AnnoyingTechnology/debian-security-tools.sh

## debian-security-tools.sh
#!/bin/bash
# !!!!!!!!!!!!!!!! DISCLAIMER !!!!!!!!!!!!!!!!!!!!!
# !! THIS WILL NOT SECURE YOUR SYSTEM ON ITS OWN !!
# !! Most of these tools should be set up and/or !!
# !!!!!! ran by a cron with proper repporting !!!!!
# update apt
apt update
# rkhunter : rootkit scanner
apt install rkhunter
# chkrootkit : another rootkit scanner
apt install chkrootkit
# debsums : checksums of system files for sanity checks
apt install debsums
# apt-listbugs : check for bugs before updates
apt install apt-listbugs
# knockd : open ports on demand
apt install knockd
# fail2ban : ban bruforce attacks
apt install fail2ban
# needrestart : checks if system needs a restart after updates
apt install needrestart
# unattended-upgrades : applies reliable security upgrades on its own
apt install unattended-upgrades
# lynis : audits a system for best security practices
apt install lynis
# debsecan : list known vulnerabilities for current system
apt install debsecan
# auditd : keeps track of users actions/sessions
apt install auditd
# iptables-persistent : brings back your iptables rules after a reboot
apt install iptables-persistent
# logwatch : generates synthetic log repport, to be sent periodically by email
apt install logwatch
# logcheck : report suspicious/unusual log messages by email
apt install logcheck
# detect and block portscans (this one is commented out by default, because your server should either
#    be placed behing a NAT router that only forwards required ports
#    be running a set of IPTABLES rules that already block all but the required ports
# apt install portsentry
# *************************************************
# this script is only an helper to install the most
# common/userful security tools for most servers
	#!/bin/bash
	# !!!!!!!!!!!!!!!! DISCLAIMER !!!!!!!!!!!!!!!!!!!!!
	# !! THIS WILL NOT SECURE YOUR SYSTEM ON ITS OWN !!
	# !! Most of these tools should be set up and/or !!
	# !!!!!! ran by a cron with proper repporting !!!!!
	# update apt
	apt update
	# rkhunter : rootkit scanner
	apt install rkhunter
	# chkrootkit : another rootkit scanner
	apt install chkrootkit
	# debsums : checksums of system files for sanity checks
	apt install debsums
	# apt-listbugs : check for bugs before updates
	apt install apt-listbugs
	# knockd : open ports on demand
	apt install knockd
	# fail2ban : ban bruforce attacks
	apt install fail2ban
	# needrestart : checks if system needs a restart after updates
	apt install needrestart
	# unattended-upgrades : applies reliable security upgrades on its own
	apt install unattended-upgrades
	# lynis : audits a system for best security practices
	apt install lynis
	# debsecan : list known vulnerabilities for current system
	apt install debsecan
	# auditd : keeps track of users actions/sessions
	apt install auditd
	# iptables-persistent : brings back your iptables rules after a reboot
	apt install iptables-persistent
	# logwatch : generates synthetic log repport, to be sent periodically by email
	apt install logwatch
	# logcheck : report suspicious/unusual log messages by email
	apt install logcheck
	# detect and block portscans (this one is commented out by default, because your server should either
	# be placed behing a NAT router that only forwards required ports
	# be running a set of IPTABLES rules that already block all but the required ports
	# apt install portsentry
	# *************************************************
	# this script is only an helper to install the most
	# common/userful security tools for most servers