Oracle Linux/Obfuscation

From r00tedvw.com wiki
(Difference between revisions)
Jump to: navigation, search
(Create VPN Management Service)
 
(2 intermediate revisions by one user not shown)
Line 52: Line 52:
 
dyndns="dyndns.tld"
 
dyndns="dyndns.tld"
 
logfile="/var/log/vpnmanager/vpnmanager.log"
 
logfile="/var/log/vpnmanager/vpnmanager.log"
 +
enableslack=true
 +
slackwebhookurl="https://hooks.slack.com/services/<UUID>"
 
limit=10
 
limit=10
  
Line 76: Line 78:
  
 
dyndnsip=$(dig -t a +short $dyndns)
 
dyndnsip=$(dig -t a +short $dyndns)
 +
 +
function slacksend {
 +
        if [ "$enableslack" = true ]; then
 +
                curl -X POST -H 'Content-type: application/json' --data '{"text":"'"$1"'"}' $slackwebhookurl
 +
        fi
 +
}
  
 
function checkip {
 
function checkip {
Line 90: Line 98:
 
                     ipaddr=$(curl --max-time 10 --max-filesize 1000 --no-buffer --silent ident.me)
 
                     ipaddr=$(curl --max-time 10 --max-filesize 1000 --no-buffer --silent ident.me)
 
                 else
 
                 else
                     echo "ERROR:: Unable to determine internet IP address." >> $logfile
+
                     msg="$(date +%F"|"%R:%S) -- ERROR:: Unable to determine internet IP address."
 +
                    echo "$msg" >> $logfile
 +
                    if [[ $health -ge 3 ]]; then
 +
                        slacksend "$msg"
 +
                    fi
 
                 fi
 
                 fi
 
             fi
 
             fi
Line 100: Line 112:
 
     checkip
 
     checkip
 
     if [ -z $ipaddr ] || [ $dyndnsip = $ipaddr ]; then
 
     if [ -z $ipaddr ] || [ $dyndnsip = $ipaddr ]; then
         echo "ERROR:: VPN is down!!" >> $logfile
+
         msg="$(date +%F"|"%R:%S) -- ERROR:: VPN is down!!"
 +
        echo "$msg" >> $logfile
 +
        if [[ $health -ge 3 ]]; then
 +
                slacksend "$msg"
 +
        fi
 
         trap exit 1 SIGINT
 
         trap exit 1 SIGINT
 
         sleep 2
 
         sleep 2
         echo "Restarting VPN..." >> $logfile
+
         msg="$(date +%F"|"%R:%S) -- Restarting VPN..."
 +
        echo "$msg" >> $logfile
 +
        if [[ $health -ge 3 ]]; then
 +
                slacksend "$msg"
 +
        fi
 
         systemctl restart vpn.service
 
         systemctl restart vpn.service
 
         sleep 10
 
         sleep 10
 
         limit=10
 
         limit=10
 +
        ((health++))
 
         compareip
 
         compareip
 
     else
 
     else
 
         if [[ $limit -eq 10 ]]; then
 
         if [[ $limit -eq 10 ]]; then
                 echo "$(date +%F"|"%R:%S) -- VPN appears up.  VPN IP: $ipaddr is not equal to dyndns IP: $dyndnsip" >> $logfile
+
                 msg="$(date +%F"|"%R:%S) -- VPN appears up.  VPN IP: $ipaddr is not equal to dyndns IP: $dyndnsip"
 +
                echo "$msg" >> $logfile
 
                 unset limit
 
                 unset limit
 +
                if [[ $health -ge 3 ]]; then
 +
                        slacksend "$msg"
 +
                fi
 
         else
 
         else
 
                 ((limit++))
 
                 ((limit++))
Line 117: Line 142:
 
         trap exit 1 SIGINT
 
         trap exit 1 SIGINT
 
         sleep 10
 
         sleep 10
         unset ipaddr
+
         unset ipaddr health
 
         compareip
 
         compareip
 
     fi
 
     fi
Line 139: Line 164:
 
[Install]
 
[Install]
 
WantedBy=multi-user.target </nowiki>
 
WantedBy=multi-user.target </nowiki>
 +
 
  <nowiki>~$ sudo systemctl daemon-reload
 
  <nowiki>~$ sudo systemctl daemon-reload
 
~$ sudo systemctl start vpnmanager.service</nowiki>
 
~$ sudo systemctl start vpnmanager.service</nowiki>

Latest revision as of 15:42, 22 April 2021

Obfuscation

[edit] OpenVPN with ProtonVPN

Go to https://protonvpn.com, create an account, select the free plan, goto downloads and select linux, tcp, and the free server configs.
Download one of the configuration files and share it with your server (scp).
Create a file with the username and password on first two lines.

~$ printf "$USERNAME\n$PASSWORD" > ~/login.conf

Connect to the VPN

~$ openvpn --auth-user-pass login.conf --config ./nl-free-01.protonvpn.com.tcp.ovpn

[edit] Create VPN Service

Since this is a long running application, we should create a service to manage it.

~$ sudo mkdir /opt/vpn
~$ sudo touch /opt/vpn/vpn.sh
~$ sudo chown root:root /opt/vpn/vpn.sh
~$ sudo chmod 750 /opt/vpn/vpn.sh
~$ sudo vim /opt/vpn/vpn.sh
#!/bin/bash
vpnauth=/opt/vpn/login.conf
vpnconfig=/opt/vpn/nl-free-01.protonvpn.com.tcp.ovpn

openvpn --config $vpnconfig --auth-user-pass $vpnauth 
~$ sudo touch /etc/systemd/system/vpn.service
~$ sudo chown root:root /etc/systemd/system/vpn.service
~$ sudo chmod 750 /etc/systemd/system/vpn.service 
~$ sudo vim /etc/systemd/system/vpn.service
[Unit]
Description=VPN

[Service]
Type=simple
ExecStart=/opt/vpn/vpn.sh
User=root

[Install]
WantedBy=multi-user.target
~$ sudo systemctl daemon-reload
~$ sudo systemctl start vpn.service

[edit] Create VPN Management Service

We also want a management service to make sure the VPN is always connected and if not, stop any reliant services.
The OpenVPN service may not die when the connection is terminated from the host end, as such I cant depend on the service state so I've opted to rely on the exposed IP address and compare it to a dynamic dns entry.

~$ sudo touch /opt/vpn/vpnmanager.sh
~$ sudo chown root:root /opt/vpn/vpnmanager.sh
~$ sudo chmod 750 /opt/vpn/vpnmanager.sh
~$ sudo vim /opt/vpn/vpnmanager.sh
#!/bin/bash

dyndns="dyndns.tld"
logfile="/var/log/vpnmanager/vpnmanager.log"
enableslack=true
slackwebhookurl="https://hooks.slack.com/services/<UUID>"
limit=10

if [ ! -d $(dirname $logfile) ]; then
    mkdir $(dirname $logfile)
fi
if (( $? != 0 )); then
    echo "ERROR:: Unable to create log directory"
    exit 1
fi
if ( ! touch $logfile ); then
    echo "ERROR:: Unable to write log file"
    exit 1
else
    touch $logfile
fi

#exec 3>&1 4>&2
#trap 'exec 2>&4 1>&3' 0 1 2 3
#exec 1>>$logfile 2>&1
# Everything below will go to the file $logfile :

printf "\n\n$(date)\n----------------------------\n" >> $logfile

dyndnsip=$(dig -t a +short $dyndns)

function slacksend {
        if [ "$enableslack" = true ]; then
                curl -X POST -H 'Content-type: application/json' --data '{"text":"'"$1"'"}' $slackwebhookurl
        fi
}

function checkip {
    if [[ $(curl --max-time 10 --max-filesize 1000 --no-buffer --silent checkip.amazonaws.com) =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
        ipaddr=$(curl --max-time 10 --max-filesize 1000 --no-buffer --silent checkip.amazonaws.com)
    else
        if [[ $(curl --max-time 10 --max-filesize 1000 --no-buffer --silent ifconfig.me) =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
            ipaddr=$(curl --max-time 10 --max-filesize 1000 --no-buffer --silent ifconfig.me)
        else
            if [[ $(curl --max-time 10 --max-filesize 1000 --no-buffer --silent ipinfo.io/ip) =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
                ipaddr=$(curl --max-time 10 --max-filesize 1000 --no-buffer --silent ipinfo.io/ip)
            else
                if [[ $(curl --max-time 10 --max-filesize 1000 --no-buffer --silent ident.me)  =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
                    ipaddr=$(curl --max-time 10 --max-filesize 1000 --no-buffer --silent ident.me)
                else
                    msg="$(date +%F"|"%R:%S) -- ERROR:: Unable to determine internet IP address."
                    echo "$msg" >> $logfile
                    if [[ $health -ge 3 ]]; then 
                        slacksend "$msg"
                    fi
                fi
            fi
        fi
    fi
}

function compareip {
    checkip
    if [ -z $ipaddr ] || [ $dyndnsip = $ipaddr ]; then
        msg="$(date +%F"|"%R:%S) -- ERROR:: VPN is down!!"
        echo "$msg" >> $logfile
        if [[ $health -ge 3 ]]; then
                slacksend "$msg"
        fi
        trap exit 1 SIGINT
        sleep 2
        msg="$(date +%F"|"%R:%S) -- Restarting VPN..."
        echo "$msg" >> $logfile
        if [[ $health -ge 3 ]]; then
                slacksend "$msg"
        fi
        systemctl restart vpn.service
        sleep 10
        limit=10
        ((health++))
        compareip
    else
        if [[ $limit -eq 10 ]]; then
                msg="$(date +%F"|"%R:%S) -- VPN appears up.  VPN IP: $ipaddr is not equal to dyndns IP: $dyndnsip"
                echo "$msg" >> $logfile
                unset limit
                if [[ $health -ge 3 ]]; then
                        slacksend "$msg"
                fi
        else
                ((limit++))
        fi
        trap exit 1 SIGINT
        sleep 10
        unset ipaddr health
        compareip
    fi
}

compareip
~$ sudo touch /etc/systemd/system/vpnmanager.service
~$ sudo chown root:root /etc/systemd/system/vpnmanager.service
~$ sudo chmod 750 /etc/systemd/system/vpnmanager.service
~$ sudo vim /etc/systemd/system/vpnmanager.service
[Unit]
Description=VPN Manager

[Service]
Type=simple
ExecStart=/opt/vpn/vpnmanager.sh
User=root

[Install]
WantedBy=multi-user.target 
~$ sudo systemctl daemon-reload
~$ sudo systemctl start vpnmanager.service
Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki
Confluence
DevOps Tools
Open Source Products
Ubuntu
Ubuntu 22
Mac OSX
Oracle Linux
AWS
Windows
OpenVPN
Grafana
InfluxDB2
TrueNas
MagicMirror
OwnCloud
Pivotal
osTicket
OTRS
phpBB
WordPress
VmWare ESXI 5.1
Crypto currencies
HTML
CSS
Python
Java Script
PHP
Raspberry Pi
Canvas LMS
Kaltura Media Server
Plex Media Server
MetaSploit
Zoneminder
ShinobiCE
Photoshop CS2
Fortinet
Uploaded
Certifications
General Info
Games
Meal Plans
NC Statutes
Politics
Volkswagen
Covid
NCDMV
Toolbox