JShielder v2.4 – Hardening Script For Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark G

JSHielder is an Open Source Bash Script advanced to assist SysAdmin and builders protected there Linux Servers by which they are going to be deploying any internet utility or products and services. This software automates the method of putting in all of the essential programs to host a internet utility and Hardening a Linux server with little interplay from the consumer. Newly added script follows CIS Benchmark Guidance to determine a Secure configuration posture for Linux programs.

far flung get right of entry to ^(https://www.kitploit.com/search/label/Remote%20Access) in your server is finished unique out of your native laptop and no Conventional password

  • Configures, Optimize and secures the SSH Server (Some Settings Following CIS Benchmark)
  • Configures IPTABLES Rules to offer protection to the server from not unusual assaults
  • Disables unused FileSystems and Network protocols
  • Protects the server in opposition to Brute Force ^(https://www.kitploit.com/search/label/Brute%20Force) assaults by means of putting in a configuring fail2ban
  • Installs and Configure Artillery as a Honeypot, Monitoring, Blocking and Alerting software
  • Installs PortSentry
  • Install, configure, and optimize MySQL
  • Install the Apache Web Server
  • Install, configure and protected PHP
  • Secure Apache by way of configuration document and with set up of the Modules ModSecurity, ModEvasive, Qos and SpamHaus
  • Secures NginX with the Installation of ModSecurity ^(https://www.kitploit.com/search/label/ModSecurity) NginX module
  • Installs RootPackage Hunter
  • Secures Root Home and Grub Configuration Files
  • Installs Unhide to assist Detect Malicious Hidden Processes
  • Installs Tiger, A Security Auditing and Intrusion Prevention ^(https://www.kitploit.com/search/label/Intrusion%20Prevention) machine
  • Restrict Access to Apache Config Files
  • Disables Compilers
  • Creates Daily Cron activity for System Updates
  • Kernel Hardening by way of sysctl configuration File (Tweaked)
  • /tmp Directory Hardening
  • PSAD IDS set up
  • Enables Process Accounting
  • Enables Unattended Upgrades
  • MOTD and Banners for Unauthorized get right of entry to
  • Disables USB Support for Improved Security (Optional)
  • Configures a Restrictive Default UMASK
  • Configures and allows Auditd
  • Configures Auditd laws following CIS Benchmark
  • Sysstat set up
  • ArpWatch set up
  • Additional Hardening steps following CIS Benchmark
  • Secures Cron
  • Automates the method of environment a GRUB Bootloader Password
  • Secures Boot Settings
  • Sets Secure File Permissions for Critical System Files
  • #NEW!!
    • LEMP Deployment with ModSecurity

    CIS Benchmark JShielder Script Added

    • Separate Hardening Script Following CIS Benchmark Guidance https://www.cisecurity.org/benchmark/ubuntu_linux/ ^(https://www.cisecurity.org/benchmark/ubuntu_linux/)

    To Run the software
    ./jshielder.sh
    As the Root consumer

    Issues
    Having Problems, please open a New Issue for JShielder on Github.

    Distro Availability

    • Ubuntu Server 16.04LTS
    • Ubuntu Server 18.04LTS

    ChangeLog
    v2.4 Added LEMP Deployment with ModSecurity
    v2.3 More Hardening steps Following some CIS Benchmark pieces for LAMP Deployer
    v2.2.1 Removed suhosing set up on Ubuntu 16.04, Fixed MySQL Configuration, GRUB Bootloader Setup serve as, Server IP now download by way of ip course not to depend on interface naming
    v2.2 Added new Hardening choice following CIS Benchmark Guidance
    v2.1 Hardened SSH Configuration, Tweaked Kernel Security Config, Fixed iptables laws now not loading on Boot. Added auditd, sysstat, arpwatch set up.
    v2.0 More Deployment Options, Selection Menu, PHP Suhosin set up, Cleaner Code,
    v1.0 – New Code
    Developed by means of Jason Soto
    https://www.jasonsoto.com ^(https://www.jasonsoto.com/)
    https://github.com/jsitech ^(https://github.com/jsitech)
    Twitter = @JsiTech ^(http://www.twitter.com/JsiTech)

    Download JShielder ^(https://github.com/Jsitech/JShielder)