PublicMirrors/vps-audit
1
0
Fork 0
mirror of https://github.com/vernu/vps-audit.git synced 2025-01-23 05:24:58 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

small change in system updates to prevent error if UPDATES variabel is empty, add CrowdSec as IPS check, add FAIL for unsecure ssh ports above unprivileged ports threshhold

Browse Source
This commit is contained in:
Jonas Voigt 2024-12-14 13:56:31 +01:00
parent 07abec919f
commit 1d1cd173b5
1 changed files with 25 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
vps-audit.sh
View File

@ -124,13 +124,14 @@ else
check_security "SSH Password Auth" "FAIL" "Password authentication is enabled - consider using key-based authentication only"
fi
# Check SSH default port
# Check for unsecure SSH ports
UNPRIVILEGED_PORT_START=$(sysctl -n net.ipv4.ip_unprivileged_port_start)
SSH_PORT=$(grep "^Port" /etc/ssh/sshd_config | awk '{print $2}')
if [ -z "$SSH_PORT" ]; then
SSH_PORT="22"
fi
if [ "$SSH_PORT" = "22" ]; then
check_security "SSH Port" "WARN" "Using default port 22 - consider changing to a non-standard port for security by obscurity"
elif [ "$SSH_PORT" -ge "$UNPRIVILEGED_PORT_START" ]; then
check_security "SSH Port" "FAIL" "Using unprivileged port $SSH_PORT - use a port below $UNPRIVILEGED_PORT_START for better security"
else
check_security "SSH Port" "PASS" "Using non-default port $SSH_PORT which helps prevent automated attacks"
fi
@ -149,17 +150,26 @@ else
check_security "Unattended Upgrades" "FAIL" "Automatic security updates are not configured - system may miss critical updates"
fi
# Check fail2ban
# Check Intrusion Prevention Systems (Fail2ban or CrowdSec)
IPS_INSTALLED=0
IPS_ACTIVE=0
if dpkg -l | grep -q "fail2ban"; then
if systemctl is-active fail2ban >/dev/null 2>&1; then
check_security "Fail2ban" "PASS" "Brute force protection is active and running"
else
check_security "Fail2ban" "WARN" "Fail2ban is installed but not running - brute force protection is disabled"
fi
else
check_security "Fail2ban" "FAIL" "No brute force protection installed - system is vulnerable to login attacks"
IPS_INSTALLED=1
systemctl is-active fail2ban >/dev/null 2>&1 && IPS_ACTIVE=1
fi
if dpkg -l | grep -q "crowdsec"; then
IPS_INSTALLED=1
systemctl is-active crowdsec >/dev/null 2>&1 && IPS_ACTIVE=1
fi
case "$IPS_INSTALLED$IPS_ACTIVE" in
"11") check_security "Intrusion Prevention" "PASS" "Fail2ban or CrowdSec is installed and running" ;;
"10") check_security "Intrusion Prevention" "WARN" "Fail2ban or CrowdSec is installed but not running" ;;
*) check_security "Intrusion Prevention" "FAIL" "No intrusion prevention system (Fail2ban or CrowdSec) is installed" ;;
esac
# Check failed login attempts
FAILED_LOGINS=$(grep "Failed password" /var/log/auth.log 2>/dev/null | wc -l)
if [ "$FAILED_LOGINS" -lt 10 ]; then
@ -172,12 +182,14 @@ fi
# Check system updates
UPDATES=$(apt-get -s upgrade 2>/dev/null | grep -P '^\d+ upgraded' | cut -d" " -f1)
if [ -z "$UPDATES" ]; then
UPDATES=0
fi
if [ "$UPDATES" -eq 0 ]; then
check_security "System Updates" "PASS" "All system packages are up to date"
else
check_security "System Updates" "FAIL" "$UPDATES security updates available - system is vulnerable to known exploits"
fi
# Check running services
SERVICES=$(systemctl list-units --type=service --state=running | grep "loaded active running" | wc -l)
if [ "$SERVICES" -lt 20 ]; then