrootkit : another rootkit scanner
	apt install chkrootkit
	# debsums : checksums of system files for sanity checks
	apt install debsums
	# apt-listbugs : check for bugs before updates
	apt install apt-listbugs
	# knockd : open ports on demand
	apt install knockd
	# fail2ban : ban bruforce attacks
	apt install fail2ban
	# detect and block portscans (this one is commented out by default, because your server should either
	# be placed behing a NAT router that only forwards required ports
	# be running a set of IPTABLES rules that already block all but the required ports
	# apt install portsentry
	# needrestart : checks if system needs a restart after updates
	apt install needrestart
	# unattended-upgrades : applies reliable security upgrades on its own
	apt install unattended-upgrades
	# lynis : audits a system for best security practices
	apt install lynis
	# debsecan : list known vulnerabilities for current system
	apt install debsecan
	# auditd : keeps track of users actions/sessions
	apt install auditd
	# iptables-persistent : brings back your iptables rules after a reboot
	apt install iptables-persistent
	# some of these tools should be set up to be ran by a cron, and to repport via email
No results found