From 2077fba8a11ab148c229d93842a9cc6b74f649b9 Mon Sep 17 00:00:00 2001 From: terminaldweller Date: Tue, 6 Dec 2022 00:19:04 +0330 Subject: update --- .gnupg/dirmngr.conf | 5 +++++ .gnupg/gpg.conf | 1 + .newsboat/urls | 1 + .zshrc | 9 ++++++--- bin/get_random_ua.sh | 2 +- etc/doas.conf | 1 + irssi/irssi_bw.sh | 29 +++++++++++++++++++++++++++++ seccomp/bwrap_generator.sh | 5 +++-- seccomp/seccomp_filter.c | 2 ++ 9 files changed, 49 insertions(+), 6 deletions(-) create mode 100644 .gnupg/dirmngr.conf create mode 100644 .gnupg/gpg.conf create mode 100644 etc/doas.conf create mode 100755 irssi/irssi_bw.sh diff --git a/.gnupg/dirmngr.conf b/.gnupg/dirmngr.conf new file mode 100644 index 0000000..4201594 --- /dev/null +++ b/.gnupg/dirmngr.conf @@ -0,0 +1,5 @@ +keyserver https://keyserver.ubuntu.com +honor-http-proxy +debug-level guru +log-file /home/devi/.gnupg/dirmngr.log +no-use-tor diff --git a/.gnupg/gpg.conf b/.gnupg/gpg.conf new file mode 100644 index 0000000..cdb3a72 --- /dev/null +++ b/.gnupg/gpg.conf @@ -0,0 +1 @@ +keyserver keyserver.ubuntu.com diff --git a/.newsboat/urls b/.newsboat/urls index e60118a..be4e0ce 100644 --- a/.newsboat/urls +++ b/.newsboat/urls @@ -19,6 +19,7 @@ https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context= https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=igor_chubin&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~igor_chubin"_("Twitter") https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=TheBlock__&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~the_block"_("Twitter") https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=whale_alert&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~whatle_alert"_("Twitter") +https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=nobitexmarket&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~nobitex"_("Twitter") # (Youtube) # Horror diff --git a/.zshrc b/.zshrc index 35b4076..0c6f6d3 100644 --- a/.zshrc +++ b/.zshrc @@ -25,8 +25,8 @@ alias gd="git diff --color-words" # enable aliases with sudo in the alias alias sudo="sudo " -alias w3m="proxychains4 -q -f ~/proxies/ice/proxychains.conf /home/devi/w3m/w3m -o auto_image=FALSE -graph" -alias torw3m="torsocks --port 9053 /home/devi/w3m/w3m -o auto_image=FALSE -graph" +alias w3m='proxychains4 -q -f ~/proxies/ice/proxychains.conf /home/devi/w3m/w3m -o auto_image=FALSE -o user_agent="$(get_random_ua.sh)" -graph' +alias torw3m='torsocks --port 9053 /home/devi/w3m/w3m -o auto_image=FALSE -o user_agent="$(get_random_ua.sh)" -graph' alias rm="rm -I --one-file-system --preserve-root=all" alias vv="vim" alias ls="exa" @@ -302,7 +302,10 @@ alias scapy="scapy -H" alias dg="grc /usr/bin/dig" alias lsof="grc lsof" alias xxd="xxd -g 2 -E -u -c 32" -alias torcurl="curl --user-agent '' --sock5-hostname localhost:9053" +alias torcurl='curl --user-agent "$(get_random_ua.sh)" --socks5-hostname localhost:9053' +alias gpg2="HTTP_PROXY=socks5://127.0.0.1:9995 HTTPS_PROXY=socks5://127.0.0.1:9995 gpg2" +alias gpg="HTTP_PROXY=socks5://127.0.0.1:9995 HTTPS_PROXY=socks5://127.0.0.1:9995 gpg" +alias lxctop='watch -x -c -d -t -n 5 lxc list -c n,t,4,a,b,u,e,D,m,S,s,P' # change the 4th terminal color to #0000ff # echo -e '\e]P40000ff' diff --git a/bin/get_random_ua.sh b/bin/get_random_ua.sh index 3737a89..c4bb38c 100755 --- a/bin/get_random_ua.sh +++ b/bin/get_random_ua.sh @@ -42,7 +42,7 @@ get_ua() { shuf -n 1 "${UA_FILE}" } -if [ "$1" = "--help" ]; then +if [ "$1" = "--help" ] || [ "$1" = "-h" ]; then echo "prints a random user agent string." echo "you can specify a --kind to get a random user agent of a specific browser." echo "currently the valid values are: andy,opera,ffox,ie,chrome,edge,safari,all" diff --git a/etc/doas.conf b/etc/doas.conf new file mode 100644 index 0000000..11e9586 --- /dev/null +++ b/etc/doas.conf @@ -0,0 +1 @@ +permit :wheel diff --git a/irssi/irssi_bw.sh b/irssi/irssi_bw.sh new file mode 100755 index 0000000..7f816f6 --- /dev/null +++ b/irssi/irssi_bw.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env sh + +env -i \ + bwrap \ + --unshare-all --share-net \ + --ro-bind /usr/bin/irssi /usr/bin/irssi \ + --ro-bind /lib64/libgmodule-2.0.so.0.7400.0 /usr/lib64/libgmodule-2.0.so.0 \ + --ro-bind /lib/libglib-2.0.so.0 /usr/lib64/libglib-2.0.so.0 \ + --ro-bind /lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1 \ + --ro-bind /lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1 \ + --ro-bind /lib/libncursesw.so.6 /usr/lib64/libncursesw.so.6 \ + --ro-bind /lib/libpthread.so.0 /usr/lib64/libpthread.so.0 \ + --ro-bind /lib/libc.so.6 /usr/lib64/libc.so.6 \ + --ro-bind /lib/libdl.so.2 /usr/lib64/libdl.so.2 \ + --ro-bind /lib/libpcre2-8.so.0 /usr/lib64/libpcre2-8.so.0 \ + --ro-bind /usr/lib64/libncursesw.so /usr/lib64/libncursesw.so.6 \ + --ro-bind /usr/lib64/libncurses.so /usr/lib64/libncurses.so.6 \ + --ro-bind /lib64/ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2 \ + --ro-bind /usr/share/terminfo/s/st-256color /usr/share/terminfo/s/st-256color \ + --ro-bind /etc/resolv.conf /etc/resolv.conf \ + --uid 1000 \ + --gid 1000 \ + --setenv HTTP_PROXY socks5h://192.168.1.214 \ + --setenv HTTPS_PROXY socks5h://192.168.1.214 \ + --setenv NO_PROXY 10.0.0.0/8,localhost,127.0.0.1/8,192.168.0.0/16,172.16.0.0/12 \ + --setenv TERM st-256color \ + --seccomp 9 \ + irssi \ + 9<"/tmp/seccomp_logging_filter.bpf" diff --git a/seccomp/bwrap_generator.sh b/seccomp/bwrap_generator.sh index 53b3d0c..02b6ade 100755 --- a/seccomp/bwrap_generator.sh +++ b/seccomp/bwrap_generator.sh @@ -21,5 +21,6 @@ echo "--chdir ${SANDBOX_DIR_NAME} \\" echo "--bind $1 ${SANDBOX_DIR_NAME} \\" echo "--setenv HTTP_PROXY socks5h://192.168.1.214 \\" echo "--setenv HTTPS_PROXY socks5h://192.168.1.214 \\" -echo "--setenv NO_PROXY 10.0.0.0/8,localhost,127.0.0.1/8,192.168.0.0/16 \\" -echo "--seccomp 10 10<${TEMP_LOG} \\" +echo "--setenv NO_PROXY 10.0.0.0/8,localhost,127.0.0.1/8,192.168.0.0/16,172.16.0.0/12 \\" +echo "--seccomp 9 9<${TEMP_LOG} \\" +echo "$1" diff --git a/seccomp/seccomp_filter.c b/seccomp/seccomp_filter.c index 89ea917..1d3f2fa 100644 --- a/seccomp/seccomp_filter.c +++ b/seccomp/seccomp_filter.c @@ -8,6 +8,8 @@ #include #include +// https://blog.mnus.de/2020/05/sandboxing-soldatserver-with-bubblewrap-and-seccomp/ + void log_all_syscalls(void) { scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_LOG); seccomp_arch_add(ctx, SCMP_ARCH_X86_64); -- cgit v1.2.3