Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- {
- #v14 enviormental variables added
- #HM 10/4/2017
- l=$(grep "^UID_MIN" /etc/login.defs)
- l1=$(grep "^UID_MAX" /etc/login.defs)
- UUID=$(blkid | grep ext4 | grep -o '".*"' | sed 's/\ .*/ /')
- hacking_tools=(logkeys keylogger freeviv-server keysniffer uber vlogger vuze deluge torrent tixati frostwire ophcrack medusa RainbowCrack wfuzz brutus LOphtCrack fgdump hydra john aircrack abel ksimet inssider kismac netstumbler weplab airjack nmap superscan hping scapy nemesis socat splunk nagios pof ngrep wireshark ettercap dsniff etherape paros fiddler ratproxy slsstrip aide netfilter skipfish wapiti w3af helix sleuth maltego encase gdb tor OpenVPN snort netcop metasploit sqlmap sqlninja netsparker beef nessus openvas nipper retina qualysguard nexpose burp steam webscarab websecurify nikto w3af )
- pack=(samba chromium apache2 nfs-util postgresql telnet postfix openvpn php5 perl wine mysql-server xinetd vsftp exim4 nginx rpcbind openssh-server mongodb MariaDB samba-server bind9 dovecot vnc4server tightvncserver gcc cc )
- root=$(awk -F: '($3 == "0") {print}' /etc/passwd)
- awk -F':' -v "min=${l##UID_MIN}" -v "max=${l1##UID_MAX}" '{ if ( $3 >= min && $3 <= max ) print $0}' /etc/passwd | awk -F':' '{print $1}' > /tmp/users
- grep '^sudo:.*$' /etc/group | cut -d: -f4 > /tmp/admns
- tr , '\n' < /tmp/admns > /tmp/admins
- if [ "$(uname -a| grep Ubuntu)" ]; then
- os="Ubuntu"
- else
- os="Debian"
- fi
- echo "$os operating system detected..."
- sleep 1;
- echo "Enter all valid STANDARD users:"
- sleep 1;
- nano /tmp/authorized_users
- echo "Enter all valid ADMINS:"
- sleep 1;
- nano /tmp/authorized_admins
- cat /tmp/authorized_users /tmp/authorized_admins > /tmp/allusers
- userz=$(grep -Fxvf /tmp/allusers /tmp/users)
- adminz=$(grep -Fxvf /tmp/authorized_admins /tmp/admins)
- rm /tmp/admns
- echo "Badboy users: " >> ~/report
- grep -Fxvf /tmp/allusers /tmp/users >> ~/report
- for i in ${userz[@]}; do
- deluser $i
- done
- echo "Badboy admins:" >> ~/report
- grep -Fxvf /tmp/authorized_admins /tmp/admins >> ~/report
- for i in ${adminz[@]}; do
- deluser $i sudo
- done
- mkdir /backups
- mkdir /prison
- killall -9 dpkg
- update-manager
- apt-get update
- ########################### DEFINING FUNCTIONS #####################################
- declare -a options=( change_passwords configure_ufw secure_crontab secure_sysctl secure_ssh secure_sudoers secure_logdefs secure_fstab )
- change_passwords() {
- echo "Changing all passwords to thebomb.com1234!"
- sed 's/$/:thebomb.com1234!/' /tmp/allusers > /tmp/passwords
- cat /tmp/passwords | /usr/sbin/chpasswd
- echo "Changing root password"
- passwd -u root
- echo "root:thebomb.com1234!" | chpasswd
- }
- configure_ufw() {
- echo "Configuring ufw"
- apt-get install ufw
- ufw enable
- echo "Ufw rules... " >> ~/report
- ufw status >> ~/report
- echo "" >> ~/report
- }
- secure_grub() {
- echo "Securing Grub, enter boot password:"
- grub-mkpasswd-pbkdf2 | tee /tmp/hash
- grubhash="$(cat /tmp/hash | sed 's/^[^:]*is //'| tail -n+3)"
- echo "set superusers=root" >> /etc/grub.d/40_custom
- echo "password_pbkdf2 root $grubhash" >> /etc/grub.d/40_custom
- grub-update
- }
- secure_crontab() {
- crontabs="$(ls /etc/cron.d/* /var/spool/cron/* /etc/crontab)"
- for crontab in ${crontabs[@]}
- do
- echo "" > $crontab
- done
- }
- secure_sysctl() {
- cp /etc/sysctl.conf /backups
- cat > /etc/sysctl.conf <<'EOF'
- # Controls IP packet forwarding
- net.ipv4.ip_forward = 0
- # Controls source route verification
- net.ipv4.conf.default.rp_filter = 1
- # Do not accept source routing
- net.ipv4.conf.default.accept_source_route = 0
- # Controls the System Request debugging functionality of the kernel
- kernel.sysrq = 0
- # Controls the use of TCP syncookies
- #net.ipv4.tcp_syncookies = 1
- net.ipv4.tcp_synack_retries = 2
- ########## IPv4 networking start ##############
- # Send redirects, if router, but this is just server
- net.ipv4.conf.all.send_redirects = 0
- net.ipv4.conf.default.send_redirects = 0
- # Accept packets with SRR option? No
- net.ipv4.conf.all.accept_source_route = 0
- # Accept Redirects? No, this is not router
- net.ipv4.conf.all.accept_redirects = 0
- net.ipv4.conf.all.secure_redirects = 0
- # Log packets with impossible addresses to kernel log? yes
- net.ipv4.conf.all.log_martians = 1
- net.ipv4.conf.default.accept_source_route = 0
- net.ipv4.conf.default.accept_redirects = 0
- net.ipv4.conf.default.secure_redirects = 0
- # Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast
- net.ipv4.icmp_echo_ignore_broadcasts = 1
- net.ipv4.tcp_syncookies = 1
- # Enable source validation by reversed path, as specified in RFC1812
- net.ipv4.conf.all.rp_filter = 1
- net.ipv4.conf.default.rp_filter = 1
- net.ipv6.conf.default.router_solicitations = 0
- # Accept Router Preference in RA?
- net.ipv6.conf.default.accept_ra_rtr_pref = 0
- # Learn Prefix Information in Router Advertisement
- net.ipv6.conf.default.accept_ra_pinfo = 0
- # Setting controls whether the system will accept Hop Limit settings from a router advertisement
- net.ipv6.conf.default.accept_ra_defrtr = 0
- #router advertisements can cause the system to assign a global unicast address to an interface
- net.ipv6.conf.default.autoconf = 0
- #how many neighbor solicitations to send out per address?
- net.ipv6.conf.default.dad_transmits = 0
- # How many global unicast IPv6 addresses can be assigned to each interface?
- net.ipv6.conf.default.max_addresses = 1
- ########## IPv6 networking ends ##############
- #Enable ExecShield protection
- kernel.exec-shield = 1
- kernel.randomize_va_space = 1
- #net.ipv4.tcp_window_scaling = 1
- # increase system file descriptor limit
- fs.file-max = 65535
- #Allow for more PIDs
- kernel.pid_max = 65536
- #Increase system IP port limits
- net.ipv4.ip_local_port_range = 2000 65000
- EOF
- sysctl -p
- }
- secure_ssh() {
- echo "Editing ssh..."
- cp /etc/ssh/sshd_config /backups
- cat > /etc/ssh/sshd_config <<EOF
- # Package generated configuration file
- # See the sshd_config(5) manpage for details
- # What ports, IPs and protocols we listen for
- Port 22
- # Use these options to restrict which interfaces/protocols sshd will bind to
- #ListenAddress ::
- #ListenAddress 0.0.0.0
- Protocol 2
- # HostKeys for protocol version 2
- HostKey /etc/ssh/ssh_host_rsa_key
- HostKey /etc/ssh/ssh_host_dsa_key
- HostKey /etc/ssh/ssh_host_ecdsa_key
- HostKey /etc/ssh/ssh_host_ed25519_key
- #Privilege Separation is turned on for security
- UsePrivilegeSeparation yes
- # Lifetime and size of ephemeral version 1 server key
- KeyRegenerationInterval 3600
- ServerKeyBits 1024
- # Logging
- SyslogFacility AUTH
- LogLevel INFO
- # Authentication:
- LoginGraceTime 120
- PermitRootLogin no
- StrictModes yes
- RSAAuthentication yes
- PubkeyAuthentication yes
- #AuthorizedKeysFile %h/.ssh/authorized_keys
- # Don't read the users ~/.rhosts and ~/.shosts files
- IgnoreRhosts yes
- # For this to work you will also need host keys in /etc/ssh_known_hosts
- RhostsRSAAuthentication no
- # similar for protocol version 2
- HostbasedAuthentication no
- # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
- #IgnoreUserKnownHosts yes
- # To enable empty passwords, change to yes (NOT RECOMMENDED)
- PermitEmptyPasswords no
- # Change to yes to enable challenge-response passwords (beware issues with
- # some PAM modules and threads)
- ChallengeResponseAuthentication no
- #GSSAPICleanupCredentials yes
- X11Forwarding no
- X11DisplayOffset 10
- PrintMotd no
- PrintLastLog yes
- TCPKeepAlive yes
- #UseLogin no
- #MaxStartups 10:30:60
- #Banner /etc/issue.net
- # Allow client to pass locale environment variables
- AcceptEnv LANG LC_*
- Subsystem sftp /usr/lib/openssh/sftp-server
- UsePAM yes
- EOF
- }
- secure_sudoers() {
- echo "Editing sudoers file..."
- cp /etc/sudoers /backups
- cat > /etc/sudoers <<EOF
- #
- # This file MUST be edited with the 'visudo' command as root.
- #
- # Please consider adding local content in /etc/sudoers.d/ instead of
- # directly modifying this file.
- #
- # See the man page for details on how to write a sudoers file.
- #
- Defaults env_reset
- Defaults mail_badpass
- Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
- # Host alias specification
- # User alias specification
- # Cmnd alias specification
- # User privilege specification
- root ALL=(ALL:ALL) ALL
- # Allow members of group sudo to execute any command
- %sudo ALL=(ALL:ALL) ALL
- EOF
- }
- secure_logdefs() {
- echo "Editing login.defs..."
- cp /etc/login.defs /backups
- cat > /etc/login.defs <<EOF
- MAIL_DIR /var/mail
- FAILLOG_ENAB yes
- LOG_UNKFAIL_ENAB yes
- LOG_OK_LOGINS yes
- SYSLOG_SU_ENAB yes
- SYSLOG_SG_ENAB yes
- FTMP_FILE /var/log/btmp
- SU_NAME su
- HUSHLOGIN_FILE .hushlogin
- ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
- TTYGROUP tty
- TTYPERM 0600
- ERASECHAR 0177
- KILLCHAR 025
- UMASK 022
- PASS_MAX_DAYS 90
- PASS_MIN_DAYS 10
- PASS_WARN_AGE 7
- UID_MIN 1000
- UID_MAX 60000
- SYS_UID_MIN 100
- SYS_UID_MAX 999
- GID_MIN 1000
- GID_MAX 60000
- SYS_GID_MIN 100
- SYS_GID_MAX 999
- LOGIN_RETRIES 3
- LOGIN_TIMEOUT 60
- CHFN_RESTRICT rwh
- DEFAULT_HOME yes
- USERGROUPS_ENAB yes
- ENCRYPT_METHOD SHA512
- EOF
- }
- secure_fstab() {
- cp /etc/fstab/ /backups
- echo UUID="$UUID / ext4 errors=remount-ro 0 1" > /etc/fstab
- echo "tmpfs /run/shm tmpfs ro,noexec,nosuid,nodev 0 0" >> /etc/fstab
- }
- echo "Creating ~/megalist"
- find /etc /var /root /bin /home /pub /media /opt -xdev >> ~/megalist
- dpkg --list >> ~/megalist
- dpkg --list >> ~/pack
- echo "Identifying Services"
- echo "Services: " >> ~/report
- for i in ${pack[@]}; do
- if ! [ "$( grep -w $i ~/pack)" == "" ];then
- echo "$i" possibly "installed" >> ~/report
- fi
- done
- echo "Identifying Hacking Tools"
- echo "Hacking tools & Other Things : " >> ~/report
- for i in ${hacking_tools[@]}; do
- if ! [ "$(grep -w $i ~/megalist)" == "" ]; then
- echo $i maybe installed >> ~/report ; apt-get remove $i
- fi
- done
- if [ -e /etc/prelink.conf ]; then
- prelink -ua
- apt-get remove prelink
- echo prelink installed >> ~/report
- fi
- echo "Possibly Bad Files: " >> ~/report
- if [ -e /etc/vsftpd.conf ] ; then
- echo "vsftpd found"
- grep -rnw -e "password" -e "card" -e "boss" -e "hey" -e "hack" -e "personal" -e ".*\.mp3$" ".*\.m4b$" -e -e ".*\.mp4$" -e ".*\.mov$" -e ".*\.tar.gz$" -e ".*\.avi$" /srv
- fi
- echo "Possibly Bad Files: "
- grep -rlin --exclude-dir={.mozilla,.cache,.config} -e "passsword" -e "card" -e "boss" -e "hey" -e "personal" -e "hack" /var/www /home >> ~/report
- apt-get remove netcat-openbsd tcpdump
- if [ -e /bin/nc ]; then
- echo "Hashing netcat..."
- export nchash=$(md5sum /bin/nc | cut -f1 -d" ")
- fi
- if [ -e /bin/nc.traditional ]; then
- echo "Hashing netcat..."
- export tradhash=$(md5sum /bin/nc | cut -f1 -d" ")
- fi
- echo "Setting permissions..."
- chmod 0700 /etc/rc*
- chmod 0700 /etc/init.d*
- chmod 0700 /etc/sysctl.conf
- chmod 644 /etc/passwd
- chown root:root /boot/grub/grub.cfg
- chmod og-rwx /boot/grub/grub.cfg
- chown root:root /etc/passwd
- chown root:root /etc/sudoers
- chown root:shadow /etc/shadow
- chown root:root /etc/group
- chmod 644 /etc/group
- chmod -R 0444 /var/www/html/
- chmod 644 /etc/fstab
- chmod 400 /etc/shadow
- chmod 02750 /bin/su
- sudo dpkg-statoverride --update --add root sudo 4750 /bin/su
- clear
- rm '/etc/security/limits.d/*'
- cp /etc/security/limits.conf /backups
- echo "* hard core 0" >> /etc/security/limits.conf
- cat /etc/shadow | awk -F: '($2 == "" ) { print $1 " does not have a password "}' >> ~/report
- echo "" >> ~/report
- echo "Checking for UID of 0..."
- echo "Following line should only be root" >> ~/report
- [ "$root" != "root:x:0:0:root:/root:/bin/bash" ] && (echo "POSSIBLE UID OF 0!" >> ~/report | echo $"root" >> ~/report )
- echo "Finding world writable files.."
- echo "All world writeable files" >> ~/report
- find /etc /var /root /home -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print >> ~/report
- echo "Finding no user files...."
- echo "No user files" >> ~/report
- echo $(find /home /etc /var /dev -xdev \( -nouser -o -nogroup \) -print) >> ~/report
- echo "Removing netcat and installing auidit"
- apt-get remove netcat*
- apt-get install libpam-cracklib
- apt-get install auiditd
- auditctl –e 1
- reset
- apt-get autoremove
- echo "" >> ~/report
- echo "Looking for netcat copies"
- location="$(find ${PATH//:/ } -maxdepth 1 -executable)"
- for binary in ${location[@]}
- do
- if ! [ -d "$binary" ]; then
- if [ "$(md5sum $binary | cut -f1 -d" " )" == "$nchash" ] || [ "$(md5sum $binary | cut -f1 -d" " )" == "$tradhash" ] ;then
- mv "$binary" /prison
- echo "$binary is netcat, imprsioned" >> ~/report
- killall -9 "$binary"
- fi
- fi
- done
- if [ -e /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf ] ;then
- echo "Disabling guest..."
- echo "allow-guest=false" >> /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf
- echo "Guest Disabled" >> ~/report
- fi
- apt-get install clamav
- apt-get install rkhunter
- freshclam
- rkhunter --check
- echo "Finding Media Files..."
- echo "Media files:" >> ~/report
- grep -e ".*\.mp3$" -e ".*\.mp4$" -e ".*\.mov$" -e ".*\.tar.gz$" -e ".*\.avi$" -e ".*\.torrent$" -e ".*\.exe$" ~/megalist >> ~/report
- echo "order bind,hosts" >> /etc/host.conf
- echo "nospoof on" >> /etc/host.conf
- sudo dmesg -n 1
- cat > /etc/modprobe.d/CIS.conf <<EhOF
- install cramfs /bin/true
- install freevxfs /bin/true
- install jffs2 /bin/true
- install hfs /bin/true
- install hfsplus /bin/true
- install squashfs /bin/true
- install udf /bin/true
- install vfat /bin/true
- EhOF
- if [ "$(dpkg --list | grep -i php)" != "" ]; then
- echo "PHP found"
- echo "PHP security report: >> ~/report"
- phpconf=$(php -i | grep -i '/php.ini' | awk -F'> ' '{ print $NF }')
- if [ -e /etc/php.d/sqlite3.ini ];then
- mv /etc/php.d/sqlite3.ini /etc/php.d/sqlite3.disable
- fi
- function secure_php() {
- read -r -p "Run secure_php in active mode? y/n" php_response
- case "$php_response" in
- [yY][eE][sS]|[yY])
- php_status = true
- echo "running in active mode"
- ;;
- *)
- php_status = false
- echo "running in passive mode"
- ;;
- esac
- cp $phpconf /backups
- i=i
- export line=$(awk '/disable_funct/{print NR; exit $1}' $1 )
- if [ $line != "" ]; then
- export linewi="$line$i"
- sed -i '/disable_func/d' $1
- sed -i "$linewi\disable_functions=exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source" $1
- fi
- declare -A arr=( ["upload_max_filesize"]="1m" ["post_max_size"]="1k" ["max_execution_time"]="30" ["max_input_time"]="30" ["memory_limit"]="40m" ["expose_php"]="off" ["display_errors"]="off" ["log_errors"]="on" ["cgi.force_redirect"]="on" ["magic_quotes_gpc"]="on" ["sql.safe_mode"]="on" ["allow_url_include"]="off" ["file_uploads"]="off" ["allow_url_include"]="off" )
- for key in "${!arr[@]}"; do
- if [ "$(grep "$key" $1)" != "" ] && [ "$(grep "$key" $1 | grep -i ${arr[${key}]})" == "" ] || [ "$( grep "$key" $1 | grep "#" )" != "" ];then
- echo "${key} not set correctly in $1" | tee -a ~/report
- if [ "$php_status" = true ]; then
- badline=$(grep -n "$key" $phpconf | grep "="| awk -F ":" '{print $1}')
- sed -i '$badline d' $phpconf
- ex -sc '3i|${key}=${arr[${key}]}' -cx $phpconf
- fi
- fi
- done
- }
- secure_php $phpconf
- if [ -e /etc/php.d/security.ini ]; then
- cp /etc/php.d/security.ini /backups
- secure_php /etc/php.d/security.ini
- fi
- fi
- if [ -e /etc/vsftpd.conf ]; then
- echo "VSFTP found..."
- cp /etc/vsftpd.conf /backups
- echo "vsftp report: " >> ~/report
- echo "ssl cert generated for you at /etc/vsftpd.pem " >> ~/report
- openssl req -x509 -days 365 -newkey rsa:2048 -nodes -keyout /etc/vsftpd.pem -out /etc/vsftpd.pem
- declare -A ftp=( ["anonymous_enable="]="=no" ["local_enable="]="=yes" ["chroot_local_user="]="=yes" ["xferlog_enable="]="=yes" ["anon_max_rate="]="=30000" ["local_max_rate="]="=30000" ["idle_session_timeout="]="=300" ["max_per_ip="]="=50" )
- for key in "${!ftp[@]}:"; do
- if [ "$(grep "$key" /etc/vsftpd.conf)" == "" ] || [ "$(grep "$key" /etc/vsftpd.conf | grep -i "${ftp[${key}]}")" == "" ] || [ "$(grep "$key" /etc/vsftpd.conf| grep "#" )" != "" ];then
- echo "${key} not set correctly in /etc/vsftpd.conf" | tee -a ~/report
- fi
- done
- fi
- echo "Configuring Pam..."
- cp /etc/pam.d/common-password /backups
- cat > /etc/pam.d/common-password <<EOF
- password requisite pam_cracklib.so retry=3 minlen=8 difok=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1
- password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512 minlen=8 remember=5
- password requisite pam_deny.so
- password required pam_permit.so
- # and here are more per-package modules (the "Additional" block)
- password optional pam_gnome_keyring.so
- # end of pam-auth-update config
- EOF
- cp /etc/pam.d/common-auth /backups
- cat > /etc/pam.d/common-auth <<EOF
- #
- # /etc/pam.d/common-auth - authentication settings common to all services
- #
- # here are the per-package modules (the "Primary" block)
- auth [success=1 default=ignore] pam_unix.so nullok_secure
- # here's the fallback if no module succeeds
- auth requisite pam_deny.so
- auth required pam_permit.so
- # and here are more per-package modules (the "Additional" block)
- auth optional pam_cap.so
- # end of pam-auth-update config
- auth required pam_tally2.so deny=5 onerr=fail unlock_time=1800
- EOF
- ###start prouse###
- prousemain () {
- for i in ${allusers[@]}; do
- echo "typeset -r TMOUT=900(15 minutes = 900 seconds)" >> $(getent passwd $i | cut -d: -f6)/.bashrc
- chattr +a $(getent passwd $i | cut -d: -f6)/.bash_history
- chattr +i $(getent passwd $i | cut -d: -f6)/.bash_history
- done
- chmod 0700 /etc/profile
- chmod 0700 /etc/hosts.allow
- chmod 0700 /etc/mtab
- chmod 0700 /etc/utmp
- chmod 0700 /var/adm/wtmp
- if [ $? > 0 ]; then
- chmod 0700 /var/log/wtmp
- fi
- chmod 0700 /etc/syslog.pid
- if [ $? > 0 ]; then
- chmod 0700 /var/run/syslog.pid
- fi
- chmod 0700 /etc/sysctl.conf
- chmod 0700 /etc/inittab
- apache2ports() {
- if [ -d /etc/apache2 ]; then
- echo "###Start Apache2 Report###" >> ~/apache2report
- if [ -e /etc/apache2/ports.conf ]; then
- if [ "$(cat /etc/apache2/ports.conf | grep -i "Listen")" == "" ]; then
- echo "Apache2 isn't listening at all!" >> ~/apache2apache2report
- fi
- if [ "$(cat /etc/apache2/ports.conf | grep -i "Listen" | grep -i "Listen 80")" == "" ]; then
- echo "Apache2 isn't listening on port 443 (This may be okay)" >> ~/apache2report
- fi
- badports="$(cat /etc/apache2/ports.conf | grep -i "Listen" | grep -i "Listen" | sed -e 's/Listen 443//g;s/Listen 80//g' | sed -e 's/Listen//g')"
- echo "Apache2 is running on these unauthorized ports: $badports" >> ~/apache2report
- fi
- if [ -e /etc/apache2/envvars ]; then
- cp /etc/apache2/envvars /backups/envvars.bak
- cat > /etc/apache2/envvars <<EOF
- unset HOME
- if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then
- SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}"
- else
- SUFFIX=
- fi
- export APACHE_RUN_USER=www-data
- export APACHE_RUN_GROUP=www-data
- export APACHE_PID_FILE=/var/run/apache2$SUFFIX/apache2.pid
- export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
- export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
- export APACHE_LOG_DIR=/var/log/apache2$SUFFIX
- export LANG=C
- export LANG
- EOF
- # sed -i 's/.*export APACHE_RUN_USER.*/export APACHE_RUN_USER=www-data/g' && echo "Apache2 runuser set to www-data" >> ~/apache2report
- # sed -i 's/.*export APACHE_RUN_GROUP.*/export APACHE_RUN_GROUP=www-data/g' && echo "Apache2 rungroup set to www-data" >> ~/apache2report
- fi
- if [ -e /etc/apache2/apache2.conf ]; then
- cp /etc/apache2/apache2.conf /backups/apache2.conf.bak
- sed -i 's/KeepAlive On/ KeepAlive Off/g' /etc/apache2/apache2.conf && echo "KeepAlive Off" >> /etc/apache2/apache2.conf && echo "KeepAlive changed to Off" >> ~/apache2report
- sed -i 's/.*Timeout.*/Timeout 300/g' /etc/apache2/apache2.conf && echo "Timeout changed to 300" >> ~/apache2report
- sed -i 's/.*MaxKeepAliveRequests.*/MaxKeepAliveRequests 100/g' /etc/apache2/apache2.conf && echo "MaxKeepAliveRequests changed to 100" >> ~/apache2report
- sed -i 's/.*KeepAliveTimeout.*/KeepAliveTimeout 5/g' /etc/apache2/apache2.conf && echo "KeepAliveTimeout set to 5" >> ~/apache2report
- sed -i 's/.*HostnameLookups.*/HostnameLookups Off/g' /etc/apache2/apache2.conf && echo "HostnameLookups set to Off" >> ~/apache2report
- sed -i 's/.*LogLevel.*/LogLevel warn/g' /etc/apache2/apache2.conf && echo "LogLevel set to warn" >> ~/apache2report
- ##thislinedoesntwork## sed -i 's/.*Options FollowSymlinks.*/Options -FollowSymLinks/' /etc/apache2/apache2.conf && sed -i 's/.*Options Indexes FollowSymLinks.*/Options Indexes -FollowSymLinks/g' /etc/apache2/apache2.con$
- echo "Include ports.conf" >> /etc/apache2/apache2.conf && echo "Apache2 reads ports.conf" >> ~/apache2report
- fi
- fi
- }
- apache2ports
- }
- prousemain
- ###end prouse###
- if [ "$(echo $PATH)" != "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games" ]; then
- echo "PATH variable mishap" >> ~/report
- echo "$PATH">> ~/report
- if [ "$(cat /etc/environment)" != "PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"" ]; then
- cp /etc/environment /backups
- echo "PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"" > /etc/environment
- source /etc/environment && export PATH
- fi
- fi
- netstat -tulpn | grep LISTEN >> ~/report
- for i in ${options[@]}; do
- read -r -p "Do want to $i? [y/N] " response
- case "$response" in
- [yY][eE][sS]|[yY])
- $i
- ;;
- *)
- echo "Cancelling $i"
- ;;
- esac
- done
- echo "|||| Done: created file '~/report' and file backups in '/backups' ||||"
- }2>|tee ~/comp_errors.log
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement