7 Star 54 Fork 12

Seaton Jiang / aegis

Create your Gitee Account
Explore and code with more than 8 million developers,Free private repositories !:)
Sign up
Clone or Download
Cancel
Notice: Creating folder will generate an empty file .keep, because not support in Git
Loading...
README.md

English | 简体中文

Report Bug · Request Feature

System security hardening tool for Ubuntu Server

💻 Screenshot

Script Execution

Login Information

Mount disk

✨ Features

  • Password can be used for a maximum of 30 days.
  • After 30 days of password expiration, the account will be disabled.
  • The interval between two password changes is 1 day.
  • Warning 7 days before password expiration.
  • Set the system default encryption algorithm to SHA512.
  • Set a session timeout policy of 900 seconds.
  • Each created user will be given their own group.
  • The newly created user home directory permissions are changed to 0750.
  • Modify the permissions of the home directory of the stock user to 0750.
  • Remove useless users and packages.
  • Hardened OpenSSH config (Some configs need to be done manually).
  • Disable login for users without home directory.
  • Disable login by default for new users.
  • Disable apport and popular-contest statistics for uploading user information.
  • Disable ads in the welcome message.
  • Disable root account.
  • Disable synchronous deletion of user groups when deleting users.

There are many more settings that are not listed, and you can refer to the files in the scripts directory for more information.

🚀 Quick start

Step 1: Clone the repo

Make sure the server has git first, otherwise you need to install it using sudo apt install git.

git clone https://github.com/seatonjiang/aegis.git

Step 2: Edit the config file

Go to project directory.

cd aegis

Be sure to authenticate the contents of the config file.

vim aegis.conf

Step 3: Running script

If you are root, you can run it directly, if you are a normal user please use sudo and you must run the script with bash.

sudo bash aegis.sh

📝 Config options

# Verify at the completion of each operation.
VERIFY='Y'

# Add a production environment reminder in motd.
PROD_TIPS='Y'

# Modify the SSH port
# It is recommended to choose between 10000 and 65535.
SSH_PORT='22'

# Modify the Time zone
TIME_ZONE='Asia/Shanghai'

# Modify the hostname
# Tencent Cloud and Alibaba Cloud will automatically get the metadata.
HOSTNAME='Ubuntu-Server'

# Modify the DNS server
# Tencent Cloud and Alibaba Cloud will automatically get the metadata.
# DNSPod: 119.29.29.29      Alidns: 223.5.5.5 223.6.6.6
# Google: 8.8.8.8 8.8.4.4   Cloudflare: 1.1.1.1 1.0.0.1
DNS_SERVER='119.29.29.29'

# Modify the NTP server
# Tencent Cloud and Alibaba Cloud will automatically get the metadata.
# Tencent: ntp.tencent.com   Aliyun: ntp.aliyun.com
# Google: time1.google.com   Pool: pool.ntp.org
NTP_SERVER='ntp.tencent.com'

# Docker Compose version
DOCKER_COMPOSE='v2.3.0'

🔨 Modular

Aegis contains a number of standalone functions that are not in the auto-executed script and need to be used separately using parameters, which can be viewed using the sudo bash aegis.sh --help for all standalone functions.

Clear system

Clear all system logs, cache and backup files.

sudo bash aegis.sh --clear

Mount disk

Interactively mount the data disk (Tencent Cloud will use the soft link method of elastic cloud hard disk to mount), the data is priceless, remember to be careful during the operation!

If the selected hard disk is already mounted, you will be prompted to unmount and format the operation.

sudo bash aegis.sh --fdisk

Modify the SSH port

Interactively modify the SSH port.

The port range is recommended to be between 10000 and 65535.

sudo bash aegis.sh --sshport

Install docker

Install docker service and set registry mirrors (Tencent Cloud and Alibaba Cloud automatically use their own acceleration address), and add run permission for non-root accounts.

After installation, please log out and log back in, then test docker.

sudo bash aegis.sh --docker

Uninstall agent

Remove the various monitoring components installed into the server by the cloud vendor.

Tencent Cloud monitoring components are currently supported.

sudo bash aegis.sh --removeagent

📂 Structure

A quick look at the folder structure of this project.

aegis
├── aegis.conf
├── aegis.sh
├── config
│   └── (some config files)
└── scripts
    └── (some script files)

🤝 Contributing

We welcome all contributions. You can submit any ideas as pull requests or as issues, have a good time! :)

📃 License

The project is released under the GNU General Public License v3.0, see the LICENCE file for details.

Repository Comments ( 0 )

Sign in to post a comment

About

🛠️ Ubuntu 服务器的系统安全加固工具 expand collapse
Shell
GPL-3.0
Cancel

Releases (2)

All

aegis

Contributors

All

Activities

Load More
can not load any more
Shell
1
https://gitee.com/seatonjiang/aegis.git
git@gitee.com:seatonjiang/aegis.git
seatonjiang
aegis
aegis
main

Search

101014 b92fc32e 1850385 101014 af024cb7 1850385