From 8a5c745d0c19b93a3695f2d057963ddad52d8fbd Mon Sep 17 00:00:00 2001
From: Steven Foerster <steven@cyber5k.com>
Date: Sun, 2 May 2021 20:59:12 -0400
Subject: [PATCH 01/15] security updates

---
 extra/bitwarden.yml                    | 2 +-
 extra/jitsi-meet.yml                   | 4 ++--
 extra/syncthing.yml                    | 4 ++--
 extra/tor.yml                          | 2 +-
 scripts/services/Mistborn-base.service | 1 +
 scripts/services/wazuh/agent.sh        | 8 ++++++--
 6 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/extra/bitwarden.yml b/extra/bitwarden.yml
index 377b4b8..cd66424 100644
--- a/extra/bitwarden.yml
+++ b/extra/bitwarden.yml
@@ -19,7 +19,7 @@ services:
       - "traefik.http.routers.bitwarden-https.tls.certresolver=basic"
       - "traefik.http.services.bitwarden-service.loadbalancer.server.port=80"
     ports:
-      - 3012:3012/tcp
+      - "${MISTBORN_BIND_IP}:3012:3012/tcp"
     restart: unless-stopped
 
 networks:
diff --git a/extra/jitsi-meet.yml b/extra/jitsi-meet.yml
index 421f2a3..4a92b8e 100644
--- a/extra/jitsi-meet.yml
+++ b/extra/jitsi-meet.yml
@@ -216,8 +216,8 @@ services:
         image: jitsi/jvb:latest
         restart: unless-stopped
         ports:
-            - '${JVB_PORT}:${JVB_PORT}/udp'
-            - '${JVB_TCP_PORT}:${JVB_TCP_PORT}'
+            - "${MISTBORN_BIND_IP}:${JVB_PORT}:${JVB_PORT}/udp"
+            - "${MISTBORN_BIND_IP}:${JVB_TCP_PORT}:${JVB_TCP_PORT}"
         volumes:
             - ${CONFIG}/jvb:/config:Z
         env_file:
diff --git a/extra/syncthing.yml b/extra/syncthing.yml
index 6083393..f66bd73 100644
--- a/extra/syncthing.yml
+++ b/extra/syncthing.yml
@@ -15,8 +15,8 @@ services:
       - ../../mistborn_volumes/extra/syncthing/data2:/data2
     ports:
       #- 8384:8384
-      - 22000:22000/tcp # listening port
-      - 21027:21027/udp # protocol discovery
+      - "${MISTBORN_BIND_IP}:22000:22000/tcp" # listening port
+      - "${MISTBORN_BIND_IP}:21027:21027/udp" # protocol discovery
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.syncthing-http.rule=Host(`syncthing.mistborn`)"
diff --git a/extra/tor.yml b/extra/tor.yml
index f8c4141..6b06975 100644
--- a/extra/tor.yml
+++ b/extra/tor.yml
@@ -8,7 +8,7 @@ services:
     image: mistborn_production_tor
     container_name: mistborn_production_tor
     ports:
-      - 9150:9150/tcp
+      - "${MISTBORN_BIND_IP}:9150:9150/tcp"
 
 networks:
   default:
diff --git a/scripts/services/Mistborn-base.service b/scripts/services/Mistborn-base.service
index 9f82b72..46e513c 100644
--- a/scripts/services/Mistborn-base.service
+++ b/scripts/services/Mistborn-base.service
@@ -7,6 +7,7 @@ After=netfilter-persistent.service
 
 [Service]
 Restart=always
+RestartSec=15
 User=root
 Group=docker
 PermissionsStartOnly=true
diff --git a/scripts/services/wazuh/agent.sh b/scripts/services/wazuh/agent.sh
index 222d664..dca4832 100755
--- a/scripts/services/wazuh/agent.sh
+++ b/scripts/services/wazuh/agent.sh
@@ -6,10 +6,14 @@ if dpkg -s wazuh-agent &> /dev/null; then
     exit 0
 fi
 
+# install curl
+echo "install curl"
+sudo apt-get install -y curl
+
 # prepare repo
 echo "Adding Wazuh Repository"
-curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
-echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
+curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | sudo apt-key add -
+echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | sudo tee /etc/apt/sources.list.d/wazuh.list
 
 apt-get update
 

From 0f7f5eaa947cad5c9b32ae7958a5a9e9d17e54a0 Mon Sep 17 00:00:00 2001
From: Steven Foerster <steven@cyber5k.com>
Date: Sun, 2 May 2021 21:06:00 -0400
Subject: [PATCH 02/15] openssh dependencies

---
 scripts/install.sh              | 2 +-
 scripts/services/wazuh/agent.sh | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/scripts/install.sh b/scripts/install.sh
index a142ad9..fe5ad87 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -111,7 +111,7 @@ fi
 
 
 # SSH Server
-sudo -E apt-get install -y openssh-server
+sudo -E apt-get install -y openssh-server openssh-client openssh-ftp-server
 #sudo sed -i 's/#PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
 #sudo sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
 #sudo sed -i 's/#PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
diff --git a/scripts/services/wazuh/agent.sh b/scripts/services/wazuh/agent.sh
index dca4832..7735fc1 100755
--- a/scripts/services/wazuh/agent.sh
+++ b/scripts/services/wazuh/agent.sh
@@ -8,12 +8,12 @@ fi
 
 # install curl
 echo "install curl"
-sudo apt-get install -y curl
+sudo -E apt-get install -y curl
 
 # prepare repo
 echo "Adding Wazuh Repository"
-curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | sudo apt-key add -
-echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | sudo tee /etc/apt/sources.list.d/wazuh.list
+curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | sudo -E apt-key add -
+echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | sudo -E tee /etc/apt/sources.list.d/wazuh.list
 
 apt-get update
 

From bfa074c7c441461369d3f71468ee640fda4c4173 Mon Sep 17 00:00:00 2001
From: Steven Foerster <steven@cyber5k.com>
Date: Sun, 2 May 2021 21:06:44 -0400
Subject: [PATCH 03/15] typo

---
 scripts/install.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/install.sh b/scripts/install.sh
index fe5ad87..91bba7c 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -111,7 +111,7 @@ fi
 
 
 # SSH Server
-sudo -E apt-get install -y openssh-server openssh-client openssh-ftp-server
+sudo -E apt-get install -y openssh-server openssh-client openssh-sftp-server
 #sudo sed -i 's/#PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
 #sudo sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
 #sudo sed -i 's/#PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config

From 29154b5e7ae2dde7e0e141c69a7d72822d6f0179 Mon Sep 17 00:00:00 2001
From: Steven Foerster <steven@cyber5k.com>
Date: Sun, 2 May 2021 21:07:44 -0400
Subject: [PATCH 04/15] dependencies

---
 scripts/install.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/install.sh b/scripts/install.sh
index 91bba7c..8ec5800 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -111,7 +111,8 @@ fi
 
 
 # SSH Server
-sudo -E apt-get install -y openssh-server openssh-client openssh-sftp-server
+sudo -E apt-get install -y openssh-client
+sudo -E apt-get install -y openssh-server openssh-sftp-server
 #sudo sed -i 's/#PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
 #sudo sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
 #sudo sed -i 's/#PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config

From 6b59c5ee191dcd55fa94e618d98910b1d0da46d7 Mon Sep 17 00:00:00 2001
From: Steven Foerster <steven@cyber5k.com>
Date: Sun, 2 May 2021 21:18:41 -0400
Subject: [PATCH 05/15] logic

---
 scripts/install.sh | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/scripts/install.sh b/scripts/install.sh
index 8ec5800..ae93597 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -111,8 +111,7 @@ fi
 
 
 # SSH Server
-sudo -E apt-get install -y openssh-client
-sudo -E apt-get install -y openssh-server openssh-sftp-server
+sudo -E apt-get install -y openssh-server || sudo -E apt purge -y openssh-client; sudo -E apt-get install openssh-server
 #sudo sed -i 's/#PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
 #sudo sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
 #sudo sed -i 's/#PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config

From e91f58fd94a0ff1b7a6c1f2aba3fa18174f217d6 Mon Sep 17 00:00:00 2001
From: Steven Foerster <steven@cyber5k.com>
Date: Sun, 2 May 2021 21:21:39 -0400
Subject: [PATCH 06/15] yes

---
 scripts/install.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/install.sh b/scripts/install.sh
index ae93597..ab90775 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -111,7 +111,7 @@ fi
 
 
 # SSH Server
-sudo -E apt-get install -y openssh-server || sudo -E apt purge -y openssh-client; sudo -E apt-get install openssh-server
+sudo -E apt-get install -y openssh-server || sudo -E apt purge -y openssh-client; sudo -E apt-get install -y openssh-server
 #sudo sed -i 's/#PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
 #sudo sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
 #sudo sed -i 's/#PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config

From 1849244d242af4f71c42d662b257206172520070 Mon Sep 17 00:00:00 2001
From: Steven Foerster <steven@cyber5k.com>
Date: Sun, 2 May 2021 21:41:27 -0400
Subject: [PATCH 07/15] check updates

---
 scripts/install.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/scripts/install.sh b/scripts/install.sh
index ab90775..43314a0 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -59,6 +59,9 @@ echo -e "| |  | | \__ \ |_| |_) | (_) | |  | | | |"
 echo -e "|_|  |_|_|___/\__|_.__/ \___/|_|  |_| |_|"
 echo -e ""
 
+echo "Checking updates"
+source ./scripts/subinstallers/check_updates.sh
+
 sudo rm -rf /opt/mistborn 2>/dev/null || true
 
 # clone to /opt and change directory

From 0c3fac3df31f8ec7d1cbe02bdfcaa937738cfef8 Mon Sep 17 00:00:00 2001
From: Steven Foerster <steven@cyber5k.com>
Date: Sun, 2 May 2021 21:45:17 -0400
Subject: [PATCH 08/15] placement

---
 scripts/install.sh | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/scripts/install.sh b/scripts/install.sh
index 43314a0..549f4ef 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -59,9 +59,6 @@ echo -e "| |  | | \__ \ |_| |_) | (_) | |  | | | |"
 echo -e "|_|  |_|_|___/\__|_.__/ \___/|_|  |_| |_|"
 echo -e ""
 
-echo "Checking updates"
-source ./scripts/subinstallers/check_updates.sh
-
 sudo rm -rf /opt/mistborn 2>/dev/null || true
 
 # clone to /opt and change directory
@@ -72,6 +69,10 @@ pushd .
 cd /opt/mistborn
 git submodule update --init --recursive
 
+# Check updates
+echo "Checking updates"
+source ./scripts/subinstallers/check_updates.sh
+
 # MISTBORN_DEFAULT_PASSWORD
 source ./scripts/subinstallers/passwd.sh
 

From e5018ecad759d48a9e1304f570861d4a6fb346b3 Mon Sep 17 00:00:00 2001
From: Steven Foerster <steven@cyber5k.com>
Date: Sun, 2 May 2021 21:46:10 -0400
Subject: [PATCH 09/15] adding check_updates.sh

---
 scripts/subinstallers/check_updates.sh | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100755 scripts/subinstallers/check_updates.sh

diff --git a/scripts/subinstallers/check_updates.sh b/scripts/subinstallers/check_updates.sh
new file mode 100755
index 0000000..e662df2
--- /dev/null
+++ b/scripts/subinstallers/check_updates.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+sudo apt-get update
+
+UPDATES=$(sudo apt-get dist-upgrade -s --quiet=2 | grep ^Inst | wc -l)
+
+if [[ "$UPDATES" ~= "0" ]]; then
+    echo "Please run updates: sudo apt-get update && sudo apt-get -y dist-upgrade"
+    exit 1;
+fi
\ No newline at end of file

From 51e7cb859ddd00c314a054b0e1a42ffc3667d5d2 Mon Sep 17 00:00:00 2001
From: Steven Foerster <steven@cyber5k.com>
Date: Sun, 2 May 2021 21:47:07 -0400
Subject: [PATCH 10/15] ne

---
 scripts/subinstallers/check_updates.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/subinstallers/check_updates.sh b/scripts/subinstallers/check_updates.sh
index e662df2..226a5c3 100755
--- a/scripts/subinstallers/check_updates.sh
+++ b/scripts/subinstallers/check_updates.sh
@@ -4,7 +4,7 @@ sudo apt-get update
 
 UPDATES=$(sudo apt-get dist-upgrade -s --quiet=2 | grep ^Inst | wc -l)
 
-if [[ "$UPDATES" ~= "0" ]]; then
+if [[ "$UPDATES" -ne "0" ]]; then
     echo "Please run updates: sudo apt-get update && sudo apt-get -y dist-upgrade"
     exit 1;
 fi
\ No newline at end of file

From bb6f1ea02fde8f4300364c60503828e9027a2818 Mon Sep 17 00:00:00 2001
From: Steven Foerster <steven@cyber5k.com>
Date: Sun, 2 May 2021 21:48:09 -0400
Subject: [PATCH 11/15] refactor

---
 scripts/install.sh | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/scripts/install.sh b/scripts/install.sh
index 549f4ef..f35b631 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -94,8 +94,7 @@ else
     echo "SSH key exists for $USER"
 fi
 
-# initial load update package list
-sudo apt-get update
+# initial load update package list during check_updates.sh
 
 # install figlet
 sudo -E apt-get install -y figlet

From b76c1c23a0b16def26f355004122eb676008aae6 Mon Sep 17 00:00:00 2001
From: Steven Foerster <steven@cyber5k.com>
Date: Sun, 2 May 2021 21:52:55 -0400
Subject: [PATCH 12/15] updates message

---
 scripts/subinstallers/check_updates.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/subinstallers/check_updates.sh b/scripts/subinstallers/check_updates.sh
index 226a5c3..2e2a1e8 100755
--- a/scripts/subinstallers/check_updates.sh
+++ b/scripts/subinstallers/check_updates.sh
@@ -5,6 +5,6 @@ sudo apt-get update
 UPDATES=$(sudo apt-get dist-upgrade -s --quiet=2 | grep ^Inst | wc -l)
 
 if [[ "$UPDATES" -ne "0" ]]; then
-    echo "Please run updates: sudo apt-get update && sudo apt-get -y dist-upgrade"
+    echo "Please run updates before installing Mistborn: sudo apt-get update && sudo apt-get -y dist-upgrade"
     exit 1;
 fi
\ No newline at end of file

From cd7e559d755612783a17e7160d9b9052084fd7f3 Mon Sep 17 00:00:00 2001
From: Steven Foerster <steven@cyber5k.com>
Date: Sun, 2 May 2021 21:53:45 -0400
Subject: [PATCH 13/15] reboot

---
 scripts/subinstallers/check_updates.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/subinstallers/check_updates.sh b/scripts/subinstallers/check_updates.sh
index 2e2a1e8..286db0d 100755
--- a/scripts/subinstallers/check_updates.sh
+++ b/scripts/subinstallers/check_updates.sh
@@ -5,6 +5,6 @@ sudo apt-get update
 UPDATES=$(sudo apt-get dist-upgrade -s --quiet=2 | grep ^Inst | wc -l)
 
 if [[ "$UPDATES" -ne "0" ]]; then
-    echo "Please run updates before installing Mistborn: sudo apt-get update && sudo apt-get -y dist-upgrade"
+    echo "Please run updates and reboot before installing Mistborn: sudo apt-get update && sudo apt-get -y dist-upgrade"
     exit 1;
 fi
\ No newline at end of file

From cfe5ed52663ae6f4ae88d7d4a3a00f1b62885d86 Mon Sep 17 00:00:00 2001
From: Steven Foerster <steven@cyber5k.com>
Date: Sun, 2 May 2021 21:58:29 -0400
Subject: [PATCH 14/15] remove openssh catch

---
 scripts/install.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/install.sh b/scripts/install.sh
index f35b631..0924e86 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -114,7 +114,7 @@ fi
 
 
 # SSH Server
-sudo -E apt-get install -y openssh-server || sudo -E apt purge -y openssh-client; sudo -E apt-get install -y openssh-server
+sudo -E apt-get install -y openssh-server
 #sudo sed -i 's/#PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
 #sudo sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
 #sudo sed -i 's/#PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config

From 9a372282544d1e097eb5db88ab3e844594c47462 Mon Sep 17 00:00:00 2001
From: Steven Foerster <steven@cyber5k.com>
Date: Sun, 2 May 2021 22:22:09 -0400
Subject: [PATCH 15/15] removing underscore

---
 scripts/subinstallers/extra/wazuh.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/subinstallers/extra/wazuh.sh b/scripts/subinstallers/extra/wazuh.sh
index 2959629..83dcb79 100755
--- a/scripts/subinstallers/extra/wazuh.sh
+++ b/scripts/subinstallers/extra/wazuh.sh
@@ -23,14 +23,14 @@ import secrets
 import random
 import string
 
-random_pass = ([secrets.choice("@$!*?-_"),
+random_pass = ([secrets.choice("@$!*?-"),
                            secrets.choice(string.digits),
                            secrets.choice(string.ascii_lowercase),
                            secrets.choice(string.ascii_uppercase),
                            ]
                           + [secrets.choice(string.ascii_lowercase
                                            + string.ascii_uppercase
-                                           + "@$!*?-_"
+                                           + "@$!*?-"
                                            + string.digits) for i in range(12)])
 
 random.shuffle(random_pass)