English | 简体中文
System security hardening tool for Ubuntu Server
There are many more settings that are not listed, and you can refer to the files in the
scripts directory for more information.
Make sure the server has git first, otherwise you need to install it using
sudo apt install git.
git clone https://github.com/seatonjiang/aegis.git
Go to project directory.
Be sure to authenticate the contents of the config file.
If you are root, you can run it directly, if you are a normal user please use
sudo and you must run the script with
sudo bash aegis.sh
# Verify at the completion of each operation. VERIFY='Y' # Add a production environment reminder in motd. PROD_TIPS='Y' # Modify the SSH port # It is recommended to choose between 10000 and 65535. SSH_PORT='22' # Modify the Time zone TIME_ZONE='Asia/Shanghai' # Modify the hostname # Tencent Cloud and Alibaba Cloud will automatically get the metadata. HOSTNAME='Ubuntu-Server' # Modify the DNS server # Tencent Cloud and Alibaba Cloud will automatically get the metadata. # DNSPod: 22.214.171.124 Alidns: 126.96.36.199 188.8.131.52 # Google: 184.108.40.206 220.127.116.11 Cloudflare: 18.104.22.168 22.214.171.124 DNS_SERVER='126.96.36.199' # Modify the NTP server # Tencent Cloud and Alibaba Cloud will automatically get the metadata. # Tencent: ntp.tencent.com Aliyun: ntp.aliyun.com # Google: time1.google.com Pool: pool.ntp.org NTP_SERVER='ntp.tencent.com' # Docker Compose version DOCKER_COMPOSE='v2.3.0'
Aegis contains a number of standalone functions that are not in the auto-executed script and need to be used separately using parameters, which can be viewed using the
sudo bash aegis.sh --help for all standalone functions.
Clear all system logs, cache and backup files.
sudo bash aegis.sh --clear
Interactively mount the data disk (Tencent Cloud will use the soft link method of elastic cloud hard disk to mount), the data is priceless, remember to be careful during the operation!
If the selected hard disk is already mounted, you will be prompted to unmount and format the operation.
sudo bash aegis.sh --fdisk
Interactively modify the SSH port.
The port range is recommended to be between 10000 and 65535.
sudo bash aegis.sh --sshport
Install docker service and set registry mirrors (Tencent Cloud and Alibaba Cloud automatically use their own acceleration address), and add run permission for non-root accounts.
After installation, please log out and log back in, then test docker.
sudo bash aegis.sh --docker
Remove the various monitoring components installed into the server by the cloud vendor.
Tencent Cloud monitoring components are currently supported.
sudo bash aegis.sh --removeagent
A quick look at the folder structure of this project.
aegis ├── aegis.conf ├── aegis.sh ├── config │ └── (some config files) └── scripts └── (some script files)
We welcome all contributions. You can submit any ideas as pull requests or as issues, have a good time! :)
The project is released under the GNU General Public License v3.0, see the LICENCE file for details.
：Code submit frequency
：React/respond to issue & PR etc.
：Well-balanced team members and collaboration
：Recent popularity of project
：Star counts, download counts etc.