Compare commits

...

2 Commits

8 changed files with 501 additions and 5 deletions

View File

@ -49,8 +49,8 @@ openssl rsa -in target/keys/signingkey.pem -outform PEM -pubout -out target/keys
cp target/keys/signingpub.pem target/overlay/pub.pem cp target/keys/signingpub.pem target/overlay/pub.pem
echo "[+] Generating sample update package" echo "[+] Generating sample update package"
mkdir -p home/update mkdir -p home/upgrade
echo "sample update" > home/update/sample.txt echo "sample update" > home/upgrade/sample.txt
tar -cvf update.tar home tar -cvf update.tar home
openssl dgst -sha256 -sign target/keys/signingkey.pem -out update.tar.sig update.tar openssl dgst -sha256 -sign target/keys/signingkey.pem -out update.tar.sig update.tar
cat update.tar > update.tar.cc cat update.tar > update.tar.cc

View File

@ -2,8 +2,8 @@ auto lo
iface lo inet loopback iface lo inet loopback
auto eth0 auto eth0
pre-up sleep 10
iface eth0 inet dhcp iface eth0 inet dhcp
pre-up sleep 20
auto ap0 auto ap0
iface ap0 inet static iface ap0 inet static

254
server-config/dhcpd.conf Normal file
View File

@ -0,0 +1,254 @@
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
#log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
#subnet 10.152.187.0 netmask 255.255.255.0 {
#}
# This is a very basic subnet declaration.
#subnet 10.254.239.0 netmask 255.255.255.224 {
# range 10.254.239.10 10.254.239.20;
# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
#}
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
#subnet 10.254.239.32 netmask 255.255.255.224 {
# range dynamic-bootp 10.254.239.40 10.254.239.60;
# option broadcast-address 10.254.239.31;
# option routers rtr-239-32-1.example.org;
#}
# A slightly different configuration for an internal subnet.
#subnet 10.5.5.0 netmask 255.255.255.224 {
# range 10.5.5.26 10.5.5.30;
# option domain-name-servers ns1.internal.example.org;
# option domain-name "internal.example.org";
# option routers 10.5.5.1;
# option broadcast-address 10.5.5.31;
# default-lease-time 600;
# max-lease-time 7200;
#}
# Hosts which require special configuration options can be listed in
# host statements. If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
#host passacaglia {
# hardware ethernet 0:0:c0:5d:bd:95;
# filename "vmunix.passacaglia";
# server-name "toccata.example.com";
#}
# Fixed IP addresses can also be specified for hosts. These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP. Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
#host fantasia {
# hardware ethernet 08:00:07:26:c0:a5;
# fixed-address fantasia.example.com;
#}
# You can declare a class of clients and then do address allocation
# based on that. The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.
#class "foo" {
# match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
#}
#shared-network 224-29 {
# subnet 10.17.224.0 netmask 255.255.255.0 {
# option routers rtr-224.example.org;
# }
# subnet 10.0.29.0 netmask 255.255.255.0 {
# option routers rtr-29.example.org;
# }
# pool {
# allow members of "foo";
# range 10.17.224.10 10.17.224.250;
# }
# pool {
# deny members of "foo";
# range 10.0.29.10 10.0.29.230;
# }
#}
subnet 10.0.13.0 netmask 255.255.255.0 {
range 10.0.13.10 10.0.13.12;
option routers 10.0.13.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.14.0 netmask 255.255.255.0 {
range 10.0.14.10 10.0.14.12;
option routers 10.0.14.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.15.0 netmask 255.255.255.0 {
range 10.0.15.10 10.0.15.12;
option routers 10.0.15.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.16.0 netmask 255.255.255.0 {
range 10.0.16.10 10.0.16.12;
option routers 10.0.16.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.17.0 netmask 255.255.255.0 {
range 10.0.17.10 10.0.17.12;
option routers 10.0.17.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.18.0 netmask 255.255.255.0 {
range 10.0.18.10 10.0.18.12;
option routers 10.0.18.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.19.0 netmask 255.255.255.0 {
range 10.0.19.10 10.0.19.12;
option routers 10.0.19.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.20.0 netmask 255.255.255.0 {
range 10.0.20.10 10.0.20.12;
option routers 10.0.20.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.21.0 netmask 255.255.255.0 {
range 10.0.21.10 10.0.21.12;
option routers 10.0.21.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.22.0 netmask 255.255.255.0 {
range 10.0.22.10 10.0.22.12;
option routers 10.0.22.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.23.0 netmask 255.255.255.0 {
range 10.0.23.10 10.0.23.12;
option routers 10.0.23.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.24.0 netmask 255.255.255.0 {
range 10.0.24.10 10.0.24.12;
option routers 10.0.24.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.25.0 netmask 255.255.255.0 {
range 10.0.25.10 10.0.25.12;
option routers 10.0.25.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.26.0 netmask 255.255.255.0 {
range 10.0.26.10 10.0.26.12;
option routers 10.0.26.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.27.0 netmask 255.255.255.0 {
range 10.0.27.10 10.0.27.12;
option routers 10.0.27.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.28.0 netmask 255.255.255.0 {
range 10.0.28.10 10.0.28.12;
option routers 10.0.28.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.29.0 netmask 255.255.255.0 {
range 10.0.29.10 10.0.29.12;
option routers 10.0.29.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.30.0 netmask 255.255.255.0 {
range 10.0.30.10 10.0.30.12;
option routers 10.0.30.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.31.0 netmask 255.255.255.0 {
range 10.0.31.10 10.0.31.12;
option routers 10.0.31.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.32.0 netmask 255.255.255.0 {
range 10.0.32.10 10.0.32.12;
option routers 10.0.32.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.33.0 netmask 255.255.255.0 {
range 10.0.33.10 10.0.33.12;
option routers 10.0.33.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.34.0 netmask 255.255.255.0 {
range 10.0.34.10 10.0.34.12;
option routers 10.0.34.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.35.0 netmask 255.255.255.0 {
range 10.0.35.10 10.0.35.12;
option routers 10.0.35.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.36.0 netmask 255.255.255.0 {
range 10.0.36.10 10.0.36.12;
option routers 10.0.36.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.37.0 netmask 255.255.255.0 {
range 10.0.37.10 10.0.37.12;
option routers 10.0.37.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.38.0 netmask 255.255.255.0 {
range 10.0.38.10 10.0.38.12;
option routers 10.0.38.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.39.0 netmask 255.255.255.0 {
range 10.0.39.10 10.0.39.12;
option routers 10.0.39.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.40.0 netmask 255.255.255.0 {
range 10.0.40.10 10.0.40.12;
option routers 10.0.40.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}
subnet 10.0.41.0 netmask 255.255.255.0 {
range 10.0.41.10 10.0.41.12;
option routers 10.0.41.1;
option domain-name-servers 8.8.8.8, 1.1.1.1;
}

View File

@ -0,0 +1,185 @@
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
auto enp9s0f0
iface enp9s0f0 inet static
address 130.192.93.78
netmask 255.255.255.0
gateway 130.192.93.17
auto enp9s0f1
iface enp9s0f1 inet static
address 192.168.1.10
netmask 255.255.255.0
auto enp5s0f0
iface enp5s0f0 inet static
address 10.0.0.0
netmask 255.255.255.0
auto enp5s0f0.1013
iface enp5s0f0.1013 inet static
address 10.0.13.1
netmask 255.255.255.0
auto enp5s0f0.1014
iface enp5s0f0.1014 inet static
address 10.0.14.1
netmask 255.255.255.0
auto enp5s0f0.1015
iface enp5s0f0.1015 inet static
address 10.0.15.1
netmask 255.255.255.0
auto enp5s0f0.1016
iface enp5s0f0.1016 inet static
address 10.0.16.1
netmask 255.255.255.0
auto enp5s0f0.1017
iface enp5s0f0.1017 inet static
address 10.0.17.1
netmask 255.255.255.0
auto enp5s0f0.1018
iface enp5s0f0.1018 inet static
address 10.0.18.1
netmask 255.255.255.0
auto enp5s0f0.1019
iface enp5s0f0.1019 inet static
address 10.0.19.1
netmask 255.255.255.0
auto enp5s0f0.1020
iface enp5s0f0.1020 inet static
address 10.0.20.1
netmask 255.255.255.0
auto enp5s0f0.1021
iface enp5s0f0.1021 inet static
address 10.0.21.1
netmask 255.255.255.0
auto enp5s0f0.1022
iface enp5s0f0.1022 inet static
address 10.0.22.1
netmask 255.255.255.0
auto enp5s0f0.1023
iface enp5s0f0.1023 inet static
address 10.0.23.1
netmask 255.255.255.0
auto enp5s0f0.1024
iface enp5s0f0.1024 inet static
address 10.0.24.1
netmask 255.255.255.0
auto enp5s0f0.1025
iface enp5s0f0.1025 inet static
address 10.0.25.1
netmask 255.255.255.0
auto enp5s0f0.1026
iface enp5s0f0.1026 inet static
address 10.0.26.1
netmask 255.255.255.0
auto enp5s0f0.1027
iface enp5s0f0.1027 inet static
address 10.0.27.1
netmask 255.255.255.0
auto enp5s0f0.1028
iface enp5s0f0.1028 inet static
address 10.0.28.1
netmask 255.255.255.0
auto enp5s0f0.1029
iface enp5s0f0.1029 inet static
address 10.0.29.1
netmask 255.255.255.0
auto enp5s0f0.1030
iface enp5s0f0.1030 inet static
address 10.0.30.1
netmask 255.255.255.0
auto enp5s0f0.1031
iface enp5s0f0.1031 inet static
address 10.0.31.1
netmask 255.255.255.0
auto enp5s0f0.1032
iface enp5s0f0.1032 inet static
address 10.0.32.1
netmask 255.255.255.0
auto enp5s0f0.1033
iface enp5s0f0.1033 inet static
address 10.0.33.1
netmask 255.255.255.0
auto enp5s0f0.1034
iface enp5s0f0.1034 inet static
address 10.0.34.1
netmask 255.255.255.0
auto enp5s0f0.1035
iface enp5s0f0.1035 inet static
address 10.0.35.1
netmask 255.255.255.0
auto enp5s0f0.1036
iface enp5s0f0.1036 inet static
address 10.0.36.1
netmask 255.255.255.0
auto enp5s0f0.1037
iface enp5s0f0.1037 inet static
address 10.0.37.1
netmask 255.255.255.0
auto enp5s0f0.1038
iface enp5s0f0.1038 inet static
address 10.0.38.1
netmask 255.255.255.0
auto enp5s0f0.1039
iface enp5s0f0.1039 inet static
address 10.0.39.1
netmask 255.255.255.0
auto enp5s0f0.1040
iface enp5s0f0.1040 inet static
address 10.0.40.1
netmask 255.255.255.0
auto enp5s0f0.1041
iface enp5s0f0.1041 inet static
address 10.0.41.1
netmask 255.255.255.0
auto enp5s0f0.1100
iface enp5s0f0.1100 inet static
address 10.0.100.1
netmask 255.255.255.0
auto enp5s0f0.1101
iface enp5s0f0.1101 inet static
address 10.0.101.1
netmask 255.255.255.0
auto enp5s0f0.1102
iface enp5s0f0.1102 inet static
address 10.0.102.1
netmask 255.255.255.0

8
server-config/iptables Executable file
View File

@ -0,0 +1,8 @@
iptables -N LOG_DROP
iptables -I FORWARD -s 10.0.0.0/16 -d 10.0.0.0/16 -j LOG_DROP
iptables -A LOG_DROP -j LOG --log-prefix "refused connection: "
iptables -A LOG_DROP -j DROP
iptables -A FORWARD -i enp5s0f0 -o enp9s0f0 -j ACCEPT
iptables -A FORWARD -i enp5s0f0 -o enp9s0f0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o enp9s0f0 -j MASQUERADE
#iptables -A FORWARD -j DROP

View File

@ -0,0 +1,27 @@
# Generated by xtables-save v1.8.2 on Fri Sep 25 17:53:13 2020
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:LOG_DROP - [0:0]
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -s 10.0.0.0/16 -d 168.119.32.41 -j ACCEPT
-A FORWARD -s 10.0.0.0/16 -d 168.119.32.44 -j ACCEPT
-A FORWARD -s 10.0.0.0/16 -j LOG_DROP
-A FORWARD -i enp5s0f0 -o enp9s0f0 -j ACCEPT
-A FORWARD -i enp5s0f0 -o enp9s0f0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A LOG_DROP -j LOG --log-prefix "refused connection: "
-A LOG_DROP -j DROP
COMMIT
# Completed on Fri Sep 25 17:53:13 2020
# Generated by xtables-save v1.8.2 on Fri Sep 25 17:53:13 2020
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o enp9s0f0 -j MASQUERADE
COMMIT
# Completed on Fri Sep 25 17:53:13 2020

View File

@ -0,0 +1,22 @@
# Generated by xtables-save v1.8.2 on Fri Sep 25 17:53:13 2020
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:LOG_DROP - [0:0]
-A FORWARD -s 10.0.0.0/16 -d 10.0.0.0/16 -j LOG_DROP
-A FORWARD -i enp5s0f0 -o enp9s0f0 -j ACCEPT
-A FORWARD -i enp5s0f0 -o enp9s0f0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A LOG_DROP -j LOG --log-prefix "refused connection: "
-A LOG_DROP -j DROP
COMMIT
# Completed on Fri Sep 25 17:53:13 2020
# Generated by xtables-save v1.8.2 on Fri Sep 25 17:53:13 2020
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o enp9s0f0 -j MASQUERADE
COMMIT
# Completed on Fri Sep 25 17:53:13 2020

View File

@ -34,9 +34,9 @@ then
/bin/echo "[+] Signature is valid!" /bin/echo "[+] Signature is valid!"
/bin/echo "[+] Upgrading..." /bin/echo "[+] Upgrading..."
/bin/tar -xvf $file -C / /bin/tar -xvf $file -C /
/bin/rm $file /tmp/sig /bin/rm /tmp/sig
/bin/echo "[+] Done" /bin/echo "[+] Done"
else else
/bin/echo "[-] Signature error, exiting..." /bin/echo "[-] Signature error, exiting..."
/bin/rm $file /tmp/sig /bin/rm /tmp/sig
fi fi