entropy-upgrade

1. #!/bin/bash
2.  
3. # Title: entropy-upgrare
4. # Author: Seth Wahle
5. # Contact: Seth [at] cyberdonix.com  Twitter: @SethWahle
6.  
7. # Run this script as sudo
8.  
9. # Installs haveged and modifies settings for greater entropy and sets /random blocking to 1024 to en$
10. # when entropy is low. This script sets a fairly high minimum entropy level it can be lowered if
11. # you feel that a lower value is acceptable to your security standards.
12.  
13. # Tested and confirm working on Debian 8
14.  
15. apt-get update
16. apt-get install haveged
17.  
18. #Appends new entropy settings to the end of /ect/sysctl.conf
19. echo "Installing new SYSCTL entropy setting"
20. echo "#keep entropy pool filled" >> /etc/sysctl.conf
21. echo kernel.random.write_wakeup_threshold = 3584 >> /etc/sysctl.conf
22. echo "#Lock /random  if it falls below 1024 for security" >> /etc/sysctl.conf
23. echo kernel.random.read_wakeup_threshold = 1024 >> /etc/sysctl.conf
24.  
25. #Appends new setting to the haveged config file
26. echo "Installing new HAVEGED setting"
27.  
28.  
29. echo "# Configuration file for haveged" > /etc/default/haveged
30. echo "# Options to pass to haveged:" >> /etc/default/haveged
31. echo "#   -w sets low entropy watermark (in bits)" >> /etc/default/haveged
32. echo 'DAEMON_ARGS="-w 3584"' >> /etc/default/haveged
33.  
34. #restarts haveged to apply settings
35. echo "Applying setting and restarting HAVEGED"
36. /etc/init.d/haveged restart
37.  
38. #Appends a "sysctl -p" before exit0 in /etc/rc.local to make the system reapply sysctl.conf settings$
39. sudo sed -i '/^exit 0/isysctl -p' /etc/rc.local
40. sysctl -p
41. echo "============  NOTICE: Please Reboot for changes to take effect  =============="