Startseite » IT » Betriebssystem

Category: Betriebssystem

Iptabels add blocklist while systemctl start

add iptables with binarydefense.com blocklist

Edit systemd iptables.service

[Unit]
Description=IPv4 Packet Filtering Framework
Before=network-pre.target
Wants=network-pre.target

[Service]
Type=oneshot
ExecStart=/usr/bin/iptables-restore /etc/iptables/iptables.rules
ExecStartPost=/etc/script/ipban.list.sh
ExecReload=/usr/bin/iptables-restore /etc/iptables/iptables.rules
ExecStop=/usr/lib/systemd/scripts/iptables-flush
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

The iptables script contains

you should modify as you need -I or -A and ‘input’ chain

#!/bin/sh
for i in `curl https://www.binarydefense.com/banlist.txt`; do
iptables -A INPUT -s $i -j DROP
done

♥ install Arch linux ♥

I want to make a guideline for installation of Arch linux.

unicorn arch linux install

Boot Arch linux from usb-stick how to create one you will find out,
I’m shure, but at least:
dd bs=1M if=Downloads/archlinux-2014.12.01-dual.iso of=/dev/sdb

erase & create partition table, connect to internet

Easy to use is the commandline patition tool cfdisk.

 

# fdisk -l
Device Boot Start End Sectors Size Id Type
/dev/sda1 * 2048 393215 391168 191M 83 Linux
/dev/sda2 393216 117210239 116817024 55,7G 83 Linux

If you have a german keyboard type:
# loadkeys de-latin1-nodeadkeys.map.gz
Establish WiFi-connection if you don’t have wired access to theInternet:
# wifi-menu
or
# ifconfig
and
dhcpcd your ethdev
check
# ping ccc.de
nice!

encrypt everything except boot

XTS splitts the encryption, to AES 256 bit keylength, use 1024 for a 512bit key.
modprobe dm-crypt (to be sure)
# cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/sda2 (follow YES & pass)
# cryptsetup luksOpen /dev/sda2 archluks

create lvm partitions

# pvcreate /dev/mapper/archluks
# vgcreate archvg /dev/mapper/archluks
# lvcreate -L 8GB -n swap archvg (not for ssd install)
# lvcreate -l 100%FREE -n root archvg

Now we need a filesystem on them:


# mkfs.ext4 -L boot /dev/sda1
# mkfs.ext4 -L root /dev/mapper/archvg-root
# mkswap -L swap /dev/mapper/archvg-swap (not for ssd install)

mount and install

Mount the volumes into the running livesystem:

# mount /dev/mapper/archvg-root /mnt
# mkdir /mnt/boot
# mount /dev/sda1 /mnt/boot

Install the base and base-devel packets to /mnt (Internet-connection required):

# pacstrap /mnt base base-devel joe openssh net-tools wpa_supplicant dialog
# pacstrap /mnt grub-bios

Generate fstab:
# swapon -L swap
# genfstab -p -U /mnt > /mnt/etc/fstab

my ssd fstab:

cat fstab
# /dev/mapper/archvg-root
 UUID=5fd17e1d-6346-43bc-900d-6e6f56b9d40c / ext4
 defaults,discard,noatime,nodiratime,lazytime,commit=600 0 1
# /dev/sda1 UUID=a9550250-be66-4544-8d42-8b97fedcd7f7 /boot ext4 defaults,discard,noatime,nodiratime,lazytime,commit=600 0 2 ramfs /tmp tmpfs defaults,relatime,nodev,nosuid,mode=1777 0 0 tmpfs /var/tmp tmpfs defaults,relatime,nodev,nosuid,mode=0754,size=5% 0 0 tmpfs /var/log tmpfs defaults,relatime,nodev,nosuid,mode=0754,size=1% 0 0 tmpfs /var/log/httpd tmpfs defaults,relatime,nodev,nosuid,mode=0754,size=1% 0 0

chroot and configure

# arch-chroot /mnt

delete the # in front of your language of choise (e.g. de_DE.UTF-8 UTF-8) in locale.gen and generate the locale:

# joe /etc/locale.gen

remove hash# form your language

de_DE.UTF-8 UTF-8
de_DE ISO-8859-1
de_DE@euro ISO-8859-15

then:
# locale-gen
# echo LANG=de_DE.UTF-8 > /etc/locale.conf
# echo LC_COLLATE=C >> /etc/locale.conf
# echo LC_TIME=de_DE.UTF-8 >> /etc/locale.conf
# export LANG=de_DE.UTF-8

Generate /etc/vconsole.conf with the following 3 lines to bind your keys correctly:

# echo KEYMAP=de-latin1 >> /etc/vconsole.conf
# echo FONT=Lat2-Terminus16 >> /etc/vconsole.conf
# echo FONT_MAP=8859-1_to_uni >> /etc/vconsole.conf

Create a symbolic link /etc/localtime to your zone file /usr/share/zoneinfo//:
# ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime

Define yout hostename:
# echo myhostname > /etc/hostname

 

Edit /etc/mkinitcpio.conf:

Put „keyboard“, “keymap”, “encrypt” and “lvm2″ before “filesystems” in the HOOKS array
# mkinitcpio -p linux

Now install GRUB (part 2), on a device not a partition or a volume:
# grub-install /dev/sda

In /etc/default/grub edit the line GRUB_CMDLINE_LINUX=”” to GRUB_CMDLINE_LINUX=”cryptdevice=/dev/sda2:archvg” then run:

My SSD config:GRUB_CMDLINE_LINUX=“cryptdevice=/dev/sda2:archvg:allow-discards elevator=noop vga=791 splash“

# grub-mkconfig -o /boot/grub/grub.cfg
# systemctl enable dhcpcd.service

set your root password:
# passwd

add youruser

# useradd -m -G wheel -s /bin/bash youruser
# passwd youruser

uncomment in /etc/sudoers
#  %wheel ALL=(ALL) ALL

[deprecated]
type ‚pacman -Suy cronie‘ here my fstrim cronjob for ssd

[root@munin etc]# cat /etc/cron.hourly/trimfs.sh 
#!/bin/sh
/usr/bin/fstrim -v / 1>> /var/log/trim.root
/usr/bin/fstrim -v /home 1>> /var/log/trim.home
/usr/bin/fstrim -v /boot 1>> /var/log/trim.boot

 

Exit the chroot:
# exit
Unmount:
# umount /mnt/boot
# umount /mnt

reboot

Live Wifi Visualisation

Here I’ve a live visualisation of wifi networks with tcpdump and awk script to show connections with device addresses, channels and frequencies or dB state in gource.

Live Wifi Visualisation DigitalMirror holographic from carlosnikolaus on Vimeo.

…and more various

carloscomputer: DigitalMirror live wifi visuals by carlos nikolaus from carlosnikolaus on Vimeo.

htop process awk skript

awk

locate is a search tool for the commandline as well for Mac OS X

locate is a search tool for the command-line as well for Mac OS X

$ cd /usr/local/bin
$ ln -s /usr/libexec/locate.updatedb updatedb

Restart the Terminal

Run command updatedb if it’s doesnt work add in command-line

export PATH="/usr/local/bin:$PATH"

to the .bashrc in your user Folder.

Run locate in your commandline on mac

$ locate filename

how to make an Android smartphone more secure

carlos computerThe begin to make a Smartphone (SM-G900F) secure.

  1. You need a smartphone LineageOS is running on, have a look on the device list
    1. Your smartphone should be able to use SnoopSnitch
  2. A Mac/Linux PC with latest Heimdall installed
  3. Flash LinageOS
    1. install Superuser Addon
  4. Flash Xposed Framework &
    1. download and install Xprivacy(lua) over Xposed
  5. Install latest SnoopSnitch from srlabs.de
  6. Encrypt your device!

Later I’ll be back on this! If there are questions write ‘it ät carlos.berlin’.

install magisk xposed framework and xprivacy on klte sm-g900f

download xposed framework magisk unity zip

here the xda thread: https://forum.xda-developers.com/xposed/10-31-2017-xposed-framework-v88-2-t3697756

backup

new releases

Reboot in to recovery mode and install the unity zip.

Reboot the device and download xprivacy

After downloading xprivacy (xrprivacy lua is recommended) in the Xposed.app https://forum.xda-developers.com/showthread.php?t=3034811

You have to activate the module and reboot your device.

 

Have fun and block all not needed connections.

Install LineageOS with heimdall on Samsung Galaxy S5 sm-g900f klte

download & install heimdall,  twrp & LineageOS

install LinageOS:

boot the S5

Press the power button and while keep it hold and press immediately home + volume down.

Confirm the download mode!

open a terminal on your mac

run:   heimdall flash –RECOVERY twrp-3.2.1-0-klte.img

Wait…

If the process is ready the phone will reboot, you need to press:

power+home+volumeup now, to get into twrp recovery!

The phone will boot in recovery, download the image on a usb device and conntect to a usb stick.

Install LineageOS zip file!

Secure the Galaxy S5 with xposed framework unity and xprivacy!

Solar powered Galaxy S5

summer, festivals, sun, solar !

I just tested this  solar panel on my Samsung Galaxy S5 …

Now I replaced the cables by gold contracts in the Otterbox and of the cover backside of the phone.

 

 

 

 

 

I framed my Otterbox to place a solar panel on the backside of it.

galaxy s5 solar

 

 

 

 

 

If you need more information just write a mail!

 

 

Samsung Galaxy S5 (klte), LineageOS, xposed framework and xprivacy

I’m happy to see that rovo89 did a lot of work in the past six month,

and finally upgraded my Galaxy S5 SM-G900F form CyanogenMod 13.1 to LineageOS 14.1.

I was still waiting for the Xposed Framework, to get a really specific control over my apps with Xprivacy…

All you need is to check out your actual device-os version and the Xposed Framework, thanks so far to rovo89!

Root LineageOS

The LineageOS Team decide to have an extra ‘addon’ zip-file to flash for those who needs to root thier phone…

have a look in

TWRP update

There is a new version of the TeamWinRrecoveryProject(TWRP) you should use for installing LineageOS.

Xposed Framework

Xprivacy

Xprivacy is a modul of the framework, you can download and install it over the Xposedinstaller app.

Boeffla Kernel

I’m still using this… cause it’s nice !

User experience Lineage OS and Xprivacy

Turn Linage OS app power management off for those apps who have strange crashes after going in to a “sleep” state.

To get out of this situation you have to wipe cache and dalvik/cache in twrp, that was helpful to get those apps start again…

  • Browser
  • Signal
  • Threema

I was happy to see that the world uses my download link of CyanogenMod 13 latest version over 230 times since December 2016

I will keep it there for you need, but for daily you are recomeded to install LineageOS it’s the successor and up-to-date!

 

Install CyanogenMod 13 on Galaxy S5 SM-G900F

CyanogenMod 13.0 klte  Samsung Galaxy S5 (klte)

⚠ PLEASE NOTICE ⚠ Xposed Framework is now available for Lineage OS !

unicorn-cyanogenmodInstall over TWRP

⚠ PLEASE NOTICE ⚠ Xposed Framework is now available for Lineage OS !

Preparing MacOs el Capitan

First download and install the Android SDK.

 

 

Preparing Arch Linux

pacman -S android-tools