Quick NIX Secure Script is used to harden and secure basic permissions and ownership on the fly. This script can be used during boot up, cron, bootstrapping, kickstart, jumpstart and during other system deployments. I recommend using CM tools like Puppet or Ansible, but this is still nice.
Many times in (prod)uction world prior admins harden without automation or towards an industry baseline. This is to help get to a point of standardization and quickly set or reset basic system security.
Use before or after app deploymentz. I don't set umasks, so everything should work regardless ^_^
This is influenced from DISA STIGs, ODAA, NSA and NIST/FIPs. This does not enforce towards those baselines, but helps minimize CAT I-III findings.
- RHEL 5-6, Fedora 17-20, Ubuntu 10-13, Solaris 9-10 and OpenSolaris
- root or equivalent
- basic /bin /sbin /usr/bin executables
(Easiest method to get going)
curl -sfO https://raw.githubusercontent.com/marshyski/quick-secure/master/quick-secure && bash quick-secure
(Alternative)
git clone https://github.com/marshyski/quick-secure.git
chmod 0700 ./quick-secure/quick-secure
(Easiest method)
RUN cd / && curl -sfO https://raw.githubusercontent.com/marshyski/quick-secure/master/quick-secure && bash /quick-secure -f
(Alternative method)
ADD quick-secure /quick-secure
RUN bash /quick-secure -f
-c argument reviews what's commented out in quick-secure.
./quick-secure/quick-secure -c
-u argument reviews what's being applied to your current system.
./quick-secure/quick-secure -u
-f argument forces settings without being prompt with "are you sure" question.
./quick-secure/quick-secure -f
Run quick-secure for the first time: ./quick-secure/quick-secure
in CLI.
Setup quick-secure to run every sunday at 11PM via root's cron:
00 23 * * 0 /root/quick-secure/quick-secure -f
You can email ([email protected]) me directly if you need help, submit an issue or pull request. Fork it.
Looking for better hardening for Ubuntu so pull request quick-secure.