API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 26th, 2020
378
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.22 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. # Homepage: selivan.github.io/socks
  3. # Author: Pavel Selivanov
  4. # Contributors: Vlad Safronov (Oracle Linux 7.5, Centos 7)
  5.  
  6.  
  7. function get_external_address() {
  8. local addr=$( timeout 3 dig +short myip.opendns.com @resolver1.opendns.com || \
  9. timeout 3 curl -s http://ipecho.net/plain || \
  10. timeout 3 curl -s http://ident.me/ || \
  11. timeout 3 curl -s http://whatismyip.akamai.com/ )
  12. [ $? -ne 0 ] && addr="<this server IP address>"
  13. echo "$addr"
  14. }
  15.  
  16. # args: file user password
  17. function generate_password_file() {
  18. # -1 generate md5-based password hash
  19. echo "$2:$( openssl passwd -1 "$3" )" > "$1"
  20. }
  21.  
  22. # args: file; generates: file.db
  23. function generate_password_dbfile() {
  24. awk -F: '{print $1; print $2}' < "$1" | db_load -T -t hash "${1}.db"
  25. }
  26.  
  27. # args: file pwdfile
  28. function generate_pam() {
  29. # nodelay: don't cause a delay on auth failure. Anti-DDOS
  30. cat > "$1" << EOF
  31. auth required pam_pwdfile.so nodelay pwdfile=$2
  32. account required pam_permit.so
  33. EOF
  34. }
  35.  
  36. # args: file pwdfile
  37. function generate_pam_userdb() {
  38. # Note that the path to the database file should be specified without the .db suffix
  39. cat > "$1" << EOF
  40. auth required pam_userdb.so db=$2 crypt=crypt
  41. account required pam_permit.so
  42. EOF
  43. }
  44.  
  45. # args: file interface port
  46. function generate_config_v11() {
  47. cat > "$1" << EOF
  48. internal: $2 port=$3
  49. external: $2
  50.  
  51. method: pam
  52.  
  53. user.privileged: root
  54. user.notprivileged: nobody
  55.  
  56. client pass {
  57. from: 0.0.0.0/0 to: 0.0.0.0/0
  58. log: error
  59. }
  60.  
  61. # deny proxied to loopback
  62. block {
  63. from: 0.0.0.0/0 to: 127.0.0.0/8
  64. log: error
  65. }
  66.  
  67. pass {
  68. from: 0.0.0.0/0 to: 0.0.0.0/0
  69. log: error
  70. }
  71. EOF
  72. }
  73.  
  74. # args: file interface port
  75. function generate_config_v14() {
  76. cat > "$1" <<EOF
  77. # https://www.inet.no/dante/doc/1.4.x/config/ipv6.html
  78. internal.protocol: ipv4 ipv6
  79. internal: $2 port=$3
  80. external.protocol: ipv4 ipv6
  81. external: $2
  82.  
  83. socksmethod: pam.any
  84.  
  85. user.privileged: root
  86. user.notprivileged: nobody
  87.  
  88. client pass {
  89. from: 0.0.0.0/0 to: 0.0.0.0/0
  90. log: error
  91. }
  92.  
  93. client pass {
  94. from: ::/0 to: ::/0
  95. log: error
  96. }
  97.  
  98. # deny proxied to loopback
  99. socks block {
  100. from: 0.0.0.0/0 to: 127.0.0.0/8
  101. log: error
  102. }
  103.  
  104. socks block {
  105. from: ::/0 to: ::1/128
  106. log: error
  107. }
  108.  
  109. socks pass {
  110. from: 0.0.0.0/0 to: 0.0.0.0/0
  111. log: error
  112. }
  113. EOF
  114. }
  115.  
  116. # args: file interface port
  117. function generate_systemd_file() {
  118. cat > "$1" <<EOF
  119. # /etc/systemd/system/sockd.service
  120. [Unit]
  121. Description=Dante Socks5 Daemon
  122. After=network.target
  123.  
  124. [Service]
  125. Type=forking
  126. PIDFile=/var/run/sockd.pid
  127. ExecStart=/usr/sbin/sockd -D -f /etc/sockd.conf
  128. ExecReload=/bin/kill -HUP \${MAINPID}
  129. KillMode=process
  130. Restart=on-failure
  131.  
  132. [Install]
  133. WantedBy=multi-user.target
  134. Alias=danted.service
  135. EOF
  136. }
  137.  
  138. # args: port
  139. function open_ufw_port() {
  140. # Open port in firewall if required
  141. if which ufw > /dev/null; then
  142. ufw allow "$PORT"/tcp
  143. fi
  144. }
  145.  
  146. # args: port
  147. function open_firewalld_port() {
  148. # Open port in firewall if required
  149. if which firewall-cmd > /dev/null; then
  150. firewall-cmd --zone=public --permanent --add-port="$1"/tcp
  151. firewall-cmd --reload
  152. fi
  153. }
  154.  
  155. IFACE=$(ip route get 8.8.8.8 | head -1 | cut -d' ' -f5)
  156. USER=user
  157.  
  158. [ -z "$PORT" ] && export PORT=$( echo $((RANDOM%8999+1000)) )
  159. [ -z "$PASSWORD" ] && export PASSWORD=$( cat /dev/urandom | tr --delete --complement 'a-z0-9' | head --bytes=10 )
  160.  
  161. [ -e /etc/lsb-release ] && source /etc/lsb-release
  162. [ -e /etc/os-release ] && source /etc/os-release
  163.  
  164. # Ubuntu 16.06 Xenial
  165. if [ "$DISTRIB_ID $DISTRIB_CODENAME" = "Ubuntu xenial" ]; then
  166.  
  167. apt update && apt upgrade -y
  168. apt install -y dante-server libpam-pwdfile openssl
  169.  
  170. generate_password_file /etc/danted.passwd "$USER" "$PASSWORD"
  171.  
  172. generate_pam /etc/pam.d/sockd /etc/danted.passwd
  173.  
  174. generate_config_v11 /etc/danted.conf "$IFACE" "$PORT"
  175.  
  176. open_ufw_port "$PORT"
  177.  
  178. systemctl restart danted.service
  179.  
  180. echo "------------"
  181. echo "Your socks proxy configuration beach:"
  182. echo "Address: $( get_external_address )"
  183. echo "Port: $PORT"
  184. echo "User: $USER"
  185. echo "Password: $PASSWORD"
  186. echo "IP and Port for line: $( get_external_address ):$PORT"
  187. echo "All for line: $( get_external_address ):$PORT@$USER:$PASSWORD"
  188. echo "All for line ver. 2: $USER:$PASSWORD@$( get_external_address ):$PORT"
  189. echo "All for line ver. 3 (curl) : socks5://$USER:$PASSWORD@$( get_external_address ):$PORT"
  190. echo "----"
  191. echo "Clean information:"
  192. echo "$( get_external_address )"
  193. echo "$PORT"
  194. echo "$USER"
  195. echo "$PASSWORD"
  196. echo "------------"
  197. # Ubuntu 18.04 Bionic
  198. elif [ "$DISTRIB_ID $DISTRIB_CODENAME" = "Ubuntu bionic" ]; then
  199.  
  200. apt update && apt upgrade -y
  201. apt install -y dante-server libpam-pwdfile openssl
  202.  
  203. generate_password_file /etc/danted.passwd "$USER" "$PASSWORD"
  204.  
  205. generate_pam /etc/pam.d/sockd /etc/danted.passwd
  206.  
  207. generate_config_v14 /etc/danted.conf "$IFACE" "$PORT"
  208.  
  209. open_ufw_port "$PORT"
  210.  
  211. systemctl restart danted.service
  212.  
  213. echo "------------"
  214. echo "Your socks proxy configuration beach:"
  215. echo "Address: $( get_external_address )"
  216. echo "Port: $PORT"
  217. echo "User: $USER"
  218. echo "Password: $PASSWORD"
  219. echo "IP and Port for line: $( get_external_address ):$PORT"
  220. echo "All for line: $( get_external_address ):$PORT@$USER:$PASSWORD"
  221. echo "All for line ver. 2: $USER:$PASSWORD@$( get_external_address ):$PORT"
  222. echo "All for line ver. 3 (curl) : socks5://$USER:$PASSWORD@$( get_external_address ):$PORT"
  223. echo "----"
  224. echo "Clean information:"
  225. echo "$( get_external_address )"
  226. echo "$PORT"
  227. echo "$USER"
  228. echo "$PASSWORD"
  229. echo "------------"
  230.  
  231. # CentOS 7 and Oracle Linux 7.5
  232. elif [ "$ID $VERSION_ID" = "ol 7.5" -o "$ID $VERSION_ID" = "centos 7" ]; then
  233.  
  234. DANTE_TGZ="tgz-prod.dante-1.4.2-rhel72-amd64-64bit-gcc.tar.gz"
  235. curl --progress-bar -O https://www.inet.no/dante/sslfiles/dante-1.4.2/"$DANTE_TGZ"
  236. tar -C / -xzf "$DANTE_TGZ"
  237.  
  238. yum install -q -y openssl which bind-utils
  239.  
  240. generate_password_file /etc/danted.passwd "$USER" "$PASSWORD"
  241.  
  242. generate_password_dbfile /etc/danted.passwd
  243.  
  244. generate_pam_userdb /etc/pam.d/sockd /etc/danted.passwd
  245.  
  246. generate_config_v14 /etc/sockd.conf "$IFACE" "$PORT"
  247.  
  248. open_firewalld_port "$PORT"
  249.  
  250. generate_systemd_file /etc/systemd/system/sockd.service
  251.  
  252. systemctl daemon-reload
  253.  
  254. systemctl enable sockd.service
  255.  
  256. systemctl restart sockd.service
  257.  
  258. echo "------------"
  259. echo "Your socks proxy configuration beach:"
  260. echo "Address: $( get_external_address )"
  261. echo "Port: $PORT"
  262. echo "User: $USER"
  263. echo "Password: $PASSWORD"
  264. echo "IP and Port for line: $( get_external_address ):$PORT"
  265. echo "All for line: $( get_external_address ):$PORT@$USER:$PASSWORD"
  266. echo "All for line ver. 2: $USER:$PASSWORD@$( get_external_address ):$PORT"
  267. echo "All for line ver. 3 (curl) : socks5://$USER:$PASSWORD@$( get_external_address ):$PORT"
  268. echo "----"
  269. echo "Clean information:"
  270. echo "$( get_external_address )"
  271. echo "$PORT"
  272. echo "$USER"
  273. echo "$PASSWORD"
  274. echo "------------"
  275.  
  276. else
  277.  
  278. echo "Sorry, this distribution is not supported"
  279. echo "Feel free to send patches to selivan.github.io/socks to add support for more"
  280. echo "Supported distributions:"
  281. echo "- Ubuntu 16.04 Xenial"
  282. echo "- Ubuntu 18.04 Bionic"
  283. echo "- Oracle Linux 7.5"
  284. echo "- Centos 7"
  285. exit 1
  286.  
  287. fi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!