marsmensch/dnet-hardener.sh

## dnet-hardener.sh
#####################################################
# Change settings here!!!
#####################################################
username="changeme"
sshport="54814"   # <-- change to random high port!
keepdnetdata="no" # <-- "yes" or "no"
#####################################################

## Nothing to edit below this line. ##

# get the password from the command line
echo "Enter a password for $username (it will not be masked):"
printf "Password: "
read clearpass

# set locale
locale-gen en_US en_US.UTF-8 hu_HU hu_HU.UTF-8
dpkg-reconfigure locales
update-locale

# calculate password for useradd and add the user
pwsalt=`perl -e 'printf "%08X", rand(0xffffffff)'`
password=`perl -e 'printf "%s", crypt($ARGV[0], "\\$6\\$$ARGV[1]\\$")' $clearpass $pwsalt`
useradd -m -p $password -s /bin/bash $username

# determine home folder
homefolder=`eval echo "~$username"`

# stop the masternode in case it is running
/root/darknet-cli stop

# move the dnet data dir to new user (if it exists)
if [ -d /root/.darknet ]; then
  if [ $keepdnetdata == "yes" ]; then
     mv /root/.darknet $homefolder
  fi
fi

# move the dnet executables to the user's home dir
mv /root/darknet* $homefolder

# remove apache -- it's not needed
service apache2 stop
apt-get -y remove apache2*

# add our user to sudoers
sed -i.bak s/sudo:x:27:$/sudo:x:27:$username/ /etc/group

# disallow root login via ssh and change port
sed -i.bak "s/PermitRootLogin yes/PermitRootLogin no/" /etc/ssh/sshd_config
sed -i'' "s/Port 22/Port $sshport/" /etc/ssh/sshd_config
service ssh restart

# don't keep a history file because they are security problem
echo "HISTFILE=/dev/null" >> $homefolder/.profile
echo "HISTFILE=/dev/null" >> /root/.profile

# change all ownership
chown -R $username:$username $homefolder

# indicate success
echo Sucessful Termination. Don\'t forget to test login remotely with:
echo
echo ssh -p $sshport $username@`ip route get 8.8.8.8 | awk '{print $NF; exit}'`
	#####################################################
	# Change settings here!!!
	#####################################################
	username="changeme"
	sshport="54814" # <-- change to random high port!
	keepdnetdata="no" # <-- "yes" or "no"
	#####################################################

	## Nothing to edit below this line. ##

	# get the password from the command line
	echo "Enter a password for $username (it will not be masked):"
	printf "Password: "
	read clearpass

	# set locale
	locale-gen en_US en_US.UTF-8 hu_HU hu_HU.UTF-8
	dpkg-reconfigure locales
	update-locale

	# calculate password for useradd and add the user
	pwsalt=`perl -e 'printf "%08X", rand(0xffffffff)'`
	password=`perl -e 'printf "%s", crypt($ARGV[0], "\\$6\\$$ARGV[1]\\$")' $clearpass $pwsalt`
	useradd -m -p $password -s /bin/bash $username

	# determine home folder
	homefolder=`eval echo "~$username"`

	# stop the masternode in case it is running
	/root/darknet-cli stop

	# move the dnet data dir to new user (if it exists)
	if [ -d /root/.darknet ]; then
	if [ $keepdnetdata == "yes" ]; then
	mv /root/.darknet $homefolder
	fi
	fi

	# move the dnet executables to the user's home dir
	mv /root/darknet* $homefolder

	# remove apache -- it's not needed
	service apache2 stop
	apt-get -y remove apache2*

	# add our user to sudoers
	sed -i.bak s/sudo:x:27:$/sudo:x:27:$username/ /etc/group

	# disallow root login via ssh and change port
	sed -i.bak "s/PermitRootLogin yes/PermitRootLogin no/" /etc/ssh/sshd_config
	sed -i'' "s/Port 22/Port $sshport/" /etc/ssh/sshd_config
	service ssh restart

	# don't keep a history file because they are security problem
	echo "HISTFILE=/dev/null" >> $homefolder/.profile
	echo "HISTFILE=/dev/null" >> /root/.profile

	# change all ownership
	chown -R $username:$username $homefolder

	# indicate success
	echo Sucessful Termination. Don\'t forget to test login remotely with:
	echo
	echo ssh -p $sshport $username@`ip route get 8.8.8.8 \| awk '{print $NF; exit}'`