initial commit via gitinitshit
This commit is contained in:
@@ -0,0 +1,9 @@
|
||||
* text eol=lf
|
||||
*.txt text eol=lf
|
||||
*.sh text eol=lf
|
||||
*.ini text eol=lf
|
||||
*.yml text eol=lf
|
||||
*.md text eol=
|
||||
.env text eol=lf
|
||||
*.ps1 text eol=crlf
|
||||
*.bat text eol=crlf
|
||||
@@ -0,0 +1,218 @@
|
||||
---
|
||||
- name: 'Configure Remote Servers'
|
||||
hosts: remoteservers
|
||||
vars_files:
|
||||
- './variables.yml'
|
||||
tasks:
|
||||
# packages
|
||||
- name: 'Updating apt cache'
|
||||
apt:
|
||||
force_apt_get: True
|
||||
update_cache: True
|
||||
- name: 'Upgrading all apt packages'
|
||||
apt:
|
||||
force_apt_get: True
|
||||
upgrade: full
|
||||
become: yes
|
||||
- name: 'Selected packages to install:'
|
||||
debug:
|
||||
msg: "{{ item }}"
|
||||
loop: "{{ list_of_packages }}"
|
||||
- name: "Installing packages"
|
||||
apt:
|
||||
force_apt_get: True
|
||||
name: "{{ list_of_packages }}"
|
||||
state: present
|
||||
- name: 'Remove useless packages from the cache'
|
||||
apt:
|
||||
force_apt_get: True
|
||||
autoclean: yes
|
||||
- name: 'Run the equivalent of apt-get clean'
|
||||
apt:
|
||||
force_apt_get: True
|
||||
clean: yes
|
||||
# add and configure the user
|
||||
- name: "Add the user {{ new_username }}"
|
||||
user:
|
||||
name: "{{ new_username }}"
|
||||
shell: "{{ login_shell }}"
|
||||
# password: "{{ user_password }}"
|
||||
groups: 'sudo,www-data'
|
||||
append: yes
|
||||
- name: "Set authorized key for {{ new_username }}"
|
||||
ansible.posix.authorized_key:
|
||||
user: "{{ new_username }}"
|
||||
key: "{{ ssh_key_auth }}"
|
||||
state: present
|
||||
# zsh
|
||||
- name: 'Setting up zsh'
|
||||
blockinfile:
|
||||
path: "/home/{{ new_username }}/.zshrc"
|
||||
block: |
|
||||
# Set up the prompt
|
||||
autoload -Uz promptinit
|
||||
promptinit
|
||||
prompt adam1
|
||||
setopt histignorealldups sharehistory
|
||||
# Use emacs keybindings even if our EDITOR is set to vi
|
||||
bindkey -e
|
||||
# Keep 1000 lines of history within the shell and save it to ~/.zsh_history:
|
||||
HISTSIZE=1000
|
||||
SAVEHIST=1000
|
||||
HISTFILE=~/.zsh_history
|
||||
# Use modern completion system
|
||||
autoload -Uz compinit
|
||||
compinit
|
||||
zstyle ':completion:*' auto-description 'specify: %d'
|
||||
zstyle ':completion:*' completer _expand _complete _correct _approximate
|
||||
zstyle ':completion:*' format 'Completing %d'
|
||||
zstyle ':completion:*' group-name ''
|
||||
zstyle ':completion:*' menu select=2
|
||||
eval "$(dircolors -b)"
|
||||
zstyle ':completion:*:default' list-colors ${(s.:.)LS_COLORS}
|
||||
zstyle ':completion:*' list-colors ''
|
||||
zstyle ':completion:*' list-prompt %SAt %p: Hit TAB for more, or the character to insert%s
|
||||
zstyle ':completion:*' matcher-list '' 'm:{a-z}={A-Z}' 'm:{a-zA-Z}={A-Za-z}' 'r:|[._-]=* r:|=* l:|=*'
|
||||
zstyle ':completion:*' menu select=long
|
||||
zstyle ':completion:*' select-prompt %SScrolling active: current selection at %p%s
|
||||
zstyle ':completion:*' use-compctl false
|
||||
zstyle ':completion:*' verbose true
|
||||
zstyle ':completion:*:*:kill:*:processes' list-colors '=(#b) #([0-9]#)*=0=01;31'
|
||||
zstyle ':completion:*:kill:*' command 'ps -u $USER -o pid,%cpu,tty,cputime,cmd'
|
||||
eval $(thefuck --alias fuck)
|
||||
PATH=~/.local/bin/:$PATH
|
||||
mode: '0744'
|
||||
owner: "{{ new_username }}"
|
||||
group: "{{ new_username }}"
|
||||
state: present
|
||||
create: True
|
||||
# ufw
|
||||
- name: 'UFW default allow everything outgoing'
|
||||
community.general.ufw:
|
||||
default: allow
|
||||
direction: 'outgoing'
|
||||
- name: 'UFW default deny everything incoming'
|
||||
community.general.ufw:
|
||||
default: deny # reject to throw error instead of drop quietly
|
||||
direction: 'incoming'
|
||||
- name: 'UFW enable logging'
|
||||
community.general.ufw:
|
||||
logging: 'on'
|
||||
- name: 'UFW selected rules:'
|
||||
debug:
|
||||
msg: "{{item.name}}/{{item.proto}}"
|
||||
loop: "{{ open_services }}"
|
||||
- name: 'UFW setting rules'
|
||||
community.general.ufw:
|
||||
rule: allow
|
||||
port: "{{ item.name }}"
|
||||
proto: "{{ item.proto }}"
|
||||
loop: "{{ open_services }}"
|
||||
- name: 'UFW enable'
|
||||
community.general.ufw:
|
||||
state: enabled
|
||||
become: yes
|
||||
# unattended upgrades
|
||||
- name: 'Unattended upgrades initial dpkg reconfigure'
|
||||
command:
|
||||
cmd: 'dpkg-reconfigure -f noninteractive unattended-upgrades'
|
||||
become: yes
|
||||
- name: 'Unattended upgrades configure 20auto-upgrades'
|
||||
blockinfile:
|
||||
dest: '/etc/apt/apt.conf.d/20auto-upgrades'
|
||||
block: |
|
||||
APT::Periodic::Update-Package-Lists "1";
|
||||
APT::Periodic::Unattended-Upgrade "1";
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
group: 'root'
|
||||
state: present
|
||||
insertafter: EOF
|
||||
become: yes
|
||||
- name: 'Unattended upgrades configure 50unattended-upgrades'
|
||||
blockinfile:
|
||||
dest: '/etc/apt/apt.conf.d/50unattended-upgrades'
|
||||
block: |
|
||||
Unattended-Upgrade::Automatic-Reboot "true";
|
||||
Unattended-Upgrade::Automatic-Reboot-Time "{{ reboot_time }}";
|
||||
create: True
|
||||
insertafter: EOF
|
||||
mode: '0644'
|
||||
owner: 'root'
|
||||
group: 'root'
|
||||
become: yes
|
||||
- name: 'Unattended upgrades configure daily timer'
|
||||
lineinfile:
|
||||
path: '/lib/systemd/system/apt-daily-upgrade.timer'
|
||||
regexp: '^OnCalendar'
|
||||
line: "OnCalendar=*-*-* {{ install_time }}"
|
||||
state: present
|
||||
become: yes
|
||||
- name: 'Unattended upgrades configure reboot offset'
|
||||
lineinfile:
|
||||
path: '/lib/systemd/system/apt-daily-upgrade.timer'
|
||||
regexp: '^RandomizedDelaySec'
|
||||
line: "RandomizedDelaySec={{ reboot_offset }}"
|
||||
state: present
|
||||
become: yes
|
||||
- name: 'Unattended upgrades last dpkg reconfigure'
|
||||
command:
|
||||
cmd: 'dpkg-reconfigure -f noninteractive unattended-upgrades'
|
||||
become: yes
|
||||
# customscripts
|
||||
- name: 'Customscripts download'
|
||||
git:
|
||||
repo: "{{ custom_scripts_repo }}"
|
||||
dest: '/tmp/cscripts'
|
||||
- name: "Create directory {{ custom_scripts_dir }}"
|
||||
file:
|
||||
path: "{{ custom_scripts_dir }}"
|
||||
state: directory
|
||||
mode: '0755'
|
||||
owner: 'root'
|
||||
group: 'root'
|
||||
become: yes
|
||||
- name: 'Customscripts installing'
|
||||
command:
|
||||
cmd: "cp /tmp/cscripts/customscripts/{{ item }} {{ custom_scripts_dir }}"
|
||||
loop: "{{ custom_scripts }}"
|
||||
become: yes
|
||||
- name: 'Customscripts activating'
|
||||
command:
|
||||
cmd: "chmod 755 {{ custom_scripts_dir }}/{{ item }}"
|
||||
loop: "{{ custom_scripts }}"
|
||||
become: yes
|
||||
# crontabs
|
||||
- name: 'Crontab chkrootkit'
|
||||
cron:
|
||||
name: 'chkrootkit'
|
||||
minute: '0'
|
||||
hour: '8'
|
||||
user: 'root'
|
||||
job: 'chkrootkit -q'
|
||||
state: present
|
||||
become: yes
|
||||
- name: 'Crontab lynis'
|
||||
cron:
|
||||
name: 'lynis'
|
||||
minute: '0'
|
||||
hour: '11'
|
||||
user: 'root'
|
||||
job: 'lynis -q'
|
||||
state: present
|
||||
become: yes
|
||||
# enable services
|
||||
- name: 'enable/restart nginx'
|
||||
service:
|
||||
name: 'nginx'
|
||||
enabled: True
|
||||
state: 'restarted'
|
||||
become: yes
|
||||
- name: 'enable/restart ssh'
|
||||
service:
|
||||
name: 'ssh'
|
||||
enabled: True
|
||||
state: 'restarted'
|
||||
become: yes
|
||||
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
[remoteservers]
|
||||
someserver ansible_user=root ansible_host=1.1.1.1
|
||||
@@ -0,0 +1,10 @@
|
||||
cd ~ && mkdir ansible-playbook && cd ansible-playbook
|
||||
ansible-playbook ansible-playbook.yml -i inventory.ini
|
||||
ansible remoteservers -m ping
|
||||
|
||||
# errata
|
||||
ssh root@ip
|
||||
passwd princesspi
|
||||
sudo nano /etc/ssh/sshd_config
|
||||
sudo ufw allow 8888
|
||||
sudo bash /usr/share/customscripts/crowdsec.sh
|
||||
@@ -0,0 +1,230 @@
|
||||
- name: "Install python3"
|
||||
apt:
|
||||
name: python3
|
||||
state: present
|
||||
- name: "Install python3-pip"
|
||||
apt:
|
||||
name: python3-pip
|
||||
state: present
|
||||
- name: "Install python3-virtualenv"
|
||||
apt:
|
||||
name: python3-virtualenv
|
||||
state: present
|
||||
- name: "Install thefuck"
|
||||
apt:
|
||||
name: thefuck
|
||||
state: present
|
||||
- name: "Install python3-setuptools"
|
||||
apt:
|
||||
name: python3-setuptools
|
||||
state: present
|
||||
- name: "Install nginx"
|
||||
apt:
|
||||
name: nginx
|
||||
state: present
|
||||
- name: "Install wget"
|
||||
apt:
|
||||
name: wget
|
||||
state: present
|
||||
- name: "Install htop"
|
||||
apt:
|
||||
name: htop
|
||||
state: present
|
||||
- name: "Install btop"
|
||||
apt:
|
||||
name: btop
|
||||
state: present
|
||||
- name: "Install lynx"
|
||||
apt:
|
||||
name: lynx
|
||||
state: present
|
||||
- name: "Install neovim"
|
||||
apt:
|
||||
name: neovim
|
||||
state: present
|
||||
- name: "Install docker.io"
|
||||
apt:
|
||||
name: docker.io
|
||||
state: present
|
||||
- name: "Install docker-compose"
|
||||
apt:
|
||||
name: docker-compose
|
||||
state: present
|
||||
- name: "Install screen"
|
||||
apt:
|
||||
name: screen
|
||||
state: present
|
||||
- name: "Install byobu"
|
||||
apt:
|
||||
name: byobu
|
||||
state: present
|
||||
- name: "Install zsh"
|
||||
apt:
|
||||
name: zsh
|
||||
state: present
|
||||
- name: "Install nmap"
|
||||
apt:
|
||||
name: nmap
|
||||
state: present
|
||||
- name: "Install iptraf"
|
||||
apt:
|
||||
name: iptraf
|
||||
state: present
|
||||
- name: "Install iotop"
|
||||
apt:
|
||||
name: iotop
|
||||
state: present
|
||||
- name: "Install zip"
|
||||
apt:
|
||||
name: zip
|
||||
state: present
|
||||
- name: "Install unzip"
|
||||
apt:
|
||||
name: unzip
|
||||
state: present
|
||||
- name: "Install net-tools"
|
||||
apt:
|
||||
name: net-tools
|
||||
state: present
|
||||
- name: "Install git"
|
||||
apt:
|
||||
name: git
|
||||
state: present
|
||||
- name: "Install chkrootkit"
|
||||
apt:
|
||||
name: chkrootkit
|
||||
state: present
|
||||
- name: "Install fail2ban"
|
||||
apt:
|
||||
name: fail2ban
|
||||
state: present
|
||||
- name: "Install lynis"
|
||||
apt:
|
||||
name: lynis
|
||||
state: present
|
||||
|
||||
|
||||
# thefuck
|
||||
- name: "thefuck append to .zshrc"
|
||||
lineinfile:
|
||||
path: "/home/{{ username }}/.zshrc"
|
||||
line: 'eval $(thefuck --alias fuck)'
|
||||
insertafter: EOF
|
||||
mode: '0744'
|
||||
owner: "{{ username }}"
|
||||
group: "{{ username }}"
|
||||
state: present
|
||||
create: True
|
||||
|
||||
# PATH
|
||||
- name: ".zshrc PATH adding ~/.local/bin"
|
||||
lineinfile:
|
||||
path: "/home/{{ username }}/.zshrc"
|
||||
line: 'PATH=~/.local/bin/:$PATH'
|
||||
state: present
|
||||
insertafter: EOF
|
||||
mode: "0744"
|
||||
owner: "{{ username }}"
|
||||
group: "{{ username }}"
|
||||
create: True
|
||||
become: True
|
||||
become_method: su
|
||||
become_user: "{{ username }}"
|
||||
|
||||
|
||||
# ssh
|
||||
- name: "SSH allow {{ username }} only"
|
||||
lineinfile:
|
||||
path: '/etc/ssh/sshd_config'
|
||||
line: "AllowUsers {{ username }}"
|
||||
state: present
|
||||
insertafter: EOF
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
- name: 'SSH disable password auth'
|
||||
lineinfile:
|
||||
path: '/etc/ssh/sshd_config'
|
||||
regexp: '^PermitRootLogin'
|
||||
line: 'PermitRootLogin no'
|
||||
state: present
|
||||
insertafter: EOF
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
|
||||
- name: "UFW allow ssh"
|
||||
community.general.ufw:
|
||||
rule: allow
|
||||
port: ssh
|
||||
proto: tcp
|
||||
delete: true
|
||||
- name: "UFW allow http"
|
||||
community.general.ufw:
|
||||
rule: allow
|
||||
port: http
|
||||
proto: any
|
||||
delete: true
|
||||
- name: "UFW allow https"
|
||||
community.general.ufw:
|
||||
rule: allow
|
||||
port: https
|
||||
proto: any
|
||||
delete: true
|
||||
|
||||
|
||||
- name: 'Customscripts download'
|
||||
command:
|
||||
cmd: 'git clone https://gitlab.com/princesspi/general-scripts-and-system-ssssssetup.git /tmp/cscripts'
|
||||
become: yes
|
||||
|
||||
|
||||
|
||||
- name: "Create directory {{ custom_scripts_dir }}"
|
||||
file:
|
||||
path: "{{ custom_scripts_dir }}"
|
||||
state: directory
|
||||
mode: '0755'
|
||||
owner: 'root'
|
||||
group: 'root'
|
||||
become: yes
|
||||
- name: 'Customscripts copy add_user_ssh.sh'
|
||||
copy:
|
||||
remote_src: False
|
||||
src: '/tmp/cscripts/customscripts/add_user_ssh.sh'
|
||||
dest: "{{ custom_scripts_dir }}/add_user_ssh.sh"
|
||||
mode: '0744'
|
||||
owner: 'root'
|
||||
group: 'root'
|
||||
become: yes
|
||||
- name: "Customscripts copy crowdsec.sh"
|
||||
copy:
|
||||
remote_src: False
|
||||
src: '/tmp/cscripts/customscripts/crowdsec.sh'
|
||||
dest: "{{ custom_scripts_dir }}/crowdsec.sh"
|
||||
mode: '0744'
|
||||
owner: 'root'
|
||||
group: 'root'
|
||||
become: yes
|
||||
- name: "Customscripts copy fix_permissions.sh"
|
||||
copy:
|
||||
remote_src: False
|
||||
src: '/tmp/cscripts/customscripts/fix_permissions.sh'
|
||||
dest: "{{ custom_scripts_dir }}/fix_permissions.sh"
|
||||
mode: '0744'
|
||||
owner: 'root'
|
||||
group: 'root'
|
||||
become: yes
|
||||
|
||||
# crowdsec
|
||||
- name: 'Crowdsec'
|
||||
command:
|
||||
cmd: "bash {{ custom_scripts_dir }}/crowdsec.sh"
|
||||
become: yes
|
||||
|
||||
- name: 'enable/restart crowdsec'
|
||||
service:
|
||||
name: 'crowdsec'
|
||||
enabled: True
|
||||
state: 'restarted'
|
||||
@@ -0,0 +1,48 @@
|
||||
new_username: 'princesspi'
|
||||
install_time: '02:00'
|
||||
reboot_time: '03:00'
|
||||
reboot_offset: '20m'
|
||||
login_shell: '/usr/bin/zsh' # which zsh
|
||||
custom_scripts_dir: '/usr/share/customscripts'
|
||||
custom_scripts_repo: 'https://gitlab.com/princesspi/general-scripts-and-system-ssssssetup.git'
|
||||
# password is precalculated hash
|
||||
# mkpasswd --method=sha-512
|
||||
# defaultpassword###
|
||||
# user_password: '$6$n3ybB6uVX.BwKiR4$vjENClERci2hmAkn9d9a8EUFAfnUlsH.R6/8EIXx1bu.k.bC7l/aE//s9ONw/PcbSQ2.hRdUgjxFrJ54/NhBm0'
|
||||
ssh_key_auth: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2D+9oYQlTnu1zeVi2gHfTKE7+DDWiu1EibXNwB9g72'
|
||||
list_of_packages:
|
||||
- 'unattended-upgrades'
|
||||
- 'python3'
|
||||
- 'python3-pip'
|
||||
- 'python3-virtualenv'
|
||||
- 'python3-setuptools'
|
||||
- 'thefuck'
|
||||
- 'nginx'
|
||||
- 'wget'
|
||||
- 'htop'
|
||||
- 'btop'
|
||||
- 'lynx'
|
||||
- 'neovim'
|
||||
- 'docker.io'
|
||||
- 'docker-compose'
|
||||
- 'screen'
|
||||
- 'byobu'
|
||||
- 'zsh'
|
||||
- 'nmap'
|
||||
- 'iptraf'
|
||||
- 'iotop'
|
||||
- 'zip'
|
||||
- 'unzip'
|
||||
- 'net-tools'
|
||||
- 'git'
|
||||
- 'chkrootkit'
|
||||
- 'fail2ban'
|
||||
- 'lynis'
|
||||
open_services:
|
||||
- { name: 'ssh', proto: 'tcp' }
|
||||
- { name: 'http', proto: 'tcp' }
|
||||
- { name: 'https', proto: 'tcp' }
|
||||
custom_scripts:
|
||||
- 'crowdsec.sh'
|
||||
- 'add_user_ssh.sh'
|
||||
- 'fix_permissions.sh'
|
||||
@@ -0,0 +1,87 @@
|
||||
0) Anything inside < and > for example <service name> is a bit of text you provide so if I say "<password>" you would replace with something like "password123"
|
||||
1) acquire btc
|
||||
spot app
|
||||
coinmama
|
||||
2) tumble btc deep web
|
||||
3) put btc in deep web wallet
|
||||
4) launch host on bithost
|
||||
https://bithost.io
|
||||
// Ubuntu 20.04 LTS with minimum 1gb RAM
|
||||
5) lock down bitohst jump box to VPN IP
|
||||
6) generate keys on bithost
|
||||
5) get key from sporehost and launch server
|
||||
http://spore64i5sofqlfz5gq2ju4msgzojjwifls7rok2cti624zyq3fcelad.onion/
|
||||
6) log in from bithost on VPN
|
||||
sudo -i
|
||||
apt update
|
||||
apt upgrade
|
||||
ufw allow ssh
|
||||
ufw enable
|
||||
apt install apache2 tor mysql-server php libapache2-mod-php php-mysql php-curl php-gd screen iotop zip unzip lynx htop chkrootkit lynis certbot fail2ban python3 python3-pip curl nmap
|
||||
a2enmod ssl
|
||||
systemctl restart apache2
|
||||
mysql_secure_installation
|
||||
password validation: 2
|
||||
// update phpmyadmin repo/install from git pull
|
||||
// this is a workaround for an old phpmyadmin repo on the 20.04 LTS
|
||||
// mysql -h localhost -u root -p
|
||||
// UNINSTALL COMPONENT 'file://component_validate_password';
|
||||
// CREATE USER 'rootuser'@'localhost' IDENTIFIED BY '<Secure Password>'; // REMEMBER THIS PASSWORD
|
||||
// GRANT ALL PRIVILEGES ON *.* TO 'rootuser'@'localhost';
|
||||
// FLUSH PRIVILEGES;
|
||||
// quit;
|
||||
apt install phpmyadmin //change to git pull OR updated manual repo
|
||||
[x] apache2
|
||||
[x] YES
|
||||
[Secure Password] // REMEMBER THIS PASSWORD
|
||||
cd /var/www/html
|
||||
ln -s /usr/share/phpmyadmin
|
||||
mv phpmyadmin pma
|
||||
//to access phpmyadmin, go to http://<ip address>/pma //log in with user rootuser and your password from before
|
||||
systemctl enable tor
|
||||
systemctl start tor
|
||||
mkdir /var/www/<servicename>
|
||||
nano /etc/tor/torrc
|
||||
Ctrl+W "hidden"
|
||||
>uncomment hidden service 127.0.0.1:80
|
||||
>uncomment hidden service dir, name /var/lib/tor/<servicename>
|
||||
Ctrl+X
|
||||
Y
|
||||
systemctl restart tor
|
||||
comment out logging
|
||||
nano /etc/apache2/sites-available/<service name>.conf
|
||||
|
||||
<VirtualHost localhost:80>
|
||||
DocumentRoot /var/www/<servicename>
|
||||
</VirtualHost>
|
||||
Ctrl+X
|
||||
Y
|
||||
a2ensite <service name>
|
||||
systemctl restart apache2
|
||||
cat /var/lib/tor/<service name>/hostname
|
||||
save onion address, its your hostname!
|
||||
// scallion
|
||||
|
||||
|
||||
mkdir /usr/share/scripts
|
||||
nano /usr/share/scripts/perms.sh
|
||||
```
|
||||
#!/bin/bash
|
||||
chown -R www-data:www-data /var/www/*
|
||||
find /var/www/* -type d -exec chmod g=rwx "{}" \;
|
||||
find /var/www/* -type f -exec chmod g=rw "{}" \;
|
||||
```
|
||||
Ctrl+X
|
||||
Y
|
||||
chmod +x /usr/share/scripts/perms.sh
|
||||
sh /usr/share/scripts/perms.sh
|
||||
crontab -e
|
||||
1
|
||||
at bottom add
|
||||
```
|
||||
0 8 * * * chkrootkit -q
|
||||
0 11 * * 0 lynis -q
|
||||
0 */6 * * * apt update; apt -y upgrade;
|
||||
```
|
||||
Ctrl+X
|
||||
Y
|
||||
@@ -0,0 +1,84 @@
|
||||
1) acquire btc
|
||||
spot app
|
||||
coinmama
|
||||
2) tumble btc deep web
|
||||
3) put btc in deep web wallet
|
||||
4) launch host on bithost
|
||||
https://bithost.io
|
||||
// Ubuntu 20.04 LTS with minimum 1gb RAM
|
||||
5) lock down bitohst jump box to VPN IP
|
||||
6) generate keys on bithost
|
||||
5) get key from sporehost and launch server
|
||||
http://spore64i5sofqlfz5gq2ju4msgzojjwifls7rok2cti624zyq3fcelad.onion/
|
||||
6) log in from bithost on VPN
|
||||
sudo -i
|
||||
apt update
|
||||
apt upgrade
|
||||
ufw allow ssh
|
||||
ufw enable
|
||||
apt install apache2 tor mysql-server php libapache2-mod-php php-mysql php-curl php-gd screen iotop zip unzip lynx htop chkrootkit lynis certbot fail2ban python3 python3-pip curl nmap
|
||||
a2enmod sslsystemctl restart apache2
|
||||
mysql_secure_installation
|
||||
password validation: 2
|
||||
// this is a workaround for an old phpmyadmin repo on the 20.04 LTS
|
||||
// mysql -h localhost -u root -p
|
||||
// UNINSTALL COMPONENT 'file://component_validate_password';
|
||||
// CREATE USER 'rootuser'@'localhost' IDENTIFIED BY '<Secure Password>'; // REMEMBER THIS PASSWORD
|
||||
// GRANT ALL PRIVILEGES ON *.* TO 'rootuser'@'localhost';
|
||||
// FLUSH PRIVILEGES;
|
||||
// quit;
|
||||
apt install phpmyadmin //change to git pull OR updated manual repo
|
||||
[x] apache2
|
||||
[x] YES
|
||||
[Secure Password] // REMEMBER THIS PASSWORD
|
||||
cd /var/www/html
|
||||
ln -s /usr/share/phpmyadmin
|
||||
mv phpmyadmin pma
|
||||
//to access phpmyadmin, go to http://<ip address>/pma //log in with user rootuser and your password from before
|
||||
systemctl enable tor
|
||||
systemctl start tor
|
||||
mkdir /var/www/<servicename>
|
||||
nano /etc/tor/torrc
|
||||
Ctrl+W "hidden"
|
||||
>uncomment hidden service 127.0.0.1:80
|
||||
>uncomment hidden service dir, name /var/lib/tor/<servicename>
|
||||
Ctrl+X
|
||||
Y
|
||||
systemctl restart tor
|
||||
comment out logging
|
||||
nano /etc/apache2/sites-available/<service name>.conf
|
||||
|
||||
<VirtualHost localhost:80>
|
||||
DocumentRoot /var/www/<servicename>
|
||||
</VirtualHost>
|
||||
Ctrl+X
|
||||
Y
|
||||
a2ensite <service name>
|
||||
systemctl restart apache2
|
||||
cat /var/lib/tor/<service name>/hostname
|
||||
save onion address, its your hostname!
|
||||
// scallion
|
||||
|
||||
|
||||
mkdir /usr/share/scripts
|
||||
nano /usr/share/scripts/perms.sh
|
||||
```
|
||||
#!/bin/bash
|
||||
chown -R www-data:www-data /var/www/*
|
||||
find /var/www/* -type d -exec chmod g=rwx "{}" \;
|
||||
find /var/www/* -type f -exec chmod g=rw "{}" \;
|
||||
```
|
||||
Ctrl+X
|
||||
Y
|
||||
chmod +x /usr/share/scripts/perms.sh
|
||||
sh /usr/share/scripts/perms.sh
|
||||
crontab -e
|
||||
1
|
||||
at bottom add
|
||||
```
|
||||
0 8 * * * chkrootkit -q
|
||||
0 11 * * 0 lynis -q
|
||||
0 */6 * * * apt update; apt -y upgrade;
|
||||
```
|
||||
Ctrl+X
|
||||
Y
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -0,0 +1,123 @@
|
||||
#IPTABLES RULES
|
||||
iptables -A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/second --limit-burst 2 -j ACCEPT
|
||||
iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
|
||||
iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP
|
||||
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
|
||||
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
|
||||
iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
|
||||
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
|
||||
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP
|
||||
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP
|
||||
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,FIN FIN -j DROP
|
||||
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP
|
||||
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL ALL -j DROP
|
||||
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP
|
||||
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
|
||||
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,FIN,PSH,URG -j DROP
|
||||
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
|
||||
iptables -t mangle -A PREROUTING -s 224.0.0.0/3 -j DROP
|
||||
iptables -t mangle -A PREROUTING -s 169.254.0.0/16 -j DROP
|
||||
iptables -t mangle -A PREROUTING -s 172.16.0.0/12 -j DROP
|
||||
iptables -t mangle -A PREROUTING -s 192.0.2.0/24 -j DROP
|
||||
iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -j DROP
|
||||
iptables -t mangle -A PREROUTING -s 10.0.0.0/8 -j DROP
|
||||
iptables -t mangle -A PREROUTING -s 0.0.0.0/8 -j DROP
|
||||
iptables -t mangle -A PREROUTING -s 240.0.0.0/5 -j DROP
|
||||
iptables -t mangle -A PREROUTING -s 127.0.0.0/8 ! -i lo -j DROP
|
||||
iptables -t mangle -A PREROUTING -p icmp -j DROP
|
||||
iptables -A INPUT -p tcp -m connlimit --connlimit-above 80 -j REJECT --reject-with tcp-reset
|
||||
iptables -A INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit 60/s --limit-burst 20 -j ACCEPT
|
||||
iptables -A INPUT -p tcp -m conntrack --ctstate NEW -j DROP
|
||||
iptables -t mangle -A PREROUTING -f -j DROP
|
||||
iptables -A INPUT -p tcp --tcp-flags RST RST -m limit --limit 2/s --limit-burst 2 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --tcp-flags RST RST -j DROP
|
||||
iptables -t raw -A PREROUTING -p tcp -m tcp --syn -j CT --notrack
|
||||
iptables -A INPUT -p tcp -m tcp -m conntrack --ctstate INVALID,UNTRACKED -j SYNPROXY --sack-perm --timestamp --wscale 7 --mss 1460
|
||||
iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
|
||||
iptables -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --set
|
||||
iptables -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 10 -j DROP
|
||||
iptables -N port-scanning
|
||||
iptables -A port-scanning -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s --limit-burst 2 -j RETURN
|
||||
iptables -A port-scanning -j DROP
|
||||
iptables -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "portscan:"
|
||||
iptables -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP
|
||||
iptables -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "portscan:"
|
||||
iptables -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP
|
||||
iptables -A INPUT -m recent --name portscan --remove
|
||||
iptables -A FORWARD -m recent --name portscan --remove
|
||||
iptables -A INPUT -m recent --name portscan --rcheck --seconds 86400 -j DROP
|
||||
iptables -A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP
|
||||
|
||||
#KERNEL RULES
|
||||
kernel.printk = 4 4 1 7
|
||||
kernel.panic = 10
|
||||
kernel.sysrq = 0
|
||||
kernel.shmmax = 4294967296
|
||||
kernel.shmall = 4194304
|
||||
kernel.core_uses_pid = 1
|
||||
kernel.msgmnb = 65536
|
||||
kernel.msgmax = 65536
|
||||
vm.swappiness = 20
|
||||
vm.dirty_ratio = 80
|
||||
vm.dirty_background_ratio = 5
|
||||
fs.file-max = 2097152
|
||||
net.core.netdev_max_backlog = 262144
|
||||
net.core.rmem_default = 31457280
|
||||
net.core.rmem_max = 67108864
|
||||
net.core.wmem_default = 31457280
|
||||
net.core.wmem_max = 67108864
|
||||
net.core.somaxconn = 65535
|
||||
net.core.optmem_max = 25165824
|
||||
net.ipv4.neigh.default.gc_thresh1 = 4096
|
||||
net.ipv4.neigh.default.gc_thresh2 = 8192
|
||||
net.ipv4.neigh.default.gc_thresh3 = 16384
|
||||
net.ipv4.neigh.default.gc_interval = 5
|
||||
net.ipv4.neigh.default.gc_stale_time = 120
|
||||
net.netfilter.nf_conntrack_max = 10000000
|
||||
net.netfilter.nf_conntrack_tcp_loose = 0
|
||||
net.netfilter.nf_conntrack_tcp_timeout_established = 1800
|
||||
net.netfilter.nf_conntrack_tcp_timeout_close = 10
|
||||
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 10
|
||||
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 20
|
||||
net.netfilter.nf_conntrack_tcp_timeout_last_ack = 20
|
||||
net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 20
|
||||
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 20
|
||||
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 10
|
||||
net.ipv4.tcp_slow_start_after_idle = 0
|
||||
net.ipv4.ip_local_port_range = 1024 65000
|
||||
net.ipv4.ip_no_pmtu_disc = 1
|
||||
net.ipv4.route.flush = 1
|
||||
net.ipv4.route.max_size = 8048576
|
||||
net.ipv4.icmp_echo_ignore_broadcasts = 1
|
||||
net.ipv4.icmp_ignore_bogus_error_responses = 1
|
||||
net.ipv4.tcp_congestion_control = htcp
|
||||
net.ipv4.tcp_mem = 65536 131072 262144
|
||||
net.ipv4.udp_mem = 65536 131072 262144
|
||||
net.ipv4.tcp_rmem = 4096 87380 33554432
|
||||
net.ipv4.udp_rmem_min = 16384
|
||||
net.ipv4.tcp_wmem = 4096 87380 33554432
|
||||
net.ipv4.udp_wmem_min = 16384
|
||||
net.ipv4.tcp_max_tw_buckets = 1440000
|
||||
net.ipv4.tcp_tw_recycle = 0
|
||||
net.ipv4.tcp_tw_reuse = 1
|
||||
net.ipv4.tcp_max_orphans = 400000
|
||||
net.ipv4.tcp_window_scaling = 1
|
||||
net.ipv4.tcp_rfc1337 = 1
|
||||
net.ipv4.tcp_syncookies = 1
|
||||
net.ipv4.tcp_synack_retries = 1
|
||||
net.ipv4.tcp_syn_retries = 2
|
||||
net.ipv4.tcp_max_syn_backlog = 16384
|
||||
net.ipv4.tcp_timestamps = 1
|
||||
net.ipv4.tcp_sack = 1
|
||||
net.ipv4.tcp_fack = 1
|
||||
net.ipv4.tcp_ecn = 2
|
||||
net.ipv4.tcp_fin_timeout = 10
|
||||
net.ipv4.tcp_keepalive_time = 600
|
||||
net.ipv4.tcp_keepalive_intvl = 60
|
||||
net.ipv4.tcp_keepalive_probes = 10
|
||||
net.ipv4.tcp_no_metrics_save = 1
|
||||
net.ipv4.ip_forward = 1
|
||||
net.ipv4.conf.all.accept_redirects = 0
|
||||
net.ipv4.conf.all.send_redirects = 0
|
||||
net.ipv4.conf.all.accept_source_route = 0
|
||||
net.ipv4.conf.all.rp_filter = 1
|
||||
@@ -0,0 +1,16 @@
|
||||
<VirtualHost $IP:443>
|
||||
DocumentRoot /var/www/$DOMAIN
|
||||
ServerName $DOMAIN
|
||||
SSLEngine on
|
||||
SSLCertificateFile /etc/letsencrypt/live/$DOMAIN/fullchain.pem
|
||||
SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN/privkey.pem
|
||||
SSLProtocol all -SSLv2 -SSLv3
|
||||
SSLHonorCipherOrder on
|
||||
SSLCipherSuite "HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128"
|
||||
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost $IP:80>
|
||||
ServerName $DOMAIN
|
||||
Redirect permanent / https://$DOMAIN/
|
||||
</VirtualHost>
|
||||
@@ -0,0 +1,3 @@
|
||||
0 8 * * * chkrootkit -q
|
||||
0 11 * * 0 lynis -q
|
||||
0 0 * * * apt update; apt upgrade -y
|
||||
@@ -0,0 +1,148 @@
|
||||
Ubuntu 24.04.3LTS
|
||||
PHP-default
|
||||
Apache2
|
||||
MySQL+phpmyadmin
|
||||
|
||||
# Step 1
|
||||
sudo -i
|
||||
apt update
|
||||
apt -y upgrade
|
||||
reboot
|
||||
|
||||
# Step 2
|
||||
nano /etc/ssh/sshd_config
|
||||
Change `#PasswordAuthentication yes` to `PasswordAuthentication no`
|
||||
Add line
|
||||
`AllowUsers <username>`
|
||||
|
||||
# Step 3
|
||||
ON WINDOWS:
|
||||
Via PowerShell
|
||||
enable OpenSSH in PowerShell: https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse
|
||||
ssh-keygen -t ed25519 -C "<your email address>"
|
||||
use a STRONG PASSPHRASE
|
||||
Hit [Enter] to save keys at DEFAULT location
|
||||
to get your rsa PUBLIC key, do:
|
||||
Press [Windows Logo Key/Start]+R
|
||||
Put in `notepad %USERPROFILE%/.ssh/id_ed25519.pub`
|
||||
hit Enter
|
||||
copy all the text in that file
|
||||
# Technical details: it saves private key at %USERPROFILE%/.ssh/id_ed25519
|
||||
# private key example: C:\Users\potatouser\.ssh\id_ed25519
|
||||
# public key example: C:\Users\potatouser\.ssh\id_ed25519.pub
|
||||
|
||||
|
||||
ON UBUNTU
|
||||
mkdir ~/.ssh
|
||||
chmod 700 ~/.ssh
|
||||
nano ~/.ssh/authorized_keys
|
||||
<paste rsa PUBLIC key>
|
||||
chmod 600 ~/.ssh/authorized_keys
|
||||
sudo systemctl reload sshd
|
||||
|
||||
TO CONNECT
|
||||
SSH with Windows PowerShell
|
||||
Powershell is installed by default on Windows 10/11
|
||||
ssh <username>@<ipaddress>
|
||||
|
||||
Manage Files with WinSCP:
|
||||
install winscp https://winscp.net/eng/download.php
|
||||
install puttygen https://www.puttygen.com/download.php?val=4
|
||||
run puttygen
|
||||
Click Load
|
||||
Select private key at %USERPROFILE%/.ssh/id_ed25519
|
||||
copy and paste the string of text beginning in ssh-ed25519 and paste
|
||||
save public and private key to %USERPROFILE%/.ssh/ under a %USERPROFILE%/.ssh/id_ed25519.ppk (private)
|
||||
and %USERPROFILE%/.ssh/id_ed25519.ppk.pub (public)
|
||||
run winscp
|
||||
click new site
|
||||
protocol: SFTP
|
||||
host name: <server/ip>
|
||||
username: <username>
|
||||
port number: 22
|
||||
click Advanced
|
||||
on left panel under SSH click Authentication
|
||||
Browse for private key at %USERPROFILE%/.ssh/id_ed25519.ppk
|
||||
ok
|
||||
save
|
||||
|
||||
# Step 4
|
||||
sudo apt install -y git
|
||||
# download and install scripts and tools
|
||||
cd ~
|
||||
git clone https://gitlab.com/princesspi/general-scripts-and-system-ssssssetup.git
|
||||
sudo -i
|
||||
apt install -y apache2 snapd mysql-server byobu nmap screen iotop zip unzip lynx htop php php-cli php-fpm php-json php-common php-mysql php-zip php-gd php-mbstring php-curl php-xml php-pear php-bcmath unattended-upgrades net-tools python3 python3-pip unison
|
||||
snap install btop
|
||||
# secure mysql
|
||||
mysql_secure_installation
|
||||
# follow directions, defaults are fine just remember what you set as the root password
|
||||
# install and config phpmyadmin
|
||||
apt install -y phpmyadmin
|
||||
ln -s /usr/share/phpmyadmin /var/www/html/pma
|
||||
# phpmyadmin will be accessable from the public internet at http://<your server ip>/pma
|
||||
# ensure your passwords are up to snuff
|
||||
// TODO: prolly should do some other security shit to protect phpmyadmin
|
||||
systemctl restart apache2
|
||||
systemctl restart mysql
|
||||
# add user to web server group
|
||||
usermod -a -G www-data <username>
|
||||
# unattended upgrades
|
||||
dpkg-reconfigure unattended-upgrades
|
||||
nano /etc/apt/apt.conf.d/50unattended-upgrades
|
||||
change `//Unattended-Upgrade::Automatic-Reboot "false";` to `Unattended-Upgrade::Automatic-Reboot "true";`
|
||||
change `//Unattended-Upgrade::Remove-Unused-Dependencies "false";` to `Unattended-Upgrade::Remove-Unused-Dependencies "true";`
|
||||
change `//Unattended-Upgrade::Mail "root@localhost";` to Unattended-Upgrade::Mail "<your admin email>";`
|
||||
systemctl start unattended-upgrades && systemctl enable unattended-upgrades
|
||||
unattended-upgrade -d -v //test unattended upgrades
|
||||
# uncomplicated firewall setup
|
||||
ufw allow http
|
||||
ufw allow https
|
||||
ufw allow ssh
|
||||
ufw enable
|
||||
reboot
|
||||
|
||||
|
||||
// TODO: backups setup needs more work, not working at current
|
||||
// make unison script pls
|
||||
// SKIP backups section for now
|
||||
# backups
|
||||
sudo -i
|
||||
mkdir -p /backups/log
|
||||
mkdir /backups/backups
|
||||
ln -s /var/backups /backups/system
|
||||
cp -r /home/<user>/general-scripts-and-system-ssssssetup/customscripts /usr/share
|
||||
chmod +x /usr/share/customscripts/*sh
|
||||
nano /usr/share/customscripts/backup.sh //edit to add dirs to back up
|
||||
sh /usr/share/customscripts/crowdsec.sh
|
||||
screen -R backups
|
||||
sh /usr/share/customscripts/backup.sh
|
||||
Ctrl+A+D
|
||||
sh /usr/share/customscripts/fix_permissions.sh
|
||||
|
||||
# Step 5
|
||||
# install some cool securiy tools
|
||||
apt install -y chkrootkit lynis certbot fail2ban
|
||||
crontab -e //instal crons from /home/<user>/general-scripts-and-system-ssssssetup/crontab.txt
|
||||
apt install -y tripwire
|
||||
Follow directions and utilize secure passphrase DO NOT LOSE PASSPHRASE
|
||||
# as primary user (NOT root or sudo, run `exit` if in doubt)
|
||||
pip3 install thefuck
|
||||
echo "# user addons" >> ~/.bashrc
|
||||
echo "PATH=~/.local/bin/:$PATH" >> ~/.bashrc
|
||||
echo 'eval "$(thefuck --alias)"' >> ~/.bashrc
|
||||
echo 'HISTTIMEFORMAT="%Y-%m-%d %T "' >> ~/.bashrc
|
||||
source ~/.bashrc
|
||||
|
||||
Step 6: # optional
|
||||
IF you want to use sudo without password check:
|
||||
sudo visudo
|
||||
for ONE user:
|
||||
select editor of your choice
|
||||
add `<username> ALL=(ALL) NOPASSWD: ALL`
|
||||
|
||||
OR for all users in the sudo group
|
||||
comment out the line beginning with %sudo soi it looks like #%sudo
|
||||
add `%sudo ALL=(ALL) NOPASSWD: ALL` on any new line
|
||||
save and exit
|
||||
sudo reboot
|
||||
@@ -0,0 +1,67 @@
|
||||
* General Guides and Scripts for:
|
||||
* Ubuntu Server LAMP (20.04 LTS)
|
||||
* Dark Web Hosting (LAMP on 20.04 LTS)
|
||||
* General Windows 10 and mobile security guide
|
||||
|
||||
Install customscripts on linux with
|
||||
`curl -s https://gitlab.com/princesspi/general-scripts-and-system-ssssssetup/-/raw/master/customscripts/install_script.sh?nocache=$RANDOM | sudo "$SHELL"`
|
||||
|
||||
## Usage
|
||||
### Linux
|
||||
#### git helpers
|
||||
* `gitinitshit`
|
||||
* `gitshit`
|
||||
* `gitsync`
|
||||
* `syncstatus`
|
||||
* `waypoint`
|
||||
*
|
||||
#### security helpers
|
||||
* `backup.sh`
|
||||
* `binwalk-tool`
|
||||
* `configuree_webhook.sh`
|
||||
* `connect-wifi`
|
||||
* `crowdsec.sh`
|
||||
* `find_bytes`
|
||||
* `fix-wifi`
|
||||
* `add_user_ssh`
|
||||
* `wifi-monitor-airX`
|
||||
* `recursive-analysis`
|
||||
* `large_file_search_for_hash`
|
||||
|
||||
#### monitoring
|
||||
* `mon-watch`
|
||||
* `monitor_pid`
|
||||
* `webhook`
|
||||
|
||||
#### setup and general scripts
|
||||
* `ifnet`
|
||||
* `install_script.sh`
|
||||
* `pyenv_setup`
|
||||
* `xrdp-start`
|
||||
* `add_apache2_site`
|
||||
|
||||
### Windowwz
|
||||
#### git helpers
|
||||
* `gitshit.ps1`
|
||||
* `gitsync.ps1`
|
||||
* `syncstatus.ps1`
|
||||
* `waypoint.ps1`
|
||||
#### linux-like hashing helpers
|
||||
* `winhash.ps1`
|
||||
* `md5sum.ps1`
|
||||
* `sha256sum.ps1`
|
||||
* `sha384sum.ps1`
|
||||
* `sha512sum.ps1`
|
||||
#### remote host tools
|
||||
* `ssh-wait-loop.ps1`
|
||||
* `wait-on-host.ps1`
|
||||
* `testtime.ps1`
|
||||
#### Windows system
|
||||
* `redundant-backup.ps1`
|
||||
* `windows-repair.bat`
|
||||
|
||||
todo:
|
||||
1. windwows gitinitshit
|
||||
2. convert windows-repair.bat to powershell and add more features and checks
|
||||
1. automatic elevation request
|
||||
2. update and improve security scan via windows defender
|
||||
@@ -0,0 +1 @@
|
||||
donkeydicks:pope:
|
||||
@@ -0,0 +1,17 @@
|
||||
if ($args) {
|
||||
$message=$args -join ' '
|
||||
} else {
|
||||
if(test-path './version.txt') {
|
||||
$message = $(get-content './version.txt')
|
||||
} else {
|
||||
$message = $(Get-Date -uformat "%s")
|
||||
}
|
||||
}
|
||||
|
||||
echo "git commit message: '$message'"
|
||||
|
||||
git add .
|
||||
git commit -m "$message"
|
||||
git push
|
||||
|
||||
echo "Done :3"
|
||||
@@ -0,0 +1,20 @@
|
||||
# todo, param and defaults these up
|
||||
$remote_dir = "/var/www/html/Media-Viewer"
|
||||
$remote_host = "pi3"
|
||||
$remote_cmd = "echo REMOTE pull $remote_dir; git -C $remote_dir pull; echo REMOTE add $remote_diradding; git -C $remote_dir add .; echo REMOTE commit $remote_dir; git -C $remote_dir commit -m `$(date +%s); echo REMOTE push $remote_dir; git -C $remote_dir push; echo -e `"\nREMOTE status $remote_dir\n`"; git -C $remote_dir status;"
|
||||
|
||||
echo "`nLOCAL pulling`n"
|
||||
git pull
|
||||
|
||||
echo "`nLOCAL adding, comitting and pushing`n"
|
||||
gitshit # usin gitshit here lmfao maybe make message a param
|
||||
|
||||
echo "`nLOCAL status`n"
|
||||
git status
|
||||
|
||||
# run da REMOTE
|
||||
echo "`nREMOTE running sync"
|
||||
ssh $remote_host "/bin/bash -c $remote_cmd"
|
||||
|
||||
echo "`nLOCAL status`n"
|
||||
git status
|
||||
@@ -0,0 +1,6 @@
|
||||
param (
|
||||
[Parameter(Mandatory=$true)]
|
||||
[string]$infile
|
||||
)
|
||||
|
||||
Invoke-Expression "$PSScriptRoot\winhash.ps1 $infile MD5"
|
||||
@@ -0,0 +1,25 @@
|
||||
$counter = 1;
|
||||
$paths_file = ".\paths.txt"
|
||||
$destination_dir = ""
|
||||
$sleep_seconds = 90
|
||||
|
||||
# infinite loop to run through to and loop every $sleep_seconds seconeds
|
||||
while($true) {
|
||||
Write-Host "`n`nNew Rotation!`n`tRotation $counter `n`tCopying...`n`n"
|
||||
# loop through paths in $paths_file
|
||||
foreach($line in Get-Content "$paths_file") {
|
||||
Clear-Host
|
||||
Write-Host "Handling $line on rotation $counter"
|
||||
# copy the path
|
||||
$path = $line
|
||||
# split $line by \ and return last element
|
||||
$dirname = $line -split "\\" | Select-Object -Last 1
|
||||
# do the copy
|
||||
robocopy /e /z $path $destination_dir\$dirname
|
||||
}
|
||||
Clear-Host
|
||||
Write-Host "`n`nFinished Rotation $counter`n`tSleeping 90 Seconds...`n`n"
|
||||
# sleep wont start until robopy loop is finished
|
||||
Start-Sleep -Seconds $sleep_seconds # sleep $sleep_seconds seconds
|
||||
$counter++;
|
||||
}
|
||||
@@ -0,0 +1,74 @@
|
||||
# `pwsh.exe -c "`"C:\path\to\redundant-backup.ps1`" -logFile `"`" -simpleLogFile `"`""`
|
||||
# `Start-Process -filepath "C:\path\to\redundant-backup.ps1" -logFile "" -simpleLogFile ""`
|
||||
# `redundant-backup -logFile "" -simpleLogFile ""`
|
||||
param([string] $logFile,
|
||||
[string] $simpleLogFile
|
||||
)
|
||||
|
||||
$startUnixSeconds = get-date -uformat "%s" # unix epoch seconds for duration
|
||||
$startDateHuman = get-date # human readable begin date
|
||||
$startDateFilename = get-date -format 'yyyy-MM-dd-hhmm' # filename friendly date format
|
||||
|
||||
|
||||
$warningFile = "C:\Users\human\OneDrive\Desktop\backup_error_$startDateFilename.log" # file to create to notify of a failure
|
||||
|
||||
$jobName = "Weekly-Backup-$startDateFilename" # name for job in case wanna restart an interrupted one
|
||||
$resticRunning = "E:\restic_backups_rolling" # from dir (restic)
|
||||
|
||||
$redundantLocal = "D:\restic_backups_redundancy_rolling" # to dir (local drive)
|
||||
$redundantLocalNetwork = "R:\restics_backups_redundancy_rolling" # to dir (network mapped drive location)
|
||||
$redundantAirGap = "S:\restic_backups_redundancy_rolling" # set backup usb to use S
|
||||
|
||||
$logGuideString = "Verb | Current Date and Time (Current Time Unix Seconds) | Start Date and Time (Start Time Unix Seconds) | Time Elapsed in Seconds | From Directory | To Directory | Job Name | Exit Status"
|
||||
|
||||
function appendToLog {
|
||||
param([string]$verb="INFO", [string]$exitCode="NONE", [string]$log="$logFile", [string]$fromDir="NONE", [string]$toDir="NONE")
|
||||
|
||||
$timeCalc = $(Get-Date -uformat "%s")-$startUnixSeconds
|
||||
|
||||
# Verb | Current Date and Time (Current Time Unix Seconds) | Start Date and Time (Start Time Unix Seconds) | Time Elapsed in Seconds | From Directory | To Directory | Job Name | Exit Status
|
||||
$logString = "$verb | $(Get-Date) ($(Get-Date -uformat "%s")) | $startDateHuman ($startUnixSeconds) | $timeCalc | $fromDir | $toDir | $jobName | $exitCode"
|
||||
|
||||
echo "$logString"
|
||||
echo "$logString" >> "$log"
|
||||
}
|
||||
|
||||
function appendToErrorLog {
|
||||
param ( $exceptionMessage, $part )
|
||||
$errorString = "`nFAIL on $part`nException: $exceptionMessage`nVars:`n`tstartDateHuman: $startDateHuman`n`tstart: $startUnixSecondsUnixSecons`n`tappendToErrorLog: $appendToErrorLog`n`tlogFile: $logFile`n`twarningFile: $warningFile`n`tresticRunning: $resticRunning`n`tredundantLocal: $redundantLocal`n`tredundantLocalNetwork: $redundantLocalNetwork`n`tjobName: $jobName"
|
||||
|
||||
echo "$errorString"
|
||||
try { echo "$errorString" > "$warningFile" } catch { echo "Error: $warningFile Not Found" }
|
||||
}
|
||||
|
||||
function doBackup {
|
||||
param ( [string]$fromDir="NONE", [string]$toDir="NONE", [string]$tagString="INFO" )
|
||||
|
||||
echo "`n$tagString"
|
||||
echo "`tFollow log with:`n`t`tGet-Content `"$logFile`" -Wait -Tail 10`n"
|
||||
|
||||
appendToLog -verb "START-$tagString" -log "$logFile" -toDir "$toDir" -fromDir "$fromDir"
|
||||
robocopy "$fromDir" "$toDir" /E /Z /FP /NP /R:2 /W:1 /SAVE:"$jobString" /LOG+:"$logFile"
|
||||
appendToLog -verb "FINISH-$tagString" -exitCode "$?" -log "$logFile" -toDir "$toDir" -fromDir "$fromDir"
|
||||
}
|
||||
|
||||
echo "Initializing Logs"
|
||||
|
||||
touch "$runningFile"
|
||||
|
||||
echo "$logGuideString" > "$logFile"
|
||||
appendToLog -verb "INITIALIZE-LOG-FILES" -exitCode "$?" -log "$logFile"
|
||||
|
||||
echo "`n$logGuideString`n"
|
||||
|
||||
# run da backupssss
|
||||
doBackup -fromDir "$resticRunning" -toDir "$redundantLocal" -tagString "COPY-LOCAL" -jobString "$jobName" # local
|
||||
appendToLog -verb "COPY-LOCAL" -exitCode "$?" -log "$logFile" -fromDir "$resticRunning" -toDir "$redundantLocal"
|
||||
|
||||
doBackup -fromDir "$resticRunning" -toDir "$redundantLocalNetwork" -tagString "COPY-LOCAL-NETWORK" -jobString "$jobName" # network
|
||||
appendToLog -verb "COPY-LOCAL-NETWORK" -exitCode "$?" -log "$logFile" -fromDir "$resticRunning" -toDir "$redundantLocalNetwork"
|
||||
|
||||
doBackup -fromDir "$resticRunning" -toDir "$redundantAirGap" -tagString "COPY-AIRGAP" -jobString "$jobName" # airgap
|
||||
appendToLog -verb "COPY-AIRGAP" -exitCode "$?" -log "$logFile" -fromDir "$resticRunning" -toDir "$redundantAirGap"
|
||||
|
||||
appendToLog -verb "DONE" -log "$logFile"
|
||||
@@ -0,0 +1,6 @@
|
||||
param (
|
||||
[Parameter(Mandatory=$true)]
|
||||
[string]$infile
|
||||
)
|
||||
|
||||
Invoke-Expression "$PSScriptRoot\winhash.ps1 $infile SHA1"
|
||||
@@ -0,0 +1,6 @@
|
||||
param (
|
||||
[Parameter(Mandatory=$true)]
|
||||
[string]$infile
|
||||
)
|
||||
|
||||
Invoke-Expression "$PSScriptRoot\winhash.ps1 $infile SHA256"
|
||||
@@ -0,0 +1,6 @@
|
||||
param (
|
||||
[Parameter(Mandatory=$true)]
|
||||
[string]$infile
|
||||
)
|
||||
|
||||
Invoke-Expression "$PSScriptRoot\winhash.ps1 $infile SHA384"
|
||||
@@ -0,0 +1,6 @@
|
||||
param (
|
||||
[Parameter(Mandatory=$true)]
|
||||
[string]$infile
|
||||
)
|
||||
|
||||
Invoke-Expression "$PSScriptRoot\winhash.ps1 $infile SHA512"
|
||||
@@ -0,0 +1,11 @@
|
||||
param(
|
||||
[string]
|
||||
$session = 'pi3'
|
||||
)
|
||||
|
||||
while($True) {
|
||||
ssh $session
|
||||
echo "Waiting 5 Seconds..."
|
||||
sleep 5
|
||||
wait-on-host -hostname $session
|
||||
}
|
||||
@@ -0,0 +1,10 @@
|
||||
$remote_host = "pi3"
|
||||
$remote_dir = "/var/www/html/Media-Viewer"
|
||||
|
||||
echo "LOCAL: pulling"
|
||||
git pull
|
||||
|
||||
echo "LOCAL: status"
|
||||
git status
|
||||
|
||||
ssh $remote_host "echo 'REMOTE: pulling'; git -C $remote_dir pull; echo 'REMOTE: status'; git -C $remote_dir status"
|
||||
@@ -0,0 +1,7 @@
|
||||
# usage:
|
||||
# testtime "some powershell command string"
|
||||
param([string] $cmd)
|
||||
$start=$(get-date -uformat "%s")
|
||||
invoke-expression "$cmd"
|
||||
$end=$(get-date -uformat "%s")
|
||||
echo "`n`ntime: $($end - $start)`n`n"
|
||||
@@ -0,0 +1,85 @@
|
||||
# usage:
|
||||
# `.\wait-on-host.ps1 -hostname <DOMAIN_NAME_OR_IP> -sleep <SECONDS_TO_SLEEP_PER_CYCLE> -pingcount <NUMBER_OF_TIMES_TO_PING_PER_ITERATION> -max <MAX_NUMBER_OF_ITERATIONS> -hold <SECONDS_TO_WAIT_AFTER_FIRST_RESPONSE>`
|
||||
#
|
||||
# defaults:
|
||||
# hostname: cable-wind.local
|
||||
# sleep: 25
|
||||
# pingcount: 1
|
||||
# max: 500
|
||||
# hold: 30
|
||||
# ex. `.\wait-on-host.ps1 -hostname google.com -sleep 10 -pingcount 5`
|
||||
|
||||
|
||||
|
||||
param(
|
||||
[string]
|
||||
$hostname = "cable-wind.local",
|
||||
|
||||
[int]
|
||||
$sleep = 25,
|
||||
|
||||
[int]
|
||||
$pingcount = 1,
|
||||
|
||||
[int]
|
||||
$max = 500,
|
||||
|
||||
[bool]
|
||||
$loop = 0, # 1 to loop
|
||||
|
||||
[int]
|
||||
$hold = 30
|
||||
)
|
||||
|
||||
if($hostname -eq 'help') {
|
||||
echo "usage:`n`twait-on-host [help] -hostname <DOMAIN_NAME_OR_IP> -sleep <SECONDS_TO_SLEEP_PER_CYCLE> -pingcount <NUMBER_OF_TIMES_TO_PING_PER_ITERATION> -max <MAX_NUMBER_OF_ITERATIONS> -hold <SECONDS_TO_WAIT_AFTER_FIRST_RESPONSE>`n`twait-on-host help`n`t`tthis help message`n`twait-on-host 8.8.8.8`n`t`twait on 8.8.8.8 with defaults`n`tdefaults:`n`t`thostname: cable-wind.local`n`t`tsleep: 25`n`t`tpingcount: 1`n`t`tmax: 500`n`t`thold: 30`n`tex. wait-on-host -hostname google.com -sleep 10 -pingcount 5`n";
|
||||
|
||||
exit;
|
||||
}
|
||||
|
||||
$iterations = 0;
|
||||
|
||||
while(1 -eq 1) { # infinite loop
|
||||
echo "`nHost: $hostname" # Iterations: $iterations Count: $pingcount Sleep: $sleep Max: $max`n`tFlushing dns..."
|
||||
echo "`tFlushing DNS"
|
||||
ipconfig /flushdns >NUL 2>&1 # redirects output nowhere
|
||||
if($?) {
|
||||
echo "`t`tDone."
|
||||
} else {
|
||||
echo "`t`tFAILED TO FLUSH DNS! EXITING!"
|
||||
exit
|
||||
}
|
||||
|
||||
echo "`tPinging..."
|
||||
# $pingObj = Test-Connection -Count $pingcount -TargetName "$hostname" # powershell Test-Connection -Ping is default and redundant
|
||||
$pingObj = Test-Connection -Count $pingcount -TargetName "$hostname" 2>&1
|
||||
|
||||
if($pingObj.Status -eq "Success") { # if return status of abopve (ping -n 1...) is True
|
||||
# $pingObj = Test-Connection -Count $pingcount -TargetName "$hostname" # powershell Test-Connection -Ping is default and redundant
|
||||
$ip = $pingObj.Address.IPAddressToString # get the bare ip out
|
||||
|
||||
echo "`t`tSuccess!`n`t`tIP: $ip`n`t`tHost: $hostname`n`t`tURL (host): http://$hostname`n`t`tURL (IP): http://$ip"
|
||||
if($loop) {
|
||||
echo "Sleeping $sleep Seconds..."
|
||||
sleep $sleep # sleepy time
|
||||
} else {
|
||||
echo "`nWaiting $hold Seconds to Make Sure..."
|
||||
sleep $hold
|
||||
echo "`nReady!`n"
|
||||
break
|
||||
}
|
||||
} else {
|
||||
echo "`t`tNOT FOUND YET"
|
||||
echo "`nSleeping $sleep Seconds..."
|
||||
sleep $sleep # sleepy time
|
||||
}
|
||||
|
||||
|
||||
if($iterations -gt $max) {
|
||||
echo "`nMAX ITERATIONS OF $max REACHED! EXITINTG`n"
|
||||
exit
|
||||
}
|
||||
|
||||
$iterations++
|
||||
|
||||
}
|
||||
@@ -0,0 +1,2 @@
|
||||
git add .
|
||||
git commit -m "waypoint"
|
||||
@@ -0,0 +1,5 @@
|
||||
@ECHO OFF
|
||||
mrt
|
||||
sfc /scannow
|
||||
DISM /Online /Cleanup-Image /RestoreHealth
|
||||
chkdsk /r C:
|
||||
@@ -0,0 +1,38 @@
|
||||
# Usage:
|
||||
## .\winhash.ps1 <FILE> <ALGO>
|
||||
## Algos Supported:
|
||||
### MD5
|
||||
### SHA1
|
||||
### SHA256
|
||||
### SHA384
|
||||
### SHA512
|
||||
## Example:
|
||||
### .\winhash.ps1 sillyfilly.bin SHA256
|
||||
## Outputs to terminal and to a text file
|
||||
### Text file name format <input filepath>.<unix epoch microseconds>.<hashing algorithm>.txt
|
||||
|
||||
param (
|
||||
[Parameter(Mandatory=$true)] # prompt for input if not specified via cli
|
||||
[string]$infile,
|
||||
|
||||
[Parameter(Mandatory=$true)] # this 1 2 :pope:
|
||||
[string]$algo
|
||||
)
|
||||
|
||||
function Get-UnixMicroseconds {
|
||||
$unixEpoch = [DateTimeOffset]'1970-01-01T00:00:00Z' # unix epoch constant
|
||||
$currentTime = [DateTimeOffset]::UtcNow # current utc time
|
||||
$timeDifferenceTicks = $currentTime.Ticks - $unixEpoch.Ticks # subtract current time from unix epoch constant in ticks
|
||||
$microseconds = [Int64]($timeDifferenceTicks / 10) # use 64bit int, divide ticks by 10 to give microseconds
|
||||
|
||||
# I am literally using Unix microseconds because they are more fun than Unix seconds :pinkie:
|
||||
return $microseconds
|
||||
}
|
||||
|
||||
# jesus fuckin analbeads the selection of hash algos in powershell is weird and limited
|
||||
# probably because Bill Gates and Satya Nadella get together with the other C-suite executives
|
||||
# and hypergoon to leagelese in clickwrap agreements that absolves them of liability and
|
||||
# lets them sell our private data and other assorted dickpics or sumtin idk man lmao
|
||||
$hash = $(Get-FileHash -Path $infile -Algorithm $algo | Format-List) # do da fookin hashin right dafucc here
|
||||
echo $hash # show user
|
||||
echo $hash > "$infile.$(Get-UnixMicroseconds).$algo.txt" # make the txt file
|
||||
@@ -0,0 +1,18 @@
|
||||
# CUSTOM STUFFS
|
||||
# custom scripts https://gitlab.com/princesspi/general-scripts-and-system-ssssssetup
|
||||
PATH="$PATH:/usr/share/customscripts"
|
||||
|
||||
# pico SDK https://github.com/raspberrypi/pico-sdk
|
||||
export PICO_SDK_PATH='/home/kali/pico-sdk'
|
||||
|
||||
# esp-install-custom https://github.com/PrincessPi3/esp-install-custom
|
||||
alias get_idf='. /home/princesspi/esp/esp-idf/export.sh'
|
||||
alias run_esp_reinstall='git -C /home/princesspi/esp/esp-install-custom pull;echo -e "\nOld Version:";tail -1 /home/princesspi/esp/version-data.log;echo -e "\n";bash /home/princesspi/esp/esp-install-custom/reinstall-esp-idf.sh'
|
||||
alias esp_monitor='tail -n 75 -f /home/princesspi/esp/install.log'
|
||||
alias esp_logs='less /home/princesspi/esp/version-data.log;less /home/princesspi/esp/install.log'
|
||||
export ESPIDF_INSTALLDIR="/home/princesspi/esp"
|
||||
|
||||
# pyenv https://github.com/pyenv/pyenv
|
||||
export PYENV_ROOT="$HOME/.pyenv"
|
||||
[[ -d $PYENV_ROOT/bin ]] && export PATH="$PYENV_ROOT/bin:$PATH"
|
||||
eval "$(pyenv init - zsh)"
|
||||
@@ -0,0 +1,42 @@
|
||||
#!/bin/bash
|
||||
[ "root" != "$USER" ] && exec sudo $0 "$@"
|
||||
#usage sudo sh add_site_apache2.sh 192.168.1.1 example.com
|
||||
#note: the web server will go down for the duration this script is running
|
||||
#set needed A records to domain DNS before beginning
|
||||
#bind IP desired before beginning
|
||||
|
||||
IP=$1
|
||||
DOMAIN=$2
|
||||
|
||||
#stop apache
|
||||
systemctl stop apache2
|
||||
|
||||
#cert get interface
|
||||
certbot certonly
|
||||
|
||||
mkdir /var/www/$DOMAIN
|
||||
echo "<h1>its live</h1>" > /var/www/$DOMAIN/index.html
|
||||
|
||||
#make and place config file
|
||||
cat << EOF | echo > /etc/apache2/sites-available/{$DOMAIN}.config
|
||||
<VirtualHost {$IP}:443>
|
||||
DocumentRoot /var/www/{$DOMAIN}
|
||||
ServerName $DOMAIN
|
||||
SSLEngine on
|
||||
SSLCertificateFile /etc/letsencrypt/live/{$DOMAIN}/fullchain.pem
|
||||
SSLCertificateKeyFile /etc/letsencrypt/live/{$DOMAIN}/privkey.pem
|
||||
SSLProtocol all -SSLv2 -SSLv3
|
||||
SSLHonorCipherOrder on
|
||||
SSLCipherSuite "HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128"
|
||||
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost {$IP}:80>
|
||||
ServerName $DOMAIN
|
||||
Redirect permanent / https://{$DOMAIN}/
|
||||
</VirtualHost>
|
||||
EOF
|
||||
|
||||
a2ensite $DOMAIN
|
||||
sh fix_permissions.sh
|
||||
systemctl start apache2
|
||||
@@ -0,0 +1,11 @@
|
||||
#!/bin/bash
|
||||
# usage:
|
||||
# add_user_ssh.sh "$USER" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2D+9oYQlTnu1zeVi2gHfTKE7+DDWiu1EibXNwB9g72 princesspi@proton.me"
|
||||
|
||||
[ "root" != "$USER" ] && exec sudo $0 "$@"
|
||||
KEY="$2"
|
||||
mkdir /home/$1/.ssh
|
||||
echo $KEY >> /home/$1/.ssh/authorized_keys
|
||||
chmod 700 /home/$1/.ssh
|
||||
chmod 600 /home/$1/.ssh/authorized_keys
|
||||
chown -R $1:$1 /home/$1/.ssh
|
||||
@@ -0,0 +1,8 @@
|
||||
#!/bin/bash
|
||||
[ "root" != "$USER" ] && exec sudo $0 "$@"
|
||||
LOCK=/var/lock/backups.lock
|
||||
if [ ! -f $LOCK ]; then
|
||||
echo "lock" > $LOCK
|
||||
rsync -rzvvb --backup-dir=_old_ --suffix=$(date+_%F-%T) --update --times -e ssh /home/ <username>@<server>:~/backups/home
|
||||
rm -f $LOCK
|
||||
fi
|
||||
@@ -0,0 +1,57 @@
|
||||
#!/bin/bash
|
||||
# usage
|
||||
# binwalk.sh filename [default/opcodes/basicextract/compressionextract/opcodeextract
|
||||
set -e
|
||||
filename="$2"
|
||||
unix_seconds=$(date +%s)
|
||||
dir="binwalk-exracted-$filename-$unix_seconds"
|
||||
log="binwalk-log-$filename-$unix_seconds.txt"
|
||||
|
||||
basic="Bf"
|
||||
basicextract="Bef"
|
||||
compressionextract="BeMXZCf"
|
||||
opcodecompressextract="ABeMXZCf"
|
||||
opcodeextract="ABeCf"
|
||||
opcode="ABf"
|
||||
|
||||
basic_cmd="--signature"
|
||||
basicextract_cmd="--signature --extract --directory=$dir"
|
||||
compressionextract_cmd="--signature --extract --matryoshka --deflate --lzma --directory=$dir"
|
||||
opcodecompressextract_cmd="--opcodes --signature --extract --matryoshka --deflate -lzma --directory=$dir"
|
||||
opcodeextract_cmd="--opcodes --signature --extract --directory=$dir"
|
||||
opcode_cmd="--opcodes --signature"
|
||||
|
||||
usage_string="Usage:\n\tbinwalk.sh <option> <file>\n\t\tb/d/basic/default\n\t\to/op/opcode/opcodes\n\t\tbe/eb/basicextract/extractbasic\n\t\tce/ec/compressionextract/extractcompression\n\t\tope/oce/oec/opcodecompressionextract\n\t\toe/eo/opcodeextract/extractopcode"
|
||||
|
||||
if [ "$1" == "o" -o "$1" == "opcode" -o "$1" == "opcodes" -o "$1" == "op" ]; then
|
||||
tag="$opcode"
|
||||
cmd="$opcode_cmd"
|
||||
elif [ "$1" == "d" -o "$1" == "default" -o "$1" == "b" -o "$1" == "basic" ]; then
|
||||
tag="$basic"
|
||||
cmd="$basic_cmd"
|
||||
elif [ "$1" == "be" -o "$1" == "basicextract" -o "$1" == "eb" -o "$1" == "extractbasic" ]; then
|
||||
tag="$basicextract"
|
||||
cmd="$basicextract_cmd"
|
||||
elif [ "$1" == "ce" -o "$1" == "compressionextract" -o "$1" == "ec" -o "$1" == "extractcompression" ]; then
|
||||
tag="$compressionextract"
|
||||
cmd="$compressionextract_cmd"
|
||||
elif [ "$1" == "oce" -o "$1" == "opcodecompressionextract" -o "$1" == "eoc" -o "$1" == "oec" ]; then
|
||||
tag="$opcodecompressextract"
|
||||
cmd="$opcodecompressextract_cmd"
|
||||
elif [ "$1" == "oe" -o "$1" == "opcodeextract" -o "$1" == "eo" -o "$1" == "extractopcode" ]; then
|
||||
tag="$opcodeextract_cmd"
|
||||
cmd="$opcodeextract_cmd"
|
||||
else
|
||||
echo -e "$usage_string"
|
||||
exit
|
||||
fi
|
||||
|
||||
echo -e $cmd
|
||||
|
||||
if [ -z $2 ]; then
|
||||
echo -e "$usage_string"
|
||||
exit
|
||||
fi
|
||||
|
||||
to_run="binwalk $cmd --log=$log"
|
||||
eval($to_run)
|
||||
@@ -0,0 +1,7 @@
|
||||
#!/bin/bash
|
||||
echo "Enter Discord Webhook URL"
|
||||
read url
|
||||
echo "Enter Tag to Notify"
|
||||
read tag
|
||||
sudo bash -c "echo '$url' > /usr/share/customscripts/webhook.txt"
|
||||
sudo bash -c "echo '$tag' > /usr/share/customscripts/tag.txt"
|
||||
@@ -0,0 +1,40 @@
|
||||
#!/bin/bash
|
||||
if [ -z "$1" ]; then
|
||||
echo "Showing Wifi Interfaces:"
|
||||
iwconfig
|
||||
echo "Please Enter Wifi Interface:"
|
||||
read interface
|
||||
else
|
||||
interface="$1"
|
||||
fi
|
||||
|
||||
echo "Scanning Wifi Networks"
|
||||
nmcli dev wifi list
|
||||
|
||||
if [ -z "$2" ]; then
|
||||
echo "Please Enter SSID"
|
||||
read ssid
|
||||
else
|
||||
ssid="$2"
|
||||
fi
|
||||
|
||||
if [ -z "$3" ]; then
|
||||
echo "Please Enter Password"
|
||||
read password
|
||||
else
|
||||
password="$2"
|
||||
fi
|
||||
|
||||
echo -e "\n\nConnect to $ssid with password $password on interface $interface \n\n"
|
||||
pause
|
||||
|
||||
echo "Running ./fix-wifi.sh"
|
||||
sudo bash ./fix-wifi.sh $interface
|
||||
|
||||
echo "Rescanning"
|
||||
nmcli dev wifi rescan
|
||||
|
||||
echo "Connecting to $ssid"
|
||||
nmcli device wifi connect $ssid password $password ifname $interface # --rescan yes
|
||||
|
||||
echo -e "\nnyaa mrrp done~ :D\n"
|
||||
@@ -0,0 +1,22 @@
|
||||
#!/bin/bash
|
||||
#Crowdsec Install and config
|
||||
curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash
|
||||
apt -y install crowdsec
|
||||
truncate -s 0 /var/log/crowdsec.log
|
||||
#configure bouncers as needed here https://hub.crowdsec.net/browse/#bouncers
|
||||
apt -y install crowdsec-firewall-bouncer-iptables
|
||||
cscli collections install crowdsecurity/base-http-scenarios
|
||||
cscli bouncers add php-bouncer
|
||||
systemctl reload crowdsec
|
||||
#cscli bouncers add <nginx-bouncer php-bouncer wordpress-bouncer cloudflare-bouncer> #as needed
|
||||
# SAVE API KEY, THEY ARE UNRECOVERABLE
|
||||
#for wordpress: install crowdsec plugin in admin panel
|
||||
# SAVE API KEY FROM INSTALL
|
||||
# add API key
|
||||
# LAPIU URL: http://localhost:8080
|
||||
#for cpanel
|
||||
#cscli scenarios install crowdsecurity/cpanel-bf
|
||||
|
||||
#unban an IP
|
||||
#cscli decisions list
|
||||
#cscli decisions delete --id <id number from list>
|
||||
@@ -0,0 +1,15 @@
|
||||
#!/bin/bash
|
||||
if [ -z "$1" -o -z "$2" ]; then
|
||||
echo -e "usage:\n\tbash find_bytes.sh <path> <bytes string>\n\t\tex. bash find_bytes.sh /path/to/dir \"\\\x20\\\x20\""
|
||||
exit
|
||||
fi
|
||||
|
||||
# took a fuckton of experimentation to figure out da escapes lmfao
|
||||
double_bytes="$2" # rename it
|
||||
path=$1 # rename it
|
||||
|
||||
# format ddmmyyyy-HHMM-SS
|
||||
log="./recursive-binwalk-$(date +"%d%m%Y-%H%M-%S").txt" # make da log name
|
||||
|
||||
# watch your escapes here. some needs escape, redundant escape, or no escape
|
||||
find "$path" -type f -exec /bin/bash -c "cmd=\"binwalk --log=$log --raw=$double_bytes {}\"; echo -e \"\n\n==\nfile: {}\nlog: $log\ncommand: \$(printf \\\"%q\\\" \$cmd)\" | tee -a $log; exec \$cmd" \;
|
||||
@@ -0,0 +1,49 @@
|
||||
#!/bin/bash
|
||||
if [ -z "$1" ]; then
|
||||
echo "Showing Wifi Interfaces:"
|
||||
iwconfig
|
||||
echo "Please Enter Wifi Interface:"
|
||||
read wifi_device
|
||||
echo "Selected ${wifi_device}"
|
||||
else
|
||||
wifi_device="$1"
|
||||
fi
|
||||
|
||||
# wifi_device=$1
|
||||
|
||||
echo 'Starting NetworkManager.service'
|
||||
sudo systemctl restart NetworkManager
|
||||
|
||||
echo 'Restarting wpa_supplicant'
|
||||
sudo systemctl restart wpa_supplicant
|
||||
|
||||
echo 'Disconnecting from wifi'
|
||||
sudo nmcli d disconnect $wifi_device
|
||||
|
||||
echo 'Deleting all wifi saved networks'
|
||||
nmcli connection show | sudo awk '{system("nmcli connection delete " $1)}'
|
||||
|
||||
echo 'Bringing down interface'
|
||||
sudo ifconfig $wifi_device down
|
||||
|
||||
echo 'Bringing back up interface'
|
||||
sudo ifconfig $wifi_device up
|
||||
|
||||
echo 'Reloading network manager'
|
||||
sudo nmcli g reload
|
||||
|
||||
echo 'Turning off network manager'
|
||||
sudo nmcli n off
|
||||
|
||||
echo 'Turning on network manager'
|
||||
sudo nmcli n on
|
||||
|
||||
echo 'Changing interface mode to managed'
|
||||
sudo iwconfig $wifi_device mode managed
|
||||
|
||||
echo 'Restarting networking stack'
|
||||
sudo systemctl restart networking
|
||||
|
||||
iwconfig
|
||||
|
||||
echo -e "\nDone~ ^w^\n"
|
||||
@@ -0,0 +1,5 @@
|
||||
#!/bin/bash
|
||||
[ "root" != "$USER" ] && exec sudo $0 "$@"
|
||||
chown -R www-data:www-data /var/www/*
|
||||
find /var/www/* -type d -exec chmod g=rwx "{}" \;
|
||||
find /var/www/* -type f -exec chmod g=rw "{}" \;
|
||||
@@ -0,0 +1,16 @@
|
||||
#!/bin/bash
|
||||
set -e # die on any error
|
||||
|
||||
# get current directory name without the path
|
||||
reponame=${PWD##*/}
|
||||
|
||||
# init to main branch (github default)
|
||||
git init -b main
|
||||
git add .
|
||||
git commit -m "initial commit via gitinitshit"
|
||||
|
||||
# use github cli to create repo with the dir name
|
||||
gh repo create "$thisdirname" --public --source=. --remote=upstream --push
|
||||
|
||||
# print git link and url
|
||||
git remote -v | sed -n -e 1p | awk '{print "\ngit link:", $2; gsub(".git", "", $2); print "repo url:", $2, "\n"}'
|
||||
@@ -0,0 +1,16 @@
|
||||
#!/bin/bash
|
||||
set -e # fail on error
|
||||
|
||||
if [ -f './version.txt' ]; then
|
||||
message=$(cat './version.txt')
|
||||
else
|
||||
if [ -z "$1" ]; then
|
||||
message=$(date +%s)
|
||||
else
|
||||
message="$*"
|
||||
fi
|
||||
fi
|
||||
|
||||
git add .
|
||||
git commit -m "$message"
|
||||
git push
|
||||
@@ -0,0 +1,57 @@
|
||||
#!/bin/bash
|
||||
# sync a local git repo with a remote one over ssh
|
||||
# usage: gitsync <remote_host> <remote_dir>
|
||||
# defaults pi3 and /var/www/html/Media-Viewer
|
||||
|
||||
# handle defaultz
|
||||
handle_args () {
|
||||
if [ -z $1 ]; then
|
||||
remote_host='pi3'
|
||||
else
|
||||
remote_host="$1"
|
||||
fi
|
||||
|
||||
if [ -z $2 ]; then
|
||||
remote_dir='/var/www/html/Media-Viewer'
|
||||
else
|
||||
remote_dir="$2"
|
||||
fi
|
||||
}
|
||||
|
||||
syncstatus () {
|
||||
# view local and remote status before proceeding
|
||||
echo -e "\nLOCAL status\n"
|
||||
git status
|
||||
|
||||
echo -e "\nREMOTE status\n"
|
||||
ssh $remote_host "/bin/bash -c git -C $remote_dir status"
|
||||
}
|
||||
|
||||
gitsync () {
|
||||
# todo: param and defaults these up
|
||||
# todo: format this properly as multiline
|
||||
$remote_cmd = "echo -e \"\nREMOTE pull $remote_dir\n\"; git -C $remote_dir pull; echo -e \"\nREMOTE adding on $remote_dir\n\"; git -C $remote_dir add .; echo -e \"\nREMOTE commit $remote_dir\n\"; git -C $remote_dir commit -m \"autosync $(date +%s)\"; echo -e \"\nREMOTE push $remote_dir\n\"; git -C $remote_dir push; echo -e \"\nREMOTE status $remote_dir\n\"; git -C $remote_dir status;"
|
||||
|
||||
echo -e "\nLOCAL pulling\n"
|
||||
git pull
|
||||
|
||||
echo -e "\nLOCAL adding, comitting and pushing\n"
|
||||
git add .
|
||||
git commit -m "autosync $(date +%s)"
|
||||
git push
|
||||
|
||||
echo -e "\nLOCAL status\n"
|
||||
git status
|
||||
|
||||
# run da REMOTE shiz
|
||||
echo -e "\nREMOTE running sync\n"
|
||||
ssh $remote_host "/bin/bash -c \"$remote_cmd\""
|
||||
|
||||
echo -e "\nLOCAL status\n"
|
||||
git status
|
||||
}
|
||||
|
||||
handle_args
|
||||
syncstatus
|
||||
gitsync
|
||||
syncstatus
|
||||
@@ -0,0 +1,36 @@
|
||||
#!/bin/bash
|
||||
# from https://askubuntu.com/questions/3299/how-to-run-cron-job-when-network-is-up
|
||||
# usage in cron
|
||||
## @reboot bash /usr/share/customscripts/ifnet "/usr/share/customscripts/webhook bootup" 2>> /var/log/cron.error.log
|
||||
function check_online
|
||||
{
|
||||
netcat -z -w 5 discord.com 80 && echo 1 || echo 0
|
||||
}
|
||||
|
||||
# Initial check to see if we are online
|
||||
IS_ONLINE=$(check_online)
|
||||
# How many times we should check if we're online - this prevents infinite looping
|
||||
MAX_CHECKS=10
|
||||
# Initial starting value for checks
|
||||
CHECKS=0
|
||||
|
||||
echo "running! IS_ONLINE: $IS_ONLINE"
|
||||
|
||||
# Loop while we're not online.
|
||||
while [[ $IS_ONLINE -eq 0 ]]; do
|
||||
sleep 10;
|
||||
echo "is_online: $IS_ONLINE loop $CHECKS"
|
||||
IS_ONLINE=check_online
|
||||
|
||||
CHECKS=$(($CHECKS + 1))
|
||||
if [ $CHECKS -gt $MAX_CHECKS ]; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ $IS_ONLINE -eq 0 ]]; then
|
||||
# We never were able to get online. Kill script.
|
||||
exit 1
|
||||
fi
|
||||
|
||||
bash $1 2>> /var/log/cron.error.log
|
||||
@@ -0,0 +1,76 @@
|
||||
#!/bin/bash
|
||||
# set -e # make sure da silly thing dont continue when there be errorZ
|
||||
|
||||
gitRepo='https://gitlab.com/princesspi/general-scripts-and-system-ssssssetup.git'
|
||||
tmpDir='/tmp/customscripts'
|
||||
finalDir='/usr/share/customscripts'
|
||||
|
||||
echo "Updating software lists"
|
||||
sudo apt update
|
||||
|
||||
echo "Installan my packages"
|
||||
sudo apt install gh net-tools htop btop iptraf iotop screen byobu wget python3 python3-pip python3-virtualenv python3-setuptools thefuck nginx wget lynx neovim nmap -y
|
||||
|
||||
echo "Using Shell $SHELL"
|
||||
|
||||
# ta get da right usermayhaps
|
||||
if [[ -z $SUDO_USER ]]; then
|
||||
echo "Using User $USER"
|
||||
username="$USER"
|
||||
else
|
||||
echo "Using User $SUDO_USER"
|
||||
username="$SUDO_USER"
|
||||
fi
|
||||
|
||||
# figure oot da sehell
|
||||
if [[ "$SHELL" =~ bash$ ]]; then
|
||||
rcfile="/home/$username/.bashrc"
|
||||
elif [[ "$SHELL" =~ zsh$ ]]; then
|
||||
rcfile="/home/$username/.zshrc"
|
||||
else
|
||||
echo -e "Die: Unsupported Shell";
|
||||
exit
|
||||
fi
|
||||
|
||||
# clean up any existing install
|
||||
if [[ -d "$tmpDir" ]]; then
|
||||
echo "Cleaning Up Existing $tmpDir"
|
||||
rm -rf "$tmpDir"
|
||||
fi
|
||||
|
||||
if [[ -d "$finalDir" ]]; then
|
||||
echo "Cleaning Up Existing $finalDir"
|
||||
rm -rf "$finalDir"
|
||||
fi
|
||||
|
||||
echo "Cloning Repo $gitRepo"
|
||||
git clone $gitRepo $tmpDir --single-branch --depth 1
|
||||
|
||||
echo "Placing in $finalDir"
|
||||
mv "$tmpDir/customscripts" "$finalDir"
|
||||
|
||||
echo "Changing ownership of $finalDir to $username:$username recursively"
|
||||
chown -R $username:$username "$finalDir"
|
||||
|
||||
echo "Setting perms of $finalDir and contents to 775"
|
||||
chmod -R 775 "$finalDir"
|
||||
|
||||
grep -q $finalDir $rcfile
|
||||
pathgrep=$?
|
||||
|
||||
if [ $pathgrep -eq 0 ]; then
|
||||
echo "$finalDir Already in \$PATH Skipping"
|
||||
else
|
||||
echo "Adding $finalDir to $username's \$PATH by Appending to $rcfile"
|
||||
echo -e "\n\n# automatically added by customscripts installer\nexport PATH=\"\$PATH:$finalDir\"" >> "$rcfile"
|
||||
fi
|
||||
|
||||
# configure webhook
|
||||
# echo "Enter Discord Webhook URL"
|
||||
# read url
|
||||
# echo "Enter Tag to Notify"
|
||||
# read tag
|
||||
# sudo bash -c "echo '$url' > /usr/share/customscripts/webhook.txt"
|
||||
# sudo bash -c "echo '$tag' > /usr/share/customscripts/tag.txt"
|
||||
|
||||
echo -e "\n\nDone! Restart shell:\n\texec \$SHELL\n\n"
|
||||
@@ -0,0 +1,2 @@
|
||||
#!/bin/bash
|
||||
< passes.txt parallel --block 10M -C 5 --pipe grep --count --max-count=1 --fixed-strings $1
|
||||
@@ -0,0 +1,85 @@
|
||||
#!/bin/bash
|
||||
# usage
|
||||
# bash watch.sh /path/t/dir processname logfile
|
||||
set -e
|
||||
|
||||
if [ -z $1 ]; then
|
||||
dir='.'
|
||||
else
|
||||
dir=$1
|
||||
fi
|
||||
|
||||
if [ -z $2 ]; then
|
||||
process_name='none'
|
||||
else
|
||||
process_name=$2
|
||||
fi
|
||||
|
||||
if [ ! -f $3 ]; then
|
||||
log_name=/dev/null
|
||||
else
|
||||
log_name=$3
|
||||
fi
|
||||
|
||||
# uptime
|
||||
uptime_dirty=$(uptime | awk '{print $3,$4}')
|
||||
uptime_cleaned=${uptime_dirty:0:-1}
|
||||
|
||||
# date and time (default date command)
|
||||
# ex. Sat May 17 11:36:04 PM MDT 2025
|
||||
date_time=$(date)
|
||||
|
||||
echo -e "Uptime: $uptime_cleaned\t\tTime: $date_time\n"
|
||||
|
||||
# list filenames ordered by size large to small
|
||||
list_files=$(ls -lAhS $dir | awk '{print $9}')
|
||||
eval "list_files_names=($list_files)"
|
||||
# echo -e "\nda names\n${list_files_names[1]}\n\n"
|
||||
|
||||
# size (human) ordered by size large to small
|
||||
list_human=$(ls -lAhS $dir | awk '{print $5}')
|
||||
eval "list_files_human=($list_human)"
|
||||
# echo -e "\nda humans\n${list_files_human[1]}\n\n"
|
||||
|
||||
# size (bytes) ordered by size large to small
|
||||
list_bytes=$(du -d 1 $dir/* | awk '{print $1}' | sort -r -n)
|
||||
eval "list_files_bytes=($list_bytes)"
|
||||
# echo -e "\nda bytes\n${list_files_bytes[1]}\n\n"
|
||||
|
||||
echo -e "Size (h)\tBytes\tName"
|
||||
|
||||
count=0
|
||||
for name in ${list_files_names[@]}; do
|
||||
echo -e "${list_files_human[$count]}\t\t${list_files_bytes[$count]} \t$name"
|
||||
count=$(($count + 1))
|
||||
done
|
||||
|
||||
# pid
|
||||
list_processes_pid=$(ps aux | grep $process_name | awk '{print $2}')
|
||||
eval "list_processes_pid=($list_processes_pid)"
|
||||
# echo -e "\nda pids\n${list_processes_pid[1]}\n\n"
|
||||
|
||||
# %CPU usage
|
||||
list_processes_cpu=$(ps aux | grep $process_name | awk '{print $3}')
|
||||
eval "list_processes_cpu=($list_processes_cpu)"
|
||||
# echo -e "\nda cpu%\n${list_processes_cpu[1]}\n\n"
|
||||
|
||||
# %MEMORY usage
|
||||
list_processes_mem=$(ps aux | grep $process_name | awk '{print $4}')
|
||||
eval "list_processes_mem=($list_processes_mem)"
|
||||
# echo -e "\nda mem%\n${list_processes_mem[1]}\n\n"
|
||||
|
||||
# process names
|
||||
list_processes_name=$(ps aux | grep $process_name | awk '{print $12,$13,$14,$15,$16,$17,$18}' | sed 's/\s/_/g')
|
||||
eval "list_processes_name=($list_processes_name)"
|
||||
# echo -e "\nda name\n${list_processes_name[1]}\n\n"
|
||||
|
||||
echo -e "\nPID\t\t%MEM\t%CPU\tNAME"
|
||||
count=0
|
||||
for name in ${list_processes_name[@]}; do
|
||||
echo -e "${list_processes_pid[$count]}\t\t${list_processes_mem[$count]}%\t${list_processes_cpu[$count]}%\t$name"
|
||||
count=$(($count + 1))
|
||||
done
|
||||
|
||||
echo -e "\n$log_name"
|
||||
tail -10 $log_name
|
||||
@@ -0,0 +1,29 @@
|
||||
#!/bin/bash
|
||||
if [ -z $1 ]; then
|
||||
echo -e "Usage:\n\tmonitor_pid \"MESSAGE\""
|
||||
exit
|
||||
fi
|
||||
|
||||
pid=$1
|
||||
|
||||
clear
|
||||
echo -e "\nMonitoring for process PID $pid to end"
|
||||
|
||||
# get da webhook tag
|
||||
tag=$(cat /usr/share/customscripts/tag.txt)
|
||||
|
||||
# infinite loop
|
||||
while [ 1 -eq 1 ]; do
|
||||
# check for da pid
|
||||
ps -q $pid > /dev/null
|
||||
ret=$?
|
||||
|
||||
# check if the process exists via retcode of the ps -q $pid
|
||||
if [ $ret -ne 0 ]; then
|
||||
webhook "Process $pid Ended at $(date)! \n\t$tag"
|
||||
echo "Process $pid Ended at $(date)! \n\t$tag"
|
||||
exit
|
||||
fi
|
||||
|
||||
sleep 10
|
||||
done
|
||||
@@ -0,0 +1,25 @@
|
||||
# run automatic installer
|
||||
curl -fsSL https://pyenv.run | bash
|
||||
|
||||
# append relevant bits to ~/.zshrc
|
||||
echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.zshrc
|
||||
echo '[[ -d $PYENV_ROOT/bin ]] && export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.zshrc
|
||||
echo 'eval "$(pyenv init - zsh)"' >> ~/.zshrc
|
||||
|
||||
# restart shell
|
||||
exec "$SHELL"
|
||||
|
||||
pyenv install # CUSTOM STUFFS
|
||||
# pico SDK https://github.com/raspberrypi/pico-sdk
|
||||
export PICO_SDK_PATH='/home/kali/pico-sdk'
|
||||
|
||||
# esp-install-custom https://github.com/PrincessPi3/esp-install-custom
|
||||
alias get_idf='. /home/princesspi/esp/esp-idf/export.sh'
|
||||
alias run_esp_reinstall='git -C /home/princesspi/esp/esp-install-custom pull;echo -e "\nOld Version:";tail -1 /home/pri>alias esp_monitor='tail -n 75 -f /home/princesspi/esp/install.log'
|
||||
alias esp_logs='less /home/princesspi/esp/version-data.log;less /home/princesspi/esp/install.log'
|
||||
export ESPIDF_INSTALLDIR="/home/princesspi/esp"
|
||||
|
||||
# pyenv https://github.com/pyenv/pyenv
|
||||
export PYENV_ROOT="$HOME/.pyenv"
|
||||
[[ -d $PYENV_ROOT/bin ]] && export PATH="$PYENV_ROOT/bin:$PATH"
|
||||
eval "$(pyenv init - zsh)"
|
||||
@@ -0,0 +1,74 @@
|
||||
#!/bin/bash
|
||||
set -e # fail on error
|
||||
|
||||
# default to scan pwd if arg 1 is empty
|
||||
if [ -z $1 ]; then
|
||||
scan_path="$PWD"
|
||||
else
|
||||
scan_path="$1"
|
||||
fi
|
||||
|
||||
# configure dir structure
|
||||
analysis_dir="recursive-analysis" # top level
|
||||
file_dir="$analysis_dir/file"
|
||||
strings_dir="$analysis_dir/strings"
|
||||
sha256sum_dir="$analysis_dir/sha256sum"
|
||||
binwalk_dir="$analysis_dir/binwalk"
|
||||
|
||||
# make the directory structure if absent or fail without error
|
||||
mkdir -p "$file_dir" "$strings_dir" "$sha256sum_dir" "$binwalk_dir"
|
||||
|
||||
# log paths
|
||||
timestamp=$(date +"%Y%m%d-%H%M-%S-%Z") # format YYYYmmdd-HHMM-SS-TZ
|
||||
log_main="./recursive-log.txt"
|
||||
log_binwalk="$binwalk_dir/recursive-binwalk-$timestamp.txt"
|
||||
log_file="$file_dir/recursive-file-$timestamp.txt"
|
||||
log_strings="$strings_dir/recursive-strings-hex-offsets-$timestamp.txt"
|
||||
log_sha256sum="$sha256sum_dir/recursive-sha256sum-$timestamp.txt"
|
||||
|
||||
# full command except filename
|
||||
pre_cmd_binwalk="binwalk"
|
||||
pre_cmd_file="file"
|
||||
strings_len=8
|
||||
pre_cmd_strings="strings --bytes=$strings_len --print-file-name --radix=x"
|
||||
pre_cmd_sha256sum="sha256sum"
|
||||
|
||||
echo -e "\nRunning Princess Pi's Recursive Analysis on $scan_path at $timestamp\n\tMaster log: $log_main\n"
|
||||
|
||||
# do da scanssss
|
||||
## binwalk
|
||||
echo "Recursive binwalk! Saving to $log_binwalk . . ."
|
||||
find "$scan_path" -type f \
|
||||
-not -path "*/.git/*" \
|
||||
-not -path "*/__pycache__/*" \
|
||||
-not -path "*/recursive-analysis/*" \
|
||||
-exec /bin/bash -c "cmd=\"$pre_cmd_binwalk {}\" && echo -e \"File: {}\nCommand: \$cmd\nTimestamp: $timestamp\" >> $log_binwalk && exec \$cmd >> $log_binwalk" \; # watch your escapes here
|
||||
|
||||
## file
|
||||
echo "Recursive file! Saving to $log_file . . ."
|
||||
find "$scan_path" -type f \
|
||||
-not -path "*/.git/*" \
|
||||
-not -path "*/__pycache__/*" \
|
||||
-not -path "*/recursive-analysis/*" \
|
||||
-exec $pre_cmd_file {} >> $log_file \;
|
||||
|
||||
## strings
|
||||
echo "Recursive strings! Saving to $log_strings . . ."
|
||||
find "$scan_path" -type f \
|
||||
-not -path "*/.git/*" \
|
||||
-not -path "*/__pycache__/*" \
|
||||
-not -path "*/recursive-analysis/*" \
|
||||
-exec $pre_cmd_strings {} >> $log_strings \;
|
||||
|
||||
## sha256sum
|
||||
echo "Recursive sha256sum! Saving to $log_sha256sum . . ."
|
||||
find "$scan_path" -type f \
|
||||
-not -path "*/.git/*" \
|
||||
-not -path "*/__pycache__/*" \
|
||||
-not -path "*/recursive-analysis/*" \
|
||||
-exec $pre_cmd_sha256sum {} >> $log_sha256sum \;
|
||||
|
||||
# log to master log
|
||||
echo -e "$timestamp:\n\tscan path: $scan_path\n\tbinwalk:\n\t\tlog: $log_binwalk\n\t\tcmd: $pre_cmd_sha256sum {}\n\tfile:\n\t\tlog: $log_file\n\t\tcmd: $pre_cmd_file {}\n\tstrings:\n\t\tlog: $log_strings\n\t\tcmd: $pre_cmd_strings {}\n\tsha256sum:\n\t\tlog: $log_sha256sum\n\t\tcmd: $pre_cmd_sha256sum {}\n" >> $log_main
|
||||
|
||||
echo -e "\nDone! :3"
|
||||
@@ -0,0 +1,31 @@
|
||||
#!/bin/bash
|
||||
# helper to show status of git repos on both local and a remote host
|
||||
# usage: syncstatus <remote_host> <remote_directiory>
|
||||
# defaults pi3 and /var/www/html/Media-Viewer
|
||||
|
||||
# handle defaultz
|
||||
handle_args () {
|
||||
if [ -z $1 ]; then
|
||||
remote_host='pi3'
|
||||
else
|
||||
remote_host="$1"
|
||||
fi
|
||||
|
||||
if [ -z $2 ]; then
|
||||
remote_dir='/var/www/html/Media-Viewer'
|
||||
else
|
||||
remote_dir="$2"
|
||||
fi
|
||||
}
|
||||
|
||||
syncstatus () {
|
||||
# view local and remote status before proceeding
|
||||
echo -e "\nLOCAL status\n"
|
||||
git status
|
||||
|
||||
echo -e "\nREMOTE status\n"
|
||||
ssh $remote_host "/bin/bash -c \"git -C '$remote_dir' status\""
|
||||
}
|
||||
|
||||
handle_args
|
||||
syncstatus
|
||||
@@ -0,0 +1,3 @@
|
||||
#!/bin/bash
|
||||
git add .
|
||||
git commit -m "waypoint"
|
||||
@@ -0,0 +1,31 @@
|
||||
#!/bin/bash
|
||||
# usage in cron
|
||||
## @reboot bash /usr/share/customscripts/ifnet "/usr/share/customscripts/webhook bootup" 2>> /var/log/cron.error.log
|
||||
# discord_webhook="https://discord.com/api/webhooks/yourwebhook"
|
||||
discord_webhook=$(cat /usr/share/customscripts/webhook.txt)
|
||||
ipaddr=$(hostname -I | grep -E -o "10.0.0.[0-9]{1,3}" | tail -1)
|
||||
date=$(date "+%d/%m/%Y %H:%M:%S %Z (%s)")
|
||||
# to tag role run \@rolename and copy the code that is like <@something>
|
||||
# tag="<@tag>"
|
||||
tag=$(cat /usr/share/customscripts/tag.txt)
|
||||
hostname=$(hostname)
|
||||
bootup_string="bootrred on $date\n\tip addr: $ipaddr\n\t$tag\n\n"
|
||||
|
||||
if [[ -z $1 ]]; then
|
||||
content='Default Ping!'
|
||||
elif [[ "$1" == "bootup" ]]; then
|
||||
content="$bootup_string"
|
||||
else
|
||||
content="$1"
|
||||
fi
|
||||
|
||||
post_data() {
|
||||
cat <<EOF
|
||||
{
|
||||
"username":"$hostname",
|
||||
"content":"$content"
|
||||
}
|
||||
EOF
|
||||
}
|
||||
|
||||
curl -H "Content-Type: application/json" -X POST -d "$(post_data)" "$discord_webhook"
|
||||
@@ -0,0 +1,3 @@
|
||||
sudo airmon-ng check kill
|
||||
sudo airmon-ng start wlan1
|
||||
sudo airodump-ng wlan1mon
|
||||
@@ -0,0 +1,7 @@
|
||||
port=$(grep '^port=33' /etc/xrdp/xrdp.ini | sed 's/port=//')
|
||||
ip=$(ip addr | grep 'inet 10.\|inet 192.168.' | awk '{print $2}' | sed 's/\/24//')
|
||||
|
||||
sudo /etc/xrdp/startwm.sh
|
||||
sudo systemctl restart xrdp
|
||||
echo "connect on $ip:$port"
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
CUSTOM_DATABASE=wordpress-db
|
||||
CUSTOM_USER=wordpress-user
|
||||
CUSTOM_PASSWORD=someCustomPassword1234
|
||||
CUSTOM_PORT=8800
|
||||
@@ -0,0 +1,31 @@
|
||||
version: '3.1'
|
||||
|
||||
services:
|
||||
|
||||
wordpress:
|
||||
image: wordpress
|
||||
restart: always
|
||||
ports:
|
||||
- ${CUSTOM_PORT}:80
|
||||
environment:
|
||||
WORDPRESS_DB_HOST: db
|
||||
WORDPRESS_DB_USER: ${CUSTOM_USER}
|
||||
WORDPRESS_DB_PASSWORD: ${CUSTOM_PASSWORD}
|
||||
WORDPRESS_DB_NAME: ${CUSTOM_DATABASE}
|
||||
volumes:
|
||||
- wordpress:/var/www/html
|
||||
|
||||
db:
|
||||
image: mysql
|
||||
restart: always
|
||||
environment:
|
||||
MYSQL_DATABASE: ${CUSTOM_DATABASE}
|
||||
MYSQL_USER: ${CUSTOM_USER}
|
||||
MYSQL_PASSWORD: ${CUSTOM_PASSWORD}
|
||||
MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
|
||||
volumes:
|
||||
- db:/var/lib/mysql
|
||||
|
||||
volumes:
|
||||
wordpress:
|
||||
db:
|
||||
Reference in New Issue
Block a user