Untitled
unknown
plain_text
a year ago
7.2 kB
1
Indexable
Never
#!/bin/bash # Enable SSM Agent Logging tee /etc/amazon/ssm/seelog.xml <<EOT >/dev/null <seelog type="adaptive" mininterval="2000000" maxinterval="100000000" critmsgcount="500" minlevel="info"> <exceptions> <exception filepattern="test*" minlevel="error"/> </exceptions> <outputs formatid="fmtinfo"> <console formatid="fmtinfo"/> <rollingfile type="size" filename="/var/log/amazon/ssm/amazon-ssm-agent.log" maxsize="30000000" maxrolls="5"/> <filter levels="error,critical" formatid="fmterror"> <rollingfile type="size" filename="/var/log/amazon/ssm/errors.log" maxsize="10000000" maxrolls="5"/> </filter> <custom name="cloudwatch_receiver" formatid="fmtdebug" data-log-group="/aws/ec2/fulcrum"/> </outputs> <formats> <format id="fmterror" format="%Date %Time %LEVEL [%FuncShort @ %File.%Line] %Msg%n"/> <format id="fmtdebug" format="%Date %Time %LEVEL [%FuncShort @ %File.%Line] %Msg%n"/> <format id="fmtinfo" format="%Date %Time %LEVEL %Msg%n"/> </formats> </seelog> EOT systemctl restart amazon-ssm-agent # Disable ECS Agent systemctl disable ecs.service systemctl stop ecs.service # Install Packages yum -y update yum -y install jq bind-utils unzip wget telnet git perl-Digest-SHA amazon-linux-extras install -y epel # AWS CLI aws configure set default.region $(ec2-metadata -z | cut -d " " -f 2 | sed 's/.$//') aws configure set default.sts_regional_endpoints regional # Install Datadog Agent # removed for purposes of faster installation # Install CrowdStrike # removed for purposes of faster installation # Bitcoin setup # Create Users & Group groupadd bitcoin -g 1001 adduser bitcoin -g bitcoin -u 1111 adduser fulcrum -g bitcoin -u 1112 # Setup Data Directory mkdir -m=775 /data echo "/dev/sdf /data ext4 defaults,nofail,noatime 0 2" >> /etc/fstab mount -a chown bitcoin:bitcoin /data # Step 1: Update the system yum update -y # Step 2: Create a downloads directory if it doesn't exist mkdir -p downloads # Step 3: Change to the downloads directory cd downloads/ # Step 4: Download bitcoin-25.0-x86_64-linux-gnu.tar.gz wget https://bitcoin.org/bin/bitcoin-core-25.0/bitcoin-25.0-x86_64-linux-gnu.tar.gz # Step 5: Download SHA256SUMS wget https://bitcoin.org/bin/bitcoin-core-25.0/SHA256SUMS # Step 6: Download SHA256SUMS.asc wget https://bitcoin.org/bin/bitcoin-core-25.0/SHA256SUMS.asc # Step 7: Verify the SHA256 checksum of bitcoin-25.0-x86_64-linux-gnu.tar.gz calculated_sha256=$(sha256sum bitcoin-25.0-x86_64-linux-gnu.tar.gz | awk '{print $1}') # Step 8: Check if the calculated SHA256 checksum matches the expected value # health checksum test script - need to rework it expected_sha256="33930d432593e49d58a9bff4c30078823e9af5d98594d2935862788ce8a20aec" if [ "$calculated_sha256" == "$expected_sha256" ]; then echo "SHA256 checksum verification succeeded." else echo "SHA256 checksum verification failed. The downloaded file may be corrupted." fi # Step 9: Unziping, copying, removing btc tar -xzf bitcoin-25.0-x86_64-linux-gnu.tar.gz cd bitcoin-25.0/bin/ cp * /usr/local/bin/ cd .. rm -rf bitcoin-25.0 # Step 10: Installing dependencies for Amazon Linux 2 yum groupinstall "Development Tools" -y mkdir -p ~/tmp/glibc cd ~/tmp/glibc # Download glibc-2.27 source code wget --no-check-certificate https://ftp.gnu.org/gnu/glibc/glibc-2.27.tar.gz # Extract the downloaded archive tar -xvf glibc-2.27.tar.gz # Change directory to glibc-2.27 cd glibc-2.27 # Create a 'build' directory and change to it mkdir build cd build touch configure.sh chmod +x configure.sh echo "../configure --prefix=/usr --disable-profile --enable-add-ons --with-headers=/usr/include --with-binutils=/usr/bin" > configure.sh ./configure.sh # Configure glibc-2.27 # ../configure --prefix=/usr --disable-profile --enable-add-ons --with-headers=/usr/include --with-binutils=/usr/bin # Build and install glibc-2.27 make && make install # Creating data directory for bitcoind.service cd /data mkdir bitcoin # Define the file path and text to insert into bitcoin.conf cd mkdir .bitcoin cd .bitcoin touch bitcoin.conf echo "testnet=1 rpcallowip=127.0.0.1 datadir=/data/ dbcache=1 txindex=1" > /root/.bitcoin/bitcoin.conf #rpcauth cd /downloads wget https://github.com/bitcoin/bitcoin/blob/master/share/rpcauth/rpcauth.py chmod +x rpcauth.py #./rpcauth.py bitcoin bitcoin #he will provide rpcauth= here which needs to be provided in bitcoin.conf as rpcauth=bitcoin:hashedpassword #bitcoin service cd /etc/systemd/system # wget https://github.com/bitcoin/bitcoin/blob/master/contrib/init/bitcoind.service # # Specify the file you want to edit # file_to_edit="bitcoind.service" # # Define the string to replace and its replacement # old_string="" # new_string="1111" # # Use sed to replace the string in the file # sed -i "s/$old_string/$new_string/g" "$file_to_edit" sudo touch bitcoind.service echo "# It is not recommended to modify this file in-place, because it will # be overwritten during package upgrades. If you want to add further # options or overwrite existing ones then use # $ systemctl edit bitcoind.service # See "man systemd.service" for details. # Note that almost all daemon options could be specified in # /etc/bitcoin/bitcoin.conf, but keep in mind those explicitly # specified as arguments in ExecStart= will override those in the # config file. [Unit] Description=Bitcoin daemon Documentation=https://github.com/bitcoin/bitcoin/blob/master/doc/init.md # https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ After=network-online.target Wants=network-online.target [Service] ExecStart=/usr/local/bin/bitcoind -daemon -pid=/run/bitcoind/bitcoind.pid \ -conf=/root/.bitcoin/bitcoin.conf \ -datadir=/data/bitcoin \ -startupnotify='systemd-notify --ready' \ -shutdownnotify='systemd-notify --stopping' # Make sure the config directory is readable by the service user PermissionsStartOnly=true #ExecStartPre=/bin/chgrp bitcoin /etc/bitcoin # Process management #################### Type=notify NotifyAccess=all PIDFile=/run/bitcoind/bitcoind.pid Restart=on-failure TimeoutStartSec=infinity TimeoutStopSec=600 # Directory creation and permissions #################################### # Run as bitcoin:bitcoin User=root Group=root # /run/bitcoind RuntimeDirectory=bitcoind RuntimeDirectoryMode=0710 # /etc/bitcoin ConfigurationDirectory=bitcoin ConfigurationDirectoryMode=0710 # /var/lib/bitcoind StateDirectory=bitcoind StateDirectoryMode=0710 # Hardening measures #################### # Provide a private /tmp and /var/tmp. PrivateTmp=true # Mount /usr, /boot/ and /etc read-only for the process. ProtectSystem=full # Deny access to /home, /root and /run/user #ProtectHome=true # Disallow the process and all of its children to gain # new privileges through execve(). NoNewPrivileges=true # Use a new /dev namespace only populated with API pseudo devices # such as /dev/null, /dev/zero and /dev/random. PrivateDevices=true # Deny the creation of writable and executable memory mappings. MemoryDenyWriteExecute=true [Install] WantedBy=multi-user.target" > /etc/systemd/system/bitcoind.service #enable bitcoind systemctl enable bitcoind systemctl start bitcoind