<a href="https://colab.research.google.com/github/Maddrobot/codespace/blob/main/Untitled3.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

In [None]:
#!/bin/bash

# Update and upgrade system packages
echo "Updating and upgrading system packages..."
# Update System
sudo apt-get update && sudo apt-get upgrade -y

# Install and configure firewall
echo "Installing UFW (Uncomplicated Firewall)..."
sudo apt install ufw -y
echo "Configuring UFW to deny incoming and allow outgoing connections by default..."
sudo ufw default deny incoming
sudo ufw default allow outgoing
echo "Enabling UFW..."
sudo ufw default deny routed

sudo ufw allow 9200/tcp
sudo ufw allow 5601/tcp
sudo ufw allow 5044/tcp

sudo ufw enable

# Install and Configure Firewall (iptables example)
sudo apt-get install iptables -y

# Default policies: drop all incoming, allow all outgoing
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT ACCEPT

# Protect against SYN flood attacks
echo "net.ipv4.tcp_syncookies = 1" | sudo tee -a /etc/sysctl.conf
# Ignore ICMP broadcast requests to prevent SMURF attacks
echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" | sudo tee -a /etc/sysctl.conf
# Disable source packet routing to prevent traffic redirection
echo "net.ipv4.conf.all.accept_source_route = 0" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

# Allow established connections (important for web browsing, etc.)
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

# Allow loopback access
sudo iptables -A INPUT -i lo -j ACCEPT

# Allow SSH (adjust the port if you use a non-standard one)
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

sudo iptables -A INPUT -p tcp --dport 9200 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 5601 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 5044 -j ACCEPT

sudo apt-get install iptables-persistent -y
# Save the iptables rules
sudo iptables-save > /etc/iptables/rules.v4

sudo ufw default deny routed
sudo ufw enable

# Install Fail2Ban
echo "Installing Fail2Ban..."
sudo apt install fail2ban -y
echo "Configuring Fail2Ban with default settings..."
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

# Configure Fail2Ban
cat <<EOT >> /etc/fail2ban/jail.local
[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 3

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 3600
EOT

# Restart Fail2Ban to apply changes
sudo systemctl restart fail2ban

# Enforce strong password policies
echo "Enforcing strong password policies..."
# (Add specific commands based on the Linux distribution)

sudo systemctl restart fail2ban

# Harden SSH settings
echo "Hardening SSH settings..."
sudo sed -i 's/#Port 22/Port 2222/' /etc/ssh/sshd_config
sudo sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config
sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo systemctl restart sshd

# Install ClamAV for malware scanning
echo "Installing ClamAV for malware scanning..."
sudo apt install clamav clamav-daemon -y
echo "Updating ClamAV database..."
sudo freshclam
echo "Scheduling daily ClamAV scan..."
# (Add cron job or systemd timer for daily scans)

# Disable unused services
echo "Disabling unused services..."
# (Add commands to disable specific unused services)

echo "Security setup complete. Please review the configurations and adjust as necessary."

sudo apt install unattended-upgrades apt-listchanges -y
sudo dpkg-reconfigure -plow unattended-upgrades

sudo apt install rkhunter -y
sudo rkhunter --update
sudo rkhunter --propupd # Initialize the database
sudo rkhunter -c # Run a check

sudo apt install lynis -y
sudo lynis audit system

# For Suricata
sudo apt-get install suricata -y
# Configure Suricata for your network.

# For Snort
sudo apt-get install snort -y
# Configure Snort rules and monitoring interfaces.


#!/bin/bash

# Your existing script contents here...

# Programmatically edit Suricata configuration
INTERFACE=$(ip -br addr show | grep -E "en|eth" | awk '{print $1}' | head -n 1)
HOME_NET=$(ip addr show $interface | grep "inet " | awk '{print $2}' | cut -d/ -f1)

echo "Configuring Suricata HOME_NET and interface..."
sudo sed -i "s#HOME_NET: \"\[.*\]\"#HOME_NET: \"[$HOME_NET]\"#g" /etc/suricata/suricata.yaml
sudo sed -i "/af-packet:/,/interface:/s/interface: .*/interface: $INTERFACE/" /etc/suricata/suricata.yaml

# Update Suricata rules
echo "Updating Suricata rules..."
sudo suricata-update

# Install necessary packages
sudo apt-get install apt-transport-https openjdk-11-jdk wget curl gnupg2 -y

# Import the Elasticsearch PGP Key
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

# Add Elasticsearch source list
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list

# Install Elasticsearch
sudo apt-get update && sudo apt-get install elasticsearch -y

# Enable and start Elasticsearch service
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl start elasticsearch.service

# Install Logstash
sudo apt-get install logstash -y

# Enable and start Logstash service
sudo systemctl enable logstash.service
sudo systemctl start logstash.service

# Install Kibana
sudo apt-get install kibana -y

# Enable and start Kibana service
sudo systemctl enable kibana.service
sudo systemctl start kibana.service

# Regularly check for and install software updates
echo "0 3 * * * root apt-get update && apt-get upgrade -y" >> /etc/crontab

# Reminder for manual steps
echo "Please remember to configure Content Security Policy (CSP) headers for your web applications to protect against XSS attacks."
echo "After installation and starting all services, you can access Kibana by navigating to http://your_server_ip:5601 in your web browser."

echo "Security setup complete. Please review the configurations and adjust as necessary."

# Optional: Install ModSecurity for web server protection (if you're hosting any web services)
# sudo apt-get install libapache2-mod-security2 -y
# sudo a2enmod security2

# Apply ModSecurity recommended default settings (adjust for your specific web server if not using Apache)
# cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
# sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/modsecurity/modsecurity.conf


In [None]:
#!/bin/bash











# Reminder: This script covers basic configurations. Review and adjust firewall rules and Fail2Ban settings as per your specific requirements.

echo "Security setup is complete. Please review configurations and adjust as necessary."


# Browser Security Enhancements
# Note: Browser configurations and extensions installation may require manual steps
echo "For browser security enhancements, manually disable JavaScript in the browser settings."
echo "Consider using browser extensions like NoScript (for Firefox) or ScriptSafe (for Chrome) to whitelist JavaScript execution for trusted sites only."


echo "Security setup complete. System is now more secure against JavaScript injections and other threats."


# New Section