Dears,
I made effort on writing script for hardening our systems, hardening is including
- disabling the root login
- setting password complexity and aging
- setting banner
- creating the admin users and add them to same group
- deploying putty public keys for key based login for each user (requires you have the private key in your system)
- distributing the system keys to enable ssh rsa key based login between the Linux systems
- stopping some services like iptables, selinux and starting services like vmware tools for the vmware based systems
required:
- you should have the public putty keys in the same directory with the script, and the should have the same name convention eg. "samir_public_key", and "samir" should be existing in the list of admins "admin_list".
- you should have the private and the public and the private linux keys for linux systems login, eg. "admin3_sys_public_key" and "samir_sys_private_key" respectively.
- you should have the "banner" template
- you should have "sudoers" template
the directory of the script will look like the same:
admin1_public_key admin2_public_key admin3_public_key admin4_public_key admin5_public_key admin6_public_key banner sudoers
admin1_sys_private_key admin2_sys_private_key admin3_sys_private_key admin4_sys_private_key admin5_sys_private_key admin6_sys_private_key admin1_sys_public_key admin2_sys_public_key admin3_sys_public_key admin4_sys_public_key admin5_sys_public_key admin6_sys_public_key harden.sh
BEFORE you run the script be sure that you another user who can access the system, as if you execute it without having you private putty keys you will lock yourself out side the box through ssh login.
please notify me if you think it needs any modifications
