free
/
freedombone
關註 1
收藏 0
複製 0
程式碼 問題管理 0 合併請求 0 版本發佈 0 Wiki Activity
瀏覽代碼

Reboot after hrng setup

Bob Mottram 10 年之前
父節點
75302efe5f
當前提交
3ae61a3937
共有 1 個文件被更改,包括 13 次插入14 次删除
統一視圖 顯示文件統計
  1. 13
    14
      install-freedombone.sh

+ 13
- 14
install-freedombone.sh 查看文件

157 
   if [ $USE_HWRNG == "yes" ]; then
 157 
   if [ $USE_HWRNG == "yes" ]; then
158 
     apt-get -y install rng-tools
 158 
     apt-get -y install rng-tools
159 
     sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' /etc/default/rng-tools
 159 
     sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' /etc/default/rng-tools
160 
-    # TODO there should be a system restart at this point to enable /dev/hwrng
161 
-    service rng-tools restart
162 
-	# Test that it works
163 
-	cat /dev/hwrng | rngtest -c 1000
160 
+    echo 'random_number_generator' >> $COMPLETION_FILE
161 
+    reboot
164 
   else
 162 
   else
165 
 	apt-get -y install haveged
 163 
 	apt-get -y install haveged
166 
   fi
 164 
   fi
346 
   echo 'configure_firewall' >> $COMPLETION_FILE
 344 
   echo 'configure_firewall' >> $COMPLETION_FILE
347 
 }
 345 
 }
348
346
347 
+function save_firewall_settings {
348 
+  iptables-save > /etc/firewall.conf
349 
+  ip6tables-save > /etc/firewall6.conf
350 
+  printf '#!/bin/sh\n' > /etc/network/if-up.d/iptables
351 
+  printf 'iptables-restore < /etc/firewall.conf\n' >> /etc/network/if-up.d/iptables
352 
+  printf 'ip6tables-restore < /etc/firewall6.conf\n' >> /etc/network/if-up.d/iptables
353 
+  chmod +x /etc/network/if-up.d/iptables
354 
+}
355 
+
349 
 function configure_firewall_for_ssh {
 356 
 function configure_firewall_for_ssh {
350 
   if [ grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE ]; then
 357 
   if [ grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE ]; then
351 
 	  return
 358 
 	  return
352 
   fi
 359 
   fi
353 
   iptables -A INPUT -i eth0 -p tcp --dport $SSH_PORT -j ACCEPT
 360 
   iptables -A INPUT -i eth0 -p tcp --dport $SSH_PORT -j ACCEPT
361 
+  save_firewall_settings
354 
   echo 'configure_firewall_for_ssh' >> $COMPLETION_FILE
 362 
   echo 'configure_firewall_for_ssh' >> $COMPLETION_FILE
355 
 }
 363 
 }
356
364
362 
   iptables -A INPUT -i eth0 -p tcp --dport 587 -j ACCEPT
 370 
   iptables -A INPUT -i eth0 -p tcp --dport 587 -j ACCEPT
363 
   iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT
 371 
   iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT
364 
   iptables -A INPUT -i eth0 -p tcp --dport 993 -j ACCEPT
 372 
   iptables -A INPUT -i eth0 -p tcp --dport 993 -j ACCEPT
373 
+  save_firewall_settings
365 
   echo 'configure_firewall_for_email' >> $COMPLETION_FILE
 374 
   echo 'configure_firewall_for_email' >> $COMPLETION_FILE
366 
 }
 375 
 }
367
376
368 
-function save_firewall_settings {
369 
-  iptables-save > /etc/firewall.conf
370 
-  ip6tables-save > /etc/firewall6.conf
371 
-  printf '#!/bin/sh\n' > /etc/network/if-up.d/iptables
372 
-  printf 'iptables-restore < /etc/firewall.conf\n' >> /etc/network/if-up.d/iptables
373 
-  printf 'ip6tables-restore < /etc/firewall6.conf\n' >> /etc/network/if-up.d/iptables
374 
-  chmod +x /etc/network/if-up.d/iptables
375 
-}
376 
-
377 
 function configure_internet_protocol {
 377 
 function configure_internet_protocol {
378 
   if [ grep -Fxq "configure_internet_protocol" $COMPLETION_FILE ]; then
 378 
   if [ grep -Fxq "configure_internet_protocol" $COMPLETION_FILE ]; then
379 
 	  return
 379 
 	  return
826 
 configure_firewall
 826 
 configure_firewall
827 
 configure_firewall_for_ssh
 827 
 configure_firewall_for_ssh
828 
 configure_firewall_for_email
 828 
 configure_firewall_for_email
829 
-save_firewall_settings
830 
 configure_internet_protocol
 829 
 configure_internet_protocol
831 
 script_to_make_self_signed_certificates
 830 
 script_to_make_self_signed_certificates
832 
 configure_email
 831 
 configure_email