SHARE
TWEET

onionpi.sh

a guest Nov 13th, 2013 894 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2.  
  3. #################################################################
  4. #
  5. # OnionPi build script
  6. #       vr 0.5
  7. #
  8. # Written by Netsol
  9. # 11/13/2013
  10. # Copyright (c) 2013 by Netsol.  Released under GPL 3 or later.
  11. #
  12. # Based on:
  13. #       https://web.archive.org/web/20131109030345/http://learn.adafruit.com/onion-pi/overview
  14. #       https://web.archive.org/web/20130904194049/http://learn.adafruit.com/setting-up-a-raspberry-pi-as-a-wifi-access-point
  15. #
  16. #################################################################
  17.  
  18. cat << '_EOF'
  19. This is the OnionPi build script.  It's designed to completely automate turning
  20. your Raspberry Pi into a Wifi access point (SSID Pi_AP, Passphrase Raspberry),
  21. that tunnels all traffic over the TOR network.
  22.  
  23. Special thanks goes to Ladyada for her tutorials on adafruit.com, and SirLagz
  24. for his package list of non-required packages.
  25.  
  26. For this script to run correctly, it must be executed as root, or with sudo.  It
  27. cannot be ran as a non-privileged user.  It also presumes you have wlan0 as your
  28. wifi card, and eth0 as the onboard NIC.  You also require a proper wifi card that
  29. can handle being an AP (Presuming the Edimax cards here).
  30.  
  31. _EOF
  32.  
  33. read -p "Press [Enter] key to start install, or CTRL-C to exit..."
  34.  
  35. echo "Setting up environment:"
  36. cd /home/pi
  37.  
  38. echo "Getting files:"
  39.  
  40. echo "Installing required programs via apt..."
  41. apt-get -y install wget hostapd isc-dhcp-server tor &>/dev/null
  42. echo "Downloading hostapd binary..."
  43. wget http://www.adafruit.com/downloads/adafruit_hostapd.zip
  44.  
  45. # And, for security, and science...  You monster.
  46. echo "Removing un-needed programs..."
  47. apt-get -y purge alsa-base alsa-utils aptitude aspell-en blt console-setup console-setup-linux consolekit cups-bsd dbus dbus-x11 \
  48. debian-reference-common debian-reference-en desktop-base desktop-file-utils dictionaries-common dillo dpkg-dev fakeroot fontconfig \
  49. fontconfig-config fonts-droid fuse galculator gconf2 gconf2-common gdb gksu gnome-accessibility-themes gsfonts gsfonts-x11 idle idle-python2.7 \
  50. lesstif2:armhf libarchive12:armhf libasound2:armhf libaspell15 libasyncns0:armhf libatasmart4:armhf libatk1.0-0:armhf libaudit0 libavahi-client3:armhf \
  51. libavahi-common3:armhf libavahi-glib1:armhf libbluetooth3:armhf libbluray1:armhf libboost-iostreams1.46.1 libboost-iostreams1.48.0 \
  52. libboost-iostreams1.49.0 libboost-iostreams1.50.0 libcaca0:armhf libcairo-gobject2:armhf libcairo2:armhf libcdio-cdda1 libcdio-paranoia1 \
  53. libcdio13 libck-connector0:armhf libcolord1:armhf libcroco3:armhf libcups2:armhf libcupsimage2:armhf libcwidget3 libdaemon0 libdatrie1:armhf \
  54. libdbus-glib-1-2:armhf libdconf0:armhf libdevmapper-event1.02.1:armhf libdirectfb-1.2-9:armhf libdrm2:armhf libept1.4.12 libexif12:armhf \
  55. libffi5:armhf libflac8:armhf libfltk1.3:armhf libfm-data libfm-gtk-bin libfm-gtk1 libfm1 libfontconfig1:armhf libfontenc1:armhf libfreetype6:armhf \
  56. libfuse2:armhf libgail-3-0:armhf libgail18:armhf libgconf-2-4:armhf libgd2-xpm:armhf libgdk-pixbuf2.0-0:armhf libgdu0 libgeoclue0 libgfortran3:armhf \
  57. libgif4 libgksu2-0 libgl1-mesa-glx:armhf libglade2-0 libglapi-mesa:armhf libglib2.0-0:armhf libgnome-keyring0:armhf libgphoto2-2:armhf \
  58. libgphoto2-port0:armhf libgs9 libgstreamer-plugins-base0.10-0:armhf libgstreamer0.10-0:armhf libgtk-3-0:armhf libgtk-3-bin libgtk-3-common \
  59. libgtk2.0-0:armhf libgtk2.0-common libgtop2-7 libgudev-1.0-0:armhf libhunspell-1.3-0:armhf libice6:armhf libicu48:armhf libid3tag0 libident \
  60. libijs-0.35 libimlib2 libimobiledevice2 libjasper1:armhf libjavascriptcoregtk-1.0-0 libjavascriptcoregtk-3.0-0 libjbig0:armhf libjbig2dec0 \
  61. libjson0:armhf liblapack3 liblcms1:armhf liblcms2-2:armhf liblightdm-gobject-1-0 libltdl7:armhf liblvm2app2.2:armhf libmad0 libmagic1:armhf \
  62. libmenu-cache1 libmikmod2:armhf libmng1:armhf libmtdev1:armhf libnettle4:armhf libnih-dbus1 libnih1 libnotify4:armhf libobrender27 libobt0 \
  63. libogg0:armhf libopenjpeg2:armhf liborc-0.4-0:armhf libpango1.0-0:armhf libpaper1:armhf libpci3:armhf libpciaccess0:armhf libpixman-1-0:armhf \
  64. libplist1 libpng12-0:armhf libpolkit-agent-1-0:armhf libpolkit-backend-1-0:armhf libpolkit-gobject-1-0:armhf libpoppler19:armhf libportmidi0 \
  65. libproxy0:armhf libpulse0:armhf libpython2.7 libqt4-network:armhf libqt4-svg:armhf libqt4-xml:armhf libqtcore4:armhf libqtdbus4:armhf \
  66. libqtgui4:armhf libqtwebkit4:armhf libraspberrypi0 librsvg2-2:armhf libsamplerate0:armhf libsdl-image1.2:armhf libsdl-mixer1.2:armhf \
  67. libsdl-ttf2.0-0:armhf libsdl1.2debian:armhf libsgutils2-2 libsm6:armhf libsmbclient:armhf libsmpeg0:armhf libsndfile1:armhf libsoup-gnome2.4-1:armhf \
  68. libsoup2.4-1:armhf libsqlite3-0:armhf libstartup-notification0 libsystemd-login0:armhf libthai0:armhf libtiff4:armhf libts-0.0-0:armhf libunique-1.0-0 \
  69. libusbmuxd1 libvorbis0a:armhf libvorbisenc2:armhf libvorbisfile3:armhf libvte9 libwayland0:armhf libwebkitgtk-1.0-0 libwebkitgtk-3.0-0 libwebp2:armhf \
  70. libwnck22 libx11-6:armhf libx11-xcb1:armhf libxapian22 libxau6:armhf libxaw7:armhf libxcb-glx0:armhf libxcb-render0:armhf libxcb-shape0:armhf \
  71. libxcb-shm0:armhf libxcb-util0:armhf libxcb-xfixes0:armhf libxcb1:armhf libxcomposite1:armhf libxcursor1:armhf libxdamage1:armhf libxdmcp6:armhf \
  72. libxext6:armhf libxfixes3:armhf libxfont1 libxft2:armhf libxi6:armhf libxinerama1:armhf libxkbcommon0:armhf libxkbfile1:armhf libxklavier16 \
  73. libxml2:armhf libxmu6:armhf libxmuu1:armhf libxp6:armhf libxpm4:armhf libxrandr2:armhf libxrender1:armhf libxres1:armhf libxslt1.1:armhf \
  74. libxss1:armhf libxt6:armhf libxtst6:armhf libxv1:armhf libxxf86dga1:armhf libxxf86vm1:armhf lightdm lightdm-gtk-greeter lxappearance lxde-common \
  75. lxde-icon-theme lxmenu-data lxpolkit lxrandr lxtask lxterminal menu menu-xdg midori mime-support mountall netsurf-gtk obconf omxplayer openbox \
  76. pciutils pcmanfm plymouth policykit-1 poppler-data python python-support python2.7 python2.7-minimal python3 python3.2 python3.2-minimal scratch \
  77. sgml-base shared-mime-info squeak-vm tasksel tcl8.5 tk8.5 tsconf udisks update-inetd weston wpagui x11-common x11-utils x11-xserver-utils xarchiver \
  78. xfonts-utils xinit xml-core xpdf xserver-xorg xserver-xorg-core idle-python3.2 idle3 ifplugd info leafpad &>/dev/null
  79.  
  80. echo "Making system configuration changes:"
  81. echo "Modifying sysctl.conf..."
  82. cat > /etc/sysctl.conf <<'_EOF'
  83. kernel.printk = 3 4 1 3
  84. net.ipv4.ip_forward=1
  85. vm.swappiness=1
  86. vm.min_free_kbytes = 8192
  87. _EOF
  88.  
  89. echo "Writing new torrc file..."
  90. cat > /etc/tor/torrc <<'_EOF'
  91. HiddenServiceDir /var/lib/tor/ssh
  92. HiddenServicePort 22 127.0.0.1:22
  93.  
  94. Log notice file /var/log/tor/notices.log
  95. VirtualAddrNetwork 10.192.0.0/10
  96. AutomapHostsSuffixes .onion,.exit
  97. AutomapHostsOnResolve 1
  98. TransPort 9040
  99. TransListenAddress 192.168.42.1
  100. DNSPort 53
  101. DNSListenAddress 192.168.42.1
  102. _EOF
  103.  
  104. echo "Writing the hostapd config file..."
  105. cat > /etc/hostapd/hostapd.conf <<'_EOF'
  106. interface=wlan0
  107. driver=rtl871xdrv
  108. ssid=Pi_AP
  109. hw_mode=g
  110. channel=6
  111. macaddr_acl=0
  112. auth_algs=1
  113. ignore_broadcast_ssid=0
  114. wpa=2
  115. wpa_passphrase=Raspberry
  116. wpa_key_mgmt=WPA-PSK
  117. wpa_pairwise=TKIP
  118. rsn_pairwise=CCMP
  119. _EOF
  120.  
  121. cat > /etc/default/hostapd <<'_EOF'
  122. DAEMON_CONF="/etc/hostapd/hostapd.conf"
  123. _EOF
  124.  
  125. echo "Writing new network interfaces file..."
  126. cat > /etc/network/interfaces <<'_EOF'
  127. auto lo
  128. auto eth0
  129.  
  130. iface lo inet loopback
  131. iface eth0 inet dhcp
  132.  
  133. allow-hotplug wlan0
  134. iface wlan0 inet static
  135.  address 192.168.42.1
  136.  netmask 255.255.255.0
  137.  up iptables-restore < /etc/iptables.ipv4.nat
  138.  
  139. _EOF
  140.  
  141. echo "writing new dhcp files..."
  142. cat > /etc/default/isc-dhcp-server <<'_EOF'
  143. INTERFACES="wlan0"
  144. _EOF
  145.  
  146. cat > /etc/dhcp/dhcpd.conf <<'_EOF'
  147. ddns-update-style none;
  148. default-lease-time 600;
  149. max-lease-time 7200;
  150. authoritative;
  151. log-facility local7;
  152.  
  153. subnet 192.168.42.0 netmask 255.255.255.0 {
  154. range 192.168.42.10 192.168.42.50;
  155. option broadcast-address 192.168.42.255;
  156. option routers 192.168.42.1;
  157. default-lease-time 600;
  158. max-lease-time 7200;
  159. option domain-name "local";
  160. option domain-name-servers 8.8.8.8, 8.8.4.4;
  161. }
  162. _EOF
  163.  
  164.  
  165. echo "Making iptables rules, and saving them:"
  166. cat > /etc/iptables.ipv4.nat <<'_EOF'
  167. #iptables-save v1.4.14 on Tue Jan 01 00:00:50 2013
  168. *nat
  169. :PREROUTING ACCEPT [0:0]
  170. :INPUT ACCEPT [0:0]
  171. :OUTPUT ACCEPT [0:0]
  172. :POSTROUTING ACCEPT [0:0]
  173. -A PREROUTING -i wlan0 -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 22
  174. -A PREROUTING -i wlan0 -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
  175. -A PREROUTING -i wlan0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040
  176. -A POSTROUTING -o eth0 -j MASQUERADE
  177. COMMIT
  178. # Completed on Tue Jan 01 00:00:50 2013
  179. # Generated by iptables-save v1.4.14 on Tue Jan 01 00:00:50 2013
  180. *filter
  181. :INPUT ACCEPT [1:40]
  182. :FORWARD ACCEPT [0:0]
  183. :OUTPUT ACCEPT [0:0]
  184. -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
  185. -A FORWARD -i wlan0 -o eth0 -j ACCEPT
  186. COMMIT
  187. # Completed on Tue Jan 01 00:00:50 2013
  188.  
  189.  
  190. _EOF
  191. echo "Giving you a new hostapd binary:"
  192.  
  193. echo "Unzippping..."
  194. unzip /home/pi/adafruit_hostapd.zip
  195.  
  196. echo "Installing new binary..."
  197. mv /home/pi/hostapd /usr/sbin
  198. chmod 755 /usr/sbin/hostapd
  199.  
  200. echo "Ensuring all required files are present and with proper permissions..."
  201. touch /var/log/tor/notices.log
  202. chown debian-tor /var/log/tor/notices.log
  203. chmod 644 /var/log/tor/notices.log
  204.  
  205. echo "Ensuring services start..."
  206. update-rc.d hostapd enable
  207. update-rc.d isc-dhcp-server enable
  208. update-rc.d tor enable
  209.  
  210. echo "Your TOR hidden service address is:"
  211. cat /var/lib/tor/ssh/hostname
  212.  
  213. read -p "Write this address down, and hit [ENTER] to continue..."
  214.  
  215. read -p "Hit [ENTER] to reboot your Pi, or CTRL-C to cancel reboot."
  216. reboot
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top