summaryrefslogtreecommitdiffstats
path: root/filehooker
diff options
context:
space:
mode:
Diffstat (limited to 'filehooker')
-rw-r--r--filehooker/packages.both13
-rw-r--r--filehooker/root-image/etc/systemd/system/dhcpcd.service.d/force-reboot.conf2
-rw-r--r--filehooker/root-image/etc/systemd/system/filehooker-hostname.service2
-rw-r--r--filehooker/root-image/etc/systemd/system/getty@tty1.service.d/autologin.conf2
-rw-r--r--filehooker/root-image/etc/systemd/system/start-ncdc.service13
-rw-r--r--filehooker/root-image/etc/systemd/system/start-ncdc@.service13
-rw-r--r--filehooker/root-image/etc/systemd/system/tor-configure-hidden.service (renamed from filehooker/root-image/etc/systemd/system/tor-announce.service)4
-rwxr-xr-xfilehooker/root-image/krebs/bin/filehooker_configure_ncdc.ship15
-rwxr-xr-xfilehooker/root-image/krebs/bin/filehooker_configure_netshare.ship7
-rwxr-xr-xfilehooker/root-image/krebs/bin/refresh-shares.ship11
-rwxr-xr-x[-rw-r--r--]filehooker/root-image/krebs/bin/start-ncdc.ship3
-rwxr-xr-xfilehooker/root-image/krebs/bin/tor-get-hidden-service.sh2
-rwxr-xr-xfilehooker/root-image/krebs/bin/tor_configure_hidden_service.ship (renamed from filehooker/root-image/krebs/bin/tor_announce.ship)8
-rwxr-xr-x[-rw-r--r--]filehooker/root-image/krebs/bin/vim_sane_defaults.ship0
-rwxr-xr-xfilehooker/root-image/krebs/etc/Reaktor/commands/onion3
-rwxr-xr-xfilehooker/root-image/krebs/etc/Reaktor/commands/shares2
-rw-r--r--filehooker/root-image/krebs/etc/Reaktor/config.py39
-rw-r--r--filehooker/root-image/krebs/lib/filehooker28
-rwxr-xr-xfilehooker/root-image/root/customize_root_image.sh33
19 files changed, 126 insertions, 74 deletions
diff --git a/filehooker/packages.both b/filehooker/packages.both
index 1a047a53..a3cb6484 100644
--- a/filehooker/packages.both
+++ b/filehooker/packages.both
@@ -1,4 +1,5 @@
arch-install-scripts
+python
btrfs-progs
crda
dhclient
@@ -7,7 +8,6 @@ dmraid
dnsmasq
dnsutils
dosfstools
-elinks
ethtool
f2fs-tools
fsarchiver
@@ -15,10 +15,7 @@ gnu-netcat
gpm
gptfdisk
grml-zsh-config
-grub
-haveged
hdparm
-irssi
lftp
linux-atm
mtools
@@ -28,22 +25,14 @@ ntfs-3g
ntp
openconnect
openssh
-openvpn
-parted
partimage
-pptpclient
rfkill
rsync
-speedtouch
sudo
tcpdump
-testdisk
-usb_modeswitch
-vpnc
wget
wireless_tools
wpa_actiond
-wvdial
zsh
vim
tor
diff --git a/filehooker/root-image/etc/systemd/system/dhcpcd.service.d/force-reboot.conf b/filehooker/root-image/etc/systemd/system/dhcpcd.service.d/force-reboot.conf
new file mode 100644
index 00000000..5b506341
--- /dev/null
+++ b/filehooker/root-image/etc/systemd/system/dhcpcd.service.d/force-reboot.conf
@@ -0,0 +1,2 @@
+[Service]
+StartLimitAction=reboot-force
diff --git a/filehooker/root-image/etc/systemd/system/filehooker-hostname.service b/filehooker/root-image/etc/systemd/system/filehooker-hostname.service
index 67879d82..8a23773c 100644
--- a/filehooker/root-image/etc/systemd/system/filehooker-hostname.service
+++ b/filehooker/root-image/etc/systemd/system/filehooker-hostname.service
@@ -1,6 +1,6 @@
[Unit]
Description=change filehooker hostname
-Before=network.target
+Before=network.target nss-lookup.target
[Service]
Type=oneshot
diff --git a/filehooker/root-image/etc/systemd/system/getty@tty1.service.d/autologin.conf b/filehooker/root-image/etc/systemd/system/getty@tty1.service.d/autologin.conf
index d1d8474c..5c6618c5 100644
--- a/filehooker/root-image/etc/systemd/system/getty@tty1.service.d/autologin.conf
+++ b/filehooker/root-image/etc/systemd/system/getty@tty1.service.d/autologin.conf
@@ -1,3 +1,3 @@
[Service]
ExecStart=
-ExecStart=-/sbin/agetty --autologin root --noclear %I 38400 linux
+#ExecStart=-/sbin/agetty --autologin root --noclear %I 38400 linux
diff --git a/filehooker/root-image/etc/systemd/system/start-ncdc.service b/filehooker/root-image/etc/systemd/system/start-ncdc.service
deleted file mode 100644
index 8099678d..00000000
--- a/filehooker/root-image/etc/systemd/system/start-ncdc.service
+++ /dev/null
@@ -1,13 +0,0 @@
-[Unit]
-Description=ncdc autoconfig
-Requires=network.target local-fs.target
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-KillMode=none
-ExecStart=sh /krebs/bin/startup_ncdc.ship
-ExecStop=sudo -u hooker /usr/bin/tmux send-keys -t dcpp:ncdc "/quit" C-m
-
-[Install]
-WantedBy=multi-user.target
diff --git a/filehooker/root-image/etc/systemd/system/start-ncdc@.service b/filehooker/root-image/etc/systemd/system/start-ncdc@.service
new file mode 100644
index 00000000..2c897126
--- /dev/null
+++ b/filehooker/root-image/etc/systemd/system/start-ncdc@.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=ncdc autoconfig and startup for %i
+Requires=network.target local-fs.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+#KillMode=none
+ExecStart=/usr/bin/tmux new-session -n startup -d "/bin/sh /krebs/bin/start-ncdc.ship"
+ExecStop=/usr/bin/sudo -u %i /usr/bin/tmux send-keys -t dcpp:ncdc "/quit" C-m
+
+[Install]
+WantedBy=multi-user.target
diff --git a/filehooker/root-image/etc/systemd/system/tor-announce.service b/filehooker/root-image/etc/systemd/system/tor-configure-hidden.service
index 818a5c4c..c9b8f20f 100644
--- a/filehooker/root-image/etc/systemd/system/tor-announce.service
+++ b/filehooker/root-image/etc/systemd/system/tor-configure-hidden.service
@@ -1,11 +1,11 @@
[Unit]
Description=Announce Tor Hidden Address
-After=network.target
+After=network.target nss-lookup.target
[Service]
Type=oneshot
RemainAfterExit=yes
-ExecStart=/krebs/bin/tor_announce.ship
+ExecStart=/krebs/bin/tor_configure_hidden_service.ship
[Install]
WantedBy=multi-user.target
diff --git a/filehooker/root-image/krebs/bin/filehooker_configure_ncdc.ship b/filehooker/root-image/krebs/bin/filehooker_configure_ncdc.ship
deleted file mode 100755
index 62d3b4f7..00000000
--- a/filehooker/root-image/krebs/bin/filehooker_configure_ncdc.ship
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/usr/bin/env ship
-#TODO waiting for ship2
-#@info
-#@strict
-set -euf
-#@include filehooker
-. /krebs/lib/filehooker
-
-dc_hub="adcs://elch.nsupdate.info:2781"
-nick="$(cat /etc/hostname)"
-
-ncdc_install
-
-ncdc_configure_nick "$nick"
-ncdc_configure_hub "$dc_hub"
diff --git a/filehooker/root-image/krebs/bin/filehooker_configure_netshare.ship b/filehooker/root-image/krebs/bin/filehooker_configure_netshare.ship
deleted file mode 100755
index f45ffeac..00000000
--- a/filehooker/root-image/krebs/bin/filehooker_configure_netshare.ship
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-#@info
-#@strict
-#@include filehooker
-#for i in $(prepare_netshares) ;do
- #ncdc_configure_netshare "$i" "${i##*/}"
-#done
diff --git a/filehooker/root-image/krebs/bin/refresh-shares.ship b/filehooker/root-image/krebs/bin/refresh-shares.ship
new file mode 100755
index 00000000..99c0b748
--- /dev/null
+++ b/filehooker/root-image/krebs/bin/refresh-shares.ship
@@ -0,0 +1,11 @@
+#!/bin/sh
+#TODO:
+#!/usr/bin/env ship
+set -euf
+#@include filehooker
+. /krebs/lib/filehooker
+ncdc_user="hooker"
+
+share_all_partitions
+
+exit 0
diff --git a/filehooker/root-image/krebs/bin/start-ncdc.ship b/filehooker/root-image/krebs/bin/start-ncdc.ship
index 393c05cc..e190ec06 100644..100755
--- a/filehooker/root-image/krebs/bin/start-ncdc.ship
+++ b/filehooker/root-image/krebs/bin/start-ncdc.ship
@@ -7,7 +7,7 @@ ncdc_user="hooker"
useradd -m $ncdc_user ||:
dc_hub="adcs://elch.nsupdate.info:2781"
-ncdc_configure_hub "$dc_hub"
+ncdc_configure_hub "$dc_hub" "elch"
nick=$(get_hostname)
ncdc_configure_nick "$nick"
@@ -15,3 +15,4 @@ ncdc_configure_nick "$nick"
share_all_partitions
sudo -u $ncdc_user /usr/bin/tmux new-session -s dcpp -n ncdc -d ncdc
+exit 0
diff --git a/filehooker/root-image/krebs/bin/tor-get-hidden-service.sh b/filehooker/root-image/krebs/bin/tor-get-hidden-service.sh
new file mode 100755
index 00000000..c9946366
--- /dev/null
+++ b/filehooker/root-image/krebs/bin/tor-get-hidden-service.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+cat /var/lib/tor/hidden_service/hostname
diff --git a/filehooker/root-image/krebs/bin/tor_announce.ship b/filehooker/root-image/krebs/bin/tor_configure_hidden_service.ship
index ec4f33b6..1e026d26 100755
--- a/filehooker/root-image/krebs/bin/tor_announce.ship
+++ b/filehooker/root-image/krebs/bin/tor_configure_hidden_service.ship
@@ -14,11 +14,3 @@ test ! -e $hidden_service_dir/hostname && \
info "hidden service file does not exist, restarting tor" && \
systemctl restart tor && \
sleep 1
-
-while ! internet;do
- info "no internet yet, sleeping"
- sleep $sleep_time
-done
-
-NICK=$(get_hostname)
-cat "$hidden_service_dir/hostname" | send_irc
diff --git a/filehooker/root-image/krebs/bin/vim_sane_defaults.ship b/filehooker/root-image/krebs/bin/vim_sane_defaults.ship
index fcc7ffcf..fcc7ffcf 100644..100755
--- a/filehooker/root-image/krebs/bin/vim_sane_defaults.ship
+++ b/filehooker/root-image/krebs/bin/vim_sane_defaults.ship
diff --git a/filehooker/root-image/krebs/etc/Reaktor/commands/onion b/filehooker/root-image/krebs/etc/Reaktor/commands/onion
new file mode 100755
index 00000000..1a202991
--- /dev/null
+++ b/filehooker/root-image/krebs/etc/Reaktor/commands/onion
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+sudo -u tor /krebs/bin/tor-get-hidden-service.sh || echo "no hidden service configured"
diff --git a/filehooker/root-image/krebs/etc/Reaktor/commands/shares b/filehooker/root-image/krebs/etc/Reaktor/commands/shares
new file mode 100755
index 00000000..1601d584
--- /dev/null
+++ b/filehooker/root-image/krebs/etc/Reaktor/commands/shares
@@ -0,0 +1,2 @@
+#!/bin/sh
+df -h | grep '/media/'
diff --git a/filehooker/root-image/krebs/etc/Reaktor/config.py b/filehooker/root-image/krebs/etc/Reaktor/config.py
new file mode 100644
index 00000000..501edb70
--- /dev/null
+++ b/filehooker/root-image/krebs/etc/Reaktor/config.py
@@ -0,0 +1,39 @@
+import socket
+
+debug = False
+
+name = socket.gethostname()
+
+irc_alarm_timeout = 300
+irc_hammer_interval = 10
+irc_kill_timeout = 360
+irc_nickname = name
+irc_server = 'irc.freenode.org'
+irc_port = 6667
+irc_channels = [
+ '#filehooker'
+]
+
+def default_command(cmd):
+ return {
+ 'capname': cmd,
+ 'pattern': '^(?:' + name + '|\\*):\\s*' + cmd + '\\s*(?:\\s+(?P<args>.*))?$',
+ 'argv': [ 'commands/' + cmd ] }
+
+commands = [
+ default_command('caps'),
+ default_command('hello'),
+ default_command('reload'),
+ default_command('badcommand'),
+ default_command('rev'),
+ default_command('uptime'),
+ default_command('shares'),
+ default_command('onion'),
+ default_command('nocommand'),
+ # command not found
+ { 'pattern': '^(?:' + name + '|\\*):.*',
+ 'argv': [ 'commands/respond','You are made of stupid!'] },
+ # "highlight"
+ { 'pattern': '.*\\b' + name + '\\b.*',
+ 'argv': [ 'commands/say', 'I\'m famous' ] }
+]
diff --git a/filehooker/root-image/krebs/lib/filehooker b/filehooker/root-image/krebs/lib/filehooker
index 90d887bd..c72d4d51 100644
--- a/filehooker/root-image/krebs/lib/filehooker
+++ b/filehooker/root-image/krebs/lib/filehooker
@@ -5,9 +5,12 @@
ncdc_user=${ncdc_user:-hooker}
ncdc_bin=${ncdc_bin:-/usr/bin/ncdc}
+
ncdc_config(){
# maybe we want to use the running ncdc process and communicate via tmux send-keys ?
- (sleep 1;cat;printf "/quit\n") | sudo -u $ncdc_user "$ncdc_bin"
+ txt="$(cat)"
+ (sleep 1;printf "%s" "$txt";printf "/quit\n") | sudo -u $ncdc_user "$ncdc_bin" 2>/dev/null || \
+ sudo -u $ncdc_user /usr/bin/tmux send-keys -t dcpp:ncdc "$txt" C-m
}
ncdc_configure_netshare(){
@@ -27,8 +30,8 @@ ncdc_configure_nick(){
}
ncdc_configure_hub(){
rnd=`hexdump -n 2 -e '/2 "%u"' /dev/urandom`
- hubname="hub_$rnd"
hub=${1?adcs://localhost:2781}
+ hubname="${2:-hub_$rnd}"
info "configuring DC Hub: $hub, activating autconnect"
info "setting active as true"
(echo "/open ${hubname} ${hub}" ;
@@ -119,20 +122,27 @@ info "enable tor_announce"
systemctl enable tor_announce
systemctl start tor_announce
}
-
+is_mounted(){
+ cat /etc/mtab| cut -d\ -f 1 | grep -q "^$1$" && info "$1 is already mounted"
+}
share_all_partitions(){
count=0
- find /dev -name '[shv]d[a-z][0-9]' | while read disk;do
- size=$(get_disksize $disk)
- if test "$size" -gt "$min_netshare_size";
+ # all /dev/sdX and all mapped devices
+ (find /dev -name '[shv]d[a-z][0-9]';find /dev/mapper ! -type d)| while read disk;do
+ size=$(get_disksize $disk 2>/dev/null)
+
+ if test "$size" -gt "$min_netshare_size" 2>/dev/null ; #&& ! is_mounted "$disk";
then
info "trying disk $disk"
mountpoint=/media/vag$count
mkdir -p $mountpoint
- umount $mountpoint 2>&1 >/dev/null && info "$mountpoint unmounted" || :
- ! mount $disk $mountpoint && error "cannot mount $disk" && continue
+ umount $disk >/dev/null 2>&1 && info "remounting $disk" || :
+ umount $mountpoint >/dev/null 2>&1 && info "unmounting old mountpoint $mountpoint" || :
+ ! mount $disk $mountpoint >/dev/null 2>&1 && error "cannot mount $disk" && continue
+ chown "$ncdc_user" "$mountpoint"
: $((count++))
- ncdc_configure_netshare "$mountpoint" "$(basename $mountpoint)"
+ ncdc_configure_netshare "$mountpoint" "$(basename $mountpoint)" 2>/dev/null
+ info "$mountpoint is mounted and shared"
else
info "skipping $disk"
fi
diff --git a/filehooker/root-image/root/customize_root_image.sh b/filehooker/root-image/root/customize_root_image.sh
index 2f5579d9..97f625ee 100755
--- a/filehooker/root-image/root/customize_root_image.sh
+++ b/filehooker/root-image/root/customize_root_image.sh
@@ -1,6 +1,8 @@
#!/bin/bash
set -e -u -f -x
+reaktor_user=reaktor
+ncdc_user=hooker
sed -i 's/#\(en_US\.UTF-8\)/\1/' /etc/locale.gen
locale-gen
@@ -19,7 +21,9 @@ chmod 700 -R /home/pimp/.ssh/
cp /krebs/etc/authorized_keys /root/.ssh/
-chown -R root:root /etc /root /krebs /usr/bin
+useradd -m hooker ||:
+
+chown -R root:root /etc /root /krebs
chmod 750 /etc/sudoers.d
chmod 440 /etc/sudoers.d/g_wheel
@@ -29,15 +33,34 @@ sed -i 's/#\(Storage=\)auto/\1volatile/' /etc/systemd/journald.conf
/krebs/bin/vim_sane_defaults.ship
sudo -u pimp /krebs/bin/vim_sane_defaults.ship
+## load latest ncdc if not available
test -e /usr/bin/ncdc || \
curl http://dev.yorhel.nl/download/ncdc-linux-x86_64-1.19.tar.gz | \
tar xz -C "/usr/bin"
-systemctl enable multi-user.target \
+## load latest painload if not available
+test ! -e /krebs/painload/Reaktor && \
+ curl https://codeload.github.com/krebscode/painload/tar.gz/master | \
+ tar xz -C "/krebs" && \
+ mv /krebs/painload-master /krebs/painload
+
+useradd $reaktor_user || :
+## needed to see the hidden service hostname
+echo "$reaktor_user ALL=(tor) NOPASSWD: /krebs/bin/tor-get-hidden-service.sh" >> /etc/sudoers.d/get_root
+
+cp /krebs/painload/Reaktor/etc/systemd/system/Reaktor@.service \
+ /etc/systemd/system
+# add bonus features for filehooker
+cp -a /krebs/etc/Reaktor /krebs/painload
+
+for i in multi-user.target \
pacman-init.service \
choose-mirror.service \
- tor-announce.service \
+ tor-configure-hidden.service \
+ Reaktor@${reaktor_user}.service \
filehooker-hostname.service \
- start-ncdc.service \
+ start-ncdc@${ncdc_user}.service \
sshd.service \
- tor.service
+ tor.service ;do
+ systemctl enable "$i"
+done