diff options
Diffstat (limited to 'filehooker/root-image')
18 files changed, 125 insertions, 62 deletions
diff --git a/filehooker/root-image/etc/systemd/system/dhcpcd.service.d/force-reboot.conf b/filehooker/root-image/etc/systemd/system/dhcpcd.service.d/force-reboot.conf new file mode 100644 index 00000000..5b506341 --- /dev/null +++ b/filehooker/root-image/etc/systemd/system/dhcpcd.service.d/force-reboot.conf @@ -0,0 +1,2 @@ +[Service] +StartLimitAction=reboot-force diff --git a/filehooker/root-image/etc/systemd/system/filehooker-hostname.service b/filehooker/root-image/etc/systemd/system/filehooker-hostname.service index 67879d82..8a23773c 100644 --- a/filehooker/root-image/etc/systemd/system/filehooker-hostname.service +++ b/filehooker/root-image/etc/systemd/system/filehooker-hostname.service @@ -1,6 +1,6 @@ [Unit] Description=change filehooker hostname -Before=network.target +Before=network.target nss-lookup.target [Service] Type=oneshot diff --git a/filehooker/root-image/etc/systemd/system/getty@tty1.service.d/autologin.conf b/filehooker/root-image/etc/systemd/system/getty@tty1.service.d/autologin.conf index d1d8474c..5c6618c5 100644 --- a/filehooker/root-image/etc/systemd/system/getty@tty1.service.d/autologin.conf +++ b/filehooker/root-image/etc/systemd/system/getty@tty1.service.d/autologin.conf @@ -1,3 +1,3 @@ [Service] ExecStart= -ExecStart=-/sbin/agetty --autologin root --noclear %I 38400 linux +#ExecStart=-/sbin/agetty --autologin root --noclear %I 38400 linux diff --git a/filehooker/root-image/etc/systemd/system/start-ncdc.service b/filehooker/root-image/etc/systemd/system/start-ncdc.service deleted file mode 100644 index 8099678d..00000000 --- a/filehooker/root-image/etc/systemd/system/start-ncdc.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=ncdc autoconfig -Requires=network.target local-fs.target - -[Service] -Type=oneshot -RemainAfterExit=yes -KillMode=none -ExecStart=sh /krebs/bin/startup_ncdc.ship -ExecStop=sudo -u hooker /usr/bin/tmux send-keys -t dcpp:ncdc "/quit" C-m - -[Install] -WantedBy=multi-user.target diff --git a/filehooker/root-image/etc/systemd/system/start-ncdc@.service b/filehooker/root-image/etc/systemd/system/start-ncdc@.service new file mode 100644 index 00000000..2c897126 --- /dev/null +++ b/filehooker/root-image/etc/systemd/system/start-ncdc@.service @@ -0,0 +1,13 @@ +[Unit] +Description=ncdc autoconfig and startup for %i +Requires=network.target local-fs.target + +[Service] +Type=oneshot +RemainAfterExit=yes +#KillMode=none +ExecStart=/usr/bin/tmux new-session -n startup -d "/bin/sh /krebs/bin/start-ncdc.ship" +ExecStop=/usr/bin/sudo -u %i /usr/bin/tmux send-keys -t dcpp:ncdc "/quit" C-m + +[Install] +WantedBy=multi-user.target diff --git a/filehooker/root-image/etc/systemd/system/tor-announce.service b/filehooker/root-image/etc/systemd/system/tor-configure-hidden.service index 818a5c4c..c9b8f20f 100644 --- a/filehooker/root-image/etc/systemd/system/tor-announce.service +++ b/filehooker/root-image/etc/systemd/system/tor-configure-hidden.service @@ -1,11 +1,11 @@ [Unit] Description=Announce Tor Hidden Address -After=network.target +After=network.target nss-lookup.target [Service] Type=oneshot RemainAfterExit=yes -ExecStart=/krebs/bin/tor_announce.ship +ExecStart=/krebs/bin/tor_configure_hidden_service.ship [Install] WantedBy=multi-user.target diff --git a/filehooker/root-image/krebs/bin/filehooker_configure_ncdc.ship b/filehooker/root-image/krebs/bin/filehooker_configure_ncdc.ship deleted file mode 100755 index 62d3b4f7..00000000 --- a/filehooker/root-image/krebs/bin/filehooker_configure_ncdc.ship +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/env ship -#TODO waiting for ship2 -#@info -#@strict -set -euf -#@include filehooker -. /krebs/lib/filehooker - -dc_hub="adcs://elch.nsupdate.info:2781" -nick="$(cat /etc/hostname)" - -ncdc_install - -ncdc_configure_nick "$nick" -ncdc_configure_hub "$dc_hub" diff --git a/filehooker/root-image/krebs/bin/filehooker_configure_netshare.ship b/filehooker/root-image/krebs/bin/filehooker_configure_netshare.ship deleted file mode 100755 index f45ffeac..00000000 --- a/filehooker/root-image/krebs/bin/filehooker_configure_netshare.ship +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh -#@info -#@strict -#@include filehooker -#for i in $(prepare_netshares) ;do - #ncdc_configure_netshare "$i" "${i##*/}" -#done diff --git a/filehooker/root-image/krebs/bin/refresh-shares.ship b/filehooker/root-image/krebs/bin/refresh-shares.ship new file mode 100755 index 00000000..99c0b748 --- /dev/null +++ b/filehooker/root-image/krebs/bin/refresh-shares.ship @@ -0,0 +1,11 @@ +#!/bin/sh +#TODO: +#!/usr/bin/env ship +set -euf +#@include filehooker +. /krebs/lib/filehooker +ncdc_user="hooker" + +share_all_partitions + +exit 0 diff --git a/filehooker/root-image/krebs/bin/start-ncdc.ship b/filehooker/root-image/krebs/bin/start-ncdc.ship index 393c05cc..e190ec06 100644..100755 --- a/filehooker/root-image/krebs/bin/start-ncdc.ship +++ b/filehooker/root-image/krebs/bin/start-ncdc.ship @@ -7,7 +7,7 @@ ncdc_user="hooker" useradd -m $ncdc_user ||: dc_hub="adcs://elch.nsupdate.info:2781" -ncdc_configure_hub "$dc_hub" +ncdc_configure_hub "$dc_hub" "elch" nick=$(get_hostname) ncdc_configure_nick "$nick" @@ -15,3 +15,4 @@ ncdc_configure_nick "$nick" share_all_partitions sudo -u $ncdc_user /usr/bin/tmux new-session -s dcpp -n ncdc -d ncdc +exit 0 diff --git a/filehooker/root-image/krebs/bin/tor-get-hidden-service.sh b/filehooker/root-image/krebs/bin/tor-get-hidden-service.sh new file mode 100755 index 00000000..c9946366 --- /dev/null +++ b/filehooker/root-image/krebs/bin/tor-get-hidden-service.sh @@ -0,0 +1,2 @@ +#!/bin/sh +cat /var/lib/tor/hidden_service/hostname diff --git a/filehooker/root-image/krebs/bin/tor_announce.ship b/filehooker/root-image/krebs/bin/tor_configure_hidden_service.ship index ec4f33b6..1e026d26 100755 --- a/filehooker/root-image/krebs/bin/tor_announce.ship +++ b/filehooker/root-image/krebs/bin/tor_configure_hidden_service.ship @@ -14,11 +14,3 @@ test ! -e $hidden_service_dir/hostname && \ info "hidden service file does not exist, restarting tor" && \ systemctl restart tor && \ sleep 1 - -while ! internet;do - info "no internet yet, sleeping" - sleep $sleep_time -done - -NICK=$(get_hostname) -cat "$hidden_service_dir/hostname" | send_irc diff --git a/filehooker/root-image/krebs/bin/vim_sane_defaults.ship b/filehooker/root-image/krebs/bin/vim_sane_defaults.ship index fcc7ffcf..fcc7ffcf 100644..100755 --- a/filehooker/root-image/krebs/bin/vim_sane_defaults.ship +++ b/filehooker/root-image/krebs/bin/vim_sane_defaults.ship diff --git a/filehooker/root-image/krebs/etc/Reaktor/commands/onion b/filehooker/root-image/krebs/etc/Reaktor/commands/onion new file mode 100755 index 00000000..1a202991 --- /dev/null +++ b/filehooker/root-image/krebs/etc/Reaktor/commands/onion @@ -0,0 +1,3 @@ +#!/bin/sh + +sudo -u tor /krebs/bin/tor-get-hidden-service.sh || echo "no hidden service configured" diff --git a/filehooker/root-image/krebs/etc/Reaktor/commands/shares b/filehooker/root-image/krebs/etc/Reaktor/commands/shares new file mode 100755 index 00000000..1601d584 --- /dev/null +++ b/filehooker/root-image/krebs/etc/Reaktor/commands/shares @@ -0,0 +1,2 @@ +#!/bin/sh +df -h | grep '/media/' diff --git a/filehooker/root-image/krebs/etc/Reaktor/config.py b/filehooker/root-image/krebs/etc/Reaktor/config.py new file mode 100644 index 00000000..501edb70 --- /dev/null +++ b/filehooker/root-image/krebs/etc/Reaktor/config.py @@ -0,0 +1,39 @@ +import socket + +debug = False + +name = socket.gethostname() + +irc_alarm_timeout = 300 +irc_hammer_interval = 10 +irc_kill_timeout = 360 +irc_nickname = name +irc_server = 'irc.freenode.org' +irc_port = 6667 +irc_channels = [ + '#filehooker' +] + +def default_command(cmd): + return { + 'capname': cmd, + 'pattern': '^(?:' + name + '|\\*):\\s*' + cmd + '\\s*(?:\\s+(?P<args>.*))?$', + 'argv': [ 'commands/' + cmd ] } + +commands = [ + default_command('caps'), + default_command('hello'), + default_command('reload'), + default_command('badcommand'), + default_command('rev'), + default_command('uptime'), + default_command('shares'), + default_command('onion'), + default_command('nocommand'), + # command not found + { 'pattern': '^(?:' + name + '|\\*):.*', + 'argv': [ 'commands/respond','You are made of stupid!'] }, + # "highlight" + { 'pattern': '.*\\b' + name + '\\b.*', + 'argv': [ 'commands/say', 'I\'m famous' ] } +] diff --git a/filehooker/root-image/krebs/lib/filehooker b/filehooker/root-image/krebs/lib/filehooker index 90d887bd..c72d4d51 100644 --- a/filehooker/root-image/krebs/lib/filehooker +++ b/filehooker/root-image/krebs/lib/filehooker @@ -5,9 +5,12 @@ ncdc_user=${ncdc_user:-hooker} ncdc_bin=${ncdc_bin:-/usr/bin/ncdc} + ncdc_config(){ # maybe we want to use the running ncdc process and communicate via tmux send-keys ? - (sleep 1;cat;printf "/quit\n") | sudo -u $ncdc_user "$ncdc_bin" + txt="$(cat)" + (sleep 1;printf "%s" "$txt";printf "/quit\n") | sudo -u $ncdc_user "$ncdc_bin" 2>/dev/null || \ + sudo -u $ncdc_user /usr/bin/tmux send-keys -t dcpp:ncdc "$txt" C-m } ncdc_configure_netshare(){ @@ -27,8 +30,8 @@ ncdc_configure_nick(){ } ncdc_configure_hub(){ rnd=`hexdump -n 2 -e '/2 "%u"' /dev/urandom` - hubname="hub_$rnd" hub=${1?adcs://localhost:2781} + hubname="${2:-hub_$rnd}" info "configuring DC Hub: $hub, activating autconnect" info "setting active as true" (echo "/open ${hubname} ${hub}" ; @@ -119,20 +122,27 @@ info "enable tor_announce" systemctl enable tor_announce systemctl start tor_announce } - +is_mounted(){ + cat /etc/mtab| cut -d\ -f 1 | grep -q "^$1$" && info "$1 is already mounted" +} share_all_partitions(){ count=0 - find /dev -name '[shv]d[a-z][0-9]' | while read disk;do - size=$(get_disksize $disk) - if test "$size" -gt "$min_netshare_size"; + # all /dev/sdX and all mapped devices + (find /dev -name '[shv]d[a-z][0-9]';find /dev/mapper ! -type d)| while read disk;do + size=$(get_disksize $disk 2>/dev/null) + + if test "$size" -gt "$min_netshare_size" 2>/dev/null ; #&& ! is_mounted "$disk"; then info "trying disk $disk" mountpoint=/media/vag$count mkdir -p $mountpoint - umount $mountpoint 2>&1 >/dev/null && info "$mountpoint unmounted" || : - ! mount $disk $mountpoint && error "cannot mount $disk" && continue + umount $disk >/dev/null 2>&1 && info "remounting $disk" || : + umount $mountpoint >/dev/null 2>&1 && info "unmounting old mountpoint $mountpoint" || : + ! mount $disk $mountpoint >/dev/null 2>&1 && error "cannot mount $disk" && continue + chown "$ncdc_user" "$mountpoint" : $((count++)) - ncdc_configure_netshare "$mountpoint" "$(basename $mountpoint)" + ncdc_configure_netshare "$mountpoint" "$(basename $mountpoint)" 2>/dev/null + info "$mountpoint is mounted and shared" else info "skipping $disk" fi diff --git a/filehooker/root-image/root/customize_root_image.sh b/filehooker/root-image/root/customize_root_image.sh index 2f5579d9..97f625ee 100755 --- a/filehooker/root-image/root/customize_root_image.sh +++ b/filehooker/root-image/root/customize_root_image.sh @@ -1,6 +1,8 @@ #!/bin/bash set -e -u -f -x +reaktor_user=reaktor +ncdc_user=hooker sed -i 's/#\(en_US\.UTF-8\)/\1/' /etc/locale.gen locale-gen @@ -19,7 +21,9 @@ chmod 700 -R /home/pimp/.ssh/ cp /krebs/etc/authorized_keys /root/.ssh/ -chown -R root:root /etc /root /krebs /usr/bin +useradd -m hooker ||: + +chown -R root:root /etc /root /krebs chmod 750 /etc/sudoers.d chmod 440 /etc/sudoers.d/g_wheel @@ -29,15 +33,34 @@ sed -i 's/#\(Storage=\)auto/\1volatile/' /etc/systemd/journald.conf /krebs/bin/vim_sane_defaults.ship sudo -u pimp /krebs/bin/vim_sane_defaults.ship +## load latest ncdc if not available test -e /usr/bin/ncdc || \ curl http://dev.yorhel.nl/download/ncdc-linux-x86_64-1.19.tar.gz | \ tar xz -C "/usr/bin" -systemctl enable multi-user.target \ +## load latest painload if not available +test ! -e /krebs/painload/Reaktor && \ + curl https://codeload.github.com/krebscode/painload/tar.gz/master | \ + tar xz -C "/krebs" && \ + mv /krebs/painload-master /krebs/painload + +useradd $reaktor_user || : +## needed to see the hidden service hostname +echo "$reaktor_user ALL=(tor) NOPASSWD: /krebs/bin/tor-get-hidden-service.sh" >> /etc/sudoers.d/get_root + +cp /krebs/painload/Reaktor/etc/systemd/system/Reaktor@.service \ + /etc/systemd/system +# add bonus features for filehooker +cp -a /krebs/etc/Reaktor /krebs/painload + +for i in multi-user.target \ pacman-init.service \ choose-mirror.service \ - tor-announce.service \ + tor-configure-hidden.service \ + Reaktor@${reaktor_user}.service \ filehooker-hostname.service \ - start-ncdc.service \ + start-ncdc@${ncdc_user}.service \ sshd.service \ - tor.service + tor.service ;do + systemctl enable "$i" +done |