diff --git a/10-Fail2ban/jail.local b/10-Fail2ban/jail.local new file mode 100644 index 0000000..7f9ea3a --- /dev/null +++ b/10-Fail2ban/jail.local @@ -0,0 +1,7 @@ +[sshd] +enabled = true +port = 2222 +filter = sshd +logpath = /var/log/auth.log +maxretry = 3 +bantime = 3600 \ No newline at end of file diff --git a/10-Fail2ban/script.sh b/10-Fail2ban/script.sh index e10044a..7fb21c1 100644 --- a/10-Fail2ban/script.sh +++ b/10-Fail2ban/script.sh @@ -16,5 +16,16 @@ apt install -y fail2ban >> /dev/null echo "${YELLOW} * ${NOCOLOR} Installation composant : ${GREEN} OK" echo "${NOCOLOR}" +cp 10-Fail2ban/jail.local /etc/fail2ban/jail.local >> /dev/null + +echo "${YELLOW} * ${NOCOLOR} Relance de service" +echo "${NOCOLOR}" + +systemctl enable fail2ban +systemctl start fail2ban + +echo "${YELLOW} * ${NOCOLOR} Relance de service : ${GREEN} OK" +echo "${NOCOLOR}" + echo "${YELLOW} ** ${NOCOLOR} Fin du script : 10-Fail2Ban" echo "${NOCOLOR}" \ No newline at end of file diff --git a/11-RemoveService/script.sh b/11-RemoveService/script.sh new file mode 100644 index 0000000..d876506 --- /dev/null +++ b/11-RemoveService/script.sh @@ -0,0 +1,22 @@ +#!/bin/sh +# Pour la configuration Remove Service +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +NOCOLOR='\033[0m' + +echo "${YELLOW} ** ${NOCOLOR} Début du script : 11-Remove Service" +echo "${NOCOLOR}" + +systemctl list-unit-files --state=enabled + +echo "${YELLOW} * ${NOCOLOR} Arret du service : " +echo "${NOCOLOR}" + +# systemctl disable service_name +# systemctl stop service_name + +echo "${YELLOW} * ${NOCOLOR} Arret du service : : ${GREEN} OK" +echo "${NOCOLOR}" + +echo "${YELLOW} ** ${NOCOLOR} Fin du script : 11-Remove Service" +echo "${NOCOLOR}" \ No newline at end of file diff --git a/12-hardening/limits.conf b/12-hardening/limits.conf new file mode 100644 index 0000000..61b0e95 --- /dev/null +++ b/12-hardening/limits.conf @@ -0,0 +1,3 @@ +* hard core 0 +* soft nproc 1000 +* hard nproc 2000 \ No newline at end of file diff --git a/12-hardening/script.sh b/12-hardening/script.sh new file mode 100644 index 0000000..f897365 --- /dev/null +++ b/12-hardening/script.sh @@ -0,0 +1,18 @@ +#!/bin/sh +# Pour la configuration Hardening + +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +NOCOLOR='\033[0m' + +echo "${YELLOW} ** ${NOCOLOR} Début du script : 12-Hardening" +echo "${NOCOLOR}" + +cp 12-hardening/sysctl.conf /etc/sysctl.conf >> /dev/null + +sysctl -p + +cp 12-hardening/limits.conf /etc/security/limits.conf >> /dev/null + +echo "${YELLOW} ** ${NOCOLOR} Fin du script : 12-Hardening" +echo "${NOCOLOR}" \ No newline at end of file diff --git a/12-hardening/sysctl.conf b/12-hardening/sysctl.conf new file mode 100644 index 0000000..2b7c6ae --- /dev/null +++ b/12-hardening/sysctl.conf @@ -0,0 +1,12 @@ +# Protection contre les attaques de type spoofing +net.ipv4.conf.all.rp_filter=1 +net.ipv4.conf.default.rp_filter=1 + +# Désactivation du routage IP +net.ipv4.ip_forward=0 + +# Protection contre les attaques SYN flood +net.ipv4.tcp_syncookies=1 + +# Ignorer les pings +net.ipv4.icmp_echo_ignore_all=1 \ No newline at end of file diff --git a/README.md b/README.md index 8841e8b..d6a8b10 100644 --- a/README.md +++ b/README.md @@ -55,8 +55,12 @@ Installation du paramétrage nrpe ## 09-Firewall +Installation du Firewall + paramétrage + ## 10-Fail2Ban +Installation du Faild2Ban + paramétrage + # 3. Update Depuis un terminal, Aller dans le dossier. diff --git a/script.sh b/script.sh index 55fce6c..a8a970f 100644 --- a/script.sh +++ b/script.sh @@ -1,11 +1,12 @@ #!/bin/sh -# Pour install l'agent GLPI +# Pour install global GREEN='\033[0;32m' YELLOW='\033[1;33m' +RED='\033[1;31m' NOCOLOR='\033[0m' -echo "${YELLOW} *** ${NOCOLOR} Mise en place des droits" +echo "${YELLOW} *** ${NOCOLOR} Mise en place des droits sur les scripts" echo "${NOCOLOR}" chmod +x ./01-ssh/script.sh >> /dev/null @@ -16,6 +17,10 @@ chmod +x ./05-manageengine/script.sh >> /dev/null chmod +x ./06-snmp/script.sh >> /dev/null chmod +x ./07-DNS/script.sh >> /dev/null chmod +x ./08-NRPE/script.sh >> /dev/null +chmod +x ./09-Firewall/script.sh >> /dev/null +chmod +x ./10-Fail2ban/script.sh >> /dev/null +chmod +x ./11-RemoveService/script.sh >> /dev/null +chmod +x ./12-hardening/script.sh >> /dev/null echo "${YELLOW} *** ${NOCOLOR} Mise en place des droits : ${GREEN} OK" echo "${NOCOLOR}" @@ -74,4 +79,20 @@ echo "${NOCOLOR}" ./08-NRPE/script.sh echo "${YELLOW} *** ${NOCOLOR} Fin du script : NRPE : ${GREEN} OK" +echo "${NOCOLOR}" + +echo "${YELLOW} *** ${NOCOLOR} Lancement du script : Firewall" +echo "${NOCOLOR}" + +./09-Firewall/script.sh + +echo "${YELLOW} *** ${NOCOLOR} Fin du script : Firewall : ${GREEN} OK" +echo "${NOCOLOR}" + +echo "${YELLOW} *** ${NOCOLOR} Lancement du script : Fail2Ban" +echo "${NOCOLOR}" + +./10-Fail2ban/script.sh + +echo "${YELLOW} *** ${NOCOLOR} Fin du script : Fail2Ban : ${GREEN} OK" echo "${NOCOLOR}" \ No newline at end of file