Merge pull request #16 from StrangeRanger/dev

Update to every security script

Author: StrangeRanger

auditing/Lynis Installer/CHANGELOG.md

@@ -4,6 +4,15 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## v1.0.7 - 2024-08-15
+
+### Changed
+
+- No longer requires root permission to run the script.
+- Won't download lynis if is already present on the system.
+- Improved syntax of the script.
+- Rename script to `lynis-installer.bash`. 
+
 ## v1.0.6 - 2024-04-13
 
 ### Changed

auditing/Lynis Installer/lynis-installer

@@ -0,0 +1,50 @@
+#!/bin/bash
+#
+# Name: lynis-installer.bash
+#
+# Description:
+#   This script downloads a security auditing tool called Lynis, designed to scan a
+#   system and identify security issues, and provides recommendations on how to better
+#   secure it. Lynis, unless an error is encountered, will always be downloaded to the
+#   user's root directory (/home/USERNAME/).
+#
+# Version: v1.0.7
+# License: MIT License
+#          Copyright (c) 2020-2024 Hunter T. (StrangeRanger)
+#
+########################################################################################
+
+C_YELLOW="$(printf '\033[1;33m')"
+C_GREEN="$(printf '\033[0;32m')"
+C_CYAN="$(printf '\033[0;36m')"
+C_RED="$(printf '\033[1;31m')"
+C_NC="$(printf '\033[0m')"
+C_ERROR="${C_RED}ERROR:${C_NC} "
+C_WARNING="${C_YELLOW}WARNING:${C_NC} "
+
+
+read -rp "We will now download lynis. Press [Enter] to continue."
+
+[[ -d "$HOME/lynis" ]] && {
+    echo "${C_WARNING}Lynis is already downloaded to your system" >&2
+    echo "Current location: '$HOME/lynis'"
+    echo -e "\nExiting..."
+    exit 0
+}
+
+echo "Changing working directory to '$HOME'..."
+cd "$HOME" || {
+    echo "${C_ERROR}Failed to change working directory to '$HOME'" >&2
+    echo "${C_CYAN}Lynis will download to '$PWD'${C_NC}"
+}
+
+echo "Downloading lynis..."
+git clone https://github.com/CISOfy/lynis || {
+    echo "${C_ERROR}Failed to download lynis" >&2
+    echo -e "\nExiting..."
+    exit 1
+}
+
+echo -e "\n${C_GREEN}Lynis has been downloaded to your system"
+echo -e "${C_CYAN}To perform a system scan with lynis, execute the following command" \
+    "in the lynis root directory: sudo ./lynis audit system${C_NC}"

auditing/Lynis Installer/lynis-installer.bash

@@ -4,6 +4,15 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## v1.0.7 - 2024-08-15
+
+### Changed
+
+- Improved error handling.
+- Modify syntax and documentation.
+- Utilizes `usermod -L` to lock the root account.
+- Rename script to `root-locker.bash`.
+
 ## v1.0.6 - 2024-04-13
 
 ### Changed

hardening/Root Locker/CHANGELOG.md

@@ -0,0 +1,40 @@
+#!/bin/bash
+#
+# Name: root-locker.bash
+#
+# Description:
+#   This script locks the root account, preventing users from direct logins as root.
+#
+# Note:
+#   Locking the root account doesn't prevent users from using something like `sudo su`
+#   to gain root access.
+#
+# Version: v1.0.7
+# License: MIT License
+#          Copyright (c) 2020-2024 Hunter T. (StrangeRanger)
+#
+########################################################################################
+
+C_GREEN="$(printf '\033[0;32m')"
+C_RED="$(printf '\033[1;31m')"
+C_NC="$(printf '\033[0m')"
+
+
+## Check if this script was executed with root privilege.
+if [[ $EUID != 0 ]]; then
+    echo "${C_RED}Please run this script as or with root privilege${C_NC}" >&2
+    echo -e "\nExiting..."
+    exit 1
+fi
+
+
+read -rp "We will now disable the root account. Press [Enter] to continue."
+
+echo "Disabling root account..."
+usermod -L root || {
+    echo -e "${C_RED}ERROR:${C_NC} Failed to lock the root account" >&2
+    echo -e "\nExiting..."
+    exit 1
+}
+
+echo -e "\n${C_GREEN}The root account has been locked${C_NC}"

hardening/Root Locker/root-locker

@@ -4,6 +4,22 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## v2.0.0 - 2024-08-15
+
+Complete rewrite of the script. Below are just some of the differences in the new version.
+
+### Added
+
+- Can catch common error signals.
+- Output is now colored to better differentiate between different types of messages.
+
+### Changes
+
+- Improved the script's structure.
+- Improved regex and replacement of sshd configurations.
+- Improved error handling.
+- The script has been renamed to `harden-sshd.bash`.
+
 ## v1.1.2 - 2024-04-13
 
 ### Changed