nick/RHELSecureSetup
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Update README.

Browse Source
This commit is contained in:
Nick Hepler 2024-10-14 17:07:07 -04:00
parent 0a5f7db930
commit ff8b6eb083
1 changed files with 28 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
README.md
View File

@ -1,25 +1,29 @@
# RHELSecureSetup # RHELSecureSetup: A Bash Script for Securing RHEL-Based Systems
This Bash script is designed for RHEL-based Linux distributions. It automates the process of updating the system, configuring security settings, and optionally installing Docker CE. RHELSecureSetup is a Bash script designed to streamline the process of securing RHEL-based Linux distributions. By automating system updates and security configurations, it helps ensure that your instance is protected from vulnerabilities. This script is inspired by documentation from Akamai (formerly Linode) for [setting up and securing compute instances](https://techdocs.akamai.com/cloud-computing/docs/set-up-and-secure-a-compute-instance).
## Features ## Features
- **System Updates**: Updates the package manager and upgrades installed packages. - **System Updates**: Automatically updates the package manager and upgrades installed packages to their latest versions, ensuring you have the latest security patches.
- **Timezone Configuration**: Sets the system timezone. - **Timezone Configuration**: Sets the system timezone to your desired location.
- **Hostname Change**: Changes the hostname of the machine. - **Hostname Change**: Prompts for and changes the hostname of the machine.
- **Hosts File Update**: Updates the `/etc/hosts` file with the machine's IP address and hostname. - **Hosts File Update**: Updates the `/etc/hosts` file with the machine's IP address and hostname for local resolution.
- **SSH Security Enhancements**: - **SSH Security Enhancements**:
- Disables root login. - Disables root login to prevent unauthorized access.
- Disables password authentication. - Disables password authentication to encourage the use of SSH keys.
- Ensures IPv4 address family is explicitly set. - Ensures IPv4 address family is explicitly set to prevent potential network issues.
- **Optional Docker Installation**: Installs Docker CE using the official installation script. - **Optional Docker Installation**: Installs Docker CE using the official installation script if desired.
## Prerequisites ## Prerequisites
- A RHEL-based Linux distribution (e.g., CentOS, Fedora). - A RHEL-based Linux distribution (e.g., CentOS, Fedora).
- Root access or sudo privileges. - Root access or sudo privileges.
- `dnf` or `yum` package manager. - `dnf` or `yum` package manager.
- `curl` installed (if not present, install it using your package manager). - `curl` installed. If not present, you can install it using:
```bash
sudo dnf install curl
```
## Usage ## Usage
@ -47,15 +51,23 @@ This Bash script is designed for RHEL-based Linux distributions. It automates th
- Provide a username and password for a new limited user account. - Provide a username and password for a new limited user account.
- Optionally, choose whether to install Docker CE at the end of the script. - Optionally, choose whether to install Docker CE at the end of the script.
**Note**: Ensure you understand the changes being made by the script before proceeding.
## Customization ## Customization
- **Time Zone**: Modify the `timezone` variable in the script to set your desired timezone. - **Time Zone**: Modify the `timezone` variable in the script to set your desired timezone. Look for the line that sets the timezone variable and change it accordingly.
- **Hostname**: The script prompts for a hostname during execution, but you can also set a default value in the script. - **Hostname**: The script prompts for a hostname during execution, but you can also set a default value in the script itself.
## License ## License
This project is licensed under the GPL-3.0 License. See the [LICENSE](LICENSE) file for more details. This project is licensed under the [GPL-3.0 License](LICENSE). This means you are free to use, modify, and distribute the code, but you must also share your modifications under the same license.
## Acknowledgments ## Roadmap
- Inspired by documentation from Akamai (formerly Linode) for [setting up and securing compute instances](https://techdocs.akamai.com/cloud-computing/docs/set-up-and-secure-a-compute-instance). - Add configuration for firewall rules using Firewalld.
- Install and configure rules for Fail2ban.
- Create a script for Debian-based distributions.
## Contributing
Contributions are welcome! If you have suggestions or improvements, please feel free to submit a pull request or open an issue.