git404hub

what is sentry-hardening fr?

pasanrs/sentry-hardening — explained in plain English

Analysis updated 2026-05-18

0ShellAudience · ops devopsComplexity · 3/5LicenseSetup · easy

tl;dr

A shell script suite that hardens Debian-based Linux systems against common attacks and runs a real-time watchdog that alerts on suspicious changes.

vibe map

mindmap
  root((Sentry))
    Hardening
      Bluetooth Blacklist
      Discovery Protocols Off
      USB Auto-mount Off
      Firewall Rules
    Watchdog
      Process Monitoring
      Port Monitoring
      Binary Integrity
    Notifications
      Terminal Alerts
      Desktop Popups
      Log File
    Persistence
      Systemd Services
      Cron Re-check

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Lock down a fresh Debian or Ubuntu install against Bluetooth, USB, and network discovery attack vectors in one command.

VIBE 2

Run a background watchdog that alerts you the moment a hardened service is tampered with or a new port opens.

VIBE 3

Re-apply hardening automatically after system updates using a single status-check command.

VIBE 4

Get desktop or terminal alerts when a new unknown USB device is plugged into a protected machine.

what's the stack?

ShellsystemdUFWiptables

how it stacks up fr

pasanrs/sentry-hardening123satyajeet123/bitnet-serveralexbloch-ia/legal-data
Stars000
LanguageShellShellShell
Setup difficultyeasyeasymoderate
Complexity3/52/52/5
Audienceops devopsdevelopergeneral

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · easy time til it works · 5min

Requires sudo and a Debian-based, systemd-managed Linux distribution.

MIT license: use, modify, and distribute freely, including commercially, as long as you keep the copyright notice.

in plain english

Sentry is a security hardening and real-time monitoring suite for Debian-based Linux systems, packaged as a shell script. It does two jobs: locking down your system's attack surface, and then continuously watching for changes or suspicious activity. The hardening phase disables services and protocols that attackers commonly probe. Bluetooth is fully blacklisted at the kernel level. Network discovery services such as mDNS, Avahi, Samba broadcasting, and printer discovery are shut down. USB auto-mount is disabled to protect against BadUSB attacks, which are malicious USB devices that pretend to be keyboards. WiFi is configured for MAC address randomization and power-save stealth mode. A firewall using UFW and iptables blocks discovery protocols, and kernel security parameters are applied including SYN cookies and source routing disabled. The watchdog runs as a persistent background service and alerts you if anything changes: processes running from temporary directories, hardened services trying to restart, new ports appearing on the network, blacklisted kernel modules being loaded, firewall rules being altered, critical system binaries being modified, new outbound network connections, or new USB devices being inserted. Alerts appear as colored terminal output, broadcast messages to all logged-in users, desktop popups if a graphical interface is available, and entries in a dedicated log file. Hardening rules are reapplied every 15 minutes via a cron job and restored on every boot via systemd services. Tested on Debian 12, Ubuntu 24.04 LTS, Kali Linux, Parrot Security, and Linux Mint 22. The tech stack is Shell scripting, systemd, UFW, and iptables. The license is MIT.

prompts (copy fr)

prompt 1
Walk me through installing Sentry and running 'sudo ./sentry.sh install' to harden a fresh Debian 12 server.
prompt 2
Explain what BadUSB protection means and how disabling USB auto-mount defends against it.
prompt 3
Show me how Sentry's watchdog detects firewall tampering and automatically reapplies iptables rules.
prompt 4
Help me write a systemd timer similar to Sentry's 15-minute cron re-check for re-applying security rules.

Frequently asked questions

what is sentry-hardening fr?

A shell script suite that hardens Debian-based Linux systems against common attacks and runs a real-time watchdog that alerts on suspicious changes.

What language is sentry-hardening written in?

Mainly Shell. The stack also includes Shell, systemd, UFW.

What license does sentry-hardening use?

MIT license: use, modify, and distribute freely, including commercially, as long as you keep the copyright notice.

How hard is sentry-hardening to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is sentry-hardening for?

Mainly ops devops.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.