arr-suite-template-bootstrap/templates/security-audit.sh.j2

#!/bin/bash
# Security audit script for Arrs Media Stack

echo "=== Security Audit Report - $(date) ==="
echo

echo "1. System Information:"
hostname
uname -a
uptime
echo

echo "2. User and Group Information:"
whoami
id docker 2>/dev/null || echo "Docker user not found"
getent group docker
echo

echo "3. SSH Configuration:"
systemctl is-active ssh
grep "^PermitRootLogin" /etc/ssh/sshd_config || echo "PermitRootLogin not configured"
grep "^PasswordAuthentication" /etc/ssh/sshd_config || echo "PasswordAuthentication not configured"
echo

echo "4. Firewall Status:"
ufw status
echo

echo "5. Fail2ban Status:"
systemctl is-active fail2ban
fail2ban-client status sshd 2>/dev/null || echo "Fail2ban sshd jail not active"
echo

echo "6. Docker Security:"
systemctl is-active docker
docker --version 2>/dev/null || echo "Docker not available"
docker ps 2>/dev/null || echo "Cannot access Docker"
echo

echo "7. File Permissions:"
ls -l /etc/ssh/sshd_config
ls -l /etc/fail2ban/jail.local 2>/dev/null || echo "jail.local not found"
ls -ld {{ docker_root }}
ls -ld {{ media_root }}
echo

echo "8. System Resources:"
free -h
df -h /
echo

echo "9. Network Connections:"
netstat -tlnp 2>/dev/null | grep -E ":(8989|7878|8686|6767|9696)" || echo "No Arrs ports found"
echo

echo "10. Recent Security Events:"
tail -10 /var/log/auth.log 2>/dev/null | grep sshd || echo "No SSH logs found"
echo

echo "=== End of Security Audit ==="