itn1_cluster

1. debian@Radar:/home$ sudo su
2. root@Radar:/home# su -
3. root@Radar:~# ls -ltr
4. total 0
5. root@Radar:~# cd home
6. -bash: cd: home: No such file or directory
7. root@Radar:~# cd /home
8. root@Radar:/home# mkdir ~/.ssh
9. mkdir: cannot create directory ‘/root/.ssh’: File exists
10. root@Radar:/home# cd debian
11. root@Radar:/home/debian# su -
12. root@Radar:~# apt update
13. Get:1 http://security.debia ...
14. ...
15. root@Radar:~# apt install git
16. Reading package lists... Done
17. Building ...
18. ...
19. root@Radar:~# git clone https://github.com/gacallea/itn1_cluster.git /root/itn1_cluster_repo
20. Cloning into '/root/itn1_cluster_repo'...
21. ...
22. root@Radar:~# nano /root/itn1_cluster_repo/itn1_cluster/files/node-secret.yaml
23.  
24. root@Radar:~# nano /root/itn1_cluster_repo/itn1_cluster/scripts/itn1_config
25. root@Radar:~# cd /root/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers/
26. root@Radar:~/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers# groupadd ssh-users
27. root@Radar:~/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers# grep "ssh-users" /etc/group
28. ssh-users:x:1001:
29. root@Radar:~/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers# useradd -c "griff" -m -d /home/griff -s /bin/bash -G sudo,ssh-users griff
30. root@Radar:~/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers# groups griff
31. griff : griff sudo ssh-users
32. root@Radar:~/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers# passwd griff
33. New password:
34. Retype new password:
35. passwd: password updated successfully
36.  
37. root@Radar:~/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers# su - griff
38. griff@Radar:~$ mkdir ~/.ssh
39. griff@Radar:~$ sudo nano ~/.ssh/authorized_keys
40.  
41. griff@Radar:~$ sudo su -
42. root@Radar:~# cd /root/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers/
43. root@Radar:~/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers# ./itn1_prepare --create-pool-user
44. passwd: password expiry information changed.
45. User 'pooldozer' successfully created with home dir '/home/pooldozer' ***shit meant for that to be 'pooluser'
46. root@Radar:~/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers# apt update
47. Hit:1 http://security.debian.org buster/upda ...
48. ...
49. root@Radar:~/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers# apt install bc cbm ccze chrony curl dateutils fail2ban
50. htop jq musl net-tools ripgrep speedtest-cli sysstat tcptraceroute wget
51. Reading package lists... Done
52. ...root@Radar:~/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers# nano /etc/apt/sources.list
53. root@Radar:~/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers# sudo systemctl restart sshd
54.  
55.  
56. root@Radar:~/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers# ./itn1_prepare --install-software
57. Hit:1 http://security.debian.org buster/updates InRelease
58. Hit:2 http://deb.debian.org/d ...
59. ...
60. root@Radar:~/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers# curl -sLOJ https://github.com/input-output-hk/jormungandr/releases/download/v0.8.16/jormungandr-v0.8.16-x86_64-unknown-linux-gnu-generic.tar.gz
61. root@Radar:~/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers# tar xzvf jormungandr-v0.8.16-x86_64-unknown-linux-gnu-generic.tar.gz
62. jormungandr
63. jcli
64. root@Radar:~/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers# mv jcli /usr/local/bin/
65. root@Radar:~/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers# mv jormungandr /usr/local/bin/
66. root@Radar:~/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers# chmod +x /usr/local/bin/jcli
67. root@Radar:~/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers# chmod +x /usr/local/bin/jormungandr
68. root@Radar:~/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers# chown -R root\: /usr/local/bin/
69. root@Radar:~/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers# update-alternatives --config iptables
70. There are 2 choices for the alternative iptables (providing /usr/sbin/iptables).
71.  
72. Selection Path Priority Status
73. ------------------------------------------------------------
74. * 0 /usr/sbin/iptables-nft 20 auto mode
75. 1 /usr/sbin/iptables-legacy 10 manual mode
76. 2 /usr/sbin/iptables-nft 20 manual mode
77.  
78. Press <enter> to keep the current choice[*], or type selection number:
79. root@Radar:~/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers# FirewallBackend=nftables
80. root@Radar:~/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers# LogDenied=all
81. root@Radar:~/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers# firewall-cmd --permanent --zone=public --add-service=ssh
82. Warning: ALREADY_ENABLED: ssh
83. success
84. root@Radar:~/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers# firewall-cmd --permanent --zone=public --add-port=5269/tcp
85. success
86. root@Radar:~/itn1_cluster_repo/itn1_cluster/scripts/itn1_helpers# ./itn1_prepare --set-firewall
87. success
88. success
89. success
90.  
91. Reloading firewall
92. Error: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.8.2 (nf_tables):
93. line 4: RULE_REPLACE failed (No such file or directory): rule in chain INPUT
94. line 4: RULE_REPLACE failed (No such file or directory): rule in chain OUTPUT
95.  
96.  
97. These are your new firewall rules:
98. public
99. target: default
100. icmp-block-inversion: no
101. interfaces:
102. sources:
103. services:
104. ports:
105. protocols:
106. masquerade: no
107. forward-ports:
108. source-ports:
109. icmp-blocks:
110. rich rules: