Skip to content

Commit

Permalink
v6.26
Browse files Browse the repository at this point in the history 
+ DietPi-Software | WiFi Hotspot: Unmask service on install and use our custom compiled binaries (+libssl1.0.0 package) only for RTL8188C* devices + if there is no RTL-specific APT package available in repo (e.g. ARMbian) + on supported architectures only (e.g. not x86_64)
+ DietPi-Software | WiFi Hotspot: Allow install on VM, e.g. for testing reasons, since it is possible to use USB WiFi dongles attached to host on VM guests
+ DietPi-Software | Fail2Ban: Adjust our default jail.conf - "name", "bantime" and "port" variables are not handled by route ban action. Instead "blocktype" can be used to define the route type. By default "unreachable" is used, which sends still an answer to blocked requests, thus we use "blackhole" to send to answer at all.
+ DietPi-Software | Fail2Ban: Remove the obsolete sysvinit service to avoid any interference and possible confusion, e.g. since /etc/default/fail2ban has no effect on the systemd unit.
+ DietPi-Software | Minor coding
  • Loading branch information
@MichaIng
MichaIng authored Sep 16, 2019
1 parent 7719107 commit cdcb87a
Showing 1 changed file with 100 additions and 87 deletions.
187 changes: 100 additions & 87 deletions dietpi/dietpi-software
View file
Original file line number Diff line number Diff line change
Expand Up @@ -211,6 +211,7 @@ DietPi-Software will decrypt and use it for software installs. You can change it
USER_EMONHUB_APIKEY_COMPLETED=0
USER_EMONHUB_APIKEY_CURRENT=0
WIFIHOTSPOT_RTL8188C_DEVICE=0
WIFIHOTSPOT_RTL8188C_PACKAGE=0
USER_LINUX_AUTOINSTALL_PROMPT_DISPLAYED=0

# PHP version specific directories, APT package-, module- and command names
Expand Down Expand Up @@ -1271,8 +1272,6 @@ DietPi-Software will decrypt and use it for software installs. You can change it
aSOFTWARE_CATEGORY_INDEX[$software_id]=8
aSOFTWARE_TYPE[$software_id]=0
aSOFTWARE_ONLINEDOC_URL[$software_id]='p=1207#p1207'
# - VM
aSOFTWARE_AVAIL_G_HW_MODEL[$software_id,20]=0
#------------------
software_id=61

Expand All @@ -1281,8 +1280,6 @@ DietPi-Software will decrypt and use it for software installs. You can change it
aSOFTWARE_CATEGORY_INDEX[$software_id]=8
aSOFTWARE_TYPE[$software_id]=0
aSOFTWARE_ONLINEDOC_URL[$software_id]='p=1529#p1529'
# - VM
aSOFTWARE_AVAIL_G_HW_MODEL[$software_id,20]=0

# System stats
#--------------------------------------------------------------------------------
Expand Down Expand Up @@ -1554,8 +1551,8 @@ DietPi-Software will decrypt and use it for software installs. You can change it

aSOFTWARE_NAME[$software_id]='Fail2Ban'
aSOFTWARE_DESC[$software_id]='prevents brute-force attacks with ip ban'
aSOFTWARE_CATEGORY_INDEX[$software_id]=12
aSOFTWARE_TYPE[$software_id]=0
aSOFTWARE_CATEGORY_INDEX[$software_id]=12
aSOFTWARE_ONLINEDOC_URL[$software_id]='p=452#p452'

# Webserver stacks
Expand Down Expand Up @@ -2298,10 +2295,19 @@ DietPi-Software will decrypt and use it for software installs. You can change it
fi

# Software that requires LibSSL1.0.0
# - WiFi Hotspot (60, our custom compiled RTL8188C* binaries only)
# Check for RTL8188C* device, which requires a different driver: https://github.com/pritambaral/hostapd-rtl871xdrv#why
if (( ${aSOFTWARE_INSTALL_STATE[60]} == 1 )) && lsusb | grep -qi 'RTL8188C'; then

WIFIHOTSPOT_RTL8188C_DEVICE=1
# Some repos (e.g. ARMbian) provide special packages
apt-cache show hostapd-realtek &> /dev/null && WIFIHOTSPOT_RTL8188C_PACKAGE=1

fi
# - Jackett (147)
software_id=126
if (( ${aSOFTWARE_INSTALL_STATE[37]} == 1 ||
${aSOFTWARE_INSTALL_STATE[60]} == 1 ||
( ${aSOFTWARE_INSTALL_STATE[60]} == 1 && $WIFIHOTSPOT_RTL8188C_DEVICE && ! $WIFIHOTSPOT_RTL8188C_PACKAGE && $G_HW_ARCH < 4 ) ||
${aSOFTWARE_INSTALL_STATE[134]} == 1 ||
${aSOFTWARE_INSTALL_STATE[147]} == 1 )); then

Expand Down Expand Up @@ -4352,28 +4358,32 @@ _EOF_
mkdir -p /etc/fail2ban
[[ -f '/etc/fail2ban/jail.conf' ]] || cat << _EOF_ > /etc/fail2ban/jail.conf
[DEFAULT]
enabled = true
ignoreip = 127.0.0.1/8
ignorecommand =
bantime = 600
findtime = 600
maxretry = 3
backend = systemd
enabled = true
filter = %(__name__)s
port = 0:65535
findtime = 600
maxretry = 3
bantime = 600
banaction = route
action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s"]
action = %(action_)s
[sshd]
port = ssh
action = %(banaction)s[blocktype=blackhole]

[dropbear]
port = ssh

[sshd]
_EOF_

G_AGI python3-systemd fail2ban

# Remove obsolete sysvinit service and traces
rm -f /etc/{init.d,default}/fail2ban
update-rc.d -f fail2ban remove

# Failsafe
G_RUN_CMD systemctl unmask fail2ban
G_RUN_CMD systemctl enable --now fail2ban

fi

software_id=74 # InfluxDB
Expand Down Expand Up @@ -4635,53 +4645,61 @@ Package: wireguard wireguard-dkms wireguard-tools\nPin: release n=sid\nPin-Prior
Banner_Installing

DEPS_LIST='hostapd isc-dhcp-server iptables libnl-3-200'
Download_Install 'https://dietpi.com/downloads/binaries/all/hostapd_2.5_all.zip'

# - Check for RTL8188C* device, use the patched binary I compiled: https://github.com/pritambaral/hostapd-rtl871xdrv#why
if lsusb | grep -qi 'RTL8188C' || (( $G_HW_MODEL == 70 )); then #Force RTL for allo provided WiFi dongle
# RTL8188C* device if RTL package is available
if (( $WIFIHOTSPOT_RTL8188C_DEVICE && $WIFIHOTSPOT_RTL8188C_PACKAGE )); then

WIFIHOTSPOT_RTL8188C_DEVICE=1
G_AGI ${DEPS_LIST/hostapd/hostapt-realtek}

fi
# Else use our compiled binaries (for all but x86_64)
elif (( $WIFIHOTSPOT_RTL8188C_DEVICE && $G_HW_ARCH < 4 )); then

# Which binary to install
local filename_hostapd=''
local filename_hostapd_cli=''
Download_Install 'https://dietpi.com/downloads/binaries/all/hostapd_2.5_all.zip'

# - armv6
if (( $G_HW_ARCH == 1 )); then
# Which binary to install
local filename_hostapd=''
local filename_hostapd_cli=''

filename_hostapd='hostapd-nl80211-armv6'
(( $WIFIHOTSPOT_RTL8188C_DEVICE )) && filename_hostapd='hostapd-rtl8188c-armv6'
filename_hostapd_cli='hostapd_cli-armv6'
# ARMv6
if (( $G_HW_ARCH == 1 )); then

# - armv7+
elif (( $G_HW_ARCH == 2 )); then
filename_hostapd='hostapd-rtl8188c-armv6'
filename_hostapd_cli='hostapd_cli-armv6'

filename_hostapd='hostapd-nl80211-armv7'
(( $WIFIHOTSPOT_RTL8188C_DEVICE )) && filename_hostapd='hostapd-rtl8188c-armv7'
filename_hostapd_cli='hostapd_cli-armv7'
# ARMv7
elif (( $G_HW_ARCH == 2 )); then

# - arm64
elif (( $G_HW_ARCH == 3 )); then
filename_hostapd='hostapd-rtl8188c-armv7'
filename_hostapd_cli='hostapd_cli-armv7'

filename_hostapd='hostapd-nl80211-arm64'
(( $WIFIHOTSPOT_RTL8188C_DEVICE )) && filename_hostapd='hostapd-rtl8188c-arm64'
filename_hostapd_cli='hostapd_cli-arm64'
# ARMv8
elif (( $G_HW_ARCH == 3 )); then

fi
filename_hostapd='hostapd-rtl8188c-arm64'
filename_hostapd_cli='hostapd_cli-arm64'

fi

mv "$filename_hostapd" /usr/sbin/hostapd
mv "$filename_hostapd_cli" /usr/sbin/hostapd_cli
mv "$filename_hostapd" /usr/sbin/hostapd
mv "$filename_hostapd_cli" /usr/sbin/hostapd_cli
chmod +x /usr/sbin/hostapd{,_cli}

rm hostapd-*

# In all other cases install the default package.
# NB: Debian Stretch ships an older version then our own compiled binaries, but many device/firmware repos (RPi, Meveric, ARMbian) ship newer ones even for Stretch, thus we should not overwrite them anymore.
else

chmod +x /usr/sbin/hostapd
chmod +x /usr/sbin/hostapd_cli
G_AGI $DEPS_LIST

rm hostapd-*
fi

# Enable wifi modules
# Enable WiFi modules
/DietPi/dietpi/func/dietpi-set_hardware wifimodules enable

# Unmask hostapd service: https://github.com/MichaIng/DietPi/issues/2962
G_RUN_CMD systemctl unmask hostapd

fi

software_id=61 # Tor Hotspot
Expand Down Expand Up @@ -9596,10 +9614,10 @@ If no WireGuard (auto)start is included, but you require it, please do the follo

Banner_Configuration

local eth_index=$(sed -n 1p /DietPi/dietpi/.network)
local wifi_index=$(sed -n 2p /DietPi/dietpi/.network)
local eth_index=$(mawk 'NR==1 {print}' /DietPi/dietpi/.network)
local wifi_index=$(mawk 'NR==2 {print}' /DietPi/dietpi/.network)

# - DHCPD Config
# DHCPD Config
G_BACKUP_FP /etc/dhcp/dhcpd.conf
cat << _EOF_ > /etc/dhcp/dhcpd.conf
ddns-update-style none;
Expand All @@ -9617,16 +9635,16 @@ subnet 192.168.42.0 netmask 255.255.255.0 {
}
_EOF_

# - Assign wlan as interface for dhcp server.
# Assign detected WLAN interface
echo "INTERFACESv4=\"wlan$wifi_index\"" > /etc/default/isc-dhcp-server

# - Remove all entries below wlan, so we can recreate them.
# Remove all entries below wlan, so we can recreate them
sed -i '/allow-hotplug wlan/q0' /etc/network/interfaces

# - Enable up wlan
sed -i "/allow-hotplug wlan/c\allow-hotplug wlan$wifi_index" /etc/network/interfaces
# Enable up wlan
G_CONFIG_INJECT 'allow-hotplug wlan' "allow-hotplug wlan$wifi_index" /etc/network/interfaces

# - Add wifi settings to network interfaces config
# Add WiFi settings to network interfaces config
cat << _EOF_ >> /etc/network/interfaces
iface wlan$wifi_index inet static
address 192.168.42.1
Expand All @@ -9639,46 +9657,46 @@ wireless-power off
up iptables-restore < /etc/iptables.ipv4.nat
_EOF_

# - Assign static IP for wlan now
# Assign static IP for wlan now
ip a add 192.168.42.1 dev wlan$wifi_index

# - Create access point config
# Create access point config
G_BACKUP_FP /etc/hostapd/hostapd.conf
cat << _EOF_ > /etc/hostapd/hostapd.conf
interface=wlan$wifi_index
driver=nl80211
ssid=$(grep -m1 '^[[:blank:]]*SOFTWARE_WIFI_HOTSPOT_SSID=' /DietPi/dietpi.txt | sed 's/^[^=]*=//')
ssid=$(sed -n '/^[[:blank:]]*SOFTWARE_WIFI_HOTSPOT_SSID=/{s/^[^=]*=//p;q}' /DietPi/dietpi.txt)
hw_mode=g
channel=$(grep -m1 '^[[:blank:]]*SOFTWARE_WIFI_HOTSPOT_CHANNEL=' /DietPi/dietpi.txt | sed 's/^[^=]*=//')
channel=$(sed -n '/^[[:blank:]]*SOFTWARE_WIFI_HOTSPOT_CHANNEL=/{s/^[^=]*=//p;q}' /DietPi/dietpi.txt)
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=$(grep -m1 '^[[:blank:]]*SOFTWARE_WIFI_HOTSPOT_KEY=' /DietPi/dietpi.txt | sed 's/^[^=]*=//')
wpa_passphrase=$(sed -n '/^[[:blank:]]*SOFTWARE_WIFI_HOTSPOT_KEY=/{s/^[^=]*=//p;q}' /DietPi/dietpi.txt)
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
_EOF_

# - Check for RTL8188C* device, use the patched driver with compiled binary: https://github.com/pritambaral/hostapd-rtl871xdrv#why
# Check for RTL8188C* device, use the patched driver with compiled binary: https://github.com/pritambaral/hostapd-rtl871xdrv#why
(( $WIFIHOTSPOT_RTL8188C_DEVICE )) && G_CONFIG_INJECT 'driver=' 'driver=rtl871xdrv' /etc/hostapd/hostapd.conf

# - Enable access point config
# Enable access point config
echo "DAEMON_CONF=\"/etc/hostapd/hostapd.conf\"" > /etc/default/hostapd

# - Enable IP forwarding
# Enable IP forwarding
echo -e 'net.ipv4.ip_forward=1\nnet.ipv6.conf.all.forwarding=1\nnet.ipv6.conf.default.forwarding=1' > /etc/sysctl.d/dietpi-wifihotspot.conf
sysctl net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1 net.ipv6.conf.default.forwarding=1

# - Apply iptables
# Apply IP tables
iptables -t nat -A POSTROUTING -o eth$eth_index -j MASQUERADE
iptables -A FORWARD -i eth$eth_index -o wlan$wifi_index -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan$wifi_index -o eth$eth_index -j ACCEPT

# - Save IP tables, applied during ifup in /etc/network/interfaces.
# Save IP tables, applied during ifup in /etc/network/interfaces
iptables-save > /etc/iptables.ipv4.nat

# - RPi 3/4 Onboard WiFi: Enable N support
# RPi3/4 onboard WiFi: Enable N support
(( ( $G_HW_MODEL == 3 || $G_HW_MODEL == 4 ) && ! $WIFIHOTSPOT_RTL8188C_DEVICE )) && G_CONFIG_INJECT 'ieee80211n=' 'ieee80211n=1' /etc/hostapd/hostapd.conf

fi
Expand Down Expand Up @@ -13392,35 +13410,32 @@ _EOF_

fi

software_id=60
software_id=60 # WiFi Hotspot
if (( ${aSOFTWARE_INSTALL_STATE[$software_id]} == -1 )); then

Banner_Uninstalling
#apt-mark auto libssl1.0.0 &> /dev/null
#apt-mark auto libnl-3-200 libssl1.0.0 &> /dev/null
G_AGP hostapd isc-dhcp-server

rm /etc/dhcp/dhcpd.conf &> /dev/null
rm /etc/hostapd/hostapd.conf &> /dev/null
rm /etc/default/isc-dhcp-server &> /dev/null
rm /etc/default/hostapd &> /dev/null
rm /etc/iptables.ipv4.nat &> /dev/null
# - remove binary (used a -f trigger to detect wifi hotspot mode in dietpi-config).
rm /usr/sbin/hostapd &> /dev/null
rm /usr/sbin/hostapd_cli &> /dev/null
[[ -f '/etc/dhcp/dhcpd.conf' ]] && rm /etc/dhcp/dhcpd.conf
[[ -f '/etc/hostapd/hostapd.conf' ]] && rm /etc/hostapd/hostapd.conf
[[ -f '/etc/default/isc-dhcp-server' ]] && rm /etc/default/isc-dhcp-server
[[ -f '/etc/etc/default/hostapd' ]] && rm /etc/default/hostapd
[[ -f '/etc/iptables.ipv4.nat' ]] && rm /etc/iptables.ipv4.nat
# Remove binary (used a -f trigger to detect wifi hotspot mode in dietpi-config).
[[ -f '/usr/sbin/hostapd' ]] && rm /usr/sbin/hostapd
[[ -f '/usr/sbin/hostapd_cli' ]] && rm /usr/sbin/hostapd_cli

# IP forwarding
[[ -f /etc/sysctl.d/dietpi-wifihotspot.conf ]] && rm /etc/sysctl.d/dietpi-wifihotspot.conf
[[ -f '/etc/sysctl.d/dietpi-wifihotspot.conf' ]] && rm /etc/sysctl.d/dietpi-wifihotspot.conf

#Set Wlan back to inactive and ready for use with dietpi-config.
local wifi_index=$(sed -n 2p /DietPi/dietpi/.network)

# - Remove all entries below wlan, so we can recreate them.
# Set WiFi interface back to inactive and ready for use with dietpi-config.
local wifi_index=$(mawk 'NR==2 {print}' /DietPi/dietpi/.network)
# - Remove all entries below wlan, so we can recreate them
sed -i '/allow-hotplug wlan/q0' /etc/network/interfaces

# - Disable wlan
# - Disable
sed -i "/allow-hotplug wlan/c\#allow-hotplug wlan$wifi_index" /etc/network/interfaces

# - Add default wifi settings to network interfaces config
# - Add default WiFi settings to network interfaces config
cat << _EOF_ >> /etc/network/interfaces
iface wlan$wifi_index inet dhcp
address 192.168.0.101
Expand All @@ -13430,11 +13445,9 @@ wireless-power off
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
#dns-nameservers 8.8.8.8 8.8.4.4
_EOF_

# - Flush IP tables
iptables -F
iptables -t nat -F
iptables-save > /etc/iptables.ipv4.nat

fi

Expand Down

0 comments on commit cdcb87a

Please sign in to comment.