This script automates the hardening of an OpenBSD workstation based on various guides from Solène Rapenne. Any contribution is highly appreciated.
- Installs essential packages: anacron, tor, torsocks, and clamav.
- Enhances user settings for improved security.
- Configures a hardened firewall.
- Enables the Tor service.
- Uses an onion (Tor) mirror for system updates and package management.
- Disables USB ports (ensure you have a PS/2 keyboard and mouse).
- Activates ClamAV antivirus services.
- Applies memory allocation hardening configurations.
- Sets up anacron for periodic tasks.
- Makes shell environment files immutable with
chflags. - Configures Xenocara to use CWM by default and fixes screen tearing for Intel video chipsets.
- Must be run as root.
- OpenBSD operating system.
-
Clone the repository:
git clone https://github.com/daviduhden/openbsd-hardening-script.git cd openbsd-hardening-script -
Make the script executable:
chmod +x hardening.ksh
-
Run the script:
ksh hardening.ksh
-
Follow the interactive prompts to apply the desired configurations.