# VPS Security Hardening Script π
**`01-condom.sh`** β A "protection-first" script to secure your Linux VPS against common vulnerabilities.
*Because even servers deserve safe computing!*
---
## π Table of Contents
- [Features](#-features)
- [Installation](#-installation)
- [Customization](#-customization)
- [Usage](#-usage)
- [Contributing](#-contributing)
- [Disclaimer](#-disclaimer)
- [License](#-license)
---
## π οΈ Features
- **User Management**: Create a secure sudo user with SSH key authentication.
- **SSH Hardening**: Disable root login, enforce key-based authentication, and customize SSH port.
- **Firewall Setup**: Configure UFW with sensible defaults (SSH, HTTP/S, Docker ports).
- **Docker Installation**: Install Docker and Docker Compose with optimized repository mirrors.
- **System Hardening**:
- Automatic security updates
- Kernel parameter tuning
- DNS configuration (Google DNS)
- **Region-Specific Fixes**: Optimized for restricted networks (e.g., Iran) with:
- Automatic best mirror selection
- DNS override capabilities
- Installation retry logic
---
## π₯ Installation
```bash
# Download the script
wget https://raw.githubusercontent.com/yourusername/repo/main/01-condom.sh
# Make executable
chmod +x 01-condom.sh
# Run as root
sudo ./01-condom.shConfigure settings via environment variables (edit script header):
### -- CONFIGURATION -- ###
USERNAME="sysadmin" # New sudo user
SSH_PORT="2222" # Custom SSH port
TIMEZONE="Asia/Tehran" # Server timezone
DNS_SERVERS="8.8.8.8 8.8.4.4" # DNS override
TOOLS_INSTALL=1 # 1=Install tools, 0=Skip-
Interactive Setup:
sudo ./01-condom.sh
Follow prompts for user creation and SSH configuration.
-
Automated Setup (pre-configured variables):
sudo USERNAME=admin SSH_PORT=2222 ./01-condom.sh
-
Post-Installation:
- SSH Access:
ssh -p <PORT> <USERNAME>@<SERVER_IP> - Check open ports:
ss -tulnp - Verify Docker:
docker run hello-world
- SSH Access:
Files Modified:
- /etc/ssh/sshd_config
- /etc/ufw/
- /etc/sysctl.conf
- /etc/resolv.conf (DNS)
Packages Installed:
- ufw, fail2ban, unattended-upgrades
- docker-ce, docker-compose-plugin
- htop, net-tools, curl
Improvements welcome!
- Fork the repository
- Create a feature branch:
git checkout -b improve-condom - Commit changes:
git commit -m 'Add security feature X' - Push to branch:
git push origin improve-condom - Open a pull request
This script:
- Modifies critical system configurations
- Disables root SSH access
- Changes firewall rules
Always:
- Test in a non-production environment first
- Backup existing SSH keys
- Monitor server after deployment
MIT License Β© 2024 [Your Name]
01-condom.sh is licensed under the MIT License. Use at your own risk.