-
Notifications
You must be signed in to change notification settings - Fork 0
/
07.firewall_and_audit.sh
executable file
·29 lines (23 loc) · 1007 Bytes
/
07.firewall_and_audit.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
#!/usr/bin/env bash
#########################################################################
# ~- Debian 11 baseline hardening -~ #
# This script installs firewall and lynis to audit the system as part #
# of D116 baseline hardening guide by bkaskar #
# Author: bkaskar #
#########################################################################
if [ "$EUID" -ne 0 ]
then echo "Please run as root and from baseline dir"
exit
fi
echo "Removing certain packages to further reduce threat surface"
apt -y remove -qq bluetooth busybox wpasupplicant xxd
apt -y autoremove
echo "Installing audit scanning tools"
apt -y install -qq ufw lynis debsecan
echo "Enabling local firewall"
ufw default allow outgoing && \
ufw default deny incoming && \
ufw allow ssh && \
ufw status
ufw enable
echo "After installing Falcon Agent, please \"restart\" the system and run \"lynis audit system\""