Hardbuntu

Strengthen the security of your Ubuntu system with this powerful hardening tool based on CIS benchmarks.

Features • Usage • Options • Note • Customization • Security Warnings • Benchmark Source • Preview Disclaimer

Introduction

 _     _                _ _                           
| |   | |              | | |                _         
| |__ | | ____  ____ _ | | | _  _   _ ____ | |_ _   _ 
|  __)| |/ _  |/ ___) || | || \| | | |  _ \|  _) | | |
| |   | ( ( | | |  ( (_| | |_) ) |_| | | | | |_| |_| |
|_|   |_|\_||_|_|   \____|____/ \____|_| |_|\___)____|

Hardbuntu is a shell based script designed to enhance the security of Ubuntu Linux systems based on the CIS (Center for Internet Security) Ubuntu Linux 20.04 LTS Benchmark version 1.1.0. The script automates various hardening measures and provides users with the flexibility to customize the hardening process according to their specific requirements.

Features

• Easy-to-use command-line interface.
• Allows users to specify the system type and hardening level (S1, S2, W1, or W2).
• Supports Update Mode for applying system hardening measures.
• Quiet Mode for minimal output and prompts during execution.
• Provides benchmark details for transparency and compliance.

Usage

To run the hardening script, execute the following command in the terminal:

sudo ./hardbuntu.sh [options]

Options

• -h: Show usage and help information.
• -v: Show script version.
• -l: Show script license information.
• -d: Show disclaimer for using the script.
• -u: Apply system hardening measures. Use with caution.
• -q: Run the script with minimal output and prompts.
• -b: Show details of the benchmark used for system hardening.
• -p: Specify system type and hardening level: S1, S2, W1, or W2.

Note

• Running the script without Update Mode will not make any changes to the operating system, but it will indicate what would be done if executed in Update Mode.
• DO NOT EXECUTE THIS SCRIPT ON PRODUCTION SERVERS IN UPDATE MODE. Update mode makes extensive changes to the operating system, which may render it unusable or inaccessible. Be cautious when using this mode.
• To disable individual benchmarks, set the variables W and S to 3.
• To exit before an individual benchmark, set the variable W or S to 0 for debugging purposes.

Customization

You can modify the tool's behavior by setting certain variables in the ./.cisrc file.

Some configurable variables include:

• TL: Specify the system type and hardening level.
• U: Set to "Y" to enable automatic system hardening mode.
• Q: Run the script in quiet mode (minimal output and prompts).
• B: Display benchmark details.
• Various system components (e.g., SX11, SSSHD, SAVAHI, etc.), which can be set to "Y" to keep them or left empty to remove them.

Security Warnings

• Make sure to review the hardening script and its configurations before execution.
• Only run the script on systems that you have proper authorization to modify.
• Ensure that you have backed up important data and settings before using the update mode.

Benchmark Source

The CIS Ubuntu Linux 20.04 LTS Benchmark v1.1.0 - https://www.cisecurity.org/benchmark/ubuntu_linux

Preview

 _     _                _ _                           
| |   | |              | | |                _         
| |__ | | ____  ____ _ | | | _  _   _ ____ | |_ _   _ 
|  __)| |/ _  |/ ___) || | || \| | | |  _ \|  _) | | |
| |   | ( ( | | |  ( (_| | |_) ) |_| | | | | |_| |_| |
|_|   |_|\_||_|_|   \____|____/ \____|_| |_|\___)____|

[●] Author: @h4r5h1t
[●] Version: 1.0.0

Hardening Script based on CIS Ubuntu Linux 20.04 LTS Benchmark v1.1.0 from www.cisecurity.org
[❌] Warning: Use with caution. You are responsible for your own actions.
[❌] Developers assume no liability and are not responsible for any misuse or damage cause by this tool.


Usage:
sudo ./hardbuntu.sh -h
sudo ./hardbuntu.sh -p s1
sudo ./hardbuntu.sh -p w1 -u -b

Options:
  -h  (Help)
    Show usage and help information.
  -v  (Version)
    Show script version.
  -l  (License)
    Show script license information.
  -d  (Disclaimer)
    Show disclaimer for using the script.
  -u  (Update Mode)
    Apply system hardening measures. (Use with caution).
  -q  (Quiet Mode)
    Run the script with minimal output and prompts.
  -b  (Benchmark Details)
    Show details of the benchmark used for system hardening.
  -p  (Profile - System Type and Level)
    Specify system type and hardening level: S1, S2, W1, or W2.
    Customize the hardening measures applied by the script.

The purpose of this script is to harden Ubuntu Linux systems.
It is based on CIS Ubuntu Linux 20.04 LTS Benchmark v1.1.0 from www.cisecurity.org
https://www.cisecurity.org/cis-securesuite/cis-securesuite-membership-terms-of-use/
It has only been tested on Ubuntu 2004 x64.

Executing this script without update mode will not make any changes to the operating system.
It will however indicate what would be done if run in update mode.

DO NOT EXECUTE SCRIPT ON PRODUCTION SERVERS IN UPDATE MODE.
Update mode will make extensive changes to the operating system.
This could render the server unusable or inaccessable.
It could also uninstall a number of packages. Make sure you adjust this list in .cisrc.
The .cisrc file is created when executing script for the first time.
If you are logged in as root, make sure you can still log in after executing in update mode before logging out.

To disable individual benchmarks set variable W and S to 3.
To exit before an individual benchmark, set variable W or S to 0. This is only for debugging purposes.

Disclaimer

The Hardbuntu is intended to improve the security of Ubuntu Linux systems. It is based on the CIS Ubuntu Linux 20.04 LTS Benchmark v1.1.0. However, executing the script in Update Mode may make extensive changes to the system, rendering it unusable or inaccessible. Do not execute the script on production servers in Update Mode without thorough testing.

Warning: Developers assume no liability and are not responsible for any misuse or damage cause by this tool. So, please se with caution because you are responsible for your own actions.