diff options
| author | doc <doc@filenotfound.org> | 2025-06-30 20:14:17 +0000 |
|---|---|---|
| committer | doc <doc@filenotfound.org> | 2025-06-30 20:14:17 +0000 |
| commit | a8cd1c324c0541b0d26542168aeced085ec13201 (patch) | |
| tree | a99d398008b46aa4df5dcae997e1690298d2fc70 /vps/check-hardened.sh | |
Diffstat (limited to 'vps/check-hardened.sh')
| -rwxr-xr-x | vps/check-hardened.sh | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/vps/check-hardened.sh b/vps/check-hardened.sh new file mode 100755 index 0000000..cdaeef8 --- /dev/null +++ b/vps/check-hardened.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash +# check-hardened.sh - Scan all known Genesis VPSes for hardening status +# Requirements: ssh access to all VPSes by label or IP + +LOG_BASE="/home/doc/vpslogs" +MARKER_FILE="/var/log/genesis-hardened.ok" + +if [ ! -d "$LOG_BASE" ]; then + echo "❌ Log directory $LOG_BASE does not exist. Are you running this on Krang?" + exit 1 +fi + +cd "$LOG_BASE" || exit 1 + +echo "🔍 Scanning for hardened Genesis VPSes..." +echo + +for LOG in *.log; do + VPS_LABEL="${LOG%.log}" + LAST_KNOWN_IP=$(grep -Eo '\([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\)' "$LOG" | tail -1 | tr -d '()') + + if [ -z "$LAST_KNOWN_IP" ]; then + echo "⚠️ $VPS_LABEL: No IP found in log. Skipping." + continue + fi + + echo -n "🔧 $VPS_LABEL ($LAST_KNOWN_IP): " + + ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@"$LAST_KNOWN_IP" "test -f $MARKER_FILE" >/dev/null 2>&1 + + if [ $? -eq 0 ]; then + echo "✅ Hardened" + else + echo "❌ Not marked as hardened" + fi + +done |