diff options
| author | makefu <github@syntax-fehler.de> | 2013-01-14 14:46:22 +0100 |
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2013-01-14 14:46:22 +0100 |
| commit | dbe2d838ba6834788265029162b2dd7d82473335 (patch) | |
| tree | a4eb38f7fc91d91269b6f83453de62242c6ddc23 /retiolum/scripts/tinc_setup | |
| parent | 5a782f6c8f7923f9f415afd504ce6e71acbc7fef (diff) | |
| parent | abf9916bc1add17888308877fa4eb9da330297ef (diff) | |
Merge branch 'master' of github.com:krebscode/painload
Conflicts:
god/temper/Makefile
god/temper/collectd-temper.sh
Diffstat (limited to 'retiolum/scripts/tinc_setup')
| -rw-r--r-- | retiolum/scripts/tinc_setup/bootstrap.sh | 11 | ||||
| -rwxr-xr-x | retiolum/scripts/tinc_setup/install.sh | 8 | ||||
| -rwxr-xr-x | retiolum/scripts/tinc_setup/new_install.sh | 407 | ||||
| -rw-r--r-- | retiolum/scripts/tinc_setup/write_channel.py | 27 |
4 files changed, 411 insertions, 42 deletions
diff --git a/retiolum/scripts/tinc_setup/bootstrap.sh b/retiolum/scripts/tinc_setup/bootstrap.sh deleted file mode 100644 index 32919e7d..00000000 --- a/retiolum/scripts/tinc_setup/bootstrap.sh +++ /dev/null @@ -1,11 +0,0 @@ -if [ ! `id -u` -eq "0" ] -then - echo "not root, trying sudo" - exec sudo "$0" "$@" -fi - -mkdir -p /etc/tinc/retiolum/ -git clone git://github.com/miefda/retiolum.git /etc/tinc/retiolum/hosts -cd /etc/tinc/retiolum/hosts/.scripts - -echo "use the build script of your choice from /etc/tinc/retiolum/hosts/.scripts" diff --git a/retiolum/scripts/tinc_setup/install.sh b/retiolum/scripts/tinc_setup/install.sh index a6b50b8a..a72d2b8b 100755 --- a/retiolum/scripts/tinc_setup/install.sh +++ b/retiolum/scripts/tinc_setup/install.sh @@ -45,7 +45,7 @@ then then printf 'select v4 subnet ip (1-255): ' read v4num - until $MYBIN/check-free-retiolum-v4 $v4num; do + until $MYBIN/check-free-retiolum-v4 10.243.0.$v4num; do echo "your're an idiot!" printf 'select unused v4 subnet ip (1-255): ' read v4num @@ -63,8 +63,8 @@ fi cat>tinc.conf<<EOF Name = $myname ConnectTo = euer -ConnectTo = oxberg -ConnectTo = pa_sharepoint +ConnectTo = albi10 +ConnectTo = pigstarter ConnectTo = supernode Device = /dev/net/tun EOF @@ -73,7 +73,7 @@ if [ ! -e rsa_key.priv ] then echo "creating new keys" tincd -n $netname -K - python ${CURR}/write_channel.py $myname || \ + $MYBIN/announce_pubkey $myname || \ echo "cannot write public key to IRC, you are on your own. Good Luck" else echo "key files already exist, skipping" diff --git a/retiolum/scripts/tinc_setup/new_install.sh b/retiolum/scripts/tinc_setup/new_install.sh new file mode 100755 index 00000000..85a61be8 --- /dev/null +++ b/retiolum/scripts/tinc_setup/new_install.sh @@ -0,0 +1,407 @@ +#!/bin/sh + +#get sudo +if test "${nosudo-false}" != true -a `id -u` != 0; then + echo "we're going sudo..." >&2 + exec sudo -E "$0" "$@" + exit 23 # go to hell +fi +set -euf +# +SUBNET4=${SUBNET4:-10.243} +SUBNET6=${SUBNET6:-42} +TEMPDIR=${TEMPDIR:-auto} +TINCDIR=${TINCDIR:-auto} + +if type hostname >/dev/null ;then SYSHOSTN=${HOSTNAME:-$(hostname)} +elif type uci >/dev/null ;then SYSHOSTN=$(uci get system.@system[0].hostname) +elif [ -e /etc/hostname ] ;then SYSHOSTN=$(cat /etc/hostname) +else SYSHOSTN="unknown" +fi + +#overwrite `found` hostname +HOSTN=${HOSTN:-$SYSHOSTN} +NETNAME=${NETNAME:-retiolum} +MASK4=${MASK4:-16} +MASK6=${MASK6:-16} +RMASK=${RMASK:-255.255.0.0} +URL=${URL:-http://euer.krebsco.de/retiolum/hosts.tar.gz} +SURL=${SURL:-http://euer.krebsco.de/retiolum/supernodes.tar.gz} + +IRCCHANNEL=${IRCCHANNEL:-"#krebsco"} +IRCSERVER=${IRCSERVER:-"irc.freenode.net"} +IRCPORT=${IRCPORT:-6667} + +OS=${OS:-0} + +IP4=${IP4:-0} +IP6=${IP6:-0} + +RAND4=1 +RAND6=1 + +usage() +{ +cat << EOF +usage $0 options +This script gets you into the KREBS Darknet +all parameters are optional + +Options: + -h Show this message(haha) + -4 \$ipv4 specify an ip(version 4), this also disables random ip mode, default is random + -6 \$ipv6 specify an ip(version 6), this also disables random ip mode, default is random + -s \$SUBNET Choose another Subnet(version4), default is 10.243 + -x \$SUBNET Choose another Subnet(version6), default is 42 + -m \$MASK Choose another Subnet Mask(version4), default is 16 + -j \$MASK Choose another Subnet Mask(version6), default is 16 + -t \$DIR Choose another Temporary directory, default is /tmp/tinc-install-fu + -o \$HOST Choose another Hostname, default is your system hostname + -n \$NET Choose another tincd netname,this also specifies the path to your tinc config, default is retiolum + -u \$URL specify another hostsfiles.tar.gz url, default is http://euer.krebsco.de/retiolum/hosts.tar.gz + -l \$OS specify an OS, numeric parameter.0=Automatic 1=Linux 2=Android, disables automatic OS-finding, default is 0 + -r \$ADDR give the node an reachable remote address, ipv4 or dns +EOF +} + +#convert hostmask to subnetmask only version 4 +host2subnet() +{ + NEEDDOTSINSUB=$(expr 3 - $( echo $SUBNET4 | tr -C -d . | wc -c)) + case $NEEDDOTSINSUB in + 3) FULLSUBNET=$SUBNET4.0.0.0 ;; + 2) FULLSUBNET=$SUBNET4.0.0 ;; + 1) FULLSUBNET=$SUBNET4.0 ;; + 0) FULLSUBNET=$SUBNET4 ;; + *) echo "cannot read subnet" && exit 1;; + esac +} + +#check if ip is valid ipv4 function +check_ip_valid4() +{ + if [ "$(echo $1 | awk -F"\." ' $0 ~ /^([0-9]{1,3}\.){3}[0-9]{1,3}$/ && $1 <=255 && $2 <= 255 && $3 <= 255 && $4 <= 255 ' 2>/dev/null)" == "$1" ] && [ ${1:0:${#SUBNET4}} == $SUBNET4 ] + then + return 0 + else + return 1 + fi +} + +#check if ip is valid ipv6 function +check_ip_valid6() +{ + if [ "$(echo $1 | awk -F"." ' $0 ~ /^([0-9a-fA-F]{1,4}\:){7}[0-9a-fA-F]{1,4}$/' 2>/dev/null)" == $1 ] && [ ${1:0:${#SUBNET6}} == $SUBNET6 ] + then + return 0 + else + return 1 + fi +} + +#check if ip is taken function +check_ip_taken() +{ + if grep -q -r -E "$1(#|/)" $TEMPDIR/hosts/ ;then + return 1 + else + return 0 + fi +} + +#if hostname is taken, count upwards until it isn't taken function +get_hostname() +{ + TSTFILE=$TEMPDIR/hosts/$1 + LCOUNTER=0 + if test -e $TSTFILE; then + while test -e $TSTFILE; do + let LCOUNTER=LCOUNTER+1 + TSTFILE=$TEMPDIR/hosts/$1$LCOUNTER + done + HOSTN=$1$LCOUNTER + else + HOSTN=$1 + fi +} + +#os autodetection +find_os() +{ + if grep -qe 'Linux' /etc/*release 2>/dev/null || grep -qe 'Linux' /etc/issue 2>/dev/null; then + OS=1 + elif type getprop >/dev/null; then + OS=2 + elif test -e /etc/openwrt_release; then + OS=3 + else + echo "Cannot determine your operating system, falling back to Linux" + OS=1 + fi +} + +if [ $IP4 -eq 0 ]; then + RAND4=1 +elif ! check_ip_valid4 $IP4; then + echo 'ip4 is invalid' + exit 1 +fi +if [ $IP6 -eq 0 ]; then + RAND6=1 +elif ! check_ip_valid6 $IP6; then + echo 'ip6 is invalid' + exit 1 +fi + +#find OS +if [ $OS -eq 0 ]; then + find_os +fi + +#check if everything is installed +if ! type awk >/dev/null; then + echo "Please install awk" + exit 1 +fi + +if ! type curl >/dev/null; then + if ! type wget >/dev/null; then + echo "Please install curl or wget" + exit 1 + else + LOADER='wget -O-' + fi +else + LOADER=curl +fi + +if ! $(ping -c 1 -W 5 euer.krebsco.de 1>/dev/null) ;then + echo "Cant reach euer, check if your internet is working" + exit 1 +fi + + +#parse options +while getopts "h4:6:s:x:m:j:t:o:n:u:l:" OPTION +do + case $OPTION in + h) + usage + exit 1 + ;; + 4) + IP4=$OPTARG + RAND4=0 + if ! check_ip_valid4 $IP4; then echo "ipv4 is invalid" && exit 1; fi + ;; + 6) + IP6=$OPTARG + RAND6=0 + if ! check_ip_valid6 $IP6; then echo "ipv6 is invalid" && exit 1; fi + ;; + s) + SUBNET4=$OPTARG + ;; + x) + SUBNET6=$OPTARG + ;; + m) + MASK4=$OPTARG + ;; + j) + MASK6=$OPTARG + ;; + t) + TEMPDIR=$OPTARG + ;; + o) + HOSTN=$OPTARG + ;; + n) + NETNAME=$OPTARG + ;; + u) + URL=$OPTARG + if $(! curl -s --head $URL | head -n 1 | grep "HTTP/1.[01] [23].." > /dev/null); then + echo "url not reachable" + exit 1 + fi + ;; + l) + OS=$OPTARG + if ! [ "$(echo $OS | awk -F"." ' $0 ~ /^[0-2]$/' )" == $OS ]; then + echo "invalid input for OS" + exit 1 + fi + ;; + r) + ADDR=$OPTARG + ;; + + esac +done + +#check for OS +if [ $OS -eq 0 ]; then + find_os +fi + +#check if everything is installed +if [ $OS -eq 2 ]; then + if ! test -e /data/data/org.poirsouille.tinc_gui/files/tincd; then + echo "Please install tinc-gui" + exit 1 + else + TINCBIN=/data/data/org.poirsouille.tinc_gui/files/tincd + if [ $TINCDIR = 'auto' ]; then TINCDIR=/usr/local/etc/tinc ;fi + if [ $TEMPDIR = 'auto' ]; then TEMPDIR=/data/secure/data ;fi + fi +else + if ! type tincd >/dev/null; then + echo "Please install tinc" + exit 1 + else + TINCBIN=tincd + if [ $TINCDIR = 'auto' ]; then TINCDIR=/etc/tinc ;fi + if [ $TEMPDIR = 'auto' ]; then TEMPDIR=/tmp/tinc-install-fu ;fi + fi +fi + +#generate full subnet information for v4 + +#test if tinc directory already exists +if test -e $TINCDIR/$NETNAME; then + echo "tinc config directory $TINCDIR/$NETNAME does already exist. (backup and) delete config directory and restart" + exit 1 +fi + +#get tinc-hostfiles +mkdir -p $TEMPDIR/hosts +$LOADER $URL | tar zx -C $TEMPDIR/hosts/ + +#check for free ip +#version 4 +until check_ip_taken $IP4; do + if [ $RAND4 -eq 1 ]; then + IP4="$SUBNET4.$(( $(head /dev/urandom | tr -dc "123456789" | head -c3) %255)).$(( $(head /dev/urandom | tr -dc "123456789" | head -c3) %255))" + else + printf 'choose new ip: ' + read IP4 + while ! check_ip_valid4 $IP4; do + printf 'the ip is invalid, retard, choose a valid ip: ' + read IP4 + done + fi +done + +#version 6 +until check_ip_taken $IP6; do + if [ $RAND6 -eq 1 ]; then + NETLENGTH=$(expr $(expr 128 - $MASK6) / 4) + IP6="$SUBNET6$(head /dev/urandom | tr -dc "0123456789abcdef" | head -c$NETLENGTH | sed 's/..../:&/g')" #todo: generate ip length from hostmask + else + printf 'ip taken, choose new ip: ' + + read IP6 + while ! check_ip_valid6 $IP6; do + printf 'the ip is invalid, retard, choose a valid ip: ' + read IP6 + done + fi +done + + +#check for free hostname +get_hostname $HOSTN + + +#create the configs +mkdir -p $TINCDIR/$NETNAME +cd $TINCDIR/$NETNAME + +if [ $OS -eq 3 ]; then + mkdir hosts + $LOADER $SURL | tar xz -C hosts/ +else + mv $TEMPDIR/hosts ./ +fi + +rm -r $TEMPDIR || echo "$TEMPDIR does not exist, skipping removal" + +echo "Subnet = $IP4" > hosts/$HOSTN +echo "Subnet = $IP6" >> hosts/$HOSTN + +cat>tinc.conf<<EOF +Name = $HOSTN +Device = /dev/net/tun + +#newer tinc features +LocalDiscovery = yes +AutoConnect = 3 + +#ConnectTos +ConnectTo = supernode +ConnectTo = pigstarter +ConnectTo = pico +EOF + +host2subnet $MASK4 + +#check if ip is installed +if type ip >/dev/null; then + echo 'dirname="`dirname "$0"`"' > tinc-up + echo '' >> tinc-up + echo 'conf=$dirname/tinc.conf' >> tinc-up + echo '' >> tinc-up + echo 'name=$(sed -n "s|^ *Name *= *\([^ ]*\) *$|\\1|p" $conf)' >> tinc-up + echo '' >> tinc-up + echo 'host=$dirname/hosts/$name' >> tinc-up + echo '' >> tinc-up + echo 'ip link set $INTERFACE up' >> tinc-up + echo '' >> tinc-up + echo "addr4=\$(sed -n \"s|^ *Subnet *= *\\($SUBNET4[.][^ ]*\\) *\$|\\\\1|p\" \$host)" >> tinc-up + echo 'ip -4 addr add $addr4 dev $INTERFACE' >> tinc-up + echo "ip -4 route add $FULLSUBNET/$MASK4 dev \$INTERFACE" >> tinc-up + echo '' >> tinc-up + echo "addr6=\$(sed -n \"s|^ *Subnet *= *\\($SUBNET6[:][^ ]*\\) *\$|\\\\1|p\" \$host)" >> tinc-up + echo 'ip -6 addr add $addr6 dev $INTERFACE' >> tinc-up + echo "ip -6 route add $SUBNET6::/$MASK6 dev \$INTERFACE" >> tinc-up +else + echo 'dirname="`dirname "$0"`"' > tinc-up + echo '' >> tinc-up + echo 'conf=$dirname/tinc.conf' >> tinc-up + echo '' >> tinc-up + echo 'name=$(sed -n "s|^ *Name *= *\([^ ]*\) *$|\\1|p" $conf)' >> tinc-up + echo '' >> tinc-up + echo 'host=$dirname/hosts/$name' >> tinc-up + echo '' >> tinc-up + echo "addr4=\$(sed -n \"s|^ *Subnet *= *\\($SUBNET4[.][^ ]*\\) *$|\\\\1|p\" \$host)" >> tinc-up + echo 'ifconfig $INTERFACE $addr4' >> tinc-up + echo "route add -net $FULLSUBNET netmask $RMASK dev \$INTERFACE " >> tinc-up +fi + +#fix permissions +chmod +x tinc-up +chown -R root:root . + +#generate keys with tinc +if type tincctl >/dev/null; then + yes | tincctl -n $NETNAME generate-keys + cat rsa_key.pub >> hosts/$HOSTN +else + yes | $TINCBIN -n $NETNAME -K +fi + +#write to irc-channel +NICK="${HOSTN}_$(head /dev/urandom | tr -dc "0123456789" | head -c3)" + +( echo "NICK $NICK"; + echo "USER $NICK $IRCSERVER bla : $NICK"; + echo "JOIN $IRCCHANNEL"; + sleep 23; + sed "s/^\(.*\)/PRIVMSG $IRCCHANNEL : \1/" hosts/$HOSTN; + sleep 5; ) | telnet $IRCSERVER $IRCPORT + + +# finish what you have begun! +tincd -n $NETNAME diff --git a/retiolum/scripts/tinc_setup/write_channel.py b/retiolum/scripts/tinc_setup/write_channel.py deleted file mode 100644 index 8299fa8d..00000000 --- a/retiolum/scripts/tinc_setup/write_channel.py +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/python -import random, sys, time, socket -try: - myname=sys.argv[1] -except: - print("you are made of stupid") - exit (23) - -CHANNEL = '#krebsco' -HOST='irc.freenode.net' -FILE="/etc/tinc/retiolum/hosts/"+myname -PORT=6667 -NICK= myname+"_"+str(random.randint(23,666)) - -print("Connecting...") -sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM) -sock.connect((HOST,PORT)) -print(NICK) -sock.send("NICK %s\r\n" % NICK) -sock.send("USER %s %s bla : %s\r\n" %(NICK,HOST,NICK)) -sock.send("JOIN %s\r\n" % CHANNEL) -time.sleep(23) -f = open(FILE,'r') -a = [ sock.send("PRIVMSG %s : %s" % ( CHANNEL,line)) for line in f] -time.sleep(5) #because irc is so lazy -print("closing socket") -sock.close() |