daily pastebin goal
56%
SHARE
TWEET

entropy-upgrade

osteth Mar 11th, 2016 (edited) 116 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2.  
  3. # Title: entropy-upgrare
  4. # Author: Seth Wahle
  5. # Contact: Seth [at] cyberdonix.com  Twitter: @SethWahle
  6.  
  7. # Run this script as sudo
  8.  
  9. # Installs haveged and modifies settings for greater entropy and sets /random blocking to 1024 to en$
  10. # when entropy is low. This script sets a fairly high minimum entropy level it can be lowered if
  11. # you feel that a lower value is acceptable to your security standards.
  12.  
  13. # Tested and confirm working on Debian 8
  14.  
  15. apt-get update
  16. apt-get install haveged
  17.  
  18. #Appends new entropy settings to the end of /ect/sysctl.conf
  19. echo "Installing new SYSCTL entropy setting"
  20. echo "#keep entropy pool filled" >> /etc/sysctl.conf
  21. echo kernel.random.write_wakeup_threshold = 3584 >> /etc/sysctl.conf
  22. echo "#Lock /random  if it falls below 1024 for security" >> /etc/sysctl.conf
  23. echo kernel.random.read_wakeup_threshold = 1024 >> /etc/sysctl.conf
  24.  
  25. #Appends new setting to the haveged config file
  26. echo "Installing new HAVEGED setting"
  27.  
  28.  
  29. echo "# Configuration file for haveged" > /etc/default/haveged
  30. echo "# Options to pass to haveged:" >> /etc/default/haveged
  31. echo "#   -w sets low entropy watermark (in bits)" >> /etc/default/haveged
  32. echo 'DAEMON_ARGS="-w 3584"' >> /etc/default/haveged
  33.  
  34. #restarts haveged to apply settings
  35. echo "Applying setting and restarting HAVEGED"
  36. /etc/init.d/haveged restart
  37.  
  38. #Appends a "sysctl -p" before exit0 in /etc/rc.local to make the system reapply sysctl.conf settings$
  39. sudo sed -i '/^exit 0/isysctl -p' /etc/rc.local
  40. sysctl -p
  41. echo "============  NOTICE: Please Reboot for changes to take effect  =============="
RAW Paste Data
Top