Auditing Your nodes configuration

This guide was graciously contributed by [FRADA] ADA Made in France. If you find this guide useful, please consider staking to it (FRADA ticker).🙏

To make sure your Cardano nodes (relays and block-producer) are correctly configured, you can use an automated audit script that will do the following checks :

Cardano Node checks

  • Environment Variables

  • Systemd cardano-node file verification and parsing

  • Cardano startup script verification and parsing

  • Node operation mode (Block Producer ? Relay ?)

  • Topology mode

  • Topology configuration

  • KES keys expiry and rotation alert

Security and system checks

  • SSHD hardening

  • Null passwords check

  • Important services running

  • Firewalling rules extract

  • sysctl.conf hardening check

Please note that this script is only intended to help you identify configuration and basic security issues. It does not guarantee that your server is fully protected.

How to use the Cardano Audit Script

Download the Audit Script

The script can be found on this GitHub repository by [FRADA] ADA Made In France

You can directly download the repository from your Cardano Nodes :

cd $HOME/git
git clone https://github.com/Kirael12/Cardano-Audit-Coincashew

Make script executable

cd $HOME/git/Cardano-Audit-Coincashew
chmod +x audit-coincashew.sh

Run the script

The script must be ran with sudo and the -E option, to include your environment variables defined during the Coincashew guide (like $NODE_HOME or $NODE_CONFIG)

sudo -E ./audit-coincashew.sh

Results

It takes 20 seconds for the script to complete. You'll get information about your node and will immediately be able to check whether your configuration is good or not, and make appropriate changes.