diff options
Diffstat (limited to 'retiolum/hosts/.scripts')
| -rw-r--r-- | retiolum/hosts/.scripts/README | 16 | ||||
| -rw-r--r-- | retiolum/hosts/.scripts/adv_graphgen/README | 28 | ||||
| -rwxr-xr-x | retiolum/hosts/.scripts/adv_graphgen/parse.py | 91 | ||||
| -rwxr-xr-x | retiolum/hosts/.scripts/adv_graphgen/sanitize.sh | 13 | ||||
| -rw-r--r-- | retiolum/hosts/.scripts/autostart/Makefile | 8 | ||||
| -rwxr-xr-x | retiolum/hosts/.scripts/autostart/tinc | 94 | ||||
| -rwxr-xr-x | retiolum/hosts/.scripts/tinc_multicast/retiolum | 34 | ||||
| -rwxr-xr-x | retiolum/hosts/.scripts/tinc_multicast/retiolum.py | 349 | ||||
| -rw-r--r-- | retiolum/hosts/.scripts/tinc_setup/README | 18 | ||||
| -rw-r--r-- | retiolum/hosts/.scripts/tinc_setup/bootstrap.sh | 11 | ||||
| -rwxr-xr-x | retiolum/hosts/.scripts/tinc_setup/build_arch.sh | 14 | ||||
| -rwxr-xr-x | retiolum/hosts/.scripts/tinc_setup/build_debian.sh | 32 | ||||
| -rwxr-xr-x | retiolum/hosts/.scripts/tinc_setup/build_debian_clean.sh | 31 | ||||
| -rwxr-xr-x | retiolum/hosts/.scripts/tinc_setup/build_ec2.sh | 16 | ||||
| -rw-r--r-- | retiolum/hosts/.scripts/tinc_setup/build_no.de.sh | 1 | ||||
| -rwxr-xr-x | retiolum/hosts/.scripts/tinc_setup/install.sh | 67 | 
16 files changed, 0 insertions, 823 deletions
| diff --git a/retiolum/hosts/.scripts/README b/retiolum/hosts/.scripts/README deleted file mode 100644 index 4dbb42af..00000000 --- a/retiolum/hosts/.scripts/README +++ /dev/null @@ -1,16 +0,0 @@ -This Folder contains all the cool scripts created for tinc_retiolum - -currently the following functions are deployed: - -adv_graphgen/ - makefu -    this folder contains a script suite which parses the interesting -    parameters from the syslog file by sending SIGUSR2 to the tinc process - -tinc_multicast/ - Miefda,Lassulus -    A tinc multicast script suite which provides automagic-discovery in a -    local network by utilizing multicast - -tinc_setup/ - makefu (i am so sorry...) -    A number of scripts which build and configure tinc on a local machine. -    Core is the install.sh script which actually writes the configuration -    and creates users as well as private/public keys diff --git a/retiolum/hosts/.scripts/adv_graphgen/README b/retiolum/hosts/.scripts/adv_graphgen/README deleted file mode 100644 index 082e0f2b..00000000 --- a/retiolum/hosts/.scripts/adv_graphgen/README +++ /dev/null @@ -1,28 +0,0 @@ -The folder contains a number of scripts which provide a convenient way to -generate advanced graphs from the SIGUSR2 output of tinc. - -it currently contains the following files: - -sanitize.sh: -    wrapper arond parse.py which filters the syslog file for all tinc -    related lines and removes the status informations:  -    this means that -    <code> -    May 19 20:40:44 servarch dnsmasq[5382]: reading /etc/resolv.conf -    May 19 20:41:38 servarch tinc.retiolum[4780]: Error looking up pa-sharepoint.informatik.ba-stuttgart.de port 655: Name or service not known -    </code> -    becomes -    <code> -    Error looking up pa-sharepoint.informatik.ba-stuttgart.de port 655: Name or service not known -    </code> -    and so on. -    It also provides a wrapper around graphviz which automagically -    generates graphs from the produced graph file - -parse.py: -    reads from stdin the sanitized syslog file and prints a valid dot file -    from the given output. -    The parser module may also produce any other output (e.g. for dns -    entries and so on) you will need to actually read and modify the source -    in order to be able to do this. ~May the source be with you~ -     diff --git a/retiolum/hosts/.scripts/adv_graphgen/parse.py b/retiolum/hosts/.scripts/adv_graphgen/parse.py deleted file mode 100755 index 04b42c33..00000000 --- a/retiolum/hosts/.scripts/adv_graphgen/parse.py +++ /dev/null @@ -1,91 +0,0 @@ -#!/usr/bin/python2 -# -*- coding: utf8 -*- - -import sys -""" TODO: Refactoring needed to pull the edges out of the node structures again, -it should be easier to handle both structures""" - -def write_digraph(nodes): -  """ -  writes the complete digraph in dot format -  """ -  print ('digraph retiolum {') -  print ('  node[shape=box,style=filled,fillcolor=grey]') -  generate_stats(nodes) -  merge_edges(nodes) -  for k,v in nodes.iteritems(): -    write_node(k,v) -  print ('}') -def generate_stats(nodes): -  """ Generates some statistics of the network and nodes -  """ -  for k,v in nodes.iteritems(): -    v['num_conns'] = len(v.get('to',[])) - -def merge_edges(nodes): -  """ merge back and forth edges into one -  DESTRUCTS the current structure by deleting "connections" in the nodes - -  """ -  for k,v in nodes.iteritems(): -    for con in v.get('to',[]): -      for i,secon in enumerate(nodes[con['name']].get('to',[])): -        if k == secon['name']: -          del (nodes[con['name']]['to'][i]) -          con['bidirectional'] = True - - -def write_node(k,v): -  """ writes a single node and its edges  -      edges are weightet with the informations inside the nodes provided by -      tinc -  """ -  node = "  "+k+"[label=\"" -  node += k+"\\l" -  node += "external:"+v['external-ip']+":"+v['external-port']+"\\l" -  if v.has_key('num_conns'): -    node += "Num Connects:"+str(v['num_conns'])+"\\l" - -  node += "internal:"+v.get('internal-ip','¯\\\\(°_o)/¯')+"\\l\"" -  if v['external-ip'] == "MYSELF": -    node += ",fillcolor=steelblue1" -  node += "]" -  print (node) -  for con in v.get('to',[]): -    edge = "  "+k+ " -> " +con['name'] + "[weight="+str(float(con['weight'])) -    if con.get('bidirectional',False): -      edge += ",dir=both" -    edge += "]" -    print edge - -def parse_input(): -  nodes={} -  for line in sys.stdin: -    line = line.replace('\n','') -    if line == 'Nodes:': -      nodes={} -      for line in sys.stdin: -        if line == 'End of nodes.\n': -          break -        l = line.replace('\n','').split() #TODO unhack me -        nodes[l[0]]= { 'external-ip': l[2], 'external-port' : l[4] } -    if line == 'Subnet list:': -      for line in sys.stdin: -        if line == 'End of subnet list.\n': -          break -        l = line.replace('\n','').split()  -        nodes[l[2]]['internal-ip'] = l[0].split('#')[0] -    if line == 'Edges:': -      edges = {} -      for line in sys.stdin: -        if line == 'End of edges.\n': -          break -        l = line.replace('\n','').split()  - -        if not nodes[l[0]].has_key('to') : -          nodes[l[0]]['to'] = [] -        nodes[l[0]]['to'].append( -            {'name':l[2],'addr':l[4],'port':l[6],'weight' : l[10] }) -  return nodes -nodes = parse_input() -write_digraph(nodes) diff --git a/retiolum/hosts/.scripts/adv_graphgen/sanitize.sh b/retiolum/hosts/.scripts/adv_graphgen/sanitize.sh deleted file mode 100755 index 88591b67..00000000 --- a/retiolum/hosts/.scripts/adv_graphgen/sanitize.sh +++ /dev/null @@ -1,13 +0,0 @@ -GRAPH_SETTER1=dot -GRAPH_SETTER2=circo -LOG_FILE=/var/log/everything.log -OPENER=/bin/true - -sudo pkill -USR2 tincd -sudo sed -n '/tinc.retiolum/{s/.*tinc.retiolum\[[0-9]*\]: //gp}' $LOG_FILE |\ -    ./parse.py > retiolum.dot - -$GRAPH_SETTER1 -Tpng -o $1retiolum_1.png retiolum.dot -$GRAPH_SETTER2 -Tpng -o $1retiolum_2.png retiolum.dot -$OPENER retiolum_1.png &>/dev/null  -rm retiolum.dot diff --git a/retiolum/hosts/.scripts/autostart/Makefile b/retiolum/hosts/.scripts/autostart/Makefile deleted file mode 100644 index 7ca589e1..00000000 --- a/retiolum/hosts/.scripts/autostart/Makefile +++ /dev/null @@ -1,8 +0,0 @@ -INIT_FOLDER=/etc/init.d -.phony: all -all: -	#TODO change the tinc file before writing -	cp tinc $(INIT_FOLDER)/tinc -	chmod +x $(INIT_FOLDER)/tinc -	echo "retiolum" > /etc/tinc/nets.boot -	update-rc.d tinc defaults diff --git a/retiolum/hosts/.scripts/autostart/tinc b/retiolum/hosts/.scripts/autostart/tinc deleted file mode 100755 index 12e77d6a..00000000 --- a/retiolum/hosts/.scripts/autostart/tinc +++ /dev/null @@ -1,94 +0,0 @@ -#! /bin/sh -# -### BEGIN INIT INFO -# Provides:          tinc -# Required-Start:    $remote_fs $network -# Required-Stop:     $remote_fs $network -# Should-Start:      $syslog $named -# Should-Stop:       $syslog -# Default-Start:     2 3 4 5 -# Default-Stop:      0 1 6 -# Short-Description: Start tinc daemons -# Description:       Create a file $NETSFILE (/etc/tinc/nets.boot), -#                    and put all the names of the networks in there. -#                    These names must be valid directory names under -#                    $TCONF (/etc/tinc). Lines starting with a # will be -#                    ignored in this file. -### END INIT INFO -# -# Based on Lubomir Bulej's Redhat init script. - -DAEMON="/usr/sbin/tincd" -NAME="tinc" -DESC="tinc daemons" -TCONF="/etc/tinc" -NETSFILE="$TCONF/nets.boot" -NETS="" - -modprobe tun - -test -f $DAEMON || exit 0 - -[ -r /etc/default/tinc ] && . /etc/default/tinc - -# foreach_net "what-to-say" action [arguments...] -foreach_net() { -  if [ ! -f $NETSFILE ] ; then -    echo "Please create $NETSFILE." -    exit 0 -  fi -  echo -n "$1" -  shift -  egrep '^[ ]*[a-zA-Z0-9_-]+' $NETSFILE | while read net args; do -    echo -n " $net" -    "$@" $net $args -  done -  echo "." -} - -start() { -  $DAEMON $EXTRA -n "$@" -} -stop() { -  $DAEMON -n $1 -k -} -reload() { -  $DAEMON -n $1 -kHUP -} -restart() { -  stop "$@" -  sleep 0.5 -  i=0; -  while [ -f /var/run/tinc.$1.pid ] ; do -  if [ $i = '10' ] ; then -    break -  else -    echo -n "." -    sleep 0.5 -    i=$(($i+1)) -  fi     -  done -  start "$@" -} - -case "$1" in -  start) -    foreach_net "Starting $DESC:" start -  ;; -  stop) -    foreach_net "Stopping $DESC:" stop -  ;; -  reload|force-reload) -    foreach_net "Reloading $DESC configuration:" reload -  ;; -  restart) -    foreach_net "Restarting $DESC:" restart -  ;; -  *) -    echo "Usage: /etc/init.d/$NAME {start|stop|reload|restart|force-reload}" -    exit 1 -  ;; -esac - -exit 0 - diff --git a/retiolum/hosts/.scripts/tinc_multicast/retiolum b/retiolum/hosts/.scripts/tinc_multicast/retiolum deleted file mode 100755 index 1d6b775f..00000000 --- a/retiolum/hosts/.scripts/tinc_multicast/retiolum +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash - -. /etc/rc.conf -. /etc/rc.d/functions - -TINCNAME='retiolum' -case "$1" in -  start) -    stat_busy "Starting retiolum Daemon" -    success=0 -    /home/death/git/retiolum/.scripts/tinc_multicast/retiolum.py -n retiolum -T & -    sleep 2 -    if [ $success -eq 0 ]; then -      add_daemon retiolum -      stat_done -    else -      stat_fail -    fi -    ;; -  stop) -    stat_busy "Stopping retiolum Daemon" -    kill `cat /var/lock/retiolum.retiolum` -    rm_daemon retiolum -    stat_done -    ;; -  restart) -    $0 stop -    sleep 4 -    $0 start -    ;; -  *) -    echo "usage $0 {start¦stop¦restart}" -esac -exit 0 diff --git a/retiolum/hosts/.scripts/tinc_multicast/retiolum.py b/retiolum/hosts/.scripts/tinc_multicast/retiolum.py deleted file mode 100755 index 8cf57471..00000000 --- a/retiolum/hosts/.scripts/tinc_multicast/retiolum.py +++ /dev/null @@ -1,349 +0,0 @@ -#!/usr/bin/python2  -import sys, os, time, signal, socket, subprocess, thread, random, Queue, binascii, logging, hashlib, urllib2 #these should all be in the stdlib -from optparse import OptionParser - -def pub_encrypt(hostname_t, text):  #encrypt data with public key -    logging.debug("encrypt: " + text) -    if hostname_t.find("`") != -1: return(-1) -    try: -        enc_text = subprocess.os.popen("echo '" + text + "' | openssl rsautl -pubin -inkey /etc/tinc/" + netname + "/hosts/.pubkeys/" + hostname_t + " -encrypt | base64 -w0") -        return(enc_text.read()) -    except: -        return(-1) - -def priv_decrypt(enc_data): #decrypt data with private key -    if enc_data.find("`") != -1: return(-1) -    dec_text = subprocess.os.popen("echo '" + enc_data + "' | base64 -d | openssl rsautl -inkey /etc/tinc/" + netname + "/rsa_key.priv -decrypt") -    return(dec_text.read()) - -def address2hostfile(hostname, address): #adds address to hostsfile or restores it if address is empty -    hostfile = "/etc/tinc/" + netname + "/hosts/" + hostname -    addr_file = open(hostfile, "r") -    addr_cache = addr_file.readlines() -    addr_file.close() -    if address != "":  -        addr_cache.insert(0, "Address = " + address + "\n") -        addr_file = open(hostfile, "w") -        addr_file.writelines(addr_cache) -        addr_file.close -        logging.info("sending SIGHUP to tinc deamon!") -        tincd_ALRM = subprocess.call(["tincd -n " + netname + " --kill=HUP" ],shell=True) -    else:  -       recover = subprocess.os.popen("tar xzf /etc/tinc/" + netname + "/hosts/hosts.tar.gz -C /etc/tinc/" + netname + "/hosts/ " + hostname) - -def findhostinlist(hostslist, hostname, ip): #finds host + ip in list -    for line in xrange(len(hostslist)): -        if hostname == hostslist[line][0] and ip == hostslist[line][1]: -            return line -    return -1 #nothing found - -def getHostname(netname): -    tconf = open("/etc/tinc/" + netname + "/tinc.conf", "r") -    feld = tconf.readlines() -    tconf.close() -    for x in feld: -        if x.startswith("Name"): -            return str(x.partition("=")[2].lstrip().rstrip("\n")) -              -    print("hostname not found!") -    return -1 #nothing found - -def get_hostfiles(url_files, url_md5sum): -    try: -        get_hosts_tar = urllib2.urlopen(url_files) -        get_hosts_md5 = urllib2.urlopen(url_md5sum) -        hosts_tar = get_hosts_tar.read() -        hosts_md5 = get_hosts_md5.read() -     -        if str(hosts_md5) == str(hashlib.md5(hosts_tar).hexdigest() + "  hosts.tar.gz\n"): -            hosts = open("/etc/tinc/" + netname + "/hosts/hosts.tar.gz", "w") -            hosts.write(hosts_tar) -            hosts.close() -        else: -            logging.error("hosts.tar.gz md5sum check failed!") -    except: -        logging.error("hosts file  download failed!") -     - -####Thread functions - - -def sendthread(sendfifo, ghostmode): #send to multicast, sends keep alive packets -    while True: -        try: -            #{socket init start -            ANY = "0.0.0.0" -            SENDPORT = 23542 -            MCAST_ADDR = "224.168.2.9" -            MCAST_PORT = 1600 - -            sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) #initalize socket with udp -            sock.bind((ANY,SENDPORT)) #now bound to Interface and Port -            sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 255) #activate multicast -            #}socket init end - -            if ghostmode == 0: -     -                i = 9  -     -                while True: -                    i += 1 -                    if not sendfifo.empty(): -                        sock.sendto(sendfifo.get(), (MCAST_ADDR,MCAST_PORT) ) -                        logging.info("send: sending sendfifo") -                    else: -                        time.sleep(1) -                    if i == 10: -                        sock.sendto("#Stage1#" + netname + "#" + hostname + "#", (MCAST_ADDR,MCAST_PORT) ) -                        logging.debug("send: sending keep alive") -                        i = 0 -            else: -                while True: -                    if not sendfifo.empty(): -                        sock.sendto(sendfifo.get(), (MCAST_ADDR,MCAST_PORT) ) -                        logging.info("send: sending sendfifo") -                    else: -                        time.sleep(1) - -        except: -            logging.error("send: socket init failed") -            time.sleep(10) - - - -def recvthread(timeoutfifo, authfifo): #recieves input from multicast, send them to timeout or auth -    while True: -        try: -            ANY = "0.0.0.0" -            MCAST_ADDR = "224.168.2.9" -            MCAST_PORT = 1600 -         -            sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) #create a UDP socket -            sock.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1) #allow multiple sockets to use the same PORT number -            sock.bind((ANY,MCAST_PORT)) #Bind to the port that we know will receive multicast data -            sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 255) #tell the kernel that we are a multicast socket -         -         -            status = sock.setsockopt(socket.IPPROTO_IP, -            socket.IP_ADD_MEMBERSHIP,   #Tell the kernel that we want to add ourselves to a multicast group -            socket.inet_aton(MCAST_ADDR) + socket.inet_aton(ANY)); #The address for the multicast group is the third param -         -            while True: -                while True: -             -                    try: -                        data, addr = sock.recvfrom(1024) -                        ip, port = addr -                        break -                    except socket.error, e: -                        pass -                     -                logging.debug("recv: got data") -                dataval = data.split("#") -                if dataval[0] == "": -                    if dataval[2] == netname: -                        if dataval[1] == "Stage1": -                            if dataval[3] != hostname: -                                timeoutfifo.put(["tst", dataval[3], ip]) -                                logging.info("recv: got Stage1: writing data to timeout") -                                logging.debug("recv: ;tst;" + dataval[3] + ";" + ip) -                        if dataval[1] == "Stage2": -                            if dataval[3] == hostname: -                                authfifo.put([dataval[1], dataval[3], ip, dataval[4]]) -                                logging.info("recv: got Stage2: writing data to auth") -                                logging.debug("recv: ;" + dataval[1] + ";" + dataval[3] + ";" + ip + ";" + dataval[4]) -                        if dataval[1] == "Stage3": -                            if dataval[3] != hostname: -                                authfifo.put([dataval[1], dataval[3], ip, dataval[4]]) -                                logging.info("recv: got Stage3: writing data to auth") -                                logging.debug("recv: ;" + dataval[1] + ";" + dataval[3] + ";" + ip + ";" + dataval[4]) -        except: -            logging.error("recv: socket init failed") -            time.sleep(10) - -def timeoutthread(timeoutfifo, authfifo): #checks if the hostname is already in the list, deletes timeouted nodes -#    hostslist = [] #hostname, ip, timestamp - -    while True: -        if not timeoutfifo.empty(): -            curhost = timeoutfifo.get() -            if curhost[0] == "add": -                with hostslock: -                    hostslist.append([curhost[1], curhost[2], time.time()]) -                address2hostfile(curhost[1], curhost[2]) -                logging.info("adding host to hostslist") -            elif curhost[0] == "tst": -                with hostslock: -                    line = findhostinlist(hostslist, curhost[1], curhost[2]) -                    if line != -1: -                        hostslist[line][2] = time.time() -                        logging.debug("timeout: refreshing timestamp of " + hostslist[line][0]) -                    else: -                        authfifo.put(["Stage1", curhost[1], curhost[2]]) -                        logging.info("timeout: writing to auth") - -        else: -            i = 0 -            with hostslock: -                while i < len(hostslist): -                    if time.time() - hostslist[i][2] > 60: -                        address2hostfile(hostslist[i][0], "") -                        hostslist.remove(hostslist[i]) -                        logging.info("timeout: deleting dead host") -                    else: -                        i += 1 -            time.sleep(2) - -def auththread(authfifo, sendfifo, timeoutfifo): #manages authentication with clients (bruteforce sensitve, should be fixed) -    authlist = [] #hostname, ip, Challenge, timestamp - - -    while True: -        try: -            if not authfifo.empty(): -                logging.debug("auth: authfifo is not empty") -                curauth = authfifo.get() -                if curauth[0] == "Stage1": -                    line = findhostinlist(authlist, curauth[1], curauth[2]) -                    if line == -1: -                        challengenum = random.randint(0,65536) -                        encrypted_message = pub_encrypt(curauth[1], "#" + hostname + "#" + str(challengenum) + "#") -                        authlist.append([curauth[1], curauth[2], challengenum, time.time()]) -                    else: -                        encrypted_message = pub_encrypt(authlist[line][0], "#" + hostname + "#" + str(authlist[line][2]) + "#")  -                    if encrypted_message == -1: -                        logging.info("auth: RSA Encryption Error") -                    else: -                        sendtext = "#Stage2#" + netname + "#" + curauth[1] + "#" + encrypted_message + "#" -                        sendfifo.put(sendtext) -                        logging.info("auth: got Stage1 sending now Stage2") -                        logging.debug("auth: " + sendtext) -     -                if curauth[0] == "Stage2": -                    dec_message = priv_decrypt(curauth[3]) -                    splitmes = dec_message.split("#") -                    if splitmes[0] == "": -                        encrypted_message = pub_encrypt(splitmes[1], "#" + splitmes[2] + "#") -                        if encrypted_message == -1: -                            logging.error("auth: RSA Encryption Error") -                        else: -                            sendtext = "#Stage3#" + netname + "#" + curauth[1] + "#" + encrypted_message  + "#" -                            sendfifo.put(sendtext) -                            logging.info("auth: got Stage2 sending now Stage3") -                            logging.debug("auth: " + sendtext) -     -                if curauth[0] == "Stage3": -                    line = findhostinlist(authlist, curauth[1], curauth[2]) -                    if line != -1: -                        dec_message = priv_decrypt(curauth[3]) -                        splitmes = dec_message.split("#") -                        logging.info("auth: checking challenge") -                        if splitmes[0] == "": -                            if splitmes[1] == str(authlist[line][2]): -                                timeoutfifo.put(["add", curauth[1], curauth[2]]) -                                del authlist[line] -                                logging.info("auth: Stage3 checked, sending now to timeout") -                            else: logging.error("auth: challenge checking failed") -                        else: logging.error("auth: decryption failed") -     -            else: -                i = 0 -                while i < len(authlist): -                    if time.time() - authlist[i][3] > 120: -                        del authlist[i] -                        logging.info("auth: deleting timeoutet auth") -                    else: -                        i += 1 -                time.sleep(1) -        except: -            logging.error("auth: thread crashed") - -def process_start(): #starting of the process -    #download and untar hostfile -    logging.info("downloading hostfiles") -    get_hostfiles("http://vpn.miefda.org/hosts.tar.gz", "http://vpn.miefda.org/hosts.md5") #Currently Hardcoded, should be editable by config or parameter -    tar = subprocess.call(["tar -xzf /etc/tinc/" + netname + "/hosts/hosts.tar.gz -C /etc/tinc/" + netname + "/hosts/"], shell=True) -     -    #initialize fifos -    sendfifo = Queue.Queue() #sendtext -    authfifo = Queue.Queue() #Stage{1, 2, 3} hostname ip enc_data -    timeoutfifo = Queue.Queue() #State{tst, add} hostname ip -     -    #start threads -    thread_recv = thread.start_new_thread(recvthread, (timeoutfifo, authfifo)) -    thread_send = thread.start_new_thread(sendthread, (sendfifo, option.ghost)) -    thread_timeout = thread.start_new_thread(timeoutthread, (timeoutfifo, authfifo))  -    thread_auth = thread.start_new_thread(auththread, (authfifo, sendfifo, timeoutfifo)) - -def process_restart(signum, frame): -    logging.error("root: restarting process") -    with hostslock: -        del hostslist[:] -        #download and untar hostfile -        logging.info("downloading hostfiles") -        get_hostfiles("http://vpn.miefda.org/hosts.tar.gz", "http://vpn.miefda.org/hosts.md5") #Currently Hardcoded, should be editable by config or parameter -        tar = subprocess.call(["tar -xzf /etc/tinc/" + netname + "/hosts/hosts.tar.gz -C /etc/tinc/" + netname + "/hosts/"], shell=True) - -    logging.info("sending SIGHUP") -    tincd_ALRM = subprocess.call(["tincd -n " + netname + " --kill=HUP" ],shell=True) - -def kill_process(signum, frame): -    logging.error("got SIGINT/SIGTERM exiting now") -    os.remove("/var/lock/retiolum." + netname) -    if option.tinc != False: -        stop_tincd = subprocess.call(["tincd -n " + netname + " -k"],shell=True) -    sys.exit(0) - -#Program starts here! - -parser = OptionParser() -parser.add_option("-n", "--netname", dest="netname", help="the netname of the tinc network") -parser.add_option("-H", "--hostname", dest="hostname", default="default", help="your nodename, if not given, it will try too read it from tinc.conf") -parser.add_option("-t", "--timeout", dest="timeout", default=65536, help="timeout after retiolum gets restartet, default is 65536") -parser.add_option("-d", "--debug", dest="debug", default="0", help="debug level: 0,1,2,3  if empty debug level=0") -parser.add_option("-g", "--ghost", action="store_true", dest="ghost", default=False, help="deactivates active sending, keeps you anonymous in the public network") -parser.add_option("-T", "--Tinc", action="store_true", dest="tinc", default=False, help="starts tinc with this script") -(option, args) = parser.parse_args() - -if option.netname == None: -    parser.error("Netname is required, use -h for help!") -if option.hostname == "default": -    option.hostname = getHostname(option.netname) - -hostname = option.hostname -netname = option.netname -hostslist = [] -hostslock = thread.allocate_lock() - -#set process name -if not os.path.exists("/var/lock/retiolum." + netname): -    pidfile = open("/var/lock/retiolum." + netname, "w") -    pidfile.write(str(os.getpid()))  -    pidfile.close() -else: -    logging.error("pidfile already exists") -    sys.exit(0) - -#Logging stuff -LEVELS = {'3' : logging.DEBUG, -          '2' : logging.INFO, -          '1' : logging.ERROR, -          '0' : logging.CRITICAL} - -level_name = option.debug -level = LEVELS.get(level_name, logging.NOTSET) -logging.basicConfig(level=level) - -#normally tinc doesnt start with retiolum -if option.tinc != False:  -    start_tincd = subprocess.call(["tincd -n " + netname ],shell=True) - -process_start() - -signal.signal(signal.SIGTERM, kill_process) -signal.signal(signal.SIGINT, kill_process) -signal.signal(signal.SIGUSR1, process_restart) - -while True: -    time.sleep(float(option.timeout)) -    process_restart(0, 0) diff --git a/retiolum/hosts/.scripts/tinc_setup/README b/retiolum/hosts/.scripts/tinc_setup/README deleted file mode 100644 index 11d6f6e9..00000000 --- a/retiolum/hosts/.scripts/tinc_setup/README +++ /dev/null @@ -1,18 +0,0 @@ -This directory contains the build and install scripts for shack-retiolum - -1. build_arch  -    arch linux build script -2. build_debian -    debian build script -3. build_debian_clean -    debian script which builds a clean tinc daemon -4. build_ec2 -    Amazon ec2 base instance build script -5. install.sh -    configures the tinc daemon  -    $1 is the nickname -    $2 is the ip-address -    also writes a python file inside the tinc/retiolum folder which posts -    the public key into the IRC:freenode/#tincspasm -6. build_no.de -    nonfunct no.de smartmachine build script diff --git a/retiolum/hosts/.scripts/tinc_setup/bootstrap.sh b/retiolum/hosts/.scripts/tinc_setup/bootstrap.sh deleted file mode 100644 index 32919e7d..00000000 --- a/retiolum/hosts/.scripts/tinc_setup/bootstrap.sh +++ /dev/null @@ -1,11 +0,0 @@ -if [ ! `id -u` -eq "0" ]  -then -  echo "not root, trying sudo" -  exec sudo "$0" "$@" -fi - -mkdir -p /etc/tinc/retiolum/ -git clone git://github.com/miefda/retiolum.git /etc/tinc/retiolum/hosts -cd /etc/tinc/retiolum/hosts/.scripts - -echo "use the build script of your choice from /etc/tinc/retiolum/hosts/.scripts" diff --git a/retiolum/hosts/.scripts/tinc_setup/build_arch.sh b/retiolum/hosts/.scripts/tinc_setup/build_arch.sh deleted file mode 100755 index 5ef5d765..00000000 --- a/retiolum/hosts/.scripts/tinc_setup/build_arch.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh -set -e -sudo pacman -S openssl gcc lzo -curl http://www.tinc-vpn.org/packages/tinc-1.0.13.tar.gz | tar xz -cd tinc-1.0.13 -./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var -make -sudo make install -cd .. - -echo "overwriting python to python2" -sed 's/\/usr\/bin\/python/\/usr\/bin\/python2/g' install.sh >install2.sh -mv install2.sh install.sh - diff --git a/retiolum/hosts/.scripts/tinc_setup/build_debian.sh b/retiolum/hosts/.scripts/tinc_setup/build_debian.sh deleted file mode 100755 index 52e61390..00000000 --- a/retiolum/hosts/.scripts/tinc_setup/build_debian.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -set -x -if [ ! "$MYIP" ]  -then -  MYIP=10.0.7.7.55 -fi -if [ ! "$MYHOSTNAME" ] -then -  MYHOSTNAME="penis" -fi - -if [ "$MYHOSTNAME" = "penis" ]; -then  -  read -n1 -p "name is penis, are u sure? [yN]"  -  if [[ "$REPLY" != [yY] ]]  -  then  -    echo "then better RTFC" -    echo "bailing out"   -    exit 0 -  fi -fi -apt-get install tinc git curl python - -./install.sh "$MYHOSTNAME" "$MYIP" - -# for autostart -sed -i '/retiolum/d' /etc/tinc/nets.boot -echo "retiolum" >> /etc/tinc/nets.boot -sed -i '/EXTRA/d' /etc/tinc/nets.boot -echo "EXTRA=\"\"" >> /etc/default/tinc - -/etc/init.d/tinc start diff --git a/retiolum/hosts/.scripts/tinc_setup/build_debian_clean.sh b/retiolum/hosts/.scripts/tinc_setup/build_debian_clean.sh deleted file mode 100755 index a7332f4e..00000000 --- a/retiolum/hosts/.scripts/tinc_setup/build_debian_clean.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -set -xe -MYIP=10.0.7.7.55 - -apt-get install tinc git curl gcc gcc-dev build-essential libssl-dev python - -git clone https://github.com/makefu/shack-retiolum.git - -mkdir build -cd build -curl http://www.oberhumer.com/opensource/lzo/download/lzo-2.04.tar.gz | tar -xz -cd lzo-2.04 -./configure --prefix=/usr -make -sudo make install -cd .. -curl http://www.tinc-vpn.org/packages/tinc-1.0.13.tar.gz | tar xz -cd tinc-1.0.13 -./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var -make -sudo make install -cd ../.. - -cd shack-retiolum -./install.sh `hostname` $MYIP - -rm shack-retiolum -# for autostart -echo "retiolum" >> /etc/tinc/nets.boot -echo "EXTRA=\"--user=tincd --chroot\"" >> /etc/default/tinc diff --git a/retiolum/hosts/.scripts/tinc_setup/build_ec2.sh b/retiolum/hosts/.scripts/tinc_setup/build_ec2.sh deleted file mode 100755 index 79f2af28..00000000 --- a/retiolum/hosts/.scripts/tinc_setup/build_ec2.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh -set -e -sudo yum install -y gcc openssl-devel  -mkdir build -cd build -curl http://www.oberhumer.com/opensource/lzo/download/lzo-2.04.tar.gz | tar xz -cd lzo-2.04 -./configure --prefix=/usr -make -sudo make install -cd .. -curl http://www.tinc-vpn.org/packages/tinc-1.0.13.tar.gz | tar xz -cd tinc-1.0.13 -./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var -make -sudo make install diff --git a/retiolum/hosts/.scripts/tinc_setup/build_no.de.sh b/retiolum/hosts/.scripts/tinc_setup/build_no.de.sh deleted file mode 100644 index 2976d3a2..00000000 --- a/retiolum/hosts/.scripts/tinc_setup/build_no.de.sh +++ /dev/null @@ -1 +0,0 @@ -pkgin in lzo gcc-tools gcc-compiler gcc34 diff --git a/retiolum/hosts/.scripts/tinc_setup/install.sh b/retiolum/hosts/.scripts/tinc_setup/install.sh deleted file mode 100755 index 89465b64..00000000 --- a/retiolum/hosts/.scripts/tinc_setup/install.sh +++ /dev/null @@ -1,67 +0,0 @@ -#! /bin/sh -# USE WITH GREAT CAUTION - -set -e -myname="${1:-dummy}" -rel_hostsfile=`dirname $0`/.. -hostsfile=`readlink -f $rel_hostsfile` -netname=retiolum -myipv4="${2:-10.7.7.56}" -mynet4=10.7.7.0 -CURR=`pwd` -# create configuration directory for $netname -mkdir -p /etc/tinc/$netname -cd /etc/tinc/$netname - -# get currently known hosts -cp -r $hostsfile hosts -echo "added known hosts:" -ls -1 | LC_ALL=C sort -echo "delete the nodes you do not trust!" - - -cat>tinc-up<<EOF -#! /bin/sh -ifconfig \$INTERFACE up $myipv4/24 -route add -net $mynet4/24 dev \$INTERFACE -EOF - -chmod +x tinc-up - -cat>tinc.conf<<EOF -Name = $myname -ConnectTo = supernode -ConnectTo = kaah -ConnectTo = pa_sharepoint -Device = /dev/net/tun -EOF -echo "Subnet = $myipv4" > hosts/$myname -tincd -n $netname -K - | 
