install.fairie/home/.chezmoiscripts/universal/run_onchange_after_30-endlessh.sh.tmpl

{{- if eq .host.distro.family "linux" -}}
#!/usr/bin/env bash
# @file Endlessh Configuration
# @brief Applies the Endlessh configuration and starts the service on Linux systems
# @description
#     Endlessh is a endless SSH tarpit that slowly shows an infinitely long SSH welcome banner on the default
#     SSH port. It is intended to break unsophisticated malware that targets SSH.
#
#     If the `endlessh` program is installed, this script applies the configuration stored in `home/private_dot_ssh/endlessh/config.tmpl`
#     (that unpacks with Chezmoi to `~/.ssh/endlessh/config`) to the system location and then starts the service.
#
#     **Note:** _This script runs under the assumption that the actual SSH port which is defined in `home/.chezmoidata.yaml`
#     is assigned to a non-standard port like 2214. This allows the default port to be used for `endlessh`._
#
#     ## Links
#
#     * [Endlessh GitHub repository](https://github.com/skeeto/endlessh)
#     * [Endlessh configuration](https://github.com/megabyte-labs/install.doctor/blob/master/home/private_dot_ssh/endlessh/config.tmpl)

# endlessh config hash: {{- include (joinPath .host.home ".ssh" "endlessh" "config") | sha256sum -}}

{{ includeTemplate "universal/profile" }}
{{ includeTemplate "universal/logg" }}

### Update /etc/endlessh/config if environment is not WSL
if [[ ! "$(test -d proc && grep Microsoft /proc/version > /dev/null)" ]]; then
    if command -v endlessh > /dev/null; then
        if [ -d /etc/endlessh ]; then
            logg info 'Copying ~/.ssh/endlessh/config to /etc/endlessh/config'
            sudo cp -f "$HOME/.ssh/endlessh/config" /etc/endlessh/config

            ### Restart / enable Endlessh
            logg info 'Enabling the `endlessh` service'
            sudo systemctl enable endlessh
            logg info 'Restarting the `endlessh` service'
            sudo systemctl restart endlessh
        else
            logg warn 'The /etc/endlessh folder does not exist'
        fi
    else
        logg info 'Skipping Endlessh configuration because the `endlessh` executable is not available in the PATH'
    fi
else
    logg info 'Skipping Endlessh configuration since environment is WSL'
fi

{{ end -}}
Update 2 files - /home/private_dot_ssh/endlessh/run_onchange_after_endlessh.tmpl - /home/private_dot_ssh/fail2ban/run_onchange_after_fail2ban.tmpl 2023-02-01 12:45:33 -08:00			`{{- if eq .host.distro.family "linux" -}}`
Update 11 files - /home/.chezmoidata.yaml - /home/.chezmoiscripts/universal/run_onchange_after_28-privoxy.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_27-tor.tmpl - /home/dot_ssh/endlessh/run_onchanges_after_endlessh.tmpl - /home/dot_ssh/endlessh/config.tmpl - /home/.chezmoi.yaml.tmpl - /home/dot_local/config/privoxy.sample - /home/dot_local/config/torrc.sample - /home/dot_local/config/torrc - /home/dot_local/config/privoxy - /software.yml 2023-01-28 19:49:06 -08:00			`#!/usr/bin/env bash`
Update 28 files - /home/.chezmoiscripts/run_onchange_after_add-fonts.tmpl - /home/.chezmoiscripts/run_onchange_after_endlessh.tmpl - /home/.chezmoiscripts/run_onchange_after_fail2ban.tmpl - /home/.chezmoiscripts/run_onchange_after_symlink-ansible-configs.tmpl - /home/.chezmoiscripts/run_onchange_after_sshd.tmpl - /home/.chezmoiscripts/run_onchanges_after_decrypt-ssh-keys.tmpl - /home/.chezmoiscripts/run_onchange_ensure-executable.tmpl - /home/.chezmoiscripts/run_onchanges_after_ensure-private-key.tmpl - /home/.chezmoiscripts/run_onchanges_after_generate-public-keys.tmpl - /home/.chezmoiscripts/run_onchanges_after_symlink-custom.tmpl - /home/.chezmoitemplates/ssh/authorized-keys.yubikey - /home/.chezmoiscripts/universal/run_onchange_after_24-vpn-darwin.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_20-font.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_02-ensure-executable.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_05-decrypt-ssh-keys.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_07-ensure-private-key.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_08-generate-public-keys.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_08-symlink-custom.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_24-vpn-darwin.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_30-endlessh.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_30-sshd.sh.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_31-fail2ban.sh.tmpl - /home/.chezmoiscripts/disabled/run_onchange_after_symlink-ansible-configs.tmpl - /home/.chezmoiscripts/linux/run_onchange_before_01-requirements.sh.tmpl - /home/.chezmoiscripts/linux/run_onchange_before_10-system-tweaks.sh.tmpl - /home/.chezmoiscripts/linux/run_onchange_before_11-configure-swap.sh.tmpl - /home/.chezmoiscripts/linux/run_onchange_before_14-warp.sh.tmpl - /home/.chezmoitemplates/ssh/encrypted_authorized-keys.yubikey.tmpl 2023-04-15 16:14:30 -07:00			`# @file Endlessh Configuration`
			`# @brief Applies the Endlessh configuration and starts the service on Linux systems`
			`# @description`
			`# Endlessh is a endless SSH tarpit that slowly shows an infinitely long SSH welcome banner on the default`
			`# SSH port. It is intended to break unsophisticated malware that targets SSH.`
			`#`
			# If the `endlessh` program is installed, this script applies the configuration stored in `home/private_dot_ssh/endlessh/config.tmpl`
			# (that unpacks with Chezmoi to `~/.ssh/endlessh/config`) to the system location and then starts the service.
			`#`
			# Note: _This script runs under the assumption that the actual SSH port which is defined in `home/.chezmoidata.yaml`
			# is assigned to a non-standard port like 2214. This allows the default port to be used for `endlessh`._
			`#`
			`# ## Links`
			`#`
			`# * [Endlessh GitHub repository](https://github.com/skeeto/endlessh)`
			`# * [Endlessh configuration](https://github.com/megabyte-labs/install.doctor/blob/master/home/private_dot_ssh/endlessh/config.tmpl)`
Update 11 files - /home/.chezmoidata.yaml - /home/.chezmoiscripts/universal/run_onchange_after_28-privoxy.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_27-tor.tmpl - /home/dot_ssh/endlessh/run_onchanges_after_endlessh.tmpl - /home/dot_ssh/endlessh/config.tmpl - /home/.chezmoi.yaml.tmpl - /home/dot_local/config/privoxy.sample - /home/dot_local/config/torrc.sample - /home/dot_local/config/torrc - /home/dot_local/config/privoxy - /software.yml 2023-01-28 19:49:06 -08:00
Update 3 files - /home/private_dot_ssh/system/run_onchange_after_sshd.tmpl - /home/private_dot_ssh/fail2ban/run_onchange_after_fail2ban.tmpl - /home/private_dot_ssh/endlessh/run_onchange_after_endlessh.tmpl 2023-02-01 13:09:14 -08:00			`# endlessh config hash: {{- include (joinPath .host.home ".ssh" "endlessh" "config") \| sha256sum -}}`
Update 11 files - /home/.chezmoidata.yaml - /home/.chezmoiscripts/universal/run_onchange_after_28-privoxy.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_27-tor.tmpl - /home/dot_ssh/endlessh/run_onchanges_after_endlessh.tmpl - /home/dot_ssh/endlessh/config.tmpl - /home/.chezmoi.yaml.tmpl - /home/dot_local/config/privoxy.sample - /home/dot_local/config/torrc.sample - /home/dot_local/config/torrc - /home/dot_local/config/privoxy - /software.yml 2023-01-28 19:49:06 -08:00
			`{{ includeTemplate "universal/profile" }}`
			`{{ includeTemplate "universal/logg" }}`

			`### Update /etc/endlessh/config if environment is not WSL`
Fixes WSL check on macOS 2023-02-15 19:14:33 -08:00			`if [[ ! "$(test -d proc && grep Microsoft /proc/version > /dev/null)" ]]; then`
Update 11 files - /home/.chezmoidata.yaml - /home/.chezmoiscripts/universal/run_onchange_after_28-privoxy.tmpl - /home/.chezmoiscripts/universal/run_onchange_after_27-tor.tmpl - /home/dot_ssh/endlessh/run_onchanges_after_endlessh.tmpl - /home/dot_ssh/endlessh/config.tmpl - /home/.chezmoi.yaml.tmpl - /home/dot_local/config/privoxy.sample - /home/dot_local/config/torrc.sample - /home/dot_local/config/torrc - /home/dot_local/config/privoxy - /software.yml 2023-01-28 19:49:06 -08:00			`if command -v endlessh > /dev/null; then`
			`if [ -d /etc/endlessh ]; then`
			`logg info 'Copying ~/.ssh/endlessh/config to /etc/endlessh/config'`
			`sudo cp -f "$HOME/.ssh/endlessh/config" /etc/endlessh/config`

			`### Restart / enable Endlessh`
			logg info 'Enabling the `endlessh` service'
			`sudo systemctl enable endlessh`
			logg info 'Restarting the `endlessh` service'
			`sudo systemctl restart endlessh`
			`else`
			`logg warn 'The /etc/endlessh folder does not exist'`
			`fi`
			`else`
			logg info 'Skipping Endlessh configuration because the `endlessh` executable is not available in the PATH'
			`fi`
			`else`
			`logg info 'Skipping Endlessh configuration since environment is WSL'`
			`fi`

			`{{ end -}}`