nalalangan/fiddy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8b13de34fe
fiddy/scripts/check-host-security.sh

44 lines
1006 B
Bash
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
echo "== Host Security Check =="
echo "Timestamp (UTC): $(date -u +%Y-%m-%dT%H:%M:%SZ)"
echo
echo "== Listening TCP/UDP Ports =="
if command -v ss >/dev/null 2>&1; then
ss -tulpn || true
else
echo "ss command not found"
fi
echo
echo "== UFW Status =="
if command -v ufw >/dev/null 2>&1; then
ufw status verbose || true
else
echo "ufw command not found"
fi
echo
echo "== Fail2ban Status =="
if command -v fail2ban-client >/dev/null 2>&1; then
fail2ban-client status || true
else
echo "fail2ban-client command not found"
fi
echo
echo "== Docker Containers =="
if command -v docker >/dev/null 2>&1; then
docker ps --format 'table {{.Names}}\t{{.Image}}\t{{.Status}}\t{{.Ports}}' || true
else
echo "docker command not found"
fi
echo
echo "== Quick Expected Surface =="
echo "- Public inbound expected: 80/tcp, 443/tcp only"
echo "- SSH expected: restricted source allowlist or VPN-only"
echo "- Postgres expected: private-only, not internet-exposed"
Reference in New Issue View Git Blame Copy Permalink