External/du_setup
1
0
Fork 0
mirror of https://github.com/buildplan/du_setup.git synced 2025-12-29 16:14:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #52 from buildplan/ts_key

Browse Source 
avoid logging tailscale key
This commit is contained in:
buildplan
2025-09-07 11:20:32 +01:00
committed by GitHub
parent 5c829f4c7b b4d9830d9e
commit 753eb3fdab
3 changed files with 22 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@@ -7,9 +7,9 @@
[![Shell](https://img.shields.io/badge/Shell-Bash%204.4%2B-green)](https://www.gnu.org/software/bash/) [![Shell](https://img.shields.io/badge/Shell-Bash%204.4%2B-green)](https://www.gnu.org/software/bash/)
[![Type](https://img.shields.io/badge/Type-Setup%20%26%20Hardening-blue)](https://github.com/buildplan/du_setup) [![Type](https://img.shields.io/badge/Type-Setup%20%26%20Hardening-blue)](https://github.com/buildplan/du_setup)
**Version:** v0.66 **Version:** v0.67
**Last Updated:** 2025-08-26 **Last Updated:** 2025-09-07
**Compatible With:** **Compatible With:**
@@ -83,12 +83,12 @@ sha256sum du_setup.sh
Compare the output hash to the one below. They must match exactly. Compare the output hash to the one below. They must match exactly.
`552a23eb55417266e1b8c048f80b81323630c9dadbacdbf0fb1e3781cb5978b1` `a21cf048c8fe790d16bba12f436b6cdbe99ead732e5c72baa46ff7155fd63110`
Or echo the hash to check, it should output: `du_setup.sh: OK` Or echo the hash to check, it should output: `du_setup.sh: OK`
``` ```
echo 552a23eb55417266e1b8c048f80b81323630c9dadbacdbf0fb1e3781cb5978b1 du_setup.sh | sha256sum --check - echo a21cf048c8fe790d16bba12f436b6cdbe99ead732e5c72baa46ff7155fd63110 du_setup.sh | sha256sum --check -
``` ```
### 3\. Run the Script ### 3\. Run the Script

31
du_setup.sh
View File

@@ -1,8 +1,9 @@
#!/bin/bash #!/bin/bash
# Debian and Ubuntu Server Hardening Interactive Script # Debian and Ubuntu Server Hardening Interactive Script
# Version: 0.66 | 2025-08-26 # Version: 0.67 | 2025-09-07
# Changelog: # Changelog:
# - v0.67: Do not log taiscale auth key in log file
# - v0.66: While configuring and in the summary, display both IPv6 and IPv4. # - v0.66: While configuring and in the summary, display both IPv6 and IPv4.
# - v0.65: If reconfigure locales - appy newly configured locale to the current environment. # - v0.65: If reconfigure locales - appy newly configured locale to the current environment.
# - v0.64: Tested at Debian 13 to confirm it works as expected # - v0.64: Tested at Debian 13 to confirm it works as expected
@@ -66,7 +67,7 @@
set -euo pipefail # Exit on error, undefined vars, pipe failures set -euo pipefail # Exit on error, undefined vars, pipe failures
# --- Update Configuration --- # --- Update Configuration ---
CURRENT_VERSION="0.66" CURRENT_VERSION="0.67"
SCRIPT_URL="https://raw.githubusercontent.com/buildplan/du_setup/refs/heads/main/du_setup.sh" SCRIPT_URL="https://raw.githubusercontent.com/buildplan/du_setup/refs/heads/main/du_setup.sh"
CHECKSUM_URL="${SCRIPT_URL}.sha256" CHECKSUM_URL="${SCRIPT_URL}.sha256"
@@ -127,7 +128,7 @@ print_header() {
echo -e "${CYAN}╔═════════════════════════════════════════════════════════════════╗${NC}" echo -e "${CYAN}╔═════════════════════════════════════════════════════════════════╗${NC}"
echo -e "${CYAN}║ ║${NC}" echo -e "${CYAN}║ ║${NC}"
echo -e "${CYAN}║ DEBIAN/UBUNTU SERVER SETUP AND HARDENING SCRIPT ║${NC}" echo -e "${CYAN}║ DEBIAN/UBUNTU SERVER SETUP AND HARDENING SCRIPT ║${NC}"
echo -e "${CYAN}║ v0.66 | 2025-08-26${NC}" echo -e "${CYAN}║ v0.67 | 2025-09-07${NC}"
echo -e "${CYAN}║ ║${NC}" echo -e "${CYAN}║ ║${NC}"
echo -e "${CYAN}╚═════════════════════════════════════════════════════════════════╝${NC}" echo -e "${CYAN}╚═════════════════════════════════════════════════════════════════╝${NC}"
echo echo
@@ -1503,12 +1504,13 @@ install_tailscale() {
TS_COMMAND="$TS_COMMAND --login-server=$LOGIN_SERVER" TS_COMMAND="$TS_COMMAND --login-server=$LOGIN_SERVER"
fi fi
TS_COMMAND="$TS_COMMAND --auth-key=$AUTH_KEY --operator=$USERNAME" TS_COMMAND="$TS_COMMAND --auth-key=$AUTH_KEY --operator=$USERNAME"
print_info "Connecting to Tailscale with: $TS_COMMAND" TS_COMMAND_SAFE=$(echo "$TS_COMMAND" | sed -E 's/--auth-key=[^[:space:]]+/--auth-key=REDACTED/g')
print_info "Connecting to Tailscale with: $TS_COMMAND_SAFE"
if ! $TS_COMMAND; then if ! $TS_COMMAND; then
print_warning "Failed to connect to Tailscale. Possible issues: invalid pre-auth key, network restrictions, or server unavailability." print_warning "Failed to connect to Tailscale. Possible issues: invalid pre-auth key, network restrictions, or server unavailability."
print_info "Please run the following command manually after resolving the issue:" print_info "Please run the following command manually after resolving the issue:"
echo -e "${CYAN} $TS_COMMAND${NC}" echo -e "${CYAN} $TS_COMMAND_SAFE${NC}"
log "Tailscale connection failed: $TS_COMMAND" log "Tailscale connection failed: $TS_COMMAND_SAFE"
else else
# Verify connection status with retries # Verify connection status with retries
local RETRIES=3 local RETRIES=3
@@ -1529,7 +1531,7 @@ install_tailscale() {
done done
if $CONNECTED; then if $CONNECTED; then
print_success "Tailscale connected successfully. Node IPv4 in tailnet: $TS_IPV4" print_success "Tailscale connected successfully. Node IPv4 in tailnet: $TS_IPV4"
log "Tailscale connected: $TS_COMMAND" log "Tailscale connected: $TS_COMMAND_SAFE"
# Store connection details for summary # Store connection details for summary
echo "${LOGIN_SERVER:-https://controlplane.tailscale.com}" > /tmp/tailscale_server echo "${LOGIN_SERVER:-https://controlplane.tailscale.com}" > /tmp/tailscale_server
echo "$TS_IPS" > /tmp/tailscale_ips.txt echo "$TS_IPS" > /tmp/tailscale_ips.txt
@@ -1537,8 +1539,8 @@ install_tailscale() {
else else
print_warning "Tailscale connection attempt succeeded, but no IPs assigned." print_warning "Tailscale connection attempt succeeded, but no IPs assigned."
print_info "Please verify with 'tailscale ip' and run the following command manually if needed:" print_info "Please verify with 'tailscale ip' and run the following command manually if needed:"
echo -e "${CYAN} $TS_COMMAND${NC}" echo -e "${CYAN} $TS_COMMAND_SAFE${NC}"
log "Tailscale connection not verified: $TS_COMMAND" log "Tailscale connection not verified: $TS_COMMAND_SAFE"
tailscale status > /tmp/tailscale_status.txt 2>&1 tailscale status > /tmp/tailscale_status.txt 2>&1
log "Tailscale status output saved to /tmp/tailscale_status.txt for debugging" log "Tailscale status output saved to /tmp/tailscale_status.txt for debugging"
fi fi
@@ -1572,12 +1574,13 @@ install_tailscale() {
TS_COMMAND="$TS_COMMAND --login-server=$LOGIN_SERVER" TS_COMMAND="$TS_COMMAND --login-server=$LOGIN_SERVER"
fi fi
TS_COMMAND="$TS_COMMAND --auth-key=$AUTH_KEY --operator=$USERNAME $TS_FLAGS" TS_COMMAND="$TS_COMMAND --auth-key=$AUTH_KEY --operator=$USERNAME $TS_FLAGS"
print_info "Reconfiguring Tailscale with additional options: $TS_COMMAND" TS_COMMAND_SAFE=$(echo "$TS_COMMAND" | sed -E 's/--auth-key=[^[:space:]]+/--auth-key=REDACTED/g')
print_info "Reconfiguring Tailscale with additional options: $TS_COMMAND_SAFE"
if ! $TS_COMMAND; then if ! $TS_COMMAND; then
print_warning "Failed to reconfigure Tailscale with additional options." print_warning "Failed to reconfigure Tailscale with additional options."
print_info "Please run the following command manually after resolving the issue:" print_info "Please run the following command manually after resolving the issue:"
echo -e "${CYAN} $TS_COMMAND${NC}" echo -e "${CYAN} $TS_COMMAND_SAFE${NC}"
log "Tailscale reconfiguration failed: $TS_COMMAND" log "Tailscale reconfiguration failed: $TS_COMMAND_SAFE"
else else
# Verify reconfiguration status with retries # Verify reconfiguration status with retries
local RETRIES=3 local RETRIES=3
@@ -1598,14 +1601,14 @@ install_tailscale() {
done done
if $CONNECTED; then if $CONNECTED; then
print_success "Tailscale reconfigured with additional options. Node IPv4 in tailnet: $TS_IPV4" print_success "Tailscale reconfigured with additional options. Node IPv4 in tailnet: $TS_IPV4"
log "Tailscale reconfigured: $TS_COMMAND" log "Tailscale reconfigured: $TS_COMMAND_SAFE"
# Store flags and IPs for summary # Store flags and IPs for summary
echo "$TS_FLAGS" | sed 's/ --/ /g' | sed 's/^ *//' > /tmp/tailscale_flags echo "$TS_FLAGS" | sed 's/ --/ /g' | sed 's/^ *//' > /tmp/tailscale_flags
echo "$TS_IPS" > /tmp/tailscale_ips.txt echo "$TS_IPS" > /tmp/tailscale_ips.txt
else else
print_warning "Tailscale reconfiguration attempt succeeded, but no IPs assigned." print_warning "Tailscale reconfiguration attempt succeeded, but no IPs assigned."
print_info "Please verify with 'tailscale ip' and run the following command manually if needed:" print_info "Please verify with 'tailscale ip' and run the following command manually if needed:"
echo -e "${CYAN} $TS_COMMAND${NC}" echo -e "${CYAN} $TS_COMMAND_SAFE${NC}"
log "Tailscale reconfiguration not verified: $TS_COMMAND" log "Tailscale reconfiguration not verified: $TS_COMMAND"
tailscale status > /tmp/tailscale_status.txt 2>&1 tailscale status > /tmp/tailscale_status.txt 2>&1
log "Tailscale status output saved to /tmp/tailscale_status.txt for debugging" log "Tailscale status output saved to /tmp/tailscale_status.txt for debugging"

2
du_setup.sh.sha256
View File

@@ -1 +1 @@
552a23eb55417266e1b8c048f80b81323630c9dadbacdbf0fb1e3781cb5978b1 du_setup.sh a21cf048c8fe790d16bba12f436b6cdbe99ead732e5c72baa46ff7155fd63110 du_setup.sh