summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorczesiek <czesiek@hackerspace.pl>2014-11-01 18:52:30 +0100
committerczesiek <czesiek@hackerspace.pl>2014-11-01 18:52:30 +0100
commitf165871b63b52fb093a480c459b74eff6ea23fb0 (patch)
tree446d78f81d50424ab4a72aa3e84dc6a40f4222de
parent52c7530e806df0603a7ea0164eb54ef4b4035b22 (diff)
downloadheads-f165871b63b52fb093a480c459b74eff6ea23fb0.tar.gz
heads-f165871b63b52fb093a480c459b74eff6ea23fb0.tar.bz2
heads-f165871b63b52fb093a480c459b74eff6ea23fb0.zip
Added initscripts/, NM dispatcher script, ferm configs, launchersHEADmaster
-rwxr-xr-xNetworkManager/60-yokai-launcher.sh45
-rw-r--r--environment.clean18
-rw-r--r--ferm-clear.conf52
-rw-r--r--ferm-offline.conf52
-rwxr-xr-xinitscripts/longkeyword40
-rwxr-xr-xinitscripts/unfermify36
-rwxr-xr-xinitscripts/untorify80
-rwxr-xr-xyokai-launcher7
-rwxr-xr-xyokai-launcher-nosudo7
-rwxr-xr-xyokai-openvpn-launcher91
-rwxr-xr-xyokai-sshuttle-launcher17
11 files changed, 445 insertions, 0 deletions
diff --git a/NetworkManager/60-yokai-launcher.sh b/NetworkManager/60-yokai-launcher.sh
new file mode 100755
index 0000000..1368b47
--- /dev/null
+++ b/NetworkManager/60-yokai-launcher.sh
@@ -0,0 +1,45 @@
+#! /bin/sh
+
+set -e
+
+killtree() {
+ local _pid=$1
+ local _sig=${2:--KILL}
+ for _child in $(ps -o pid --no-headers --ppid ${_pid}); do
+ killtree ${_child} ${_sig}
+ done
+
+ kill -9 ${_pid}
+}
+
+# Get LIVE_USERNAME
+. /etc/live/config.d/username.conf
+
+# Get LANG
+. /etc/default/locale
+
+export LANG
+export DISPLAY=':0.0'
+export XAUTHORITY="`echo /var/run/gdm3/auth-for-${LIVE_USERNAME}-*/database`"
+
+LOCKFILE=/var/lock/yokai-launcher.lock
+
+# Run only when the interface is not "lo":
+if [ "${1}" = "lo" ]; then
+ exit 0
+fi
+
+if [ "${2}" = "up" ]; then
+ (
+ sudo -u ${LIVE_USERNAME} lckdo $LOCKFILE yokai-launcher -DISPLAY=${DISPLAY}
+ ) &
+elif [ "${2}" = "down" ]; then
+ for i in $(seq 10); do
+ PPID=`pgrep "^yokai-launcher$"`
+ killtree $PPID
+ sleep 1
+ if ! pgrep "^yokai-launcher$"; then
+ break
+ fi
+ done
+fi
diff --git a/environment.clean b/environment.clean
new file mode 100644
index 0000000..24f488c
--- /dev/null
+++ b/environment.clean
@@ -0,0 +1,18 @@
+#http_proxy=http://127.0.0.1:8118
+#HTTP_PROXY=http://127.0.0.1:8118
+#https_proxy=http://127.0.0.1:8118
+#HTTPS_PROXY=http://127.0.0.1:8118
+#SOCKS_SERVER=127.0.0.1:9050
+#SOCKS5_SERVER=127.0.0.1:9050
+
+# Allow Torbutton access to the control port filter (for new identity).
+# Setting a password is required, otherwise Torbutton attempts to
+# read the authentication cookie file instead, which fails.
+#TOR_CONTROL_HOST='127.0.0.1'
+#TOR_CONTROL_PORT='9052'
+#TOR_CONTROL_PASSWD='passwd'
+
+#GIT_PROXY_COMMAND=/usr/local/bin/connect-socks
+
+# Port that the monkeysphere validation agent listens on
+MSVA_PORT='6136'
diff --git a/ferm-clear.conf b/ferm-clear.conf
new file mode 100644
index 0000000..82f9fc3
--- /dev/null
+++ b/ferm-clear.conf
@@ -0,0 +1,52 @@
+# -*- mode: conf[space] -*-
+#
+# Configuration file for ferm(1).
+#
+
+# IPv4
+domain ip {
+ table filter {
+ chain INPUT {
+ policy ACCEPT;
+ }
+
+ chain OUTPUT {
+ policy ACCEPT;
+ }
+
+ chain FORWARD {
+ policy ACCEPT;
+ }
+ }
+
+ table nat {
+ chain PREROUTING {
+ policy ACCEPT;
+ }
+
+ chain POSTROUTING {
+ policy ACCEPT;
+ }
+
+ chain OUTPUT {
+ policy ACCEPT;
+ }
+ }
+}
+
+# IPv6:
+domain ip6 {
+ table filter {
+ chain INPUT {
+ policy ACCEPT;
+ }
+
+ chain FORWARD {
+ policy ACCEPT;
+ }
+
+ chain OUTPUT {
+ policy ACCEPT;
+ }
+ }
+}
diff --git a/ferm-offline.conf b/ferm-offline.conf
new file mode 100644
index 0000000..349b92b
--- /dev/null
+++ b/ferm-offline.conf
@@ -0,0 +1,52 @@
+# -*- mode: conf[space] -*-
+#
+# Configuration file for ferm(1).
+#
+
+# IPv4
+domain ip {
+ table filter {
+ chain INPUT {
+ policy DROP;
+ }
+
+ chain OUTPUT {
+ policy DROP;
+ }
+
+ chain FORWARD {
+ policy DROP;
+ }
+ }
+
+ table nat {
+ chain PREROUTING {
+ policy DROP;
+ }
+
+ chain POSTROUTING {
+ policy DROP;
+ }
+
+ chain OUTPUT {
+ policy DROP;
+ }
+ }
+}
+
+# IPv6:
+domain ip6 {
+ table filter {
+ chain INPUT {
+ policy DROP;
+ }
+
+ chain FORWARD {
+ policy DROP;
+ }
+
+ chain OUTPUT {
+ policy DROP;
+ }
+ }
+}
diff --git a/initscripts/longkeyword b/initscripts/longkeyword
new file mode 100755
index 0000000..a841ff3
--- /dev/null
+++ b/initscripts/longkeyword
@@ -0,0 +1,40 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: longkeyword
+# Required-Start: $remote_fs
+# Required-Stop: $remote_fs
+# Default-Start: 5
+# Default-Stop: 0 1 2 3 4 6
+# X-Start-Before: untorify
+# Short-Description: Check for the long keyword in
+### END INIT INFO
+#
+# Author: czesiek
+#
+
+set -e
+
+NAME=longkeyword
+DESC=longkeyword
+
+case "$1" in
+ start)
+ echo -n "Starting $DESC: "
+ if grep -q iwillnotbuythisrecorditisscratched /proc/cmdline
+ then
+ echo "Direct connection keyword found, doing nothing."
+ else
+ echo "No keyword for direct connection found, restarting..."
+ sleep 2
+ shutdown -h now
+ fi
+ echo "Done"
+ ;;
+ *)
+ N=/etc/init.d/$NAME
+ echo "Usage: $N {start}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/initscripts/unfermify b/initscripts/unfermify
new file mode 100755
index 0000000..32faf93
--- /dev/null
+++ b/initscripts/unfermify
@@ -0,0 +1,36 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: unfermify
+# Required-Start: $remote_fs
+# Required-Stop: $remote_fs
+# Default-Start: 3 4 5
+# Default-Stop: 0 1 2 6
+# X-Start-Before: ferm
+# Short-Description: Clear iptables modifications made by ferm's default ruleset
+### END INIT INFO
+#
+# Author: czesiek
+#
+
+set -e
+
+NAME=unfermify
+DESC=unfermify
+
+case "$1" in
+ start)
+ echo -n "Starting $DESC: "
+
+ # replace Tails' ferm config with ours
+ mv /etc/ferm/ferm-clear.conf /etc/ferm/ferm.conf
+
+ echo "Done"
+ ;;
+ *)
+ N=/etc/init.d/$NAME
+ echo "Usage: $N {start}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/initscripts/untorify b/initscripts/untorify
new file mode 100755
index 0000000..173c1e0
--- /dev/null
+++ b/initscripts/untorify
@@ -0,0 +1,80 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: untorify
+# Required-Start: $remote_fs
+# Required-Stop: $remote_fs
+# Default-Start: 3 4 5
+# Default-Stop: 0 1 2 6
+# X-Start-After: resolvconf
+# Short-Description: Clear proxy modifications done by Tails to enable VPN/SSH capabilities or direct connection.
+### END INIT INFO
+#
+# Author: czesiek
+#
+
+set -e
+
+NAME=untorify
+DESC=untorify
+
+case "$1" in
+ start)
+ echo -n "Starting $DESC: "
+
+ # delete apt's proxy config
+ rm -rf /etc/apt/apt.conf.d/0000runtime-proxy
+
+ # overwrite /etc/environment with out modified one
+ cp /etc/environment.clean /etc/environment
+
+ # delete Iceweasel's wrapper script
+ #rm -rf /usr/local/bin/iceweasel
+ rm -rf /usr/local/bin/tor-browser # XXX: Not tested
+
+ # FIXME
+ ## switch Iceweasel's default profile for Debian's clean one
+ #mv /etc/iceweasel/profile /etc/iceweasel/profile.tails
+ #mv /etc/iceweasel/profile.clean /etc/iceweasel/profile
+
+ # move the default ~/.mozilla
+ # live-config starts before us
+ mv /etc/skel/.mozilla /etc/skel/.mozilla.tails
+ # so we need this
+ rm -rf /home/amnesia/.mozilla
+
+ # FIXME
+ ## TODO: /opt/yokai cleanup
+ #FILE=/usr/lib/iceweasel/browser/defaults/preferences/000-tor-browser.js
+ #sed -r -i '/^(user_|)pref\("network\.proxy\..*",/d' ${FILE}
+ #echo 'user_pref("network.proxy.type", 0);' >> ${FILE}
+ #echo 'user_pref("network.proxy.socks_remote_dns", false);' >> ${FILE}
+ #
+ #FILE=/usr/lib/iceweasel/browser/defaults/syspref/000-tor-browser.js
+ #sed -r -i '/^(user_|)pref\("network\.proxy\..*",/d' ${FILE}
+ #echo 'user_pref("network.proxy.type", 0);' >> ${FILE}
+ #echo 'user_pref("network.proxy.socks_remote_dns", false);' >> ${FILE}
+
+ # resolvconf
+ echo '' > /etc/resolvconf/resolv.conf.d/base
+ echo -e 'tun*\n*' > /etc/resolvconf/interface-order
+
+ # delete NetworkManager dispatcher scripts
+ rm /etc/NetworkManager/dispatcher.d/10-tor.sh
+ rm /etc/NetworkManager/dispatcher.d/20-time.sh
+ rm /etc/NetworkManager/dispatcher.d/60-tor-ready-notification.sh
+ rm /etc/NetworkManager/dispatcher.d/60-ttdnsd.sh
+ rm /etc/NetworkManager/dispatcher.d/60-vidalia.sh
+
+ # ssh client
+ rm /etc/ssh/ssh_config
+
+ echo "Done"
+ ;;
+ *)
+ N=/etc/init.d/$NAME
+ echo "Usage: $N {start}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/yokai-launcher b/yokai-launcher
new file mode 100755
index 0000000..d6dbb90
--- /dev/null
+++ b/yokai-launcher
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+if grep -q 'quiet 3' /proc/cmdline; then
+ sudo /usr/local/bin/yokai-openvpn-launcher
+elif grep -q 'quiet 4' /proc/cmdline; then
+ sudo /usr/local/bin/yokai-sshuttle-launcher
+fi
diff --git a/yokai-launcher-nosudo b/yokai-launcher-nosudo
new file mode 100755
index 0000000..3a702b2
--- /dev/null
+++ b/yokai-launcher-nosudo
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+if grep -q 'quiet 3' /proc/cmdline; then
+ /usr/local/bin/yokai-openvpn-launcher
+elif grep -q 'quiet 4' /proc/cmdline; then
+ /usr/local/bin/yokai-sshuttle-launcher
+fi
diff --git a/yokai-openvpn-launcher b/yokai-openvpn-launcher
new file mode 100755
index 0000000..ad9775b
--- /dev/null
+++ b/yokai-openvpn-launcher
@@ -0,0 +1,91 @@
+#!/bin/bash
+SCRIPT=$0
+
+function run_yokai_openvpn() {
+ openvpn --up '/usr/bin/zenity --notification --text "OpenVPN connection established and running."' --down '/usr/bin/zenity --notification --text "OpenVPN connection closed!"' --config /etc/openvpn/client.conf
+
+ zenity --question --text 'OpenVPN client process exited, do you want to reconnect?'
+ if [ "$?" -ne 0 ]; then
+ exit 0
+ fi
+
+ # user said "yes", get on with it (again)
+ $SCRIPT
+}
+
+# CA file selection
+while true; do
+ echo 'Asking for CA file.'
+ CA_CERT=`zenity --file-selection --title="Select an OpenVPN CA certificate"`
+
+ case $? in
+ 0)
+ echo "CA file \"$CA_CERT\" selected."
+ break
+ ;;
+ 1)
+ echo 'User cancelled while selecting CA file'
+ zenity --warning --text 'Please select a CA certificate file.'
+ ;;
+ -1)
+ echo 'An error occured during CA certificate file selection.'
+ zenity --error --text 'An unexpected error has occured during CA certificate file selection.'
+ exit 1
+ ;;
+ esac
+done
+
+# copy CA file to a place specified in /etc/openvpn/client.conf
+cp $CA_CERT /etc/openvpn/ca.crt
+
+
+# hostname, port number, credentials
+HOST_NAME=`zenity --entry --title 'Enter hostname' --text 'Please enter OpenVPN server hostname'`
+HOST_PORT=`zenity --entry --title 'Enter port number' --text 'Please enter OpenVPN server port number'`
+CRED_USER=`zenity --entry --title 'Enter username' --text 'Please enter your OpenVPN username'`
+CRED_PASS=`zenity --entry --hide-text --title 'Enter password' --text 'Please enter your OpenVPN password'`
+
+#ENTRY=`zenity --password --username`
+#CRED_USER=`echo $ENTRY | cut -d'|' -f1`
+#CRED_PASS=`echo $ENTRY | cut -d'|' -f2`
+
+# Note: Replaced by the above because of old Zenity version in Tails
+#while true; do
+# ENTRY=`zenity --forms --title 'OpenVPN server details' --text 'Please enter OpenVPN server details.' --add-entry 'Hostname' --add-entry 'Port' --add-entry 'Username' --add-password 'Password'`
+# case $? in
+# 0)
+# HOST_NAME=`echo $ENTRY | cut -d'|' -f1`
+# HOST_PORT=`echo $ENTRY | cut -d'|' -f2`
+# CRED_USER=`echo $ENTRY | cut -d'|' -f3`
+# CRED_PASS=`echo $ENTRY | cut -d'|' -f4`
+# # TODO: simple validity checks (port number, empty strings)
+# break
+# ;;
+# 1)
+# echo 'User cancelled while entering OpenVPN server data'
+# zenity --warning --text='You must enter OpenVPN server credentials in order to connect to the Net.'
+# ;;
+# -1)
+# echo 'An error occured during credentials input.'
+# zenity --error --text 'An unexpected error has occured during credentials input.'
+# exit 1
+# ;;
+# esac
+#done
+
+# replace 'remote' line in /etc/openvpn/client.conf
+echo "== remote $HOST_NAME $HOST_PORT"
+sed -i "s/remote .*/remote $HOST_NAME $HOST_PORT/g" /etc/openvpn/client.conf
+
+# fill in /etc/openvpn/credentials file
+echo $CRED_USER > /etc/openvpn/credentials
+echo $CRED_PASS >> /etc/openvpn/credentials
+
+openvpn /etc/openvpn/client.conf
+
+zenity --question --text 'OpenVPN client process exited, do you want to reconnect?'
+if [ "$?" -ne 0 ]; then
+ exit 0
+fi
+
+run_yokai_openvpn &
diff --git a/yokai-sshuttle-launcher b/yokai-sshuttle-launcher
new file mode 100755
index 0000000..0be10dc
--- /dev/null
+++ b/yokai-sshuttle-launcher
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+while true; do
+
+ HOST_NAME=`zenity --entry --title 'Enter hostname' --text 'Please enter SSH server hostname'`
+ HOST_PORT=`zenity --entry --title 'Enter port number' --text 'Please enter SSH server port number' --entry-text '22'`
+ CRED_USER=`zenity --entry --title 'Enter username' --text 'Please enter your SSH username'`
+
+ SSHUTTLE=/opt/sshuttle/sshuttle
+ setsid ${SSHUTTLE} --dns -e 'ssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null' -r ${CRED_USER}@${HOST_NAME}:${HOST_PORT} 0/0
+
+ zenity --question --text 'sshuttle process exited, do you want to reconnect?'
+ if [ "$?" -ne 0 ]; then
+ exit 0
+ fi
+
+done