|
@@ -157,10 +157,8 @@ function random_number_generator {
|
157
|
157
|
if [ $USE_HWRNG == "yes" ]; then
|
158
|
158
|
apt-get -y install rng-tools
|
159
|
159
|
sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' /etc/default/rng-tools
|
160
|
|
- # TODO there should be a system restart at this point to enable /dev/hwrng
|
161
|
|
- service rng-tools restart
|
162
|
|
- # Test that it works
|
163
|
|
- cat /dev/hwrng | rngtest -c 1000
|
|
160
|
+ echo 'random_number_generator' >> $COMPLETION_FILE
|
|
161
|
+ reboot
|
164
|
162
|
else
|
165
|
163
|
apt-get -y install haveged
|
166
|
164
|
fi
|
|
@@ -346,11 +344,21 @@ function configure_firewall {
|
346
|
344
|
echo 'configure_firewall' >> $COMPLETION_FILE
|
347
|
345
|
}
|
348
|
346
|
|
|
347
|
+function save_firewall_settings {
|
|
348
|
+ iptables-save > /etc/firewall.conf
|
|
349
|
+ ip6tables-save > /etc/firewall6.conf
|
|
350
|
+ printf '#!/bin/sh\n' > /etc/network/if-up.d/iptables
|
|
351
|
+ printf 'iptables-restore < /etc/firewall.conf\n' >> /etc/network/if-up.d/iptables
|
|
352
|
+ printf 'ip6tables-restore < /etc/firewall6.conf\n' >> /etc/network/if-up.d/iptables
|
|
353
|
+ chmod +x /etc/network/if-up.d/iptables
|
|
354
|
+}
|
|
355
|
+
|
349
|
356
|
function configure_firewall_for_ssh {
|
350
|
357
|
if [ grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE ]; then
|
351
|
358
|
return
|
352
|
359
|
fi
|
353
|
360
|
iptables -A INPUT -i eth0 -p tcp --dport $SSH_PORT -j ACCEPT
|
|
361
|
+ save_firewall_settings
|
354
|
362
|
echo 'configure_firewall_for_ssh' >> $COMPLETION_FILE
|
355
|
363
|
}
|
356
|
364
|
|
|
@@ -362,18 +370,10 @@ function configure_firewall_for_email {
|
362
|
370
|
iptables -A INPUT -i eth0 -p tcp --dport 587 -j ACCEPT
|
363
|
371
|
iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT
|
364
|
372
|
iptables -A INPUT -i eth0 -p tcp --dport 993 -j ACCEPT
|
|
373
|
+ save_firewall_settings
|
365
|
374
|
echo 'configure_firewall_for_email' >> $COMPLETION_FILE
|
366
|
375
|
}
|
367
|
376
|
|
368
|
|
-function save_firewall_settings {
|
369
|
|
- iptables-save > /etc/firewall.conf
|
370
|
|
- ip6tables-save > /etc/firewall6.conf
|
371
|
|
- printf '#!/bin/sh\n' > /etc/network/if-up.d/iptables
|
372
|
|
- printf 'iptables-restore < /etc/firewall.conf\n' >> /etc/network/if-up.d/iptables
|
373
|
|
- printf 'ip6tables-restore < /etc/firewall6.conf\n' >> /etc/network/if-up.d/iptables
|
374
|
|
- chmod +x /etc/network/if-up.d/iptables
|
375
|
|
-}
|
376
|
|
-
|
377
|
377
|
function configure_internet_protocol {
|
378
|
378
|
if [ grep -Fxq "configure_internet_protocol" $COMPLETION_FILE ]; then
|
379
|
379
|
return
|
|
@@ -826,7 +826,6 @@ time_synchronisation
|
826
|
826
|
configure_firewall
|
827
|
827
|
configure_firewall_for_ssh
|
828
|
828
|
configure_firewall_for_email
|
829
|
|
-save_firewall_settings
|
830
|
829
|
configure_internet_protocol
|
831
|
830
|
script_to_make_self_signed_certificates
|
832
|
831
|
configure_email
|