1 files changed, 44 insertions, 0 deletions

diff --git a/vps/genesis_squeaky.sh b/vps/genesis_squeaky.sh
new file mode 100755
index 0000000..431227b
--- /dev/null
+++ b/vps/genesis_squeaky.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+set -e
+
+# === CONFIG ===
+GEN_HOSTNAME="genesis-vps-$RANDOM"
+TG_API_URL="https://api.telegram.org/bot<OPTIONAL-BOT>/sendMessage"
+TG_CHAT_ID="<OPTIONAL-ID>"
+
+# === STEP 1: Obfuscate Traceroute (ICMP & UDP/TCP Ports) ===
+echo "[*] Obfuscating traceroute and TTL paths..."
+iptables -A OUTPUT -p icmp --icmp-type time-exceeded -j DROP
+iptables -A INPUT -p udp --dport 33434:33534 -j DROP
+iptables -A INPUT -p tcp --dport 33434:33534 -j DROP
+echo "[+] Firewall rules added."
+
+# === STEP 2: Set a Neutral Hostname ===
+echo "[*] Setting hostname to $GEN_HOSTNAME"
+hostnamectl set-hostname "$GEN_HOSTNAME"
+sed -i "s/^127.0.1.1.*/127.0.1.1   $GEN_HOSTNAME/" /etc/hosts
+echo "[+] Hostname set."
+
+# === STEP 3: Remove Linode Metadata Access ===
+echo "[*] Disabling Linode metadata agent (if present)..."
+systemctl stop linode-cloudinit 2>/dev/null || true
+systemctl disable linode-cloudinit 2>/dev/null || true
+touch /etc/cloud/cloud-init.disabled
+rm -rf /etc/cloud /var/lib/cloud /var/log/cloud-init.log
+echo "[+] Cloud-init neutered."
+
+# === STEP 4: Scrub Linode Stuff ===
+echo "[*] Scrubbing Linode fingerprints..."
+rm -f /etc/motd /etc/update-motd.d/linode
+rm -rf /usr/share/linode*
+rm -f /etc/apt/sources.list.d/linode.list
+apt remove --purge -y linode-cli linode-config 2>/dev/null || true
+yum remove -y linode-cli linode-config 2>/dev/null || true
+echo "[+] Linode packages and branding removed."
+
+# === STEP 5: Optional Telegram Notice ===
+# Uncomment if you want to alert yourself when a VPS is hardened
+# curl -s -X POST "$TG_API_URL" -d chat_id="$TG_CHAT_ID" -d text="Genesis VPS hardened: $GEN_HOSTNAME is stealth-ready." > /dev/null
+
+# === STEP 6: Final Touch ===
+echo "[✅] Genesis VPS hardened. You are now off-the-grid and good to go."