Bulk download random images with predefined keywords and size from loremflickr.com to current directory.

download_rndIMG_loremflicker.sh (use gist to copy code. Sometimes something doesn’t escape escaping of WordPress editor 😉 )

#!/bin/bash
 
# bulk download random images with predefined keywords and size from loremflickr.com to current directory
 
# config
KEYWORDS="beach,girl"   # search keywords comma separated
WIDTH=800               # image width
HEIGHT=600              # image high
COUNT=2                 # image count
MAXTRIALS=3             # max errors until stop
 
i=0
k=0
while [ $i -lt $COUNT ]
do
    wget "https://loremflickr.com/g/${WIDTH}/${HEIGHT}/${KEYWORDS}/all" -O "${i}.jpg" # loremflickr.com returns random image
    if [ "$?" -ne 0 ]; then
        k=$[$k+1]
        if [ "$k" == "$MAXTRIALS" ]; then
            echo "too many errors. abort..."
            exit 1
        fi
        continue;
    fi
    k=0
    i=$[$i+1]
    sleep 0.5 # wait after each request, do not send too many in short time
done
no comments »
 

setup_sshdHiddenService.sh (use gist to copy code. Sometimes something doesn’t escape escaping of WordPress editor 😉 )

#! /bin/sh
 
# sshd tor authenticated hidden service setup script
# <configuration>
SSH_PORT="" # new SSH port, leave empty for no change
# </configuration>
# workflow:
# - change SSH port if not empty
# - setup SSH brute force protection: fail2ban
# - setup tor: basic authenticated sshd hidden service
# - output of hidden service connection data
# more about authenticated hidden services: 
# https://www.antitree.com/2017/08/tor-onion-service-stealth-and-basic-authentication-modes/
 
function setup {    
 
    # change SSH port if set
    if [ ! -z "$SSH_PORT" ]; then
        sed -i "s|Port [0-9]+|Port ${SSH_PORT}|" /etc/ssh/sshd_config
    fi
 
    # install fail2ban
    apt-get install -y fail2ban
 
    # setup tor
    apt-get install -y tor
 
    # setup basic authenticated hidden service sshd
    # NOTICE: sed -i '1i XXX' FILEPATH; adds value (XXX) on first line of file /etc/tor/torrc/
 
    # "basic" authenticated hidden server, set service name: HiddenServiceAuthorizeClient
    sed -i "1i HiddenServiceAuthorizeClient basic sshd" /etc/tor/torrc
 
    # forward hidden service port to local ssh: HiddenServicePort
    sed -i "1i HiddenServicePort ${SSH_PORT} 127.0.0.1:${SSH_PORT}" /etc/tor/torrc
 
    # hidden service directory contains services private key, address: HiddenServiceDir
    sed -i "1i HiddenServiceDir /var/lib/tor/sshd/" /etc/tor/torrc
 
    # restart tor to load new settings
    systemctl restart tor
 
    sleep 1
 
    # formated hidden service data output for user
    # get hidden service url, login from file, remove comment
    HIDDEN_SERVICE_COOKIE=$(cat /var/lib/tor/tcpproxy/hostname | sed -Ee "s| # client:||") 
 
    # get hidden service uri from cookie, get string until first whitespace
    HIDDEN_SERVICE_HOST=$(echo ${HIDDEN_SERVICE_COOKIE} | sed -Ee 's| .*||')
 
    # user output
    echo "##########"
    echo "add next line to your local tor configuration at /etc/tor/torrc:"
    echo "HidServAuth ${HIDDEN_SERVICE_COOKIE}"
    echo "##########"
    echo "connect to your hidden service sshd after local tor restart:"
    echo "torsocks ssh ${HIDDEN_SERVICE_HOST} -p ${SSH_PORT}"
 
    # message ssh will disconnect, wait for y key / restart
    RESTART_SSHD=""
    while [ "$RESTART_SSHD" != "y" ]; do
        echo "restart of sshd required"
        read -p "you need to reconnect ssh at port ${SSH_PORT} [y/STRG+C]: " RESTART_SSHD
    done
    systemctl restart sshd
}
 
# check root, ask for root, run setup as root
WHOAMI=$(whoami)
if [ "$WHOAMI" != "root" ]; then
    su -c "$(declare -f setup); setup"    
else
    setup
fi
no comments »
 

setup_cryptdevice_automount.sh@gist (use gist to copy code. Sometimes something doesn’t escape escaping of WordPress editor 😉 )

#! /bin/sh
 
# create auto mount of luks encrypted volume on system start
 
# scripts requirements: cryptsetup (luks), awk, grep, dd 
# files changed by script: /etc/crypttab, /etc/fstab
# files created by script: DRIVE_PATH (mount path)
# tested on: debian stretch
# set configuration & chmod +x this script ;) & run this script
# see: https://blog.tinned-software.net/automount-a-luks-encrypted-volume-on-system-start/ | https://linuxwiki.de/cryptsetup
 
# list hard drives to get your DRIVE_ID
# lsblk
 
##
## 
##
 
DRIVE_ID="sda3"                 # drive id. see "lsblk" output
DRIVE_PATH="/media/storage1/"   # path to mount drive (use / as last char)
KEY_PATH="/etc/cryptkeys/"      # path to store drive key (use / as last char)
 
##
## 
##
 
if [ $(whoami) != "root" ]; then
    echo "luks auto mount: root privilegs are required. do 'su'"
    exit 1
fi
 
echo "luks auto mount: create mount point at path ${DRIVE_PATH} for encrypted drive ${DRIVE_ID} with key ${KEY_PATH}${DRIVE_ID}"
 
# create key directory if not exist
if [ ! -e "${KEY_PATH}" ]; then
    mkdir -p "${KEY_PATH}"
fi
 
# create random key - required to unlock volumne
dd if=/dev/urandom of="${KEY_PATH}${DRIVE_ID}" bs=512 count=8
 
# only allow root / group to read key file
chmod 640 "${KEY_PATH}${DRIVE_ID}"
 
# add created key to cryptsetup for our luks device
cryptsetup -v luksAddKey "/dev/${DRIVE_ID}" "${KEY_PATH}${DRIVE_ID}"
# remove key from crypt drive and delete it with (set vars in shell before): cryptsetup -v luksRemoveKey /dev/${DRIVE_ID} "${KEY_PATH}${DRIVE_ID}" && rm ${KEY_PATH}${DRIVE_ID}
 
# get cryptsetup luks drive id
UUID=$(cryptsetup luksDump "/dev/${DRIVE_ID}" | grep "UUID" | awk -v N=2 '{print $N}')
 
# add volume to crypttab - required to automatically encrypt volume
echo "${DRIVE_ID}_crypt UUID={UUID} ${KEY_PATH}${DRIVE_ID} luks" >> /etc/crypttab
 
# create drive mount path if not exist
if [ ! -e "${KEY_PATH}" ]; then
    mkdir -p "${DRIVE_PATH}"
fi
 
# add volume to fstab - required to automatically mount the encrypted volume on system start
echo "/dev/mapper/${DRIVE_ID}_crypt ${DRIVE_PATH} ext4    defaults   0       2" >> /etc/fstab
 
echo "luks auto mount: reboot your system please"
 
exit 0
no comments »