BestHub
Sign in
Information Security 6 min read

Secure Your Linux Servers with Free Check and Protective Shell Scripts

This guide introduces two open‑source shell scripts—CentOS_Check_Script and CentOS_Protective_Script—designed to enforce security hardening on Red Hat/CentOS systems, covering password policies, audit log protection, user management, and various security controls, with usage instructions and download links.

Linux Cloud Computing Practice
Linux Cloud Computing Practice
Linux Cloud Computing Practice
Secure Your Linux Servers with Free Check and Protective Shell Scripts

This script collection builds on an open‑source project by xiaoyunjie and adds two hardening scripts: one to enforce password length and periodic changes, and another to protect audit logs by backing them up to a log server.

GitHub project address: https://github.com/xiaoyunjie/Shell_Script

Check Script

Execute the CentOS_Check_Script.sh script to perform a security check. The command format is:

# Execute CentOS-Check_Script.sh and save output
sudo sh CentOS_Check_Script.sh | tee check_$(date +%Y%m%d_%H%M%S).txt

After execution, a txt file named with the current timestamp (e.g., check_2023_0915_123045.txt) is generated in the current directory.

This check script is intended for Red Hat/CentOS systems and may not work on Ubuntu because some configuration files differ or are missing.

The script follows the Level 3 security requirements and outputs results that need manual review. It includes the following checks:

System basic information

Resource usage

System user information

Identity authentication security

Access control security

Security audit

Residual information protection

Intrusion prevention security

Malicious code prevention

Resource control security

Protective Script

The Protective_Script backs up relevant configuration files before applying hardening measures and creates a backup folder in the script directory to store the backups. To restore original configurations, run program number 8.

# Execute CentOS_Protective_Script.sh to apply hardening
sudo sh CentOS_Protective_Script.sh
# After completion, follow script prompts to restart services

# On Ubuntu, you may encounter a syntax error due to sh/bash incompatibility. Use bash to run the script:
sudo bash CentOS_Protective_Script.sh

Functional overview of the protective script:

One‑click full hardening

Set password complexity

Add openroot account (optional)

Disable remote root login (optional)

Configure history size, command timestamps, and session timeout

Change SSH port (optional)

Handle login failures

Restore configuration files (optional)

Set password length and periodic change requirements

Recommend protecting audit logs and periodic backup to a log server

Exit program

Project address for the combined scripts: https://github.com/NatChao/check_script

LinuxauditscriptHardening
Linux Cloud Computing Practice
Written by

Linux Cloud Computing Practice

Welcome to Linux Cloud Computing Practice. We offer high-quality articles on Linux, cloud computing, DevOps, networking and related topics. Dive in and start your Linux cloud computing journey!

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment