This toolkit helps system administrators apply CIS Benchmark-aligned hardening for Ubuntu Linux environments (18.04β24.04 LTS), with WSL compatibility and automation.
linux-hardening-toolkit/
βββ README.md
βββ VERSION
βββ CHANGELOG.md
βββ harden_launcher.sh
βββ scripts/
β βββ gnome2.sh
β βββ [other .sh scripts...]
- 18.04 LTS
- 20.04 LTS
- 22.04 LTS β tested
- 24.04.3 LTS β tested
- WSL2 β supported (with automatic exclusions)
π Uses CIS Level 1 Workstation guidance by default.
Current Version: v1.1.1
Released: July 2, 2025
Maintainer: Alison Peterson
- β
Added
-yto all apt install/remove/upgrade commands to suppress interactive prompts - β
Replaced
ufw enablewithufw --force enableto avoid SSH disruption confirmation - β Confirmed compatibility with Ubuntu 24.04.3 LTS
- π All scripts remain flattened under
scripts/ - π§ Logs enhanced at
/var/log/hardening.log
- Clone the Repository
From any Linux system:
git clone https://github.com/SDSU-Research-CI/linux-hardening-toolkit.git
cd linux-hardening-toolkit
sudo chmod +x harden_launcher.sh
sudo ./harden_launcher.shπ Note: No need to manually upload or unzip files β run everything directly from the cloned folder.
-
Follow the prompts:
- Detects user and OS automatically
- Smart detection of script folder
- Runs critical scripts in order, then all others
- Logs each result to
/var/log/hardening.log
-
Review Logs & Reboot if Needed
- β
Review
/etc/ssh/sshd_config - β Run CIS-CAT Assessor for scoring
- β Apply kernel upgrades (if prompted)
- β Reboot to apply new modules and microcode
Please coordinate through the Linux Working Group if you'd like to extend this for:
- CIS Level 2 or STIG compliance
- Server profile customization
- Cloud-init or remote automation
Β© San Diego State University Β· College of Science Β· 2025
Maintained by: Alison Peterson