#! /bin/bash

#Account Management

declare -a allusers=()

declare -a users=()

declare -a user=()

declare -a admin=()

read -p "Have you made admins.txt and users.txt file? [Y/n] " YN

case $YN in

[yY]* ) u=true ;;

[nN]* ) u=false ;;

*) exit ;;

esac

if ("$u" = true); then

#User reading

while IFS= read -r line; do

    users+=( "$line" )

done < users.txt

users+=( "$line" ) < users.txt

while IFS= read -r line; do

    user+=( "$line" )

done < users.txt

user+=( "$line" ) < users.txt

while IFS= read -r line; do

    users+=( "$line" )

done < admins.txt

users+=( "$line" ) < admins.txt

while IFS= read -r line; do

    admin+=( "$line" )

done < admins.txt

admin+=( "$line" ) < admins.txt

#User configuration

for userid in `awk -F: '{print $3}' /etc/passwd`

do

if (("$userid" >= 1000 && "$userid" < 60000)); then

    allusers+=($(echo `cat /etc/passwd | grep $userid | awk -F: '{print $1}'`))

fi

done

for value in "${allusers[@]}"

do

if [[ ${users[@]} =~ $value ]]; then

        echo $value is good

    else

        sed -i "/$value/d" /etc/passwd

        sed -i "/$value/d" /etc/group

    fi

done

for value in "${users[@]}"

do

if [[ ${allusers[@]} =~ $value ]]; then

        true

    else

        useradd $value

        echo "added $value"

    fi

done

#Admin and Passwords

for value in "${user[@]}"

do

    gpasswd -d $value sudo

    gpasswd -d $value adm

    gpasswd -d $value lpadmin

    gpasswd -d $value sambashare

done

for value in "${admin[@]}"

do

    gpasswd -a $value sudo

    gpasswd -a $value adm

    gpasswd -a $value lpadmin

    gpasswd -a $value sambashare

    read -p "Would you like to change the password for the user "$value" [Y/n] " YM

    case $YM in

    [yY]* ) p=true ;;

    [nN]* ) p=false ;;

    *) exit ;;

    esac

        if ("$p" = true); then

        passwd $value

        fi

    passwd -x30 -n3 -w7 $value

    usermod -L $value

done

fi

passwd -l root

#New User

read -p "Make new user? [Y/n] " us

case $us in

[yY]* ) ur=true ;;

[nN]* ) ur=false ;;

*) exit ;;

esac

if ("$ur" = true); then

    read -p "username:" username

    useradd $username

    read -p "Add new user to a group? [Y/n] " gr

    case $gr in

    [yY]* ) g=true ;;

    [nN]* ) g=false ;;

    *) exit ;;

    esac

        if ("$g" = true); then

        read -p "Group name:" grp

        groupadd $grp

        usermod -G $grp $username

    fi

fi

#Firewall

apt-get install ufw && ufw enable

apt-get install auditd -y && auditctl -e 1

#No root logins

if grep -qF 'PermitRootLogin' /etc/ssh/sshd_config; then

    sed -i 's/^.*PermitRootLogin.*$/PermitRootLogin no/' /etc/ssh/sshd_config

else

    echo 'PermitRootLogin no' >> /etc/ssh/sshd_config

fi

#SSH Configs

#LoginGraceTime

if grep -qF 'LoginGraceTime' /etc/ssh/sshd_config; then

    sed -i 's/^.*LoginGraceTime.*$/LoginGraceTime 60/' /etc/ssh/sshd_config

else

    echo 'LoginGraceTime 60' >> /etc/ssh/sshd_config

fi

#Protocol 2

if grep -qF 'Protocol' /etc/ssh/sshd_config; then

    sed -i 's/^.*Protocol.*$/Protocol 2/' /etc/ssh/sshd_config

else

    echo 'Protocol 2' >> /etc/ssh/sshd_config

fi

#Permit Empty Password

if grep -qF 'PermitEmptyPasswords' /etc/ssh/sshd_config; then

    sed -i 's/^.*PermitEmptyPasswords.*$/PermitEmptyPasswords no/' /etc/ssh/sshd_config

else

    echo 'PermitEmptyPasswords no' >> /etc/ssh/sshd_config

fi

#Password Authenication

if grep -qF 'PasswordAuthentication' /etc/ssh/sshd_config; then

    sed -i 's/^.*PasswordAuthentication.*$/PasswordAuthentication yes/' /etc/ssh/sshd_config

else

    echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config

fi

#X11Forwarding

if grep -qF 'X11Forwarding' /etc/ssh/sshd_config; then

    sed -i 's/^.*X11Forwarding.*$/X11Forwarding no/' /etc/ssh/sshd_config

else

    echo 'X11Forwarding no' >> /etc/ssh/sshd_config

fi

#usePAM

if grep -qF 'usePAM' /etc/ssh/sshd_config; then

    sed -i 's/^.*UsePAM.*$/UePAM yes/' /etc/ssh/sshd_config

else

    echo 'UsePAM yes' >> /etc/ssh/sshd_config

fi

#UsePrivilegeSeparation

if grep -qF 'UsePrivilegeSeparation' /etc/ssh/sshd_config; then

    sed -i 's/^.*UsePrivilegeSeparation.*$/UsePrivilegeSeparation yes/' /etc/ssh/sshd_config

else

    echo 'UsePrivilegeSeparation yes' >> /etc/ssh/sshd_config

fi

#Install bum

apt-get install bum -y -qq

bum

#clam

apt-get install clamav -y -qq

clamscan --detect-broken=yes -r --enable-stats --bell >> ~/Desktop/clamavscan.log

chmod 777 ~/Desktop/clamavscan.log

#Disable services

#samba

read -p "samba? [Y/n]: " samba

case $samba in

[yY]* ) u=true ;;

[nN]* ) u=false ;;

*) exit ;;

esac

if ("$u" = true); then

ufw allow netbios-ns

ufw allow netbios-dgm

ufw allow netbios-ssn

ufw allow microsoft-ds

apt-get install samba -y -qq

apt-get install system-config-samba -y -qq

else

ufw deny netbios-ns

ufw deny netbios-dgm

ufw deny netbios-ssn

ufw deny microsoft-ds

apt-get purge samba -y -qq

apt-get purge samba-common -y  -qq

apt-get purge samba-common-bin -y -qq

apt-get purge samba4 -y -qq

fi

#ftp

read -p "ftp? [Y/n]: " ftp

case $samba in

[yY]* ) u=true ;;

[nN]* ) u=false ;;

*) exit ;;

esac

if ("$u" = true); then

ufw allow ftp

ufw allow sftp

ufw allow saft

ufw allow ftps-data

ufw allow ftps

cp /etc/vsftpd/vsftpd.conf ~/Desktop/backups/

cp /etc/vsftpd.conf ~/Desktop/backups/

gedit /etc/vsftpd/vsftpd.conf&gedit /etc/vsftpd.conf

service vsftpd restart

else

ufw deny ftp

ufw deny sftp

ufw deny saft

ufw deny ftps-data

ufw deny ftps

apt-get purge vsftpd -y -qq

fi

#telnet

read -p "telnet? [Y/n]: " telnet

case $telnet in

[yY]* ) u=true ;;

[nN]* ) u=false ;;

*) exit ;;

esac

if ("$u" = true); then

ufw allow telnet

ufw allow rtelnet

ufw allow telnets

else

ufw deny telnet

ufw deny rtelnet

ufw deny telnets

apt-get purge telnet -y -qq

apt-get purge telnetd -y -qq

apt-get purge inetutils-telnetd -y -qq

apt-get purge telnetd-ssl -y -qq

fi

#mail

read -p "mail? [Y/n]: " mail

case $mail in

[yY]* ) u=true ;;

[nN]* ) u=false ;;

*) exit ;;

esac

if ("$u" = true); then

ufw allow smtp

ufw allow pop2

ufw allow pop3

ufw allow imap2

ufw allow imaps

ufw allow pop3s

else

ufw deny smtp

ufw deny pop2

ufw deny pop3

ufw deny imap2

ufw deny imaps

ufw deny pop3s

fi

#Printer

read -p "printer? [Y/n]: " printer

case $printer in

[yY]* ) u=true ;;

[nN]* ) u=false ;;

*) exit ;;

esac

if ("$u" = true); then

ufw allow ipp

ufw allow printer

ufw allow cups

else

ufw deny ipp

ufw deny printer

ufw deny cups

#db

read -p "mysql? [Y/n]: " database

case $database in

[yY]* ) u=true ;;

[nN]* ) u=false ;;

*) exit ;;

esac

if ("$u" = true); then

ufw allow ms-sql-s

ufw allow ms-sql-m

ufw allow mysql

ufw allow mysql-proxy

apt-get install mysql-server-5.6 -y -qq

else

ufw deny ms-sql-s

ufw deny ms-sql-m

ufw deny mysql

ufw deny mysql-proxy

apt-get purge mysql -y -qq

apt-get purge mysql-client-core-5.5 -y -qq

apt-get purge mysql-client-core-5.6 -y -qq

apt-get purge mysql-common-5.5 -y -qq

apt-get purge mysql-common-5.6 -y -qq

apt-get purge mysql-server -y -qq

apt-get purge mysql-server-5.5 -y -qq

apt-get purge mysql-server-5.6 -y -qq

apt-get purge mysql-client-5.5 -y -qq

apt-get purge mysql-client-5.6 -y -qq

apt-get purge mysql-server-core-5.6 -y -qq

fi

#http

read -p "http? [Y/n]: " http

case $http in

[yY]* ) u=true ;;

[nN]* ) u=false ;;

*) exit ;;

esac

if ("$u" = true); then

apt-get install apache2 -y -qq

ufw allow http

ufw allow https

if [ -e /etc/apache2/apache2.conf ]

then

  echo -e '\<Directory \>\n\t AllowOverride None\n\t Order Deny,Allow\n\t Deny from all\n\<Directory \/\>\nUserDir disabled root' >> /etc/apache2/apache2.conf

else

fi

chown -R root:root /etc/apache2

else

ufw deny http

ufw deny https

apt-get purge apache2 -y -qq

rm -r /var/www/*

fi

#dns

read -p "dns? [Y/n]: " dns

case $dns in

[yY]* ) u=true ;;

[nN]* ) u=false ;;

*) exit ;;

esac

if ("$u" = true); then

ufw allow domain

else

ufw deny domain

apt-get purge bind9 -qq

fi

#ssh

read -p "ssh [Y/n]: " ssh

case $ssh in

[yY]* ) u=true ;;

[nN]* ) u=false ;;

*) exit ;;

esac

if ("$u" = true); then

apt-get install openssh-server -y -qq

systemctl enable ssh

ssytemctl start ssh

else

apt-get purge openssh-server -y -qq

ufw deny ssh

apt-get purge openssh-server -y -qq

fi

#ipv6

read -p "ipv6? [Y/n]: " ipv6

case $ipv6 in

[yY]* ) u=true ;;

[nN]* ) u=false ;;

*) exit ;;

esac

if ("$u" = true); then

echo -e "\n\n# Disable IPv6\nnet.ipv6.conf.all.disable_ipv6 = 1\nnet.ipv6.conf.default.disable_ipv6 = 1\nnet.ipv6.conf.lo.disable_ipv6 = 1" >> /etc/sysctl.conf

sysctl -p >> /dev/null

fi

#random stuff

unalias -a

usermod -L root

chmod 640 .bash_hostory

chmod 640 /etc/shadow

ls -a /home/ >> ~/Desktop/script.log

ls -a /etc/sudoers.d >> ~/Desktop/script.log

echo 'exit 0' >> /etc/rc.local

env i='() { :;}; echo Your system is bash vunerable' bash -c "echo Bash vulnerability test"

chmod 777 /etc/hosts

echo -e "127.0.0.1 localhost\n127.0.1.1 $USER\n::1 ip6-localhost ip6-loopback\nfe00::0 ip6-localnet\nff00::0 ip6-mcastprefix\nff02::1 ip6-allnodes\nff02::2 ip6-allrouters" >> /etc/hosts

chmod 644 /etc/hosts

chmod 777 /etc/lightdm/lightdm.conf

echo > /etc/lightdm/lightdm.conf

echo -e '[SeatDefaults]\nallow-guest=false\ngreeter-hide-users=true\ngreeter-show-manual-login=true' >> /etc/lightdm/lightdm.conf

chmod 644 /etc/lightdm/lightdm.conf

find /bin/ -name "*.sh" -type f -delete

echo -e "# Controls IP packet forwarding\nnet.ipv4.ip_forward = 0\n\n# IP Spoofing protection\nnet.ipv4.conf.all.rp_filter = 1\nnet.ipv4.conf.default.rp_filter = 1\n\n# Ignore ICMP broadcast requests\nnet.ipv4.icmp_echo_ignore_broadcasts = 1\n\n# Disable source packet routing\nnet.ipv4.conf.all.accept_source_route = 0\nnet.ipv6.conf.all.accept_source_route = 0\nnet.ipv4.conf.default.accept_source_route = 0\nnet.ipv6.conf.default.accept_source_route = 0\n\n# Ignore send redirects\nnet.ipv4.conf.all.send_redirects = 0\nnet.ipv4.conf.default.send_redirects = 0\n\n# Block SYN attacks\nnet.ipv4.tcp_syncookies = 1\nnet.ipv4.tcp_max_syn_backlog = 2048\nnet.ipv4.tcp_synack_retries = 2\nnet.ipv4.tcp_syn_retries = 5\n\n# Log Martians\nnet.ipv4.conf.all.log_martians = 1\nnet.ipv4.icmp_ignore_bogus_error_responses = 1\n\n# Ignore ICMP redirects\nnet.ipv4.conf.all.accept_redirects = 0\nnet.ipv6.conf.all.accept_redirects = 0\nnet.ipv4.conf.default.accept_redirects = 0\nnet.ipv6.conf.default.accept_redirects = 0\n\n# Ignore Directed pings\nnet.ipv4.icmp_echo_ignore_all = 1\n\n# Accept Redirects? No, this is not router\nnet.ipv4.conf.all.secure_redirects = 0\n\n# Log packets with impossible addresses to kernel log? yes\nnet.ipv4.conf.default.secure_redirects = 0\n\n########## IPv6 networking start ##############\n# Number of Router Solicitations to send until assuming no routers are present.\n# This is host and not router\nnet.ipv6.conf.default.router_solicitations = 0\n\n# Accept Router Preference in RA?\nnet.ipv6.conf.default.accept_ra_rtr_pref = 0\n\n# Learn Prefix Information in Router Advertisement\nnet.ipv6.conf.default.accept_ra_pinfo = 0\n\n# Setting controls whether the system will accept Hop Limit settings from a router advertisement\nnet.ipv6.conf.default.accept_ra_defrtr = 0\n\n#router advertisements can cause the system to assign a global unicast address to an interface\nnet.ipv6.conf.default.autoconf = 0\n\n#how many neighbor solicitations to send out per address?\nnet.ipv6.conf.default.dad_transmits = 0\n\n# How many global unicast IPv6 addresses can be assigned to each interface?

net.ipv6.conf.default.max_addresses = 1\n\n########## IPv6 networking ends ##############" >> /etc/sysctl.conf

sysctl -p >> /dev/null

echo -e "\n\n# Disable IPv6\nnet.ipv6.conf.all.disable_ipv6 = 1\nnet.ipv6.conf.default.disable_ipv6 = 1\nnet.ipv6.conf.lo.disable_ipv6 = 1" >> /etc/sysctl.conf

sysctl -p >> /dev/null

sed '/^exec/ c\exec false' /etc/init/control-alt-delete.conf

crontab -l > ~/Desktop/backups/crontab-old

crontab -r

/bin/rm -f cron.deny at.deny

echo root >cron.allow

echo root >at.allow

/bin/chown root:root cron.allow at.allow

/bin/chmod 400 cron.allow at.allow

chmod 777 /etc/apt/apt.conf.d/10periodic

cp /etc/apt/apt.conf.d/10periodic ~/Desktop/backups/

echo -e "APT::Periodic::Update-Package-Lists \"1\";\nAPT::Periodic::Download-Upgradeable-Packages \"1\";\nAPT::Periodic::AutocleanInterval \"1\";\nAPT::Periodic::Unattended-Upgrade \"1\";" > /etc/apt/apt.conf.d/10periodic

chmod 644 /etc/apt/apt.conf.d/10periodic

echo > /etc/default/irqbalance

echo -e "#Configuration for the irqbalance daemon\n\n#Should irqbalance be enabled?\nENABLED=\"0\"\n#Balance the IRQs only once?\nONESHOT=\"0\"" >> /etc/default/irqbalance

#Password policy

apt-get install libpam-cracklib

sed -i 's/\(pam_unix\.so.*\)$/\1 remember=5 minlen=8/' /etc/pam.d/common-password

sed -i 's/\(pam_cracklib\.so.*\)$/\1 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1/' /etc/pam.d/common-password

echo -e "#\n# /etc/pam.d/common-auth - authentication settings common to all services\n#\n# This file is included from other service-specific PAM config files,\n# and should contain a list of the authentication modules that define\n# the central authentication scheme for use on the system\n# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the\n# traditional Unix authentication mechanisms.\n#\n# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.\n# To take advantage of this, it is recommended that you configure any\n# local modules either before or after the default block, and use\n# pam-auth-update to manage selection of other modules.  See\n# pam-auth-update(8) for details.\n\n# here are the per-package modules (the \"Primary\" block)\nauth   [success=1 default=ignore]  pam_unix.so nullok_secure\n# here's the fallback if no module succeeds\nauth    requisite           pam_deny.so\n# prime the stack with a positive return value if there isn't one already;\n# this avoids us returning an error just because nothing sets a success code\n# since the modules above will each just jump around\nauth   required            pam_permit.so\n# and here are more per-package modules (the \"Additional\" block)\nauth optional            pam_cap.so \n# end of pam-auth-update config\nauth required pam_tally2.so deny=5 unlock_time=1800 onerr=fail audit even_deny_root_account silent" > /etc/pam.d/common-auth

echo -e "#\n# /etc/pam.d/common-password - password-related modules common to all services\n#\n# This file is included from other service-specific PAM config files,\n# and should contain a list of modules that define the services to be\n# used to change user passwords.  The default is pam_unix.\n\n# Explanation of pam_unix options:\n#\n# The \"sha512\" option enables salted SHA512 passwords.  Without this option,\n# the default is Unix crypt.  Prior releases used the option \"md5\".\n#\n# The \"obscure\" option replaces the old \`OBSCURE_CHECKS_ENAB\' option in\n# login.defs.\n#\n# See the pam_unix manpage for other options.\n\n# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.\n# To take advantage of this, it is recommended that you configure any\n# local modules either before or after the default block, and use\n# pam-auth-update to manage selection of other modules.  See\n# pam-auth-update(8) for details.\n\n# here are the per-package modules (the \"Primary\" block)\npassword [success=1 default=ignore]  pam_unix.so obscure sha512\n# here's the fallback if no module succeeds\npassword   requisite           pam_deny.so\n# prime the stack with a positive return value if there isn't one already;\n# this avoids us returning an error just because nothing sets a success code\n# since the modules above will each just jump around\npassword   required            pam_permit.so\n# and here are more per-package modules (the \"Additional\" block)\npassword optional    pam_gnome_keyring.so \n# end of pam-auth-update config" > /etc/pam.d/common-password

sed -i '160s/.*/PASS_MAX_DAYS\o01130/' /etc/login.defs

sed -i '161s/.*/PASS_MIN_DAYS\o0113/' /etc/login.defs

sed -i '162s/.*/PASS_MIN_LEN\o0118/' /etc/login.defs

sed -i '163s/.*/PASS_WARN_AGE\o0117/' /etc/login.defs

'auth required pam_tally2.so deny=5 onerr=fail unlock_time=1800' >> /etc/pam.d/common-auth

#repositories

if [[ $(lsb_release -r) == "Release:    14.04" ]] || [[ $(lsb_release -r) == "Release:  14.10" ]]

then

    chmod 777 /etc/apt/sources.list

    cp /etc/apt/sources.list ~/Desktop/backups/

    echo -e "deb http://us.archive.ubuntu.com/ubuntu/ trusty main restricted universe multiverse\ndeb-src http://us.archive.ubuntu.com/ubuntu/ trusty main restricted universe multiverse\ndeb http://us.archive.ubuntu.com/ubuntu/ trusty-security main restricted universe multiverse\ndeb http://us.archive.ubuntu.com/ubuntu/ trusty-updates main restricted universe multiverse\ndeb http://us.archive.ubuntu.com/ubuntu/ trusty-proposed main restricted universe multiverse\ndeb-src http://us.archive.ubuntu.com/ubuntu/ trusty-security main restricted universe multiverse\ndeb-src http://us.archive.ubuntu.com/ubuntu/ trusty-updates main restricted universe multiverse\ndeb-src http://us.archive.ubuntu.com/ubuntu/ trusty-proposed main restricted universe multiverse" > /etc/apt/sources.list

    chmod 644 /etc/apt/sources.list

elif [[ $(lsb_release -r) == "Release:  12.04" ]] || [[ $(lsb_release -r) == "Release:  12.10" ]]

then

    chmod 777 /etc/apt/sources.list

    cp /etc/apt/sources.list ~/Desktop/backups/

    echo -e "deb http://us.archive.ubuntu.com/ubuntu/ precise main restricted universe multiverse \ndeb-src http://us.archive.ubuntu.com/ubuntu/ precise main restricted universe multiverse \ndeb http://us.archive.ubuntu.com/ubuntu/ precise-security main restricted universe multiverse\ndeb http://us.archive.ubuntu.com/ubuntu/ precise-updates main restricted universe multiverse\ndeb http://us.archive.ubuntu.com/ubuntu/ precise-proposed main restricted universe multiverse\ndeb-src http://us.archive.ubuntu.com/ubuntu/ precise-security main restricted universe multiverse\ndeb-src http://us.archive.ubuntu.com/ubuntu/ precise-updates main restricted universe multiverse\ndeb-src http://us.archive.ubuntu.com/ubuntu/ precise-proposed main restricted universe multiverse" > /etc/apt/sources.list

    chmod 644 /etc/apt/sources.list

else

    echo “Error, cannot detect OS version”

fi

#Priviledge for files

chmod 640 /etc/shadow

chmod -R 444 /var/log

chmod 440 /etc/passwd

chmod 440 /etc/shadow

chmod 440 /etc/group

chmod -R 444 /etc/ssh

#Unessesary Software

apt-get purge ettercap-common -y -qq

apt-get purge deluge-common -y -qq

apt-get install aptitude -y -qq

aptitude remove wireshark -y

apt-get purge wireshark-common -y -qq

apt-get purge wiresharl -y -qq

apt-get purge logkeys -y -qq

apt-get install tree -y -qq

apt-get install diffuse -y -qq

apt-get install iptables -y -qq

iptables -A INPUT -p all -s localhost  -i eth0 -j DROP

apt-get remove .*samba.* .*smb.*

apt-get purge john -y -qq

apt-get purge john-data -y -qq

apt-get purge hydra -y -qq

apt-get purge hydra-gtk -y -qq

apt-get purge aircrack-ng -y -qq

apt-get purge fcrackzip -y -qq

apt-get purge lcrack -y -qq

apt-get purge ophcrack -y -qq

apt-get purge ophcrack-cli -y -qq

apt-get purge pdfcrack -y -qq

apt-get purge pyrit -y -qq

apt-get purge rarcrack -y -qq

apt-get purge sipcrack -y -qq

apt-get purge irpas -y -qq

apt-get purge netcat -y -qq

apt-get purge netcat-openbsd -y -qq

apt-get purge netcat-traditional -y -qq

apt-get purge ncat -y -qq

apt-get purge pnetcat -y -qq

apt-get purge socat -y -qq

apt-get purge sock -y -qq

apt-get purge socket -y -qq

apt-get purge sbd -y -qq

apt-get purge zeitgeist-core -y -qq

apt-get purge zeitgeist-datahub -y -qq

apt-get purge python-zeitgeist -y -qq

apt-get purge rhythmbox-plugin-zeitgeist -y -qq

apt-get purge zeitgeist -y -qq

apt-get purge nfs-kernel-server -y -qq

apt-get purge nfs-common -y -qq

apt-get purge portmap -y -qq

apt-get purge rpcbind -y -qq

apt-get purge autofs -y -qq

apt-get purge nginx -y -qq

apt-get purge nginx-common -y -qq

apt-get purge inetd -y -qq

apt-get purge openbsd-inetd -y -qq

apt-get purge xinetd -y -qq

apt-get purge inetutils-ftp -y -qq

apt-get purge inetutils-ftpd -y -qq

apt-get purge inetutils-inetd -y -qq

apt-get purge inetutils-ping -y -qq

apt-get purge inetutils-syslogd -y -qq

apt-get purge inetutils-talk -y -qq

apt-get purge inetutils-talkd -y -qq

apt-get purge inetutils-telnet -y -qq

apt-get purge inetutils-telnetd -y -qq

apt-get purge inetutils-tools -y -qq

apt-get purge inetutils-traceroute -y -qq

apt-get purge vnc4server -y -qq

apt-get purge vncsnapshot -y -qq

apt-get purge vtgrab -y -qq

apt-get purge snmp -y -qq

sudo apt-get install chkrootkit rkhunter -y

sudo chkrootkit

sudo rkhunter --update

sudo rkhunter --check

#other

echo "allow-guest=false" >> /etc/lightdm/lightdm.conf

#sus

find / -name "*.mp3" -type f >> ~/Desktop/Script.log

find / -name "*.mp4" -type f >> ~/Desktop/Script.log

find /home/ -type f \( -name "*.tar.gz" -o -name "*.tgz" -o -name "*.zip" -o -name "*.deb" \)

#System Updates

apt-get update -qq

apt-get upgrade -qq

apt-get dist-upgrade -qq

apt-get autoremove -y -qq

apt-get autoclean -y -qq

apt-get clean -y -qq

update-manager

apt-get update

apt-get upgrade openssl libssl-dev

apt-cache policy openssl libssl-dev

echo "----------------------------------------"

echo Things to do

echo look through the script file

echo update software

echo double check ssh, ftp, login.def,