Merge pull request #19 from StrangeRanger/dev

Author: StrangeRanger

auditing/Lynis Installer/CHANGELOG.md

@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## v1.0.8 - 2024-12-20
+
+### Changed
+
+- Improved the colorization of the output text.
+
 ## v1.0.7 - 2024-08-15
 
 ### Changed

auditing/Lynis Installer/lynis-installer.bash

@@ -5,43 +5,48 @@
 # it. Unless an error is encountered, Lynis will always be downloaded to the current
 # user's root directory (`/home/USERNAME/`).
 #
-# Version: v1.0.7
+# Version: v1.0.8
 # License: MIT License
 #          Copyright (c) 2020-2024 Hunter T. (StrangeRanger)
 #
 ########################################################################################
 
 C_YELLOW="$(printf '\033[1;33m')"
 C_GREEN="$(printf '\033[0;32m')"
+C_BLUE="$(printf '\033[0;34m')"
 C_CYAN="$(printf '\033[0;36m')"
 C_RED="$(printf '\033[1;31m')"
 C_NC="$(printf '\033[0m')"
+
+C_SUCCESS="${C_GREEN}==>${C_NC} "
 C_ERROR="${C_RED}ERROR:${C_NC} "
-C_WARNING="${C_YELLOW}WARNING:${C_NC} "
+C_WARNING="${C_YELLOW}==>${C_NC} "
+C_INFO="${C_BLUE}==>${C_NC} "
+C_NOTE="${C_CYAN}==>${C_NC} "
 
 
-read -rp "We will now download lynis. Press [Enter] to continue."
+read -rp "${C_NOTE}We will now download lynis. Press [Enter] to continue."
 
-[[ -d "$HOME/lynis" ]] && {
+if [[ -d "$HOME/lynis" ]]; then
     echo "${C_WARNING}Lynis is already downloaded to your system" >&2
-    echo "Current location: '$HOME/lynis'"
-    echo -e "\nExiting..."
+    echo "${C_NOTE}  Current location: '$HOME/lynis'"
+    echo -e "\n${C_INFO}Exiting..."
     exit 0
-}
+fi
 
-echo "Changing working directory to '$HOME'..."
+echo "${C_INFO}Changing working directory to '$HOME'..."
 cd "$HOME" || {
     echo "${C_ERROR}Failed to change working directory to '$HOME'" >&2
     echo "${C_CYAN}Lynis will download to '$PWD'${C_NC}"
 }
 
-echo "Downloading lynis..."
+echo "${C_INFO}Downloading lynis..."
 git clone https://github.com/CISOfy/lynis || {
     echo "${C_ERROR}Failed to download lynis" >&2
-    echo -e "\nExiting..."
+    echo -e "\n${C_INFO}Exiting..."
     exit 1
 }
 
-echo -e "\n${C_GREEN}Lynis has been downloaded to your system"
-echo -e "${C_CYAN}To perform a system scan with lynis, execute the following command" \
-    "in the lynis root directory: sudo ./lynis audit system${C_NC}"
+echo -e "\n${C_SUCCESS}Lynis has been downloaded to your system"
+echo -e "${C_NOTE}To perform a system scan with lynis, execute the following command" \
+    "in the lynis root directory: sudo ./lynis audit system"

hardening/Root Locker/CHANGELOG.md

@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## v1.0.8 - 2024-12-20
+
+### Changed
+
+- Improved the colorization of the output text.
+
 ## v1.0.7 - 2024-08-15
 
 ### Changed

hardening/Root Locker/root-locker.bash

@@ -2,36 +2,43 @@
 #
 # This script locks the root account, preventing users from directly logging in as root.
 #
-# Note:
+# NOTE:
 #   Locking the root account doesn't prevent users from using something like `sudo su`
 #   to gain root access.
 #
-# Version: v1.0.7
+# Version: v1.0.8
 # License: MIT License
 #          Copyright (c) 2020-2024 Hunter T. (StrangeRanger)
 #
 ########################################################################################
 
 C_GREEN="$(printf '\033[0;32m')"
+C_BLUE="$(printf '\033[0;34m')"
+C_CYAN="$(printf '\033[0;36m')"
 C_RED="$(printf '\033[1;31m')"
 C_NC="$(printf '\033[0m')"
 
+C_SUCCESS="${C_GREEN}==>${C_NC} "
+C_ERROR="${C_RED}ERROR:${C_NC} "
+C_INFO="${C_BLUE}==>${C_NC} "
+C_NOTE="${C_CYAN}==>${C_NC} "
+
 
 ## Check if this script was executed with root privilege.
 if [[ $EUID != 0 ]]; then
-    echo "${C_RED}Please run this script as or with root privilege${C_NC}" >&2
-    echo -e "\nExiting..."
+    echo "${C_ERROR}Please run this script as or with root privilege" >&2
+    echo -e "\n${C_INFO}Exiting..."
     exit 1
 fi
 
 
-read -rp "We will now disable the root account. Press [Enter] to continue."
+read -rp "${C_NOTE}We will now disable the root account. Press [Enter] to continue."
 
-echo "Disabling root account..."
+echo "${C_INFO}Disabling root account..."
 usermod -L root || {
-    echo -e "${C_RED}ERROR:${C_NC} Failed to lock the root account" >&2
-    echo -e "\nExiting..."
+    echo -e "${C_ERROR}Failed to lock the root account" >&2
+    echo -e "\n${C_INFO}Exiting..."
     exit 1
 }
 
-echo -e "\n${C_GREEN}The root account has been locked${C_NC}"
+echo -e "\n${C_SUCCESS}The root account has been locked"

hardening/SSHD Hardening/CHANGELOG.md

@@ -4,6 +4,19 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## v2.0.2 - 2024-12-20
+
+### Changed
+
+- Remove trap for `SIGQUIT`.
+- Move around traps and cases.
+
+## v2.0.1 - 2024-10-30
+
+### Fixed
+
+- Fixed trapping logic and how errors are handled.
+
 ## v2.0.0 - 2024-08-15
 
 Complete rewrite of the script. Below are just some of the differences in the new version.

hardening/SSHD Hardening/harden-sshd.bash

@@ -2,11 +2,14 @@
 #
 # This script hardens the ssh server by modifying its configuration file, 'sshd_config'.
 #
-# Note:
+# NOTE:
 #   These configurations align with the recommendations of the security auditing tool
 #   known as Lynis (https://github.com/CISOfy/lynis).
 #
-# Version: v2.0.0
+# TODO:
+#   - Impliment functionality to revert changes if the script fails.
+#
+# Version: v2.0.2
 # License: MIT License
 #          Copyright (c) 2020-2024 Hunter T. (StrangeRanger)
 #
@@ -33,7 +36,7 @@ readonly C_ERROR="${C_RED}ERROR:${C_NC} "
 readonly C_INFO="${C_BLUE}==>${C_NC} "
 readonly C_NOTE="${C_CYAN}==>${C_NC} "
 
-# Associative array containing the configuration settings for sshd_config.
+# Associative array containing the configuration settings for 'sshd_config'.
 declare -A C_SSHD_CONFIG=(
     ["LogLevel"]="VERBOSE"
     ["LogLevelRegex"]='^#?LogLevel\s+.*$'
@@ -79,31 +82,37 @@ readonly C_SSHD_CONFIG
 
 
 ####
-# Cleanly exit the script.
+# Exit the script and display a message based on the exit code.
 #
 # PARAMETERS:
 #   - $1: exit_code (Required)
-#       - The exit code to exit the script with.
 clean_exit() {
     local exit_code="$1"
 
+    # Unset the EXIT trap to prevent re-entry.
+    trap - EXIT
+
     case "$exit_code" in
-        0)   exit 0 ;;
-        1)   echo "" ;;
-        130) echo -e "\n${C_WARNING}User interrupt detected" ;;
-        *)   echo -e "\n${C_RED}==>${C_NC} Exiting with code: $exit_code" ;;
+        0) ;;
+        1) echo "" ;;
+        129) echo -e "\n${C_WARNING}Hangup signal detected (SIGHUP)" ;;
+        130) echo -e "\n${C_WARNING}User interrupt detected (SIGINT)" ;;
+        143) echo -e "\n${C_WARNING}Termination signal detected (SIGTERM)" ;;
+        *) echo -e "\n${C_WARNING}Exiting with code: $exit_code" ;;
     esac
 
-    echo -e "${C_INFO}Exiting..."
+    echo "Exiting..."
     exit "$exit_code"
 }
 
 
 ####[ Trapping Logic ]##################################################################
 
 
-# Catch some of the most common signals.
-trap 'clean_exit $?' EXIT INT TERM HUP QUIT ERR
+trap 'clean_exit 129' SIGHUP
+trap 'clean_exit 130' SIGINT
+trap 'clean_exit 143' SIGTERM
+trap 'clean_exit $?'  EXIT
 
 
 ####[ Prepping ]########################################################################
@@ -129,7 +138,7 @@ fi
 read -rp "${C_NOTE}We will now harden sshd. Press [Enter] to continue."
 
 ###
-### [ Backup 'sshd_config' ]
+### [ Back up 'sshd_config' ]
 ###
 
 if [[ -f $C_CONFIG_FILE_BAK ]]; then

hardening/UFW Cloudflare/ufw-cloudflare.bash

@@ -2,7 +2,7 @@
 #
 # Sets up UFW to only allow HTTP and HTTPS traffic from Cloudflare's IP ranges.
 #
-# Version: v1.0.0-beta.1
+# Version: v1.0.0-beta.2
 # License: MIT License
 #          Copyright (c) 2024 Hunter T. (StrangeRanger)
 #
@@ -139,10 +139,14 @@ cleanup() {
 }
 
 
-####[ Trap Logic ]######################################################################
+####[ Trapping Logic ]##################################################################
 
 
-trap cleanup EXIT
+trap 'clean_exit 130' SIGINT
+trap 'clean_exit 143' SIGTERM
+trap 'clean_exit 129' SIGHUP
+trap 'clean_exit 131' SIGQUIT
+trap 'clean_exit $?'  EXIT
 
 
 ####[ Main ]############################################################################