ONIONPI
(Posted 2014-03-10 14:16:53 by corey_reichle)

Small little script I wrote to turn your Raspberry Pi into a TOR-ified
access point:


#!/bin/bash

#################################################################
#
# OnionPi build script
#       vr 0.5
#
# Written by Corey Reichle
# 11/13/2013
# Copyright (c) 2013 by Corey Reichle.  Released under GPL 3 or later.
#
# Based on:
#
https://web.archive.org/web/20131109030345/http://learn.adafruit.com/onion-pi/overview
#
https://web.archive.org/web/20130904194049/http://learn.adafruit.com/setting-up-a-raspberry-pi-as-a-wifi-access-point
#
#################################################################

cat << '_EOF'
This is the OnionPi build script.  It's designed to completely automate
turning
your Raspberry Pi into a Wifi access point (SSID Pi_AP, Passphrase
Raspberry),
that tunnels all traffic over the TOR network.

Special thanks goes to Ladyada for her tutorials on adafruit.com, and
SirLagz
for his package list of non-required packages.

For this script to run correctly, it must be executed as root, or with
sudo.  It
cannot be ran as a non-privileged user.  It also presumes you have wlan0 as
your
wifi card, and eth0 as the onboard NIC.  You also require a proper wifi
card that
can handle being an AP (Presuming the Edimax cards here).

_EOF

read -p "Press [Enter] key to start install, or CTRL-C to exit..."

echo "Setting up environment:"
cd /home/pi

echo "Getting files:"

echo "Installing required programs via apt..."
apt-get -y install wget hostapd isc-dhcp-server tor &>/dev/null
echo "Downloading hostapd binary..."
wget http://www.adafruit.com/downloads/adafruit_hostapd.zip

# And, for security, and science...  You monster.
echo "Removing un-needed programs..."
apt-get -y purge alsa-base alsa-utils aptitude aspell-en blt console-setup
console-setup-linux consolekit cups-bsd dbus dbus-x11 \
debian-reference-common debian-reference-en desktop-base desktop-file-utils
dictionaries-common dillo dpkg-dev fakeroot fontconfig \
fontconfig-config fonts-droid fuse galculator gconf2 gconf2-common gdb gksu
gnome-accessibility-themes gsfonts gsfonts-x11 idle idle-python2.7 \
lesstif2:armhf libarchive12:armhf libasound2:armhf libaspell15
libasyncns0:armhf libatasmart4:armhf libatk1.0-0:armhf libaudit0
libavahi-client3:armhf \
libavahi-common3:armhf libavahi-glib1:armhf libbluetooth3:armhf
libbluray1:armhf libboost-iostreams1.46.1 libboost-iostreams1.48.0 \
libboost-iostreams1.49.0 libboost-iostreams1.50.0 libcaca0:armhf
libcairo-gobject2:armhf libcairo2:armhf libcdio-cdda1 libcdio-paranoia1 \
libcdio13 libck-connector0:armhf libcolord1:armhf libcroco3:armhf
libcups2:armhf libcupsimage2:armhf libcwidget3 libdaemon0 libdatrie1:armhf
\
libdbus-glib-1-2:armhf libdconf0:armhf libdevmapper-event1.02.1:armhf
libdirectfb-1.2-9:armhf libdrm2:armhf libept1.4.12 libexif12:armhf \
libffi5:armhf libflac8:armhf libfltk1.3:armhf libfm-data libfm-gtk-bin
libfm-gtk1 libfm1 libfontconfig1:armhf libfontenc1:armhf libfreetype6:armhf
\
libfuse2:armhf libgail-3-0:armhf libgail18:armhf libgconf-2-4:armhf
libgd2-xpm:armhf libgdk-pixbuf2.0-0:armhf libgdu0 libgeoclue0
libgfortran3:armhf \
libgif4 libgksu2-0 libgl1-mesa-glx:armhf libglade2-0 libglapi-mesa:armhf
libglib2.0-0:armhf libgnome-keyring0:armhf libgphoto2-2:armhf \
libgphoto2-port0:armhf libgs9 libgstreamer-plugins-base0.10-0:armhf
libgstreamer0.10-0:armhf libgtk-3-0:armhf libgtk-3-bin libgtk-3-common \
libgtk2.0-0:armhf libgtk2.0-common libgtop2-7 libgudev-1.0-0:armhf
libhunspell-1.3-0:armhf libice6:armhf libicu48:armhf libid3tag0 libident \
libijs-0.35 libimlib2 libimobiledevice2 libjasper1:armhf
libjavascriptcoregtk-1.0-0 libjavascriptcoregtk-3.0-0 libjbig0:armhf
libjbig2dec0 \
libjson0:armhf liblapack3 liblcms1:armhf liblcms2-2:armhf
liblightdm-gobject-1-0 libltdl7:armhf liblvm2app2.2:armhf libmad0
libmagic1:armhf \
libmenu-cache1 libmikmod2:armhf libmng1:armhf libmtdev1:armhf
libnettle4:armhf libnih-dbus1 libnih1 libnotify4:armhf libobrender27
libobt0 \
libogg0:armhf libopenjpeg2:armhf liborc-0.4-0:armhf libpango1.0-0:armhf
libpaper1:armhf libpci3:armhf libpciaccess0:armhf libpixman-1-0:armhf \
libplist1 libpng12-0:armhf libpolkit-agent-1-0:armhf
libpolkit-backend-1-0:armhf libpolkit-gobject-1-0:armhf libpoppler19:armhf
libportmidi0 \
libproxy0:armhf libpulse0:armhf libpython2.7 libqt4-network:armhf
libqt4-svg:armhf libqt4-xml:armhf libqtcore4:armhf libqtdbus4:armhf \
libqtgui4:armhf libqtwebkit4:armhf libraspberrypi0 librsvg2-2:armhf
libsamplerate0:armhf libsdl-image1.2:armhf libsdl-mixer1.2:armhf \
libsdl-ttf2.0-0:armhf libsdl1.2debian:armhf libsgutils2-2 libsm6:armhf
libsmbclient:armhf libsmpeg0:armhf libsndfile1:armhf
libsoup-gnome2.4-1:armhf \
libsoup2.4-1:armhf libsqlite3-0:armhf libstartup-notification0
libsystemd-login0:armhf libthai0:armhf libtiff4:armhf libts-0.0-0:armhf
libunique-1.0-0 \
libusbmuxd1 libvorbis0a:armhf libvorbisenc2:armhf libvorbisfile3:armhf
libvte9 libwayland0:armhf libwebkitgtk-1.0-0 libwebkitgtk-3.0-0
libwebp2:armhf \
libwnck22 libx11-6:armhf libx11-xcb1:armhf libxapian22 libxau6:armhf
libxaw7:armhf libxcb-glx0:armhf libxcb-render0:armhf libxcb-shape0:armhf \
libxcb-shm0:armhf libxcb-util0:armhf libxcb-xfixes0:armhf libxcb1:armhf
libxcomposite1:armhf libxcursor1:armhf libxdamage1:armhf libxdmcp6:armhf \
libxext6:armhf libxfixes3:armhf libxfont1 libxft2:armhf libxi6:armhf
libxinerama1:armhf libxkbcommon0:armhf libxkbfile1:armhf libxklavier16 \
libxml2:armhf libxmu6:armhf libxmuu1:armhf libxp6:armhf libxpm4:armhf
libxrandr2:armhf libxrender1:armhf libxres1:armhf libxslt1.1:armhf \
libxss1:armhf libxt6:armhf libxtst6:armhf libxv1:armhf libxxf86dga1:armhf
libxxf86vm1:armhf lightdm lightdm-gtk-greeter lxappearance lxde-common \
lxde-icon-theme lxmenu-data lxpolkit lxrandr lxtask lxterminal menu
menu-xdg midori mime-support mountall netsurf-gtk obconf omxplayer openbox
\
pciutils pcmanfm plymouth policykit-1 poppler-data python python-support
python2.7 python2.7-minimal python3 python3.2 python3.2-minimal scratch \
sgml-base shared-mime-info squeak-vm tasksel tcl8.5 tk8.5 tsconf udisks
update-inetd weston wpagui x11-common x11-utils x11-xserver-utils xarchiver
\
xfonts-utils xinit xml-core xpdf xserver-xorg xserver-xorg-core
idle-python3.2 idle3 ifplugd info leafpad &>/dev/null

echo "Making system configuration changes:"
echo "Modifying sysctl.conf..."
cat > /etc/sysctl.conf <<'_EOF'
kernel.printk = 3 4 1 3
net.ipv4.ip_forward=1
vm.swappiness=1
vm.min_free_kbytes = 8192
_EOF

echo "Writing new torrc file..."
cat > /etc/tor/torrc <<'_EOF'
HiddenServiceDir /var/lib/tor/ssh
HiddenServicePort 22 127.0.0.1:22

Log notice file /var/log/tor/notices.log
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
TransPort 9040
TransListenAddress 192.168.42.1
DNSPort 53
DNSListenAddress 192.168.42.1
_EOF

echo "Writing the hostapd config file..."
cat > /etc/hostapd/hostapd.conf <<'_EOF'
interface=wlan0
driver=rtl871xdrv
ssid=Pi_AP
hw_mode=g
channel=6
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=Raspberry
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
_EOF

cat > /etc/default/hostapd <<'_EOF'
DAEMON_CONF="/etc/hostapd/hostapd.conf"
_EOF

echo "Writing new network interfaces file..."
cat > /etc/network/interfaces <<'_EOF'
auto lo
auto eth0

iface lo inet loopback
iface eth0 inet dhcp

allow-hotplug wlan0
iface wlan0 inet static
address 192.168.42.1
netmask 255.255.255.0
up iptables-restore < /etc/iptables.ipv4.nat

_EOF

echo "writing new dhcp files..."
cat > /etc/default/isc-dhcp-server <<'_EOF'
INTERFACES="wlan0"
_EOF

cat > /etc/dhcp/dhcpd.conf <<'_EOF'
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;

subnet 192.168.42.0 netmask 255.255.255.0 {
range 192.168.42.10 192.168.42.50;
option broadcast-address 192.168.42.255;
option routers 192.168.42.1;
default-lease-time 600;
max-lease-time 7200;
option domain-name "local";
option domain-name-servers 8.8.8.8, 8.8.4.4;
}
_EOF


echo "Making iptables rules, and saving them:"
cat > /etc/iptables.ipv4.nat <<'_EOF'
#iptables-save v1.4.14 on Tue Jan 01 00:00:50 2013
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i wlan0 -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 22
-A PREROUTING -i wlan0 -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -i wlan0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j
REDIRECT --to-ports 9040
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Tue Jan 01 00:00:50 2013
# Generated by iptables-save v1.4.14 on Tue Jan 01 00:00:50 2013
*filter
:INPUT ACCEPT [1:40]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -j ACCEPT
COMMIT
# Completed on Tue Jan 01 00:00:50 2013


_EOF
echo "Giving you a new hostapd binary:"

echo "Unzippping..."
unzip /home/pi/adafruit_hostapd.zip

echo "Installing new binary..."
mv /home/pi/hostapd /usr/sbin
chmod 755 /usr/sbin/hostapd

echo "Ensuring all required files are present and with proper
permissions..."
touch /var/log/tor/notices.log
chown debian-tor /var/log/tor/notices.log
chmod 644 /var/log/tor/notices.log

echo "Ensuring services start..."
update-rc.d hostapd enable
update-rc.d isc-dhcp-server enable
update-rc.d tor enable

echo "Your TOR hidden service address is:"
cat /var/lib/tor/ssh/hostname

read -p "Write this address down, and hit [ENTER] to continue..."

read -p "Hit [ENTER] to reboot your Pi, or CTRL-C to cancel reboot."
reboot


--------

There are no comments on this post.


To submit a comment on this post, email [email protected] or visit us
on the web [ https://www.coreyreichle.com ].

You are viewing proxied material from tilde.team. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.