mirror of
https://github.com/hackerschoice/segfault.git
synced 2024-06-16 11:58:43 +00:00
rc1
This commit is contained in:
parent
af3a6d04a8
commit
2dc1fa9e05
2
Makefile
2
Makefile
@ -1,4 +1,4 @@
|
||||
VER := 0.5.0a
|
||||
VER := 0.5.0rc1
|
||||
|
||||
all:
|
||||
make -C router
|
||||
|
@ -21,7 +21,11 @@
|
||||
#SF_MAX_STRAIN=100
|
||||
#SF_SHM_SIZE= # Hard limit is USER_MEMORY_LIMIT
|
||||
#SF_CPUS= # automatic between 1..4 depending on host's cpu count
|
||||
#SF_TOKEN_PROHIBITED= # Prohibit the use of TOKENS
|
||||
#SF_NEED_TOKEN= # Block access without token. Setting '=msg.sh' will
|
||||
# source config/etc/msg/token-needed-msg.sh before exiting.
|
||||
# Tip: Used to allow only TOKEN access from countries or globally.
|
||||
#SF_TOKEN_PREFIX= # Will load token-${PREFIX}-${TOKEN}.conf instead.
|
||||
#SF_TOKEN_IMMUTABLE= # User can not change the token. Only valid in global & country.
|
||||
|
||||
#SF_USER_SYN_BURST=8196 # Can send 8k tcp sync packets
|
||||
#SF_USER_SYN_LIMIT=1 # Thereafter refill with 1 syn/second, 0=unlimited
|
||||
|
@ -402,7 +402,7 @@ wt_up()
|
||||
Alternatively use ${CDM}WireGuard:${CDC}
|
||||
${CMD_PKILL} '${killname}'
|
||||
export TYPE=wireguard
|
||||
X=\"\$X\" bash -c \"\$(curl -fsSL thc.org/sfwg)\"${CN}"
|
||||
X=\"\$X\" bash -c \"\$(curl -fsSL https://thc.org/sfwg)\"${CN}"
|
||||
}
|
||||
|
||||
echo -e "\
|
||||
@ -411,7 +411,7 @@ ${CDG}SUCCESS${CN} - ${CDM}Wiretap${CN} started as ${CDY}[updated]${CN}${pidstr}
|
||||
}
|
||||
|
||||
[[ -z $X ]] && ERREXIT 255 "The variable ${CDY}X=${CN} is not set. Try
|
||||
${CDC}X=<YourConfigurationString> bash -c \"\$(curl -fsSL thc.org/sfwg)\"${CN}"
|
||||
${CDC}X=<YourConfigurationString> bash -c \"\$(curl -fsSL https://thc.org/sfwg)\"${CN}"
|
||||
|
||||
x2data
|
||||
|
||||
|
@ -120,7 +120,7 @@ ERREXIT()
|
||||
|
||||
LOG_E "$@"
|
||||
shift 1
|
||||
[[ -n $1 ]] && echo -e >&2 "${CR}ERROR:${CN} $*"
|
||||
[[ -n $1 ]] && echo -e >&2 "💥 ${CR}ERROR:${CN} $*"
|
||||
|
||||
sem_release
|
||||
logout
|
||||
@ -297,6 +297,7 @@ init_defaults()
|
||||
# SF_WWW_ROOT_DIR="/sec/www-root"
|
||||
SF_CONFIG_DIR="/config/host"
|
||||
SF_ETCSF_DIR="/config/host/etc/sf"
|
||||
SF_ETCMSG_DIR="/config/host/etc/msg"
|
||||
SF_CFG_GUEST_DIR="${SF_SHMDIR}/config-for-guest" # Mounted to /config/guest
|
||||
SF_GUEST_SELFDIR="${SF_SHMDIR}/self-for-guest" # Mounted to /config/self
|
||||
SF_ENCFS_SEC_DIR="${SF_SHMDIR}/encfs-sec"
|
||||
@ -613,6 +614,9 @@ load_limits_fn() {
|
||||
|
||||
load_limits()
|
||||
{
|
||||
local prefix
|
||||
local is_need_update_token
|
||||
local is_token_loaded
|
||||
# Set the default values.
|
||||
# No default for ROOT_FS limit. Should be set in sf.conf or if not set
|
||||
# then root is mounted read-only
|
||||
@ -650,41 +654,51 @@ load_limits()
|
||||
# Source country specific limits
|
||||
load_limits_fn "${SF_LIMITS_DIR}/limits-country-${YOUR_COUNTRY_ISO}.conf"
|
||||
|
||||
# Then source token specific limits (and write TOKEN information)
|
||||
prefix="${SF_TOKEN_PREFIX//[^a-z]}-"
|
||||
if [[ -z $SF_TOKEN ]]; then
|
||||
# HERE: SF_TOKEN _not_ supplied
|
||||
[[ -f "${SF_USER_DB_DIR}/token" ]] && {
|
||||
SF_TOKEN="$(<"${SF_USER_DB_DIR}/token")"
|
||||
# Delete user token if token no longer exists
|
||||
# [[ ! -f "${SF_TOKEN_DIR}/token-${SF_TOKEN,,}.conf" ]] && {
|
||||
# rm -f "${SF_USER_DB_DIR}/token"
|
||||
# unset SF_TOKEN
|
||||
# }
|
||||
is_token_loaded=1
|
||||
}
|
||||
else
|
||||
# HERE: SF_TOKEN is user supplied.
|
||||
if [[ ! -f "${SF_TOKEN_DIR}/token-${SF_TOKEN,,}.conf" ]]; then
|
||||
# HERE: Token is INVALID
|
||||
unset SF_TOKEN
|
||||
else
|
||||
# Update TOKEN
|
||||
tofile "${SF_TOKEN}" "${SF_USER_DB_DIR}/token"
|
||||
fi
|
||||
[[ ! -f "${SF_TOKEN_DIR}/token-${prefix}${SF_TOKEN,,}.conf" ]] && ERREXIT 255 "The TOKEN '${CDY}${SF_TOKEN}${CN}' is not valid."
|
||||
|
||||
is_need_update_token=1
|
||||
fi
|
||||
|
||||
[[ -n $SF_TOKEN ]] && {
|
||||
if [[ -f "${SF_TOKEN_DIR}/token-${SF_TOKEN,,}.conf" ]]; then
|
||||
eval "$(<"${SF_TOKEN_DIR}/token-${SF_TOKEN,,}.conf")"
|
||||
# HERE: Got a TOKEN (user supplied or loaded from {lgdir}/token)
|
||||
if [[ -f "${SF_TOKEN_DIR}/token-${prefix}${SF_TOKEN,,}.conf" ]]; then
|
||||
eval "$(<"${SF_TOKEN_DIR}/token-${prefix}${SF_TOKEN,,}.conf")"
|
||||
unset SF_NEED_TOKEN
|
||||
else
|
||||
# token-<TOKEN>.conf does not exist.
|
||||
unset SF_TOKEN
|
||||
fi
|
||||
}
|
||||
|
||||
[[ -n $SF_TOKEN ]] && [[ -n $SF_TOKEN_IMMUTABLE ]] && [[ -n $is_need_update_token ]] && {
|
||||
# Update TOKEN
|
||||
tofile "${SF_TOKEN}" "${SF_USER_DB_DIR}/token"
|
||||
}
|
||||
|
||||
# Then source user specific limits
|
||||
load_limits_fn "${SF_USER_DB_DIR}/limits.conf"
|
||||
|
||||
# Then source IP specific limits
|
||||
load_limits_fn "${SF_ETCSF_DIR}/sf-${YOUR_IP}.conf"
|
||||
|
||||
# Check if TOKEN is needed.
|
||||
[[ -n $SF_NEED_TOKEN ]] && {
|
||||
fn="${SF_ETCMSG_DIR}/token-needed-${SF_NEED_TOKEN//[^a-z._]}"
|
||||
# Display a message if TOKEN is needed
|
||||
echo -e "💥 ${$CR}ERROR${CN}: A TOKEN is needed to use the system. Please contact a SysCop to get one."
|
||||
[[ -e "${fn} " ]] && source "${fn}"
|
||||
exit 255
|
||||
}
|
||||
|
||||
# Add SF docker args to LG container.
|
||||
# DISABLED: otherwise, an attacker with write access to token/limits (e.g. through a web user-management interface) could own the PHY.
|
||||
# [[ ${#SF_USER_DOCKER_ARGS[@]} -gt 0 ]] && DOCKER_ARGS+=("${SF_USER_DOCKER_ARGS[@]}")
|
||||
@ -781,6 +795,7 @@ SF_USER_FS_SIZE=\"$SF_USER_FS_SIZE\"
|
||||
SF_USER_FS_INODE=\"$SF_USER_FS_INODE\"
|
||||
SF_USER_UL_RATE=\"$SF_USER_UL_RATE\"
|
||||
SF_RPORT=\"$SF_RPORT\"
|
||||
SF_TOKEN_IMMUTABLE=\"$SF_TOKEN_IMMUTABLE\"
|
||||
SF_USER_IMMUNE=\"$SF_USER_IMMUNE\"" "${LG_RUN_DIR}/limits.txt"
|
||||
}
|
||||
|
||||
@ -1145,6 +1160,9 @@ export LID
|
||||
|
||||
# Call init_vars() after LID is set
|
||||
init_vars
|
||||
|
||||
# Get GeoIP, Country and Continent
|
||||
mk_geoip "${YOUR_IP}"
|
||||
# Load CPU/PID/OOM limits (systemwide or user specific)
|
||||
load_limits
|
||||
# Check if IP is banned
|
||||
@ -1170,7 +1188,6 @@ check_limit_server_by_ip
|
||||
# Check if share got unmounted (e.g. EncFS died)
|
||||
[[ ! -f "${SF_SEC_DIR}/.IS-ENCRYPTED" ]] && ERREXIT 243 "System not ready yet (wrong EncFS password. Please inform the admin to set correct SF_SEED)"
|
||||
|
||||
mk_geoip "${YOUR_IP}"
|
||||
|
||||
# Execute under "root" (uid=1001) context:
|
||||
[[ ! -d "${HNLID_DIR}" ]] && { mkdir -p "${HNLID_DIR}" || ERREXIT; }
|
||||
|
@ -129,7 +129,7 @@ To connect ${G}${name}${N} use this command on the LINUX Exit Node:
|
||||
${C}X='${WT_VER}-${WT_PRIVATE}'
|
||||
X+='-${WG_PUBLIC}'
|
||||
X+='-${WG_EP_HOST}:${WG_PORT}-${WG_IPS}'
|
||||
DL='curl -fsSL thc.org/sfwg || wget --no-verbose -qO- thc.org/sfwg'
|
||||
DL='curl -fsSL https://thc.org/sfwg || wget --no-verbose -qO- https://thc.org/sfwg'
|
||||
X=\"\$X\" bash -c \"\$(sh -c \"\$DL\")\"${N}
|
||||
or this command on the WINDOWS Exit Node:
|
||||
${CY}${F}\$env:X='${WT_VER}-${WT_PRIVATE}'
|
||||
@ -679,7 +679,7 @@ cmd_token() {
|
||||
load_lg
|
||||
source "/dev/shm/sf/run/users/lg-${LID}/limits.txt"
|
||||
|
||||
[[ -n $SF_TOKEN_PROHIBITED ]] && BAIL "${M}Please contact a SysCop to enable this feature for you.${N}"
|
||||
[[ -n $SF_TOKEN_IMMUTABLE ]] && BAIL "${M}Please contact a SysCop to enable this feature for you.${N}"
|
||||
[[ ! -f "${token_fn}" ]] && { sleep 1; BAIL "${M}Token '${R}${TOKEN_NAME}${M}' does not exist.${N}"; }
|
||||
|
||||
echo "${TOKEN_NAME}" >"/config/db/user/lg-${LID}/token"
|
||||
|
Loading…
Reference in New Issue
Block a user