Category: IT

arch arm raspberry pi zero

Arch ARM https://archlinuxarm.org/wiki/Raspberry_Pi and few additions

use pi one to prepare the SD card!

Start fdisk to partition the SD card:

fdisk /dev/sdX

At the fdisk prompt, delete old partitions and create a new one:
Type o. This will clear out any partitions on the drive.
Type p to list partitions. There should be no partitions left.
Type n, then p for primary, 1 for the first partition on the drive, press ENTER to accept the default first sector, then type +100M for the last sector.
Type t, then c to set the first partition to type W95 FAT32 (LBA).
Type n, then p for primary, 2 for the second partition on the drive, and then press ENTER twice to accept the default first and last sector.
Write the partition table and exit by typing w.
Create and mount the FAT filesystem:

mkfs.vfat -n boot -F32 /dev/sdX1 #(-n boot -F32 is my addition)
mkdir boot
mount /dev/sdX1 boot

Create and mount the ext4 filesystem:
mkfs.ext4 -L root -E lazy_itable_init=0,lazy_journal_init=0 /dev/sdX2 #(-L name -E write out the inode table now, don’t wait until kernel with the SD card!)

mkdir root
mount /dev/sdX2 root

Download and extract the root filesystem (as root, not via sudo):

wget http://os.archlinuxarm.org/os/ArchLinuxARM-rpi-latest.tar.gz
bsdtar -xpf ArchLinuxARM-rpi-latest.tar.gz -C root
sync

Move boot files to the first partition:

mv root/boot/* boot

Unmount the two partitions:

umount boot root

Insert the SD card into the Raspberry Pi, connect ethernet, and apply 5V power.
Use the serial console or SSH to the IP address given to the board by your router.
Login as the default user alarm with the password alarm.
The default root password is root.
Initialize the pacman keyring and populate the Arch Linux ARM package signing keys:

pacman-key –init
pacman-key –populate archlinuxarm

Prepare

pacman -Suy netctl dhcpcd

now you can use wifi-menu if it needs, later do a ‘netctl enable yourwifisavedsessionname’ to start wireless on boot

edit:
Pi Zero Prepare Wifi + Blth disable Blth
vim /usr/lib/firmware/updates/brcm/brcmfmac43430-sdio.txt
vim /usr/lib/firmware/updates/brcm/brcmfmac43455-sdio.txt
btc_mode=1
btc_params8=0x4e20
btc_params1=0x7530

# vi /etc/hostname
root login permit to ‘yes’ if you need or change the ssh port:
# vi /etc/ssh/sshd_config
# systemctl restart sshd
# ls -lah /ect/localtime
remove
# rm /ect/localtime
relink
# ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime
pacman -S vim sudo git
useradd -G wheel -m -s /bin/bash youruser
passwd youruser

!!change all passwords of default users root,alarm!!
vim /etc/soudoers
uncomment # %wheel ALL=(ALL) ALL

# pacmamn -S go binutils make gcc pkg-config fakeroot
reboot login as user:
git clone https://aur.archlinux.org/yay.git
cd yay
makepkg -si

vim /boot/config.txt add
device_tree_param=spi=on
change gpu_mem if you need

# timedatectl set-local-rtc 1

# timedatectl set-timezone Europe/Berlin

# timedatectl set-ntp true

# pacman -Suy base base-devel

login to youruser and make a
$ ssh-keygen -b 4096 -t ed25519

Iptabels add blocklist while systemctl start

add iptables with binarydefense.com and ip-projects.de to the rules.emergingthreats.net blocklist

☆ carloscomputer-banlist ☆

Edit systemd iptables.service

[Unit]
Description=IPv4 Packet Filtering Framework
Before=network-pre.target
Wants=network-pre.target

[Service]
Type=oneshot
ExecStart=/usr/bin/iptables-restore /etc/iptables/iptables.rules
ExecStartPost=/etc/script/ipban.list.sh
ExecReload=/usr/bin/iptables-restore /etc/iptables/iptables.rules
ExecStop=/usr/lib/systemd/scripts/iptables-flush
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

The iptables script alpha2 contains

you should modify as you need -I or -A and ‘input’ chain

#!/bin/sh
curl https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt |sed 's/#.*//' > /usr/share/webapps/wordpress/wp-content/uploads/carloscomputer-banlist
curl https://www.binarydefense.com/banlist.txt |sed 's/#.*//' >> /usr/share/webapps/wordpress/wp-content/uploads/carloscomputer-banlist
curl https://sslbl.abuse.ch/blacklist/sslipblacklist.txt |sed 's/#.*//' >> /usr/share/webapps/wordpress/wp-content/carloscomputer-banlist
curl http://mirror.ip-projects.de/ip-blacklist >> /usr/share/webapps/wordpress/wp-content/uploads/carloscomputer-banlist
for i in `cat /usr/share/webapps/wordpress/wp-content/uploads/carloscomputer-banlist`; do
iptables -A INPUT -s $i -j DROP
done

check banned iptable

iptables -L -n |grep DROP -c
2541

 

Live Wifi Visualisation

Here I’ve a live visualisation of wifi networks with tcpdump and awk script to show connections with device addresses, channels and frequencies or dB state in gource.

Live Wifi Visualisation DigitalMirror holographic from carlosnikolaus on Vimeo.

…and more various

carloscomputer: DigitalMirror live wifi visuals by carlos nikolaus from carlosnikolaus on Vimeo.

htop process awk skript

awk