Oracle Linux/Obfuscation

From r00tedvw.com wiki
Revision as of 13:29, 22 April 2021 by R00t (Talk | contribs)

Jump to: navigation, search

Obfuscation

OpenVPN with ProtonVPN

Go to https://protonvpn.com, create an account, select the free plan, goto downloads and select linux, tcp, and the free server configs.
Download one of the configuration files and share it with your server (scp).
Create a file with the username and password on first two lines.

~$ printf "$USERNAME\n$PASSWORD" > ~/login.conf

Connect to the VPN

~$ openvpn --auth-user-pass login.conf --config ./nl-free-01.protonvpn.com.tcp.ovpn

Create VPN Service

Since this is a long running application, we should create a service to manage it.

~$ sudo mkdir /opt/vpn
~$ sudo touch /opt/vpn/vpn.sh
~$ sudo chown root:root /opt/vpn/vpn.sh
~$ sudo chmod 750 /opt/vpn/vpn.sh
~$ sudo vim /opt/vpn/vpn.sh
#!/bin/bash
vpnauth=/opt/vpn/login.conf
vpnconfig=/opt/vpn/nl-free-01.protonvpn.com.tcp.ovpn

openvpn --config $vpnconfig --auth-user-pass $vpnauth 
~$ sudo touch /etc/systemd/system/vpn.service
~$ sudo chown root:root /etc/systemd/system/vpn.service
~$ sudo chmod 750 /etc/systemd/system/vpn.service 
~$ sudo vim /etc/systemd/system/vpn.service
[Unit]
Description=VPN

[Service]
Type=simple
ExecStart=/opt/vpn/vpn.sh
User=root

[Install]
WantedBy=multi-user.target
~$ sudo systemctl daemon-reload
~$ sudo systemctl start vpn.service

Create VPN Management Service

We also want a management service to make sure the VPN is always connected and if not, stop any reliant services.
The OpenVPN service may not die when the connection is terminated from the host end, as such I cant depend on the service state so I've opted to rely on the exposed IP address and compare it to a dynamic dns entry.

~$ sudo touch /opt/vpn/vpnmanager.sh
~$ sudo chown root:root /opt/vpn/vpnmanager.sh
~$ sudo chmod 750 /opt/vpn/vpnmanager.sh
~$ sudo vim /opt/vpn/vpnmanager.sh
#!/bin/bash

dyndns="dyndns.tld"
logfile="/var/log/vpnmanager/vpnmanager.log"
limit=10

if [ ! -d $(dirname $logfile) ]; then
    mkdir $(dirname $logfile)
fi
if (( $? != 0 )); then
    echo "ERROR:: Unable to create log directory"
    exit 1
fi
if ( ! touch $logfile ); then
    echo "ERROR:: Unable to write log file"
    exit 1
else
    touch $logfile
fi

#exec 3>&1 4>&2
#trap 'exec 2>&4 1>&3' 0 1 2 3
#exec 1>>$logfile 2>&1
# Everything below will go to the file $logfile :

printf "\n\n$(date)\n----------------------------\n" >> $logfile

dyndnsip=$(dig -t a +short $dyndns)

function checkip {
    if [[ $(curl --max-time 10 --max-filesize 1000 --no-buffer --silent checkip.amazonaws.com) =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
        ipaddr=$(curl --max-time 10 --max-filesize 1000 --no-buffer --silent checkip.amazonaws.com)
    else
        if [[ $(curl --max-time 10 --max-filesize 1000 --no-buffer --silent ifconfig.me) =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
            ipaddr=$(curl --max-time 10 --max-filesize 1000 --no-buffer --silent ifconfig.me)
        else
            if [[ $(curl --max-time 10 --max-filesize 1000 --no-buffer --silent ipinfo.io/ip) =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
                ipaddr=$(curl --max-time 10 --max-filesize 1000 --no-buffer --silent ipinfo.io/ip)
            else
                if [[ $(curl --max-time 10 --max-filesize 1000 --no-buffer --silent ident.me)  =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
                    ipaddr=$(curl --max-time 10 --max-filesize 1000 --no-buffer --silent ident.me)
                else
                    echo "ERROR:: Unable to determine internet IP address." >> $logfile
                fi
            fi
        fi
    fi
}

function compareip {
    checkip
    if [ -z $ipaddr ] || [ $dyndnsip = $ipaddr ]; then
        echo "ERROR:: VPN is down!!" >> $logfile
        trap exit 1 SIGINT
        sleep 2
        echo "Restarting VPN..." >> $logfile
        systemctl restart vpn.service
        sleep 10
        limit=10
        compareip
    else
        if [[ $limit -eq 10 ]]; then
                echo "$(date +%F"|"%R:%S) -- VPN appears up.  VPN IP: $ipaddr is not equal to dyndns IP: $dyndnsip" >> $logfile
                unset limit
        else
                ((limit++))
        fi
        trap exit 1 SIGINT
        sleep 10
        unset ipaddr
        compareip
    fi
}

compareip
~$ sudo touch /etc/systemd/system/vpnmanager.service
~$ sudo chown root:root /etc/systemd/system/vpnmanager.service
~$ sudo chmod 750 /etc/systemd/system/vpnmanager.service
~$ sudo vim /etc/systemd/system/vpnmanager.service
[Unit]
Description=VPN Manager

[Service]
Type=simple
ExecStart=/opt/vpn/vpnmanager.sh
User=root

[Install]
WantedBy=multi-user.target 
~$ sudo systemctl daemon-reload
~$ sudo systemctl start vpnmanager.service
Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki
Confluence
DevOps Tools
Open Source Products
Ubuntu
Ubuntu 22
Mac OSX
Oracle Linux
AWS
Windows
OpenVPN
Grafana
InfluxDB2
TrueNas
MagicMirror
OwnCloud
Pivotal
osTicket
OTRS
phpBB
WordPress
VmWare ESXI 5.1
Crypto currencies
HTML
CSS
Python
Java Script
PHP
Raspberry Pi
Canvas LMS
Kaltura Media Server
Plex Media Server
MetaSploit
Zoneminder
ShinobiCE
Photoshop CS2
Fortinet
Uploaded
Certifications
General Info
Games
Meal Plans
NC Statutes
Politics
Volkswagen
Covid
NCDMV
Toolbox