initial commit via gitinitshit
This commit is contained in:
@@ -0,0 +1,9 @@
|
|||||||
|
* text eol=lf
|
||||||
|
*.txt text eol=lf
|
||||||
|
*.sh text eol=lf
|
||||||
|
*.ini text eol=lf
|
||||||
|
*.yml text eol=lf
|
||||||
|
*.md text eol=
|
||||||
|
.env text eol=lf
|
||||||
|
*.ps1 text eol=crlf
|
||||||
|
*.bat text eol=crlf
|
||||||
@@ -0,0 +1,218 @@
|
|||||||
|
---
|
||||||
|
- name: 'Configure Remote Servers'
|
||||||
|
hosts: remoteservers
|
||||||
|
vars_files:
|
||||||
|
- './variables.yml'
|
||||||
|
tasks:
|
||||||
|
# packages
|
||||||
|
- name: 'Updating apt cache'
|
||||||
|
apt:
|
||||||
|
force_apt_get: True
|
||||||
|
update_cache: True
|
||||||
|
- name: 'Upgrading all apt packages'
|
||||||
|
apt:
|
||||||
|
force_apt_get: True
|
||||||
|
upgrade: full
|
||||||
|
become: yes
|
||||||
|
- name: 'Selected packages to install:'
|
||||||
|
debug:
|
||||||
|
msg: "{{ item }}"
|
||||||
|
loop: "{{ list_of_packages }}"
|
||||||
|
- name: "Installing packages"
|
||||||
|
apt:
|
||||||
|
force_apt_get: True
|
||||||
|
name: "{{ list_of_packages }}"
|
||||||
|
state: present
|
||||||
|
- name: 'Remove useless packages from the cache'
|
||||||
|
apt:
|
||||||
|
force_apt_get: True
|
||||||
|
autoclean: yes
|
||||||
|
- name: 'Run the equivalent of apt-get clean'
|
||||||
|
apt:
|
||||||
|
force_apt_get: True
|
||||||
|
clean: yes
|
||||||
|
# add and configure the user
|
||||||
|
- name: "Add the user {{ new_username }}"
|
||||||
|
user:
|
||||||
|
name: "{{ new_username }}"
|
||||||
|
shell: "{{ login_shell }}"
|
||||||
|
# password: "{{ user_password }}"
|
||||||
|
groups: 'sudo,www-data'
|
||||||
|
append: yes
|
||||||
|
- name: "Set authorized key for {{ new_username }}"
|
||||||
|
ansible.posix.authorized_key:
|
||||||
|
user: "{{ new_username }}"
|
||||||
|
key: "{{ ssh_key_auth }}"
|
||||||
|
state: present
|
||||||
|
# zsh
|
||||||
|
- name: 'Setting up zsh'
|
||||||
|
blockinfile:
|
||||||
|
path: "/home/{{ new_username }}/.zshrc"
|
||||||
|
block: |
|
||||||
|
# Set up the prompt
|
||||||
|
autoload -Uz promptinit
|
||||||
|
promptinit
|
||||||
|
prompt adam1
|
||||||
|
setopt histignorealldups sharehistory
|
||||||
|
# Use emacs keybindings even if our EDITOR is set to vi
|
||||||
|
bindkey -e
|
||||||
|
# Keep 1000 lines of history within the shell and save it to ~/.zsh_history:
|
||||||
|
HISTSIZE=1000
|
||||||
|
SAVEHIST=1000
|
||||||
|
HISTFILE=~/.zsh_history
|
||||||
|
# Use modern completion system
|
||||||
|
autoload -Uz compinit
|
||||||
|
compinit
|
||||||
|
zstyle ':completion:*' auto-description 'specify: %d'
|
||||||
|
zstyle ':completion:*' completer _expand _complete _correct _approximate
|
||||||
|
zstyle ':completion:*' format 'Completing %d'
|
||||||
|
zstyle ':completion:*' group-name ''
|
||||||
|
zstyle ':completion:*' menu select=2
|
||||||
|
eval "$(dircolors -b)"
|
||||||
|
zstyle ':completion:*:default' list-colors ${(s.:.)LS_COLORS}
|
||||||
|
zstyle ':completion:*' list-colors ''
|
||||||
|
zstyle ':completion:*' list-prompt %SAt %p: Hit TAB for more, or the character to insert%s
|
||||||
|
zstyle ':completion:*' matcher-list '' 'm:{a-z}={A-Z}' 'm:{a-zA-Z}={A-Za-z}' 'r:|[._-]=* r:|=* l:|=*'
|
||||||
|
zstyle ':completion:*' menu select=long
|
||||||
|
zstyle ':completion:*' select-prompt %SScrolling active: current selection at %p%s
|
||||||
|
zstyle ':completion:*' use-compctl false
|
||||||
|
zstyle ':completion:*' verbose true
|
||||||
|
zstyle ':completion:*:*:kill:*:processes' list-colors '=(#b) #([0-9]#)*=0=01;31'
|
||||||
|
zstyle ':completion:*:kill:*' command 'ps -u $USER -o pid,%cpu,tty,cputime,cmd'
|
||||||
|
eval $(thefuck --alias fuck)
|
||||||
|
PATH=~/.local/bin/:$PATH
|
||||||
|
mode: '0744'
|
||||||
|
owner: "{{ new_username }}"
|
||||||
|
group: "{{ new_username }}"
|
||||||
|
state: present
|
||||||
|
create: True
|
||||||
|
# ufw
|
||||||
|
- name: 'UFW default allow everything outgoing'
|
||||||
|
community.general.ufw:
|
||||||
|
default: allow
|
||||||
|
direction: 'outgoing'
|
||||||
|
- name: 'UFW default deny everything incoming'
|
||||||
|
community.general.ufw:
|
||||||
|
default: deny # reject to throw error instead of drop quietly
|
||||||
|
direction: 'incoming'
|
||||||
|
- name: 'UFW enable logging'
|
||||||
|
community.general.ufw:
|
||||||
|
logging: 'on'
|
||||||
|
- name: 'UFW selected rules:'
|
||||||
|
debug:
|
||||||
|
msg: "{{item.name}}/{{item.proto}}"
|
||||||
|
loop: "{{ open_services }}"
|
||||||
|
- name: 'UFW setting rules'
|
||||||
|
community.general.ufw:
|
||||||
|
rule: allow
|
||||||
|
port: "{{ item.name }}"
|
||||||
|
proto: "{{ item.proto }}"
|
||||||
|
loop: "{{ open_services }}"
|
||||||
|
- name: 'UFW enable'
|
||||||
|
community.general.ufw:
|
||||||
|
state: enabled
|
||||||
|
become: yes
|
||||||
|
# unattended upgrades
|
||||||
|
- name: 'Unattended upgrades initial dpkg reconfigure'
|
||||||
|
command:
|
||||||
|
cmd: 'dpkg-reconfigure -f noninteractive unattended-upgrades'
|
||||||
|
become: yes
|
||||||
|
- name: 'Unattended upgrades configure 20auto-upgrades'
|
||||||
|
blockinfile:
|
||||||
|
dest: '/etc/apt/apt.conf.d/20auto-upgrades'
|
||||||
|
block: |
|
||||||
|
APT::Periodic::Update-Package-Lists "1";
|
||||||
|
APT::Periodic::Unattended-Upgrade "1";
|
||||||
|
mode: '0644'
|
||||||
|
owner: 'root'
|
||||||
|
group: 'root'
|
||||||
|
state: present
|
||||||
|
insertafter: EOF
|
||||||
|
become: yes
|
||||||
|
- name: 'Unattended upgrades configure 50unattended-upgrades'
|
||||||
|
blockinfile:
|
||||||
|
dest: '/etc/apt/apt.conf.d/50unattended-upgrades'
|
||||||
|
block: |
|
||||||
|
Unattended-Upgrade::Automatic-Reboot "true";
|
||||||
|
Unattended-Upgrade::Automatic-Reboot-Time "{{ reboot_time }}";
|
||||||
|
create: True
|
||||||
|
insertafter: EOF
|
||||||
|
mode: '0644'
|
||||||
|
owner: 'root'
|
||||||
|
group: 'root'
|
||||||
|
become: yes
|
||||||
|
- name: 'Unattended upgrades configure daily timer'
|
||||||
|
lineinfile:
|
||||||
|
path: '/lib/systemd/system/apt-daily-upgrade.timer'
|
||||||
|
regexp: '^OnCalendar'
|
||||||
|
line: "OnCalendar=*-*-* {{ install_time }}"
|
||||||
|
state: present
|
||||||
|
become: yes
|
||||||
|
- name: 'Unattended upgrades configure reboot offset'
|
||||||
|
lineinfile:
|
||||||
|
path: '/lib/systemd/system/apt-daily-upgrade.timer'
|
||||||
|
regexp: '^RandomizedDelaySec'
|
||||||
|
line: "RandomizedDelaySec={{ reboot_offset }}"
|
||||||
|
state: present
|
||||||
|
become: yes
|
||||||
|
- name: 'Unattended upgrades last dpkg reconfigure'
|
||||||
|
command:
|
||||||
|
cmd: 'dpkg-reconfigure -f noninteractive unattended-upgrades'
|
||||||
|
become: yes
|
||||||
|
# customscripts
|
||||||
|
- name: 'Customscripts download'
|
||||||
|
git:
|
||||||
|
repo: "{{ custom_scripts_repo }}"
|
||||||
|
dest: '/tmp/cscripts'
|
||||||
|
- name: "Create directory {{ custom_scripts_dir }}"
|
||||||
|
file:
|
||||||
|
path: "{{ custom_scripts_dir }}"
|
||||||
|
state: directory
|
||||||
|
mode: '0755'
|
||||||
|
owner: 'root'
|
||||||
|
group: 'root'
|
||||||
|
become: yes
|
||||||
|
- name: 'Customscripts installing'
|
||||||
|
command:
|
||||||
|
cmd: "cp /tmp/cscripts/customscripts/{{ item }} {{ custom_scripts_dir }}"
|
||||||
|
loop: "{{ custom_scripts }}"
|
||||||
|
become: yes
|
||||||
|
- name: 'Customscripts activating'
|
||||||
|
command:
|
||||||
|
cmd: "chmod 755 {{ custom_scripts_dir }}/{{ item }}"
|
||||||
|
loop: "{{ custom_scripts }}"
|
||||||
|
become: yes
|
||||||
|
# crontabs
|
||||||
|
- name: 'Crontab chkrootkit'
|
||||||
|
cron:
|
||||||
|
name: 'chkrootkit'
|
||||||
|
minute: '0'
|
||||||
|
hour: '8'
|
||||||
|
user: 'root'
|
||||||
|
job: 'chkrootkit -q'
|
||||||
|
state: present
|
||||||
|
become: yes
|
||||||
|
- name: 'Crontab lynis'
|
||||||
|
cron:
|
||||||
|
name: 'lynis'
|
||||||
|
minute: '0'
|
||||||
|
hour: '11'
|
||||||
|
user: 'root'
|
||||||
|
job: 'lynis -q'
|
||||||
|
state: present
|
||||||
|
become: yes
|
||||||
|
# enable services
|
||||||
|
- name: 'enable/restart nginx'
|
||||||
|
service:
|
||||||
|
name: 'nginx'
|
||||||
|
enabled: True
|
||||||
|
state: 'restarted'
|
||||||
|
become: yes
|
||||||
|
- name: 'enable/restart ssh'
|
||||||
|
service:
|
||||||
|
name: 'ssh'
|
||||||
|
enabled: True
|
||||||
|
state: 'restarted'
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
[remoteservers]
|
||||||
|
someserver ansible_user=root ansible_host=1.1.1.1
|
||||||
@@ -0,0 +1,10 @@
|
|||||||
|
cd ~ && mkdir ansible-playbook && cd ansible-playbook
|
||||||
|
ansible-playbook ansible-playbook.yml -i inventory.ini
|
||||||
|
ansible remoteservers -m ping
|
||||||
|
|
||||||
|
# errata
|
||||||
|
ssh root@ip
|
||||||
|
passwd princesspi
|
||||||
|
sudo nano /etc/ssh/sshd_config
|
||||||
|
sudo ufw allow 8888
|
||||||
|
sudo bash /usr/share/customscripts/crowdsec.sh
|
||||||
@@ -0,0 +1,230 @@
|
|||||||
|
- name: "Install python3"
|
||||||
|
apt:
|
||||||
|
name: python3
|
||||||
|
state: present
|
||||||
|
- name: "Install python3-pip"
|
||||||
|
apt:
|
||||||
|
name: python3-pip
|
||||||
|
state: present
|
||||||
|
- name: "Install python3-virtualenv"
|
||||||
|
apt:
|
||||||
|
name: python3-virtualenv
|
||||||
|
state: present
|
||||||
|
- name: "Install thefuck"
|
||||||
|
apt:
|
||||||
|
name: thefuck
|
||||||
|
state: present
|
||||||
|
- name: "Install python3-setuptools"
|
||||||
|
apt:
|
||||||
|
name: python3-setuptools
|
||||||
|
state: present
|
||||||
|
- name: "Install nginx"
|
||||||
|
apt:
|
||||||
|
name: nginx
|
||||||
|
state: present
|
||||||
|
- name: "Install wget"
|
||||||
|
apt:
|
||||||
|
name: wget
|
||||||
|
state: present
|
||||||
|
- name: "Install htop"
|
||||||
|
apt:
|
||||||
|
name: htop
|
||||||
|
state: present
|
||||||
|
- name: "Install btop"
|
||||||
|
apt:
|
||||||
|
name: btop
|
||||||
|
state: present
|
||||||
|
- name: "Install lynx"
|
||||||
|
apt:
|
||||||
|
name: lynx
|
||||||
|
state: present
|
||||||
|
- name: "Install neovim"
|
||||||
|
apt:
|
||||||
|
name: neovim
|
||||||
|
state: present
|
||||||
|
- name: "Install docker.io"
|
||||||
|
apt:
|
||||||
|
name: docker.io
|
||||||
|
state: present
|
||||||
|
- name: "Install docker-compose"
|
||||||
|
apt:
|
||||||
|
name: docker-compose
|
||||||
|
state: present
|
||||||
|
- name: "Install screen"
|
||||||
|
apt:
|
||||||
|
name: screen
|
||||||
|
state: present
|
||||||
|
- name: "Install byobu"
|
||||||
|
apt:
|
||||||
|
name: byobu
|
||||||
|
state: present
|
||||||
|
- name: "Install zsh"
|
||||||
|
apt:
|
||||||
|
name: zsh
|
||||||
|
state: present
|
||||||
|
- name: "Install nmap"
|
||||||
|
apt:
|
||||||
|
name: nmap
|
||||||
|
state: present
|
||||||
|
- name: "Install iptraf"
|
||||||
|
apt:
|
||||||
|
name: iptraf
|
||||||
|
state: present
|
||||||
|
- name: "Install iotop"
|
||||||
|
apt:
|
||||||
|
name: iotop
|
||||||
|
state: present
|
||||||
|
- name: "Install zip"
|
||||||
|
apt:
|
||||||
|
name: zip
|
||||||
|
state: present
|
||||||
|
- name: "Install unzip"
|
||||||
|
apt:
|
||||||
|
name: unzip
|
||||||
|
state: present
|
||||||
|
- name: "Install net-tools"
|
||||||
|
apt:
|
||||||
|
name: net-tools
|
||||||
|
state: present
|
||||||
|
- name: "Install git"
|
||||||
|
apt:
|
||||||
|
name: git
|
||||||
|
state: present
|
||||||
|
- name: "Install chkrootkit"
|
||||||
|
apt:
|
||||||
|
name: chkrootkit
|
||||||
|
state: present
|
||||||
|
- name: "Install fail2ban"
|
||||||
|
apt:
|
||||||
|
name: fail2ban
|
||||||
|
state: present
|
||||||
|
- name: "Install lynis"
|
||||||
|
apt:
|
||||||
|
name: lynis
|
||||||
|
state: present
|
||||||
|
|
||||||
|
|
||||||
|
# thefuck
|
||||||
|
- name: "thefuck append to .zshrc"
|
||||||
|
lineinfile:
|
||||||
|
path: "/home/{{ username }}/.zshrc"
|
||||||
|
line: 'eval $(thefuck --alias fuck)'
|
||||||
|
insertafter: EOF
|
||||||
|
mode: '0744'
|
||||||
|
owner: "{{ username }}"
|
||||||
|
group: "{{ username }}"
|
||||||
|
state: present
|
||||||
|
create: True
|
||||||
|
|
||||||
|
# PATH
|
||||||
|
- name: ".zshrc PATH adding ~/.local/bin"
|
||||||
|
lineinfile:
|
||||||
|
path: "/home/{{ username }}/.zshrc"
|
||||||
|
line: 'PATH=~/.local/bin/:$PATH'
|
||||||
|
state: present
|
||||||
|
insertafter: EOF
|
||||||
|
mode: "0744"
|
||||||
|
owner: "{{ username }}"
|
||||||
|
group: "{{ username }}"
|
||||||
|
create: True
|
||||||
|
become: True
|
||||||
|
become_method: su
|
||||||
|
become_user: "{{ username }}"
|
||||||
|
|
||||||
|
|
||||||
|
# ssh
|
||||||
|
- name: "SSH allow {{ username }} only"
|
||||||
|
lineinfile:
|
||||||
|
path: '/etc/ssh/sshd_config'
|
||||||
|
line: "AllowUsers {{ username }}"
|
||||||
|
state: present
|
||||||
|
insertafter: EOF
|
||||||
|
mode: "0644"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
- name: 'SSH disable password auth'
|
||||||
|
lineinfile:
|
||||||
|
path: '/etc/ssh/sshd_config'
|
||||||
|
regexp: '^PermitRootLogin'
|
||||||
|
line: 'PermitRootLogin no'
|
||||||
|
state: present
|
||||||
|
insertafter: EOF
|
||||||
|
mode: "0644"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
|
||||||
|
|
||||||
|
- name: "UFW allow ssh"
|
||||||
|
community.general.ufw:
|
||||||
|
rule: allow
|
||||||
|
port: ssh
|
||||||
|
proto: tcp
|
||||||
|
delete: true
|
||||||
|
- name: "UFW allow http"
|
||||||
|
community.general.ufw:
|
||||||
|
rule: allow
|
||||||
|
port: http
|
||||||
|
proto: any
|
||||||
|
delete: true
|
||||||
|
- name: "UFW allow https"
|
||||||
|
community.general.ufw:
|
||||||
|
rule: allow
|
||||||
|
port: https
|
||||||
|
proto: any
|
||||||
|
delete: true
|
||||||
|
|
||||||
|
|
||||||
|
- name: 'Customscripts download'
|
||||||
|
command:
|
||||||
|
cmd: 'git clone https://gitlab.com/princesspi/general-scripts-and-system-ssssssetup.git /tmp/cscripts'
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- name: "Create directory {{ custom_scripts_dir }}"
|
||||||
|
file:
|
||||||
|
path: "{{ custom_scripts_dir }}"
|
||||||
|
state: directory
|
||||||
|
mode: '0755'
|
||||||
|
owner: 'root'
|
||||||
|
group: 'root'
|
||||||
|
become: yes
|
||||||
|
- name: 'Customscripts copy add_user_ssh.sh'
|
||||||
|
copy:
|
||||||
|
remote_src: False
|
||||||
|
src: '/tmp/cscripts/customscripts/add_user_ssh.sh'
|
||||||
|
dest: "{{ custom_scripts_dir }}/add_user_ssh.sh"
|
||||||
|
mode: '0744'
|
||||||
|
owner: 'root'
|
||||||
|
group: 'root'
|
||||||
|
become: yes
|
||||||
|
- name: "Customscripts copy crowdsec.sh"
|
||||||
|
copy:
|
||||||
|
remote_src: False
|
||||||
|
src: '/tmp/cscripts/customscripts/crowdsec.sh'
|
||||||
|
dest: "{{ custom_scripts_dir }}/crowdsec.sh"
|
||||||
|
mode: '0744'
|
||||||
|
owner: 'root'
|
||||||
|
group: 'root'
|
||||||
|
become: yes
|
||||||
|
- name: "Customscripts copy fix_permissions.sh"
|
||||||
|
copy:
|
||||||
|
remote_src: False
|
||||||
|
src: '/tmp/cscripts/customscripts/fix_permissions.sh'
|
||||||
|
dest: "{{ custom_scripts_dir }}/fix_permissions.sh"
|
||||||
|
mode: '0744'
|
||||||
|
owner: 'root'
|
||||||
|
group: 'root'
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
# crowdsec
|
||||||
|
- name: 'Crowdsec'
|
||||||
|
command:
|
||||||
|
cmd: "bash {{ custom_scripts_dir }}/crowdsec.sh"
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: 'enable/restart crowdsec'
|
||||||
|
service:
|
||||||
|
name: 'crowdsec'
|
||||||
|
enabled: True
|
||||||
|
state: 'restarted'
|
||||||
@@ -0,0 +1,48 @@
|
|||||||
|
new_username: 'princesspi'
|
||||||
|
install_time: '02:00'
|
||||||
|
reboot_time: '03:00'
|
||||||
|
reboot_offset: '20m'
|
||||||
|
login_shell: '/usr/bin/zsh' # which zsh
|
||||||
|
custom_scripts_dir: '/usr/share/customscripts'
|
||||||
|
custom_scripts_repo: 'https://gitlab.com/princesspi/general-scripts-and-system-ssssssetup.git'
|
||||||
|
# password is precalculated hash
|
||||||
|
# mkpasswd --method=sha-512
|
||||||
|
# defaultpassword###
|
||||||
|
# user_password: '$6$n3ybB6uVX.BwKiR4$vjENClERci2hmAkn9d9a8EUFAfnUlsH.R6/8EIXx1bu.k.bC7l/aE//s9ONw/PcbSQ2.hRdUgjxFrJ54/NhBm0'
|
||||||
|
ssh_key_auth: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2D+9oYQlTnu1zeVi2gHfTKE7+DDWiu1EibXNwB9g72'
|
||||||
|
list_of_packages:
|
||||||
|
- 'unattended-upgrades'
|
||||||
|
- 'python3'
|
||||||
|
- 'python3-pip'
|
||||||
|
- 'python3-virtualenv'
|
||||||
|
- 'python3-setuptools'
|
||||||
|
- 'thefuck'
|
||||||
|
- 'nginx'
|
||||||
|
- 'wget'
|
||||||
|
- 'htop'
|
||||||
|
- 'btop'
|
||||||
|
- 'lynx'
|
||||||
|
- 'neovim'
|
||||||
|
- 'docker.io'
|
||||||
|
- 'docker-compose'
|
||||||
|
- 'screen'
|
||||||
|
- 'byobu'
|
||||||
|
- 'zsh'
|
||||||
|
- 'nmap'
|
||||||
|
- 'iptraf'
|
||||||
|
- 'iotop'
|
||||||
|
- 'zip'
|
||||||
|
- 'unzip'
|
||||||
|
- 'net-tools'
|
||||||
|
- 'git'
|
||||||
|
- 'chkrootkit'
|
||||||
|
- 'fail2ban'
|
||||||
|
- 'lynis'
|
||||||
|
open_services:
|
||||||
|
- { name: 'ssh', proto: 'tcp' }
|
||||||
|
- { name: 'http', proto: 'tcp' }
|
||||||
|
- { name: 'https', proto: 'tcp' }
|
||||||
|
custom_scripts:
|
||||||
|
- 'crowdsec.sh'
|
||||||
|
- 'add_user_ssh.sh'
|
||||||
|
- 'fix_permissions.sh'
|
||||||
@@ -0,0 +1,87 @@
|
|||||||
|
0) Anything inside < and > for example <service name> is a bit of text you provide so if I say "<password>" you would replace with something like "password123"
|
||||||
|
1) acquire btc
|
||||||
|
spot app
|
||||||
|
coinmama
|
||||||
|
2) tumble btc deep web
|
||||||
|
3) put btc in deep web wallet
|
||||||
|
4) launch host on bithost
|
||||||
|
https://bithost.io
|
||||||
|
// Ubuntu 20.04 LTS with minimum 1gb RAM
|
||||||
|
5) lock down bitohst jump box to VPN IP
|
||||||
|
6) generate keys on bithost
|
||||||
|
5) get key from sporehost and launch server
|
||||||
|
http://spore64i5sofqlfz5gq2ju4msgzojjwifls7rok2cti624zyq3fcelad.onion/
|
||||||
|
6) log in from bithost on VPN
|
||||||
|
sudo -i
|
||||||
|
apt update
|
||||||
|
apt upgrade
|
||||||
|
ufw allow ssh
|
||||||
|
ufw enable
|
||||||
|
apt install apache2 tor mysql-server php libapache2-mod-php php-mysql php-curl php-gd screen iotop zip unzip lynx htop chkrootkit lynis certbot fail2ban python3 python3-pip curl nmap
|
||||||
|
a2enmod ssl
|
||||||
|
systemctl restart apache2
|
||||||
|
mysql_secure_installation
|
||||||
|
password validation: 2
|
||||||
|
// update phpmyadmin repo/install from git pull
|
||||||
|
// this is a workaround for an old phpmyadmin repo on the 20.04 LTS
|
||||||
|
// mysql -h localhost -u root -p
|
||||||
|
// UNINSTALL COMPONENT 'file://component_validate_password';
|
||||||
|
// CREATE USER 'rootuser'@'localhost' IDENTIFIED BY '<Secure Password>'; // REMEMBER THIS PASSWORD
|
||||||
|
// GRANT ALL PRIVILEGES ON *.* TO 'rootuser'@'localhost';
|
||||||
|
// FLUSH PRIVILEGES;
|
||||||
|
// quit;
|
||||||
|
apt install phpmyadmin //change to git pull OR updated manual repo
|
||||||
|
[x] apache2
|
||||||
|
[x] YES
|
||||||
|
[Secure Password] // REMEMBER THIS PASSWORD
|
||||||
|
cd /var/www/html
|
||||||
|
ln -s /usr/share/phpmyadmin
|
||||||
|
mv phpmyadmin pma
|
||||||
|
//to access phpmyadmin, go to http://<ip address>/pma //log in with user rootuser and your password from before
|
||||||
|
systemctl enable tor
|
||||||
|
systemctl start tor
|
||||||
|
mkdir /var/www/<servicename>
|
||||||
|
nano /etc/tor/torrc
|
||||||
|
Ctrl+W "hidden"
|
||||||
|
>uncomment hidden service 127.0.0.1:80
|
||||||
|
>uncomment hidden service dir, name /var/lib/tor/<servicename>
|
||||||
|
Ctrl+X
|
||||||
|
Y
|
||||||
|
systemctl restart tor
|
||||||
|
comment out logging
|
||||||
|
nano /etc/apache2/sites-available/<service name>.conf
|
||||||
|
|
||||||
|
<VirtualHost localhost:80>
|
||||||
|
DocumentRoot /var/www/<servicename>
|
||||||
|
</VirtualHost>
|
||||||
|
Ctrl+X
|
||||||
|
Y
|
||||||
|
a2ensite <service name>
|
||||||
|
systemctl restart apache2
|
||||||
|
cat /var/lib/tor/<service name>/hostname
|
||||||
|
save onion address, its your hostname!
|
||||||
|
// scallion
|
||||||
|
|
||||||
|
|
||||||
|
mkdir /usr/share/scripts
|
||||||
|
nano /usr/share/scripts/perms.sh
|
||||||
|
```
|
||||||
|
#!/bin/bash
|
||||||
|
chown -R www-data:www-data /var/www/*
|
||||||
|
find /var/www/* -type d -exec chmod g=rwx "{}" \;
|
||||||
|
find /var/www/* -type f -exec chmod g=rw "{}" \;
|
||||||
|
```
|
||||||
|
Ctrl+X
|
||||||
|
Y
|
||||||
|
chmod +x /usr/share/scripts/perms.sh
|
||||||
|
sh /usr/share/scripts/perms.sh
|
||||||
|
crontab -e
|
||||||
|
1
|
||||||
|
at bottom add
|
||||||
|
```
|
||||||
|
0 8 * * * chkrootkit -q
|
||||||
|
0 11 * * 0 lynis -q
|
||||||
|
0 */6 * * * apt update; apt -y upgrade;
|
||||||
|
```
|
||||||
|
Ctrl+X
|
||||||
|
Y
|
||||||
@@ -0,0 +1,84 @@
|
|||||||
|
1) acquire btc
|
||||||
|
spot app
|
||||||
|
coinmama
|
||||||
|
2) tumble btc deep web
|
||||||
|
3) put btc in deep web wallet
|
||||||
|
4) launch host on bithost
|
||||||
|
https://bithost.io
|
||||||
|
// Ubuntu 20.04 LTS with minimum 1gb RAM
|
||||||
|
5) lock down bitohst jump box to VPN IP
|
||||||
|
6) generate keys on bithost
|
||||||
|
5) get key from sporehost and launch server
|
||||||
|
http://spore64i5sofqlfz5gq2ju4msgzojjwifls7rok2cti624zyq3fcelad.onion/
|
||||||
|
6) log in from bithost on VPN
|
||||||
|
sudo -i
|
||||||
|
apt update
|
||||||
|
apt upgrade
|
||||||
|
ufw allow ssh
|
||||||
|
ufw enable
|
||||||
|
apt install apache2 tor mysql-server php libapache2-mod-php php-mysql php-curl php-gd screen iotop zip unzip lynx htop chkrootkit lynis certbot fail2ban python3 python3-pip curl nmap
|
||||||
|
a2enmod sslsystemctl restart apache2
|
||||||
|
mysql_secure_installation
|
||||||
|
password validation: 2
|
||||||
|
// this is a workaround for an old phpmyadmin repo on the 20.04 LTS
|
||||||
|
// mysql -h localhost -u root -p
|
||||||
|
// UNINSTALL COMPONENT 'file://component_validate_password';
|
||||||
|
// CREATE USER 'rootuser'@'localhost' IDENTIFIED BY '<Secure Password>'; // REMEMBER THIS PASSWORD
|
||||||
|
// GRANT ALL PRIVILEGES ON *.* TO 'rootuser'@'localhost';
|
||||||
|
// FLUSH PRIVILEGES;
|
||||||
|
// quit;
|
||||||
|
apt install phpmyadmin //change to git pull OR updated manual repo
|
||||||
|
[x] apache2
|
||||||
|
[x] YES
|
||||||
|
[Secure Password] // REMEMBER THIS PASSWORD
|
||||||
|
cd /var/www/html
|
||||||
|
ln -s /usr/share/phpmyadmin
|
||||||
|
mv phpmyadmin pma
|
||||||
|
//to access phpmyadmin, go to http://<ip address>/pma //log in with user rootuser and your password from before
|
||||||
|
systemctl enable tor
|
||||||
|
systemctl start tor
|
||||||
|
mkdir /var/www/<servicename>
|
||||||
|
nano /etc/tor/torrc
|
||||||
|
Ctrl+W "hidden"
|
||||||
|
>uncomment hidden service 127.0.0.1:80
|
||||||
|
>uncomment hidden service dir, name /var/lib/tor/<servicename>
|
||||||
|
Ctrl+X
|
||||||
|
Y
|
||||||
|
systemctl restart tor
|
||||||
|
comment out logging
|
||||||
|
nano /etc/apache2/sites-available/<service name>.conf
|
||||||
|
|
||||||
|
<VirtualHost localhost:80>
|
||||||
|
DocumentRoot /var/www/<servicename>
|
||||||
|
</VirtualHost>
|
||||||
|
Ctrl+X
|
||||||
|
Y
|
||||||
|
a2ensite <service name>
|
||||||
|
systemctl restart apache2
|
||||||
|
cat /var/lib/tor/<service name>/hostname
|
||||||
|
save onion address, its your hostname!
|
||||||
|
// scallion
|
||||||
|
|
||||||
|
|
||||||
|
mkdir /usr/share/scripts
|
||||||
|
nano /usr/share/scripts/perms.sh
|
||||||
|
```
|
||||||
|
#!/bin/bash
|
||||||
|
chown -R www-data:www-data /var/www/*
|
||||||
|
find /var/www/* -type d -exec chmod g=rwx "{}" \;
|
||||||
|
find /var/www/* -type f -exec chmod g=rw "{}" \;
|
||||||
|
```
|
||||||
|
Ctrl+X
|
||||||
|
Y
|
||||||
|
chmod +x /usr/share/scripts/perms.sh
|
||||||
|
sh /usr/share/scripts/perms.sh
|
||||||
|
crontab -e
|
||||||
|
1
|
||||||
|
at bottom add
|
||||||
|
```
|
||||||
|
0 8 * * * chkrootkit -q
|
||||||
|
0 11 * * 0 lynis -q
|
||||||
|
0 */6 * * * apt update; apt -y upgrade;
|
||||||
|
```
|
||||||
|
Ctrl+X
|
||||||
|
Y
|
||||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -0,0 +1,123 @@
|
|||||||
|
#IPTABLES RULES
|
||||||
|
iptables -A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/second --limit-burst 2 -j ACCEPT
|
||||||
|
iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
|
||||||
|
iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP
|
||||||
|
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
|
||||||
|
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
|
||||||
|
iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
|
||||||
|
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
|
||||||
|
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP
|
||||||
|
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP
|
||||||
|
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,FIN FIN -j DROP
|
||||||
|
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP
|
||||||
|
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL ALL -j DROP
|
||||||
|
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP
|
||||||
|
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
|
||||||
|
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,FIN,PSH,URG -j DROP
|
||||||
|
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
|
||||||
|
iptables -t mangle -A PREROUTING -s 224.0.0.0/3 -j DROP
|
||||||
|
iptables -t mangle -A PREROUTING -s 169.254.0.0/16 -j DROP
|
||||||
|
iptables -t mangle -A PREROUTING -s 172.16.0.0/12 -j DROP
|
||||||
|
iptables -t mangle -A PREROUTING -s 192.0.2.0/24 -j DROP
|
||||||
|
iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -j DROP
|
||||||
|
iptables -t mangle -A PREROUTING -s 10.0.0.0/8 -j DROP
|
||||||
|
iptables -t mangle -A PREROUTING -s 0.0.0.0/8 -j DROP
|
||||||
|
iptables -t mangle -A PREROUTING -s 240.0.0.0/5 -j DROP
|
||||||
|
iptables -t mangle -A PREROUTING -s 127.0.0.0/8 ! -i lo -j DROP
|
||||||
|
iptables -t mangle -A PREROUTING -p icmp -j DROP
|
||||||
|
iptables -A INPUT -p tcp -m connlimit --connlimit-above 80 -j REJECT --reject-with tcp-reset
|
||||||
|
iptables -A INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit 60/s --limit-burst 20 -j ACCEPT
|
||||||
|
iptables -A INPUT -p tcp -m conntrack --ctstate NEW -j DROP
|
||||||
|
iptables -t mangle -A PREROUTING -f -j DROP
|
||||||
|
iptables -A INPUT -p tcp --tcp-flags RST RST -m limit --limit 2/s --limit-burst 2 -j ACCEPT
|
||||||
|
iptables -A INPUT -p tcp --tcp-flags RST RST -j DROP
|
||||||
|
iptables -t raw -A PREROUTING -p tcp -m tcp --syn -j CT --notrack
|
||||||
|
iptables -A INPUT -p tcp -m tcp -m conntrack --ctstate INVALID,UNTRACKED -j SYNPROXY --sack-perm --timestamp --wscale 7 --mss 1460
|
||||||
|
iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
|
||||||
|
iptables -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --set
|
||||||
|
iptables -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 10 -j DROP
|
||||||
|
iptables -N port-scanning
|
||||||
|
iptables -A port-scanning -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s --limit-burst 2 -j RETURN
|
||||||
|
iptables -A port-scanning -j DROP
|
||||||
|
iptables -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "portscan:"
|
||||||
|
iptables -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP
|
||||||
|
iptables -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "portscan:"
|
||||||
|
iptables -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP
|
||||||
|
iptables -A INPUT -m recent --name portscan --remove
|
||||||
|
iptables -A FORWARD -m recent --name portscan --remove
|
||||||
|
iptables -A INPUT -m recent --name portscan --rcheck --seconds 86400 -j DROP
|
||||||
|
iptables -A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP
|
||||||
|
|
||||||
|
#KERNEL RULES
|
||||||
|
kernel.printk = 4 4 1 7
|
||||||
|
kernel.panic = 10
|
||||||
|
kernel.sysrq = 0
|
||||||
|
kernel.shmmax = 4294967296
|
||||||
|
kernel.shmall = 4194304
|
||||||
|
kernel.core_uses_pid = 1
|
||||||
|
kernel.msgmnb = 65536
|
||||||
|
kernel.msgmax = 65536
|
||||||
|
vm.swappiness = 20
|
||||||
|
vm.dirty_ratio = 80
|
||||||
|
vm.dirty_background_ratio = 5
|
||||||
|
fs.file-max = 2097152
|
||||||
|
net.core.netdev_max_backlog = 262144
|
||||||
|
net.core.rmem_default = 31457280
|
||||||
|
net.core.rmem_max = 67108864
|
||||||
|
net.core.wmem_default = 31457280
|
||||||
|
net.core.wmem_max = 67108864
|
||||||
|
net.core.somaxconn = 65535
|
||||||
|
net.core.optmem_max = 25165824
|
||||||
|
net.ipv4.neigh.default.gc_thresh1 = 4096
|
||||||
|
net.ipv4.neigh.default.gc_thresh2 = 8192
|
||||||
|
net.ipv4.neigh.default.gc_thresh3 = 16384
|
||||||
|
net.ipv4.neigh.default.gc_interval = 5
|
||||||
|
net.ipv4.neigh.default.gc_stale_time = 120
|
||||||
|
net.netfilter.nf_conntrack_max = 10000000
|
||||||
|
net.netfilter.nf_conntrack_tcp_loose = 0
|
||||||
|
net.netfilter.nf_conntrack_tcp_timeout_established = 1800
|
||||||
|
net.netfilter.nf_conntrack_tcp_timeout_close = 10
|
||||||
|
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 10
|
||||||
|
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 20
|
||||||
|
net.netfilter.nf_conntrack_tcp_timeout_last_ack = 20
|
||||||
|
net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 20
|
||||||
|
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 20
|
||||||
|
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 10
|
||||||
|
net.ipv4.tcp_slow_start_after_idle = 0
|
||||||
|
net.ipv4.ip_local_port_range = 1024 65000
|
||||||
|
net.ipv4.ip_no_pmtu_disc = 1
|
||||||
|
net.ipv4.route.flush = 1
|
||||||
|
net.ipv4.route.max_size = 8048576
|
||||||
|
net.ipv4.icmp_echo_ignore_broadcasts = 1
|
||||||
|
net.ipv4.icmp_ignore_bogus_error_responses = 1
|
||||||
|
net.ipv4.tcp_congestion_control = htcp
|
||||||
|
net.ipv4.tcp_mem = 65536 131072 262144
|
||||||
|
net.ipv4.udp_mem = 65536 131072 262144
|
||||||
|
net.ipv4.tcp_rmem = 4096 87380 33554432
|
||||||
|
net.ipv4.udp_rmem_min = 16384
|
||||||
|
net.ipv4.tcp_wmem = 4096 87380 33554432
|
||||||
|
net.ipv4.udp_wmem_min = 16384
|
||||||
|
net.ipv4.tcp_max_tw_buckets = 1440000
|
||||||
|
net.ipv4.tcp_tw_recycle = 0
|
||||||
|
net.ipv4.tcp_tw_reuse = 1
|
||||||
|
net.ipv4.tcp_max_orphans = 400000
|
||||||
|
net.ipv4.tcp_window_scaling = 1
|
||||||
|
net.ipv4.tcp_rfc1337 = 1
|
||||||
|
net.ipv4.tcp_syncookies = 1
|
||||||
|
net.ipv4.tcp_synack_retries = 1
|
||||||
|
net.ipv4.tcp_syn_retries = 2
|
||||||
|
net.ipv4.tcp_max_syn_backlog = 16384
|
||||||
|
net.ipv4.tcp_timestamps = 1
|
||||||
|
net.ipv4.tcp_sack = 1
|
||||||
|
net.ipv4.tcp_fack = 1
|
||||||
|
net.ipv4.tcp_ecn = 2
|
||||||
|
net.ipv4.tcp_fin_timeout = 10
|
||||||
|
net.ipv4.tcp_keepalive_time = 600
|
||||||
|
net.ipv4.tcp_keepalive_intvl = 60
|
||||||
|
net.ipv4.tcp_keepalive_probes = 10
|
||||||
|
net.ipv4.tcp_no_metrics_save = 1
|
||||||
|
net.ipv4.ip_forward = 1
|
||||||
|
net.ipv4.conf.all.accept_redirects = 0
|
||||||
|
net.ipv4.conf.all.send_redirects = 0
|
||||||
|
net.ipv4.conf.all.accept_source_route = 0
|
||||||
|
net.ipv4.conf.all.rp_filter = 1
|
||||||
@@ -0,0 +1,16 @@
|
|||||||
|
<VirtualHost $IP:443>
|
||||||
|
DocumentRoot /var/www/$DOMAIN
|
||||||
|
ServerName $DOMAIN
|
||||||
|
SSLEngine on
|
||||||
|
SSLCertificateFile /etc/letsencrypt/live/$DOMAIN/fullchain.pem
|
||||||
|
SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN/privkey.pem
|
||||||
|
SSLProtocol all -SSLv2 -SSLv3
|
||||||
|
SSLHonorCipherOrder on
|
||||||
|
SSLCipherSuite "HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128"
|
||||||
|
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
|
||||||
|
</VirtualHost>
|
||||||
|
|
||||||
|
<VirtualHost $IP:80>
|
||||||
|
ServerName $DOMAIN
|
||||||
|
Redirect permanent / https://$DOMAIN/
|
||||||
|
</VirtualHost>
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
0 8 * * * chkrootkit -q
|
||||||
|
0 11 * * 0 lynis -q
|
||||||
|
0 0 * * * apt update; apt upgrade -y
|
||||||
@@ -0,0 +1,148 @@
|
|||||||
|
Ubuntu 24.04.3LTS
|
||||||
|
PHP-default
|
||||||
|
Apache2
|
||||||
|
MySQL+phpmyadmin
|
||||||
|
|
||||||
|
# Step 1
|
||||||
|
sudo -i
|
||||||
|
apt update
|
||||||
|
apt -y upgrade
|
||||||
|
reboot
|
||||||
|
|
||||||
|
# Step 2
|
||||||
|
nano /etc/ssh/sshd_config
|
||||||
|
Change `#PasswordAuthentication yes` to `PasswordAuthentication no`
|
||||||
|
Add line
|
||||||
|
`AllowUsers <username>`
|
||||||
|
|
||||||
|
# Step 3
|
||||||
|
ON WINDOWS:
|
||||||
|
Via PowerShell
|
||||||
|
enable OpenSSH in PowerShell: https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse
|
||||||
|
ssh-keygen -t ed25519 -C "<your email address>"
|
||||||
|
use a STRONG PASSPHRASE
|
||||||
|
Hit [Enter] to save keys at DEFAULT location
|
||||||
|
to get your rsa PUBLIC key, do:
|
||||||
|
Press [Windows Logo Key/Start]+R
|
||||||
|
Put in `notepad %USERPROFILE%/.ssh/id_ed25519.pub`
|
||||||
|
hit Enter
|
||||||
|
copy all the text in that file
|
||||||
|
# Technical details: it saves private key at %USERPROFILE%/.ssh/id_ed25519
|
||||||
|
# private key example: C:\Users\potatouser\.ssh\id_ed25519
|
||||||
|
# public key example: C:\Users\potatouser\.ssh\id_ed25519.pub
|
||||||
|
|
||||||
|
|
||||||
|
ON UBUNTU
|
||||||
|
mkdir ~/.ssh
|
||||||
|
chmod 700 ~/.ssh
|
||||||
|
nano ~/.ssh/authorized_keys
|
||||||
|
<paste rsa PUBLIC key>
|
||||||
|
chmod 600 ~/.ssh/authorized_keys
|
||||||
|
sudo systemctl reload sshd
|
||||||
|
|
||||||
|
TO CONNECT
|
||||||
|
SSH with Windows PowerShell
|
||||||
|
Powershell is installed by default on Windows 10/11
|
||||||
|
ssh <username>@<ipaddress>
|
||||||
|
|
||||||
|
Manage Files with WinSCP:
|
||||||
|
install winscp https://winscp.net/eng/download.php
|
||||||
|
install puttygen https://www.puttygen.com/download.php?val=4
|
||||||
|
run puttygen
|
||||||
|
Click Load
|
||||||
|
Select private key at %USERPROFILE%/.ssh/id_ed25519
|
||||||
|
copy and paste the string of text beginning in ssh-ed25519 and paste
|
||||||
|
save public and private key to %USERPROFILE%/.ssh/ under a %USERPROFILE%/.ssh/id_ed25519.ppk (private)
|
||||||
|
and %USERPROFILE%/.ssh/id_ed25519.ppk.pub (public)
|
||||||
|
run winscp
|
||||||
|
click new site
|
||||||
|
protocol: SFTP
|
||||||
|
host name: <server/ip>
|
||||||
|
username: <username>
|
||||||
|
port number: 22
|
||||||
|
click Advanced
|
||||||
|
on left panel under SSH click Authentication
|
||||||
|
Browse for private key at %USERPROFILE%/.ssh/id_ed25519.ppk
|
||||||
|
ok
|
||||||
|
save
|
||||||
|
|
||||||
|
# Step 4
|
||||||
|
sudo apt install -y git
|
||||||
|
# download and install scripts and tools
|
||||||
|
cd ~
|
||||||
|
git clone https://gitlab.com/princesspi/general-scripts-and-system-ssssssetup.git
|
||||||
|
sudo -i
|
||||||
|
apt install -y apache2 snapd mysql-server byobu nmap screen iotop zip unzip lynx htop php php-cli php-fpm php-json php-common php-mysql php-zip php-gd php-mbstring php-curl php-xml php-pear php-bcmath unattended-upgrades net-tools python3 python3-pip unison
|
||||||
|
snap install btop
|
||||||
|
# secure mysql
|
||||||
|
mysql_secure_installation
|
||||||
|
# follow directions, defaults are fine just remember what you set as the root password
|
||||||
|
# install and config phpmyadmin
|
||||||
|
apt install -y phpmyadmin
|
||||||
|
ln -s /usr/share/phpmyadmin /var/www/html/pma
|
||||||
|
# phpmyadmin will be accessable from the public internet at http://<your server ip>/pma
|
||||||
|
# ensure your passwords are up to snuff
|
||||||
|
// TODO: prolly should do some other security shit to protect phpmyadmin
|
||||||
|
systemctl restart apache2
|
||||||
|
systemctl restart mysql
|
||||||
|
# add user to web server group
|
||||||
|
usermod -a -G www-data <username>
|
||||||
|
# unattended upgrades
|
||||||
|
dpkg-reconfigure unattended-upgrades
|
||||||
|
nano /etc/apt/apt.conf.d/50unattended-upgrades
|
||||||
|
change `//Unattended-Upgrade::Automatic-Reboot "false";` to `Unattended-Upgrade::Automatic-Reboot "true";`
|
||||||
|
change `//Unattended-Upgrade::Remove-Unused-Dependencies "false";` to `Unattended-Upgrade::Remove-Unused-Dependencies "true";`
|
||||||
|
change `//Unattended-Upgrade::Mail "root@localhost";` to Unattended-Upgrade::Mail "<your admin email>";`
|
||||||
|
systemctl start unattended-upgrades && systemctl enable unattended-upgrades
|
||||||
|
unattended-upgrade -d -v //test unattended upgrades
|
||||||
|
# uncomplicated firewall setup
|
||||||
|
ufw allow http
|
||||||
|
ufw allow https
|
||||||
|
ufw allow ssh
|
||||||
|
ufw enable
|
||||||
|
reboot
|
||||||
|
|
||||||
|
|
||||||
|
// TODO: backups setup needs more work, not working at current
|
||||||
|
// make unison script pls
|
||||||
|
// SKIP backups section for now
|
||||||
|
# backups
|
||||||
|
sudo -i
|
||||||
|
mkdir -p /backups/log
|
||||||
|
mkdir /backups/backups
|
||||||
|
ln -s /var/backups /backups/system
|
||||||
|
cp -r /home/<user>/general-scripts-and-system-ssssssetup/customscripts /usr/share
|
||||||
|
chmod +x /usr/share/customscripts/*sh
|
||||||
|
nano /usr/share/customscripts/backup.sh //edit to add dirs to back up
|
||||||
|
sh /usr/share/customscripts/crowdsec.sh
|
||||||
|
screen -R backups
|
||||||
|
sh /usr/share/customscripts/backup.sh
|
||||||
|
Ctrl+A+D
|
||||||
|
sh /usr/share/customscripts/fix_permissions.sh
|
||||||
|
|
||||||
|
# Step 5
|
||||||
|
# install some cool securiy tools
|
||||||
|
apt install -y chkrootkit lynis certbot fail2ban
|
||||||
|
crontab -e //instal crons from /home/<user>/general-scripts-and-system-ssssssetup/crontab.txt
|
||||||
|
apt install -y tripwire
|
||||||
|
Follow directions and utilize secure passphrase DO NOT LOSE PASSPHRASE
|
||||||
|
# as primary user (NOT root or sudo, run `exit` if in doubt)
|
||||||
|
pip3 install thefuck
|
||||||
|
echo "# user addons" >> ~/.bashrc
|
||||||
|
echo "PATH=~/.local/bin/:$PATH" >> ~/.bashrc
|
||||||
|
echo 'eval "$(thefuck --alias)"' >> ~/.bashrc
|
||||||
|
echo 'HISTTIMEFORMAT="%Y-%m-%d %T "' >> ~/.bashrc
|
||||||
|
source ~/.bashrc
|
||||||
|
|
||||||
|
Step 6: # optional
|
||||||
|
IF you want to use sudo without password check:
|
||||||
|
sudo visudo
|
||||||
|
for ONE user:
|
||||||
|
select editor of your choice
|
||||||
|
add `<username> ALL=(ALL) NOPASSWD: ALL`
|
||||||
|
|
||||||
|
OR for all users in the sudo group
|
||||||
|
comment out the line beginning with %sudo soi it looks like #%sudo
|
||||||
|
add `%sudo ALL=(ALL) NOPASSWD: ALL` on any new line
|
||||||
|
save and exit
|
||||||
|
sudo reboot
|
||||||
@@ -0,0 +1,67 @@
|
|||||||
|
* General Guides and Scripts for:
|
||||||
|
* Ubuntu Server LAMP (20.04 LTS)
|
||||||
|
* Dark Web Hosting (LAMP on 20.04 LTS)
|
||||||
|
* General Windows 10 and mobile security guide
|
||||||
|
|
||||||
|
Install customscripts on linux with
|
||||||
|
`curl -s https://gitlab.com/princesspi/general-scripts-and-system-ssssssetup/-/raw/master/customscripts/install_script.sh?nocache=$RANDOM | sudo "$SHELL"`
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
### Linux
|
||||||
|
#### git helpers
|
||||||
|
* `gitinitshit`
|
||||||
|
* `gitshit`
|
||||||
|
* `gitsync`
|
||||||
|
* `syncstatus`
|
||||||
|
* `waypoint`
|
||||||
|
*
|
||||||
|
#### security helpers
|
||||||
|
* `backup.sh`
|
||||||
|
* `binwalk-tool`
|
||||||
|
* `configuree_webhook.sh`
|
||||||
|
* `connect-wifi`
|
||||||
|
* `crowdsec.sh`
|
||||||
|
* `find_bytes`
|
||||||
|
* `fix-wifi`
|
||||||
|
* `add_user_ssh`
|
||||||
|
* `wifi-monitor-airX`
|
||||||
|
* `recursive-analysis`
|
||||||
|
* `large_file_search_for_hash`
|
||||||
|
|
||||||
|
#### monitoring
|
||||||
|
* `mon-watch`
|
||||||
|
* `monitor_pid`
|
||||||
|
* `webhook`
|
||||||
|
|
||||||
|
#### setup and general scripts
|
||||||
|
* `ifnet`
|
||||||
|
* `install_script.sh`
|
||||||
|
* `pyenv_setup`
|
||||||
|
* `xrdp-start`
|
||||||
|
* `add_apache2_site`
|
||||||
|
|
||||||
|
### Windowwz
|
||||||
|
#### git helpers
|
||||||
|
* `gitshit.ps1`
|
||||||
|
* `gitsync.ps1`
|
||||||
|
* `syncstatus.ps1`
|
||||||
|
* `waypoint.ps1`
|
||||||
|
#### linux-like hashing helpers
|
||||||
|
* `winhash.ps1`
|
||||||
|
* `md5sum.ps1`
|
||||||
|
* `sha256sum.ps1`
|
||||||
|
* `sha384sum.ps1`
|
||||||
|
* `sha512sum.ps1`
|
||||||
|
#### remote host tools
|
||||||
|
* `ssh-wait-loop.ps1`
|
||||||
|
* `wait-on-host.ps1`
|
||||||
|
* `testtime.ps1`
|
||||||
|
#### Windows system
|
||||||
|
* `redundant-backup.ps1`
|
||||||
|
* `windows-repair.bat`
|
||||||
|
|
||||||
|
todo:
|
||||||
|
1. windwows gitinitshit
|
||||||
|
2. convert windows-repair.bat to powershell and add more features and checks
|
||||||
|
1. automatic elevation request
|
||||||
|
2. update and improve security scan via windows defender
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
donkeydicks:pope:
|
||||||
@@ -0,0 +1,17 @@
|
|||||||
|
if ($args) {
|
||||||
|
$message=$args -join ' '
|
||||||
|
} else {
|
||||||
|
if(test-path './version.txt') {
|
||||||
|
$message = $(get-content './version.txt')
|
||||||
|
} else {
|
||||||
|
$message = $(Get-Date -uformat "%s")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "git commit message: '$message'"
|
||||||
|
|
||||||
|
git add .
|
||||||
|
git commit -m "$message"
|
||||||
|
git push
|
||||||
|
|
||||||
|
echo "Done :3"
|
||||||
@@ -0,0 +1,20 @@
|
|||||||
|
# todo, param and defaults these up
|
||||||
|
$remote_dir = "/var/www/html/Media-Viewer"
|
||||||
|
$remote_host = "pi3"
|
||||||
|
$remote_cmd = "echo REMOTE pull $remote_dir; git -C $remote_dir pull; echo REMOTE add $remote_diradding; git -C $remote_dir add .; echo REMOTE commit $remote_dir; git -C $remote_dir commit -m `$(date +%s); echo REMOTE push $remote_dir; git -C $remote_dir push; echo -e `"\nREMOTE status $remote_dir\n`"; git -C $remote_dir status;"
|
||||||
|
|
||||||
|
echo "`nLOCAL pulling`n"
|
||||||
|
git pull
|
||||||
|
|
||||||
|
echo "`nLOCAL adding, comitting and pushing`n"
|
||||||
|
gitshit # usin gitshit here lmfao maybe make message a param
|
||||||
|
|
||||||
|
echo "`nLOCAL status`n"
|
||||||
|
git status
|
||||||
|
|
||||||
|
# run da REMOTE
|
||||||
|
echo "`nREMOTE running sync"
|
||||||
|
ssh $remote_host "/bin/bash -c $remote_cmd"
|
||||||
|
|
||||||
|
echo "`nLOCAL status`n"
|
||||||
|
git status
|
||||||
@@ -0,0 +1,6 @@
|
|||||||
|
param (
|
||||||
|
[Parameter(Mandatory=$true)]
|
||||||
|
[string]$infile
|
||||||
|
)
|
||||||
|
|
||||||
|
Invoke-Expression "$PSScriptRoot\winhash.ps1 $infile MD5"
|
||||||
@@ -0,0 +1,25 @@
|
|||||||
|
$counter = 1;
|
||||||
|
$paths_file = ".\paths.txt"
|
||||||
|
$destination_dir = ""
|
||||||
|
$sleep_seconds = 90
|
||||||
|
|
||||||
|
# infinite loop to run through to and loop every $sleep_seconds seconeds
|
||||||
|
while($true) {
|
||||||
|
Write-Host "`n`nNew Rotation!`n`tRotation $counter `n`tCopying...`n`n"
|
||||||
|
# loop through paths in $paths_file
|
||||||
|
foreach($line in Get-Content "$paths_file") {
|
||||||
|
Clear-Host
|
||||||
|
Write-Host "Handling $line on rotation $counter"
|
||||||
|
# copy the path
|
||||||
|
$path = $line
|
||||||
|
# split $line by \ and return last element
|
||||||
|
$dirname = $line -split "\\" | Select-Object -Last 1
|
||||||
|
# do the copy
|
||||||
|
robocopy /e /z $path $destination_dir\$dirname
|
||||||
|
}
|
||||||
|
Clear-Host
|
||||||
|
Write-Host "`n`nFinished Rotation $counter`n`tSleeping 90 Seconds...`n`n"
|
||||||
|
# sleep wont start until robopy loop is finished
|
||||||
|
Start-Sleep -Seconds $sleep_seconds # sleep $sleep_seconds seconds
|
||||||
|
$counter++;
|
||||||
|
}
|
||||||
@@ -0,0 +1,74 @@
|
|||||||
|
# `pwsh.exe -c "`"C:\path\to\redundant-backup.ps1`" -logFile `"`" -simpleLogFile `"`""`
|
||||||
|
# `Start-Process -filepath "C:\path\to\redundant-backup.ps1" -logFile "" -simpleLogFile ""`
|
||||||
|
# `redundant-backup -logFile "" -simpleLogFile ""`
|
||||||
|
param([string] $logFile,
|
||||||
|
[string] $simpleLogFile
|
||||||
|
)
|
||||||
|
|
||||||
|
$startUnixSeconds = get-date -uformat "%s" # unix epoch seconds for duration
|
||||||
|
$startDateHuman = get-date # human readable begin date
|
||||||
|
$startDateFilename = get-date -format 'yyyy-MM-dd-hhmm' # filename friendly date format
|
||||||
|
|
||||||
|
|
||||||
|
$warningFile = "C:\Users\human\OneDrive\Desktop\backup_error_$startDateFilename.log" # file to create to notify of a failure
|
||||||
|
|
||||||
|
$jobName = "Weekly-Backup-$startDateFilename" # name for job in case wanna restart an interrupted one
|
||||||
|
$resticRunning = "E:\restic_backups_rolling" # from dir (restic)
|
||||||
|
|
||||||
|
$redundantLocal = "D:\restic_backups_redundancy_rolling" # to dir (local drive)
|
||||||
|
$redundantLocalNetwork = "R:\restics_backups_redundancy_rolling" # to dir (network mapped drive location)
|
||||||
|
$redundantAirGap = "S:\restic_backups_redundancy_rolling" # set backup usb to use S
|
||||||
|
|
||||||
|
$logGuideString = "Verb | Current Date and Time (Current Time Unix Seconds) | Start Date and Time (Start Time Unix Seconds) | Time Elapsed in Seconds | From Directory | To Directory | Job Name | Exit Status"
|
||||||
|
|
||||||
|
function appendToLog {
|
||||||
|
param([string]$verb="INFO", [string]$exitCode="NONE", [string]$log="$logFile", [string]$fromDir="NONE", [string]$toDir="NONE")
|
||||||
|
|
||||||
|
$timeCalc = $(Get-Date -uformat "%s")-$startUnixSeconds
|
||||||
|
|
||||||
|
# Verb | Current Date and Time (Current Time Unix Seconds) | Start Date and Time (Start Time Unix Seconds) | Time Elapsed in Seconds | From Directory | To Directory | Job Name | Exit Status
|
||||||
|
$logString = "$verb | $(Get-Date) ($(Get-Date -uformat "%s")) | $startDateHuman ($startUnixSeconds) | $timeCalc | $fromDir | $toDir | $jobName | $exitCode"
|
||||||
|
|
||||||
|
echo "$logString"
|
||||||
|
echo "$logString" >> "$log"
|
||||||
|
}
|
||||||
|
|
||||||
|
function appendToErrorLog {
|
||||||
|
param ( $exceptionMessage, $part )
|
||||||
|
$errorString = "`nFAIL on $part`nException: $exceptionMessage`nVars:`n`tstartDateHuman: $startDateHuman`n`tstart: $startUnixSecondsUnixSecons`n`tappendToErrorLog: $appendToErrorLog`n`tlogFile: $logFile`n`twarningFile: $warningFile`n`tresticRunning: $resticRunning`n`tredundantLocal: $redundantLocal`n`tredundantLocalNetwork: $redundantLocalNetwork`n`tjobName: $jobName"
|
||||||
|
|
||||||
|
echo "$errorString"
|
||||||
|
try { echo "$errorString" > "$warningFile" } catch { echo "Error: $warningFile Not Found" }
|
||||||
|
}
|
||||||
|
|
||||||
|
function doBackup {
|
||||||
|
param ( [string]$fromDir="NONE", [string]$toDir="NONE", [string]$tagString="INFO" )
|
||||||
|
|
||||||
|
echo "`n$tagString"
|
||||||
|
echo "`tFollow log with:`n`t`tGet-Content `"$logFile`" -Wait -Tail 10`n"
|
||||||
|
|
||||||
|
appendToLog -verb "START-$tagString" -log "$logFile" -toDir "$toDir" -fromDir "$fromDir"
|
||||||
|
robocopy "$fromDir" "$toDir" /E /Z /FP /NP /R:2 /W:1 /SAVE:"$jobString" /LOG+:"$logFile"
|
||||||
|
appendToLog -verb "FINISH-$tagString" -exitCode "$?" -log "$logFile" -toDir "$toDir" -fromDir "$fromDir"
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "Initializing Logs"
|
||||||
|
|
||||||
|
touch "$runningFile"
|
||||||
|
|
||||||
|
echo "$logGuideString" > "$logFile"
|
||||||
|
appendToLog -verb "INITIALIZE-LOG-FILES" -exitCode "$?" -log "$logFile"
|
||||||
|
|
||||||
|
echo "`n$logGuideString`n"
|
||||||
|
|
||||||
|
# run da backupssss
|
||||||
|
doBackup -fromDir "$resticRunning" -toDir "$redundantLocal" -tagString "COPY-LOCAL" -jobString "$jobName" # local
|
||||||
|
appendToLog -verb "COPY-LOCAL" -exitCode "$?" -log "$logFile" -fromDir "$resticRunning" -toDir "$redundantLocal"
|
||||||
|
|
||||||
|
doBackup -fromDir "$resticRunning" -toDir "$redundantLocalNetwork" -tagString "COPY-LOCAL-NETWORK" -jobString "$jobName" # network
|
||||||
|
appendToLog -verb "COPY-LOCAL-NETWORK" -exitCode "$?" -log "$logFile" -fromDir "$resticRunning" -toDir "$redundantLocalNetwork"
|
||||||
|
|
||||||
|
doBackup -fromDir "$resticRunning" -toDir "$redundantAirGap" -tagString "COPY-AIRGAP" -jobString "$jobName" # airgap
|
||||||
|
appendToLog -verb "COPY-AIRGAP" -exitCode "$?" -log "$logFile" -fromDir "$resticRunning" -toDir "$redundantAirGap"
|
||||||
|
|
||||||
|
appendToLog -verb "DONE" -log "$logFile"
|
||||||
@@ -0,0 +1,6 @@
|
|||||||
|
param (
|
||||||
|
[Parameter(Mandatory=$true)]
|
||||||
|
[string]$infile
|
||||||
|
)
|
||||||
|
|
||||||
|
Invoke-Expression "$PSScriptRoot\winhash.ps1 $infile SHA1"
|
||||||
@@ -0,0 +1,6 @@
|
|||||||
|
param (
|
||||||
|
[Parameter(Mandatory=$true)]
|
||||||
|
[string]$infile
|
||||||
|
)
|
||||||
|
|
||||||
|
Invoke-Expression "$PSScriptRoot\winhash.ps1 $infile SHA256"
|
||||||
@@ -0,0 +1,6 @@
|
|||||||
|
param (
|
||||||
|
[Parameter(Mandatory=$true)]
|
||||||
|
[string]$infile
|
||||||
|
)
|
||||||
|
|
||||||
|
Invoke-Expression "$PSScriptRoot\winhash.ps1 $infile SHA384"
|
||||||
@@ -0,0 +1,6 @@
|
|||||||
|
param (
|
||||||
|
[Parameter(Mandatory=$true)]
|
||||||
|
[string]$infile
|
||||||
|
)
|
||||||
|
|
||||||
|
Invoke-Expression "$PSScriptRoot\winhash.ps1 $infile SHA512"
|
||||||
@@ -0,0 +1,11 @@
|
|||||||
|
param(
|
||||||
|
[string]
|
||||||
|
$session = 'pi3'
|
||||||
|
)
|
||||||
|
|
||||||
|
while($True) {
|
||||||
|
ssh $session
|
||||||
|
echo "Waiting 5 Seconds..."
|
||||||
|
sleep 5
|
||||||
|
wait-on-host -hostname $session
|
||||||
|
}
|
||||||
@@ -0,0 +1,10 @@
|
|||||||
|
$remote_host = "pi3"
|
||||||
|
$remote_dir = "/var/www/html/Media-Viewer"
|
||||||
|
|
||||||
|
echo "LOCAL: pulling"
|
||||||
|
git pull
|
||||||
|
|
||||||
|
echo "LOCAL: status"
|
||||||
|
git status
|
||||||
|
|
||||||
|
ssh $remote_host "echo 'REMOTE: pulling'; git -C $remote_dir pull; echo 'REMOTE: status'; git -C $remote_dir status"
|
||||||
@@ -0,0 +1,7 @@
|
|||||||
|
# usage:
|
||||||
|
# testtime "some powershell command string"
|
||||||
|
param([string] $cmd)
|
||||||
|
$start=$(get-date -uformat "%s")
|
||||||
|
invoke-expression "$cmd"
|
||||||
|
$end=$(get-date -uformat "%s")
|
||||||
|
echo "`n`ntime: $($end - $start)`n`n"
|
||||||
@@ -0,0 +1,85 @@
|
|||||||
|
# usage:
|
||||||
|
# `.\wait-on-host.ps1 -hostname <DOMAIN_NAME_OR_IP> -sleep <SECONDS_TO_SLEEP_PER_CYCLE> -pingcount <NUMBER_OF_TIMES_TO_PING_PER_ITERATION> -max <MAX_NUMBER_OF_ITERATIONS> -hold <SECONDS_TO_WAIT_AFTER_FIRST_RESPONSE>`
|
||||||
|
#
|
||||||
|
# defaults:
|
||||||
|
# hostname: cable-wind.local
|
||||||
|
# sleep: 25
|
||||||
|
# pingcount: 1
|
||||||
|
# max: 500
|
||||||
|
# hold: 30
|
||||||
|
# ex. `.\wait-on-host.ps1 -hostname google.com -sleep 10 -pingcount 5`
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
param(
|
||||||
|
[string]
|
||||||
|
$hostname = "cable-wind.local",
|
||||||
|
|
||||||
|
[int]
|
||||||
|
$sleep = 25,
|
||||||
|
|
||||||
|
[int]
|
||||||
|
$pingcount = 1,
|
||||||
|
|
||||||
|
[int]
|
||||||
|
$max = 500,
|
||||||
|
|
||||||
|
[bool]
|
||||||
|
$loop = 0, # 1 to loop
|
||||||
|
|
||||||
|
[int]
|
||||||
|
$hold = 30
|
||||||
|
)
|
||||||
|
|
||||||
|
if($hostname -eq 'help') {
|
||||||
|
echo "usage:`n`twait-on-host [help] -hostname <DOMAIN_NAME_OR_IP> -sleep <SECONDS_TO_SLEEP_PER_CYCLE> -pingcount <NUMBER_OF_TIMES_TO_PING_PER_ITERATION> -max <MAX_NUMBER_OF_ITERATIONS> -hold <SECONDS_TO_WAIT_AFTER_FIRST_RESPONSE>`n`twait-on-host help`n`t`tthis help message`n`twait-on-host 8.8.8.8`n`t`twait on 8.8.8.8 with defaults`n`tdefaults:`n`t`thostname: cable-wind.local`n`t`tsleep: 25`n`t`tpingcount: 1`n`t`tmax: 500`n`t`thold: 30`n`tex. wait-on-host -hostname google.com -sleep 10 -pingcount 5`n";
|
||||||
|
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
$iterations = 0;
|
||||||
|
|
||||||
|
while(1 -eq 1) { # infinite loop
|
||||||
|
echo "`nHost: $hostname" # Iterations: $iterations Count: $pingcount Sleep: $sleep Max: $max`n`tFlushing dns..."
|
||||||
|
echo "`tFlushing DNS"
|
||||||
|
ipconfig /flushdns >NUL 2>&1 # redirects output nowhere
|
||||||
|
if($?) {
|
||||||
|
echo "`t`tDone."
|
||||||
|
} else {
|
||||||
|
echo "`t`tFAILED TO FLUSH DNS! EXITING!"
|
||||||
|
exit
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "`tPinging..."
|
||||||
|
# $pingObj = Test-Connection -Count $pingcount -TargetName "$hostname" # powershell Test-Connection -Ping is default and redundant
|
||||||
|
$pingObj = Test-Connection -Count $pingcount -TargetName "$hostname" 2>&1
|
||||||
|
|
||||||
|
if($pingObj.Status -eq "Success") { # if return status of abopve (ping -n 1...) is True
|
||||||
|
# $pingObj = Test-Connection -Count $pingcount -TargetName "$hostname" # powershell Test-Connection -Ping is default and redundant
|
||||||
|
$ip = $pingObj.Address.IPAddressToString # get the bare ip out
|
||||||
|
|
||||||
|
echo "`t`tSuccess!`n`t`tIP: $ip`n`t`tHost: $hostname`n`t`tURL (host): http://$hostname`n`t`tURL (IP): http://$ip"
|
||||||
|
if($loop) {
|
||||||
|
echo "Sleeping $sleep Seconds..."
|
||||||
|
sleep $sleep # sleepy time
|
||||||
|
} else {
|
||||||
|
echo "`nWaiting $hold Seconds to Make Sure..."
|
||||||
|
sleep $hold
|
||||||
|
echo "`nReady!`n"
|
||||||
|
break
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
echo "`t`tNOT FOUND YET"
|
||||||
|
echo "`nSleeping $sleep Seconds..."
|
||||||
|
sleep $sleep # sleepy time
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
if($iterations -gt $max) {
|
||||||
|
echo "`nMAX ITERATIONS OF $max REACHED! EXITINTG`n"
|
||||||
|
exit
|
||||||
|
}
|
||||||
|
|
||||||
|
$iterations++
|
||||||
|
|
||||||
|
}
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
git add .
|
||||||
|
git commit -m "waypoint"
|
||||||
@@ -0,0 +1,5 @@
|
|||||||
|
@ECHO OFF
|
||||||
|
mrt
|
||||||
|
sfc /scannow
|
||||||
|
DISM /Online /Cleanup-Image /RestoreHealth
|
||||||
|
chkdsk /r C:
|
||||||
@@ -0,0 +1,38 @@
|
|||||||
|
# Usage:
|
||||||
|
## .\winhash.ps1 <FILE> <ALGO>
|
||||||
|
## Algos Supported:
|
||||||
|
### MD5
|
||||||
|
### SHA1
|
||||||
|
### SHA256
|
||||||
|
### SHA384
|
||||||
|
### SHA512
|
||||||
|
## Example:
|
||||||
|
### .\winhash.ps1 sillyfilly.bin SHA256
|
||||||
|
## Outputs to terminal and to a text file
|
||||||
|
### Text file name format <input filepath>.<unix epoch microseconds>.<hashing algorithm>.txt
|
||||||
|
|
||||||
|
param (
|
||||||
|
[Parameter(Mandatory=$true)] # prompt for input if not specified via cli
|
||||||
|
[string]$infile,
|
||||||
|
|
||||||
|
[Parameter(Mandatory=$true)] # this 1 2 :pope:
|
||||||
|
[string]$algo
|
||||||
|
)
|
||||||
|
|
||||||
|
function Get-UnixMicroseconds {
|
||||||
|
$unixEpoch = [DateTimeOffset]'1970-01-01T00:00:00Z' # unix epoch constant
|
||||||
|
$currentTime = [DateTimeOffset]::UtcNow # current utc time
|
||||||
|
$timeDifferenceTicks = $currentTime.Ticks - $unixEpoch.Ticks # subtract current time from unix epoch constant in ticks
|
||||||
|
$microseconds = [Int64]($timeDifferenceTicks / 10) # use 64bit int, divide ticks by 10 to give microseconds
|
||||||
|
|
||||||
|
# I am literally using Unix microseconds because they are more fun than Unix seconds :pinkie:
|
||||||
|
return $microseconds
|
||||||
|
}
|
||||||
|
|
||||||
|
# jesus fuckin analbeads the selection of hash algos in powershell is weird and limited
|
||||||
|
# probably because Bill Gates and Satya Nadella get together with the other C-suite executives
|
||||||
|
# and hypergoon to leagelese in clickwrap agreements that absolves them of liability and
|
||||||
|
# lets them sell our private data and other assorted dickpics or sumtin idk man lmao
|
||||||
|
$hash = $(Get-FileHash -Path $infile -Algorithm $algo | Format-List) # do da fookin hashin right dafucc here
|
||||||
|
echo $hash # show user
|
||||||
|
echo $hash > "$infile.$(Get-UnixMicroseconds).$algo.txt" # make the txt file
|
||||||
@@ -0,0 +1,18 @@
|
|||||||
|
# CUSTOM STUFFS
|
||||||
|
# custom scripts https://gitlab.com/princesspi/general-scripts-and-system-ssssssetup
|
||||||
|
PATH="$PATH:/usr/share/customscripts"
|
||||||
|
|
||||||
|
# pico SDK https://github.com/raspberrypi/pico-sdk
|
||||||
|
export PICO_SDK_PATH='/home/kali/pico-sdk'
|
||||||
|
|
||||||
|
# esp-install-custom https://github.com/PrincessPi3/esp-install-custom
|
||||||
|
alias get_idf='. /home/princesspi/esp/esp-idf/export.sh'
|
||||||
|
alias run_esp_reinstall='git -C /home/princesspi/esp/esp-install-custom pull;echo -e "\nOld Version:";tail -1 /home/princesspi/esp/version-data.log;echo -e "\n";bash /home/princesspi/esp/esp-install-custom/reinstall-esp-idf.sh'
|
||||||
|
alias esp_monitor='tail -n 75 -f /home/princesspi/esp/install.log'
|
||||||
|
alias esp_logs='less /home/princesspi/esp/version-data.log;less /home/princesspi/esp/install.log'
|
||||||
|
export ESPIDF_INSTALLDIR="/home/princesspi/esp"
|
||||||
|
|
||||||
|
# pyenv https://github.com/pyenv/pyenv
|
||||||
|
export PYENV_ROOT="$HOME/.pyenv"
|
||||||
|
[[ -d $PYENV_ROOT/bin ]] && export PATH="$PYENV_ROOT/bin:$PATH"
|
||||||
|
eval "$(pyenv init - zsh)"
|
||||||
@@ -0,0 +1,42 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
[ "root" != "$USER" ] && exec sudo $0 "$@"
|
||||||
|
#usage sudo sh add_site_apache2.sh 192.168.1.1 example.com
|
||||||
|
#note: the web server will go down for the duration this script is running
|
||||||
|
#set needed A records to domain DNS before beginning
|
||||||
|
#bind IP desired before beginning
|
||||||
|
|
||||||
|
IP=$1
|
||||||
|
DOMAIN=$2
|
||||||
|
|
||||||
|
#stop apache
|
||||||
|
systemctl stop apache2
|
||||||
|
|
||||||
|
#cert get interface
|
||||||
|
certbot certonly
|
||||||
|
|
||||||
|
mkdir /var/www/$DOMAIN
|
||||||
|
echo "<h1>its live</h1>" > /var/www/$DOMAIN/index.html
|
||||||
|
|
||||||
|
#make and place config file
|
||||||
|
cat << EOF | echo > /etc/apache2/sites-available/{$DOMAIN}.config
|
||||||
|
<VirtualHost {$IP}:443>
|
||||||
|
DocumentRoot /var/www/{$DOMAIN}
|
||||||
|
ServerName $DOMAIN
|
||||||
|
SSLEngine on
|
||||||
|
SSLCertificateFile /etc/letsencrypt/live/{$DOMAIN}/fullchain.pem
|
||||||
|
SSLCertificateKeyFile /etc/letsencrypt/live/{$DOMAIN}/privkey.pem
|
||||||
|
SSLProtocol all -SSLv2 -SSLv3
|
||||||
|
SSLHonorCipherOrder on
|
||||||
|
SSLCipherSuite "HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128"
|
||||||
|
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
|
||||||
|
</VirtualHost>
|
||||||
|
|
||||||
|
<VirtualHost {$IP}:80>
|
||||||
|
ServerName $DOMAIN
|
||||||
|
Redirect permanent / https://{$DOMAIN}/
|
||||||
|
</VirtualHost>
|
||||||
|
EOF
|
||||||
|
|
||||||
|
a2ensite $DOMAIN
|
||||||
|
sh fix_permissions.sh
|
||||||
|
systemctl start apache2
|
||||||
@@ -0,0 +1,11 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# usage:
|
||||||
|
# add_user_ssh.sh "$USER" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2D+9oYQlTnu1zeVi2gHfTKE7+DDWiu1EibXNwB9g72 princesspi@proton.me"
|
||||||
|
|
||||||
|
[ "root" != "$USER" ] && exec sudo $0 "$@"
|
||||||
|
KEY="$2"
|
||||||
|
mkdir /home/$1/.ssh
|
||||||
|
echo $KEY >> /home/$1/.ssh/authorized_keys
|
||||||
|
chmod 700 /home/$1/.ssh
|
||||||
|
chmod 600 /home/$1/.ssh/authorized_keys
|
||||||
|
chown -R $1:$1 /home/$1/.ssh
|
||||||
@@ -0,0 +1,8 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
[ "root" != "$USER" ] && exec sudo $0 "$@"
|
||||||
|
LOCK=/var/lock/backups.lock
|
||||||
|
if [ ! -f $LOCK ]; then
|
||||||
|
echo "lock" > $LOCK
|
||||||
|
rsync -rzvvb --backup-dir=_old_ --suffix=$(date+_%F-%T) --update --times -e ssh /home/ <username>@<server>:~/backups/home
|
||||||
|
rm -f $LOCK
|
||||||
|
fi
|
||||||
@@ -0,0 +1,57 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# usage
|
||||||
|
# binwalk.sh filename [default/opcodes/basicextract/compressionextract/opcodeextract
|
||||||
|
set -e
|
||||||
|
filename="$2"
|
||||||
|
unix_seconds=$(date +%s)
|
||||||
|
dir="binwalk-exracted-$filename-$unix_seconds"
|
||||||
|
log="binwalk-log-$filename-$unix_seconds.txt"
|
||||||
|
|
||||||
|
basic="Bf"
|
||||||
|
basicextract="Bef"
|
||||||
|
compressionextract="BeMXZCf"
|
||||||
|
opcodecompressextract="ABeMXZCf"
|
||||||
|
opcodeextract="ABeCf"
|
||||||
|
opcode="ABf"
|
||||||
|
|
||||||
|
basic_cmd="--signature"
|
||||||
|
basicextract_cmd="--signature --extract --directory=$dir"
|
||||||
|
compressionextract_cmd="--signature --extract --matryoshka --deflate --lzma --directory=$dir"
|
||||||
|
opcodecompressextract_cmd="--opcodes --signature --extract --matryoshka --deflate -lzma --directory=$dir"
|
||||||
|
opcodeextract_cmd="--opcodes --signature --extract --directory=$dir"
|
||||||
|
opcode_cmd="--opcodes --signature"
|
||||||
|
|
||||||
|
usage_string="Usage:\n\tbinwalk.sh <option> <file>\n\t\tb/d/basic/default\n\t\to/op/opcode/opcodes\n\t\tbe/eb/basicextract/extractbasic\n\t\tce/ec/compressionextract/extractcompression\n\t\tope/oce/oec/opcodecompressionextract\n\t\toe/eo/opcodeextract/extractopcode"
|
||||||
|
|
||||||
|
if [ "$1" == "o" -o "$1" == "opcode" -o "$1" == "opcodes" -o "$1" == "op" ]; then
|
||||||
|
tag="$opcode"
|
||||||
|
cmd="$opcode_cmd"
|
||||||
|
elif [ "$1" == "d" -o "$1" == "default" -o "$1" == "b" -o "$1" == "basic" ]; then
|
||||||
|
tag="$basic"
|
||||||
|
cmd="$basic_cmd"
|
||||||
|
elif [ "$1" == "be" -o "$1" == "basicextract" -o "$1" == "eb" -o "$1" == "extractbasic" ]; then
|
||||||
|
tag="$basicextract"
|
||||||
|
cmd="$basicextract_cmd"
|
||||||
|
elif [ "$1" == "ce" -o "$1" == "compressionextract" -o "$1" == "ec" -o "$1" == "extractcompression" ]; then
|
||||||
|
tag="$compressionextract"
|
||||||
|
cmd="$compressionextract_cmd"
|
||||||
|
elif [ "$1" == "oce" -o "$1" == "opcodecompressionextract" -o "$1" == "eoc" -o "$1" == "oec" ]; then
|
||||||
|
tag="$opcodecompressextract"
|
||||||
|
cmd="$opcodecompressextract_cmd"
|
||||||
|
elif [ "$1" == "oe" -o "$1" == "opcodeextract" -o "$1" == "eo" -o "$1" == "extractopcode" ]; then
|
||||||
|
tag="$opcodeextract_cmd"
|
||||||
|
cmd="$opcodeextract_cmd"
|
||||||
|
else
|
||||||
|
echo -e "$usage_string"
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo -e $cmd
|
||||||
|
|
||||||
|
if [ -z $2 ]; then
|
||||||
|
echo -e "$usage_string"
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
to_run="binwalk $cmd --log=$log"
|
||||||
|
eval($to_run)
|
||||||
@@ -0,0 +1,7 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
echo "Enter Discord Webhook URL"
|
||||||
|
read url
|
||||||
|
echo "Enter Tag to Notify"
|
||||||
|
read tag
|
||||||
|
sudo bash -c "echo '$url' > /usr/share/customscripts/webhook.txt"
|
||||||
|
sudo bash -c "echo '$tag' > /usr/share/customscripts/tag.txt"
|
||||||
@@ -0,0 +1,40 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
if [ -z "$1" ]; then
|
||||||
|
echo "Showing Wifi Interfaces:"
|
||||||
|
iwconfig
|
||||||
|
echo "Please Enter Wifi Interface:"
|
||||||
|
read interface
|
||||||
|
else
|
||||||
|
interface="$1"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Scanning Wifi Networks"
|
||||||
|
nmcli dev wifi list
|
||||||
|
|
||||||
|
if [ -z "$2" ]; then
|
||||||
|
echo "Please Enter SSID"
|
||||||
|
read ssid
|
||||||
|
else
|
||||||
|
ssid="$2"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$3" ]; then
|
||||||
|
echo "Please Enter Password"
|
||||||
|
read password
|
||||||
|
else
|
||||||
|
password="$2"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo -e "\n\nConnect to $ssid with password $password on interface $interface \n\n"
|
||||||
|
pause
|
||||||
|
|
||||||
|
echo "Running ./fix-wifi.sh"
|
||||||
|
sudo bash ./fix-wifi.sh $interface
|
||||||
|
|
||||||
|
echo "Rescanning"
|
||||||
|
nmcli dev wifi rescan
|
||||||
|
|
||||||
|
echo "Connecting to $ssid"
|
||||||
|
nmcli device wifi connect $ssid password $password ifname $interface # --rescan yes
|
||||||
|
|
||||||
|
echo -e "\nnyaa mrrp done~ :D\n"
|
||||||
@@ -0,0 +1,22 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#Crowdsec Install and config
|
||||||
|
curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash
|
||||||
|
apt -y install crowdsec
|
||||||
|
truncate -s 0 /var/log/crowdsec.log
|
||||||
|
#configure bouncers as needed here https://hub.crowdsec.net/browse/#bouncers
|
||||||
|
apt -y install crowdsec-firewall-bouncer-iptables
|
||||||
|
cscli collections install crowdsecurity/base-http-scenarios
|
||||||
|
cscli bouncers add php-bouncer
|
||||||
|
systemctl reload crowdsec
|
||||||
|
#cscli bouncers add <nginx-bouncer php-bouncer wordpress-bouncer cloudflare-bouncer> #as needed
|
||||||
|
# SAVE API KEY, THEY ARE UNRECOVERABLE
|
||||||
|
#for wordpress: install crowdsec plugin in admin panel
|
||||||
|
# SAVE API KEY FROM INSTALL
|
||||||
|
# add API key
|
||||||
|
# LAPIU URL: http://localhost:8080
|
||||||
|
#for cpanel
|
||||||
|
#cscli scenarios install crowdsecurity/cpanel-bf
|
||||||
|
|
||||||
|
#unban an IP
|
||||||
|
#cscli decisions list
|
||||||
|
#cscli decisions delete --id <id number from list>
|
||||||
@@ -0,0 +1,15 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
if [ -z "$1" -o -z "$2" ]; then
|
||||||
|
echo -e "usage:\n\tbash find_bytes.sh <path> <bytes string>\n\t\tex. bash find_bytes.sh /path/to/dir \"\\\x20\\\x20\""
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
# took a fuckton of experimentation to figure out da escapes lmfao
|
||||||
|
double_bytes="$2" # rename it
|
||||||
|
path=$1 # rename it
|
||||||
|
|
||||||
|
# format ddmmyyyy-HHMM-SS
|
||||||
|
log="./recursive-binwalk-$(date +"%d%m%Y-%H%M-%S").txt" # make da log name
|
||||||
|
|
||||||
|
# watch your escapes here. some needs escape, redundant escape, or no escape
|
||||||
|
find "$path" -type f -exec /bin/bash -c "cmd=\"binwalk --log=$log --raw=$double_bytes {}\"; echo -e \"\n\n==\nfile: {}\nlog: $log\ncommand: \$(printf \\\"%q\\\" \$cmd)\" | tee -a $log; exec \$cmd" \;
|
||||||
@@ -0,0 +1,49 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
if [ -z "$1" ]; then
|
||||||
|
echo "Showing Wifi Interfaces:"
|
||||||
|
iwconfig
|
||||||
|
echo "Please Enter Wifi Interface:"
|
||||||
|
read wifi_device
|
||||||
|
echo "Selected ${wifi_device}"
|
||||||
|
else
|
||||||
|
wifi_device="$1"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# wifi_device=$1
|
||||||
|
|
||||||
|
echo 'Starting NetworkManager.service'
|
||||||
|
sudo systemctl restart NetworkManager
|
||||||
|
|
||||||
|
echo 'Restarting wpa_supplicant'
|
||||||
|
sudo systemctl restart wpa_supplicant
|
||||||
|
|
||||||
|
echo 'Disconnecting from wifi'
|
||||||
|
sudo nmcli d disconnect $wifi_device
|
||||||
|
|
||||||
|
echo 'Deleting all wifi saved networks'
|
||||||
|
nmcli connection show | sudo awk '{system("nmcli connection delete " $1)}'
|
||||||
|
|
||||||
|
echo 'Bringing down interface'
|
||||||
|
sudo ifconfig $wifi_device down
|
||||||
|
|
||||||
|
echo 'Bringing back up interface'
|
||||||
|
sudo ifconfig $wifi_device up
|
||||||
|
|
||||||
|
echo 'Reloading network manager'
|
||||||
|
sudo nmcli g reload
|
||||||
|
|
||||||
|
echo 'Turning off network manager'
|
||||||
|
sudo nmcli n off
|
||||||
|
|
||||||
|
echo 'Turning on network manager'
|
||||||
|
sudo nmcli n on
|
||||||
|
|
||||||
|
echo 'Changing interface mode to managed'
|
||||||
|
sudo iwconfig $wifi_device mode managed
|
||||||
|
|
||||||
|
echo 'Restarting networking stack'
|
||||||
|
sudo systemctl restart networking
|
||||||
|
|
||||||
|
iwconfig
|
||||||
|
|
||||||
|
echo -e "\nDone~ ^w^\n"
|
||||||
@@ -0,0 +1,5 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
[ "root" != "$USER" ] && exec sudo $0 "$@"
|
||||||
|
chown -R www-data:www-data /var/www/*
|
||||||
|
find /var/www/* -type d -exec chmod g=rwx "{}" \;
|
||||||
|
find /var/www/* -type f -exec chmod g=rw "{}" \;
|
||||||
@@ -0,0 +1,16 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e # die on any error
|
||||||
|
|
||||||
|
# get current directory name without the path
|
||||||
|
reponame=${PWD##*/}
|
||||||
|
|
||||||
|
# init to main branch (github default)
|
||||||
|
git init -b main
|
||||||
|
git add .
|
||||||
|
git commit -m "initial commit via gitinitshit"
|
||||||
|
|
||||||
|
# use github cli to create repo with the dir name
|
||||||
|
gh repo create "$thisdirname" --public --source=. --remote=upstream --push
|
||||||
|
|
||||||
|
# print git link and url
|
||||||
|
git remote -v | sed -n -e 1p | awk '{print "\ngit link:", $2; gsub(".git", "", $2); print "repo url:", $2, "\n"}'
|
||||||
@@ -0,0 +1,16 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e # fail on error
|
||||||
|
|
||||||
|
if [ -f './version.txt' ]; then
|
||||||
|
message=$(cat './version.txt')
|
||||||
|
else
|
||||||
|
if [ -z "$1" ]; then
|
||||||
|
message=$(date +%s)
|
||||||
|
else
|
||||||
|
message="$*"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
git add .
|
||||||
|
git commit -m "$message"
|
||||||
|
git push
|
||||||
@@ -0,0 +1,57 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# sync a local git repo with a remote one over ssh
|
||||||
|
# usage: gitsync <remote_host> <remote_dir>
|
||||||
|
# defaults pi3 and /var/www/html/Media-Viewer
|
||||||
|
|
||||||
|
# handle defaultz
|
||||||
|
handle_args () {
|
||||||
|
if [ -z $1 ]; then
|
||||||
|
remote_host='pi3'
|
||||||
|
else
|
||||||
|
remote_host="$1"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z $2 ]; then
|
||||||
|
remote_dir='/var/www/html/Media-Viewer'
|
||||||
|
else
|
||||||
|
remote_dir="$2"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
syncstatus () {
|
||||||
|
# view local and remote status before proceeding
|
||||||
|
echo -e "\nLOCAL status\n"
|
||||||
|
git status
|
||||||
|
|
||||||
|
echo -e "\nREMOTE status\n"
|
||||||
|
ssh $remote_host "/bin/bash -c git -C $remote_dir status"
|
||||||
|
}
|
||||||
|
|
||||||
|
gitsync () {
|
||||||
|
# todo: param and defaults these up
|
||||||
|
# todo: format this properly as multiline
|
||||||
|
$remote_cmd = "echo -e \"\nREMOTE pull $remote_dir\n\"; git -C $remote_dir pull; echo -e \"\nREMOTE adding on $remote_dir\n\"; git -C $remote_dir add .; echo -e \"\nREMOTE commit $remote_dir\n\"; git -C $remote_dir commit -m \"autosync $(date +%s)\"; echo -e \"\nREMOTE push $remote_dir\n\"; git -C $remote_dir push; echo -e \"\nREMOTE status $remote_dir\n\"; git -C $remote_dir status;"
|
||||||
|
|
||||||
|
echo -e "\nLOCAL pulling\n"
|
||||||
|
git pull
|
||||||
|
|
||||||
|
echo -e "\nLOCAL adding, comitting and pushing\n"
|
||||||
|
git add .
|
||||||
|
git commit -m "autosync $(date +%s)"
|
||||||
|
git push
|
||||||
|
|
||||||
|
echo -e "\nLOCAL status\n"
|
||||||
|
git status
|
||||||
|
|
||||||
|
# run da REMOTE shiz
|
||||||
|
echo -e "\nREMOTE running sync\n"
|
||||||
|
ssh $remote_host "/bin/bash -c \"$remote_cmd\""
|
||||||
|
|
||||||
|
echo -e "\nLOCAL status\n"
|
||||||
|
git status
|
||||||
|
}
|
||||||
|
|
||||||
|
handle_args
|
||||||
|
syncstatus
|
||||||
|
gitsync
|
||||||
|
syncstatus
|
||||||
@@ -0,0 +1,36 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# from https://askubuntu.com/questions/3299/how-to-run-cron-job-when-network-is-up
|
||||||
|
# usage in cron
|
||||||
|
## @reboot bash /usr/share/customscripts/ifnet "/usr/share/customscripts/webhook bootup" 2>> /var/log/cron.error.log
|
||||||
|
function check_online
|
||||||
|
{
|
||||||
|
netcat -z -w 5 discord.com 80 && echo 1 || echo 0
|
||||||
|
}
|
||||||
|
|
||||||
|
# Initial check to see if we are online
|
||||||
|
IS_ONLINE=$(check_online)
|
||||||
|
# How many times we should check if we're online - this prevents infinite looping
|
||||||
|
MAX_CHECKS=10
|
||||||
|
# Initial starting value for checks
|
||||||
|
CHECKS=0
|
||||||
|
|
||||||
|
echo "running! IS_ONLINE: $IS_ONLINE"
|
||||||
|
|
||||||
|
# Loop while we're not online.
|
||||||
|
while [[ $IS_ONLINE -eq 0 ]]; do
|
||||||
|
sleep 10;
|
||||||
|
echo "is_online: $IS_ONLINE loop $CHECKS"
|
||||||
|
IS_ONLINE=check_online
|
||||||
|
|
||||||
|
CHECKS=$(($CHECKS + 1))
|
||||||
|
if [ $CHECKS -gt $MAX_CHECKS ]; then
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
if [[ $IS_ONLINE -eq 0 ]]; then
|
||||||
|
# We never were able to get online. Kill script.
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
bash $1 2>> /var/log/cron.error.log
|
||||||
@@ -0,0 +1,76 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# set -e # make sure da silly thing dont continue when there be errorZ
|
||||||
|
|
||||||
|
gitRepo='https://gitlab.com/princesspi/general-scripts-and-system-ssssssetup.git'
|
||||||
|
tmpDir='/tmp/customscripts'
|
||||||
|
finalDir='/usr/share/customscripts'
|
||||||
|
|
||||||
|
echo "Updating software lists"
|
||||||
|
sudo apt update
|
||||||
|
|
||||||
|
echo "Installan my packages"
|
||||||
|
sudo apt install gh net-tools htop btop iptraf iotop screen byobu wget python3 python3-pip python3-virtualenv python3-setuptools thefuck nginx wget lynx neovim nmap -y
|
||||||
|
|
||||||
|
echo "Using Shell $SHELL"
|
||||||
|
|
||||||
|
# ta get da right usermayhaps
|
||||||
|
if [[ -z $SUDO_USER ]]; then
|
||||||
|
echo "Using User $USER"
|
||||||
|
username="$USER"
|
||||||
|
else
|
||||||
|
echo "Using User $SUDO_USER"
|
||||||
|
username="$SUDO_USER"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# figure oot da sehell
|
||||||
|
if [[ "$SHELL" =~ bash$ ]]; then
|
||||||
|
rcfile="/home/$username/.bashrc"
|
||||||
|
elif [[ "$SHELL" =~ zsh$ ]]; then
|
||||||
|
rcfile="/home/$username/.zshrc"
|
||||||
|
else
|
||||||
|
echo -e "Die: Unsupported Shell";
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
# clean up any existing install
|
||||||
|
if [[ -d "$tmpDir" ]]; then
|
||||||
|
echo "Cleaning Up Existing $tmpDir"
|
||||||
|
rm -rf "$tmpDir"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -d "$finalDir" ]]; then
|
||||||
|
echo "Cleaning Up Existing $finalDir"
|
||||||
|
rm -rf "$finalDir"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Cloning Repo $gitRepo"
|
||||||
|
git clone $gitRepo $tmpDir --single-branch --depth 1
|
||||||
|
|
||||||
|
echo "Placing in $finalDir"
|
||||||
|
mv "$tmpDir/customscripts" "$finalDir"
|
||||||
|
|
||||||
|
echo "Changing ownership of $finalDir to $username:$username recursively"
|
||||||
|
chown -R $username:$username "$finalDir"
|
||||||
|
|
||||||
|
echo "Setting perms of $finalDir and contents to 775"
|
||||||
|
chmod -R 775 "$finalDir"
|
||||||
|
|
||||||
|
grep -q $finalDir $rcfile
|
||||||
|
pathgrep=$?
|
||||||
|
|
||||||
|
if [ $pathgrep -eq 0 ]; then
|
||||||
|
echo "$finalDir Already in \$PATH Skipping"
|
||||||
|
else
|
||||||
|
echo "Adding $finalDir to $username's \$PATH by Appending to $rcfile"
|
||||||
|
echo -e "\n\n# automatically added by customscripts installer\nexport PATH=\"\$PATH:$finalDir\"" >> "$rcfile"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# configure webhook
|
||||||
|
# echo "Enter Discord Webhook URL"
|
||||||
|
# read url
|
||||||
|
# echo "Enter Tag to Notify"
|
||||||
|
# read tag
|
||||||
|
# sudo bash -c "echo '$url' > /usr/share/customscripts/webhook.txt"
|
||||||
|
# sudo bash -c "echo '$tag' > /usr/share/customscripts/tag.txt"
|
||||||
|
|
||||||
|
echo -e "\n\nDone! Restart shell:\n\texec \$SHELL\n\n"
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
< passes.txt parallel --block 10M -C 5 --pipe grep --count --max-count=1 --fixed-strings $1
|
||||||
@@ -0,0 +1,85 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# usage
|
||||||
|
# bash watch.sh /path/t/dir processname logfile
|
||||||
|
set -e
|
||||||
|
|
||||||
|
if [ -z $1 ]; then
|
||||||
|
dir='.'
|
||||||
|
else
|
||||||
|
dir=$1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z $2 ]; then
|
||||||
|
process_name='none'
|
||||||
|
else
|
||||||
|
process_name=$2
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f $3 ]; then
|
||||||
|
log_name=/dev/null
|
||||||
|
else
|
||||||
|
log_name=$3
|
||||||
|
fi
|
||||||
|
|
||||||
|
# uptime
|
||||||
|
uptime_dirty=$(uptime | awk '{print $3,$4}')
|
||||||
|
uptime_cleaned=${uptime_dirty:0:-1}
|
||||||
|
|
||||||
|
# date and time (default date command)
|
||||||
|
# ex. Sat May 17 11:36:04 PM MDT 2025
|
||||||
|
date_time=$(date)
|
||||||
|
|
||||||
|
echo -e "Uptime: $uptime_cleaned\t\tTime: $date_time\n"
|
||||||
|
|
||||||
|
# list filenames ordered by size large to small
|
||||||
|
list_files=$(ls -lAhS $dir | awk '{print $9}')
|
||||||
|
eval "list_files_names=($list_files)"
|
||||||
|
# echo -e "\nda names\n${list_files_names[1]}\n\n"
|
||||||
|
|
||||||
|
# size (human) ordered by size large to small
|
||||||
|
list_human=$(ls -lAhS $dir | awk '{print $5}')
|
||||||
|
eval "list_files_human=($list_human)"
|
||||||
|
# echo -e "\nda humans\n${list_files_human[1]}\n\n"
|
||||||
|
|
||||||
|
# size (bytes) ordered by size large to small
|
||||||
|
list_bytes=$(du -d 1 $dir/* | awk '{print $1}' | sort -r -n)
|
||||||
|
eval "list_files_bytes=($list_bytes)"
|
||||||
|
# echo -e "\nda bytes\n${list_files_bytes[1]}\n\n"
|
||||||
|
|
||||||
|
echo -e "Size (h)\tBytes\tName"
|
||||||
|
|
||||||
|
count=0
|
||||||
|
for name in ${list_files_names[@]}; do
|
||||||
|
echo -e "${list_files_human[$count]}\t\t${list_files_bytes[$count]} \t$name"
|
||||||
|
count=$(($count + 1))
|
||||||
|
done
|
||||||
|
|
||||||
|
# pid
|
||||||
|
list_processes_pid=$(ps aux | grep $process_name | awk '{print $2}')
|
||||||
|
eval "list_processes_pid=($list_processes_pid)"
|
||||||
|
# echo -e "\nda pids\n${list_processes_pid[1]}\n\n"
|
||||||
|
|
||||||
|
# %CPU usage
|
||||||
|
list_processes_cpu=$(ps aux | grep $process_name | awk '{print $3}')
|
||||||
|
eval "list_processes_cpu=($list_processes_cpu)"
|
||||||
|
# echo -e "\nda cpu%\n${list_processes_cpu[1]}\n\n"
|
||||||
|
|
||||||
|
# %MEMORY usage
|
||||||
|
list_processes_mem=$(ps aux | grep $process_name | awk '{print $4}')
|
||||||
|
eval "list_processes_mem=($list_processes_mem)"
|
||||||
|
# echo -e "\nda mem%\n${list_processes_mem[1]}\n\n"
|
||||||
|
|
||||||
|
# process names
|
||||||
|
list_processes_name=$(ps aux | grep $process_name | awk '{print $12,$13,$14,$15,$16,$17,$18}' | sed 's/\s/_/g')
|
||||||
|
eval "list_processes_name=($list_processes_name)"
|
||||||
|
# echo -e "\nda name\n${list_processes_name[1]}\n\n"
|
||||||
|
|
||||||
|
echo -e "\nPID\t\t%MEM\t%CPU\tNAME"
|
||||||
|
count=0
|
||||||
|
for name in ${list_processes_name[@]}; do
|
||||||
|
echo -e "${list_processes_pid[$count]}\t\t${list_processes_mem[$count]}%\t${list_processes_cpu[$count]}%\t$name"
|
||||||
|
count=$(($count + 1))
|
||||||
|
done
|
||||||
|
|
||||||
|
echo -e "\n$log_name"
|
||||||
|
tail -10 $log_name
|
||||||
@@ -0,0 +1,29 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
if [ -z $1 ]; then
|
||||||
|
echo -e "Usage:\n\tmonitor_pid \"MESSAGE\""
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
pid=$1
|
||||||
|
|
||||||
|
clear
|
||||||
|
echo -e "\nMonitoring for process PID $pid to end"
|
||||||
|
|
||||||
|
# get da webhook tag
|
||||||
|
tag=$(cat /usr/share/customscripts/tag.txt)
|
||||||
|
|
||||||
|
# infinite loop
|
||||||
|
while [ 1 -eq 1 ]; do
|
||||||
|
# check for da pid
|
||||||
|
ps -q $pid > /dev/null
|
||||||
|
ret=$?
|
||||||
|
|
||||||
|
# check if the process exists via retcode of the ps -q $pid
|
||||||
|
if [ $ret -ne 0 ]; then
|
||||||
|
webhook "Process $pid Ended at $(date)! \n\t$tag"
|
||||||
|
echo "Process $pid Ended at $(date)! \n\t$tag"
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
sleep 10
|
||||||
|
done
|
||||||
@@ -0,0 +1,25 @@
|
|||||||
|
# run automatic installer
|
||||||
|
curl -fsSL https://pyenv.run | bash
|
||||||
|
|
||||||
|
# append relevant bits to ~/.zshrc
|
||||||
|
echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.zshrc
|
||||||
|
echo '[[ -d $PYENV_ROOT/bin ]] && export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.zshrc
|
||||||
|
echo 'eval "$(pyenv init - zsh)"' >> ~/.zshrc
|
||||||
|
|
||||||
|
# restart shell
|
||||||
|
exec "$SHELL"
|
||||||
|
|
||||||
|
pyenv install # CUSTOM STUFFS
|
||||||
|
# pico SDK https://github.com/raspberrypi/pico-sdk
|
||||||
|
export PICO_SDK_PATH='/home/kali/pico-sdk'
|
||||||
|
|
||||||
|
# esp-install-custom https://github.com/PrincessPi3/esp-install-custom
|
||||||
|
alias get_idf='. /home/princesspi/esp/esp-idf/export.sh'
|
||||||
|
alias run_esp_reinstall='git -C /home/princesspi/esp/esp-install-custom pull;echo -e "\nOld Version:";tail -1 /home/pri>alias esp_monitor='tail -n 75 -f /home/princesspi/esp/install.log'
|
||||||
|
alias esp_logs='less /home/princesspi/esp/version-data.log;less /home/princesspi/esp/install.log'
|
||||||
|
export ESPIDF_INSTALLDIR="/home/princesspi/esp"
|
||||||
|
|
||||||
|
# pyenv https://github.com/pyenv/pyenv
|
||||||
|
export PYENV_ROOT="$HOME/.pyenv"
|
||||||
|
[[ -d $PYENV_ROOT/bin ]] && export PATH="$PYENV_ROOT/bin:$PATH"
|
||||||
|
eval "$(pyenv init - zsh)"
|
||||||
@@ -0,0 +1,74 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e # fail on error
|
||||||
|
|
||||||
|
# default to scan pwd if arg 1 is empty
|
||||||
|
if [ -z $1 ]; then
|
||||||
|
scan_path="$PWD"
|
||||||
|
else
|
||||||
|
scan_path="$1"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# configure dir structure
|
||||||
|
analysis_dir="recursive-analysis" # top level
|
||||||
|
file_dir="$analysis_dir/file"
|
||||||
|
strings_dir="$analysis_dir/strings"
|
||||||
|
sha256sum_dir="$analysis_dir/sha256sum"
|
||||||
|
binwalk_dir="$analysis_dir/binwalk"
|
||||||
|
|
||||||
|
# make the directory structure if absent or fail without error
|
||||||
|
mkdir -p "$file_dir" "$strings_dir" "$sha256sum_dir" "$binwalk_dir"
|
||||||
|
|
||||||
|
# log paths
|
||||||
|
timestamp=$(date +"%Y%m%d-%H%M-%S-%Z") # format YYYYmmdd-HHMM-SS-TZ
|
||||||
|
log_main="./recursive-log.txt"
|
||||||
|
log_binwalk="$binwalk_dir/recursive-binwalk-$timestamp.txt"
|
||||||
|
log_file="$file_dir/recursive-file-$timestamp.txt"
|
||||||
|
log_strings="$strings_dir/recursive-strings-hex-offsets-$timestamp.txt"
|
||||||
|
log_sha256sum="$sha256sum_dir/recursive-sha256sum-$timestamp.txt"
|
||||||
|
|
||||||
|
# full command except filename
|
||||||
|
pre_cmd_binwalk="binwalk"
|
||||||
|
pre_cmd_file="file"
|
||||||
|
strings_len=8
|
||||||
|
pre_cmd_strings="strings --bytes=$strings_len --print-file-name --radix=x"
|
||||||
|
pre_cmd_sha256sum="sha256sum"
|
||||||
|
|
||||||
|
echo -e "\nRunning Princess Pi's Recursive Analysis on $scan_path at $timestamp\n\tMaster log: $log_main\n"
|
||||||
|
|
||||||
|
# do da scanssss
|
||||||
|
## binwalk
|
||||||
|
echo "Recursive binwalk! Saving to $log_binwalk . . ."
|
||||||
|
find "$scan_path" -type f \
|
||||||
|
-not -path "*/.git/*" \
|
||||||
|
-not -path "*/__pycache__/*" \
|
||||||
|
-not -path "*/recursive-analysis/*" \
|
||||||
|
-exec /bin/bash -c "cmd=\"$pre_cmd_binwalk {}\" && echo -e \"File: {}\nCommand: \$cmd\nTimestamp: $timestamp\" >> $log_binwalk && exec \$cmd >> $log_binwalk" \; # watch your escapes here
|
||||||
|
|
||||||
|
## file
|
||||||
|
echo "Recursive file! Saving to $log_file . . ."
|
||||||
|
find "$scan_path" -type f \
|
||||||
|
-not -path "*/.git/*" \
|
||||||
|
-not -path "*/__pycache__/*" \
|
||||||
|
-not -path "*/recursive-analysis/*" \
|
||||||
|
-exec $pre_cmd_file {} >> $log_file \;
|
||||||
|
|
||||||
|
## strings
|
||||||
|
echo "Recursive strings! Saving to $log_strings . . ."
|
||||||
|
find "$scan_path" -type f \
|
||||||
|
-not -path "*/.git/*" \
|
||||||
|
-not -path "*/__pycache__/*" \
|
||||||
|
-not -path "*/recursive-analysis/*" \
|
||||||
|
-exec $pre_cmd_strings {} >> $log_strings \;
|
||||||
|
|
||||||
|
## sha256sum
|
||||||
|
echo "Recursive sha256sum! Saving to $log_sha256sum . . ."
|
||||||
|
find "$scan_path" -type f \
|
||||||
|
-not -path "*/.git/*" \
|
||||||
|
-not -path "*/__pycache__/*" \
|
||||||
|
-not -path "*/recursive-analysis/*" \
|
||||||
|
-exec $pre_cmd_sha256sum {} >> $log_sha256sum \;
|
||||||
|
|
||||||
|
# log to master log
|
||||||
|
echo -e "$timestamp:\n\tscan path: $scan_path\n\tbinwalk:\n\t\tlog: $log_binwalk\n\t\tcmd: $pre_cmd_sha256sum {}\n\tfile:\n\t\tlog: $log_file\n\t\tcmd: $pre_cmd_file {}\n\tstrings:\n\t\tlog: $log_strings\n\t\tcmd: $pre_cmd_strings {}\n\tsha256sum:\n\t\tlog: $log_sha256sum\n\t\tcmd: $pre_cmd_sha256sum {}\n" >> $log_main
|
||||||
|
|
||||||
|
echo -e "\nDone! :3"
|
||||||
@@ -0,0 +1,31 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# helper to show status of git repos on both local and a remote host
|
||||||
|
# usage: syncstatus <remote_host> <remote_directiory>
|
||||||
|
# defaults pi3 and /var/www/html/Media-Viewer
|
||||||
|
|
||||||
|
# handle defaultz
|
||||||
|
handle_args () {
|
||||||
|
if [ -z $1 ]; then
|
||||||
|
remote_host='pi3'
|
||||||
|
else
|
||||||
|
remote_host="$1"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z $2 ]; then
|
||||||
|
remote_dir='/var/www/html/Media-Viewer'
|
||||||
|
else
|
||||||
|
remote_dir="$2"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
syncstatus () {
|
||||||
|
# view local and remote status before proceeding
|
||||||
|
echo -e "\nLOCAL status\n"
|
||||||
|
git status
|
||||||
|
|
||||||
|
echo -e "\nREMOTE status\n"
|
||||||
|
ssh $remote_host "/bin/bash -c \"git -C '$remote_dir' status\""
|
||||||
|
}
|
||||||
|
|
||||||
|
handle_args
|
||||||
|
syncstatus
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
git add .
|
||||||
|
git commit -m "waypoint"
|
||||||
@@ -0,0 +1,31 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# usage in cron
|
||||||
|
## @reboot bash /usr/share/customscripts/ifnet "/usr/share/customscripts/webhook bootup" 2>> /var/log/cron.error.log
|
||||||
|
# discord_webhook="https://discord.com/api/webhooks/yourwebhook"
|
||||||
|
discord_webhook=$(cat /usr/share/customscripts/webhook.txt)
|
||||||
|
ipaddr=$(hostname -I | grep -E -o "10.0.0.[0-9]{1,3}" | tail -1)
|
||||||
|
date=$(date "+%d/%m/%Y %H:%M:%S %Z (%s)")
|
||||||
|
# to tag role run \@rolename and copy the code that is like <@something>
|
||||||
|
# tag="<@tag>"
|
||||||
|
tag=$(cat /usr/share/customscripts/tag.txt)
|
||||||
|
hostname=$(hostname)
|
||||||
|
bootup_string="bootrred on $date\n\tip addr: $ipaddr\n\t$tag\n\n"
|
||||||
|
|
||||||
|
if [[ -z $1 ]]; then
|
||||||
|
content='Default Ping!'
|
||||||
|
elif [[ "$1" == "bootup" ]]; then
|
||||||
|
content="$bootup_string"
|
||||||
|
else
|
||||||
|
content="$1"
|
||||||
|
fi
|
||||||
|
|
||||||
|
post_data() {
|
||||||
|
cat <<EOF
|
||||||
|
{
|
||||||
|
"username":"$hostname",
|
||||||
|
"content":"$content"
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
curl -H "Content-Type: application/json" -X POST -d "$(post_data)" "$discord_webhook"
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
sudo airmon-ng check kill
|
||||||
|
sudo airmon-ng start wlan1
|
||||||
|
sudo airodump-ng wlan1mon
|
||||||
@@ -0,0 +1,7 @@
|
|||||||
|
port=$(grep '^port=33' /etc/xrdp/xrdp.ini | sed 's/port=//')
|
||||||
|
ip=$(ip addr | grep 'inet 10.\|inet 192.168.' | awk '{print $2}' | sed 's/\/24//')
|
||||||
|
|
||||||
|
sudo /etc/xrdp/startwm.sh
|
||||||
|
sudo systemctl restart xrdp
|
||||||
|
echo "connect on $ip:$port"
|
||||||
|
|
||||||
@@ -0,0 +1,4 @@
|
|||||||
|
CUSTOM_DATABASE=wordpress-db
|
||||||
|
CUSTOM_USER=wordpress-user
|
||||||
|
CUSTOM_PASSWORD=someCustomPassword1234
|
||||||
|
CUSTOM_PORT=8800
|
||||||
@@ -0,0 +1,31 @@
|
|||||||
|
version: '3.1'
|
||||||
|
|
||||||
|
services:
|
||||||
|
|
||||||
|
wordpress:
|
||||||
|
image: wordpress
|
||||||
|
restart: always
|
||||||
|
ports:
|
||||||
|
- ${CUSTOM_PORT}:80
|
||||||
|
environment:
|
||||||
|
WORDPRESS_DB_HOST: db
|
||||||
|
WORDPRESS_DB_USER: ${CUSTOM_USER}
|
||||||
|
WORDPRESS_DB_PASSWORD: ${CUSTOM_PASSWORD}
|
||||||
|
WORDPRESS_DB_NAME: ${CUSTOM_DATABASE}
|
||||||
|
volumes:
|
||||||
|
- wordpress:/var/www/html
|
||||||
|
|
||||||
|
db:
|
||||||
|
image: mysql
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
MYSQL_DATABASE: ${CUSTOM_DATABASE}
|
||||||
|
MYSQL_USER: ${CUSTOM_USER}
|
||||||
|
MYSQL_PASSWORD: ${CUSTOM_PASSWORD}
|
||||||
|
MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
|
||||||
|
volumes:
|
||||||
|
- db:/var/lib/mysql
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
wordpress:
|
||||||
|
db:
|
||||||
Reference in New Issue
Block a user