Linux Hardening using Python
Overview
This script performs automated system hardening by updating the configuration and recommending some manual checks that can help you secure your system and detect any suspicious behaviour.
What It Does
SSH Configuration - Modifies /etc/ssh/sshd_config to disable root login, enforce key-based auth, and prevent empty passwords.
File Permissions - Sets appropriate permissions on /etc/passwd (644), /etc/shadow (600), and /etc/group (644).
Firewall - Enables UFW with deny-incoming/allow-outgoing policy.
Manual Checks - Prompts for system updates, password policies, netstat output review, process inspection, unauthorized user detection, and sudoers validation.
Working
The script requires root privileges and uses subprocess to execute system commands. SSH hardening parses the existing sshd_config, preserves any custom settings, and enforces the security directives. File permissions are set using chmod, and UFW commands configure the firewall with safe defaults.
Interactive prompts guide you through manual security checks, things that need human judgment like reviewing running processes or checking for unauthorized user accounts.
Usage Guide
Prerequisites: Linux OS, Python 3.x, root access, UFW installed
To run the script:
1
2
chmod +x linux_hardening.py
sudo ./linux_hardening.py
Benefits & Use Cases
Consistency: Uniform security across systems
Speed: Minutes instead of hours
Compliance: CIS Benchmark aligned
Educational: Teaches security best practices
Real-world applications: Personal use, educational labs, compliance audits.
Download the Script
Important Notes
Before running: Backup your system, test in a VM first, ensure SSH keys are configured
After running: Restart SSH (
sudo systemctl restart sshd), test connectivity in a new session, review firewall rules