starred/du_setup
1
0
Fork 0
mirror of https://github.com/buildplan/du_setup.git synced 2026-04-26 02:25:50 +03:00
Code Issues 1 Projects Releases 5 Packages Wiki Activity
5 releases 55 tags
  • v0.80.2 4d64878574

    v0.80.2 Stable

    kerem released this 2026-03-01 14:27:50 +03:00 | 12 commits to main since this release

    📅 Originally published on GitHub: Sun, 01 Mar 2026 11:28:49 GMT
    🏷️ Git tag created: Sun, 01 Mar 2026 11:27:50 GMT

    What's Changed

    Implemented optional install of netbird either with default netbird server or with self-hosted server. Add setup-key from the server during the script run or only install and setup later.

    Suggested in #103 by @alfrede

    Full Changelog: https://github.com/buildplan/du_setup/compare/v0.80.1...v0.80.2

    Downloads
  • v0.80.1 78515c6a5a

    v0.80.1 Stable

    kerem released this 2026-03-01 00:34:04 +03:00 | 13 commits to main since this release

    📅 Originally published on GitHub: Sat, 28 Feb 2026 21:36:49 GMT
    🏷️ Git tag created: Sat, 28 Feb 2026 21:34:04 GMT

    What's Changed

    Bug Fixes

    • Fixed SSH port detection latching to X11 forwarding port — when connected via ssh -X on a dual-stack IPv6 server, ss output could resolve the X11 display port (60xx) before the real SSH port, causing rollback to restore the wrong port. Detection now explicitly filters out X11 port range (6010–6099) and also matches ssh.socket listeners.

    • Fixed SSH hardening drop-in load order — renamed 99-hardening.conf to 10-hardening.conf. OpenSSH uses first-match-wins on drop-ins processed lexicographically, meaning provider-injected configs (e.g. 50-cloud-init.conf) were silently overriding hardening directives. Hardening rules now evaluate first.

    Security Improvements

    • Existing users are now required to provide or generate a valid SSH key before setup continues, preventing lockout when PasswordAuthentication is disabled. Previously this was a warning only.

    • SSH and 2FA connection verification prompts now timeout after 5 minutes — if your session drops during the key confirmation step, the script auto-reverts rather than hanging indefinitely.

    Improvements

    • New port selection checks for conflictsvalidate_port now verifies the chosen SSH port is not already in use by another service before accepting it.

    • SSH key setup extracted into a reusable setup_ssh_keys() function, used consistently across new and existing user flows.

    Thanks @avetere for reporting most of these and discussed in #100

    Full Changelog: https://github.com/buildplan/du_setup/compare/v0.80.0...v0.80.1

    Downloads
  • v0.80.0 23858a1906

    v0.80.0 Stable

    kerem released this 2026-01-19 16:43:13 +03:00 | 24 commits to main since this release

    📅 Originally published on GitHub: Mon, 19 Jan 2026 13:44:14 GMT
    🏷️ Git tag created: Mon, 19 Jan 2026 13:43:13 GMT

    What's Changed

    • Added configure_2fa function that sets up TOTP-based MFA for the user.
    • Configures SSH to require AuthenticationMethods publickey,keyboard-interactive. This enforces a "Key + Code" (or Key + Code + Password) requirement, preventing access if only the private key is compromised.
    • Generates and displays the QR code directly in the terminal (via qrencode).
    • Includes a "safe rollback" verification step: users must verify a successful login in a new terminal before changes are permanently applied.
    • Extracted show_connection_options from configure_ssh into a global helper function to support connection instructions in both SSH and 2FA setup stages.
    • Updated the final summary report to indicate 2FA status.

    Full Changelog: https://github.com/buildplan/du_setup/compare/v0.79.1...v0.80.0

    Downloads
  • v0.79.1 6b6599539a

    v0.79.1 Stable

    kerem released this 2026-01-13 20:54:28 +03:00 | 30 commits to main since this release

    📅 Originally published on GitHub: Tue, 13 Jan 2026 17:55:25 GMT
    🏷️ Git tag created: Tue, 13 Jan 2026 17:54:28 GMT

    What's Changed

    Missed the collections from last update now added. Setup will enable default Linux and iptables collections and then ask user if they want to enable any more collection.

    Browse collections at: https://app.crowdsec.net/hub/collections

    Full Changelog: https://github.com/buildplan/du_setup/compare/v0.79.0...v0.79.1

    Downloads
  • v0.79.0 29ebe386b1

    v0.79.0 Stable

    kerem released this 2026-01-13 00:28:13 +03:00 | 34 commits to main since this release

    📅 Originally published on GitHub: Mon, 12 Jan 2026 21:29:15 GMT
    🏷️ Git tag created: Mon, 12 Jan 2026 21:28:13 GMT

    What's Changed

    Added CrowdSec as a selectable Intrusion Detection System (IDS) alongside fail2Ban.

    • IDS Selection: Users can now choose between Fail2Ban, CrowdSec, or skipping IDS setup entirely during the interactive prompt.
    • CrowdSec Setup: Implemented configure_crowdsec to handle repository setup, agent installation, and the firewall bouncer (iptables/UFW).
    • Log Parity: Configured CrowdSec to actively monitor /var/log/ufw.log, ensuring parity with the existing Fail2Ban configuration.
    • Refactor: Moved IDS package installation out of the base package list to support conditional installation.
    • Reporting: Updated generate_summary to dynamically display the status, metrics, and bans for the specific IDS selected.

    Full Changelog: https://github.com/buildplan/du_setup/compare/v0.78.5...v0.79.0

    Downloads