better security create /etc/sudoers.d/fail2ban-client

2 years ago · df39059da3
2 changed files with 2 additions and 6 deletions
--- a/ISOconfig.sh
+++ b/ISOconfig.sh
@ -256,11 +256,7 @@ ipfs bootstrap add /ip6/fe80::208:a2ff:fe0c:20d8/tcp/4001/p2p/12D3KooWBYme2BsNUr
 ipfs config Addresses.Gateway "/ip4/127.0.0.1/tcp/8181"

 # RESTRICT $USER NOPASSWD sudo to fail2ban-client ONLY
-#sudo cp /etc/sudoers /etc/sudoers.bak
-#sudo head -n -1 /etc/sudoers > /tmp/sudoers # REMOVE LINE install.sh ADDED before
-#sudo echo "$USER ALL=(ALL) NOPASSWD:/usr/bin/fail2ban-client" >> /tmp/sudoers
-#sudo chown root:root /tmp/sudoers
-#sudo mv /tmp/sudoers /etc/sudoers
+echo "$USER ALL=(ALL) NOPASSWD:/usr/bin/fail2ban-client" | (sudo su -c 'EDITOR="tee" visudo -f /etc/sudoers.d/fail2ban-client')

 ########################################################################
 # echo 'ONLY XBIAN REBOOT NOW...'
--- a/install.sh
+++ b/install.sh
@ -42,7 +42,7 @@ echo "Sécurisation DEFCON SUDOERS FAIL2BAN"

 ### MODIFIYING /etc/sudoers ###
 # DEFCON LEVEL < 5
-sudo echo "$USER ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
+# echo "$USER ALL=(ALL) NOPASSWD:ALL" | sudo EDITOR='tee -a' visudo
 # NODE activates fail2ban IN zen/ipfs_SWARM_refresh.sh

 if [[ "$USER" == "xbian" ]]