Quick NIX Secure Script
Quick NIX Secure Script is used to harden and secure basic permissions and ownership on the fly. This script can be used during boot up, cron, bootstrapping, kickstart, jumpstart and during other system deployments. I recommend using CM tools like Puppet or Ansible, but this is still nice.
Why use this?
Many times in (prod)uction world prior admins harden without automation or towards an industry baseline. This is to help get to a point of standardization and quickly set or reset basic system security.
Use before or after app deploymentz. I don't set umasks, so everything should work regardless ^_^
This is influenced from DISA STIGs, ODAA, NSA and NIST/FIPs. This does not enforce towards those baselines, but helps minimize CAT I-III findings.
- RHEL 5-6, Fedora 17-20, Ubuntu 10-13, Solaris 9-10 and OpenSolaris
- root or equivalent
- basic /bin /sbin /usr/bin executables
(Easiest method to get going)
curl -sfO https://raw.githubusercontent.com/marshyski/quick-secure/master/quick-secure && bash quick-secure
git clone https://github.com/marshyski/quick-secure.git chmod 0700 ./quick-secure/quick-secure
Securing Docker Containers
RUN cd / && curl -sfO https://raw.githubusercontent.com/marshyski/quick-secure/master/quick-secure && bash /quick-secure -f
ADD quick-secure /quick-secure RUN bash /quick-secure -f
-c argument reviews what's commented out in quick-secure.
-u argument reviews what's being applied to your current system.
-f argument forces settings without being prompt with "are you sure" question.
Run quick-secure for the first time:
./quick-secure/quick-secure in CLI.
Setup quick-secure to run every sunday at 11PM via root's cron:
00 23 * * 0 /root/quick-secure/quick-secure -f
Help & Feedback
You can email (firstname.lastname@example.org) me directly if you need help, submit an issue or pull request. Fork it.
Looking for better hardening for Ubuntu so pull request quick-secure.