Browse Source

better security create /etc/sudoers.d/fail2ban-client

master
qo-op 2 years ago
parent
commit
df39059da3
  1. 6
      ISOconfig.sh
  2. 2
      install.sh

6
ISOconfig.sh

@ -256,11 +256,7 @@ ipfs bootstrap add /ip6/fe80::208:a2ff:fe0c:20d8/tcp/4001/p2p/12D3KooWBYme2BsNUr
ipfs config Addresses.Gateway "/ip4/127.0.0.1/tcp/8181"
# RESTRICT $USER NOPASSWD sudo to fail2ban-client ONLY
#sudo cp /etc/sudoers /etc/sudoers.bak
#sudo head -n -1 /etc/sudoers > /tmp/sudoers # REMOVE LINE install.sh ADDED before
#sudo echo "$USER ALL=(ALL) NOPASSWD:/usr/bin/fail2ban-client" >> /tmp/sudoers
#sudo chown root:root /tmp/sudoers
#sudo mv /tmp/sudoers /etc/sudoers
echo "$USER ALL=(ALL) NOPASSWD:/usr/bin/fail2ban-client" | (sudo su -c 'EDITOR="tee" visudo -f /etc/sudoers.d/fail2ban-client')
########################################################################
# echo 'ONLY XBIAN REBOOT NOW...'

2
install.sh

@ -42,7 +42,7 @@ echo "Sécurisation DEFCON SUDOERS FAIL2BAN"
### MODIFIYING /etc/sudoers ###
# DEFCON LEVEL < 5
sudo echo "$USER ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
# echo "$USER ALL=(ALL) NOPASSWD:ALL" | sudo EDITOR='tee -a' visudo
# NODE activates fail2ban IN zen/ipfs_SWARM_refresh.sh
if [[ "$USER" == "xbian" ]]

Loading…
Cancel
Save