From 25935fd3b12365186d1506e01a047238ddad95e3 Mon Sep 17 00:00:00 2001 From: anonpenguin23 Date: Sat, 20 Sep 2025 13:28:44 +0300 Subject: [PATCH] Removed unused command setup-production-security.sh --- CHANGELOG.md | 2 + Makefile | 2 +- scripts/setup-production-security.sh | 140 --------------------------- 3 files changed, 3 insertions(+), 141 deletions(-) delete mode 100755 scripts/setup-production-security.sh diff --git a/CHANGELOG.md b/CHANGELOG.md index cf3e7c4..c334e37 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,8 @@ The format is based on [Keep a Changelog][keepachangelog] and adheres to [Semant ### Removed +- Removed unused command setup-production-security.sh + ### Fixed ### Security diff --git a/Makefile b/Makefile index e0fe496..69f5b1a 100644 --- a/Makefile +++ b/Makefile @@ -21,7 +21,7 @@ test-e2e: .PHONY: build clean test run-node run-node2 run-node3 run-example deps tidy fmt vet lint clear-ports -VERSION := 0.43.6-beta +VERSION := 0.43.7-beta COMMIT ?= $(shell git rev-parse --short HEAD 2>/dev/null || echo unknown) DATE ?= $(shell date -u +%Y-%m-%dT%H:%M:%SZ) LDFLAGS := -X 'main.version=$(VERSION)' -X 'main.commit=$(COMMIT)' -X 'main.date=$(DATE)' diff --git a/scripts/setup-production-security.sh b/scripts/setup-production-security.sh deleted file mode 100755 index 10e5c0b..0000000 --- a/scripts/setup-production-security.sh +++ /dev/null @@ -1,140 +0,0 @@ -#!/bin/bash -set -euo pipefail - -# DeBros Network Production Security Setup -# This script configures secure RQLite clustering with authentication - -DEBROS_DIR="/opt/debros" -CONFIG_DIR="$DEBROS_DIR/configs" -KEYS_DIR="$DEBROS_DIR/keys" - -echo "🔐 Setting up DeBros Network Production Security..." - -# Create security directories -sudo mkdir -p "$CONFIG_DIR" "$KEYS_DIR" -sudo chown debros:debros "$CONFIG_DIR" "$KEYS_DIR" -sudo chmod 750 "$KEYS_DIR" - -# Generate cluster authentication credentials -CLUSTER_USER="debros_cluster" -CLUSTER_PASS=$(openssl rand -base64 32) -API_USER="debros_api" -API_PASS=$(openssl rand -base64 32) - -echo "🔑 Generated cluster credentials:" -echo " Cluster User: $CLUSTER_USER" -echo " API User: $API_USER" - -# Create RQLite users configuration -cat > "$CONFIG_DIR/rqlite-users.json" << EOF -[ - { - "username": "$CLUSTER_USER", - "password": "$CLUSTER_PASS", - "perms": ["*"] - }, - { - "username": "$API_USER", - "password": "$API_PASS", - "perms": ["status", "ready", "nodes", "db:*"] - } -] -EOF - -sudo chown debros:debros "$CONFIG_DIR/rqlite-users.json" -sudo chmod 600 "$CONFIG_DIR/rqlite-users.json" - -# Store credentials securely -cat > "$KEYS_DIR/rqlite-cluster-auth" << EOF -RQLITE_CLUSTER_USER="$CLUSTER_USER" -RQLITE_CLUSTER_PASS="$CLUSTER_PASS" -RQLITE_API_USER="$API_USER" -RQLITE_API_PASS="$API_PASS" -EOF - -sudo chown debros:debros "$KEYS_DIR/rqlite-cluster-auth" -sudo chmod 600 "$KEYS_DIR/rqlite-cluster-auth" - -# Configure firewall for production -echo "🛡️ Configuring production firewall rules..." - -# Reset UFW to defaults -sudo ufw --force reset - -# Default policies -sudo ufw default deny incoming -sudo ufw default allow outgoing - -# SSH (adjust port as needed) -sudo ufw allow 22/tcp comment "SSH" - -# LibP2P P2P networking (public, encrypted) -sudo ufw allow 4001/tcp comment "LibP2P P2P" -sudo ufw allow 4001/udp comment "LibP2P QUIC" - -# RQLite ports (restrict to cluster IPs only) -BOOTSTRAP_IPS=("57.129.81.31" "38.242.250.186") -for ip in "${BOOTSTRAP_IPS[@]}"; do - sudo ufw allow from "$ip" to any port 5001 comment "RQLite HTTP from $ip" - sudo ufw allow from "$ip" to any port 7001 comment "RQLite Raft from $ip" -done - -# Enable firewall -sudo ufw --force enable - -echo "🔧 Configuring RQLite cluster authentication..." - -# Update RQLite join addresses with authentication -AUTHENTICATED_JOIN_ADDRESS="http://$CLUSTER_USER:$CLUSTER_PASS@57.129.81.31:5001" - -# Create environment file for authenticated connections -cat > "$CONFIG_DIR/rqlite-env" << EOF -# RQLite cluster authentication -RQLITE_JOIN_AUTH_USER="$CLUSTER_USER" -RQLITE_JOIN_AUTH_PASS="$CLUSTER_PASS" -RQLITE_JOIN_ADDRESS_AUTH="$AUTHENTICATED_JOIN_ADDRESS" -EOF - -sudo chown debros:debros "$CONFIG_DIR/rqlite-env" -sudo chmod 600 "$CONFIG_DIR/rqlite-env" - -# Create connection helper script -cat > "$DEBROS_DIR/bin/rqlite-connect" << 'EOF' -#!/bin/bash -# Helper script for authenticated RQLite connections - -source /opt/debros/keys/rqlite-cluster-auth - -if [ "$1" = "cluster" ]; then - rqlite -H localhost -p 5001 -u "$RQLITE_CLUSTER_USER" -p "$RQLITE_CLUSTER_PASS" -elif [ "$1" = "api" ]; then - rqlite -H localhost -p 5001 -u "$RQLITE_API_USER" -p "$RQLITE_API_PASS" -else - echo "Usage: $0 {cluster|api}" - exit 1 -fi -EOF - -sudo chown debros:debros "$DEBROS_DIR/bin/rqlite-connect" -sudo chmod 755 "$DEBROS_DIR/bin/rqlite-connect" - -echo "✅ Production security setup complete!" -echo "" -echo "📋 Security Summary:" -echo " - RQLite authentication enabled" -echo " - Firewall configured with IP restrictions" -echo " - Cluster credentials generated and stored" -echo " - Port 4001: Public LibP2P (encrypted P2P)" -echo " - Port 5001/7001: RQLite cluster (IP-restricted)" -echo "" -echo "🔐 Credentials stored in:" -echo " - Users: $CONFIG_DIR/rqlite-users.json" -echo " - Auth: $KEYS_DIR/rqlite-cluster-auth" -echo "" -echo "🔌 Connect to RQLite:" -echo " - Cluster admin: $DEBROS_DIR/bin/rqlite-connect cluster" -echo " - API access: $DEBROS_DIR/bin/rqlite-connect api" -echo "" -echo "⚠️ IMPORTANT: Save these credentials securely!" -echo " Cluster User: $CLUSTER_USER" -echo " Cluster Pass: $CLUSTER_PASS"