This script automates the hardening of an OpenBSD workstation based on various guides from Solène Rapenne. Any contribution is highly appreciated.
- Installs essential packages: anacron, tor, torsocks, and clamav.
- Configures user settings to enhance security.
- Sets up a hardened firewall configuration.
- Enables and configures the Tor service.
- Configures the system to use a onion (Tor) mirror for updating the system and installing/updating packages.
- Disables USB ports (Only use this if you have a PS/2 keyboard and mouse).
- Configures ClamAV antivirus and freshclam updater.
- Applies system configuration changes for memory allocation hardening.
- Sets up anacron for periodic tasks.
- Makes shell environment files immutable using chflags.
- Must be run as root.
- OpenBSD operating system.
-
Clone the repository:
git clone https://github.com/daviduhden/openbsd-hardening-script.git cd openbsd-hardening-script -
Make the script executable:
chmod +x hardening.ksh
-
Run the script:
ksh hardening.ksh
-
Follow the interactive prompts to apply the desired configurations.