PublicMirrors/vps-audit
1
0
Fork 0
mirror of https://github.com/vernu/vps-audit.git synced 2025-01-23 13:35:06 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update vps-audit.sh

Browse Source
This commit is contained in:
Rob 2024-12-14 23:57:17 -08:00 committed by GitHub
parent ffe08718da
commit 85a63103aa
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
vps-audit.sh
View File

@ -93,7 +93,6 @@ check_security() {
echo "" >> "$REPORT_FILE" echo "" >> "$REPORT_FILE"
} }
# Check system uptime # Check system uptime
UPTIME=$(uptime -p) UPTIME=$(uptime -p)
UPTIME_SINCE=$(uptime -s) UPTIME_SINCE=$(uptime -s)
@ -144,6 +143,8 @@ else
fi fi
# Check SSH default port # Check SSH default port
UNPRIVILEGED_PORT_START=$(sysctl -n net.ipv4.ip_unprivileged_port_start)
SSH_PORT=$(grep "^Port" /etc/ssh/sshd_config | awk '{print $2}')
if [ -n "$SSH_CONFIG_OVERRIDES" ] && [ -d "$(dirname "$SSH_CONFIG_OVERRIDES")" ]; then if [ -n "$SSH_CONFIG_OVERRIDES" ] && [ -d "$(dirname "$SSH_CONFIG_OVERRIDES")" ]; then
SSH_PORT=$(grep "^Port" $SSH_CONFIG_OVERRIDES /etc/ssh/sshd_config 2>/dev/null | head -1 | awk '{print $2}') SSH_PORT=$(grep "^Port" $SSH_CONFIG_OVERRIDES /etc/ssh/sshd_config 2>/dev/null | head -1 | awk '{print $2}')
else else
@ -154,6 +155,8 @@ if [ -z "$SSH_PORT" ]; then
fi fi
if [ "$SSH_PORT" = "22" ]; then if [ "$SSH_PORT" = "22" ]; then
check_security "SSH Port" "WARN" "Using default port 22 - consider changing to a non-standard port for security by obscurity" check_security "SSH Port" "WARN" "Using default port 22 - consider changing to a non-standard port for security by obscurity"
elif [ "$SSH_PORT" -ge "$UNPRIVILEGED_PORT_START" ]; then
check_security "SSH Port" "FAIL" "Using unprivileged port $SSH_PORT - use a port below $UNPRIVILEGED_PORT_START for better security"
else else
check_security "SSH Port" "PASS" "Using non-default port $SSH_PORT which helps prevent automated attacks" check_security "SSH Port" "PASS" "Using non-default port $SSH_PORT which helps prevent automated attacks"
fi fi