#!/bin/bash # Alpine Linux Hardening Script for Archipelago Bitcoin Node OS # This script applies security hardening to the Alpine base image set -e echo "🔒 Starting Alpine Linux hardening..." # Disable unnecessary services systemctl disable bluetooth || true systemctl disable avahi-daemon || true # Configure kernel parameters for security cat >> /etc/sysctl.conf < /etc/fail2ban/jail.local < /etc/periodic/daily/archipelago-security-updates <<'EOF' #!/bin/sh # Automatic security updates for Archipelago apk update && apk upgrade -u || true EOF chmod +x /etc/periodic/daily/archipelago-security-updates # Set restrictive file permissions chmod 700 /var/lib/archipelago/secrets chmod 755 /var/lib/archipelago/apps chmod 755 /var/lib/archipelago/logs # Create log directory with proper permissions mkdir -p /var/log/archipelago chmod 755 /var/log/archipelago # Configure log rotation for archipelago logs cat > /etc/logrotate.d/archipelago <