free
/
freedombone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Reboot after hrng setup

This commit is contained in:
Bob Mottram 2014-09-21 10:20:47 +01:00
parent 75302efe5f
commit 3ae61a3937
1 changed files with 13 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
install-freedombone.sh
View File

@ -157,10 +157,8 @@ function random_number_generator {
if [ $USE_HWRNG == "yes" ]; then if [ $USE_HWRNG == "yes" ]; then
apt-get -y install rng-tools apt-get -y install rng-tools
sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' /etc/default/rng-tools sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' /etc/default/rng-tools
# TODO there should be a system restart at this point to enable /dev/hwrng echo 'random_number_generator' >> $COMPLETION_FILE
service rng-tools restart reboot
# Test that it works
cat /dev/hwrng | rngtest -c 1000
else else
apt-get -y install haveged apt-get -y install haveged
fi fi
@ -346,11 +344,21 @@ function configure_firewall {
echo 'configure_firewall' >> $COMPLETION_FILE echo 'configure_firewall' >> $COMPLETION_FILE
} }
function save_firewall_settings {
iptables-save > /etc/firewall.conf
ip6tables-save > /etc/firewall6.conf
printf '#!/bin/sh\n' > /etc/network/if-up.d/iptables
printf 'iptables-restore < /etc/firewall.conf\n' >> /etc/network/if-up.d/iptables
printf 'ip6tables-restore < /etc/firewall6.conf\n' >> /etc/network/if-up.d/iptables
chmod +x /etc/network/if-up.d/iptables
}
function configure_firewall_for_ssh { function configure_firewall_for_ssh {
if [ grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE ]; then if [ grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE ]; then
return return
fi fi
iptables -A INPUT -i eth0 -p tcp --dport $SSH_PORT -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport $SSH_PORT -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_ssh' >> $COMPLETION_FILE echo 'configure_firewall_for_ssh' >> $COMPLETION_FILE
} }
@ -362,18 +370,10 @@ function configure_firewall_for_email {
iptables -A INPUT -i eth0 -p tcp --dport 587 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 587 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 993 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 993 -j ACCEPT
save_firewall_settings
echo 'configure_firewall_for_email' >> $COMPLETION_FILE echo 'configure_firewall_for_email' >> $COMPLETION_FILE
} }
function save_firewall_settings {
iptables-save > /etc/firewall.conf
ip6tables-save > /etc/firewall6.conf
printf '#!/bin/sh\n' > /etc/network/if-up.d/iptables
printf 'iptables-restore < /etc/firewall.conf\n' >> /etc/network/if-up.d/iptables
printf 'ip6tables-restore < /etc/firewall6.conf\n' >> /etc/network/if-up.d/iptables
chmod +x /etc/network/if-up.d/iptables
}
function configure_internet_protocol { function configure_internet_protocol {
if [ grep -Fxq "configure_internet_protocol" $COMPLETION_FILE ]; then if [ grep -Fxq "configure_internet_protocol" $COMPLETION_FILE ]; then
return return
@ -826,7 +826,6 @@ time_synchronisation
configure_firewall configure_firewall
configure_firewall_for_ssh configure_firewall_for_ssh
configure_firewall_for_email configure_firewall_for_email
save_firewall_settings
configure_internet_protocol configure_internet_protocol
script_to_make_self_signed_certificates script_to_make_self_signed_certificates
configure_email configure_email