validate.sh

#!/bin/bash

echo "RUN $(basename "$0") ==="

RED='\033[0;31m'
NC='\033[0m' # No Color

fail_empty(){
if [ -z  "$1" ]
then
    echo "Error : $2"
    exit 1
else
    echo "Ok : $1"
fi
}
fail_not_empty(){
if [ ! -z  "$1" ]
then
    echo "Error : $2 '$1'"
    exit 1
else
    echo "Ok : $3"
fi
}

echo "Automated checks"
Passwd=$(grep "^PasswordAuthentication no" /etc/ssh/sshd_config)
fail_empty "$Passwd" "SSh password allowed"
systemctl restart ssh
real_users=$(egrep "/bin/[^/]*sh" /etc/passwd | grep -v root)
echo "The following users can login via ssh $real_users"
user_name=`echo $real_users | awk -F':' '{print $1}'`
if [[ $user_name -eq "dockerweb" ]]; then
    uid=`id -u dockerweb`
    if [[ $uid -eq 1000 ]]; then
        echo "Dockerweb have good uid (1000)"
    else
        echo -e "${RED}Dockerweb dont have good uid, expected 1000${NC}"
    fi
fi
read -p "hit enter"
apache_default=$(find /etc/apache2/sites-enabled -iname "*default*")
fail_not_empty "$apache_default" "Please disable apache default sites" "Apache default sites are disabled"
apache2ctl graceful
read -p "hit enter"
echo "Manual check : fail2ban"
systemctl status fail2ban
fail2ban-client status
read -p "hit enter"
echo "Manual check : ufw"
ufw status verbose
read -p "hit enter"
echo "Manual check : clamav"
systemctl status clamav-daemon clamav-freshclam
read -p "hit enter"
echo "Manual check cron root"
crontab -u root -l
read -p "hit enter"
echo "Manual check cron www-data"
crontab -u www-data -l
read -p "hit enter"
echo "Manual check home perms"
ls -lstrh --color=auto /home
read -p "hit enter"