-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathblockchain_init.sh
86 lines (76 loc) · 2.63 KB
/
blockchain_init.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#!/bin/bash
### Config
networkAddress="192.168.134.0/24"
rsa_file=~/.ssh/id_rsa
sharedPubKey="/mnt/pubkey/"
ssh_config="/etc/ssh/ssh_config"
dsh_config="/etc/dsh/dsh.conf"
### Verify root privileges
# If the EUID is not 0 (root), notify on prompt and crash
if [[ $EUID -ne 0 ]]; then
echo "I must be opened with root privileges"
exit 1
fi
### Variables
time=$(date)
existing_exports=$(cat /etc/exports | grep /mnt/pubkey)
isSSHSecured=$(cat $ssh_config | grep "Secured for blockchain")
isDSHConfigured=$(cat $dsh_config | grep "Configured for blockchain")
### Net address and key location notification on prompt (debug purposes)
echo "Current time : $time"
echo "Defined network address : $networkAddress"
echo "Defined public key location : $sharedPubKey"
echo "----------------"
### Network File System sharing
# Create shared folder if it doesn't exist
if [[ ! -d $sharedPubKey ]]; then
mkdir $sharedPubKey
fi
# Grant full access to owner (root), read-only for everyone else
chmod 755 $sharedPubKey
# Create the NFS share if it doen't exist
if [[ ! -z existing_exports ]]; then
echo "/mnt/pubkey $networkAddress(ro,sync,no_subtree_check)" >/etc/exports
fi
# Re-read config file and apply
exportfs -ra
# Restart NFS server
systemctl restart nfs-kernel-server
echo "----------------"
### Creating SSH keys
# If a key is already there, delete it
if [ -f $rsa_file ]; then
rm $rsa_file
rm $rsa_file.pub
fi
# Generate a new pair
ssh-keygen -f ~/.ssh/id_rsa -N "" -t rsa
# Copy the public key to the shared folder
cp $rsa_file.pub $sharedPubKey
### SSH configuration
# if SSH is not secured
if [[ -z $isSSHSecured ]]; then
# Set PasswordAuthentication to no and uncomment it in the ssh configuration
sed -i 's/# PasswordAuthentication yes/ PasswordAuthentication no/g' $ssh_config
# Set GSSAPIAuthentication to no
sed -i 's/ GSSAPIAuthentication yes/ GSSAPIAuthentication no/g' $ssh_config
# Set SSH port to 22 and uncomment it in the ssh configuration
sed -i 's/# Port 22/ Port 22/g' $ssh_config
# Append ssh config file with tag so we don't run this configuration again
echo "#Secured for blockchain" >>$ssh_config
#systemctl reload ssh
systemctl restart ssh
#systemctl restart sshd.service
fi
### DSH configuration
# If DSH is not configured
if [[ -z $isDSHConfigured ]]; then
# Set remoteshell to ssh
sed -i 's/remoteshell =rsh/remoteshell =ssh/g' $dsh_config
# Append dsh config file with tag so we don't run this configuration again
echo "#Configured for blockchain" >>$dsh_config
fi
### Files init/reset
echo "" >~/.ssh/known_hosts
echo "" >~/.ssh/authorized_keys
echo "" >/etc/dsh/group/blockchain