The Trooper

A new release which has been tested on both EL10 and Debian 13 and should be fairly stable.
Happy Linux securing and tuning !

Features

• Improved terminal resizer script (can detect sizes, won't freeze on certain systems anymore)
• Firewall IP whitelists are now be used by defaults for fail2ban whitelists
• RHEL: firewalld specific rules are now done via zones (trusted, dmz, public)
• RHEL: ssh and firewalld cockpit rules are disabled if IP whitelists exist
• Add IPv4 forwarding setting
• Add vm.swapinness setting
• Add kernel arp filter setting
• Basic ubuntu support
• Update debian openScap links to 0.1.79-1
• Try to download curl if no curl whether wget is installed but internet is available

Fixes

• Fix smartmontools service name for Debian 13
• Fix smarmontools nvme script would be appended on every run
• Fix firewalld IP whitelist creation on EL
• RHEL: Avoid forcing IPv4 downloads

2 Minutes to Midnight

May the 4th release of our Linux security hardening script be good ;)

Features

• Added CIS benchmark settings that OpenSCAP doesn't set with ANSSI-BP-028 High profile
• Improve RHEL / AlmaLinux / RockyLinux 10 support
• Add preliminary Debian 13 Trixie support
• Paritionning script now handles GPT partition schema on non UEFI systems
• Add network specific version of issue showing less information

Fixes

• Fix fail2ban optional config options
• Fix dnf automatic config options
• Fix specific tuned profiles script paths and permissions for RHEL 10
• Fix firewalld whitelist typo
• Various other minor fixes and typos

Misc

• Update inline nmve_metrics.py script with PR#255
• Update inline smartmon.py metrics script with PR#256
• Add internet HTTP check to workaround a case when ICMP is disallowed

Rime of the Ancient Mariner

3rd release of our Linux security hardening script.

Features

• Added RHEL / AlmaLinux / RockyLinux 10 support
• Added firewall & fail2ban IP whitelist configuration
• Updated smartmon prometheus metrics script
• Added NVME prometheus metrics script
• Improve fail2ban default configuration

Fixes

• Improve Debian 12 automatic update configuration

v2.0.0

This is our second formal release of el_scripts.

It mainly adds Debian 12 compatibility, and allows configurable brand and motd, as well as some minor fixes and automation improvements.

el release

So this our first formal release of el_scripts.

After more than a year of tweaking and testing, we finally came to a stage where new machines can be easily deployed via the kickstart script, and existing machines can be upgraded to the current requested state by using the el_configurator script included in the kickstart file.

el_configurator script has been succesfullly tested with EL8 and EL9.
Kickstart script has been tested only on EL9 since we don't deploy EL8 anymore ^^