$YOU => sudo NOPASSD:ALL DURING install.sh THEN $USER NOPASSD:/usr/bin/fail2ban-client ONLY
This commit is contained in:
parent
df187028eb
commit
1479145722
|
@ -15,6 +15,8 @@
|
|||
# ~/.zen/ipfs.sync
|
||||
########################################################################
|
||||
# CHECK INTERNET CONNECTIVITY & git pull !!
|
||||
[ $(id -u) -eq 0 ] && echo "RUN as root FORBIDDEN. Please run with user: $YOU" && exit 1
|
||||
|
||||
rm -f /tmp/A_booting_log.txt
|
||||
ping -q -w 1 -c 1 `ip r | grep default | cut -d ' ' -f 3` > /dev/null && echo ok || (echo "NO INTERNET CONNEXION" && exit 1)
|
||||
[[ -d ~/.zen/astrXbian ]] && cd ~/.zen/astrXbian && git pull || exit 1
|
||||
|
@ -247,6 +249,13 @@ ipfs bootstrap add /ip6/fe80::208:a2ff:fe0c:20d8/tcp/4001/p2p/12D3KooWBYme2BsNUr
|
|||
# AVOID CONFLICT WITH KODI REMOTE
|
||||
ipfs config Addresses.Gateway "/ip4/127.0.0.1/tcp/8181"
|
||||
|
||||
# RESTRICT $USER NOPASSWD sudo to fail2ban-client ONLY
|
||||
sudo cp /etc/sudoers /etc/sudoers.bak
|
||||
sudo head -n -1 /etc/sudoers > /tmp/sudoers # REMOVE LINE install.sh ADDED before
|
||||
sudo echo "$USER ALL=(ALL) NOPASSWD:/usr/bin/fail2ban-client" >> /tmp/sudoers
|
||||
sudo chown root:root /tmp/sudoers
|
||||
sudo mv /tmp/sudoers /etc/sudoers
|
||||
|
||||
########################################################################
|
||||
echo 'REBOOT NOW...'
|
||||
########################################################################
|
||||
|
|
26
install.sh
26
install.sh
|
@ -1,5 +1,6 @@
|
|||
#!/bin/bash
|
||||
{
|
||||
[ $(id -u) -eq 0 ] && echo "RUN as root FORBIDDEN. Please run with regular user from sudo group." && exit 1
|
||||
# Check requirements
|
||||
echo "AstrXbian installer, for https://xbian.org"
|
||||
## ONLY FOR xbian
|
||||
|
@ -23,20 +24,19 @@ echo "Install IPFS Swarm Layer"
|
|||
echo "Setup jaklis CG+ communication tool"
|
||||
cd ~/.zen/astrXbian/zen/jaklis
|
||||
./setup.sh
|
||||
|
||||
## XBIAN fail2ban ERROR correction ##
|
||||
[[ "$USER" == "xbian" ]] && sudo sed -i "s/auth.log/faillog/g" /etc/fail2ban/paths-common.conf || echo "NOT XBIAN $USER"
|
||||
#[....] Starting authentication failure monitor: fail2ban No file(s) found for glob /var/log/auth.log
|
||||
# Failed during configuration: Have not found any log file for sshd jail failed!
|
||||
### FOR fail2ban-client + ISOConfig.sh use ADD TO /etc/sudoers ###
|
||||
sudo echo "$USER ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
|
||||
# Under DEFCON level 5, Node activates fail2ban (zen/ipfs_SWARM_refresh.sh)
|
||||
|
||||
########################################################################
|
||||
echo "Setup AstrXbian"
|
||||
~/.zen/astrXbian/ISOconfig.sh
|
||||
|
||||
|
||||
## fail2ban ERROR correction ##
|
||||
#[....] Starting authentication failure monitor: fail2ban No file(s) found for glob /var/log/auth.log
|
||||
# Failed during configuration: Have not found any log file for sshd jail
|
||||
# failed!
|
||||
sudo sed -i "s/auth.log/faillog/g" /etc/fail2ban/paths-common.conf
|
||||
# ADD SUID Bit to fail2ban-client
|
||||
sudo chmod u+s /usr/bin/fail2ban-client
|
||||
##
|
||||
|
||||
if [[ "$USER" == "xbian" ]]
|
||||
then
|
||||
echo "enable ipfs initV service autostart"
|
||||
|
@ -53,7 +53,11 @@ fi
|
|||
sudo service ipfs restart
|
||||
sudo service fail2ban restart
|
||||
|
||||
echo "Installation complete !!"
|
||||
echo "Installation complete !!
|
||||
|
||||
BIENVENUE DANS ASTROPORT
|
||||
Utiliser
|
||||
"
|
||||
}
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue