Audit script for coincashew users

Staking & Delegation Stake Pool Security
1

Hello there o/

I made an audit script for coincashew node installations.
This v1 collects information by running the following checks (the script doesn’t modify anything, of course !) :

  • Environnement Variables
  • Systemd cardano-node file verification and parsing
  • Cardano startup script verification and parsing
  • Node operation mode (Block Producer ? Relay ?)
  • Topology mode (p2p enabled ?)
  • Topology configuration
  • Keys
  • SSHD config file parsing for hardening
  • Null passwords check
  • Key services running
  • Firewalling rules extract

Capture d’écran 2023-04-10 à 20.40.11

Capture d’écran 2023-04-10 à 20.40.28

It can help SPOs improve the security of their servers, and check everything is fine.
It’s not perfect, i’m working on improvements to add features and more checks :slight_smile:

Here is my repository :

2 Likes
2

Hello there o/

I just finished the script v2, which brings :

  • Improved Cardano config parsing accuracy
  • Improved KES files detection and checks
  • KES expiry calculation and alert
  • /etc/sysctl.conf hardening checks

On top of several minor improvements.

Capture d’écran 2023-06-06 à 13.51.31

Reminder : The Cardano config checks will work only for Coincashew installations. But, every other checks (security, system, sshd, etc) will work on any linux server (tested on Ubuntu 22.04.02)

You can try it there :

2 Likes
3

I’m glad to announce that the Cardano Audit Script for coincashew users has been included in the Coincashew Guide ( section IV. Administration).

2 Likes
4

Hello there o/

Newest version of the script is available (v5.0.0)

  • Cardano-node latest version verification
  • Cardano new P2P bootstrap check
  • Environment Variables
  • Systemd cardano-node file verification and parsing
  • Cardano startup script verification and parsing
  • Node operation mode (Block Producer ? Relay ?)
  • Topology mode (p2p enabled)
  • Topology configuration
  • Keys
  • SSHD hardening
  • Null passwords check
  • Important services running
  • Firewalling rules extract
  • KES expiry and rotation alert
  • sysctl.conf hardening check
1 Like
5

Hello there o/

The latest version of the Cardano Audit Script is available (v6.0.0).

Major code improvements and checks have been implemented, along with the possibility to export Audit results to a file.

1 Like
6

Thank this is awesome work and helped us get back online faster.

1 Like
7

Great !

very glad it helped you.

I’m working on a brand new version of the script, ton include CNODE guild operator setups :slight_smile:

8

The coincashew script has evolved.

More info : New cardano-node security/compliance audit script for SPOs (all setup)

This topic should no be used anymore.

1 Like