Home

Awesome

Security Scripts

These scripts provided a practical implementation of the steps and practices described in the FusionAuth Security Guide. https://fusionauth.io/resources/guide-to-user-data-security

This project contains a set of bash scripts that can be used to secure a new Linux server. The scripts are broken into parts:

Configuration

Before you can use secure your server, you need to run the configuration script. This script is named configure.sh. This script will ask you a variety of questions related to your server including:

After the script has asked all the questions, it will output all of the necessary configuration files that the server setup scripts will use. These will be placed in the output directory.

Server Setup

After you run the configure script, you can run the server setup script. This script is named setup-new-server.sh. This script will prompt you for the password for the ordinary user account that is created on the server and then it will upload all of the files from the output directory to the server and execute the install script on the server.

Chef

You can also use the Chef Cookbook instead of the configure.sh and setup-new-server.sh scripts. The Chef Cookbook is located in the chef-repo/cookbooks. You can install this Cookbook in your Chef server by executing these commands:

$ cd chef-repo
$ knife cookbook upload security_guide

This will add the Cookbook to the Chef server that is configured in your knife.rb file. From there, you can use the Cookbook to bootstrap your nodes.

To use this Chef Cookbook, you first need to configure these required attributes:

In addition to the required attributes, the Chef Cookbook also takes these optional attributes:

You can set these attributes via a node attribute file, role or environment setting. The Chef recipe will verify that you have specified the required attributes and fail if they are absent.