CICA/CISS.2024.vps.bookworm.hardening.testing
1
0
Fork 0
Code Pull Requests Activity
CISS.2024.vps.bookworm.hard.../lib/mod/do_add_alias.lib
marc.weidner cf304f1394
ML5.0.128
2024-08-01 19:06:49 +01:00

92 lines
3.7 KiB
Bash
Raw Permalink Blame History

#!/bin/bash
###########################################################################################
# Debian Bookworm VPS Hardening Setup Script V5.0.128.2024.07.24 #
###########################################################################################
# Copyright (c) 2019 - 2024, Marc Weidner, Centurion Intelligence Consulting Agency #
# https://coresecret.eu/ #
# Licensed under the EUROPEAN UNION PUBLIC LICENCE v. 1.2 https://eupl.eu/1.2/en/ #
###########################################################################################
# https://keys.openpgp.org/vks/v1/by-fingerprint/A6D46A56AE17A185AB0F6DB77095A8A13CBE0FA3 #
# Fingerprint A6D4 6A56 AE17 A185 AB0F 6DB7 7095 A8A1 3CBE 0FA3 ## valid till: 01.01.2031 #
###########################################################################################
# Module: exdo_add_alias #
###########################################################################################
# shellcheck disable=SC2129 disable=SC2162
set -o errexit # Exit if a command fails.
set -o nounset # Exit if an unset variable is used.
set -o pipefail # Exit if a pipeline fails.
set -o noclobber # Prevent output redirection ">", ">&", "<>" from overwriting existing files.
set +o history # Temporarily turn off history, to avoid sensitive information leakage.
exdo_add_alias() {
clear
date >>"$LOG_INS"
echo -e "\033[33m++++ ++++ ++++ ++++ ++++ ++++ ++ Adding alias shortcuts - ...\033[0m" | tee -a "$LOG_INS"
###########################################################################################
# Remarks: root #
###########################################################################################
cat <<EOF >/root/.bash_alias
alias cysd='echo "selectdata -a -v" | chronyc'
alias cyss='echo "sourcestats -a -v" | chronyc'
alias cytr='echo "tracking -a -v" | chronyc'
alias f2ball='fail2ban-client status'
alias f2bufw='fail2ban-client status ufw'
alias jboot='journalctl --boot=0'
alias lsadt='lynis audit system'
alias rsban='systemctl restart fail2ban'
alias rsweb='systemctl restart nginx apache2 php8.3-fpm redis'
alias sas='systemd-analyze security'
alias ssf='systemctl status --failed'
alias syse='systemctl edit'
alias sysp='sysctl -p /etc/sysctl.d/99-local.hardened'
alias whatpurge='dpkg --get-selections | grep deinstall'
EOF
cat <<EOF >>~/.bashrc
##### Added by hardening.sh: exdo_add_alias #####
source /root/.bash_alias
EOF
if [[ "$ZSH_INST" = "Yes" ]]; then
cat <<EOF >>~/.zshrc
##### Added by hardening.sh: exdo_add_alias #####
source /root/.bash_alias
EOF
fi
###########################################################################################
# Remarks: sudoer user #
###########################################################################################
if [ "$ADDUSER" = "Yes" ]; then
cp -a /root/.bash_alias /home/"$USERNAME"/.bash_alias
chown "$USERNAME":"$USERNAME" /home/"$USERNAME"/.bash_alias
chmod 0660 /home/"$USERNAME"/.bash_alias
cat <<EOF >>/home/"$USERNAME"/.bashrc
##### Added by hardening.sh: exdo_add_alias #####
source /home/$USERNAME/.bash_alias
EOF
if [[ "$ZSH_INST" = "Yes" ]]; then
cat <<EOF >>/home/"$USERNAME"/.zshrc
##### Added by hardening.sh: exdo_add_alias #####
source /home/$USERNAME/.bash_alias
EOF
fi
fi
date >>"$LOG_INS"
echo -e "\033[32m++++ ++++ ++++ ++++ ++++ ++++ ++ Adding alias shortcuts - done\033[0m" | tee -a "$LOG_INS"
sleep "$SLEEPTIMER"
clear
}
View Git Blame Copy Permalink