From df39059da3c28140b6162082a300b6a189fad154 Mon Sep 17 00:00:00 2001
From: qo-op <support@qo-op.com>
Date: Wed, 3 Feb 2021 03:37:07 +0100
Subject: [PATCH] better security create /etc/sudoers.d/fail2ban-client

---
 ISOconfig.sh | 6 +-----
 install.sh   | 2 +-
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/ISOconfig.sh b/ISOconfig.sh
index 5186a6e..95a0ee7 100755
--- a/ISOconfig.sh
+++ b/ISOconfig.sh
@@ -256,11 +256,7 @@ ipfs bootstrap add /ip6/fe80::208:a2ff:fe0c:20d8/tcp/4001/p2p/12D3KooWBYme2BsNUr
 ipfs config Addresses.Gateway "/ip4/127.0.0.1/tcp/8181"
 
 # RESTRICT $USER NOPASSWD sudo to fail2ban-client ONLY
-#sudo cp /etc/sudoers /etc/sudoers.bak
-#sudo head -n -1 /etc/sudoers > /tmp/sudoers # REMOVE LINE install.sh ADDED before
-#sudo echo "$USER ALL=(ALL) NOPASSWD:/usr/bin/fail2ban-client" >> /tmp/sudoers
-#sudo chown root:root /tmp/sudoers
-#sudo mv /tmp/sudoers /etc/sudoers
+echo "$USER ALL=(ALL) NOPASSWD:/usr/bin/fail2ban-client" | (sudo su -c 'EDITOR="tee" visudo -f /etc/sudoers.d/fail2ban-client')
 
 ########################################################################
 # echo 'ONLY XBIAN REBOOT NOW...'
diff --git a/install.sh b/install.sh
index 29d73c7..c85e618 100755
--- a/install.sh
+++ b/install.sh
@@ -42,7 +42,7 @@ echo "Sécurisation DEFCON SUDOERS FAIL2BAN"
 
 ### MODIFIYING /etc/sudoers ###
 # DEFCON LEVEL < 5
-sudo echo "$USER ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
+# echo "$USER ALL=(ALL) NOPASSWD:ALL" | sudo EDITOR='tee -a' visudo
 # NODE activates fail2ban IN zen/ipfs_SWARM_refresh.sh
 
 if [[ "$USER" == "xbian" ]]