Finalizing setup: Autostarting the storm.sh script

Finalizing Security Setup

To complete the security configuration, run the storm.sh script on the server using the command:

./storm.sh start

Before execution, ensure the script has the necessary permissions:

chmod +x storm.sh

We recommend adding this script to autostart to ensure it launches automatically upon server reboot.

Note

Before execution, verify that the script uses absolute paths (starting with /).

Configuration for NAT-ed Servers

If your server (e.g., with local IP 192.150.0.120) is behind NAT and connects to the internet via a public IP (e.g., 92.80.113.140), modify the script configuring the GRE tunnel between your server and StormWall’s protection infrastructure.

Open the file in a text editor (e.g., nano):

nano storm.sh

Locate lines containing the public IP (92.80.113.140) and replace them with the server’s local IP (192.150.0.120).

Example:

OLD: BIND_IP="92.80.113.140"
NEW: BIND_IP="192.150.0.120"

Save changes and restart the script:

./storm.sh restart

Adding the Script to Autostart

Method 1: Via systemd (Recommended)

Create a service configuration file (this adds a new systemd service to the standard user service directory):

sudo nano /etc/systemd/system/stormwall.service

Paste the following configuration:

[Unit]
Description=StormWall Protection Service
After=network.target

[Service]
Type=simple
ExecStart=/full/path/to/storm.sh start
Restart=on-failure
RestartSec=5s

[Install]
WantedBy=multi-user.target

Enable and start the service:

sudo systemctl daemon-reload
sudo systemctl enable stormwall.service
sudo systemctl start stormwall.service

Verify operation:

sudo systemctl status stormwall.service # Check service status
journalctl -u stormwall.service -f # Monitor real-time logs

Note

  • The Restart=on-failure parameter automatically restarts the service on crashes
  • systemd logs are available via journalctl

    • Method 2: Via Cron (Alternative)

    Open the task scheduler (this will open your personal crontab file in a text editor):

    crontab -e

    Add the following line at the end of the file:

    @reboot /full/path/to/storm.sh start

    Method 3: Script Daemonization

    This method is suitable when you need to run the script as a background process (daemon) without using systemd or cron.

    Option A: Using nohup (with output redirection)

    nohup /full/path/to/storm.sh start > /var/log/stormwall.log 2>&1 &

    Option B: Using disown (if the script is already running)

    /full/path/to/storm.sh start &
    disown -h %1

    Where to Add the Command:

    • For the current user: ~/.bashrc or ~/.profile.
    • System-wide: /etc/rc.local (if supported by your distribution).

    Example for /etc/rc.local:

    #!/bin/bash
    /full/path/to/storm.sh start > /var/log/stormwall.log 2>&1 &
    exit 0

    Set execute permissions:

    sudo chmod +x /etc/rc.local

    Verifying Functionality

    Check if the process is running:

    ps aux | grep storm.sh

    Monitor logs (if output redirection was used):

    tail -f /var/log/stormwall.log