RafalSladek · June 19, 2018 23:18
diff --git a/Ubuntu 16.04 ZEN Secure Nodes Automated Setup.txt b/Ubuntu 16.04 ZEN Secure Nodes Automated Setup.txt
 #This script was written by REXOVAS to automate 90% of a ZEN Secure Node setup process for an IPv4 node.
 #Parts of this script were adapted from a script by github user rnkhouse
 #rnkhouse script found here: https://gist.github.com/rnkhouse/f7f04f0cb10b596e2c6623275968a220
 #Prior to running this script, please ensure that you are not signed in as root, and have completed all steps up until the copying
 #of authentication key pairs in this guide: https://blockoperations.com/build-zencash-secure-node-part-1-prepare-vps/

 #This script performs all actions described in the 3 guides found on blockoperations.com.  It compiles zend from source.
 #This script installs both Monit and PM2 and automatically configures monit to monitor zend.

 #WARNING:  This script is intended for use by advanced Linux users.  Please read through this script thoroughly to ensure that
 #          it performs no malicious activity, and completes only the tasks required to initialize a secure node.

 # This script will not work 100% in Debian, as Debian will default to installing TLS certs in the root dir, when they are
 # required to be in the user dir.  Only use this script in UBUNTU 16.04.

 # REXOVAS:   [email protected]
 # ZEN DONATION ADDRESS:  znfRdzcDB1oBDCk2ox7n9Syh2VybrmZfoP3

 # INSTRUCTIONS:   Copy the contents of this script into a new file (replace <filename> with the name of the file)
 #                 Run chmod +x <filename> to make the script executable
 #                 Run sudo ./<filename>
 #                 NOTE:  User input is required at various moments in the setup process.  Please monitor the process.

 #!/usr/bin/env bash

 # Quit on any error.
 set -e
 purpleColor='\033[0;95m'
 normalColor='\033[0m'

 # Set environment variables:
 read -p "Enter FQDN (a.example.com): " FQDN
 read -p "Enter required swap memory (4G): " SWAP
 read -p "Enter Username (rexovas): " USER
 read -p "Enter Email Address for Alerts ([email protected]): " EMAIL
 read -p "Ensure the above inputs are as desired.  If not press ctrl+c and re-run script.  Otherwise press enter to continue " nil

 ######################################################
 sudo timedatectl set-timezone 'America/New_York'

 sudo apt update
 sudo apt -y install git screen vim nmap ncdu busybox inxi links unzip python pwgen ufw

 #########################FIREWALL############
 sudo ufw default allow outgoing
 sudo ufw default deny incoming
 sudo ufw allow ssh/tcp
 sudo ufw limit ssh/tcp
 sudo ufw allow http/tcp
 sudo ufw allow https/tcp
 sudo ufw allow 9033/tcp
 #sudo ufw allow 19033/tcp
 sudo ufw logging on
 sudo ufw enable

 #############################################
  sudo fallocate -l $SWAP /swapfile
  sudo chmod 600 /swapfile
  sudo mkswap /swapfile
  sudo swapon /swapfile
  sudo echo "/swapfile   none    swap    sw    0   0" >> /etc/fstab
  sudo echo "vm.swappiness=10" >> /etc/sysctl.conf

 echo -e $purpleColor"Swapfile is done!"$normalColor

 ##########################################################
 sudo apt -y install mailutils postfix
 sudo echo "root: $EMAIL" >> /etc/aliases
 sudo newaliases
 sudo systemctl enable postfix
 sudo systemctl restart postfix
 echo "NEW NODE TEST" | mail -s "NEW NODE TEST" root

 ######################################################
 sudo apt -y install fail2ban
 sudo systemctl enable fail2ban
 sudo systemctl start fail2ban
 ##########################################
 sudo apt -y install rkhunter
 sudo rkhunter --propupd
 #####################################################
 sudo touch /home/$USER/update

 sudo sh -c "echo '
 #!/bin/bash
 sudo apt update
 sudo apt -y dist-upgrade
 sudo apt -y autoremove
 npm i -g npm
 sudo rkhunter --propupd
 ' >> /home/$USER/update"

 chmod +x update
 #######################################################################
 mkdir /home/$USER/zencash
 cd zencash
 git clone https://github.com/ZencashOfficial/zen.git
 sudo apt -y install build-essential pkg-config libc6-dev m4 g++-multilib autoconf libtool ncurses-dev unzip git python zlib1g-dev wget bsdmainutils automake
 cd zen
 ./zcutil/build.sh -j$(nproc)
 ./zcutil/fetch-params.sh

 #sudo mv /root/.zcash-params /home/$USER/
 #####################################################################################
 sudo mkdir -p /home/$USER/.zen
 sudo touch /home/$USER/.zen/zen.conf

 RPC_USERNAME=$(pwgen -s 74 1)
 RPC_PASSWORD=$(pwgen -s 74 1)

 sudo sh -c "echo '
 addnode=$FQDN
 addnode=zennodes.network
 rpcuser=$RPC_USERNAME
 rpcpassword=$RPC_PASSWORD
 rpcport=18231
 rpcallowip=127.0.0.1
 server=1
 daemon=1
 listen=1
 txindex=1
 logtimestamps=1
 tlscertpath=/home/$USER/.acme.sh/$FQDN/$FQDN.cer
 tlskeypath=/home/$USER/.acme.sh/$FQDN/$FQDN.key
 testnet=0
 ' >> /home/$USER/.zen/zen.conf"

 echo -e $purpleColor"zen.conf is done!"$normalColor

 ##########################################################################
 sudo apt-get install monit
 sudo touch /home/$USER/zencash/init_zen
 sudo cat << EOF >> /home/$USER/zencash/init_zen
 #!/bin/bash

 PID_FILE='/home/$USER/.zen/zen_node.pid'

 start() {
       touch \$PID_FILE
       eval "/bin/su $USER -c '/usr/bin/zend 2>&1 >> /dev/null'"
       PID=\$(ps aux | grep zend | grep -v grep | awk '{print \$2}')
       echo "Starting zend with PID \$PID"
       echo \$PID > \$PID_FILE
 }
 stop () {
       pkill zend
       rm \$PID_FILE
       echo "Stopping zend"
 }

 case \$1 in
    start)
       start
       ;;
    stop)  
       stop
       ;;
     *)  
       echo "usage: zend {start|stop}" ;;
 esac
 exit 0
 EOF

 sudo chown -R $USER: /home/$USER/zencash
 chmod u+x /home/$USER/zencash/init_zen
 sudo cat << EOF >> /etc/monit/monitrc
 #added on setup for zend
 set httpd port 2812
 use address localhost # only accept connection from localhost
 allow localhost # allow localhost to connect to the server
 #
 #zend process control
 check process zend with pidfile /home/$USER/.zen/zen_node.pid
 start program = "/home/$USER/zencash/init_zen start" with timeout 60 seconds
 stop program = "/home/$USER/zencash/init_zen stop"
 #
 #email notifications using local postfix relay
 set mailserver localhost
 set mail-format { from: monit@$FQDN }
 set alert $EMAIL	#receive all alerts
 EOF

 ##################################################
 cd /home/$USER
 mkdir acme
 sudo apt install socat
 cd acme
 git clone https://github.com/Neilpang/acme.sh.git
 cd acme.sh
 ./acme.sh --install
 cd /home/$USER
 sudo /home/$USER/.acme.sh/acme.sh --issue --standalone -d $FQDN

 chown -R $USER: /home/$USER/.acme.sh

 sudo mkdir /usr/share/ca-certificates/letsencrypt/
 sudo cp /home/$USER/.acme.sh/$FQDN/ca.cer /usr/share/ca-certificates/letsencrypt/ca.crt

 sudo dpkg-reconfigure ca-certificates

 CRONCMD_ACME="6 0 * * * \"/home/$USER/.acme.sh\"/acme.sh --cron --home \"/home/$USER/.acme.sh\" > /dev/null" && (crontab -l | grep -v -F "$CRONCMD_ACME" ; echo "$CRONCMD_ACME") | crontab -

 echo -e $purpleColor"certificates has been installed!"$normalColor
 ###################################################################

 ################################################################
 sudo cp /home/$USER/zencash/zen/src/zend /usr/bin/
 sudo cp /home/$USER/zencash/zen/src/zen-cli /usr/bin/
 chown -R $USER: /home/$USER/.zen
 sudo monit reload
 sudo monit start zend

 #sudo apt install curl
 #curl -sL https://deb.nodesource.com/setup_8.x | sudo bash -
 #sudo apt-get install -y nodejs
 sudo apt-get install -y npm
 sudo npm install -g n
 sudo n 8.9
 cd /home/$USER/zencash
 git clone https://github.com/ZencashOfficial/secnodetracker.git
 cd secnodetracker
 npm install
 sudo chown -R $USER: /home/$USER/zencash
 npm install pm2 -g
 pm2 kill
 sudo chown -R $USER: /home/$USER/.pm2
 node -v
 npm -v

 echo -e $purpleColor"Change /etc/monit/monitrc check frequency!"$normalColor
 echo -e $purpleColor"sudo vim /etc/monit/monitrc 'Set daemon 120' change to 'Set daemon 10'"$normalColor
 echo -e $purpleColor"sudo monit reload"$normalColor
 echo -e $purpleColor"sudo monit start zend"$normalColor
 echo -e $purpleColor"zen-cli getinfo to confirm blockchain is syncing"$normalColor
 echo -e $purpleColor""$normalColor
 echo -e $purpleColor"Navigate to '/home/$USER/zencash/secnodetracker' and run node setup"$normalColor
 echo -e $purpleColor"Run pm2 startup"$normalColor
 echo -e $purpleColor"Copy and paste the command that pm2 tells you to run"$normalColor
 echo -e $purpleColor"Run pm2 start app.js --name secnodetracker"$normalColor
 echo -e $purpleColor"Run pm2 save"$normalColor
 echo -e $purpleColor"To monitor, type pm2 logs.  When finished press ctrl+c"$normalColor
 echo -e $purpleColor"IMPORTANT: Verify secnodetracker runs on reboot: Reboot the server 'sudo reboot now', log back in, and run 'pm2 logs'"$normalColor
 echo -e $purpleColor"Secnodetracker should be running"$normalColor
 echo -e $purpleColor""$normalColor
 echo -e $purpleColor""$normalColor
 echo -e $purpleColor"REXOVAS:   [email protected]"$normalColor
 echo -e $purpleColor"ZEN DONATION ADDRESS:  znfRdzcDB1oBDCk2ox7n9Syh2VybrmZfoP3"$normalColor
	#This script was written by REXOVAS to automate 90% of a ZEN Secure Node setup process for an IPv4 node.
	#Parts of this script were adapted from a script by github user rnkhouse
	#rnkhouse script found here: https://gist.github.com/rnkhouse/f7f04f0cb10b596e2c6623275968a220
	#Prior to running this script, please ensure that you are not signed in as root, and have completed all steps up until the copying
	#of authentication key pairs in this guide: https://blockoperations.com/build-zencash-secure-node-part-1-prepare-vps/

	#This script performs all actions described in the 3 guides found on blockoperations.com. It compiles zend from source.
	#This script installs both Monit and PM2 and automatically configures monit to monitor zend.

	#WARNING: This script is intended for use by advanced Linux users. Please read through this script thoroughly to ensure that
	# it performs no malicious activity, and completes only the tasks required to initialize a secure node.

	# This script will not work 100% in Debian, as Debian will default to installing TLS certs in the root dir, when they are
	# required to be in the user dir. Only use this script in UBUNTU 16.04.

	# REXOVAS: [email protected]
	# ZEN DONATION ADDRESS: znfRdzcDB1oBDCk2ox7n9Syh2VybrmZfoP3

	# INSTRUCTIONS: Copy the contents of this script into a new file (replace <filename> with the name of the file)
	# Run chmod +x <filename> to make the script executable
	# Run sudo ./<filename>
	# NOTE: User input is required at various moments in the setup process. Please monitor the process.

	#!/usr/bin/env bash

	# Quit on any error.
	set -e
	purpleColor='\033[0;95m'
	normalColor='\033[0m'

	# Set environment variables:
	read -p "Enter FQDN (a.example.com): " FQDN
	read -p "Enter required swap memory (4G): " SWAP
	read -p "Enter Username (rexovas): " USER
	read -p "Enter Email Address for Alerts ([email protected]): " EMAIL
	read -p "Ensure the above inputs are as desired. If not press ctrl+c and re-run script. Otherwise press enter to continue " nil

	######################################################
	sudo timedatectl set-timezone 'America/New_York'

	sudo apt update
	sudo apt -y install git screen vim nmap ncdu busybox inxi links unzip python pwgen ufw

	#########################FIREWALL############
	sudo ufw default allow outgoing
	sudo ufw default deny incoming
	sudo ufw allow ssh/tcp
	sudo ufw limit ssh/tcp
	sudo ufw allow http/tcp
	sudo ufw allow https/tcp
	sudo ufw allow 9033/tcp
	#sudo ufw allow 19033/tcp
	sudo ufw logging on
	sudo ufw enable

	#############################################
	sudo fallocate -l $SWAP /swapfile
	sudo chmod 600 /swapfile
	sudo mkswap /swapfile
	sudo swapon /swapfile
	sudo echo "/swapfile none swap sw 0 0" >> /etc/fstab
	sudo echo "vm.swappiness=10" >> /etc/sysctl.conf

	echo -e $purpleColor"Swapfile is done!"$normalColor

	##########################################################
	sudo apt -y install mailutils postfix
	sudo echo "root: $EMAIL" >> /etc/aliases
	sudo newaliases
	sudo systemctl enable postfix
	sudo systemctl restart postfix
	echo "NEW NODE TEST" \| mail -s "NEW NODE TEST" root

	######################################################
	sudo apt -y install fail2ban
	sudo systemctl enable fail2ban
	sudo systemctl start fail2ban
	##########################################
	sudo apt -y install rkhunter
	sudo rkhunter --propupd
	#####################################################
	sudo touch /home/$USER/update

	sudo sh -c "echo '
	#!/bin/bash
	sudo apt update
	sudo apt -y dist-upgrade
	sudo apt -y autoremove
	npm i -g npm
	sudo rkhunter --propupd
	' >> /home/$USER/update"

	chmod +x update
	#######################################################################
	mkdir /home/$USER/zencash
	cd zencash
	git clone https://github.com/ZencashOfficial/zen.git
	sudo apt -y install build-essential pkg-config libc6-dev m4 g++-multilib autoconf libtool ncurses-dev unzip git python zlib1g-dev wget bsdmainutils automake
	cd zen
	./zcutil/build.sh -j$(nproc)
	./zcutil/fetch-params.sh

	#sudo mv /root/.zcash-params /home/$USER/
	#####################################################################################
	sudo mkdir -p /home/$USER/.zen
	sudo touch /home/$USER/.zen/zen.conf

	RPC_USERNAME=$(pwgen -s 74 1)
	RPC_PASSWORD=$(pwgen -s 74 1)

	sudo sh -c "echo '
	addnode=$FQDN
	addnode=zennodes.network
	rpcuser=$RPC_USERNAME
	rpcpassword=$RPC_PASSWORD
	rpcport=18231
	rpcallowip=127.0.0.1
	server=1
	daemon=1
	listen=1
	txindex=1
	logtimestamps=1
	tlscertpath=/home/$USER/.acme.sh/$FQDN/$FQDN.cer
	tlskeypath=/home/$USER/.acme.sh/$FQDN/$FQDN.key
	testnet=0
	' >> /home/$USER/.zen/zen.conf"

	echo -e $purpleColor"zen.conf is done!"$normalColor

	##########################################################################
	sudo apt-get install monit
	sudo touch /home/$USER/zencash/init_zen
	sudo cat << EOF >> /home/$USER/zencash/init_zen
	#!/bin/bash

	PID_FILE='/home/$USER/.zen/zen_node.pid'

	start() {
	touch \$PID_FILE
	eval "/bin/su $USER -c '/usr/bin/zend 2>&1 >> /dev/null'"
	PID=\$(ps aux \| grep zend \| grep -v grep \| awk '{print \$2}')
	echo "Starting zend with PID \$PID"
	echo \$PID > \$PID_FILE
	}
	stop () {
	pkill zend
	rm \$PID_FILE
	echo "Stopping zend"
	}

	case \$1 in
	start)
	start
	;;
	stop)
	stop
	;;
	*)
	echo "usage: zend {start\|stop}" ;;
	esac
	exit 0
	EOF

	sudo chown -R $USER: /home/$USER/zencash
	chmod u+x /home/$USER/zencash/init_zen
	sudo cat << EOF >> /etc/monit/monitrc
	#added on setup for zend
	set httpd port 2812
	use address localhost # only accept connection from localhost
	allow localhost # allow localhost to connect to the server
	#
	#zend process control
	check process zend with pidfile /home/$USER/.zen/zen_node.pid
	start program = "/home/$USER/zencash/init_zen start" with timeout 60 seconds
	stop program = "/home/$USER/zencash/init_zen stop"
	#
	#email notifications using local postfix relay
	set mailserver localhost
	set mail-format { from: monit@$FQDN }
	set alert $EMAIL #receive all alerts
	EOF

	##################################################
	cd /home/$USER
	mkdir acme
	sudo apt install socat
	cd acme
	git clone https://github.com/Neilpang/acme.sh.git
	cd acme.sh
	./acme.sh --install
	cd /home/$USER
	sudo /home/$USER/.acme.sh/acme.sh --issue --standalone -d $FQDN

	chown -R $USER: /home/$USER/.acme.sh

	sudo mkdir /usr/share/ca-certificates/letsencrypt/
	sudo cp /home/$USER/.acme.sh/$FQDN/ca.cer /usr/share/ca-certificates/letsencrypt/ca.crt

	sudo dpkg-reconfigure ca-certificates

	CRONCMD_ACME="6 0 * * * \"/home/$USER/.acme.sh\"/acme.sh --cron --home \"/home/$USER/.acme.sh\" > /dev/null" && (crontab -l \| grep -v -F "$CRONCMD_ACME" ; echo "$CRONCMD_ACME") \| crontab -

	echo -e $purpleColor"certificates has been installed!"$normalColor
	###################################################################

	################################################################
	sudo cp /home/$USER/zencash/zen/src/zend /usr/bin/
	sudo cp /home/$USER/zencash/zen/src/zen-cli /usr/bin/
	chown -R $USER: /home/$USER/.zen
	sudo monit reload
	sudo monit start zend

	#sudo apt install curl
	#curl -sL https://deb.nodesource.com/setup_8.x \| sudo bash -
	#sudo apt-get install -y nodejs
	sudo apt-get install -y npm
	sudo npm install -g n
	sudo n 8.9
	cd /home/$USER/zencash
	git clone https://github.com/ZencashOfficial/secnodetracker.git
	cd secnodetracker
	npm install
	sudo chown -R $USER: /home/$USER/zencash
	npm install pm2 -g
	pm2 kill
	sudo chown -R $USER: /home/$USER/.pm2
	node -v
	npm -v

	echo -e $purpleColor"Change /etc/monit/monitrc check frequency!"$normalColor
	echo -e $purpleColor"sudo vim /etc/monit/monitrc 'Set daemon 120' change to 'Set daemon 10'"$normalColor
	echo -e $purpleColor"sudo monit reload"$normalColor
	echo -e $purpleColor"sudo monit start zend"$normalColor
	echo -e $purpleColor"zen-cli getinfo to confirm blockchain is syncing"$normalColor
	echo -e $purpleColor""$normalColor
	echo -e $purpleColor"Navigate to '/home/$USER/zencash/secnodetracker' and run node setup"$normalColor
	echo -e $purpleColor"Run pm2 startup"$normalColor
	echo -e $purpleColor"Copy and paste the command that pm2 tells you to run"$normalColor
	echo -e $purpleColor"Run pm2 start app.js --name secnodetracker"$normalColor
	echo -e $purpleColor"Run pm2 save"$normalColor
	echo -e $purpleColor"To monitor, type pm2 logs. When finished press ctrl+c"$normalColor
	echo -e $purpleColor"IMPORTANT: Verify secnodetracker runs on reboot: Reboot the server 'sudo reboot now', log back in, and run 'pm2 logs'"$normalColor
	echo -e $purpleColor"Secnodetracker should be running"$normalColor
	echo -e $purpleColor""$normalColor
	echo -e $purpleColor""$normalColor
	echo -e $purpleColor"REXOVAS: [email protected]"$normalColor
	echo -e $purpleColor"ZEN DONATION ADDRESS: znfRdzcDB1oBDCk2ox7n9Syh2VybrmZfoP3"$normalColor