Update

10-Fail2ban/jail.local

@@ -0,0 +1,7 @@
+[sshd]
+enabled = true
+port = 2222
+filter = sshd
+logpath = /var/log/auth.log
+maxretry = 3
+bantime = 3600

10-Fail2ban/script.sh

@@ -16,5 +16,16 @@ apt install -y fail2ban >> /dev/null
 echo "${YELLOW} * ${NOCOLOR} Installation composant : ${GREEN} OK"
 echo "${NOCOLOR}"
 
+cp 10-Fail2ban/jail.local /etc/fail2ban/jail.local >> /dev/null
+
+echo "${YELLOW} * ${NOCOLOR} Relance de service"
+echo "${NOCOLOR}"
+
+systemctl enable fail2ban
+systemctl start fail2ban
+
+echo "${YELLOW} * ${NOCOLOR} Relance de service : ${GREEN} OK"
+echo "${NOCOLOR}"
+
 echo "${YELLOW} ** ${NOCOLOR} Fin du script : 10-Fail2Ban"
 echo "${NOCOLOR}"

11-RemoveService/script.sh

@@ -0,0 +1,22 @@
+#!/bin/sh
+# Pour la configuration Remove Service
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NOCOLOR='\033[0m'
+
+echo "${YELLOW} ** ${NOCOLOR} Début du script : 11-Remove Service"
+echo "${NOCOLOR}"
+
+systemctl list-unit-files --state=enabled
+
+echo "${YELLOW} * ${NOCOLOR} Arret du service : "
+echo "${NOCOLOR}"
+
+# systemctl disable service_name
+# systemctl stop service_name
+
+echo "${YELLOW} * ${NOCOLOR} Arret du service :  : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} ** ${NOCOLOR} Fin du script : 11-Remove Service"
+echo "${NOCOLOR}"

12-hardening/limits.conf

@@ -0,0 +1,3 @@
+* hard core 0
+* soft nproc 1000
+* hard nproc 2000

12-hardening/script.sh

@@ -0,0 +1,18 @@
+#!/bin/sh
+# Pour la configuration Hardening
+
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NOCOLOR='\033[0m'
+
+echo "${YELLOW} ** ${NOCOLOR} Début du script : 12-Hardening"
+echo "${NOCOLOR}"
+
+cp 12-hardening/sysctl.conf /etc/sysctl.conf >> /dev/null
+
+sysctl -p
+
+cp 12-hardening/limits.conf /etc/security/limits.conf >> /dev/null
+
+echo "${YELLOW} ** ${NOCOLOR} Fin du script : 12-Hardening"
+echo "${NOCOLOR}"

12-hardening/sysctl.conf

@@ -0,0 +1,12 @@
+# Protection contre les attaques de type spoofing
+net.ipv4.conf.all.rp_filter=1
+net.ipv4.conf.default.rp_filter=1
+
+# Désactivation du routage IP
+net.ipv4.ip_forward=0
+
+# Protection contre les attaques SYN flood
+net.ipv4.tcp_syncookies=1
+
+# Ignorer les pings
+net.ipv4.icmp_echo_ignore_all=1

README.md

@@ -55,8 +55,12 @@ Installation du paramétrage nrpe
 
 ## 09-Firewall
 
+Installation du Firewall + paramétrage
+
 ## 10-Fail2Ban
 
+Installation du Faild2Ban + paramétrage
+
 # 3. Update
 
 Depuis un terminal, Aller dans le dossier.

script.sh

@@ -1,11 +1,12 @@
 #!/bin/sh
-# Pour install l'agent GLPI
+# Pour install global
 
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
+RED='\033[1;31m'
 NOCOLOR='\033[0m'
 
-echo "${YELLOW} *** ${NOCOLOR} Mise en place des droits"
+echo "${YELLOW} *** ${NOCOLOR} Mise en place des droits sur les scripts"
 echo "${NOCOLOR}"
 
 chmod +x ./01-ssh/script.sh >> /dev/null
@@ -16,6 +17,10 @@ chmod +x ./05-manageengine/script.sh >> /dev/null
 chmod +x ./06-snmp/script.sh >> /dev/null
 chmod +x ./07-DNS/script.sh >> /dev/null
 chmod +x ./08-NRPE/script.sh >> /dev/null
+chmod +x ./09-Firewall/script.sh >> /dev/null
+chmod +x ./10-Fail2ban/script.sh >> /dev/null
+chmod +x ./11-RemoveService/script.sh >> /dev/null
+chmod +x ./12-hardening/script.sh >> /dev/null
 
 echo "${YELLOW} *** ${NOCOLOR} Mise en place des droits : ${GREEN} OK"
 echo "${NOCOLOR}"
@@ -74,4 +79,20 @@ echo "${NOCOLOR}"
 ./08-NRPE/script.sh
 
 echo "${YELLOW} *** ${NOCOLOR} Fin du script : NRPE : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} *** ${NOCOLOR} Lancement du script : Firewall"
+echo "${NOCOLOR}"
+
+./09-Firewall/script.sh
+
+echo "${YELLOW} *** ${NOCOLOR} Fin du script : Firewall : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} *** ${NOCOLOR} Lancement du script : Fail2Ban"
+echo "${NOCOLOR}"
+
+./10-Fail2ban/script.sh
+
+echo "${YELLOW} *** ${NOCOLOR} Fin du script : Fail2Ban : ${GREEN} OK"
 echo "${NOCOLOR}"