vaultsovereign/vm-skills
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
009e93a80b3c58bbfaa2ceb153e3fba32a6efc3c
vm-skills/node-hardening/scripts/90_verify.sh
Vault Sovereign eac77ef7b4 Initial commit: VaultMesh Skills collection 
Collection of operational skills for VaultMesh infrastructure including:
- backup-sovereign: Backup and recovery operations
- btc-anchor: Bitcoin anchoring
- cloudflare-tunnel-manager: Cloudflare tunnel management
- container-registry: Container registry operations
- disaster-recovery: Disaster recovery procedures
- dns-sovereign: DNS management
- eth-anchor: Ethereum anchoring
- gitea-bootstrap: Gitea setup and configuration
- hetzner-bootstrap: Hetzner server provisioning
- merkle-forest: Merkle tree operations
- node-hardening: Node security hardening
- operator-bootstrap: Operator initialization
- proof-verifier: Cryptographic proof verification
- rfc3161-anchor: RFC3161 timestamping
- secrets-vault: Secrets management

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-27 00:25:00 +00:00

99 lines
2.3 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
SCRIPT_NAME="$(basename "$0")"
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
SKILL_ROOT="$(dirname "$SCRIPT_DIR")"
CHECKS_DIR="$SKILL_ROOT/checks"
: "${OUTPUT_DIR:=$SKILL_ROOT/outputs}"
log_info() { echo "[INFO] $(date -Iseconds) $*"; }
log_warn() { echo "[WARN] $(date -Iseconds) $*" >&2; }
run_check_bool() {
local script="$1"
if [[ -x "$CHECKS_DIR/$script" ]]; then
if "$CHECKS_DIR/$script" &>/dev/null; then
echo "true"
else
echo "false"
fi
else
echo "skip"
fi
}
main() {
mkdir -p "$OUTPUT_DIR"
local ufw_ok ssh_ok f2b_ok audit_ok
ufw_ok=$(run_check_bool check_ufw.sh)
ssh_ok=$(run_check_bool check_ssh.sh)
f2b_ok=$(run_check_bool check_fail2ban.sh)
audit_ok=$(run_check_bool check_auditd.sh)
local blockers=""
local warnings=""
local next_steps=""
if [[ "$ssh_ok" == "false" ]]; then
blockers="${blockers}\"SSH hardening check failed\","
fi
if [[ "$ufw_ok" == "false" ]]; then
warnings="${warnings}\"UFW not active\","
fi
if [[ "$f2b_ok" == "false" ]]; then
warnings="${warnings}\"fail2ban not active\","
fi
if [[ "$audit_ok" == "false" ]]; then
warnings="${warnings}\"auditd not active\","
fi
next_steps="${next_steps}\"Run ./scripts/99_report.sh\","
if [[ "$ssh_ok" == "true" && "$ufw_ok" == "true" ]]; then
next_steps="${next_steps}\"Proceed to backup-sovereign skill\","
fi
blockers="[${blockers%,}]"
warnings="[${warnings%,}]"
next_steps="[${next_steps%,}]"
cat > "$OUTPUT_DIR/status_matrix.json" <<EOF
{
"timestamp": "$(date -Iseconds)",
"skill": "node-hardening",
"node": "${NODE_NAME:-node-a}",
"checks": {
"ufw": $ufw_ok,
"ssh": $ssh_ok,
"fail2ban": $f2b_ok,
"auditd": $audit_ok
},
"blockers": $blockers,
"warnings": $warnings,
"next_steps": $next_steps
}
EOF
log_info "Status matrix written to $OUTPUT_DIR/status_matrix.json"
echo
echo "============================================"
echo " VERIFICATION SUMMARY"
echo "============================================"
echo
echo " UFW: $ufw_ok"
echo " SSH: $ssh_ok"
echo " fail2ban: $f2b_ok"
echo " auditd: $audit_ok"
echo
if [[ "$ssh_ok" == "true" ]]; then
return 0
fi
return 1
}
[[ "${BASH_SOURCE[0]}" == "$0" ]] && main "$@"
Reference in New Issue View Git Blame Copy Permalink