Skip to content

v0.2.0 — apply-hardening.sh

Choose a tag to compare

View all tags
@cainepavl cainepavl released this 18 May 23:17
· 5 commits to main since this release
v0.2.0
6a10e0d

What's New

apply-hardening.sh — companion remediation script

Run this after the audit to automatically apply the most common fixes:

sudo bash apply-hardening.sh

Applies 4 hardening steps in order:

  1. Kernel sysctl — writes /etc/sysctl.d/99-hardening.conf with ~15 hardened parameters and applies them live via sysctl --system (no reboot needed)
  2. SSH hardening — sets PermitRootLogin no, MaxAuthTries 3, X11Forwarding no; validates with sshd -t before restarting
  3. Password & lockout policyminlen = 14 (pwquality), deny = 5 (faillock)
  4. Unnecessary services — disables cups, cups-browsed, avahi-daemon, bluetooth

Safe to re-run (idempotent). Creates timestamped backups before every edit.

ShellCheck

Both scripts verified clean — zero warnings across vulnScan.sh and apply-hardening.sh.

Full Changelog

v0.1.0...v0.2.0

Assets 2
Loading