punkfairie/install.fairie
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch '5_endlessh' into 'master'

Browse source 
Update endlessh logic

Closes #5

See merge request megabyte-labs/install.doctor!6
This commit is contained in:
Brian Zalewski 2023-05-07 01:42:45 +00:00
commit 102346ce5c
2 changed files with 58 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
home/.chezmoiscripts/universal/run_onchange_after_30-endlessh.sh.tmpl
View file

@ -17,11 +17,51 @@
# * [Endlessh GitHub repository](https://github.com/skeeto/endlessh) # * [Endlessh GitHub repository](https://github.com/skeeto/endlessh)
# * [Endlessh configuration](https://github.com/megabyte-labs/install.doctor/blob/master/home/private_dot_ssh/endlessh/config.tmpl) # * [Endlessh configuration](https://github.com/megabyte-labs/install.doctor/blob/master/home/private_dot_ssh/endlessh/config.tmpl)
# @file Endlessh Configuration
# @brief This script configures Endlessh by applying the configuration stored in `${XDG_DATA_HOME:-$HOME/.ssh}/endlessh/config` if the `endlessh` application is available
# @description
# This script applies the Endlessh configuration stored in `${XDG_DATA_HOME:-$HOME/.ssh}/endlessh/config` if endlessh is installed.
# Endlessh is and SSH Tarpit configured to listen for incoming connection on the given port and respond slowly with a random, endless SSH banner. To protect the real server,
# configure Endlessh to listen on the default SSH port (22), while the real server listens to a different port.
#
# ## Configuration Variables
#
# The following chart details the input variable(s) that are used to determine the configuration of the endlessh:
#
# | Variable | Description |
# |-----------------|------------------------------------------------------------|
# | `endlesshPort` | The port that endlessh listens to for incoming connections |
#
# ## Links
#
# * [Default Endlessh configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/private_dot_ssh/endlessh/config.tmpl)
# * [Secrets / Environment variables documentation](https://install.doctor/docs/customization/secrets)
# endlessh config hash: {{- include (joinPath .host.home ".ssh" "endlessh" "config") | sha256sum -}} # endlessh config hash: {{- include (joinPath .host.home ".ssh" "endlessh" "config") | sha256sum -}}
{{ includeTemplate "universal/profile" }} {{ includeTemplate "universal/profile" }}
{{ includeTemplate "universal/logg" }} {{ includeTemplate "universal/logg" }}
### Configures endlessh service
function configureEndlessh() {
### Update the service configuration file
logg info 'Updating `endlessh` service configuration file'
sudo sed -i 's/^.*#AmbientCapabilities=CAP_NET_BIND_SERVICE/AmbientCapabilities=CAP_NET_BIND_SERVICE/' /usr/lib/systemd/system/endlessh.service
sudo sed -i 's/^.*PrivateUsers=true/#PrivateUsers=true/' /usr/lib/systemd/system/endlessh.service
logg info 'Reloading systemd'
sudo systemctl daemon-reload
### Update capabilities of `endlessh`
logg info 'Updating capabilities of `endlessh`'
sudo setcap 'cap_net_bind_service=+ep' /usr/bin/endlessh
### Restart / enable Endlessh
logg info 'Enabling the `endlessh` service'
sudo systemctl enable endlessh
logg info 'Restarting the `endlessh` service'
sudo systemctl restart endlessh
}
### Update /etc/endlessh/config if environment is not WSL ### Update /etc/endlessh/config if environment is not WSL
if [[ ! "$(test -d proc && grep Microsoft /proc/version > /dev/null)" ]]; then if [[ ! "$(test -d proc && grep Microsoft /proc/version > /dev/null)" ]]; then
if command -v endlessh > /dev/null; then if command -v endlessh > /dev/null; then
@ -29,13 +69,24 @@ if [[ ! "$(test -d proc && grep Microsoft /proc/version > /dev/null)" ]]; then
logg info 'Copying ~/.ssh/endlessh/config to /etc/endlessh/config' logg info 'Copying ~/.ssh/endlessh/config to /etc/endlessh/config'
sudo cp -f "$HOME/.ssh/endlessh/config" /etc/endlessh/config sudo cp -f "$HOME/.ssh/endlessh/config" /etc/endlessh/config
### Restart / enable Endlessh configureEndlessh || CONFIGURE_EXIT_CODE=$?
logg info 'Enabling the `endlessh` service' if [ -n "$CONFIGURE_EXIT_CODE" ]; then
sudo systemctl enable endlessh logg error 'Configuring `endlessh` service failed' && exit 1
logg info 'Restarting the `endlessh` service'
sudo systemctl restart endlessh
else else
logg warn 'The /etc/endlessh folder does not exist' logg success 'Successfully configured `endlessh` service'
fi
elif [ -f /etc/endlessh.conf ]; then
logg info 'Copying ~/.ssh/endlessh/config to /etc/endlessh.conf'
sudo cp -f "$HOME/.ssh/endlessh/config" /etc/endlessh.conf
configureEndlessh || CONFIGURE_EXIT_CODE=$?
if [ -n "$CONFIGURE_EXIT_CODE" ]; then
logg error 'Configuring `endlessh` service failed' && exit 1
else
logg success 'Successfully configured `endlessh` service'
fi
else
logg warn 'Neither the /etc/endlessh folder nor the /etc/endlessh.conf file exist'
fi fi
else else
logg info 'Skipping Endlessh configuration because the `endlessh` executable is not available in the PATH' logg info 'Skipping Endlessh configuration because the `endlessh` executable is not available in the PATH'

2
software.yml
View file

@ -6959,7 +6959,7 @@ softwarePackages:
# ansible:linux: professormanhattan.sshtarpit # ansible:linux: professormanhattan.sshtarpit
apt: endlessh apt: endlessh
dnf:fedora: endlessh dnf:fedora: endlessh
pacman: endlessh-git yay: endlessh-git
ssl-proxy: ssl-proxy:
_bin: null _bin: null
_desc: Simple zero-config SSL reverse proxy with real autogenerated certificates _desc: Simple zero-config SSL reverse proxy with real autogenerated certificates