I have finally completed the full revision of the Cardano Audit script for stake pool operators The first version released 15 month ago, and went trough several major updates.
The script has been completely revamped and reworked. It now supports various types of Cardano installations :
Coincashew
CNODE (Guild Operators)
Other installations
The code has been optimized and reorganized for greater efficiency. Configuration parsing is more accurate and now includes more parameters and checks.
For installations that are not based on Coincashew or CNODE, a more general parsing is performed by searching for systemd service files containing cardano. More configuration detection options will be added in future releases.
A selection menu is now available when launching the script, allowing users to choose the target installation type. It also offers the option to perform only SecOps security checks on the server.
It runs the following checks :
Cardano compliance
New 9.1.0 Cardano-Node version requirement for Chang hardfork
Cardano-node latest version verification
Cardano bootstrap check
Environment Variables
Systemd cardano-node file verification and parsing
Cardano startup script verification and parsing
Node operation mode (Block Producer ? Relay ?)
Topology mode (p2p enabled)
Topology configuration file parsing and compliance checks
You only seem to check the /etc/ssh/sshd_config file, but thereās also a directory /etc/ssh/sshd_config.d/ which can contain multiple config files that overwrite the values in the main one (theyāre processed lexicographically). Also, a non default location could be used.
BUTā¦ thereās an easy solution! Just use sudo sshd -T to get the combined flattened configuration that is actually used.
You donāt know what other things might be in that folder. Even with the Coincashew setup, other things can put something in that folder that overrides the values in the default config file.
Absolutely. But I assumed that people were following the coincashew guide (the script was built for them initially). However, they may very well have made modifications, including to file names, directories, etc. But you have to start from a baseline
Your script canāt find my socket file but it is in cardano-my-node/db/
Notes: I migrated the BP from the old manual install to Coincashew design.
Can this line of code below list the location of the folder it looked in or location of env file it used and could not find socket? Iām assuming I have an old env file somewhere but I have been unable to find it.
Nodes are all working normally so socket is in the correct location and working.
KES keys rotation information
[KO] Error : no cardano socket found. Please check your global env or your CNODE env file
I need more details as iām not able to reproduce this error with a coincashew setup (with the same socket file location).
1- do you run the script with sudo -E ?
2- do you pass the preliminary env variable checks ? (this is the very first check the script does if you select Coincashew install) ?
Hi Kirael
No it fails this test also, bashrc looks correct to me, node it running normally. nodehome env. looks correct. When converting from old manual node to coincashew the node naming changes, currently set to /db/socket instead of /db/node.socket
[WARNING] CARDANO_NODE_SOCKET_PATH env variable not set.
It might cause dysfunctions if using cardano-cli.
That could mean 2 things : you donāt run the script with sudo -E , or the env variable CARDANO_NODE_SOCKET_PATH is simply not set for the user who is sudoing.
Do you see the variable when you type āenvā ?