-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsecurepi.sh
171 lines (122 loc) · 5.66 KB
/
securepi.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
#!/bin/bash
echo "$(tput setaf 1)
██████ ▓█████ ▄████▄ █ ██ ██▀███ ▓█████ ██▓███ ██▓
▒██ ▒ ▓█ ▀ ▒██▀ ▀█ ██ ▓██▒▓██ ▒ ██▒▓█ ▀ ▓██░ ██▒▓██▒
░ ▓██▄ ▒███ ▒▓█ ▄ ▓██ ▒██░▓██ ░▄█ ▒▒███ ▓██░ ██▓▒▒██▒
▒ ██▒▒▓█ ▄ ▒▓▓▄ ▄██▒▓▓█ ░██░▒██▀▀█▄ ▒▓█ ▄ ▒██▄█▓▒ ▒░██░
▒██████▒▒░▒████▒▒ ▓███▀ ░▒▒█████▓ ░██▓ ▒██▒░▒████▒ ▒██▒ ░ ░░██░
▒ ▒▓▒ ▒ ░░░ ▒░ ░░ ░▒ ▒ ░░▒▓▒ ▒ ▒ ░ ▒▓ ░▒▓░░░ ▒░ ░ ▒▓▒░ ░ ░░▓
░ ░▒ ░ ░ ░ ░ ░ ░ ▒ ░░▒░ ░ ░ ░▒ ░ ▒░ ░ ░ ░ ░▒ ░ ▒ ░
░ ░ ░ ░ ░ ░░░ ░ ░ ░░ ░ ░ ░░ ▒ ░
░ ░ ░░ ░ ░ ░ ░ ░ ░
░
$(tput setaf 3)
TOR + Raspberry Pi
ff0x.co/raspberrypi-3-onion-router
$(tput sgr0)"
echo "Installing the Software "
sudo apt-get update -y
sudo apt-get upgrade -y
sudo apt-get install hostapd isc-dhcp-server -y
sudo apt-get install iptables-persistent -y
echo "Changing some lines with SED"
sudo sed -i 's/option domain-name "example.org";/# option domain-name "example.org";/g' /etc/dhcp/dhcpd.conf
sudo sed -i 's/option domain-name-servers ns1.example.org, ns2.example.org;/# option domain-name-servers ns1.example.org, ns2.example.org;/g' /etc/dhcp/dhcpd.conf
sudo sed -i 's/#authoritative;/#authoritative;/g' /etc/dhcp/dhcpd.conf
sudo sh -c "echo 'subnet 192.168.42.0 netmask 255.255.255.0 {
range 192.168.42.10 192.168.42.50;
option broadcast-address 192.168.42.255;
option routers 192.168.42.1;
default-lease-time 600;
max-lease-time 7200;
option domain-name "local";
option domain-name-servers 8.8.8.8, 8.8.4.4;
}' >> /etc/dhcp/dhcpd.conf"
sudo sed -i 's/INTERFACES=""/INTERFACES="wlan0"/g' /etc/default/isc-dhcp-server
sudo ifdown wlan0
sudo rm -r /etc/network/interfaces
sudo sh -c "echo '# interfaces(5) file used by ifup(8) and ifdown(8)
# Please note that this file is written to be used with dhcpd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'
# Include files from /etc/network/interfaces.d
source directory /etc/network/interfaces.d
auto lo
iface lo inet loopback
iface eth0 inet dhcp
allow-hotplug wlan0
iface wlan0 inet static
address 192.168.42.1
netmask 255.255.255.0
#iface wlan0 inet manual
#wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
#iface default inet dhcp' >> /etc/network/interfaces"
sudo ifconfig wlan0 192.168.42.1
sudo sh -c "echo 'interface=wlan0
#driver=rtl871xdrv
ssid=SecurePI
country_code=US
hw_mode=g
channel=6
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=SecurePass
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
wpa_group_rekey=86400
ieee80211n=1
wme_enabled=1
' >> /etc/hostapd/hostapd.conf"
echo "Changing some more lines with SED"
sudo sed -i 's/#DAEMON_CONF=""/DAEMON_CONF="/etc/hostapd/hostapd.conf"/g' /etc/default/hostapd
sudo sed -i 's/DAEMON_CONF=/DAEMON_CONF=/etc/hostapd/hostapd.conf/g' /etc/init.d/hostapd
sudo sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
sudo sh -c "iptables-save > /etc/iptables/rules.v4"
sudo timeout 2 /usr/sbin/hostapd /etc/hostapd/hostapd.conf
sudo mv /usr/share/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service ~/
sudo /usr/sbin/hostapd /etc/hostapd/hostapd.conf
sudo service hostapd start
sudo service isc-dhcp-server start
sudo update-rc.d hostapd enable
sudo update-rc.d isc-dhcp-server enable
sudo service isc-dhcp-server status
sudo service hostapd status
echo "Time to Install TOR"
sudo apt-get update
sudo apt-get install tor -y
sudo sed '/## https://www.torproject.org/docs/faq#torrc/Log notice file /var/log/tor/notices.log
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
TransPort 9040
TransListenAddress 192.168.42.1
DNSPort 53
DNSListenAddress 192.168.42.1' /etc/tor/torrc
sudo iptables -F
sudo iptables -t nat -F
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 22 -j REDIRECT --to-ports 22
sudo iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-ports 53
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040
sudo iptables -t nat -L
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
sudo touch /var/log/tor/notices.log
sudo chown debian-tor /var/log/tor/notices.log
sudo chmod 644 /var/log/tor/notices.log
ls -l /var/log/tor
sudo service tor start
sudo service tor status
sudo update-rc.d tor enable
echo "$(tput setaf 1)
Your SecurePi is ready for use.
Please Reboot The Pi First
SSID: SecurePi
Password: SecurePass
$(tput setaf 3)
You can change your SSID & password in /etc/hostapd/hostapd.conf.
Do not reboot the Raspberry Pi, otherwise you have to run this script again.
$(tput sgr0)"