Created
January 13, 2019 19:50
-
-
Save th0mas/30ed0b9fc7fbde0d8e3b5f930e51d337 to your computer and use it in GitHub Desktop.
Ubuntu Security Best Practices
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
""" | |
Python script that implements Ubuntu 16.04 best practices as specified by the | |
CIS Benchmark. Directly edits system files - use with caution haha. | |
Uses code from the CIS Ubuntu Linux Benchmark (v.1.10) | |
https://learn.cisecurity.org/benchmarks | |
""" | |
from subprocess import call as c | |
# Functions | |
def make_change(desc, cmd): | |
if not isinstance(cmd, list): | |
cmd = cmd.split(' ') | |
print("{}...".format(desc), end="", flush=True) | |
if c(cmd) == 0: | |
print("[SUCCESS]") | |
else: | |
print("[FAIL]") | |
# Disable non-crucial services | |
make_change("Disable printing", "systemctl disable cups") | |
make_change("Disable DHCP server", "systemctl disable isc-dhcp-server") | |
make_change("Disable DHCPv6 server", "systemctl disable isc-dhcp-server6") | |
make_change("Disable LDAP server", "systemctl disable slapd") | |
make_change("Disable DNS server", "systemctl disable bind9") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment