crappyrules
/
mistborn
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Resolve "SSH"

merge-requests/27/head
Steven Foerster 6 years ago
parent
9a89e84503
commit
697d2a002f
3 changed files with 11 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      README.md
  2. 2
      scripts/install.sh
  3. 11
      scripts/subinstallers/cockpit.sh

3
README.md
Unescape View File

@ -397,6 +397,7 @@ These are some notes regarding the technical design and implementations of Mistb
- The "Update" button will pull updated Docker images for mistborn, postgresql, redis, pihole, and dnscrypt. Those services will then be restarted. - The "Update" button will pull updated Docker images for mistborn, postgresql, redis, pihole, and dnscrypt. Those services will then be restarted.
- The generated TLS certificate has an RSA modulus of 4096 bits, is signed with SHA-256, and is good for 10 years. The nanny at Apple has decided to restrict the kinds of certificates iOS users may choose to manually trust and so you may have issues with TLS on an Apple device for now. - The generated TLS certificate has an RSA modulus of 4096 bits, is signed with SHA-256, and is good for 10 years. The nanny at Apple has decided to restrict the kinds of certificates iOS users may choose to manually trust and so you may have issues with TLS on an Apple device for now.
- Outbound UDP on port 53 is blocked. All DNS requests should be handled by the dnscrypt_proxy service and if any client, service, etc. tries to circumvent that it is blocked. - Outbound UDP on port 53 is blocked. All DNS requests should be handled by the dnscrypt_proxy service and if any client, service, etc. tries to circumvent that it is blocked.
- Unattended upgrades are set to automatically install operating system security updates.
# Roadmap # Roadmap
Many features and refinements are in the works at various stages including: Many features and refinements are in the works at various stages including:
@ -414,7 +415,7 @@ Many features and refinements are in the works at various stages including:
Contact me at [steven@cyber5k.com](mailto:steven@cyber5k.com) Contact me at [steven@cyber5k.com](mailto:steven@cyber5k.com)
# Support # Support Mistborn
Please consider supporting the project via: Please consider supporting the project via:
- [Paypal.me](https://paypal.me/cyber5k) - [Paypal.me](https://paypal.me/cyber5k)

2
scripts/install.sh
Unescape View File

@ -119,6 +119,8 @@ sudo sed -i 's/#PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/s
sudo sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config sudo sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
sudo sed -i 's/#PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config sudo sed -i 's/#PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
sudo sed -i 's/PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config sudo sed -i 's/PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
sudo sed -i 's/#Port.*/Port 22/' /etc/ssh/sshd_config
sudo sed -i 's/Port.*/Port 22/' /etc/ssh/sshd_config
sudo systemctl enable ssh sudo systemctl enable ssh
sudo systemctl restart ssh sudo systemctl restart ssh

11
scripts/subinstallers/cockpit.sh
Unescape View File

@ -5,22 +5,25 @@ figlet "Mistborn: Installing Cockpit"
if [ "$DISTRO" == "ubuntu" ]; then if [ "$DISTRO" == "ubuntu" ]; then
echo "Ubuntu backports enabled by default" echo "Ubuntu backports enabled by default"
sudo apt-get install -y cockpit cockpit-docker
elif [ "$DISTRO" == "debian" ]; then elif [ "$DISTRO" == "debian" ]; then
sudo grep -qF "buster-backports" /etc/apt/sources.list.d/backports.list \ sudo grep -qF "buster-backports" /etc/apt/sources.list.d/backports.list \
&& echo "buster-backports already in sources" \ && echo "buster-backports already in sources" \
|| echo 'deb http://deb.debian.org/debian buster-backports main' | sudo tee -a /etc/apt/sources.list.d/backports.list || echo 'deb http://deb.debian.org/debian buster-backports main' | sudo tee -a /etc/apt/sources.list.d/backports.list
sudo apt-get install -y cockpit cockpit-docker
elif [ "$DISTRO" == "raspbian" ]; then elif [ "$DISTRO" == "raspbian" ]; then
echo "Raspbian repos contain cockpit" echo "Raspbian repos contain cockpit"
sudo apt-get install -y cockpit cockpit-docker
fi fi
sudo apt-get install -y cockpit
if $(sudo apt-cache show cockpit-docker > /dev/null 2>&1) ; then
# no longer supported upstream in Ubuntu 20.04
sudo apt-get install -y cockpit-docker
fi
sudo cp ./scripts/conf/cockpit.conf /etc/cockpit/cockpit.conf sudo cp ./scripts/conf/cockpit.conf /etc/cockpit/cockpit.conf
sudo systemctl restart cockpit.socket sudo systemctl restart cockpit.socket

Write Preview
Loading…
Cancel
Save