|
|
|
@ -37,7 +37,7 @@ if [ $(whoami) != "$MISTBORN_USER" ]; then |
|
|
|
|
|
|
|
|
|
|
|
sudo cp $FULLPATH /home/$MISTBORN_USER |
|
|
|
sudo cp $FULLPATH /home/$MISTBORN_USER |
|
|
|
sudo chown $MISTBORN_USER:$MISTBORN_USER /home/$MISTBORN_USER/$FILENAME |
|
|
|
sudo chown $MISTBORN_USER:$MISTBORN_USER /home/$MISTBORN_USER/$FILENAME |
|
|
|
sudo SSH_CLIENT="$SSH_CLIENT" MISTBORN_DEFAULT_PASSWORD="$MISTBORN_DEFAULT_PASSWORD" GIT_BRANCH="$GIT_BRANCH" MISTBORN_TEST_SKIP_IPTABLES="$MISTBORN_TEST_SKIP_IPTABLES" -i -u $MISTBORN_USER bash -c "/home/$MISTBORN_USER/$FILENAME" # self-referential call |
|
|
|
sudo SSH_CLIENT="$SSH_CLIENT" MISTBORN_DEFAULT_PASSWORD="$MISTBORN_DEFAULT_PASSWORD" GIT_BRANCH="$GIT_BRANCH" -i -u $MISTBORN_USER bash -c "/home/$MISTBORN_USER/$FILENAME" # self-referential call |
|
|
|
exit 0 |
|
|
|
exit 0 |
|
|
|
fi |
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
@ -94,12 +94,7 @@ source ./scripts/subinstallers/platform.sh |
|
|
|
echo "Setting up firewall (iptables)" |
|
|
|
echo "Setting up firewall (iptables)" |
|
|
|
if [ ! -f "/etc/iptables/rules.v4" ]; then |
|
|
|
if [ ! -f "/etc/iptables/rules.v4" ]; then |
|
|
|
echo "Setting iptables rules..." |
|
|
|
echo "Setting iptables rules..." |
|
|
|
|
|
|
|
./scripts/subinstallers/iptables.sh |
|
|
|
if [ -z "${MISTBORN_TEST_SKIP_IPTABLES}" ]; then |
|
|
|
|
|
|
|
./scripts/subinstallers/iptables.sh |
|
|
|
|
|
|
|
else |
|
|
|
|
|
|
|
echo "Test conditions: not running iptables.sh" |
|
|
|
|
|
|
|
fi |
|
|
|
|
|
|
|
else |
|
|
|
else |
|
|
|
echo "iptables rules exist. Leaving alone." |
|
|
|
echo "iptables rules exist. Leaving alone." |
|
|
|
fi |
|
|
|
fi |
|
|
|
@ -111,7 +106,7 @@ sudo sed -i 's/#PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/ss |
|
|
|
sudo sed -i 's/PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config |
|
|
|
sudo sed -i 's/PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config |
|
|
|
sudo sed -i 's/#PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config |
|
|
|
sudo sed -i 's/#PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config |
|
|
|
sudo sed -i 's/PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config |
|
|
|
sudo sed -i 's/PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config |
|
|
|
sudo systemctl restart ssh || true |
|
|
|
sudo systemctl restart ssh |
|
|
|
|
|
|
|
|
|
|
|
# Additional tools fail2ban |
|
|
|
# Additional tools fail2ban |
|
|
|
sudo apt-get install -y dnsutils fail2ban |
|
|
|
sudo apt-get install -y dnsutils fail2ban |
|
|
|
@ -159,9 +154,9 @@ fi |
|
|
|
sudo cp ./scripts/conf/20auto-upgrades /etc/apt/apt.conf.d/ |
|
|
|
sudo cp ./scripts/conf/20auto-upgrades /etc/apt/apt.conf.d/ |
|
|
|
sudo cp ./scripts/conf/50unattended-upgrades /etc/apt/apt.conf.d/ |
|
|
|
sudo cp ./scripts/conf/50unattended-upgrades /etc/apt/apt.conf.d/ |
|
|
|
|
|
|
|
|
|
|
|
sudo systemctl stop unattended-upgrades || true |
|
|
|
sudo systemctl stop unattended-upgrades |
|
|
|
sudo systemctl daemon-reload || true |
|
|
|
sudo systemctl daemon-reload |
|
|
|
sudo systemctl restart unattended-upgrades || true |
|
|
|
sudo systemctl restart unattended-upgrades |
|
|
|
|
|
|
|
|
|
|
|
# setup Mistborn services |
|
|
|
# setup Mistborn services |
|
|
|
|
|
|
|
|
|
|
|
|
Steven Foerster
6 years ago