Comment on page
Auditing Your nodes configuration
This guide was graciously contributed by [FRADA] ADA Made in France. If you find this guide useful, please consider staking to it (FRADA ticker).🙏
To make sure your Cardano nodes (relays and block-producer) are correctly configured, you can use an automated audit script that will do the following checks :
Cardano Node checks
- Environment Variables
- Systemd cardano-node file verification and parsing
- Cardano startup script verification and parsing
- Node operation mode (Block Producer ? Relay ?)
- Topology mode
- Topology configuration
- KES keys expiry and rotation alert
Security and system checks
- SSHD hardening
- Null passwords check
- Important services running
- Firewalling rules extract
- sysctl.conf hardening check
Please note that this script is only intended to help you identify configuration and basic security issues. It does not guarantee that your server is fully protected.
You can directly download the repository from your Cardano Nodes :
cd $HOME/git
git clone https://github.com/Kirael12/Cardano-Audit-Coincashew
cd $HOME/git/Cardano-Audit-Coincashew
chmod +x audit-coincashew.sh
The script must be ran with sudo and the -E option, to include your environment variables defined during the Coincashew guide (like $NODE_HOME or $NODE_CONFIG)
sudo -E ./audit-coincashew.sh
It takes 20 seconds for the script to complete. You'll get information about your node and will immediately be able to check whether your configuration is good or not, and make appropriate changes.
Sample Output
More sample output