Audit script for coincashew users

kirael · 10 April 2023 19:13

Hello there o/

I made an audit script for coincashew node installations.
This v1 collects information by running the following checks (the script doesn’t modify anything, of course !) :

Environnement Variables
Systemd cardano-node file verification and parsing
Cardano startup script verification and parsing
Node operation mode (Block Producer ? Relay ?)
Topology mode (p2p enabled ?)
Topology configuration
Keys
SSHD config file parsing for hardening
Null passwords check
Key services running
Firewalling rules extract

Capture d’écran 2023-04-10 à 20.40.11

Capture d’écran 2023-04-10 à 20.40.28

It can help SPOs improve the security of their servers, and check everything is fine.
It’s not perfect, i’m working on improvements to add features and more checks

Here is my repository :

kirael · 6 June 2023 12:57

Hello there o/

I just finished the script v2, which brings :

Improved Cardano config parsing accuracy
Improved KES files detection and checks
KES expiry calculation and alert
/etc/sysctl.conf hardening checks

On top of several minor improvements.

Capture d’écran 2023-06-06 à 13.51.31

Reminder : The Cardano config checks will work only for Coincashew installations. But, every other checks (security, system, sshd, etc) will work on any linux server (tested on Ubuntu 22.04.02)

You can try it there :

kirael · 1 July 2023 22:38

I’m glad to announce that the Cardano Audit Script for coincashew users has been included in the Coincashew Guide ( section IV. Administration).