#!/bin/sh # # GuruS3cur3.sh : Mini script t0 k3ep y0ur b0x secure # Author: sAFA7_eLNeT [ Linux-Fr34k.CoM ] # And as I always say... # Fuck the whitehats # EXTRACT="tar -zxf" GET="wget" apxs=`locate apxs | head -n 1` httpd=`locate httpd.conf | head -n 1` # clear echo " Script Started..." if [ "$UID" = "0" ];then echo " Ok whoami Let's make your b0x more secure... " else echo " `whoami` y0 must be login by root" fi echo " `whoami` put the dir for your php.ini please " echo -n "My Dir : " read dir echo " `whoami` I also need to know your apache version , apache1 or apache2 ? " echo " please answer by apache1 or apache2 " echo -n "My Version : " read $version echo " Do y0 want to Make back-up to yours files? " echo " please answer by : yes or no " echo -n "My answer : " read answer2 if [ "$answer2" = "yes" ]; then mkdir /root/backup cp /etc/sysctl.conf /root/backup/sysctl.conf cp /etc/host.conf /root/backup/host.conf cp $dir /root/backup/php.ini elif [ "$answer2" = "no" ]; then echo " As y0 Like " else echo " please answer by yes or no ! " exit 0 fi echo " Do y0 want secure your sysctl.conf and host.conf? " echo " please answer by : yes or no " echo -n "My answer : " read answer3 if [ "$answer3" = "yes" ]; then echo " fixing sysctl and host files..." echo "net.ipv4.icmp_echo_ignore_all = 1" >> /etc/sysctl.conf echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" >> /etc/sysctl.conf echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf echo "net.ipv4.ip_forward= 0" >> /etc/sysctl.conf echo "net.ipv4.tcp_keepalive_time = 1300" >> /etc/sysctl.conf echo "net.ipv4.tcp_fin_timeout = 18" >> /etc/sysctl.conf echo "net.ipv4.conf.all.arp_ignore = 0" >> /etc/sysctl.conf echo "net.ipv4.icmp_ignore_bogus_error_responses = 1" >> /etc/sysctl.conf echo "net.ipv4.tcp_sack = 0" >> /etc/sysctl.conf echo "nospoof on" >> /etc/host.conf echo "order bind,hosts" >> /etc/host.conf echo "multi on" >> /etc/host.conf sysctl -p >> /dev/null echo " Now sysctl.conf and host.conf is more secure " elif [ "$answer3" = "no" ]; then echo " As y0 like" else echo "Please answer by yes or no " exit 0 fi echo "do y0 want to change your Safe_mod to be on"? echo " answer by yes or no " echo -n " My Answer : " read answer4 if [ "$answer4" = "yes" ];then sed "s/safe_mode = Off/safe_mode = On/g" $dir > $dir.new mv $dir.new $dir echo " Now Safe_mode is On " elif [ "$answer4" = "no" ]; then echo "As y0 like" else echo "Please answer by yes or no " exit 0 fi echo "do y0 want to change your Register_globals to be Off"? echo " answer by yes or no " echo -n " My Answer : " read globals if [ "$globals" = "yes" ];then sed "s/register_globals = On/register_globals = Off/g" $dir > $dir.new mv $dir.new $dir echo " Now Register_globals is Off " elif [ "$globals" = "no" ]; then echo " As y0 like " else echo "Please answer by yes or no " exit 0 fi echo "do y0 want to disable all dangerous functions ?" echo " answer by yes or no " echo -n " My Answer : " read functions if [ "$functions" = "yes" ];then sed "s/disable_functions =/disable_functions = dl,exec,shell_exec,system,passthru,popen,pclose,proc_open,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,php_uname,phpinfo,apache_child_terminate,apache_get_modules,apache_get_version,apache_getenv,apache_note,apache_setenv,dir/g" $dir > $dir.new mv $dir.new $dir echo " Now your PHP is more secure and all dangerous functions is disabled " elif [ "$functions" = "no" ]; then echo " As y0 like " else echo "Please answer by yes or no " exit 0 fi sleep 3 clear echo " Do y0 want to Setup Mod_Sec ? " echo " Please Answer by yes or no " echo -n " My Answer : " read sec if [ "$sec" = "yes" ];then $GET www.modsecurity.org/download/modsecurity-apache_1.9.4.tar.gz $EXTRACT modsecurity-apache_1.9.4.tar.gz elif [ "$sec" = "no" ];then echo " As y0 like " else echo " Please Answer by yes or no" exit 0 fi if [ "$version" = "apache1" ];then cd modsecurity-apache_1.9.4/apache1 cp /etc/httpd/conf/httpd.conf /root/httpd.conf.backup /usr/local/apache/bin/apxs -cia mod_security.c $GET www.guru.securitygurus.net/modsec.rule > /etc/httpd/conf/modsec.conf echo " Mod_Sec By GuruS3cur3 " >> /etc/httpd/conf/httpd.conf echo " Include /etc/httpd/conf/modsec.conf " >> /etc/httpd/conf/httpd.conf echo " Mod_Security Installed " elif [ "$version" = "apache2" ]; then cp $httpd /root/backup/$httpd cd modsecurity-apache_1.9.4/apache2 $apxs -cia mod_security.c $GET www.guru.securitygurus.net/modsec2.rule > /etc/apache2/modsec.conf echo " Mod_Sec By GuruS3cur3 " >> /etc/apache2/modsec.conf sleep 5 echo " Mod_Security Installed " else echo " Please Answer by yes or no" fi echo " Do y0 want to setup APF firewall ? " echo " Please answer by yes or no " echo -n " My answer is : " read apf if [ "$apf" = "yes" ]; then $GET http://rfxnetworks.com/downloads/apf-current.tar.gz $EXTRACT apf-current.tar.gz cd apf* ./install.sh elif [ "$apf" = "no" ]; then echo " As y0 like " else " please answer by yes or no " exit 0 fi if [ "$apf" = "yes" ]; then echo " Now let's configure it... " sleep 3 echo " what's your Control panel ? " echo " cpanel , plesk , directadmin ? " echo " My Control Panel is : " read control fi if [ "$control" = "cpanel" ]; then sed 's/IG_TCP_CPORTS="22"/IG_TCP_CPORTS="20,21,$SSH,25,26,53,80,110,143,443,465,993,995,2082,2083,2086,2087,2095,2096"/g' /etc/apf/conf.apf > /etc/apf/conf.apf.new mv /etc/apf/conf.apf.new /etc/apf/conf.apf sed 's/DEVEL_MODE="1"/DEVEL_MODE="0"/g' /etc/apf/conf.apf > /etc/apf/conf.apf.new mv /etc/apf/conf.apf.new /etc/apf/conf.apf elif [ "$control" = "directadmin" ]; then sed 's/IG_TCP_CPORTS="22"/IG_TCP_CPORTS="$SSH,25,43,80,110,143,2222"/g' /etc/apf/conf.apf > /etc/apf/conf.apf.new mv /etc/apf/conf.apf.new /etc/apf/conf.apf sed 's/DEVEL_MODE="1"/DEVEL_MODE="0"/g' /etc/apf/conf.apf > /etc/apf/conf.apf.new mv /etc/apf/conf.apf.new /etc/apf/conf.apf elif [ "$control" = "plesk" ]; then sed 's/IG_TCP_CPORTS="22"/IG_TCP_CPORTS="20,21,$SSH,25,53,80,110,143,443,465,993,995,8443"/g' /etc/apf/conf.apf > /etc/apf/conf.apf.new mv /etc/apf/conf.apf.new /etc/apf/conf.apf sed 's/DEVEL_MODE="1"/DEVEL_MODE="0"/g' /etc/apf/conf.apf > /etc/apf/conf.apf.new mv /etc/apf/conf.apf.new /etc/apf/conf.apf fi echo " APF Firewall configured.. now y0 can use it.."