$YOU => sudo NOPASSD:ALL DURING install.sh THEN $USER NOPASSD:/usr/bin/fail2ban-client ONLY

This commit is contained in:
qo-op 2021-01-31 20:59:37 +01:00
parent df187028eb
commit 1479145722
2 changed files with 24 additions and 11 deletions

View File

@ -15,6 +15,8 @@
# ~/.zen/ipfs.sync
########################################################################
# CHECK INTERNET CONNECTIVITY & git pull !!
[ $(id -u) -eq 0 ] && echo "RUN as root FORBIDDEN. Please run with user: $YOU" && exit 1
rm -f /tmp/A_booting_log.txt
ping -q -w 1 -c 1 `ip r | grep default | cut -d ' ' -f 3` > /dev/null && echo ok || (echo "NO INTERNET CONNEXION" && exit 1)
[[ -d ~/.zen/astrXbian ]] && cd ~/.zen/astrXbian && git pull || exit 1
@ -247,6 +249,13 @@ ipfs bootstrap add /ip6/fe80::208:a2ff:fe0c:20d8/tcp/4001/p2p/12D3KooWBYme2BsNUr
# AVOID CONFLICT WITH KODI REMOTE
ipfs config Addresses.Gateway "/ip4/127.0.0.1/tcp/8181"
# RESTRICT $USER NOPASSWD sudo to fail2ban-client ONLY
sudo cp /etc/sudoers /etc/sudoers.bak
sudo head -n -1 /etc/sudoers > /tmp/sudoers # REMOVE LINE install.sh ADDED before
sudo echo "$USER ALL=(ALL) NOPASSWD:/usr/bin/fail2ban-client" >> /tmp/sudoers
sudo chown root:root /tmp/sudoers
sudo mv /tmp/sudoers /etc/sudoers
########################################################################
echo 'REBOOT NOW...'
########################################################################

View File

@ -1,5 +1,6 @@
#!/bin/bash
{
[ $(id -u) -eq 0 ] && echo "RUN as root FORBIDDEN. Please run with regular user from sudo group." && exit 1
# Check requirements
echo "AstrXbian installer, for https://xbian.org"
## ONLY FOR xbian
@ -23,20 +24,19 @@ echo "Install IPFS Swarm Layer"
echo "Setup jaklis CG+ communication tool"
cd ~/.zen/astrXbian/zen/jaklis
./setup.sh
## XBIAN fail2ban ERROR correction ##
[[ "$USER" == "xbian" ]] && sudo sed -i "s/auth.log/faillog/g" /etc/fail2ban/paths-common.conf || echo "NOT XBIAN $USER"
#[....] Starting authentication failure monitor: fail2ban No file(s) found for glob /var/log/auth.log
# Failed during configuration: Have not found any log file for sshd jail failed!
### FOR fail2ban-client + ISOConfig.sh use ADD TO /etc/sudoers ###
sudo echo "$USER ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
# Under DEFCON level 5, Node activates fail2ban (zen/ipfs_SWARM_refresh.sh)
########################################################################
echo "Setup AstrXbian"
~/.zen/astrXbian/ISOconfig.sh
## fail2ban ERROR correction ##
#[....] Starting authentication failure monitor: fail2ban No file(s) found for glob /var/log/auth.log
# Failed during configuration: Have not found any log file for sshd jail
# failed!
sudo sed -i "s/auth.log/faillog/g" /etc/fail2ban/paths-common.conf
# ADD SUID Bit to fail2ban-client
sudo chmod u+s /usr/bin/fail2ban-client
##
if [[ "$USER" == "xbian" ]]
then
echo "enable ipfs initV service autostart"
@ -53,7 +53,11 @@ fi
sudo service ipfs restart
sudo service fail2ban restart
echo "Installation complete !!"
echo "Installation complete !!
BIENVENUE DANS ASTROPORT
Utiliser
"
}