Analysis updated 2026-05-18
Lock down a fresh Debian or Ubuntu install against Bluetooth, USB, and network discovery attack vectors in one command.
Run a background watchdog that alerts you the moment a hardened service is tampered with or a new port opens.
Re-apply hardening automatically after system updates using a single status-check command.
Get desktop or terminal alerts when a new unknown USB device is plugged into a protected machine.
| pasanrs/sentry-hardening | 123satyajeet123/bitnet-server | alexbloch-ia/legal-data | |
|---|---|---|---|
| Stars | 0 | 0 | 0 |
| Language | Shell | Shell | Shell |
| Setup difficulty | easy | easy | moderate |
| Complexity | 3/5 | 2/5 | 2/5 |
| Audience | ops devops | developer | general |
Figures from each repo's GitHub metadata at analysis time.
Requires sudo and a Debian-based, systemd-managed Linux distribution.
Sentry is a security hardening and real-time monitoring suite for Debian-based Linux systems, packaged as a shell script. It does two jobs: locking down your system's attack surface, and then continuously watching for changes or suspicious activity. The hardening phase disables services and protocols that attackers commonly probe. Bluetooth is fully blacklisted at the kernel level. Network discovery services such as mDNS, Avahi, Samba broadcasting, and printer discovery are shut down. USB auto-mount is disabled to protect against BadUSB attacks, which are malicious USB devices that pretend to be keyboards. WiFi is configured for MAC address randomization and power-save stealth mode. A firewall using UFW and iptables blocks discovery protocols, and kernel security parameters are applied including SYN cookies and source routing disabled. The watchdog runs as a persistent background service and alerts you if anything changes: processes running from temporary directories, hardened services trying to restart, new ports appearing on the network, blacklisted kernel modules being loaded, firewall rules being altered, critical system binaries being modified, new outbound network connections, or new USB devices being inserted. Alerts appear as colored terminal output, broadcast messages to all logged-in users, desktop popups if a graphical interface is available, and entries in a dedicated log file. Hardening rules are reapplied every 15 minutes via a cron job and restored on every boot via systemd services. Tested on Debian 12, Ubuntu 24.04 LTS, Kali Linux, Parrot Security, and Linux Mint 22. The tech stack is Shell scripting, systemd, UFW, and iptables. The license is MIT.
A shell script suite that hardens Debian-based Linux systems against common attacks and runs a real-time watchdog that alerts on suspicious changes.
Mainly Shell. The stack also includes Shell, systemd, UFW.
MIT license: use, modify, and distribute freely, including commercially, as long as you keep the copyright notice.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.