forked from axiom-team/astrXbian
$YOU => sudo NOPASSD:ALL DURING install.sh THEN $USER NOPASSD:/usr/bin/fail2ban-client ONLY
This commit is contained in:
parent
df187028eb
commit
1479145722
|
@ -15,6 +15,8 @@
|
||||||
# ~/.zen/ipfs.sync
|
# ~/.zen/ipfs.sync
|
||||||
########################################################################
|
########################################################################
|
||||||
# CHECK INTERNET CONNECTIVITY & git pull !!
|
# CHECK INTERNET CONNECTIVITY & git pull !!
|
||||||
|
[ $(id -u) -eq 0 ] && echo "RUN as root FORBIDDEN. Please run with user: $YOU" && exit 1
|
||||||
|
|
||||||
rm -f /tmp/A_booting_log.txt
|
rm -f /tmp/A_booting_log.txt
|
||||||
ping -q -w 1 -c 1 `ip r | grep default | cut -d ' ' -f 3` > /dev/null && echo ok || (echo "NO INTERNET CONNEXION" && exit 1)
|
ping -q -w 1 -c 1 `ip r | grep default | cut -d ' ' -f 3` > /dev/null && echo ok || (echo "NO INTERNET CONNEXION" && exit 1)
|
||||||
[[ -d ~/.zen/astrXbian ]] && cd ~/.zen/astrXbian && git pull || exit 1
|
[[ -d ~/.zen/astrXbian ]] && cd ~/.zen/astrXbian && git pull || exit 1
|
||||||
|
@ -247,6 +249,13 @@ ipfs bootstrap add /ip6/fe80::208:a2ff:fe0c:20d8/tcp/4001/p2p/12D3KooWBYme2BsNUr
|
||||||
# AVOID CONFLICT WITH KODI REMOTE
|
# AVOID CONFLICT WITH KODI REMOTE
|
||||||
ipfs config Addresses.Gateway "/ip4/127.0.0.1/tcp/8181"
|
ipfs config Addresses.Gateway "/ip4/127.0.0.1/tcp/8181"
|
||||||
|
|
||||||
|
# RESTRICT $USER NOPASSWD sudo to fail2ban-client ONLY
|
||||||
|
sudo cp /etc/sudoers /etc/sudoers.bak
|
||||||
|
sudo head -n -1 /etc/sudoers > /tmp/sudoers # REMOVE LINE install.sh ADDED before
|
||||||
|
sudo echo "$USER ALL=(ALL) NOPASSWD:/usr/bin/fail2ban-client" >> /tmp/sudoers
|
||||||
|
sudo chown root:root /tmp/sudoers
|
||||||
|
sudo mv /tmp/sudoers /etc/sudoers
|
||||||
|
|
||||||
########################################################################
|
########################################################################
|
||||||
echo 'REBOOT NOW...'
|
echo 'REBOOT NOW...'
|
||||||
########################################################################
|
########################################################################
|
||||||
|
|
26
install.sh
26
install.sh
|
@ -1,5 +1,6 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
{
|
{
|
||||||
|
[ $(id -u) -eq 0 ] && echo "RUN as root FORBIDDEN. Please run with regular user from sudo group." && exit 1
|
||||||
# Check requirements
|
# Check requirements
|
||||||
echo "AstrXbian installer, for https://xbian.org"
|
echo "AstrXbian installer, for https://xbian.org"
|
||||||
## ONLY FOR xbian
|
## ONLY FOR xbian
|
||||||
|
@ -23,20 +24,19 @@ echo "Install IPFS Swarm Layer"
|
||||||
echo "Setup jaklis CG+ communication tool"
|
echo "Setup jaklis CG+ communication tool"
|
||||||
cd ~/.zen/astrXbian/zen/jaklis
|
cd ~/.zen/astrXbian/zen/jaklis
|
||||||
./setup.sh
|
./setup.sh
|
||||||
|
|
||||||
|
## XBIAN fail2ban ERROR correction ##
|
||||||
|
[[ "$USER" == "xbian" ]] && sudo sed -i "s/auth.log/faillog/g" /etc/fail2ban/paths-common.conf || echo "NOT XBIAN $USER"
|
||||||
|
#[....] Starting authentication failure monitor: fail2ban No file(s) found for glob /var/log/auth.log
|
||||||
|
# Failed during configuration: Have not found any log file for sshd jail failed!
|
||||||
|
### FOR fail2ban-client + ISOConfig.sh use ADD TO /etc/sudoers ###
|
||||||
|
sudo echo "$USER ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
|
||||||
|
# Under DEFCON level 5, Node activates fail2ban (zen/ipfs_SWARM_refresh.sh)
|
||||||
|
|
||||||
########################################################################
|
########################################################################
|
||||||
echo "Setup AstrXbian"
|
echo "Setup AstrXbian"
|
||||||
~/.zen/astrXbian/ISOconfig.sh
|
~/.zen/astrXbian/ISOconfig.sh
|
||||||
|
|
||||||
|
|
||||||
## fail2ban ERROR correction ##
|
|
||||||
#[....] Starting authentication failure monitor: fail2ban No file(s) found for glob /var/log/auth.log
|
|
||||||
# Failed during configuration: Have not found any log file for sshd jail
|
|
||||||
# failed!
|
|
||||||
sudo sed -i "s/auth.log/faillog/g" /etc/fail2ban/paths-common.conf
|
|
||||||
# ADD SUID Bit to fail2ban-client
|
|
||||||
sudo chmod u+s /usr/bin/fail2ban-client
|
|
||||||
##
|
|
||||||
|
|
||||||
if [[ "$USER" == "xbian" ]]
|
if [[ "$USER" == "xbian" ]]
|
||||||
then
|
then
|
||||||
echo "enable ipfs initV service autostart"
|
echo "enable ipfs initV service autostart"
|
||||||
|
@ -53,7 +53,11 @@ fi
|
||||||
sudo service ipfs restart
|
sudo service ipfs restart
|
||||||
sudo service fail2ban restart
|
sudo service fail2ban restart
|
||||||
|
|
||||||
echo "Installation complete !!"
|
echo "Installation complete !!
|
||||||
|
|
||||||
|
BIENVENUE DANS ASTROPORT
|
||||||
|
Utiliser
|
||||||
|
"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue