177 lines
4.4 KiB
Bash
177 lines
4.4 KiB
Bash
#!/bin/bash
|
|
# =============================================================================
|
|
# Common functions and variables for security hardening
|
|
# =============================================================================
|
|
|
|
# Colors for output
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[0;33m'
|
|
BLUE='\033[0;34m'
|
|
PURPLE='\033[0;35m'
|
|
CYAN='\033[0;36m'
|
|
GRAY='\033[0;37m'
|
|
NC='\033[0m' # No Color
|
|
|
|
# Date format
|
|
DATE_FORMAT=$(date +"%Y-%m-%d")
|
|
TIMESTAMP_FORMAT=$(date +"%Y-%m-%d %H:%M:%S")
|
|
|
|
# Log file
|
|
LOG_FILE="/var/log/security-hardening.log"
|
|
|
|
# Backup directory
|
|
BACKUP_DIR="/root/security-backup-${DATE_FORMAT}"
|
|
|
|
# Function to create necessary directories
|
|
create_directories() {
|
|
mkdir -p "$BACKUP_DIR"
|
|
touch "$LOG_FILE"
|
|
chmod 600 "$LOG_FILE"
|
|
}
|
|
|
|
# Function to log MESSAGEs
|
|
log_message() {
|
|
local LEVEL="$1"
|
|
local MESSAGE="$2"
|
|
local TIMESTAMP=$(date +"%Y-%m-%d %H:%M:%S")
|
|
|
|
# Log to file
|
|
echo "$TIMESTAMP [$LEVEL] $MESSAGE" >> "$LOG_FILE"
|
|
|
|
# Display to console with colors
|
|
case "$LEVEL" in
|
|
"INFO")
|
|
echo -e "${BLUE}[$LEVEL]${NC} $MESSAGE"
|
|
;;
|
|
"WARNING")
|
|
echo ""
|
|
echo -e "${YELLOW}[$LEVEL]${NC} $MESSAGE"
|
|
echo
|
|
;;
|
|
"ERROR")
|
|
echo ""
|
|
echo -e "${RED}[$LEVEL]${NC} $MESSAGE"
|
|
echo
|
|
;;
|
|
"SUCCESS")
|
|
echo ""
|
|
echo -e "${GREEN}[$LEVEL]${NC} $MESSAGE"
|
|
echo
|
|
;;
|
|
"SERVICE")
|
|
echo ""
|
|
echo -e "${CYAN}[$LEVEL]${NC} $MESSAGE"
|
|
echo
|
|
;;
|
|
*)
|
|
echo "[$LEVEL] $MESSAGE"
|
|
;;
|
|
esac
|
|
}
|
|
|
|
# Function to back up a file before modifying
|
|
backup_file() {
|
|
local FILE="$1"
|
|
|
|
if [ -f "$FILE" ]; then
|
|
local BACKUP_PATH="$BACKUP_DIR$(dirname "$FILE")"
|
|
mkdir -p "$BACKUP_PATH"
|
|
cp -p "$FILE" "$BACKUP_PATH/" 2>/dev/null
|
|
|
|
if [ $? -eq 0 ]; then
|
|
log_message "INFO" "Backed up $FILE to $BACKUP_PATH/"
|
|
return 0
|
|
else
|
|
log_message "ERROR" "Failed to back up $FILE"
|
|
return 1
|
|
fi
|
|
else
|
|
log_message "WARNING" "File $FILE does not exist, no backup needed"
|
|
return 0
|
|
fi
|
|
}
|
|
|
|
# Function to display a progress bar
|
|
show_progress() {
|
|
local CURRENT="$1"
|
|
local TOTAL="$2"
|
|
local PERCENTAGE=$((current * 100 / total))
|
|
local PROGRESS=$((percentage / 2))
|
|
|
|
printf "\r[%-50s] %d%%" "$(printf '%0.s#' $(seq 1 $PROGRESS))" "$PERCENTAGE"
|
|
}
|
|
|
|
# Function to run a module
|
|
run_module() {
|
|
local MODULE="$1"
|
|
local DESCRIPTION="$2"
|
|
|
|
# Increment step counter
|
|
((CURRENT_STEP++))
|
|
|
|
echo
|
|
echo -e "${PURPLE}[$CURRENT_STEP/$TOTAL_STEPS] ${CYAN}$DESCRIPTION${NC}"
|
|
echo -e "${GRAY}$(printf '=%.0s' $(seq 1 80))${NC}"
|
|
|
|
# Source and run the module
|
|
if [ -f "$SCRIPT_DIR/modules/$MODULE.sh" ]; then
|
|
source "$SCRIPT_DIR/modules/$MODULE.sh"
|
|
show_progress "$CURRENT_STEP" "$TOTAL_STEPS"
|
|
else
|
|
log_MESSAGE "ERROR" "Module $module.sh not found"
|
|
show_progress "$CURRENT_STEP" "$TOTAL_STEPS"
|
|
fi
|
|
}
|
|
|
|
# Function to display a banner
|
|
display_banner() {
|
|
clear
|
|
echo -e "${GREEN}"
|
|
echo " _ _ _ _ _ "
|
|
echo " | | (_)_ __ _ ___ _ | |__ __ _ _ __| |_ ___ _ __ (_)_ __ __ _ "
|
|
echo " | | | | '_ \| | | \ \/ / | '_ \ / _ \| '__| __/ _ \ '_ \| | '_ \ / _ \`| "
|
|
echo " | |___| | | | | |_| |> < | | | | (_| | | | || __/ | | | | | | | (_| | "
|
|
echo " |_____|_|_| |_|\__,_/_/\_\ |_| |_|\__,_|_| \__\___|_| |_|_|_| |_|\__, | "
|
|
echo " |___/ "
|
|
echo -e "${NC}"
|
|
echo -e "${CYAN}Security Hardening Script for Debian/Ubuntu Systems${NC}"
|
|
echo -e "${CYAN}Version: ${VERSION}${NC}"
|
|
echo -e "${GRAY}$(printf '=%.0s' $(seq 1 80))${NC}"
|
|
echo
|
|
}
|
|
|
|
# Function to display OS information
|
|
display_os_info() {
|
|
local OS_NAME=$(grep -E "^NAME=" /etc/os-release | cut -d= -f2 | tr -d '"')
|
|
local OS_VERSION=$(grep -E "^VERSION=" /etc/os-release | cut -d= -f2 | tr -d '"')
|
|
local KERNEL_VERSION=$(uname -r)
|
|
|
|
log_message "INFO" "Operating System: $OS_NAME $OS_VERSION"
|
|
log_message "INFO" "Kernel Version: $KERNEL_VERSION"
|
|
echo
|
|
}
|
|
|
|
# Function to check if command exists
|
|
command_exists() {
|
|
command -v "$1" >/dev/null 2>&1
|
|
}
|
|
|
|
# Function to check if package is installed
|
|
is_package_installed() {
|
|
dpkg -l "$1" | grep -q "^ii" >/dev/null 2>&1
|
|
}
|
|
|
|
# Function to check if a service is running
|
|
service() {
|
|
systemctl $1 $2 || handle_error "test"
|
|
|
|
log_message "SERVICE" "Action : $1 for service : $2 successfully"
|
|
}
|
|
|
|
# Fonction pour la gestion des erreurs
|
|
handle_error() {
|
|
log "${RED} - Erreur : $1 ${NOCOLOR}"
|
|
|
|
exit 1
|
|
} |