TuxTron - Secure your distro

Here is where you can post tips and tricks to share with other users of MX. Do not ask for help in this Forum.
Forum rules
Post Reply
Message
Author
Foxy

TuxTron - Secure your distro

#1 Post by Foxy »

I'm a newbie here so hi

I've literally just last night install mx linux which unbeknown to me was on the dodgy kernel, so after scratching my head many times and eventually landing on here on my phone, I finally was able to fix the issue by installing the latest 5.2.8-antix.1-amd64-smp which resolved everything, now it runs like sh*t off a shiny shovel yay. Then I had the absolute nightmare of getting my WiFi to work, the Realtek Semiconductor Co., Ltd. Device d723 essentially the WiFi card is a new Wireless/Blutooth combo one and was a pain to get it going trust me but all good now - anyway I digress...

Being a big fan of video games, IT Security, AI and Linux a while back I started coding a bash script to help you easily secure your Linux distro (debian focused). so below is the code hope it helps:

Screenshot:
https://i.ibb.co/2jfVg1Q/Screenshot.png


Code: Select all

#!/bin/bash


#VARIABLES FROM SHELL/COMPARASON FOR CHECKS
ISUBUNTU="$(lsb_release -si)"
ISUBUNTUOUTPUT="Ubuntu"
FWOUTPUT="$(ufw status)"
FWINACTIVE="Status: inactive"
ISSELINUXINSTALLED="$(which selinux)"
ISLYNISINSTALLED="$(which lynis)"
ISCLAMAVINSTALLED="$(which clamscan)"
NMAPINSTALLED="$(which nmap)"
GETWANIP="$(dig +short myip.opendns.com @resolver1.opendns.com)"



#SHOW BANNER
printf "
 _____        _____               
|_   _|      |_   _|              
  | |_   ___  _| |_ __ ___  _ __  
  | | | | \ \/ / | '__/ _ \| '_ \ 
  | | |_| |>  <| | | | (_) | | | |
  \_/\__,_/_/\_\_/_|  \___/|_| |_| 
                       V 1.0 Alpha
Coded by Craig Fox
https://www.owasp.org/index.php/User:Mr_Craig_Fox 
"

#title
mytitle="TuxTron V 1.0 Alpha, developed by Craig Fox"
echo -e '\033]2;'$mytitle'\007'


#ENSURE USER IS ROOT

echo -e "\n## Super User Check ##"
if [[ $EUID -ne 0 ]]; then
   printf "You need sudo powers to run me :P \n\n"
   echo "To prevent further issues (ie; if you request to install software/mod files etc)"
   echo "while running this script is to run: sudo -s [enter password]"
   echo "That will retain a root session then without exiting, then run me: ./TuxTron.sh"
   echo "Obvs ensure it has execute permissions!"
  
   exit 1
else echo "User has the power, all good, resuming..."
fi

#SOME MISC CHECKS ON SYSTEM
echo -e "\n## Miscellaneous Checks ##"
echo -e "TARGET MACHINE:\n$(uname -a)"
echo -e "LOCAL USERS (REVIEW THESE, SOME WILL BE MADE FROM SERVICES/APPLICATIONS!):\n$(cut -d: -f1 /etc/passwd)"




#CHECK CLAMAV IS INSTALLED AND OFFER TO DO SYSTEM WIDE SCAN
echo -e "\n## Anti Virus Check ##"
if [ "$ISCLAMAVINSTALLED" == "" ]
   then
    echo "WARNING: Clamav (anti virus) not installed"
    read -r -p "Shall I install it for you? [y/N]:" response
     if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]
      then
       echo "$(apt-get install clamav -y)"
        echo -e "\n"
        read -r -p "OK, shall I perform a system wide scan and remove infected files? [y/N]:" response
            if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]] 
             then
              echo "This WILL take a while, so relax, a full anti virus scan in progress..."
              echo "$(clamscan -r --remove /)"
            fi
     fi
     
else echo "ClamAV found..."
            read -r -p "OK, shall I perform a system wide scan and remove infected files? [y/N]:" response
            if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]] 
             then
              echo "This WILL take a while, so relax, a full anti virus scan in progress..."
              echo "$(clamscan -r --remove /)"
            fi
fi


#IF ON UBUNTU, PERFORM FIREWALL CHECK
echo -e "\n## Firewall Check ##"
if [ "$ISUBUNTUOUTPUT" == "$ISUBUNTU" ] 
 then
   if [ "$FWOUTPUT" == "$FWINACTIVE" ] 
    then
      echo "WARNING: Firewall is OFF!"
         read -r -p "Shall I enable the firewall for you? [y/N]:" response
            if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]] 
             then
              echo "$(sudo ufw enable)"
              echo "OK sweet, firewall is now enabled"
            fi
   else echo "Firewall status: ON [GOOD]"
   fi
else echo "I've noticed you're not on Ubuntu, skipping automated firewall checks"
     echo "You can do this manually with: sudo iptables -L"     
fi



#GET NMAP/SCAN WAN IP
echo -e "\n## External ports Check ##"
if [ "$NMAPINSTALLED" == "" ]
   then
    echo "WARNING: nmap not installed, doing it for you..."
    echo "$(apt-get install nmap -y)"
else echo "nmap already installed"
fi
echo "Performing scan on common ports"
echo "against your WAN IP address: "$GETWANIP" this will take a while"
echo "Once done, check and analyse results."
echo -e "\n"
echo "$(nmap $GETWANIP)"



#CHECK SELINUX INSTALL
echo -e "\n## SELinux Check ##"
if [ "$ISSELINUXINSTALLED" == "" ]
   then
    echo "WARNING: SELinux not installed, while this may be intentional or not valid for your setup"
    echo "please see https://en.wikipedia.org/wiki/Security-Enhanced_Linux for more info."
else echo "SELinux is installed [GOOD]"
fi


#CHECK LYNIS
echo -e "\n## Lynis Check: https://cisofy.com/documentation/lynis/ ##"
if [ "$ISLYNISINSTALLED" == "" ]
   then
    echo "WARNING: Lynis not installed, getting stable software repos version..."
    echo "$(apt-get install lynis -y)"
else echo "Lynus is installed [GOOD], performing audit, this may take a minute..."
fi

echo "$(lynis audit system --quick --auditor 'TuxTron' --pentest)"

#PERFORM UPDATE/UPGRADE/AUTOREMOVE
echo -e "\n## Update/Upgrade/Autoremove check ##\nWait a minute..."
echo "$(apt-get update -y && apt-get upgrade -y && apt-get autoremove -y)"

echo -e "\n## FINISHED ##"


Mod note: screenshot changed to link, please mind remote linked image sizes: viewtopic.php?f=133&t=48374
Top
Post Reply

Return to “Tips & Tricks by users”