Added initscripts/, NM dispatcher script, ferm configs, launchers
parent
52c7530e80
commit
f165871b63
|
@ -0,0 +1,45 @@
|
|||
#! /bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
killtree() {
|
||||
local _pid=$1
|
||||
local _sig=${2:--KILL}
|
||||
for _child in $(ps -o pid --no-headers --ppid ${_pid}); do
|
||||
killtree ${_child} ${_sig}
|
||||
done
|
||||
|
||||
kill -9 ${_pid}
|
||||
}
|
||||
|
||||
# Get LIVE_USERNAME
|
||||
. /etc/live/config.d/username.conf
|
||||
|
||||
# Get LANG
|
||||
. /etc/default/locale
|
||||
|
||||
export LANG
|
||||
export DISPLAY=':0.0'
|
||||
export XAUTHORITY="`echo /var/run/gdm3/auth-for-${LIVE_USERNAME}-*/database`"
|
||||
|
||||
LOCKFILE=/var/lock/yokai-launcher.lock
|
||||
|
||||
# Run only when the interface is not "lo":
|
||||
if [ "${1}" = "lo" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ "${2}" = "up" ]; then
|
||||
(
|
||||
sudo -u ${LIVE_USERNAME} lckdo $LOCKFILE yokai-launcher -DISPLAY=${DISPLAY}
|
||||
) &
|
||||
elif [ "${2}" = "down" ]; then
|
||||
for i in $(seq 10); do
|
||||
PPID=`pgrep "^yokai-launcher$"`
|
||||
killtree $PPID
|
||||
sleep 1
|
||||
if ! pgrep "^yokai-launcher$"; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
fi
|
|
@ -0,0 +1,18 @@
|
|||
#http_proxy=http://127.0.0.1:8118
|
||||
#HTTP_PROXY=http://127.0.0.1:8118
|
||||
#https_proxy=http://127.0.0.1:8118
|
||||
#HTTPS_PROXY=http://127.0.0.1:8118
|
||||
#SOCKS_SERVER=127.0.0.1:9050
|
||||
#SOCKS5_SERVER=127.0.0.1:9050
|
||||
|
||||
# Allow Torbutton access to the control port filter (for new identity).
|
||||
# Setting a password is required, otherwise Torbutton attempts to
|
||||
# read the authentication cookie file instead, which fails.
|
||||
#TOR_CONTROL_HOST='127.0.0.1'
|
||||
#TOR_CONTROL_PORT='9052'
|
||||
#TOR_CONTROL_PASSWD='passwd'
|
||||
|
||||
#GIT_PROXY_COMMAND=/usr/local/bin/connect-socks
|
||||
|
||||
# Port that the monkeysphere validation agent listens on
|
||||
MSVA_PORT='6136'
|
|
@ -0,0 +1,52 @@
|
|||
# -*- mode: conf[space] -*-
|
||||
#
|
||||
# Configuration file for ferm(1).
|
||||
#
|
||||
|
||||
# IPv4
|
||||
domain ip {
|
||||
table filter {
|
||||
chain INPUT {
|
||||
policy ACCEPT;
|
||||
}
|
||||
|
||||
chain OUTPUT {
|
||||
policy ACCEPT;
|
||||
}
|
||||
|
||||
chain FORWARD {
|
||||
policy ACCEPT;
|
||||
}
|
||||
}
|
||||
|
||||
table nat {
|
||||
chain PREROUTING {
|
||||
policy ACCEPT;
|
||||
}
|
||||
|
||||
chain POSTROUTING {
|
||||
policy ACCEPT;
|
||||
}
|
||||
|
||||
chain OUTPUT {
|
||||
policy ACCEPT;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# IPv6:
|
||||
domain ip6 {
|
||||
table filter {
|
||||
chain INPUT {
|
||||
policy ACCEPT;
|
||||
}
|
||||
|
||||
chain FORWARD {
|
||||
policy ACCEPT;
|
||||
}
|
||||
|
||||
chain OUTPUT {
|
||||
policy ACCEPT;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,52 @@
|
|||
# -*- mode: conf[space] -*-
|
||||
#
|
||||
# Configuration file for ferm(1).
|
||||
#
|
||||
|
||||
# IPv4
|
||||
domain ip {
|
||||
table filter {
|
||||
chain INPUT {
|
||||
policy DROP;
|
||||
}
|
||||
|
||||
chain OUTPUT {
|
||||
policy DROP;
|
||||
}
|
||||
|
||||
chain FORWARD {
|
||||
policy DROP;
|
||||
}
|
||||
}
|
||||
|
||||
table nat {
|
||||
chain PREROUTING {
|
||||
policy DROP;
|
||||
}
|
||||
|
||||
chain POSTROUTING {
|
||||
policy DROP;
|
||||
}
|
||||
|
||||
chain OUTPUT {
|
||||
policy DROP;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# IPv6:
|
||||
domain ip6 {
|
||||
table filter {
|
||||
chain INPUT {
|
||||
policy DROP;
|
||||
}
|
||||
|
||||
chain FORWARD {
|
||||
policy DROP;
|
||||
}
|
||||
|
||||
chain OUTPUT {
|
||||
policy DROP;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,40 @@
|
|||
#!/bin/sh
|
||||
### BEGIN INIT INFO
|
||||
# Provides: longkeyword
|
||||
# Required-Start: $remote_fs
|
||||
# Required-Stop: $remote_fs
|
||||
# Default-Start: 5
|
||||
# Default-Stop: 0 1 2 3 4 6
|
||||
# X-Start-Before: untorify
|
||||
# Short-Description: Check for the long keyword in
|
||||
### END INIT INFO
|
||||
#
|
||||
# Author: czesiek
|
||||
#
|
||||
|
||||
set -e
|
||||
|
||||
NAME=longkeyword
|
||||
DESC=longkeyword
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
echo -n "Starting $DESC: "
|
||||
if grep -q iwillnotbuythisrecorditisscratched /proc/cmdline
|
||||
then
|
||||
echo "Direct connection keyword found, doing nothing."
|
||||
else
|
||||
echo "No keyword for direct connection found, restarting..."
|
||||
sleep 2
|
||||
shutdown -h now
|
||||
fi
|
||||
echo "Done"
|
||||
;;
|
||||
*)
|
||||
N=/etc/init.d/$NAME
|
||||
echo "Usage: $N {start}" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,36 @@
|
|||
#!/bin/sh
|
||||
### BEGIN INIT INFO
|
||||
# Provides: unfermify
|
||||
# Required-Start: $remote_fs
|
||||
# Required-Stop: $remote_fs
|
||||
# Default-Start: 3 4 5
|
||||
# Default-Stop: 0 1 2 6
|
||||
# X-Start-Before: ferm
|
||||
# Short-Description: Clear iptables modifications made by ferm's default ruleset
|
||||
### END INIT INFO
|
||||
#
|
||||
# Author: czesiek
|
||||
#
|
||||
|
||||
set -e
|
||||
|
||||
NAME=unfermify
|
||||
DESC=unfermify
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
echo -n "Starting $DESC: "
|
||||
|
||||
# replace Tails' ferm config with ours
|
||||
mv /etc/ferm/ferm-clear.conf /etc/ferm/ferm.conf
|
||||
|
||||
echo "Done"
|
||||
;;
|
||||
*)
|
||||
N=/etc/init.d/$NAME
|
||||
echo "Usage: $N {start}" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,80 @@
|
|||
#!/bin/sh
|
||||
### BEGIN INIT INFO
|
||||
# Provides: untorify
|
||||
# Required-Start: $remote_fs
|
||||
# Required-Stop: $remote_fs
|
||||
# Default-Start: 3 4 5
|
||||
# Default-Stop: 0 1 2 6
|
||||
# X-Start-After: resolvconf
|
||||
# Short-Description: Clear proxy modifications done by Tails to enable VPN/SSH capabilities or direct connection.
|
||||
### END INIT INFO
|
||||
#
|
||||
# Author: czesiek
|
||||
#
|
||||
|
||||
set -e
|
||||
|
||||
NAME=untorify
|
||||
DESC=untorify
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
echo -n "Starting $DESC: "
|
||||
|
||||
# delete apt's proxy config
|
||||
rm -rf /etc/apt/apt.conf.d/0000runtime-proxy
|
||||
|
||||
# overwrite /etc/environment with out modified one
|
||||
cp /etc/environment.clean /etc/environment
|
||||
|
||||
# delete Iceweasel's wrapper script
|
||||
#rm -rf /usr/local/bin/iceweasel
|
||||
rm -rf /usr/local/bin/tor-browser # XXX: Not tested
|
||||
|
||||
# FIXME
|
||||
## switch Iceweasel's default profile for Debian's clean one
|
||||
#mv /etc/iceweasel/profile /etc/iceweasel/profile.tails
|
||||
#mv /etc/iceweasel/profile.clean /etc/iceweasel/profile
|
||||
|
||||
# move the default ~/.mozilla
|
||||
# live-config starts before us
|
||||
mv /etc/skel/.mozilla /etc/skel/.mozilla.tails
|
||||
# so we need this
|
||||
rm -rf /home/amnesia/.mozilla
|
||||
|
||||
# FIXME
|
||||
## TODO: /opt/yokai cleanup
|
||||
#FILE=/usr/lib/iceweasel/browser/defaults/preferences/000-tor-browser.js
|
||||
#sed -r -i '/^(user_|)pref\("network\.proxy\..*",/d' ${FILE}
|
||||
#echo 'user_pref("network.proxy.type", 0);' >> ${FILE}
|
||||
#echo 'user_pref("network.proxy.socks_remote_dns", false);' >> ${FILE}
|
||||
#
|
||||
#FILE=/usr/lib/iceweasel/browser/defaults/syspref/000-tor-browser.js
|
||||
#sed -r -i '/^(user_|)pref\("network\.proxy\..*",/d' ${FILE}
|
||||
#echo 'user_pref("network.proxy.type", 0);' >> ${FILE}
|
||||
#echo 'user_pref("network.proxy.socks_remote_dns", false);' >> ${FILE}
|
||||
|
||||
# resolvconf
|
||||
echo '' > /etc/resolvconf/resolv.conf.d/base
|
||||
echo -e 'tun*\n*' > /etc/resolvconf/interface-order
|
||||
|
||||
# delete NetworkManager dispatcher scripts
|
||||
rm /etc/NetworkManager/dispatcher.d/10-tor.sh
|
||||
rm /etc/NetworkManager/dispatcher.d/20-time.sh
|
||||
rm /etc/NetworkManager/dispatcher.d/60-tor-ready-notification.sh
|
||||
rm /etc/NetworkManager/dispatcher.d/60-ttdnsd.sh
|
||||
rm /etc/NetworkManager/dispatcher.d/60-vidalia.sh
|
||||
|
||||
# ssh client
|
||||
rm /etc/ssh/ssh_config
|
||||
|
||||
echo "Done"
|
||||
;;
|
||||
*)
|
||||
N=/etc/init.d/$NAME
|
||||
echo "Usage: $N {start}" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
if grep -q 'quiet 3' /proc/cmdline; then
|
||||
sudo /usr/local/bin/yokai-openvpn-launcher
|
||||
elif grep -q 'quiet 4' /proc/cmdline; then
|
||||
sudo /usr/local/bin/yokai-sshuttle-launcher
|
||||
fi
|
|
@ -0,0 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
if grep -q 'quiet 3' /proc/cmdline; then
|
||||
/usr/local/bin/yokai-openvpn-launcher
|
||||
elif grep -q 'quiet 4' /proc/cmdline; then
|
||||
/usr/local/bin/yokai-sshuttle-launcher
|
||||
fi
|
|
@ -0,0 +1,91 @@
|
|||
#!/bin/bash
|
||||
SCRIPT=$0
|
||||
|
||||
function run_yokai_openvpn() {
|
||||
openvpn --up '/usr/bin/zenity --notification --text "OpenVPN connection established and running."' --down '/usr/bin/zenity --notification --text "OpenVPN connection closed!"' --config /etc/openvpn/client.conf
|
||||
|
||||
zenity --question --text 'OpenVPN client process exited, do you want to reconnect?'
|
||||
if [ "$?" -ne 0 ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# user said "yes", get on with it (again)
|
||||
$SCRIPT
|
||||
}
|
||||
|
||||
# CA file selection
|
||||
while true; do
|
||||
echo 'Asking for CA file.'
|
||||
CA_CERT=`zenity --file-selection --title="Select an OpenVPN CA certificate"`
|
||||
|
||||
case $? in
|
||||
0)
|
||||
echo "CA file \"$CA_CERT\" selected."
|
||||
break
|
||||
;;
|
||||
1)
|
||||
echo 'User cancelled while selecting CA file'
|
||||
zenity --warning --text 'Please select a CA certificate file.'
|
||||
;;
|
||||
-1)
|
||||
echo 'An error occured during CA certificate file selection.'
|
||||
zenity --error --text 'An unexpected error has occured during CA certificate file selection.'
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
# copy CA file to a place specified in /etc/openvpn/client.conf
|
||||
cp $CA_CERT /etc/openvpn/ca.crt
|
||||
|
||||
|
||||
# hostname, port number, credentials
|
||||
HOST_NAME=`zenity --entry --title 'Enter hostname' --text 'Please enter OpenVPN server hostname'`
|
||||
HOST_PORT=`zenity --entry --title 'Enter port number' --text 'Please enter OpenVPN server port number'`
|
||||
CRED_USER=`zenity --entry --title 'Enter username' --text 'Please enter your OpenVPN username'`
|
||||
CRED_PASS=`zenity --entry --hide-text --title 'Enter password' --text 'Please enter your OpenVPN password'`
|
||||
|
||||
#ENTRY=`zenity --password --username`
|
||||
#CRED_USER=`echo $ENTRY | cut -d'|' -f1`
|
||||
#CRED_PASS=`echo $ENTRY | cut -d'|' -f2`
|
||||
|
||||
# Note: Replaced by the above because of old Zenity version in Tails
|
||||
#while true; do
|
||||
# ENTRY=`zenity --forms --title 'OpenVPN server details' --text 'Please enter OpenVPN server details.' --add-entry 'Hostname' --add-entry 'Port' --add-entry 'Username' --add-password 'Password'`
|
||||
# case $? in
|
||||
# 0)
|
||||
# HOST_NAME=`echo $ENTRY | cut -d'|' -f1`
|
||||
# HOST_PORT=`echo $ENTRY | cut -d'|' -f2`
|
||||
# CRED_USER=`echo $ENTRY | cut -d'|' -f3`
|
||||
# CRED_PASS=`echo $ENTRY | cut -d'|' -f4`
|
||||
# # TODO: simple validity checks (port number, empty strings)
|
||||
# break
|
||||
# ;;
|
||||
# 1)
|
||||
# echo 'User cancelled while entering OpenVPN server data'
|
||||
# zenity --warning --text='You must enter OpenVPN server credentials in order to connect to the Net.'
|
||||
# ;;
|
||||
# -1)
|
||||
# echo 'An error occured during credentials input.'
|
||||
# zenity --error --text 'An unexpected error has occured during credentials input.'
|
||||
# exit 1
|
||||
# ;;
|
||||
# esac
|
||||
#done
|
||||
|
||||
# replace 'remote' line in /etc/openvpn/client.conf
|
||||
echo "== remote $HOST_NAME $HOST_PORT"
|
||||
sed -i "s/remote .*/remote $HOST_NAME $HOST_PORT/g" /etc/openvpn/client.conf
|
||||
|
||||
# fill in /etc/openvpn/credentials file
|
||||
echo $CRED_USER > /etc/openvpn/credentials
|
||||
echo $CRED_PASS >> /etc/openvpn/credentials
|
||||
|
||||
openvpn /etc/openvpn/client.conf
|
||||
|
||||
zenity --question --text 'OpenVPN client process exited, do you want to reconnect?'
|
||||
if [ "$?" -ne 0 ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
run_yokai_openvpn &
|
|
@ -0,0 +1,17 @@
|
|||
#!/bin/sh
|
||||
|
||||
while true; do
|
||||
|
||||
HOST_NAME=`zenity --entry --title 'Enter hostname' --text 'Please enter SSH server hostname'`
|
||||
HOST_PORT=`zenity --entry --title 'Enter port number' --text 'Please enter SSH server port number' --entry-text '22'`
|
||||
CRED_USER=`zenity --entry --title 'Enter username' --text 'Please enter your SSH username'`
|
||||
|
||||
SSHUTTLE=/opt/sshuttle/sshuttle
|
||||
setsid ${SSHUTTLE} --dns -e 'ssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null' -r ${CRED_USER}@${HOST_NAME}:${HOST_PORT} 0/0
|
||||
|
||||
zenity --question --text 'sshuttle process exited, do you want to reconnect?'
|
||||
if [ "$?" -ne 0 ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
done
|
Loading…
Reference in New Issue