-
-
Save marsmensch/22bf047a103d5db223ae8886b62ede2a to your computer and use it in GitHub Desktop.
Hardens DNET Masternodes Hosted at http://my.mp-hosting.co.uk/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
##################################################### | |
# Change settings here!!! | |
##################################################### | |
username="changeme" | |
sshport="54814" # <-- change to random high port! | |
keepdnetdata="no" # <-- "yes" or "no" | |
##################################################### | |
## Nothing to edit below this line. ## | |
# get the password from the command line | |
echo "Enter a password for $username (it will not be masked):" | |
printf "Password: " | |
read clearpass | |
# set locale | |
locale-gen en_US en_US.UTF-8 hu_HU hu_HU.UTF-8 | |
dpkg-reconfigure locales | |
update-locale | |
# calculate password for useradd and add the user | |
pwsalt=`perl -e 'printf "%08X", rand(0xffffffff)'` | |
password=`perl -e 'printf "%s", crypt($ARGV[0], "\\$6\\$$ARGV[1]\\$")' $clearpass $pwsalt` | |
useradd -m -p $password -s /bin/bash $username | |
# determine home folder | |
homefolder=`eval echo "~$username"` | |
# stop the masternode in case it is running | |
/root/darknet-cli stop | |
# move the dnet data dir to new user (if it exists) | |
if [ -d /root/.darknet ]; then | |
if [ $keepdnetdata == "yes" ]; then | |
mv /root/.darknet $homefolder | |
fi | |
fi | |
# move the dnet executables to the user's home dir | |
mv /root/darknet* $homefolder | |
# remove apache -- it's not needed | |
service apache2 stop | |
apt-get -y remove apache2* | |
# add our user to sudoers | |
sed -i.bak s/sudo:x:27:$/sudo:x:27:$username/ /etc/group | |
# disallow root login via ssh and change port | |
sed -i.bak "s/PermitRootLogin yes/PermitRootLogin no/" /etc/ssh/sshd_config | |
sed -i'' "s/Port 22/Port $sshport/" /etc/ssh/sshd_config | |
service ssh restart | |
# don't keep a history file because they are security problem | |
echo "HISTFILE=/dev/null" >> $homefolder/.profile | |
echo "HISTFILE=/dev/null" >> /root/.profile | |
# change all ownership | |
chown -R $username:$username $homefolder | |
# indicate success | |
echo Sucessful Termination. Don\'t forget to test login remotely with: | |
echo | |
echo ssh -p $sshport $username@`ip route get 8.8.8.8 | awk '{print $NF; exit}'` |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment