├── README.md ├── html ├── error.php ├── index.php ├── logo.png ├── raspipass.css ├── reboot.php ├── save_config.php ├── save_maclist.php ├── shutdown.php ├── start_ap.php ├── tab-content │ ├── tabcontent.js │ └── template2 │ │ └── tabcontent.css └── update.php ├── raspi_secure ├── clear_logs.sh ├── firewall.rules ├── iptables.sh └── raspipass ├── raspipass ├── config.ini ├── hostapd.conf ├── mac_addresses.txt ├── mac_restrict.txt ├── runchance.txt └── version └── scripts ├── copy_to_sysdirs.sh ├── filepermissions ├── set_defaults.sh └── set_interfaces.sh /README.md: -------------------------------------------------------------------------------- 1 | ### RaspiPass - 3DS [Homepass](http://homepass.info/) software for the Raspberry Pi 3 2 | 3 | See the [wiki](https://github.com/Pinchie/RaspiPass/wiki) for information and help with installation, or go to [the latest Reddit post](https://www.reddit.com/r/3DS/comments/5anc74/raspipass_homepass_software_for_raspberry_pi_3/?ref=share&ref_source=link) for discussion. 4 | 5 | See the [FAQs page](https://github.com/Pinchie/RaspiPass/wiki/Frequently-Asked-Questions) for commonly-asked questions and answers. 6 | 7 | Found a bug or have a suggestion? [Submit it](https://github.com/Pinchie/RaspiPass/issues)! 8 | 9 | Are you a coder who thinks they can improve an aspect of RaspiPass? Please jump right in - any improvements will be appreciated. 10 | -------------------------------------------------------------------------------- /html/error.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | RaspiPass configuration page 4 | 5 | 6 | 7 | ' . "\n"; 11 | echo ''; 12 | echo ''; 13 | echo ''; 14 | echo '' . "\n"; 15 | echo '' . "\n"; 16 | echo '
' . "\n"; 17 | 18 | /* Start error form */ 19 | echo '' . "\n"; 20 | echo '' . "\n";; 21 | echo '
Error log:
' . "\n"; 22 | echo '' . "\n"; 35 | echo '
' . "\n"; 36 | 37 | 38 | ?> 39 | 40 | 41 | -------------------------------------------------------------------------------- /html/index.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | RaspiPass configuration page 4 | 5 | 6 | 7 | 8 | 9 | ' . "\n"; 46 | echo ''; 47 | echo ''; 48 | echo ''; 49 | echo '' . "\n"; 50 | echo '' . "\n"; 51 | echo 'Version '; 52 | echo $version[0]; 53 | echo ''; 54 | echo '' . "\n"; 55 | 56 | /* Notify of newer version */ 57 | if ($newversionavailable) { 58 | echo '' . "\n"; 59 | echo 'New version available: '; 60 | echo $latestversion[0]; 61 | echo '' . "\n"; 62 | echo '' . "\n"; 63 | } 64 | 65 | /* Notify of required reboot */ 66 | if (file_exists('/var/raspipass/reboot')) { 67 | $rebootmsg=file("/var/raspipass/reboot"); 68 | echo '' . "\n"; 69 | echo ''; 70 | echo $rebootmsg[0]; 71 | echo '' . "\n"; 72 | echo '' . "\n"; 73 | } 74 | 75 | /* Close header table */ 76 | 77 | echo '' . "\n"; 78 | 79 | /* Create Tabs */ 80 | echo '' . "\n"; 89 | 90 | /* Start Configuration Tab */ 91 | echo '
' . "\n"; 92 | echo '
' . "\n"; 93 | 94 | /* Start config table */ 95 | echo '' . "\n"; 96 | 97 | /* Start form */ 98 | echo '' . "\n"; 99 | 100 | /* Run probability header */ 101 | echo ''; 102 | 103 | /* Run interval */ 104 | echo '' . "\n"; 105 | echo '' . "\n"; 106 | echo '' . "\n"; 107 | echo ''; 108 | 109 | /* Run probability */ 110 | echo '' . "\n"; 111 | echo '' . "\n"; 112 | echo '\n"; 113 | echo '' . "\n"; 114 | 115 | /* Average interval calculation */ 116 | echo ''; 117 | echo '' . "\n"; 119 | 120 | /* Wifi Config Header */ 121 | echo ''; 122 | 123 | /* Wifi Country Codes */ 124 | echo '' . "\n"; 127 | echo '' . "\n"; 141 | echo '' . "\n"; 142 | 143 | /* Wifi channel */ 144 | echo '' . "\n"; 145 | echo '' . "\n"; 148 | echo '' . "\n"; 162 | echo '' . "\n"; 163 | 164 | /* MAC restriction */ 165 | /* 166 | echo '' . "\n"; 167 | echo '' . "\n"; 170 | echo '' . "\n"; 182 | echo '' . "\n"; 183 | echo '' . "\n"; 184 | echo '' . "\n"; 200 | echo '' . "\n"; 201 | */ 202 | /* Submission Button & Form End */ 203 | echo '' . "\n"; 204 | echo ''; 208 | echo ''; 209 | 210 | /* Close Table */ 211 | echo '
Run Probability Configuration
Run every: minutes [6-60]
Run chance:%' . "
Every ' . $config_array["runinterval"] . ' minutes at ' . $config_array["runchance"] . '% will raise an access point an average of ' . round(($config_array["runchance"]/100)/($config_array["runinterval"]/60),2) . ' times per hour'; 118 | echo '
Wireless Access Point Configuration
' . "\n"; 125 | echo 'Wireless Country:'; 126 | echo '' . "\n"; 128 | echo '' . "\n"; 140 | echo '
' . "\n"; 146 | echo'Wireless Channel:'; 147 | echo '' . "\n"; 149 | echo '' . "\n"; 161 | echo '
' . "\n"; 168 | echo 'MAC Restriction:' . "\n"; 169 | echo '' . "\n"; 171 | echo 'Off' . "\n"; 176 | echo 'On' . "\n"; 181 | echo '
' . "\n"; 185 | echo '' . "\n"; 199 | echo '
' . "\n"; 205 | echo '' . "\n"; 206 | echo '' . "\n"; 207 | echo '
' . "\n"; 212 | echo '

' . "\n"; 213 | 214 | /* Close Configuration Tab */ 215 | echo '

' . "\n"; 216 | 217 | /* Open MAC Addresses Tab */ 218 | echo '
' . "\n"; 219 | 220 | /* Start MAC form */ 221 | echo '
' . "\n"; 222 | 223 | /* Start MAC address table */ 224 | echo '' . "\n"; 225 | echo ''; 226 | echo '' . "\n"; 229 | echo '' . "\n"; 230 | echo '' . "\n"; 246 | echo '' . "\n"; 247 | 248 | /* Submission Button & MAC Form End */ 249 | echo '' . "\n"; 250 | echo ''; 254 | echo ''; 255 | echo '
StreetPass Relay APs
The following is a list of StreetPass Relay SSIDs & MAC addresses.
' . "\n"; 227 | echo 'The RaspiPass script will randomly choose an access point from the list to use.
' . "\n"; 228 | echo 'The access points are saved in the format "SSID,MAC address"
' . "\n"; 231 | echo '' . "\n"; 245 | echo '
' . "\n"; 251 | echo '' . "\n"; 252 | echo '' . "\n"; 253 | echo '
'; 256 | 257 | /* Close MAC Addresses Tab */ 258 | echo '
' . "\n"; 259 | 260 | /* Open Admin Tab */ 261 | echo '
' . "\n"; 262 | echo '' . "\n"; 263 | echo ''; 264 | /* Start AP */ 265 | echo ''; 269 | echo '' . "\n"; 270 | /* Reboot device */ 271 | echo ''; 275 | echo '' . "\n"; 276 | /* Shut down device */ 277 | echo ''; 281 | echo '' . "\n"; 282 | 283 | echo '
Administrative Tasks
'; 266 | echo '
' . "\n"; 267 | echo '' . "\n"; 268 | echo '
'; 272 | echo '
' . "\n"; 273 | echo '' . "\n"; 274 | echo '
'; 278 | echo '
' . "\n"; 279 | echo '' . "\n"; 280 | echo '
'; 284 | 285 | /* Close Admin Tab */ 286 | echo '
' . "\n"; 287 | 288 | /* Open Logs Tab */ 289 | echo '
' . "\n"; 290 | 291 | /* Open table */ 292 | echo '' . "\n"; 293 | echo ''; 294 | 295 | /* Print /var/raspipass/hostapd.log */ 296 | echo ''; 297 | echo '' . "\n"; 298 | echo '' . "\n"; 313 | echo '
Log Viewer
/var/raspipass/hostapd.log
' . "\n"; 299 | echo '' . "\n"; 312 | echo '
' . "\n"; 314 | 315 | /* Close Logs Tab */ 316 | echo '
' . "\n"; 317 | 318 | if ($newversionavailable) { 319 | 320 | /* Open Update Tab */ 321 | echo '
' . "\n"; 322 | 323 | /* Open table */ 324 | echo '' . "\n"; 325 | echo ''; 326 | 327 | /* Update button */ 328 | echo ''; 329 | echo '' . "\n"; 334 | echo '' . "\n"; 335 | echo '
RaspiPass Update
'; 330 | echo '
' . "\n"; 331 | echo '' . "\n"; 332 | echo '
' . "\n"; 333 | echo '
' . "\n"; 336 | /* Close Update Tab */ 337 | echo '
' . "\n"; 338 | } 339 | /* Close Tabbed Section */ 340 | echo '
' . "\n"; 341 | ?> 342 | 343 | 344 | -------------------------------------------------------------------------------- /html/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Pinchie/RaspiPass/2db1a56621c58696f4d8b15baed745c8fd17a97a/html/logo.png -------------------------------------------------------------------------------- /html/raspipass.css: -------------------------------------------------------------------------------- 1 | body { 2 | background-color: #031634; 3 | font-family: Helvetica; 4 | } 5 | 6 | table { 7 | border: 0px black; 8 | padding: 5px; 9 | width: 800px; 10 | } 11 | 12 | td { 13 | padding: 5px; 14 | } 15 | 16 | tr:nth-child(odd) {background-color: #93A6E4} 17 | tr:nth-child(even) {background-color: #8396D4} 18 | 19 | th { 20 | background-color: #998FBB; 21 | color: #0000000; 22 | font-variant: small-caps; 23 | font-family: Garamond; 24 | font-size:25; 25 | padding: 5px; 26 | } 27 | 28 | h1 { 29 | text-align: center; 30 | color: #343838; 31 | } 32 | 33 | input[type="radio"], select, dropdown-content, input[type="text"], textarea, input[type="number"] { 34 | background-color: #A8BAF9; 35 | } 36 | 37 | input[type="number"] { 38 | width: 50px; 39 | } 40 | 41 | input[type=submit] { 42 | padding: 5px 15px; 43 | background: #C9BFEB; 44 | border: 1; 45 | -webkit-border-radius: 5px; 46 | border-radius: 5px; 47 | font-weight: bold; 48 | } 49 | 50 | textarea { 51 | width: 770px; 52 | } 53 | 54 | .wrapword{ 55 | white-space: -moz-pre-wrap !important; /* Mozilla, since 1999 */ 56 | white-space: -pre-wrap; /* Opera 4-6 */ 57 | white-space: -o-pre-wrap; /* Opera 7 */ 58 | white-space: pre-wrap; /* css-3 */ 59 | word-wrap: break-word; /* Internet Explorer 5.5+ */ 60 | white-space: -webkit-pre-wrap; /* Newer versions of Chrome/Safari*/ 61 | word-break: break-all; 62 | white-space: normal; 63 | 64 | } 65 | 66 | titlecell { 67 | padding: 10px; 68 | background-color: #FF5F6B; 69 | } 70 | 71 | table.buttontable td { 72 | text-align: center; 73 | vertical-align: center; 74 | margin: auto; 75 | display: block; 76 | } 77 | -------------------------------------------------------------------------------- /html/reboot.php: -------------------------------------------------------------------------------- 1 | Rebooting...Rebooting device....'; 3 | exec('sudo reboot'); 4 | ?> 5 | -------------------------------------------------------------------------------- /html/save_config.php: -------------------------------------------------------------------------------- 1 | /var/raspipass/hostapd.log' . "\n"); 70 | fwrite($crontab,"\n"); 71 | fwrite($crontab,'# Download latest version info file daily - used for update checking' . "\n"); 72 | fwrite($crontab,'0 0 * * * wget -qb -O /var/raspipass/rpi-latestversion https://raw.githubusercontent.com/Pinchie/RaspiPass/master/raspipass/version' . "\n"); 73 | fclose($crontab); 74 | exec('sudo crontab -u root /var/raspipass/crontab.txt'); 75 | unlink('/var/raspipass/crontab.txt'); 76 | echo "Done!" . "\n"; 77 | 78 | /* Write config.ini */ 79 | echo 'Writing config.ini ... '; 80 | file_put_contents("/raspipass/config.ini",""); 81 | $inifile=fopen("/raspipass/config.ini","a"); 82 | fwrite($inifile,'; RaspiPass configuration file for web frontend' . "\n"); 83 | fwrite($inifile,'; Edit this config via the web interface' . "\n"); 84 | fwrite($inifile,''); 85 | fwrite($inifile,'[hostapd_config]' . "\n"); 86 | fwrite($inifile,'wifi_country="' . $wireless_region . '"' . "\n"); 87 | fwrite($inifile,'wifi_channel="' . $wireless_channel . '"' . "\n"); 88 | /* 89 | fwrite($inifile,'mac_restriction="' . $MAC_restrict . '"' . "\n"); 90 | */ 91 | fwrite($inifile,'mac_restriction=0' . "\n"); 92 | fwrite($inifile,'runchance="' . $runchance . '"' . "\n"); 93 | fwrite($inifile,'runinterval="' . $runinterval . '"' . "\n"); 94 | fclose($inifile); 95 | echo "Done!\n"; 96 | 97 | /* Go back to index.php */ 98 | echo 'Loading configuration page ...'; 99 | header('Location: index.php'); 100 | ?> 101 | -------------------------------------------------------------------------------- /html/save_maclist.php: -------------------------------------------------------------------------------- 1 | 18 | -------------------------------------------------------------------------------- /html/shutdown.php: -------------------------------------------------------------------------------- 1 | Shutting down...Shutting down device....'; 3 | exec('sudo shutdown -h now'); 4 | ?> 5 | 6 | -------------------------------------------------------------------------------- /html/start_ap.php: -------------------------------------------------------------------------------- 1 | Starting access point....'; 4 | echo 'Starting access point....'; 5 | exec('sudo sh -c "/raspi_secure/raspipass -p 100 > /var/raspipass/hostapd.log"'); 6 | echo ''; 7 | echo ''; 8 | ob_flush(); 9 | sleep(2); 10 | ob_start(); 11 | header('Location: index.php'); 12 | ?> 13 | -------------------------------------------------------------------------------- /html/tab-content/tabcontent.js: -------------------------------------------------------------------------------- 1 | /* http://www.menucool.com/tabbed-content Free to use. v2013.7.6 */ 2 | (function(){var g=function(a){if(a&&a.stopPropagation)a.stopPropagation();else window.event.cancelBubble=true;var b=a?a:window.event;b.preventDefault&&b.preventDefault()},d=function(a,c,b){if(a.addEventListener)a.addEventListener(c,b,false);else a.attachEvent&&a.attachEvent("on"+c,b)},a=function(c,a){var b=new RegExp("(^| )"+a+"( |$)");return b.test(c.className)?true:false},j=function(b,c,d){if(!a(b,c))if(b.className=="")b.className=c;else if(d)b.className=c+" "+b.className;else b.className+=" "+c},h=function(a,b){var c=new RegExp("(^| )"+b+"( |$)");a.className=a.className.replace(c,"$1");a.className=a.className.replace(/ $/,"")},e=function(){var b=window.location.pathname;if(b.indexOf("/")!=-1)b=b.split("/");var a=b[b.length-1]||"root";if(a.indexOf(".")!=-1)a=a.substring(0,a.indexOf("."));if(a>20)a=a.substring(a.length-19);return a},c="mi"+e(),b=function(b,a){this.g(b,a)};b.prototype={h:function(){var b=new RegExp(c+this.a+"=(\\d+)"),a=document.cookie.match(b);return a?a[1]:this.i()},i:function(){for(var b=0,c=this.b.length;b=this.b.length)a=0;this.j(this.b[a],0)}};var k=[],i=function(e){var b=false;function a(){if(b)return;b=true;setTimeout(e,4)}if(document.addEventListener)document.addEventListener("DOMContentLoaded",a,false);else if(document.attachEvent){try{var f=window.frameElement!=null}catch(g){}if(document.documentElement.doScroll&&!f){function c(){if(b)return;try{document.documentElement.doScroll("left");a()}catch(d){setTimeout(c,10)}}c()}document.attachEvent("onreadystatechange",function(){document.readyState==="complete"&&a()})}d(window,"load",a)},f=function(){for(var d=document.getElementsByTagName("ul"),c=0,e=d.length;cUpdate in progress......Updating RaspiPass...'; 3 | exec('sudo sh -c "date 2>&1 | tee /run/log/raspipass-update.log"'); 4 | exec('sudo sh -c "git -C /git pull origin master 2>&1 | tee -a /run/log/raspipass-update.log" && 5 | sudo sh -c "/git/scripts/copy_to_sysdirs.sh -a 2>&1 | tee -a /run/log/raspipass-update.log" && 6 | sudo sh -c "/git/scripts/set_interfaces.sh 2>&1 | tee -a /run/log/raspipass-update.log" && 7 | sudo sh -c "chmod -Rv 777 /git/raspipass /git/raspi_secure /git/html /git/scripts 2>&1 | tee -a /run/log/raspipass-update.log"'); 8 | echo '
Finished!'; 9 | echo ''; 10 | 11 | ?> 12 | 13 | -------------------------------------------------------------------------------- /raspi_secure/clear_logs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Clear system logs to clear disk space 3 | 4 | errcho() { echo "$@" 1>&2; } 5 | 6 | # Read command-line parameters 7 | while getopts ":h" opt; do 8 | case "$opt" in 9 | h) 10 | HELP=true 11 | ;; 12 | \?) 13 | errcho "Invalid option: -$OPTARG" 14 | exit 1 15 | ;; 16 | :) 17 | errcho "Option -$OPTARG requires an argument." 18 | exit 1 19 | ;; 20 | 21 | esac 22 | done 23 | 24 | if [[ $HELP == true ]] 25 | then 26 | echo "clear_logs.sh -- Clear RaspiPass and system log files" 27 | echo 28 | echo "*** NOTE: To be run with sudo, or as root" 29 | echo 30 | echo "USAGE: clear_logs.sh [OPTIONS]" 31 | echo 32 | echo "Option Meaning" 33 | echo "-h This help text" 34 | exit 0 35 | fi 36 | 37 | echo Clearing logs: dmesg, syslog, kernel, apache2, hostapd, rotated logs... 38 | dmesg -C 39 | echo "" > /var/log/syslog 40 | echo "" > /var/log/kern.log 41 | rm /var/log/*.{1..9}* 2> /dev/null 42 | rm /var/log/apache2/*.log 43 | echo "" > /var/log/apache2/error.log 44 | echo "" > /var/log/apache2/access.log 45 | echo "" > /var/log/apache2/other_vhosts_access.log 46 | echo "" > /var/raspipass/hostapd 47 | echo Done. 48 | 49 | -------------------------------------------------------------------------------- /raspi_secure/firewall.rules: -------------------------------------------------------------------------------- 1 | # Generated by iptables-save v1.4.21 on Sun Apr 30 12:15:19 2017 2 | *filter 3 | :INPUT ACCEPT [0:0] 4 | :FORWARD ACCEPT [0:0] 5 | :OUTPUT ACCEPT [0:0] 6 | :LOGGING - [0:0] 7 | :WLAN_LOGGING - [0:0] 8 | -A INPUT -i lo -j ACCEPT 9 | -A INPUT -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT 10 | -A INPUT -p tcp -m physdev --physdev-in eth0 -m tcp --dport 22 -j ACCEPT 11 | -A INPUT -p tcp -m physdev --physdev-in eth0 -m tcp --dport 80 -j ACCEPT 12 | -A INPUT -p udp -m udp --sport 53 -j ACCEPT 13 | -A INPUT -p udp -m udp --dport 53 -j ACCEPT 14 | -A INPUT -p tcp -m physdev --physdev-in eth0 -m tcp --dport 123 -j ACCEPT 15 | -A INPUT -p udp -m physdev --physdev-in eth0 -m udp --dport 123 -j ACCEPT 16 | -A INPUT -p tcp -m physdev --physdev-in eth0 -m tcp --dport 137:139 -j ACCEPT 17 | -A INPUT -p udp -m physdev --physdev-in eth0 -m udp --dport 137:139 -j ACCEPT 18 | -A INPUT -p tcp -m physdev --physdev-in eth0 -m tcp --dport 445 -j ACCEPT 19 | -A INPUT -p tcp -m physdev --physdev-in eth0 -m tcp --sport 137:139 -j ACCEPT 20 | -A INPUT -p udp -m physdev --physdev-in eth0 -m udp --sport 137:139 -j ACCEPT 21 | -A INPUT -p tcp -m physdev --physdev-in eth0 -m tcp --sport 445 -j ACCEPT 22 | -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT 23 | -A INPUT -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT 24 | -A INPUT -s 192.30.252.0/22 -m physdev --physdev-in eth0 -j ACCEPT 25 | -A INPUT -s 151.101.100.133/32 -m physdev --physdev-in eth0 -j ACCEPT 26 | -A INPUT -s 151.101.28.133/32 -m physdev --physdev-in eth0 -j ACCEPT 27 | -A INPUT -d 224.0.0.0/8 -j ACCEPT 28 | -A INPUT -s 224.0.0.0/8 -j ACCEPT 29 | -A INPUT -s 52.43.174.40/32 -j ACCEPT 30 | -A INPUT -s 104.70.153.178/32 -j ACCEPT 31 | -A INPUT -s 104.74.48.110/32 -j ACCEPT 32 | -A INPUT -s 23.7.18.146/32 -j ACCEPT 33 | -A INPUT -s 23.7.24.35/32 -j ACCEPT 34 | -A INPUT -s 52.11.210.152/32 -j ACCEPT 35 | -A INPUT -s 52.25.179.65/32 -j ACCEPT 36 | -A INPUT -s 52.89.56.205/32 -j ACCEPT 37 | -A INPUT -s 54.148.137.96/32 -j ACCEPT 38 | -A INPUT -s 54.218.98.74/32 -j ACCEPT 39 | -A INPUT -s 54.218.99.79/32 -j ACCEPT 40 | -A INPUT -s 54.244.22.201/32 -j ACCEPT 41 | -A INPUT -s 69.25.139.140/32 -j ACCEPT 42 | -A INPUT -s 192.195.204.216/32 -j ACCEPT 43 | -A INPUT -s 52.10.249.207/32 -j ACCEPT 44 | -A INPUT -m physdev --physdev-in wlan0 -j WLAN_LOGGING 45 | -A INPUT -j LOGGING 46 | -A FORWARD -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT 47 | -A FORWARD -p udp -m udp --dport 53 -j ACCEPT 48 | -A FORWARD -p tcp -m tcp --dport 53 -j ACCEPT 49 | -A FORWARD -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT 50 | -A FORWARD -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT 51 | -A FORWARD -d 224.0.0.0/8 -j ACCEPT 52 | -A FORWARD -s 224.0.0.0/8 -j ACCEPT 53 | -A FORWARD -d 52.43.174.40/32 -j ACCEPT 54 | -A FORWARD -d 104.70.153.178/32 -j ACCEPT 55 | -A FORWARD -d 104.74.48.110/32 -j ACCEPT 56 | -A FORWARD -d 23.7.18.146/32 -j ACCEPT 57 | -A FORWARD -d 23.7.24.35/32 -j ACCEPT 58 | -A FORWARD -d 52.11.210.152/32 -j ACCEPT 59 | -A FORWARD -d 52.25.179.65/32 -j ACCEPT 60 | -A FORWARD -d 52.89.56.205/32 -j ACCEPT 61 | -A FORWARD -d 54.148.137.96/32 -j ACCEPT 62 | -A FORWARD -d 54.218.98.74/32 -j ACCEPT 63 | -A FORWARD -d 54.218.99.79/32 -j ACCEPT 64 | -A FORWARD -d 54.244.22.201/32 -j ACCEPT 65 | -A FORWARD -d 69.25.139.140/32 -j ACCEPT 66 | -A FORWARD -d 192.195.204.216/32 -j ACCEPT 67 | -A FORWARD -d 52.10.249.207/32 -j ACCEPT 68 | -A FORWARD -s 52.43.174.40/32 -j ACCEPT 69 | -A FORWARD -s 104.70.153.178/32 -j ACCEPT 70 | -A FORWARD -s 104.74.48.110/32 -j ACCEPT 71 | -A FORWARD -s 23.7.18.146/32 -j ACCEPT 72 | -A FORWARD -s 23.7.24.35/32 -j ACCEPT 73 | -A FORWARD -s 52.11.210.152/32 -j ACCEPT 74 | -A FORWARD -s 52.25.179.65/32 -j ACCEPT 75 | -A FORWARD -s 52.89.56.205/32 -j ACCEPT 76 | -A FORWARD -s 54.148.137.96/32 -j ACCEPT 77 | -A FORWARD -s 54.218.98.74/32 -j ACCEPT 78 | -A FORWARD -s 54.218.99.79/32 -j ACCEPT 79 | -A FORWARD -s 54.244.22.201/32 -j ACCEPT 80 | -A FORWARD -s 69.25.139.140/32 -j ACCEPT 81 | -A FORWARD -s 192.195.204.216/32 -j ACCEPT 82 | -A FORWARD -s 52.10.249.207/32 -j ACCEPT 83 | -A FORWARD -j LOGGING 84 | -A OUTPUT -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT 85 | -A OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT 86 | -A OUTPUT -p tcp -m tcp --sport 80 -j ACCEPT 87 | -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT 88 | -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT 89 | -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT 90 | -A OUTPUT -p tcp -m tcp --sport 123 -j ACCEPT 91 | -A OUTPUT -p udp -m udp --sport 123 -j ACCEPT 92 | -A OUTPUT -p tcp -m tcp --sport 137:139 -j ACCEPT 93 | -A OUTPUT -p udp -m udp --sport 137:139 -j ACCEPT 94 | -A OUTPUT -p tcp -m tcp --sport 445 -j ACCEPT 95 | -A OUTPUT -p tcp -m tcp --dport 137:139 -j ACCEPT 96 | -A OUTPUT -p udp -m udp --dport 137:139 -j ACCEPT 97 | -A OUTPUT -p tcp -m tcp --dport 445 -j ACCEPT 98 | -A OUTPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT 99 | -A OUTPUT -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT 100 | -A OUTPUT -d 192.30.252.0/22 -j ACCEPT 101 | -A OUTPUT -d 151.101.100.133/32 -j ACCEPT 102 | -A OUTPUT -d 151.101.28.133/32 -j ACCEPT 103 | -A OUTPUT -d 224.0.0.0/8 -j ACCEPT 104 | -A OUTPUT -s 224.0.0.0/8 -j ACCEPT 105 | -A OUTPUT -d 52.43.174.40/32 -j ACCEPT 106 | -A OUTPUT -d 104.70.153.178/32 -j ACCEPT 107 | -A OUTPUT -d 104.74.48.110/32 -j ACCEPT 108 | -A OUTPUT -d 23.7.18.146/32 -j ACCEPT 109 | -A OUTPUT -d 23.7.24.35/32 -j ACCEPT 110 | -A OUTPUT -d 52.11.210.152/32 -j ACCEPT 111 | -A OUTPUT -d 52.25.179.65/32 -j ACCEPT 112 | -A OUTPUT -d 52.89.56.205/32 -j ACCEPT 113 | -A OUTPUT -d 54.148.137.96/32 -j ACCEPT 114 | -A OUTPUT -d 54.218.98.74/32 -j ACCEPT 115 | -A OUTPUT -d 54.218.99.79/32 -j ACCEPT 116 | -A OUTPUT -d 54.244.22.201/32 -j ACCEPT 117 | -A OUTPUT -d 69.25.139.140/32 -j ACCEPT 118 | -A OUTPUT -d 192.195.204.216/32 -j ACCEPT 119 | -A OUTPUT -d 52.10.249.207/32 -j ACCEPT 120 | -A OUTPUT -j LOGGING 121 | -A LOGGING -j DROP 122 | -A WLAN_LOGGING -m limit --limit 10/min -j LOG --log-prefix "Dropped incoming wlan packet:" 123 | -A WLAN_LOGGING -j DROP 124 | COMMIT 125 | # Completed on Sun Apr 30 12:15:19 2017 126 | -------------------------------------------------------------------------------- /raspi_secure/iptables.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Used for testing new iptables rules before exporting with iptables-save. 3 | # 4 | # To restore previously-saved rules, you are better off running: 5 | # sudo iptables-restore < /raspi_secure/firewall.rules 6 | 7 | errcho() { echo "$@" 1>&2; } 8 | 9 | # Read command-line parameters 10 | while getopts ":h" opt; do 11 | case "$opt" in 12 | h) 13 | HELP=true 14 | ;; 15 | \?) 16 | errcho "Invalid option: -$OPTARG" 17 | exit 1 18 | ;; 19 | :) 20 | errcho "Option -$OPTARG requires an argument." 21 | exit 1 22 | ;; 23 | 24 | esac 25 | done 26 | 27 | if [[ $HELP == true ]] 28 | then 29 | echo "iptables.sh -- Set iptables rules" 30 | echo 31 | echo "*** NOTE: To be run with sudo, or as root" 32 | echo "If trying to restore rules, consider using \"sudo iptables-restore < /raspi_secure/firewall.rules\" instead" 33 | echo 34 | echo "USAGE: iptables.sh [OPTIONS]" 35 | echo 36 | echo "Option Meaning" 37 | echo "-h This help text" 38 | exit 0 39 | fi 40 | 41 | # Allow loopback 42 | iptables -I INPUT 1 -i lo -j ACCEPT 43 | 44 | # Allow DHCP 45 | iptables -A INPUT -p udp --sport 67:68 --dport 67:68 -j ACCEPT 46 | iptables -A OUTPUT -p udp --sport 67:68 --dport 67:68 -j ACCEPT 47 | iptables -A FORWARD -p udp --sport 67:68 --dport 67:68 -j ACCEPT 48 | 49 | # Allow SSH 50 | iptables -A INPUT -m physdev --physdev-in eth0 -p tcp --dport 22 -j ACCEPT 51 | iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT 52 | 53 | # Allow HTTP 54 | iptables -A INPUT -m physdev --physdev-in eth0 -p tcp --dport 80 -j ACCEPT 55 | iptables -A OUTPUT -s 0/0 -p tcp --sport 80 -j ACCEPT 56 | 57 | # Allow the device to make outgoing HTTP requests 58 | iptables -A OUTPUT -s 0/0 -p tcp --dport 80 -j ACCEPT 59 | 60 | # Allow DNS 61 | iptables -A INPUT -p udp --sport 53 -j ACCEPT 62 | iptables -A INPUT -p udp --dport 53 -j ACCEPT 63 | iptables -A OUTPUT -p udp --dport 53 -j ACCEPT 64 | iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT 65 | iptables -A FORWARD -p udp --dport 53 -j ACCEPT 66 | iptables -A FORWARD -p tcp --dport 53 -j ACCEPT 67 | 68 | # Allow NTP since the raspi has no RTC 69 | iptables -A INPUT -m physdev --physdev-in eth0 -p tcp --dport 123 -j ACCEPT 70 | iptables -A OUTPUT -p tcp --sport 123 -j ACCEPT 71 | iptables -A INPUT -m physdev --physdev-in eth0 -p udp --dport 123 -j ACCEPT 72 | iptables -A OUTPUT -p udp --sport 123 -j ACCEPT 73 | 74 | # Allow CIFS both ways 75 | iptables -A OUTPUT -p tcp --sport 137:139 -j ACCEPT 76 | iptables -A OUTPUT -p udp --sport 137:139 -j ACCEPT 77 | iptables -A OUTPUT -p tcp --sport 445 -j ACCEPT 78 | iptables -A OUTPUT -p tcp --dport 137:139 -j ACCEPT 79 | iptables -A OUTPUT -p udp --dport 137:139 -j ACCEPT 80 | iptables -A OUTPUT -p tcp --dport 445 -j ACCEPT 81 | iptables -A INPUT -m physdev --physdev-in eth0 -p tcp --dport 137:139 -j ACCEPT 82 | iptables -A INPUT -m physdev --physdev-in eth0 -p udp --dport 137:139 -j ACCEPT 83 | iptables -A INPUT -m physdev --physdev-in eth0 -p tcp --dport 445 -j ACCEPT 84 | iptables -A INPUT -m physdev --physdev-in eth0 -p tcp --sport 137:139 -j ACCEPT 85 | iptables -A INPUT -m physdev --physdev-in eth0 -p udp --sport 137:139 -j ACCEPT 86 | iptables -A INPUT -m physdev --physdev-in eth0 -p tcp --sport 445 -j ACCEPT 87 | 88 | # Allow established TCP/UDP connections back in 89 | iptables -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT 90 | iptables -A INPUT -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT 91 | iptables -A OUTPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT 92 | iptables -A OUTPUT -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT 93 | iptables -A FORWARD -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT 94 | iptables -A FORWARD -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT 95 | 96 | # Allow connection to GitHub servers 97 | iptables -A INPUT -m physdev --physdev-in eth0 -s 192.30.252.0/22 -j ACCEPT 98 | iptables -A OUTPUT -d 192.30.252.0/22 -j ACCEPT 99 | 100 | # Allow connection to GitHub raw server (for version check) 101 | iptables -A INPUT -m physdev --physdev-in eth0 -s 151.101.100.133 -j ACCEPT 102 | iptables -A INPUT -m physdev --physdev-in eth0 -s 151.101.28.133 -j ACCEPT 103 | iptables -A OUTPUT -d 151.101.100.133 -j ACCEPT 104 | iptables -A OUTPUT -d 151.101.28.133 -j ACCEPT 105 | 106 | # Allow multicasts 107 | iptables -A INPUT -d 224.0.0.0/8 -j ACCEPT 108 | iptables -A INPUT -s 224.0.0.0/8 -j ACCEPT 109 | iptables -A OUTPUT -d 224.0.0.0/8 -j ACCEPT 110 | iptables -A OUTPUT -s 224.0.0.0/8 -j ACCEPT 111 | iptables -A FORWARD -d 224.0.0.0/8 -j ACCEPT 112 | iptables -A FORWARD -s 224.0.0.0/8 -j ACCEPT 113 | 114 | # Streetpass relay whitelist 115 | iptables -A INPUT -s 52.43.174.40 -j ACCEPT 116 | iptables -A INPUT -s 104.70.153.178 -j ACCEPT 117 | iptables -A INPUT -s 104.74.48.110 -j ACCEPT 118 | iptables -A INPUT -s 23.7.18.146 -j ACCEPT 119 | iptables -A INPUT -s 23.7.24.35 -j ACCEPT 120 | iptables -A INPUT -s 52.11.210.152 -j ACCEPT 121 | iptables -A INPUT -s 52.25.179.65 -j ACCEPT 122 | iptables -A INPUT -s 52.89.56.205 -j ACCEPT 123 | iptables -A INPUT -s 54.148.137.96 -j ACCEPT 124 | iptables -A INPUT -s 54.218.98.74 -j ACCEPT 125 | iptables -A INPUT -s 54.218.99.79 -j ACCEPT 126 | iptables -A INPUT -s 54.244.22.201 -j ACCEPT 127 | iptables -A INPUT -s 69.25.139.140 -j ACCEPT 128 | iptables -A INPUT -s 192.195.204.216 -j ACCEPT 129 | iptables -A INPUT -s 52.10.249.207 -j ACCEPT 130 | iptables -A OUTPUT -d 52.43.174.40 -j ACCEPT 131 | iptables -A OUTPUT -d 104.70.153.178 -j ACCEPT 132 | iptables -A OUTPUT -d 104.74.48.110 -j ACCEPT 133 | iptables -A OUTPUT -d 23.7.18.146 -j ACCEPT 134 | iptables -A OUTPUT -d 23.7.24.35 -j ACCEPT 135 | iptables -A OUTPUT -d 52.11.210.152 -j ACCEPT 136 | iptables -A OUTPUT -d 52.25.179.65 -j ACCEPT 137 | iptables -A OUTPUT -d 52.89.56.205 -j ACCEPT 138 | iptables -A OUTPUT -d 54.148.137.96 -j ACCEPT 139 | iptables -A OUTPUT -d 54.218.98.74 -j ACCEPT 140 | iptables -A OUTPUT -d 54.218.99.79 -j ACCEPT 141 | iptables -A OUTPUT -d 54.244.22.201 -j ACCEPT 142 | iptables -A OUTPUT -d 69.25.139.140 -j ACCEPT 143 | iptables -A OUTPUT -d 192.195.204.216 -j ACCEPT 144 | iptables -A OUTPUT -d 52.10.249.207 -j ACCEPT 145 | iptables -A FORWARD -d 52.43.174.40 -j ACCEPT 146 | iptables -A FORWARD -d 104.70.153.178 -j ACCEPT 147 | iptables -A FORWARD -d 104.74.48.110 -j ACCEPT 148 | iptables -A FORWARD -d 23.7.18.146 -j ACCEPT 149 | iptables -A FORWARD -d 23.7.24.35 -j ACCEPT 150 | iptables -A FORWARD -d 52.11.210.152 -j ACCEPT 151 | iptables -A FORWARD -d 52.25.179.65 -j ACCEPT 152 | iptables -A FORWARD -d 52.89.56.205 -j ACCEPT 153 | iptables -A FORWARD -d 54.148.137.96 -j ACCEPT 154 | iptables -A FORWARD -d 54.218.98.74 -j ACCEPT 155 | iptables -A FORWARD -d 54.218.99.79 -j ACCEPT 156 | iptables -A FORWARD -d 54.244.22.201 -j ACCEPT 157 | iptables -A FORWARD -d 69.25.139.140 -j ACCEPT 158 | iptables -A FORWARD -d 192.195.204.216 -j ACCEPT 159 | iptables -A FORWARD -d 52.10.249.207 -j ACCEPT 160 | iptables -A FORWARD -s 52.43.174.40 -j ACCEPT 161 | iptables -A FORWARD -s 104.70.153.178 -j ACCEPT 162 | iptables -A FORWARD -s 104.74.48.110 -j ACCEPT 163 | iptables -A FORWARD -s 23.7.18.146 -j ACCEPT 164 | iptables -A FORWARD -s 23.7.24.35 -j ACCEPT 165 | iptables -A FORWARD -s 52.11.210.152 -j ACCEPT 166 | iptables -A FORWARD -s 52.25.179.65 -j ACCEPT 167 | iptables -A FORWARD -s 52.89.56.205 -j ACCEPT 168 | iptables -A FORWARD -s 54.148.137.96 -j ACCEPT 169 | iptables -A FORWARD -s 54.218.98.74 -j ACCEPT 170 | iptables -A FORWARD -s 54.218.99.79 -j ACCEPT 171 | iptables -A FORWARD -s 54.244.22.201 -j ACCEPT 172 | iptables -A FORWARD -s 69.25.139.140 -j ACCEPT 173 | iptables -A FORWARD -s 192.195.204.216 -j ACCEPT 174 | iptables -A FORWARD -s 52.10.249.207 -j ACCEPT 175 | 176 | # Set up log for non-matching patckets 177 | iptables -N LOGGING 178 | iptables -N WLAN_LOGGING 179 | 180 | # Redirect remaining I/O packets to logging chain 181 | iptables -A INPUT -m physdev --physdev-in wlan0 -j WLAN_LOGGING 182 | iptables -A INPUT -j LOGGING 183 | iptables -A OUTPUT -j LOGGING 184 | iptables -A FORWARD -j LOGGING 185 | 186 | # Set logging options - non-WLAN disabled due to oversized logs. Uncomment to log dropped packet info. 187 | # iptables -A LOGGING -m limit --limit 20/min -j LOG --log-prefix "Dropped packet: " --log-level 4 188 | iptables -A WLAN_LOGGING -m limit --limit 10/min -j LOG --log-prefix "Dropped incoming wlan packet: " --log-level 4 189 | 190 | # Drop 'em 191 | iptables -A LOGGING -j DROP 192 | iptables -A WLAN_LOGGING -j DROP 193 | -------------------------------------------------------------------------------- /raspi_secure/raspipass: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Main RaspiPass script - calculates whether a random check passes, and raises an access point 3 | # with details drawn from /raspipass/mac_addresses.txt 4 | 5 | errcho() { echo "$@" 1>&2; } 6 | 7 | # Read command-line parameters 8 | 9 | while getopts ":hp:m:" opt; do 10 | case "$opt" in 11 | p) 12 | probability=$OPTARG 13 | ;; 14 | h) 15 | HELP=true 16 | ;; 17 | m) 18 | IFS=',' read -a apsettings <<< $OPTARG 19 | ;; 20 | \?) 21 | errcho "Invalid option: -$OPTARG" 22 | exit 1 23 | ;; 24 | :) 25 | errcho "Option -$OPTARG requires an argument." 26 | exit 1 27 | ;; 28 | esac 29 | done 30 | 31 | if [[ $HELP == true ]] 32 | then 33 | echo "raspipass -- Main RaspiPass script. Uses defined probability to calculate whether to raise a" 34 | echo " StreetPass Relay access point, and raises one for five minutes if successful" 35 | echo 36 | echo "*** NOTE: To be run with sudo, or as root" 37 | echo 38 | echo "USAGE: raspipass [OPTIONS]" 39 | echo 40 | echo "Option Meaning" 41 | echo "-h This help text" 42 | echo "-m [SSID],[MAC] Use manual options of [SSID] and [MAC] for AP" 43 | echo "-p [%] Set manual probability of raising AP" 44 | exit 0 45 | fi 46 | 47 | # Check command-line parameters are valid, if present 48 | if [[ $probability ]] 49 | then 50 | if ! [ "$probability" -eq "$probability" ] 2> /dev/null || [ $probability -le 0 ] || [ $probability -gt 100 ] 51 | then 52 | errcho ERROR: Probability must be an integer from 1 to 100 53 | exit 1 54 | else 55 | echo Probability manually set at $probability 56 | fi 57 | fi 58 | 59 | if [[ $apsettings ]] 60 | then 61 | if ! [[ "${apsettings[0]}" =~ ^[a-zA-Z0-9]*$ ]] 62 | then 63 | errcho ERROR: SSID ${apsettings[0]} contains illegal characters 64 | exit 1 65 | fi 66 | if ! [[ "${apsettings[1]}" =~ ^([a-fA-F0-9]{2}:){5}[a-fA-F0-9]{2}$ ]] 67 | then 68 | errcho ERROR: MAC address ${apsettings[1]} is invalid 69 | exit 1 70 | fi 71 | echo Using SSID \"${apsettings[0]}\" and MAC address \"${apsettings[1]}\" 72 | fi 73 | 74 | echo `date` 75 | echo "Starting RaspiPass..." 76 | 77 | # Check probability file 78 | if [ -z $probability ] 79 | then 80 | echo "Checking for probability setting..." 81 | if [ -f /raspipass/runchance.txt ] 82 | then 83 | # echo "/raspipass/runchance.txt found. Reading probability." 84 | if [ "`grep $'\x60' /raspipass/runchance.txt`" ] 85 | then 86 | errcho "Source file contains illegal character(s). Aborting sourcing." 87 | errcho "Using default probability of 20%." 88 | probability=20 89 | else 90 | source /raspipass/runchance.txt 91 | if [ -z $probability ] 92 | then 93 | errcho "File read. Probability not set. Using default of 20%." 94 | probability=20 95 | fi 96 | fi 97 | else 98 | errcho "/raspipass/runchance.txt not found. Using default probability of 20%." 99 | probability=20 100 | fi 101 | fi 102 | 103 | # Check probability is valid 104 | 105 | if ! [ "$probability" -eq "$probability" ] 2> /dev/null 106 | then 107 | errcho "ERROR: Probability value is not an integer. Using default of 20%." 108 | probability=20 109 | fi 110 | 111 | if [ $probability -le 0 ] || [ $probability -gt 100 ] 112 | then 113 | errcho "ERROR: Probability value is out of range. Using default of 20%." 114 | probability=20 115 | fi 116 | 117 | # Run probability calculation 118 | echo "Running random check with $probability% chance..." 119 | raspiroll=`shuf -i 1-100 -n 1` 120 | if [ $raspiroll -le $probability ] 121 | then 122 | # Successful roll 123 | echo "Random check passed - bringing up AP." 124 | echo "Closing any existing hostapd processes..." 125 | killall hostapd 2> /dev/null 126 | exitstat=$? 127 | if [ $exitstat -eq 0 ] 128 | then 129 | echo "hostapd successfully terminated." 130 | fi 131 | ifconfig wlan0 down 132 | ifdown wlan0 133 | 134 | # Copy base hostapd.conf to /run and append SSID 135 | cp /raspipass/hostapd.conf /var/raspipass/hostapd.conf 136 | if [ -z $apsettings ] 137 | then 138 | IFS=',' read -a apsettings <<< `rl -c 1 /raspipass/mac_addresses.txt` 139 | fi 140 | echo Using SSID ${apsettings[0]} and MAC address ${apsettings[1]} 141 | echo "ssid=${apsettings[0]}" >> /var/raspipass/hostapd.conf 142 | echo Changing MAC address... 143 | /usr/bin/macchanger -m ${apsettings[1]} wlan0 > /dev/null 144 | ifup wlan0 145 | 146 | # Bring up AP 147 | echo "Bringing up access point..." 148 | echo 149 | echo 150 | echo "hostapd output may follow below." 151 | bash -c "/usr/sbin/hostapd -t /var/raspipass/hostapd.conf" >> /var/raspipass/hostapd.log & 152 | echo killall hostapd | at now + 5 minutes > /dev/null 153 | else 154 | # Unsuccessful roll 155 | echo "Random check did not pass - not raising an access point this time." 156 | fi 157 | -------------------------------------------------------------------------------- /raspipass/config.ini: -------------------------------------------------------------------------------- 1 | ; RaspiPass configuration file for web frontend 2 | ; Edit this config via the web interface 3 | [hostapd_config] 4 | wifi_country="US" 5 | wifi_channel="10" 6 | mac_restriction=0 7 | runchance="20" 8 | runinterval="6" 9 | -------------------------------------------------------------------------------- /raspipass/hostapd.conf: -------------------------------------------------------------------------------- 1 | # This file contains the options specific to the access point. 2 | # Please edit the device configuration via web management rather than this tool 3 | ### Interface options ### 4 | interface=wlan0 5 | bridge=br0 6 | ### Options set via web config 7 | channel=10 8 | country_code=AU 9 | ### Leave everything below as standard 10 | wpa=0 11 | hw_mode=g 12 | -------------------------------------------------------------------------------- /raspipass/mac_addresses.txt: -------------------------------------------------------------------------------- 1 | attwifi,00:0F:F7:00:2D:82 2 | attwifi,50:3D:E5:75:50:62 3 | attwifi,00:1A:A2:A2:17:23 4 | attwifi,00:15:63:9A:23:D2 5 | WorldofCoca-Cola,00:3A:9A:10:BF:91 6 | attwifi,00:0D:67:1A:46:E7 7 | attwifi,00:3A:99:5B:D0:82 8 | attwifi,00:18:BA:C9:5E:90 9 | attwifi,00:18:B9:B3:CE:70 10 | attwifi,00:11:92:86:BE:40 11 | attwifi,00:0d:67:12:86:c7 12 | attwifi,00:16:C8:17:6E:30 13 | attwifi,58:8D:09:B1:8A:62 14 | attwifi,00:12:7F:CA:A1:A3 15 | attwifi,00:1F:9E:D3:84:60 16 | attwifi,00:0D:BD:AF:DA:4A 17 | attwifi,00:88:65:54:B9:8B 18 | attwifi,00:24:14:10:df:12 19 | attwifi,00:15:c6:29:51:42 20 | attwifi,00:14:6a:c5:69:52 21 | attwifi,5c:0a:5b:2f:3e:61 22 | BELLWIFI@MCDONALDS,00:23:68:8F:25:50 23 | attwifi,00:15:c6:29:5f:92 24 | attwifi,00:11:92:8D:A3:80 25 | attwifi,00:26:99:4E:B2:30 26 | attwifi,00:13:1A:13:06:42 27 | attwifi,00:11:93:05:CE:F0 28 | attwifi,58:6d:8f:0f:ad:7b 29 | attwifi,e8:40:40:cd:ed:21 30 | attwifi,c4:71:fe:5b:de:f2 31 | KPN,00:20:A6:E3:5E:09 32 | attwifi,C4:71:FE:5C:2D:F2 33 | attwifi,00:21:D8:34:41:70 34 | attwifi,00:1D:70:9B:08:62 35 | attwifi,00:21:55:B4:E4:00 36 | attwifi,F0:7D:68:16:B7:2D 37 | attwifi,48:5A:B6:C0:35:27 38 | attwifi,00:12:00:CD:0F:72 39 | KPN,FC:0A:81:4F:8D:52 40 | KPN,FC:0A:81:58:AE:E2 41 | attwifi,34:A8:4E:9A:E7:51 42 | attwifi,00:0D:67:68:AE:99 43 | attwifi,00:0d:67:6a:25:27 44 | attwifi,20:37:06:6c:fe:c7 45 | attwifi,00:0f:8f:1d:6f:d2 46 | attwifi,00:13:7f:53:c5:c2 47 | attwifi,00:1a:6c:f3:67:42 48 | KPN,00:1c:58:af:ac:40 49 | KPN,B4:A4:E3:B5:90:42 50 | hotspot-gratuit.com,00:22:6b:6e:34:3a 51 | NZ@McD1,00:16:46:B9:41:82 52 | NZ@McD1,00:15:FA:2C:45:E2 53 | NZ@McD1,00:14:A8:7E:8C:12 54 | NZ@McD1,00:16:C8:17:8B:12 55 | attwifi,00:3a:9a:64:c1:b0 56 | attwifi,00:22:55:c3:cb:10 57 | attwifi,00:0f:f7:20:82:62 58 | attwifi,00:15:C6:6A:B3:52 59 | attwifi,04:c5:a4:8d:14:18 60 | attwifi,04:c5:a4:8d:14:17 61 | attwifi,00:0d:67:1c:1b:24 62 | attwifi,00:90:FB:2A:17:D0 63 | attwifi,00:90:FB:2A:C8:96 64 | attwifi,00:90:FB:37:97:BA 65 | attwifi,00:90:FB:2A:04:14 66 | attwifi,00:22:90:9a:e2:82 67 | attwifi,00:0d:67:14:2f:89 68 | attwifi,00:0f:24:80:98:32 69 | attwifi,00:26:5a:86:b2:67 70 | hotspot-gratuit.com,00:22:6b:6e:34:3a 71 | attwifi,00:1A:6C:F3:65:62 72 | attwifi,00:12:01:96:A2:22 73 | NintendoSpotPass5,0A:18:1A:D1:DF:D0 74 | NintendoSpotPass5,0A:18:0A:D1:DF:D0 75 | NintendoSpotPass5,0A:18:1A:D1:C4:00 76 | NintendoSpotPass5,0A:18:0A:D1:C4:00 77 | NintendoSpotPass5,C4:10:8A:5B:94:98 78 | NintendoSpotPass5,0A:18:0A:D1:CC:B0 79 | attwifi,00:15:62:c7:e7:12 80 | attwifi,00:12:01:96:9a:d2 81 | attwifi,00:13:7f:53:96:72 82 | NZ@McD1,00:16:9D:F4:DC:22 83 | BELLWIFI@MCDONALDS,00:23:68:8c:7d:f0 84 | BELLWIFI@MCDONALDS,00:23:68:8f:60:b0 85 | Bestbuy,20:3a:07:39:03:ef 86 | -------------------------------------------------------------------------------- /raspipass/mac_restrict.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Pinchie/RaspiPass/2db1a56621c58696f4d8b15baed745c8fd17a97a/raspipass/mac_restrict.txt -------------------------------------------------------------------------------- /raspipass/runchance.txt: -------------------------------------------------------------------------------- 1 | # RaspiPass probability file 2 | # This determines the chance of the access point being 3 | # raisd when the script runs. 4 | # This is best edited via the web configuration. 5 | probability=20 6 | -------------------------------------------------------------------------------- /raspipass/version: -------------------------------------------------------------------------------- 1 | 0.7.4 2 | Standardised scripts with parameters - all scripts now have an -h parameter 3 | Improved update script 4 | Altered copy_to_sysdirs.sh to reference a csv file /git/scripts/filepermissions to use as a source when copying & setting permissions 5 | Added more logs to /raspi_secure/clear_logs.sh 6 | Cleaned up output of clear_logs.sh and set_defaults.sh 7 | Removed lots of commented out lines of code that were used during initial debugging 8 | Removed copy_to_gitdir.sh - this was only required when I wasn't using Git properly :) 9 | Set up daily downloading of latest version file from GitHub raw servers (for update checking) 10 | Configured two tmpfs drives mounted on /var/raspipass and /var/log/apache2 in order to reduce SD use 11 | Added configuration in copy_to_sysdirs.sh to create these mount points in fstab if they do not exist (reboot required after) 12 | Added notification of required reboot to Web GUI (triggered by presence of /var/raspipass/reboot - message is contents of first line 13 | Moved almost every dynamic RaspiPass file (eg logs, dynamic config) to /var/raspipass 14 | 15 | -------------------------------------------------------------------------------- /scripts/copy_to_sysdirs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copy files from git directory to system directories and set 4 | # permissions 5 | 6 | # Read parameters 7 | 8 | errcho() { echo "$@" 1>&2; } 9 | while getopts ":ah" opt; do 10 | case "$opt" in 11 | a) 12 | AUTO=true 13 | ;; 14 | h) 15 | HELP=true 16 | ;; 17 | \?) 18 | errcho "Invalid option: -$OPTARG" 19 | exit 1 20 | ;; 21 | :) 22 | errcho "Option -$OPTARG requires an argument." 23 | exit 1 24 | ;; 25 | esac 26 | done 27 | 28 | if [[ $HELP == true ]] 29 | then 30 | echo "copy_to_sysdirs.sh -- transfer RaspiPass /git working directory to running directories" 31 | echo 32 | echo "*** NOTE: To be run with sudo, or as root" 33 | echo 34 | echo "USAGE: copy_to_scriptdirs.sh [OPTIONS]" 35 | echo 36 | echo "Option Meaning" 37 | echo "-a Run without confirmation (automated)" 38 | echo "-h This help text" 39 | exit 0 40 | fi 41 | 42 | # Retained for pre-0.7.4 compatibility 43 | if [ "$1" = "auto" ] 44 | then 45 | AUTO=true 46 | fi 47 | 48 | if [[ $AUTO != true ]] 49 | then 50 | echo "This will copy all files from the /git working directories to the RaspiPass system directories." 51 | echo "Proceeding will cause all matching files in the RaspiPass system directories to be overwritten." 52 | echo "Non-matching files in the RaspiPass system directories will be deleted!" 53 | read -p "Are you sure you want to proceed? [Y/N] " -r -n 1 54 | fi 55 | 56 | if [[ "$REPLY" =~ ^[Yy]$ ]] || [[ $AUTO == true ]] 57 | then 58 | echo 59 | 60 | # /raspipass 61 | echo Copying /git/raspipass... 62 | rsync -vryW --exclude /raspipass/log/update.log --del --force /git/raspipass / 63 | echo Done. 64 | echo 65 | 66 | # /raspi_secure 67 | echo Copying /git/raspi_secure... 68 | sudo rsync -vryW --del --force /git/raspi_secure / 69 | echo Done. 70 | echo 71 | 72 | # /var/www/html 73 | echo Copying /git/html... 74 | sudo rsync -vryW --del --force /git/html /var/www/ 75 | echo Done. 76 | 77 | echo Setting permissions... 78 | 79 | IFS="," 80 | while read file owner perm recurse 81 | do 82 | # Directories first 83 | if [ -d "$file" ] 84 | then 85 | if [ $recurse == "TRUE" ] 86 | then 87 | echo Recursively applying $owner,$perm to $file 88 | chown -R $owner $file 89 | chmod -R $perm $file 90 | else 91 | echo Applying $owner,$perm to $file 92 | chown $owner $file 93 | chmod $perm $file 94 | fi 95 | else 96 | 97 | # Then files, as long as they aren't in /git/scripts 98 | if [ -f "$file" ] && [[ ! "$file" =~ "/git/scripts" ]] 99 | then 100 | echo Applying $owner,$perm to $file 101 | chown $owner $file 102 | chmod $perm $file 103 | else 104 | # Ignore the following: the first line, any files in /git/scripts, and any blank lines. Return error 105 | # for remaining files. 106 | if [ "$file" != "Location" ] && [ -n "$file" ] && [[ ! "$file" =~ "/git/scripts" ]] 107 | then 108 | errcho ERROR: $file does not exist! 109 | else 110 | echo Skipping $file 111 | fi 112 | fi 113 | fi 114 | done < /git/scripts/filepermissions 115 | 116 | # Update 0.7.4+ - add /var/raspipass and /var/log/apache2 RAMdisk entries to fstab, if they do not exist 117 | echo 118 | echo Checking for RAMdisk entries in fstab 119 | if grep -q raspipass /etc/fstab 120 | then 121 | echo RaspiPass entry already exists. 122 | else 123 | echo RaspiPass entry does not exist! Adding... 124 | echo "tmpfs /var/raspipass tmpfs defaults,noatime,nosuid,mode=0777,size=10m 0 0" >> /etc/fstab 125 | reboot_required=1 126 | fi 127 | if grep -q apache2 /etc/fstab 128 | then 129 | echo Apache2 logs entry already exists. 130 | else 131 | echo Apache2 logs entry does not exist! Adding... 132 | echo "tmpfs /var/log/apache2 tmpfs defaults,noatime,nosuid,mode=0777,size=100m 0 0" >> /etc/fstab 133 | reboot_required=1 134 | fi 135 | 136 | echo 137 | echo All done. 138 | 139 | # Prompt to reboot, if required 140 | if [ $reboot_required ] 141 | then 142 | echo 143 | echo "*** WARNING: Reboot required to complete changes! Please run 'sudo reboot'" 144 | if [ ! -d /var/raspipass ] 145 | then 146 | mkdir /var/raspipass 147 | fi 148 | echo "Reboot required following system changes made by copy_to_sysdirs.sh" > /var/raspipass/reboot 149 | fi 150 | 151 | else 152 | echo 153 | echo Exiting... 154 | fi 155 | 156 | 157 | -------------------------------------------------------------------------------- /scripts/filepermissions: -------------------------------------------------------------------------------- 1 | Location, User:Group owner, Numeric permission, Set recursively (directories only) [TRUE/FALSE] 2 | /raspipass,raspi:raspi,755,FALSE 3 | /raspipass/config.ini,raspi:raspi,664,FALSE 4 | /raspipass/hostapd.conf,raspi:raspi,664,FALSE 5 | /raspipass/mac_addresses.txt,raspi:raspi,664,FALSE 6 | /raspipass/mac_restrict.txt,raspi:raspi,664,FALSE 7 | /raspipass/runchance.txt,raspi:raspi,664,FALSE 8 | /raspipass/version,raspi:raspi,664,FALSE 9 | /raspi_secure,root:root,700,FALSE 10 | /raspi_secure/firewall.rules,root:root,644,FALSE 11 | /raspi_secure/iptables.sh,root:root,744,FALSE 12 | /raspi_secure/raspipass,root:root,744,FALSE 13 | /raspi_secure/clear_logs.sh,root:root,744,FALSE 14 | /var/www/html,www-data:www-data,755,TRUE 15 | /git/scripts,raspi:raspi,777,FALSE 16 | /git/scripts/copy_to_sysdirs.sh,root:root,766,FALSE 17 | /git/scripts/set_defaults.sh,root:root,766,FALSE 18 | /git/scripts/set_interfaces.sh,root:root,766,FALSE 19 | /git/scripts/filepermissions,root:root,644,FALSE 20 | -------------------------------------------------------------------------------- /scripts/set_defaults.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Script to clear log files - particularly Apache ones - and set 3 | # certain files to their default configuration. 4 | # 5 | # Designed to be run before distribution 6 | # 7 | # To be run as root 8 | 9 | errcho() { echo "$@" 1>&2; } 10 | 11 | # Read command-line parameters 12 | while getopts ":h" opt; do 13 | case "$opt" in 14 | h) 15 | HELP=true 16 | ;; 17 | \?) 18 | errcho "Invalid option: -$OPTARG" 19 | exit 1 20 | ;; 21 | :) 22 | errcho "Option -$OPTARG requires an argument." 23 | exit 1 24 | ;; 25 | 26 | esac 27 | done 28 | 29 | if [[ $HELP == true ]] 30 | then 31 | echo "set_defaults.sh -- Clear RaspiPass and system log files, and reset to default configuration" 32 | echo 33 | echo "*** NOTE: To be run with sudo, or as root" 34 | echo 35 | echo "USAGE: set_defaults.sh [OPTIONS]" 36 | echo 37 | echo "Option Meaning" 38 | echo "-h This help text" 39 | exit 0 40 | fi 41 | 42 | # Call log clearing script 43 | /raspi_secure/clear_logs.sh 44 | echo "" 45 | echo Settings defaults: 46 | 47 | # Apply defaults to config.ini 48 | echo config.ini... 49 | echo "; RaspiPass configuration file for web frontend" > /raspipass/config.ini 50 | echo "; Edit this config via the web interface" >> /raspipass/config.ini 51 | echo "[hostapd_config]" >> /raspipass/config.ini 52 | echo "wifi_country=\"US\"" >> /raspipass/config.ini 53 | echo "wifi_channel=\"10\"" >> /raspipass/config.ini 54 | echo "mac_restriction=0" >> /raspipass/config.ini 55 | echo "runchance=\"20\"" >> /raspipass/config.ini 56 | echo "runinterval=\"6\"" >> /raspipass/config.ini 57 | 58 | # Apply defaults to runchance.txt 59 | echo runchance.txt... 60 | echo "# RaspiPass probability file" > /raspipass/runchance.txt 61 | echo "# This determines the chance of the access point being" >> /raspipass/runchance.txt 62 | echo "# raisd when the script runs." >> /raspipass/runchance.txt 63 | echo "# This is best edited via the web configuration." >> /raspipass/runchance.txt 64 | echo "probability=20" >> /raspipass/runchance.txt 65 | 66 | # Apply default Git config for /git directory 67 | echo git config... 68 | echo "[core]" > /git/.git/config 69 | echo " repositoryformatversion = 0" >> /git/.git/config 70 | echo " filemode = true" >> /git/.git/config 71 | echo " bare = false" >> /git/.git/config 72 | echo " logallrefupdates = true" >> /git/.git/config 73 | echo "[user]" >> /git/.git/config 74 | echo " name = " >> /git/.git/config 75 | echo " email = " >> /git/.git/config 76 | echo "" >> /git/.git/config 77 | echo "[remote \"origin\"]" >> /git/.git/config 78 | echo " url = https://github.com/Pinchie/RaspiPass" >> /git/.git/config 79 | echo " fetch = +refs/heads/*:refs/remotes/origin/*" >> /git/.git/config 80 | 81 | # Done 82 | echo "" 83 | echo Logs have been cleared and settings reverted to default. 84 | -------------------------------------------------------------------------------- /scripts/set_interfaces.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # This script sets the default /etc/network/interfaces config back in place 3 | 4 | errcho() { echo "$@" 1>&2; } 5 | 6 | # Read command-line parameters 7 | while getopts ":h" opt; do 8 | case "$opt" in 9 | h) 10 | HELP=true 11 | ;; 12 | \?) 13 | errcho "Invalid option: -$OPTARG" 14 | exit 1 15 | ;; 16 | :) 17 | errcho "Option -$OPTARG requires an argument." 18 | exit 1 19 | ;; 20 | 21 | esac 22 | done 23 | 24 | if [[ $HELP == true ]] 25 | then 26 | echo "set_interfaces.sh -- Overwrite /etc/network/interfaces file with RaspiPass bridged config" 27 | echo 28 | echo "*** NOTE: To be run with sudo, or as root" 29 | echo 30 | echo "USAGE: set_interfaces.sh [OPTIONS]" 31 | echo 32 | echo "Option Meaning" 33 | echo "-h This help text" 34 | exit 0 35 | fi 36 | 37 | echo "Restoring default /etc/network/interfaces file..." 38 | echo "# Generated by RaspiPass set_interfaces.sh" > /etc/network/interfaces 39 | echo "# This file describes the network interfaces available on your system" >> /etc/network/interfaces 40 | echo "# and how to activate them. For more information, see interfaces(5)." >> /etc/network/interfaces 41 | echo "" >> /etc/network/interfaces 42 | echo "# The loopback network interface" >> /etc/network/interfaces 43 | echo "auto lo" >> /etc/network/interfaces 44 | echo "iface lo inet loopback" >> /etc/network/interfaces 45 | echo "" >> /etc/network/interfaces 46 | echo "# Configure eth0 and wlan0" >> /etc/network/interfaces 47 | echo "allow-hotplug eth0" >> /etc/network/interfaces 48 | echo "auto eth0" >> /etc/network/interfaces 49 | echo "iface eth0 inet manual" >> /etc/network/interfaces 50 | echo "auto wlan0" >> /etc/network/interfaces 51 | echo "iface wlan0 inet manual" >> /etc/network/interfaces 52 | echo "" >> /etc/network/interfaces 53 | echo "# Configure bridge and add eth0" >> /etc/network/interfaces 54 | echo "auto br0" >> /etc/network/interfaces 55 | echo "iface br0 inet dhcp" >> /etc/network/interfaces 56 | echo " bridge_ports eth0" >> /etc/network/interfaces 57 | echo " bridge_stp on" >> /etc/network/interfaces 58 | echo "" >> /etc/network/interfaces 59 | echo "# Load iptables rules before bringing up interfaces" >> /etc/network/interfaces 60 | echo "pre-up iptables-restore < /raspi_secure/firewall.rules" >> /etc/network/interfaces 61 | echo "Done - restart networking or reboot to re-read configuration." 62 | --------------------------------------------------------------------------------