Auditing Your nodes configuration
This guide was graciously contributed by [FRADA] ADA Made in France. If you find this guide useful, please consider staking to it (FRADA ticker).🙏
To make sure your Cardano nodes (relays and block-producer) are correctly configured, you can use an automated audit script that will do the following checks :
Cardano compliance
New 9.1.0 Cardano-Node version requirement for Chang hardfork
Cardano-node latest version verification
Cardano bootstrap check
Environment Variables
Systemd cardano-node file verification and parsing
Cardano startup script verification and parsing
Node operation mode (Block Producer ? Relay ?)
Topology mode (p2p enabled)
Topology configuration file parsing and compliance checks
Cardano security checks (hot keys permissions, cold keys detection)
KES keys rotation alert
Security and system checks
SSHD hardening
Null passwords check
Important services running (ufw, fail2ban, ntp server...)
Firewalling rules extract
sysctl.conf hardening check
Please note that this script is only intended to help you identify configuration and basic security issues. It does not guarantee that your server is fully protected.
How to use the Cardano Audit Script
Download the Audit Script
The script can be found on this GitHub repository by [FRADA] ADA Made In France
You can directly download the repository from your Cardano Nodes :
Make script executable
Run the script
The script must be ran with sudo and the -E option, to include your environment variables defined during the Coincashew guide (like $NODE_HOME or $NODE_CONFIG)
You will be asked to select the type of your Cardano setup with a menu. Select COINCASHEW. You can also choose to perform only security checks.
You will then be asked if you want to export the results to a file.
Results
It takes 20 seconds for the script to complete. You'll get information about your node and will immediately be able to check whether your configuration is good or not, and make appropriate changes. Sample outputs :
Last updated