This tool automates the process of hardening an Ubuntu 22.04 server based on best security practices.
- System updates and automatic security upgrades
- Non-root user creation with sudo privileges
- Enhanced SSH security configuration with key-based authentication
- UFW setup with rate limiting
- Fail2Ban installation and advanced configuration
- Comprehensive unused service disabling
- Robust system-wide security settings
- AppArmor and Auditd setup and enforcement
- Strong password policies implementation
- File system integrity checking with AIDE
- Core dump disabling and compiler tools restriction
- Temporary directory and shared memory security
- Process accounting enablement
- CrowdSec installation and configuration against DDoS
- Advanced SYN flood and DDoS protection
- GRUB bootloader security
- /proc filesystem hardening
- Network Intrusion Detection System
- Secure logging configuration
- Unnecessary kernel module disabling
- Node.js v22.4.1 or later
- Ubuntu 22.04 or later with root access
This script is designed to be packaged as a single executable application using Node.js v22.4.1 'Single executable applications' feature.
- Build the executable:
pnpm install && pnpm build - Make the file executable:
chmod +x ubuntu-hardening-tool - Copy the resulting executable:
scp ubuntu-hardening-tool username@server_ip: - Run it there with root privileges:
sudo ./ubuntu-hardening-tool
pnpm release will build the executable, generate the checksum, bump the version, update the changelog, create a new commit with these changes, and create a new tag.
- Get the script:
wget https://github.com/feremabraz/server-ubuntu-22/releases/download/vX.Y.Z/ubuntu-hardening-tool(adjust accordingly) - Get the checksum:
wget https://github.com/feremabraz/server-ubuntu-22/releases/download/vX.Y.Z/ubuntu-hardening-tool.sha256 - Verify the script's integrity:
sha256sum --check ubuntu-hardening-tool.sha256 - Make the file executable:
chmod +x ubuntu-hardening-tool - Run it:
./ubuntu-hardening-tool