TuxTron

1. #!/bin/bash
2.  
3.  
4. #VARIABLES FROM SHELL/COMPARASON FOR CHECKS
5. ISUBUNTU="$(lsb_release -si)"
6. ISUBUNTUOUTPUT="Ubuntu"
7. FWOUTPUT="$(ufw status)"
8. FWINACTIVE="Status: inactive"
9. ISSELINUXINSTALLED="$(which selinux)"
10. ISLYNISINSTALLED="$(which lynis)"
11. ISCLAMAVINSTALLED="$(which clamscan)"
12. NMAPINSTALLED="$(which nmap)"
13. GETWANIP="$(dig +short myip.opendns.com @resolver1.opendns.com)"
14.  
15.  
16.  
17. #SHOW BANNER
18. printf "
19. _____        _____              
20. |_   _|      |_   _|              
21.  | |_   ___  _| |_ __ ___  _ __  
22.  | | | | \ \/ / | '__/ _ \| '_ \
23.  | | |_| |>  <| | | | (_) | | | |
24.  \_/\__,_/_/\_\_/_|  \___/|_| |_|
25.                       V 1.0 Alpha
26. Coded by Craig Fox
27. https://www.owasp.org/index.php/User:Mr_Craig_Fox
28. "
29.  
30. #title
31. mytitle="TuxTron V 1.0 Alpha, developed by Craig Fox"
32. echo -e '\033]2;'$mytitle'\007'
33.  
34.  
35. #ENSURE USER IS ROOT
36.  
37. echo -e "\n## Super User Check ##"
38. if [[ $EUID -ne 0 ]]; then
39.    printf "You need sudo powers to run me :P \n\n"
40.    echo "To prevent further issues (ie; if you request to install software/mod files etc)"
41.    echo "while running this script is to run: sudo -s [enter password]"
42.    echo "That will retain a root session then without exiting, then run me: ./TuxTron.sh"
43.    echo "Obvs ensure it has execute permissions!"
44.  
45.    exit 1
46. else echo "User has the power, all good, resuming..."
47. fi
48.  
49. #SOME MISC CHECKS ON SYSTEM
50. echo -e "\n## Miscellaneous Checks ##"
51. echo -e "TARGET MACHINE:\n$(uname -a)"
52. echo -e "LOCAL USERS (REVIEW THESE, SOME WILL BE MADE FROM SERVICES/APPLICATIONS!):\n$(cut -d: -f1 /etc/passwd)"
53.  
54.  
55.  
56.  
57. #CHECK CLAMAV IS INSTALLED AND OFFER TO DO SYSTEM WIDE SCAN
58. echo -e "\n## Anti Virus Check ##"
59. if [ "$ISCLAMAVINSTALLED" == "" ]
60.    then
61.     echo "WARNING: Clamav (anti virus) not installed"
62.     read -r -p "Shall I install it for you? [y/N]:" response
63.      if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]
64.       then
65.        echo "$(apt-get install clamav -y)"
66.         echo -e "\n"
67.         read -r -p "OK, shall I perform a system wide scan and remove infected files? [y/N]:" response
68.             if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]
69.              then
70.               echo "This WILL take a while, so relax, a full anti virus scan in progress..."
71.               echo "$(clamscan -r --remove /)"
72.             fi
73.      fi
74.      
75. else echo "ClamAV found..."
76.             read -r -p "OK, shall I perform a system wide scan and remove infected files? [y/N]:" response
77.             if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]
78.              then
79.               echo "This WILL take a while, so relax, a full anti virus scan in progress..."
80.               echo "$(clamscan -r --remove /)"
81.             fi
82. fi
83.  
84.  
85. #IF ON UBUNTU, PERFORM FIREWALL CHECK
86. echo -e "\n## Firewall Check ##"
87. if [ "$ISUBUNTUOUTPUT" == "$ISUBUNTU" ]
88.  then
89.    if [ "$FWOUTPUT" == "$FWINACTIVE" ]
90.     then
91.       echo "WARNING: Firewall is OFF!"
92.          read -r -p "Shall I enable the firewall for you? [y/N]:" response
93.             if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]
94.              then
95.               echo "$(sudo ufw enable)"
96.               echo "OK sweet, firewall is now enabled"
97.             fi
98.    else echo "Firewall status: ON [GOOD]"
99.    fi
100. else echo "I've noticed you're not on Ubuntu, skipping automated firewall checks"
101.      echo "You can do this manually with: sudo iptables -L"    
102. fi
103.  
104.  
105.  
106. #GET NMAP/SCAN WAN IP
107. echo -e "\n## External ports Check ##"
108. if [ "$NMAPINSTALLED" == "" ]
109.    then
110.     echo "WARNING: nmap not installed, doing it for you..."
111.     echo "$(apt-get install nmap -y)"
112. else echo "nmap already installed"
113. fi
114. echo "Performing scan on common ports"
115. echo "against your WAN IP address: "$GETWANIP" this will take a while"
116. echo "Once done, check and analyse results."
117. echo -e "\n"
118. echo "$(nmap $GETWANIP)"
119.  
120.  
121.  
122. #CHECK SELINUX INSTALL
123. echo -e "\n## SELinux Check ##"
124. if [ "$ISSELINUXINSTALLED" == "" ]
125.    then
126.     echo "WARNING: SELinux not installed, while this may be intentional or not valid for your setup"
127.     echo "please see https://en.wikipedia.org/wiki/Security-Enhanced_Linux for more info."
128. else echo "SELinux is installed [GOOD]"
129. fi
130.  
131.  
132. #CHECK LYNIS
133. echo -e "\n## Lynis Check: https://cisofy.com/documentation/lynis/ ##"
134. if [ "$ISLYNISINSTALLED" == "" ]
135.    then
136.     echo "WARNING: Lynis not installed, getting stable software repos version..."
137.     echo "$(apt-get install lynis -y)"
138. else echo "Lynus is installed [GOOD], performing audit, this may take a minute..."
139. fi
140.  
141. echo "$(lynis audit system --quick --auditor 'TuxTron' --pentest)"
142.  
143. #PERFORM UPDATE/UPGRADE/AUTOREMOVE
144. echo -e "\n## Update/Upgrade/Autoremove check ##\nWait a minute..."
145. echo "$(apt-get update -y && apt-get upgrade -y && apt-get autoremove -y)"
146.  
147. echo -e "\n## FINISHED ##"