Oracle Linux/Obfuscation
From r00tedvw.com wiki
(Difference between revisions)
(→Create VPN Service) |
(→Create VPN Management Service) |
||
| (4 intermediate revisions by one user not shown) | |||
| Line 2: | Line 2: | ||
=OpenVPN with ProtonVPN= | =OpenVPN with ProtonVPN= | ||
| − | Go to [protonvpn.com protonvpn.com], create an account, select the free plan, goto downloads and select linux, tcp, and the free server configs.<br> | + | Go to [https://protonvpn.com https://protonvpn.com], create an account, select the free plan, goto downloads and select linux, tcp, and the free server configs.<br> |
Download one of the configuration files and share it with your server (scp).<br> | Download one of the configuration files and share it with your server (scp).<br> | ||
Create a file with the username and password on first two lines. | Create a file with the username and password on first two lines. | ||
| Line 52: | Line 52: | ||
dyndns="dyndns.tld" | dyndns="dyndns.tld" | ||
logfile="/var/log/vpnmanager/vpnmanager.log" | logfile="/var/log/vpnmanager/vpnmanager.log" | ||
| + | enableslack=true | ||
| + | slackwebhookurl="https://hooks.slack.com/services/<UUID>" | ||
limit=10 | limit=10 | ||
| Line 76: | Line 78: | ||
dyndnsip=$(dig -t a +short $dyndns) | dyndnsip=$(dig -t a +short $dyndns) | ||
| + | |||
| + | function slacksend { | ||
| + | if [ "$enableslack" = true ]; then | ||
| + | curl -X POST -H 'Content-type: application/json' --data '{"text":"'"$1"'"}' $slackwebhookurl | ||
| + | fi | ||
| + | } | ||
function checkip { | function checkip { | ||
| Line 90: | Line 98: | ||
ipaddr=$(curl --max-time 10 --max-filesize 1000 --no-buffer --silent ident.me) | ipaddr=$(curl --max-time 10 --max-filesize 1000 --no-buffer --silent ident.me) | ||
else | else | ||
| − | + | msg="$(date +%F"|"%R:%S) -- ERROR:: Unable to determine internet IP address." | |
| + | echo "$msg" >> $logfile | ||
| + | if [[ $health -ge 3 ]]; then | ||
| + | slacksend "$msg" | ||
| + | fi | ||
fi | fi | ||
fi | fi | ||
| Line 100: | Line 112: | ||
checkip | checkip | ||
if [ -z $ipaddr ] || [ $dyndnsip = $ipaddr ]; then | if [ -z $ipaddr ] || [ $dyndnsip = $ipaddr ]; then | ||
| − | + | msg="$(date +%F"|"%R:%S) -- ERROR:: VPN is down!!" | |
| + | echo "$msg" >> $logfile | ||
| + | if [[ $health -ge 3 ]]; then | ||
| + | slacksend "$msg" | ||
| + | fi | ||
trap exit 1 SIGINT | trap exit 1 SIGINT | ||
sleep 2 | sleep 2 | ||
| − | + | msg="$(date +%F"|"%R:%S) -- Restarting VPN..." | |
| + | echo "$msg" >> $logfile | ||
| + | if [[ $health -ge 3 ]]; then | ||
| + | slacksend "$msg" | ||
| + | fi | ||
systemctl restart vpn.service | systemctl restart vpn.service | ||
sleep 10 | sleep 10 | ||
limit=10 | limit=10 | ||
| + | ((health++)) | ||
compareip | compareip | ||
else | else | ||
if [[ $limit -eq 10 ]]; then | if [[ $limit -eq 10 ]]; then | ||
| − | + | msg="$(date +%F"|"%R:%S) -- VPN appears up. VPN IP: $ipaddr is not equal to dyndns IP: $dyndnsip" | |
| + | echo "$msg" >> $logfile | ||
unset limit | unset limit | ||
| + | if [[ $health -ge 3 ]]; then | ||
| + | slacksend "$msg" | ||
| + | fi | ||
else | else | ||
((limit++)) | ((limit++)) | ||
| Line 117: | Line 142: | ||
trap exit 1 SIGINT | trap exit 1 SIGINT | ||
sleep 10 | sleep 10 | ||
| − | unset ipaddr | + | unset ipaddr health |
compareip | compareip | ||
fi | fi | ||
| Line 139: | Line 164: | ||
[Install] | [Install] | ||
WantedBy=multi-user.target </nowiki> | WantedBy=multi-user.target </nowiki> | ||
| + | |||
<nowiki>~$ sudo systemctl daemon-reload | <nowiki>~$ sudo systemctl daemon-reload | ||
~$ sudo systemctl start vpnmanager.service</nowiki> | ~$ sudo systemctl start vpnmanager.service</nowiki> | ||
Latest revision as of 16:42, 22 April 2021
Obfuscation
[edit] OpenVPN with ProtonVPN
Go to https://protonvpn.com, create an account, select the free plan, goto downloads and select linux, tcp, and the free server configs.
Download one of the configuration files and share it with your server (scp).
Create a file with the username and password on first two lines.
~$ printf "$USERNAME\n$PASSWORD" > ~/login.conf
Connect to the VPN
~$ openvpn --auth-user-pass login.conf --config ./nl-free-01.protonvpn.com.tcp.ovpn
[edit] Create VPN Service
Since this is a long running application, we should create a service to manage it.
~$ sudo mkdir /opt/vpn ~$ sudo touch /opt/vpn/vpn.sh ~$ sudo chown root:root /opt/vpn/vpn.sh ~$ sudo chmod 750 /opt/vpn/vpn.sh
~$ sudo vim /opt/vpn/vpn.sh #!/bin/bash vpnauth=/opt/vpn/login.conf vpnconfig=/opt/vpn/nl-free-01.protonvpn.com.tcp.ovpn openvpn --config $vpnconfig --auth-user-pass $vpnauth
~$ sudo touch /etc/systemd/system/vpn.service ~$ sudo chown root:root /etc/systemd/system/vpn.service ~$ sudo chmod 750 /etc/systemd/system/vpn.service ~$ sudo vim /etc/systemd/system/vpn.service [Unit] Description=VPN [Service] Type=simple ExecStart=/opt/vpn/vpn.sh User=root [Install] WantedBy=multi-user.target
~$ sudo systemctl daemon-reload ~$ sudo systemctl start vpn.service
[edit] Create VPN Management Service
We also want a management service to make sure the VPN is always connected and if not, stop any reliant services.
The OpenVPN service may not die when the connection is terminated from the host end, as such I cant depend on the service state so I've opted to rely on the exposed IP address and compare it to a dynamic dns entry.
~$ sudo touch /opt/vpn/vpnmanager.sh ~$ sudo chown root:root /opt/vpn/vpnmanager.sh ~$ sudo chmod 750 /opt/vpn/vpnmanager.sh
~$ sudo vim /opt/vpn/vpnmanager.sh
#!/bin/bash
dyndns="dyndns.tld"
logfile="/var/log/vpnmanager/vpnmanager.log"
enableslack=true
slackwebhookurl="https://hooks.slack.com/services/<UUID>"
limit=10
if [ ! -d $(dirname $logfile) ]; then
mkdir $(dirname $logfile)
fi
if (( $? != 0 )); then
echo "ERROR:: Unable to create log directory"
exit 1
fi
if ( ! touch $logfile ); then
echo "ERROR:: Unable to write log file"
exit 1
else
touch $logfile
fi
#exec 3>&1 4>&2
#trap 'exec 2>&4 1>&3' 0 1 2 3
#exec 1>>$logfile 2>&1
# Everything below will go to the file $logfile :
printf "\n\n$(date)\n----------------------------\n" >> $logfile
dyndnsip=$(dig -t a +short $dyndns)
function slacksend {
if [ "$enableslack" = true ]; then
curl -X POST -H 'Content-type: application/json' --data '{"text":"'"$1"'"}' $slackwebhookurl
fi
}
function checkip {
if [[ $(curl --max-time 10 --max-filesize 1000 --no-buffer --silent checkip.amazonaws.com) =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
ipaddr=$(curl --max-time 10 --max-filesize 1000 --no-buffer --silent checkip.amazonaws.com)
else
if [[ $(curl --max-time 10 --max-filesize 1000 --no-buffer --silent ifconfig.me) =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
ipaddr=$(curl --max-time 10 --max-filesize 1000 --no-buffer --silent ifconfig.me)
else
if [[ $(curl --max-time 10 --max-filesize 1000 --no-buffer --silent ipinfo.io/ip) =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
ipaddr=$(curl --max-time 10 --max-filesize 1000 --no-buffer --silent ipinfo.io/ip)
else
if [[ $(curl --max-time 10 --max-filesize 1000 --no-buffer --silent ident.me) =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
ipaddr=$(curl --max-time 10 --max-filesize 1000 --no-buffer --silent ident.me)
else
msg="$(date +%F"|"%R:%S) -- ERROR:: Unable to determine internet IP address."
echo "$msg" >> $logfile
if [[ $health -ge 3 ]]; then
slacksend "$msg"
fi
fi
fi
fi
fi
}
function compareip {
checkip
if [ -z $ipaddr ] || [ $dyndnsip = $ipaddr ]; then
msg="$(date +%F"|"%R:%S) -- ERROR:: VPN is down!!"
echo "$msg" >> $logfile
if [[ $health -ge 3 ]]; then
slacksend "$msg"
fi
trap exit 1 SIGINT
sleep 2
msg="$(date +%F"|"%R:%S) -- Restarting VPN..."
echo "$msg" >> $logfile
if [[ $health -ge 3 ]]; then
slacksend "$msg"
fi
systemctl restart vpn.service
sleep 10
limit=10
((health++))
compareip
else
if [[ $limit -eq 10 ]]; then
msg="$(date +%F"|"%R:%S) -- VPN appears up. VPN IP: $ipaddr is not equal to dyndns IP: $dyndnsip"
echo "$msg" >> $logfile
unset limit
if [[ $health -ge 3 ]]; then
slacksend "$msg"
fi
else
((limit++))
fi
trap exit 1 SIGINT
sleep 10
unset ipaddr health
compareip
fi
}
compareip
~$ sudo touch /etc/systemd/system/vpnmanager.service ~$ sudo chown root:root /etc/systemd/system/vpnmanager.service ~$ sudo chmod 750 /etc/systemd/system/vpnmanager.service
~$ sudo vim /etc/systemd/system/vpnmanager.service [Unit] Description=VPN Manager [Service] Type=simple ExecStart=/opt/vpn/vpnmanager.sh User=root [Install] WantedBy=multi-user.target
~$ sudo systemctl daemon-reload ~$ sudo systemctl start vpnmanager.service
