Update nist-800-53-harden-v2.sh

nist-800-53-harden-v2.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 ###############################################################################
-#  NIST 800-53 Hardening Script v2 – Ubuntu 24.04 LTS (Proxmox VM Template)
+#  NIST 800-53 Hardening Script v2 - Ubuntu 24.04 LTS (Proxmox VM Template)
 #
 #  CHANGES FROM v1:
 #    - iptables instead of UFW (Docker-compatible, CIS-clean)
@@ -40,7 +40,7 @@ fi
 ADMIN_USER="${ADMIN_USER:-chris}"
 
 ###############################################################################
-# 0. PRE-FLIGHT – Update & install required packages
+# 0. PRE-FLIGHT - Update & install required packages
 #    CM-2  Baseline Configuration / SI-2  Flaw Remediation
 ###############################################################################
 banner "CM-2 / SI-2: System update and baseline packages"
@@ -132,7 +132,7 @@ for rcfile in /root/.bash_profile /root/.bashrc; do
 done
 
 # ---------------------------------------------------------------------------
-# AC-7  Unsuccessful Logon Attempts – pam_faillock
+# AC-7  Unsuccessful Logon Attempts - pam_faillock
 # ---------------------------------------------------------------------------
 banner "AC-7: Account lockout (pam_faillock)"
 
@@ -158,7 +158,7 @@ sed -i '/^auth.*pam_unix.so/a auth    [default=die]                   pam_faillo
 echo "account required                        pam_faillock.so" >> /etc/pam.d/common-account
 
 # ---------------------------------------------------------------------------
-# AC-8  System Use Notification – login banners
+# AC-8  System Use Notification - login banners
 # ---------------------------------------------------------------------------
 banner "AC-8: Login banners"
 
@@ -180,7 +180,7 @@ EOF
 banner "AC-11 / AC-12: Session timeout"
 
 cat > /etc/profile.d/nist-timeout.sh <<'EOF'
-# AC-11/12: Idle session timeout – 15 minutes
+# AC-11/12: Idle session timeout - 15 minutes
 if [ -z "${TMOUT:-}" ]; then
     readonly TMOUT=900
     export TMOUT
@@ -194,7 +194,7 @@ chmod 644 /etc/profile.d/nist-timeout.sh
 banner "AU-2 / AU-3 / AU-12: Audit configuration"
 
 # ---------------------------------------------------------------------------
-# AU-2/3/12  Audit Events – comprehensive rules for CIS/Wazuh
+# AU-2/3/12  Audit Events - comprehensive rules for CIS/Wazuh
 # ---------------------------------------------------------------------------
 cat > /etc/audit/rules.d/nist-800-53.rules <<'AUDITRULES'
 ## ---- Remove any existing rules ----
@@ -424,7 +424,7 @@ chown root:root /etc/security/opasswd /etc/security/opasswd.old
 ###############################################################################
 
 # ---------------------------------------------------------------------------
-# SC-5 / SC-7  Firewall – iptables with persistent rules
+# SC-5 / SC-7  Firewall - iptables with persistent rules
 # ---------------------------------------------------------------------------
 banner "SC-5 / SC-7: iptables firewall"
 
@@ -488,7 +488,7 @@ ip6tables -A INPUT -p icmpv6 -j DROP
 ip6tables -A OUTPUT -p icmpv6 -j ACCEPT
 
 # ---- INBOUND SERVICES ----
-# SSH – rate limited: max 4 new connections per 60 seconds per source IP
+# SSH - rate limited: max 4 new connections per 60 seconds per source IP
 iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW \
   -m recent --set --name SSH --rsource
 iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW \
@@ -1065,7 +1065,7 @@ cat <<SUMMARY
 ║    AC-17  SSH hardened (key-only, AllowUsers)                     ║
 ║                                                                   ║
 ║  AUDIT                                                            ║
-║    AU-2/3  Comprehensive rules (CIS 4.1.3.1–4.1.3.18)            ║
+║    AU-2/3  Comprehensive rules (CIS 4.1.3.1-4.1.3.18)            ║
 ║    AU-4    Log retention: keep_logs, space alerts                  ║
 ║    AU-8    Chrony NTP, systemd-timesyncd disabled                 ║
 ║                                                                   ║