From a8cd1c324c0541b0d26542168aeced085ec13201 Mon Sep 17 00:00:00 2001
From: doc <doc@filenotfound.org>
Date: Mon, 30 Jun 2025 20:14:17 +0000
Subject: initial failzero commit

---
 check-hardened.sh | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100755 check-hardened.sh

(limited to 'check-hardened.sh')

diff --git a/check-hardened.sh b/check-hardened.sh
new file mode 100755
index 0000000..cdaeef8
--- /dev/null
+++ b/check-hardened.sh
@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+# check-hardened.sh - Scan all known Genesis VPSes for hardening status
+# Requirements: ssh access to all VPSes by label or IP
+
+LOG_BASE="/home/doc/vpslogs"
+MARKER_FILE="/var/log/genesis-hardened.ok"
+
+if [ ! -d "$LOG_BASE" ]; then
+  echo "❌ Log directory $LOG_BASE does not exist. Are you running this on Krang?"
+  exit 1
+fi
+
+cd "$LOG_BASE" || exit 1
+
+echo "🔍 Scanning for hardened Genesis VPSes..."
+echo
+
+for LOG in *.log; do
+  VPS_LABEL="${LOG%.log}"
+  LAST_KNOWN_IP=$(grep -Eo '\([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\)' "$LOG" | tail -1 | tr -d '()')
+
+  if [ -z "$LAST_KNOWN_IP" ]; then
+    echo "⚠️  $VPS_LABEL: No IP found in log. Skipping."
+    continue
+  fi
+
+  echo -n "🔧 $VPS_LABEL ($LAST_KNOWN_IP): "
+
+  ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@"$LAST_KNOWN_IP" "test -f $MARKER_FILE" >/dev/null 2>&1
+
+  if [ $? -eq 0 ]; then
+    echo "✅ Hardened"
+  else
+    echo "❌ Not marked as hardened"
+  fi
+
+done
-- 
cgit v1.2.3