diff --git a/README.md b/README.md index 2f9966b..e693977 100644 --- a/README.md +++ b/README.md @@ -113,9 +113,6 @@ After running a script: 3. Keep any backups created by the script until you are confident the system is working correctly. 4. Re-run relevant audits or service checks after applying changes. -> [!WARNING] -> The SSHD hardening script modifies SSH configurations. Ensure you have alternative access to your system before applying changes in production environments. - ## Compatibility The scripts target Linux systems with Bash 4.0 or newer. Compatibility varies by script because each one touches different tools, services, and configuration files. diff --git a/hardening/Nginx WAF/README.md b/hardening/Nginx WAF/README.md index 068d4af..aba532f 100644 --- a/hardening/Nginx WAF/README.md +++ b/hardening/Nginx WAF/README.md @@ -42,7 +42,7 @@ cd hardening/Nginx\ WAF/ sudo ./nginx-waf.bash ``` -## Installation Summary +## Execution Summary - Detects the installed Nginx version and configure arguments. - Installs missing build dependencies through `apt-get`. diff --git a/hardening/Root Locker/README.md b/hardening/Root Locker/README.md index 360044a..a006847 100644 --- a/hardening/Root Locker/README.md +++ b/hardening/Root Locker/README.md @@ -23,7 +23,6 @@ sudo ./hardening/Root\ Locker/root-locker.bash - Confirm that at least one non-root user has working sudo access before running this script. - Do not run this on a system where direct root login is the only available administrative access path. -- This script does not modify SSH configuration. If SSH allows root login through another authentication method, review `sshd_config` separately. ## Verify diff --git a/hardening/SSHD Hardening/README.md b/hardening/SSHD Hardening/README.md index 09a403d..d556b97 100644 --- a/hardening/SSHD Hardening/README.md +++ b/hardening/SSHD Hardening/README.md @@ -2,7 +2,7 @@ Hardens the OpenSSH server configuration using settings aligned with Lynis recommendations. -> [!WARNING] +> [!NOTE] > This script modifies the system SSH daemon configuration. Treat it as a high-risk change on remote systems because an invalid or overly restrictive SSH configuration can lock you out. ## Requirements @@ -21,8 +21,6 @@ Run the script from the repository root: sudo ./hardening/SSHD\ Hardening/harden-sshd.bash ``` -The script prompts before changing SSH configuration. - ## Changes Made The script updates supported settings in `/etc/ssh/sshd_config` when those settings are already present in the file: diff --git a/hardening/UFW Cloudflare/README.md b/hardening/UFW Cloudflare/README.md index d15289a..3826e0a 100644 --- a/hardening/UFW Cloudflare/README.md +++ b/hardening/UFW Cloudflare/README.md @@ -21,7 +21,7 @@ Run the script from the repository root: sudo ./hardening/UFW\ Cloudflare/ufw-cloudflare.bash ``` -## Installation Summary +## Execution Summary - Reads existing UFW rules marked with the `Cloudflare IP` comment. - Downloads current Cloudflare IPv4 and IPv6 ranges from Cloudflare. @@ -50,9 +50,7 @@ The temporary backup is removed during normal cleanup. ## Safety Notes -- This script changes firewall rules. Make sure you have recovery access before running it on a remote system. -- Confirm that SSH or other management ports are already allowed as needed before changing web rules. -- This script targets HTTP and HTTPS only: TCP ports `80` and `443`. +- Make sure you have recovery access before running it on a remote system. - Direct origin access may remain possible through other open ports or non-UFW firewall layers. ## Verify