Untitled

mail@pastecode.io avatar
unknown
plain_text
a year ago
7.2 kB
1
Indexable
Never
#!/bin/bash

# Enable SSM Agent Logging
tee /etc/amazon/ssm/seelog.xml <<EOT >/dev/null
<seelog type="adaptive" mininterval="2000000" maxinterval="100000000" critmsgcount="500" minlevel="info">
  <exceptions>
      <exception filepattern="test*" minlevel="error"/>
  </exceptions>
  <outputs formatid="fmtinfo">
    <console formatid="fmtinfo"/>
    <rollingfile type="size" filename="/var/log/amazon/ssm/amazon-ssm-agent.log" maxsize="30000000" maxrolls="5"/>
    <filter levels="error,critical" formatid="fmterror">
      <rollingfile type="size" filename="/var/log/amazon/ssm/errors.log" maxsize="10000000" maxrolls="5"/>
    </filter>
    <custom name="cloudwatch_receiver" formatid="fmtdebug" data-log-group="/aws/ec2/fulcrum"/>
  </outputs>
  <formats>
    <format id="fmterror" format="%Date %Time %LEVEL [%FuncShort @ %File.%Line] %Msg%n"/>
    <format id="fmtdebug" format="%Date %Time %LEVEL [%FuncShort @ %File.%Line] %Msg%n"/>
    <format id="fmtinfo" format="%Date %Time %LEVEL %Msg%n"/>
  </formats>
</seelog>
EOT
systemctl restart amazon-ssm-agent

# Disable ECS Agent
systemctl disable ecs.service
systemctl stop ecs.service

# Install Packages
yum -y update
yum -y install jq bind-utils unzip wget telnet git perl-Digest-SHA
amazon-linux-extras install -y epel

# AWS CLI
aws configure set default.region $(ec2-metadata -z | cut -d " " -f 2 | sed 's/.$//')
aws configure set default.sts_regional_endpoints regional

# Install Datadog Agent
# removed for purposes of faster installation

# Install CrowdStrike
# removed for purposes of faster installation

# Bitcoin setup
# Create Users & Group
groupadd bitcoin -g 1001
adduser bitcoin -g bitcoin -u 1111
adduser fulcrum -g bitcoin -u 1112

# Setup Data Directory
mkdir -m=775 /data
echo "/dev/sdf /data ext4 defaults,nofail,noatime 0 2" >> /etc/fstab
mount -a
chown bitcoin:bitcoin /data

# Step 1: Update the system
yum update -y

# Step 2: Create a downloads directory if it doesn't exist
mkdir -p downloads

# Step 3: Change to the downloads directory
cd downloads/

# Step 4: Download bitcoin-25.0-x86_64-linux-gnu.tar.gz
wget https://bitcoin.org/bin/bitcoin-core-25.0/bitcoin-25.0-x86_64-linux-gnu.tar.gz

# Step 5: Download SHA256SUMS
wget https://bitcoin.org/bin/bitcoin-core-25.0/SHA256SUMS

# Step 6: Download SHA256SUMS.asc
wget https://bitcoin.org/bin/bitcoin-core-25.0/SHA256SUMS.asc

# Step 7: Verify the SHA256 checksum of bitcoin-25.0-x86_64-linux-gnu.tar.gz
calculated_sha256=$(sha256sum bitcoin-25.0-x86_64-linux-gnu.tar.gz | awk '{print $1}')

# Step 8: Check if the calculated SHA256 checksum matches the expected value
# health checksum test script - need to rework it
expected_sha256="33930d432593e49d58a9bff4c30078823e9af5d98594d2935862788ce8a20aec"
if [ "$calculated_sha256" == "$expected_sha256" ]; then
    echo "SHA256 checksum verification succeeded."
else
    echo "SHA256 checksum verification failed. The downloaded file may be corrupted."
fi

# Step 9: Unziping, copying, removing btc
tar -xzf bitcoin-25.0-x86_64-linux-gnu.tar.gz
cd bitcoin-25.0/bin/
cp * /usr/local/bin/
cd ..
rm -rf bitcoin-25.0

# Step 10: Installing dependencies for Amazon Linux 2
yum groupinstall "Development Tools" -y
mkdir -p ~/tmp/glibc
cd ~/tmp/glibc

# Download glibc-2.27 source code
wget --no-check-certificate https://ftp.gnu.org/gnu/glibc/glibc-2.27.tar.gz

# Extract the downloaded archive
tar -xvf glibc-2.27.tar.gz

# Change directory to glibc-2.27
cd glibc-2.27

# Create a 'build' directory and change to it
mkdir build
cd build

touch configure.sh
chmod +x configure.sh
echo "../configure --prefix=/usr --disable-profile --enable-add-ons --with-headers=/usr/include --with-binutils=/usr/bin" > configure.sh
./configure.sh
# Configure glibc-2.27
# ../configure --prefix=/usr --disable-profile --enable-add-ons --with-headers=/usr/include --with-binutils=/usr/bin

# Build and install glibc-2.27
make && make install

# Creating data directory for bitcoind.service
cd /data
mkdir bitcoin

# Define the file path and text to insert into bitcoin.conf
cd
mkdir .bitcoin
cd .bitcoin
touch bitcoin.conf
echo "testnet=1
rpcallowip=127.0.0.1
datadir=/data/
dbcache=1
txindex=1" > /root/.bitcoin/bitcoin.conf

#rpcauth
cd /downloads
wget https://github.com/bitcoin/bitcoin/blob/master/share/rpcauth/rpcauth.py
chmod +x rpcauth.py
#./rpcauth.py bitcoin bitcoin #he will provide rpcauth= here which needs to be provided in bitcoin.conf as rpcauth=bitcoin:hashedpassword

#bitcoin service
cd /etc/systemd/system
# wget https://github.com/bitcoin/bitcoin/blob/master/contrib/init/bitcoind.service

# # Specify the file you want to edit
# file_to_edit="bitcoind.service"

# # Define the string to replace and its replacement
# old_string=""
# new_string="1111"

# # Use sed to replace the string in the file
# sed -i "s/$old_string/$new_string/g" "$file_to_edit"

sudo touch bitcoind.service
echo "# It is not recommended to modify this file in-place, because it will
# be overwritten during package upgrades. If you want to add further
# options or overwrite existing ones then use
# $ systemctl edit bitcoind.service
# See "man systemd.service" for details.

# Note that almost all daemon options could be specified in
# /etc/bitcoin/bitcoin.conf, but keep in mind those explicitly
# specified as arguments in ExecStart= will override those in the
# config file.

[Unit]
Description=Bitcoin daemon
Documentation=https://github.com/bitcoin/bitcoin/blob/master/doc/init.md

# https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
After=network-online.target
Wants=network-online.target

[Service]
ExecStart=/usr/local/bin/bitcoind -daemon -pid=/run/bitcoind/bitcoind.pid \ -conf=/root/.bitcoin/bitcoin.conf \ -datadir=/data/bitcoin \ -startupnotify='systemd-notify --ready' \ -shutdownnotify='systemd-notify --stopping'

# Make sure the config directory is readable by the service user
PermissionsStartOnly=true
#ExecStartPre=/bin/chgrp bitcoin /etc/bitcoin

# Process management
####################

Type=notify
NotifyAccess=all
PIDFile=/run/bitcoind/bitcoind.pid

Restart=on-failure
TimeoutStartSec=infinity
TimeoutStopSec=600

# Directory creation and permissions
####################################

# Run as bitcoin:bitcoin
User=root
Group=root

# /run/bitcoind
RuntimeDirectory=bitcoind
RuntimeDirectoryMode=0710

# /etc/bitcoin
ConfigurationDirectory=bitcoin
ConfigurationDirectoryMode=0710

# /var/lib/bitcoind
StateDirectory=bitcoind
StateDirectoryMode=0710

# Hardening measures
####################

# Provide a private /tmp and /var/tmp.
PrivateTmp=true

# Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full

# Deny access to /home, /root and /run/user
#ProtectHome=true

# Disallow the process and all of its children to gain
# new privileges through execve().
NoNewPrivileges=true

# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true

# Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true

[Install]
WantedBy=multi-user.target" >  /etc/systemd/system/bitcoind.service

#enable bitcoind
systemctl enable bitcoind
systemctl start bitcoind