From 2077fba8a11ab148c229d93842a9cc6b74f649b9 Mon Sep 17 00:00:00 2001
From: terminaldweller <thabogre@gmail.com>
Date: Tue, 6 Dec 2022 00:19:04 +0330
Subject: update

---
 .gnupg/dirmngr.conf        |  5 +++++
 .gnupg/gpg.conf            |  1 +
 .newsboat/urls             |  1 +
 .zshrc                     |  9 ++++++---
 bin/get_random_ua.sh       |  2 +-
 etc/doas.conf              |  1 +
 irssi/irssi_bw.sh          | 29 +++++++++++++++++++++++++++++
 seccomp/bwrap_generator.sh |  5 +++--
 seccomp/seccomp_filter.c   |  2 ++
 9 files changed, 49 insertions(+), 6 deletions(-)
 create mode 100644 .gnupg/dirmngr.conf
 create mode 100644 .gnupg/gpg.conf
 create mode 100644 etc/doas.conf
 create mode 100755 irssi/irssi_bw.sh

diff --git a/.gnupg/dirmngr.conf b/.gnupg/dirmngr.conf
new file mode 100644
index 0000000..4201594
--- /dev/null
+++ b/.gnupg/dirmngr.conf
@@ -0,0 +1,5 @@
+keyserver https://keyserver.ubuntu.com
+honor-http-proxy
+debug-level guru
+log-file /home/devi/.gnupg/dirmngr.log
+no-use-tor
diff --git a/.gnupg/gpg.conf b/.gnupg/gpg.conf
new file mode 100644
index 0000000..cdb3a72
--- /dev/null
+++ b/.gnupg/gpg.conf
@@ -0,0 +1 @@
+keyserver keyserver.ubuntu.com
diff --git a/.newsboat/urls b/.newsboat/urls
index e60118a..be4e0ce 100644
--- a/.newsboat/urls
+++ b/.newsboat/urls
@@ -19,6 +19,7 @@ https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=
 https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=igor_chubin&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~igor_chubin"_("Twitter")
 https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=TheBlock__&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~the_block"_("Twitter")
 https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=whale_alert&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~whatle_alert"_("Twitter")
+https://rssgen.terminaldweller.com/?action=display&bridge=TwitterBridge&context=By+username&u=nobitexmarket&norep=on&noretweet=on&nopinned=on&nopic=on&noimg=on&noimgscaling=on&format=Atom "~nobitex"_("Twitter")
 
 # (Youtube)
 # Horror
diff --git a/.zshrc b/.zshrc
index 35b4076..0c6f6d3 100644
--- a/.zshrc
+++ b/.zshrc
@@ -25,8 +25,8 @@ alias gd="git diff --color-words"
 
 # enable aliases with sudo in the alias
 alias sudo="sudo "
-alias w3m="proxychains4 -q -f ~/proxies/ice/proxychains.conf /home/devi/w3m/w3m -o auto_image=FALSE -graph"
-alias torw3m="torsocks --port 9053 /home/devi/w3m/w3m -o auto_image=FALSE -graph"
+alias w3m='proxychains4 -q -f ~/proxies/ice/proxychains.conf /home/devi/w3m/w3m -o auto_image=FALSE -o user_agent="$(get_random_ua.sh)" -graph'
+alias torw3m='torsocks --port 9053 /home/devi/w3m/w3m -o auto_image=FALSE -o user_agent="$(get_random_ua.sh)" -graph'
 alias rm="rm -I --one-file-system --preserve-root=all"
 alias vv="vim"
 alias ls="exa"
@@ -302,7 +302,10 @@ alias scapy="scapy -H"
 alias dg="grc /usr/bin/dig"
 alias lsof="grc lsof"
 alias xxd="xxd -g 2 -E -u -c 32"
-alias torcurl="curl --user-agent '' --sock5-hostname localhost:9053"
+alias torcurl='curl --user-agent "$(get_random_ua.sh)" --socks5-hostname localhost:9053'
+alias gpg2="HTTP_PROXY=socks5://127.0.0.1:9995 HTTPS_PROXY=socks5://127.0.0.1:9995 gpg2"
+alias gpg="HTTP_PROXY=socks5://127.0.0.1:9995 HTTPS_PROXY=socks5://127.0.0.1:9995 gpg"
+alias lxctop='watch -x -c -d -t -n 5 lxc list -c n,t,4,a,b,u,e,D,m,S,s,P'
 
 # change the 4th terminal color to #0000ff
 # echo -e '\e]P40000ff'
diff --git a/bin/get_random_ua.sh b/bin/get_random_ua.sh
index 3737a89..c4bb38c 100755
--- a/bin/get_random_ua.sh
+++ b/bin/get_random_ua.sh
@@ -42,7 +42,7 @@ get_ua() {
   shuf -n 1 "${UA_FILE}"
 } 
 
-if [ "$1" = "--help" ]; then
+if [ "$1" = "--help" ] || [ "$1" = "-h" ]; then
   echo "prints a random user agent string."
   echo "you can specify a --kind to get a random user agent of a specific browser."
   echo "currently the valid values are: andy,opera,ffox,ie,chrome,edge,safari,all"
diff --git a/etc/doas.conf b/etc/doas.conf
new file mode 100644
index 0000000..11e9586
--- /dev/null
+++ b/etc/doas.conf
@@ -0,0 +1 @@
+permit :wheel
diff --git a/irssi/irssi_bw.sh b/irssi/irssi_bw.sh
new file mode 100755
index 0000000..7f816f6
--- /dev/null
+++ b/irssi/irssi_bw.sh
@@ -0,0 +1,29 @@
+#!/usr/bin/env sh
+
+env -i \
+  bwrap \
+  --unshare-all --share-net \
+  --ro-bind /usr/bin/irssi /usr/bin/irssi \
+  --ro-bind /lib64/libgmodule-2.0.so.0.7400.0 /usr/lib64/libgmodule-2.0.so.0 \
+  --ro-bind /lib/libglib-2.0.so.0 /usr/lib64/libglib-2.0.so.0 \
+  --ro-bind /lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1 \
+  --ro-bind /lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1 \
+  --ro-bind /lib/libncursesw.so.6 /usr/lib64/libncursesw.so.6 \
+  --ro-bind /lib/libpthread.so.0 /usr/lib64/libpthread.so.0 \
+  --ro-bind /lib/libc.so.6 /usr/lib64/libc.so.6 \
+  --ro-bind /lib/libdl.so.2 /usr/lib64/libdl.so.2 \
+  --ro-bind /lib/libpcre2-8.so.0 /usr/lib64/libpcre2-8.so.0 \
+  --ro-bind /usr/lib64/libncursesw.so /usr/lib64/libncursesw.so.6 \
+  --ro-bind /usr/lib64/libncurses.so /usr/lib64/libncurses.so.6 \
+  --ro-bind /lib64/ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2 \
+  --ro-bind /usr/share/terminfo/s/st-256color /usr/share/terminfo/s/st-256color \
+  --ro-bind /etc/resolv.conf /etc/resolv.conf \
+  --uid 1000 \
+  --gid 1000 \
+  --setenv HTTP_PROXY socks5h://192.168.1.214 \
+  --setenv HTTPS_PROXY socks5h://192.168.1.214 \
+  --setenv NO_PROXY 10.0.0.0/8,localhost,127.0.0.1/8,192.168.0.0/16,172.16.0.0/12 \
+  --setenv TERM st-256color \
+  --seccomp 9 \
+  irssi \
+  9<"/tmp/seccomp_logging_filter.bpf"
diff --git a/seccomp/bwrap_generator.sh b/seccomp/bwrap_generator.sh
index 53b3d0c..02b6ade 100755
--- a/seccomp/bwrap_generator.sh
+++ b/seccomp/bwrap_generator.sh
@@ -21,5 +21,6 @@ echo "--chdir ${SANDBOX_DIR_NAME} \\"
 echo "--bind $1 ${SANDBOX_DIR_NAME} \\"
 echo "--setenv HTTP_PROXY socks5h://192.168.1.214 \\"
 echo "--setenv HTTPS_PROXY socks5h://192.168.1.214 \\"
-echo "--setenv NO_PROXY 10.0.0.0/8,localhost,127.0.0.1/8,192.168.0.0/16 \\"
-echo "--seccomp 10 10<${TEMP_LOG} \\"
+echo "--setenv NO_PROXY 10.0.0.0/8,localhost,127.0.0.1/8,192.168.0.0/16,172.16.0.0/12 \\"
+echo "--seccomp 9 9<${TEMP_LOG} \\"
+echo "$1"
diff --git a/seccomp/seccomp_filter.c b/seccomp/seccomp_filter.c
index 89ea917..1d3f2fa 100644
--- a/seccomp/seccomp_filter.c
+++ b/seccomp/seccomp_filter.c
@@ -8,6 +8,8 @@
 #include <string.h>
 #include <unistd.h>
 
+// https://blog.mnus.de/2020/05/sandboxing-soldatserver-with-bubblewrap-and-seccomp/
+
 void log_all_syscalls(void) {
   scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_LOG);
   seccomp_arch_add(ctx, SCMP_ARCH_X86_64);
-- 
cgit v1.2.3