From 1479145722da2d0193bc1e14f18e2ea784e9ffc3 Mon Sep 17 00:00:00 2001 From: qo-op Date: Sun, 31 Jan 2021 20:59:37 +0100 Subject: [PATCH] $YOU => sudo NOPASSD:ALL DURING install.sh THEN $USER NOPASSD:/usr/bin/fail2ban-client ONLY --- ISOconfig.sh | 9 +++++++++ install.sh | 26 +++++++++++++++----------- 2 files changed, 24 insertions(+), 11 deletions(-) diff --git a/ISOconfig.sh b/ISOconfig.sh index 856e98340..52e20e002 100755 --- a/ISOconfig.sh +++ b/ISOconfig.sh @@ -15,6 +15,8 @@ # ~/.zen/ipfs.sync ######################################################################## # CHECK INTERNET CONNECTIVITY & git pull !! +[ $(id -u) -eq 0 ] && echo "RUN as root FORBIDDEN. Please run with user: $YOU" && exit 1 + rm -f /tmp/A_booting_log.txt ping -q -w 1 -c 1 `ip r | grep default | cut -d ' ' -f 3` > /dev/null && echo ok || (echo "NO INTERNET CONNEXION" && exit 1) [[ -d ~/.zen/astrXbian ]] && cd ~/.zen/astrXbian && git pull || exit 1 @@ -247,6 +249,13 @@ ipfs bootstrap add /ip6/fe80::208:a2ff:fe0c:20d8/tcp/4001/p2p/12D3KooWBYme2BsNUr # AVOID CONFLICT WITH KODI REMOTE ipfs config Addresses.Gateway "/ip4/127.0.0.1/tcp/8181" +# RESTRICT $USER NOPASSWD sudo to fail2ban-client ONLY +sudo cp /etc/sudoers /etc/sudoers.bak +sudo head -n -1 /etc/sudoers > /tmp/sudoers # REMOVE LINE install.sh ADDED before +sudo echo "$USER ALL=(ALL) NOPASSWD:/usr/bin/fail2ban-client" >> /tmp/sudoers +sudo chown root:root /tmp/sudoers +sudo mv /tmp/sudoers /etc/sudoers + ######################################################################## echo 'REBOOT NOW...' ######################################################################## diff --git a/install.sh b/install.sh index c55c72bce..929769a77 100755 --- a/install.sh +++ b/install.sh @@ -1,5 +1,6 @@ #!/bin/bash { +[ $(id -u) -eq 0 ] && echo "RUN as root FORBIDDEN. Please run with regular user from sudo group." && exit 1 # Check requirements echo "AstrXbian installer, for https://xbian.org" ## ONLY FOR xbian @@ -23,20 +24,19 @@ echo "Install IPFS Swarm Layer" echo "Setup jaklis CG+ communication tool" cd ~/.zen/astrXbian/zen/jaklis ./setup.sh + +## XBIAN fail2ban ERROR correction ## +[[ "$USER" == "xbian" ]] && sudo sed -i "s/auth.log/faillog/g" /etc/fail2ban/paths-common.conf || echo "NOT XBIAN $USER" +#[....] Starting authentication failure monitor: fail2ban No file(s) found for glob /var/log/auth.log +# Failed during configuration: Have not found any log file for sshd jail failed! +### FOR fail2ban-client + ISOConfig.sh use ADD TO /etc/sudoers ### +sudo echo "$USER ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers +# Under DEFCON level 5, Node activates fail2ban (zen/ipfs_SWARM_refresh.sh) + ######################################################################## echo "Setup AstrXbian" ~/.zen/astrXbian/ISOconfig.sh - -## fail2ban ERROR correction ## -#[....] Starting authentication failure monitor: fail2ban No file(s) found for glob /var/log/auth.log -# Failed during configuration: Have not found any log file for sshd jail -# failed! -sudo sed -i "s/auth.log/faillog/g" /etc/fail2ban/paths-common.conf -# ADD SUID Bit to fail2ban-client -sudo chmod u+s /usr/bin/fail2ban-client -## - if [[ "$USER" == "xbian" ]] then echo "enable ipfs initV service autostart" @@ -53,7 +53,11 @@ fi sudo service ipfs restart sudo service fail2ban restart -echo "Installation complete !!" +echo "Installation complete !! + +BIENVENUE DANS ASTROPORT +Utiliser +" }