blob: 431227b410b5eff66a95db4fb29ef6ce42ff7a47 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
#!/bin/bash
set -e
# === CONFIG ===
GEN_HOSTNAME="genesis-vps-$RANDOM"
TG_API_URL="https://api.telegram.org/bot<OPTIONAL-BOT>/sendMessage"
TG_CHAT_ID="<OPTIONAL-ID>"
# === STEP 1: Obfuscate Traceroute (ICMP & UDP/TCP Ports) ===
echo "[*] Obfuscating traceroute and TTL paths..."
iptables -A OUTPUT -p icmp --icmp-type time-exceeded -j DROP
iptables -A INPUT -p udp --dport 33434:33534 -j DROP
iptables -A INPUT -p tcp --dport 33434:33534 -j DROP
echo "[+] Firewall rules added."
# === STEP 2: Set a Neutral Hostname ===
echo "[*] Setting hostname to $GEN_HOSTNAME"
hostnamectl set-hostname "$GEN_HOSTNAME"
sed -i "s/^127.0.1.1.*/127.0.1.1 $GEN_HOSTNAME/" /etc/hosts
echo "[+] Hostname set."
# === STEP 3: Remove Linode Metadata Access ===
echo "[*] Disabling Linode metadata agent (if present)..."
systemctl stop linode-cloudinit 2>/dev/null || true
systemctl disable linode-cloudinit 2>/dev/null || true
touch /etc/cloud/cloud-init.disabled
rm -rf /etc/cloud /var/lib/cloud /var/log/cloud-init.log
echo "[+] Cloud-init neutered."
# === STEP 4: Scrub Linode Stuff ===
echo "[*] Scrubbing Linode fingerprints..."
rm -f /etc/motd /etc/update-motd.d/linode
rm -rf /usr/share/linode*
rm -f /etc/apt/sources.list.d/linode.list
apt remove --purge -y linode-cli linode-config 2>/dev/null || true
yum remove -y linode-cli linode-config 2>/dev/null || true
echo "[+] Linode packages and branding removed."
# === STEP 5: Optional Telegram Notice ===
# Uncomment if you want to alert yourself when a VPS is hardened
# curl -s -X POST "$TG_API_URL" -d chat_id="$TG_CHAT_ID" -d text="Genesis VPS hardened: $GEN_HOSTNAME is stealth-ready." > /dev/null
# === STEP 6: Final Touch ===
echo "[✅] Genesis VPS hardened. You are now off-the-grid and good to go."
|
