AnnoyingTechnology · July 6, 2024 12:31 · AnnoyingTechnology · May 30, 2018
diff --git a/debian-security-tools.sh b/debian-security-tools.sh
 #!/bin/bash
 # !!!!!!!!!!!!!!!! DISCLAIMER !!!!!!!!!!!!!!!!!!!!!
 # !! THIS WILL NOT SECURE YOUR SYSTEM ON ITS OWN !!
 # !! Most of these tools should be set up and/or !!
 # !!!!!! ran by a cron with proper repporting !!!!!
 # update apt
 apt update
 # rkhunter : rootkit scanner
 apt install rkhunter
 # chkrootkit : another rootkit scanner
 apt install chkrootkit
 # debsums : checksums of system files for sanity checks
 apt install debsums
 # apt-listbugs : check for bugs before updates
 apt install apt-listbugs
 # knockd : open ports on demand
 apt install knockd
 # fail2ban : ban bruforce attacks
 apt install fail2ban
 # needrestart : checks if system needs a restart after updates
 apt install needrestart
 # unattended-upgrades : applies reliable security upgrades on its own
 apt install unattended-upgrades
 # lynis : audits a system for best security practices
 apt install lynis
 # debsecan : list known vulnerabilities for current system
 apt install debsecan
 # auditd : keeps track of users actions/sessions
 apt install auditd
 # iptables-persistent : brings back your iptables rules after a reboot
 apt install iptables-persistent
 # logwatch : generates synthetic log repport, to be sent periodically by email
 apt install logwatch
 # logcheck : report suspicious/unusual log messages by email
 apt install logcheck
 # detect and block portscans (this one is commented out by default, because your server should either
 #    be placed behing a NAT router that only forwards required ports
 #    be running a set of IPTABLES rules that already block all but the required ports
 # apt install portsentry
 # *************************************************
 # this script is only an helper to install the most
 # common/userful security tools for most servers
	#!/bin/bash
	# !!!!!!!!!!!!!!!! DISCLAIMER !!!!!!!!!!!!!!!!!!!!!
	# !! THIS WILL NOT SECURE YOUR SYSTEM ON ITS OWN !!
	# !! Most of these tools should be set up and/or !!
	# !!!!!! ran by a cron with proper repporting !!!!!
	# update apt
	apt update
	# rkhunter : rootkit scanner
	apt install rkhunter
	# chkrootkit : another rootkit scanner
	apt install chkrootkit
	# debsums : checksums of system files for sanity checks
	apt install debsums
	# apt-listbugs : check for bugs before updates
	apt install apt-listbugs
	# knockd : open ports on demand
	apt install knockd
	# fail2ban : ban bruforce attacks
	apt install fail2ban
	# needrestart : checks if system needs a restart after updates
	apt install needrestart
	# unattended-upgrades : applies reliable security upgrades on its own
	apt install unattended-upgrades
	# lynis : audits a system for best security practices
	apt install lynis
	# debsecan : list known vulnerabilities for current system
	apt install debsecan
	# auditd : keeps track of users actions/sessions
	apt install auditd
	# iptables-persistent : brings back your iptables rules after a reboot
	apt install iptables-persistent
	# logwatch : generates synthetic log repport, to be sent periodically by email
	apt install logwatch
	# logcheck : report suspicious/unusual log messages by email
	apt install logcheck
	# detect and block portscans (this one is commented out by default, because your server should either
	# be placed behing a NAT router that only forwards required ports
	# be running a set of IPTABLES rules that already block all but the required ports
	# apt install portsentry
	# *************************************************
	# this script is only an helper to install the most
	# common/userful security tools for most servers