mirror of
https://github.com/hackerschoice/segfault.git
synced 2024-06-30 18:51:22 +00:00
rc1
This commit is contained in:
parent
af3a6d04a8
commit
2dc1fa9e05
2
Makefile
2
Makefile
@ -1,4 +1,4 @@
|
|||||||
VER := 0.5.0a
|
VER := 0.5.0rc1
|
||||||
|
|
||||||
all:
|
all:
|
||||||
make -C router
|
make -C router
|
||||||
|
@ -21,7 +21,11 @@
|
|||||||
#SF_MAX_STRAIN=100
|
#SF_MAX_STRAIN=100
|
||||||
#SF_SHM_SIZE= # Hard limit is USER_MEMORY_LIMIT
|
#SF_SHM_SIZE= # Hard limit is USER_MEMORY_LIMIT
|
||||||
#SF_CPUS= # automatic between 1..4 depending on host's cpu count
|
#SF_CPUS= # automatic between 1..4 depending on host's cpu count
|
||||||
#SF_TOKEN_PROHIBITED= # Prohibit the use of TOKENS
|
#SF_NEED_TOKEN= # Block access without token. Setting '=msg.sh' will
|
||||||
|
# source config/etc/msg/token-needed-msg.sh before exiting.
|
||||||
|
# Tip: Used to allow only TOKEN access from countries or globally.
|
||||||
|
#SF_TOKEN_PREFIX= # Will load token-${PREFIX}-${TOKEN}.conf instead.
|
||||||
|
#SF_TOKEN_IMMUTABLE= # User can not change the token. Only valid in global & country.
|
||||||
|
|
||||||
#SF_USER_SYN_BURST=8196 # Can send 8k tcp sync packets
|
#SF_USER_SYN_BURST=8196 # Can send 8k tcp sync packets
|
||||||
#SF_USER_SYN_LIMIT=1 # Thereafter refill with 1 syn/second, 0=unlimited
|
#SF_USER_SYN_LIMIT=1 # Thereafter refill with 1 syn/second, 0=unlimited
|
||||||
|
@ -402,7 +402,7 @@ wt_up()
|
|||||||
Alternatively use ${CDM}WireGuard:${CDC}
|
Alternatively use ${CDM}WireGuard:${CDC}
|
||||||
${CMD_PKILL} '${killname}'
|
${CMD_PKILL} '${killname}'
|
||||||
export TYPE=wireguard
|
export TYPE=wireguard
|
||||||
X=\"\$X\" bash -c \"\$(curl -fsSL thc.org/sfwg)\"${CN}"
|
X=\"\$X\" bash -c \"\$(curl -fsSL https://thc.org/sfwg)\"${CN}"
|
||||||
}
|
}
|
||||||
|
|
||||||
echo -e "\
|
echo -e "\
|
||||||
@ -411,7 +411,7 @@ ${CDG}SUCCESS${CN} - ${CDM}Wiretap${CN} started as ${CDY}[updated]${CN}${pidstr}
|
|||||||
}
|
}
|
||||||
|
|
||||||
[[ -z $X ]] && ERREXIT 255 "The variable ${CDY}X=${CN} is not set. Try
|
[[ -z $X ]] && ERREXIT 255 "The variable ${CDY}X=${CN} is not set. Try
|
||||||
${CDC}X=<YourConfigurationString> bash -c \"\$(curl -fsSL thc.org/sfwg)\"${CN}"
|
${CDC}X=<YourConfigurationString> bash -c \"\$(curl -fsSL https://thc.org/sfwg)\"${CN}"
|
||||||
|
|
||||||
x2data
|
x2data
|
||||||
|
|
||||||
|
@ -120,7 +120,7 @@ ERREXIT()
|
|||||||
|
|
||||||
LOG_E "$@"
|
LOG_E "$@"
|
||||||
shift 1
|
shift 1
|
||||||
[[ -n $1 ]] && echo -e >&2 "${CR}ERROR:${CN} $*"
|
[[ -n $1 ]] && echo -e >&2 "💥 ${CR}ERROR:${CN} $*"
|
||||||
|
|
||||||
sem_release
|
sem_release
|
||||||
logout
|
logout
|
||||||
@ -297,6 +297,7 @@ init_defaults()
|
|||||||
# SF_WWW_ROOT_DIR="/sec/www-root"
|
# SF_WWW_ROOT_DIR="/sec/www-root"
|
||||||
SF_CONFIG_DIR="/config/host"
|
SF_CONFIG_DIR="/config/host"
|
||||||
SF_ETCSF_DIR="/config/host/etc/sf"
|
SF_ETCSF_DIR="/config/host/etc/sf"
|
||||||
|
SF_ETCMSG_DIR="/config/host/etc/msg"
|
||||||
SF_CFG_GUEST_DIR="${SF_SHMDIR}/config-for-guest" # Mounted to /config/guest
|
SF_CFG_GUEST_DIR="${SF_SHMDIR}/config-for-guest" # Mounted to /config/guest
|
||||||
SF_GUEST_SELFDIR="${SF_SHMDIR}/self-for-guest" # Mounted to /config/self
|
SF_GUEST_SELFDIR="${SF_SHMDIR}/self-for-guest" # Mounted to /config/self
|
||||||
SF_ENCFS_SEC_DIR="${SF_SHMDIR}/encfs-sec"
|
SF_ENCFS_SEC_DIR="${SF_SHMDIR}/encfs-sec"
|
||||||
@ -613,6 +614,9 @@ load_limits_fn() {
|
|||||||
|
|
||||||
load_limits()
|
load_limits()
|
||||||
{
|
{
|
||||||
|
local prefix
|
||||||
|
local is_need_update_token
|
||||||
|
local is_token_loaded
|
||||||
# Set the default values.
|
# Set the default values.
|
||||||
# No default for ROOT_FS limit. Should be set in sf.conf or if not set
|
# No default for ROOT_FS limit. Should be set in sf.conf or if not set
|
||||||
# then root is mounted read-only
|
# then root is mounted read-only
|
||||||
@ -650,41 +654,51 @@ load_limits()
|
|||||||
# Source country specific limits
|
# Source country specific limits
|
||||||
load_limits_fn "${SF_LIMITS_DIR}/limits-country-${YOUR_COUNTRY_ISO}.conf"
|
load_limits_fn "${SF_LIMITS_DIR}/limits-country-${YOUR_COUNTRY_ISO}.conf"
|
||||||
|
|
||||||
# Then source token specific limits (and write TOKEN information)
|
prefix="${SF_TOKEN_PREFIX//[^a-z]}-"
|
||||||
if [[ -z $SF_TOKEN ]]; then
|
if [[ -z $SF_TOKEN ]]; then
|
||||||
|
# HERE: SF_TOKEN _not_ supplied
|
||||||
[[ -f "${SF_USER_DB_DIR}/token" ]] && {
|
[[ -f "${SF_USER_DB_DIR}/token" ]] && {
|
||||||
SF_TOKEN="$(<"${SF_USER_DB_DIR}/token")"
|
SF_TOKEN="$(<"${SF_USER_DB_DIR}/token")"
|
||||||
# Delete user token if token no longer exists
|
is_token_loaded=1
|
||||||
# [[ ! -f "${SF_TOKEN_DIR}/token-${SF_TOKEN,,}.conf" ]] && {
|
|
||||||
# rm -f "${SF_USER_DB_DIR}/token"
|
|
||||||
# unset SF_TOKEN
|
|
||||||
# }
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
# HERE: SF_TOKEN is user supplied.
|
# HERE: SF_TOKEN is user supplied.
|
||||||
if [[ ! -f "${SF_TOKEN_DIR}/token-${SF_TOKEN,,}.conf" ]]; then
|
[[ ! -f "${SF_TOKEN_DIR}/token-${prefix}${SF_TOKEN,,}.conf" ]] && ERREXIT 255 "The TOKEN '${CDY}${SF_TOKEN}${CN}' is not valid."
|
||||||
# HERE: Token is INVALID
|
|
||||||
unset SF_TOKEN
|
is_need_update_token=1
|
||||||
else
|
|
||||||
# Update TOKEN
|
|
||||||
tofile "${SF_TOKEN}" "${SF_USER_DB_DIR}/token"
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
[[ -n $SF_TOKEN ]] && {
|
[[ -n $SF_TOKEN ]] && {
|
||||||
if [[ -f "${SF_TOKEN_DIR}/token-${SF_TOKEN,,}.conf" ]]; then
|
# HERE: Got a TOKEN (user supplied or loaded from {lgdir}/token)
|
||||||
eval "$(<"${SF_TOKEN_DIR}/token-${SF_TOKEN,,}.conf")"
|
if [[ -f "${SF_TOKEN_DIR}/token-${prefix}${SF_TOKEN,,}.conf" ]]; then
|
||||||
|
eval "$(<"${SF_TOKEN_DIR}/token-${prefix}${SF_TOKEN,,}.conf")"
|
||||||
|
unset SF_NEED_TOKEN
|
||||||
else
|
else
|
||||||
# token-<TOKEN>.conf does not exist.
|
# token-<TOKEN>.conf does not exist.
|
||||||
unset SF_TOKEN
|
unset SF_TOKEN
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[[ -n $SF_TOKEN ]] && [[ -n $SF_TOKEN_IMMUTABLE ]] && [[ -n $is_need_update_token ]] && {
|
||||||
|
# Update TOKEN
|
||||||
|
tofile "${SF_TOKEN}" "${SF_USER_DB_DIR}/token"
|
||||||
|
}
|
||||||
|
|
||||||
# Then source user specific limits
|
# Then source user specific limits
|
||||||
load_limits_fn "${SF_USER_DB_DIR}/limits.conf"
|
load_limits_fn "${SF_USER_DB_DIR}/limits.conf"
|
||||||
|
|
||||||
# Then source IP specific limits
|
# Then source IP specific limits
|
||||||
load_limits_fn "${SF_ETCSF_DIR}/sf-${YOUR_IP}.conf"
|
load_limits_fn "${SF_ETCSF_DIR}/sf-${YOUR_IP}.conf"
|
||||||
|
|
||||||
|
# Check if TOKEN is needed.
|
||||||
|
[[ -n $SF_NEED_TOKEN ]] && {
|
||||||
|
fn="${SF_ETCMSG_DIR}/token-needed-${SF_NEED_TOKEN//[^a-z._]}"
|
||||||
|
# Display a message if TOKEN is needed
|
||||||
|
echo -e "💥 ${$CR}ERROR${CN}: A TOKEN is needed to use the system. Please contact a SysCop to get one."
|
||||||
|
[[ -e "${fn} " ]] && source "${fn}"
|
||||||
|
exit 255
|
||||||
|
}
|
||||||
|
|
||||||
# Add SF docker args to LG container.
|
# Add SF docker args to LG container.
|
||||||
# DISABLED: otherwise, an attacker with write access to token/limits (e.g. through a web user-management interface) could own the PHY.
|
# DISABLED: otherwise, an attacker with write access to token/limits (e.g. through a web user-management interface) could own the PHY.
|
||||||
# [[ ${#SF_USER_DOCKER_ARGS[@]} -gt 0 ]] && DOCKER_ARGS+=("${SF_USER_DOCKER_ARGS[@]}")
|
# [[ ${#SF_USER_DOCKER_ARGS[@]} -gt 0 ]] && DOCKER_ARGS+=("${SF_USER_DOCKER_ARGS[@]}")
|
||||||
@ -781,6 +795,7 @@ SF_USER_FS_SIZE=\"$SF_USER_FS_SIZE\"
|
|||||||
SF_USER_FS_INODE=\"$SF_USER_FS_INODE\"
|
SF_USER_FS_INODE=\"$SF_USER_FS_INODE\"
|
||||||
SF_USER_UL_RATE=\"$SF_USER_UL_RATE\"
|
SF_USER_UL_RATE=\"$SF_USER_UL_RATE\"
|
||||||
SF_RPORT=\"$SF_RPORT\"
|
SF_RPORT=\"$SF_RPORT\"
|
||||||
|
SF_TOKEN_IMMUTABLE=\"$SF_TOKEN_IMMUTABLE\"
|
||||||
SF_USER_IMMUNE=\"$SF_USER_IMMUNE\"" "${LG_RUN_DIR}/limits.txt"
|
SF_USER_IMMUNE=\"$SF_USER_IMMUNE\"" "${LG_RUN_DIR}/limits.txt"
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1145,6 +1160,9 @@ export LID
|
|||||||
|
|
||||||
# Call init_vars() after LID is set
|
# Call init_vars() after LID is set
|
||||||
init_vars
|
init_vars
|
||||||
|
|
||||||
|
# Get GeoIP, Country and Continent
|
||||||
|
mk_geoip "${YOUR_IP}"
|
||||||
# Load CPU/PID/OOM limits (systemwide or user specific)
|
# Load CPU/PID/OOM limits (systemwide or user specific)
|
||||||
load_limits
|
load_limits
|
||||||
# Check if IP is banned
|
# Check if IP is banned
|
||||||
@ -1170,7 +1188,6 @@ check_limit_server_by_ip
|
|||||||
# Check if share got unmounted (e.g. EncFS died)
|
# Check if share got unmounted (e.g. EncFS died)
|
||||||
[[ ! -f "${SF_SEC_DIR}/.IS-ENCRYPTED" ]] && ERREXIT 243 "System not ready yet (wrong EncFS password. Please inform the admin to set correct SF_SEED)"
|
[[ ! -f "${SF_SEC_DIR}/.IS-ENCRYPTED" ]] && ERREXIT 243 "System not ready yet (wrong EncFS password. Please inform the admin to set correct SF_SEED)"
|
||||||
|
|
||||||
mk_geoip "${YOUR_IP}"
|
|
||||||
|
|
||||||
# Execute under "root" (uid=1001) context:
|
# Execute under "root" (uid=1001) context:
|
||||||
[[ ! -d "${HNLID_DIR}" ]] && { mkdir -p "${HNLID_DIR}" || ERREXIT; }
|
[[ ! -d "${HNLID_DIR}" ]] && { mkdir -p "${HNLID_DIR}" || ERREXIT; }
|
||||||
|
@ -129,7 +129,7 @@ To connect ${G}${name}${N} use this command on the LINUX Exit Node:
|
|||||||
${C}X='${WT_VER}-${WT_PRIVATE}'
|
${C}X='${WT_VER}-${WT_PRIVATE}'
|
||||||
X+='-${WG_PUBLIC}'
|
X+='-${WG_PUBLIC}'
|
||||||
X+='-${WG_EP_HOST}:${WG_PORT}-${WG_IPS}'
|
X+='-${WG_EP_HOST}:${WG_PORT}-${WG_IPS}'
|
||||||
DL='curl -fsSL thc.org/sfwg || wget --no-verbose -qO- thc.org/sfwg'
|
DL='curl -fsSL https://thc.org/sfwg || wget --no-verbose -qO- https://thc.org/sfwg'
|
||||||
X=\"\$X\" bash -c \"\$(sh -c \"\$DL\")\"${N}
|
X=\"\$X\" bash -c \"\$(sh -c \"\$DL\")\"${N}
|
||||||
or this command on the WINDOWS Exit Node:
|
or this command on the WINDOWS Exit Node:
|
||||||
${CY}${F}\$env:X='${WT_VER}-${WT_PRIVATE}'
|
${CY}${F}\$env:X='${WT_VER}-${WT_PRIVATE}'
|
||||||
@ -679,7 +679,7 @@ cmd_token() {
|
|||||||
load_lg
|
load_lg
|
||||||
source "/dev/shm/sf/run/users/lg-${LID}/limits.txt"
|
source "/dev/shm/sf/run/users/lg-${LID}/limits.txt"
|
||||||
|
|
||||||
[[ -n $SF_TOKEN_PROHIBITED ]] && BAIL "${M}Please contact a SysCop to enable this feature for you.${N}"
|
[[ -n $SF_TOKEN_IMMUTABLE ]] && BAIL "${M}Please contact a SysCop to enable this feature for you.${N}"
|
||||||
[[ ! -f "${token_fn}" ]] && { sleep 1; BAIL "${M}Token '${R}${TOKEN_NAME}${M}' does not exist.${N}"; }
|
[[ ! -f "${token_fn}" ]] && { sleep 1; BAIL "${M}Token '${R}${TOKEN_NAME}${M}' does not exist.${N}"; }
|
||||||
|
|
||||||
echo "${TOKEN_NAME}" >"/config/db/user/lg-${LID}/token"
|
echo "${TOKEN_NAME}" >"/config/db/user/lg-${LID}/token"
|
||||||
|
Loading…
Reference in New Issue
Block a user