Iptabels add blocklist while systemctl start

add iptables with binarydefense.com and ip-projects.de to the rules.emergingthreats.net blocklist

☆ carloscomputer-banlist ☆

Edit systemd iptables.service

[Unit]
Description=IPv4 Packet Filtering Framework
Before=network-pre.target
Wants=network-pre.target

[Service]
Type=oneshot
ExecStart=/usr/bin/iptables-restore /etc/iptables/iptables.rules
ExecStartPost=/etc/script/ipban.list.sh
ExecReload=/usr/bin/iptables-restore /etc/iptables/iptables.rules
ExecStop=/usr/lib/systemd/scripts/iptables-flush
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

The iptables script alpha2 contains

you should modify as you need -I or -A and ‘input’ chain

#!/bin/sh
curl https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt |sed 1,41d > /usr/share/webapps/wordpress/wp-content/uploads/carloscomputer-banlist
curl https://www.binarydefense.com/banlist.txt |sed 1,12d >> /usr/share/webapps/wordpress/wp-content/uploads/carloscomputer-banlist
curl https://sslbl.abuse.ch/blacklist/sslipblacklist.txt |sed 1,9d >> /usr/share/webapps/wordpress/wp-content/carloscomputer-banlist
curl http://mirror.ip-projects.de/ip-blacklist >> /usr/share/webapps/wordpress/wp-content/uploads/carloscomputer-banlist
for i in `cat /usr/share/webapps/wordpress/wp-content/uploads/carloscomputer-banlist`; do
iptables -A INPUT -s $i -j DROP
done

check banned iptable

iptables -L -n |grep DROP -c
2541

 

♥ install Arch linux ♥

I want to make a guideline for installation of Arch linux.

unicorn arch linux install

Boot Arch linux from usb-stick how to create one you will find out,
I’m shure, but at least:
dd bs=1M if=Downloads/archlinux-2014.12.01-dual.iso of=/dev/sdb

erase & create partition table, connect to internet

Easy to use is the commandline patition tool cfdisk.

 

# fdisk -l
Device Boot Start End Sectors Size Id Type
/dev/sda1 * 2048 393215 391168 191M 83 Linux
/dev/sda2 393216 117210239 116817024 55,7G 83 Linux

If you have a german keyboard type:
# loadkeys de-latin1-nodeadkeys.map.gz
Establish WiFi-connection if you don’t have wired access to theInternet:
# wifi-menu
or
# ifconfig
and
dhcpcd your ethdev
check
# ping ccc.de
nice!

encrypt everything except boot

XTS splitts the encryption, to AES 256 bit keylength, use 1024 for a 512bit key.
modprobe dm-crypt (to be sure)
# cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/sda2 (follow YES & pass)
# cryptsetup luksOpen /dev/sda2 archluks

create lvm partitions

# pvcreate /dev/mapper/archluks
# vgcreate archvg /dev/mapper/archluks
# lvcreate -L 8GB -n swap archvg (not for ssd install)
# lvcreate -l 100%FREE -n root archvg

Now we need a filesystem on them:


# mkfs.ext4 -L boot /dev/sda1
# mkfs.ext4 -L root /dev/mapper/archvg-root
# mkswap -L swap /dev/mapper/archvg-swap (not for ssd install)

mount and install

Mount the volumes into the running livesystem:

# mount /dev/mapper/archvg-root /mnt
# mkdir /mnt/boot
# mount /dev/sda1 /mnt/boot

Install the base and base-devel packets to /mnt (Internet-connection required):

# pacstrap /mnt base base-devel joe openssh net-tools wpa_supplicant dialog
# pacstrap /mnt grub-bios

Generate fstab:
# swapon -L swap
# genfstab -p -U /mnt > /mnt/etc/fstab

my ssd fstab:

cat fstab
# /dev/mapper/archvg-root
 UUID=5fd17e1d-6346-43bc-900d-6e6f56b9d40c / ext4
 defaults,discard,noatime,nodiratime,lazytime,commit=600 0 1
# /dev/sda1 UUID=a9550250-be66-4544-8d42-8b97fedcd7f7 /boot ext4 defaults,discard,noatime,nodiratime,lazytime,commit=600 0 2 ramfs /tmp tmpfs defaults,relatime,nodev,nosuid,mode=1777 0 0 tmpfs /var/tmp tmpfs defaults,relatime,nodev,nosuid,mode=0754,size=5% 0 0 tmpfs /var/log tmpfs defaults,relatime,nodev,nosuid,mode=0754,size=1% 0 0 tmpfs /var/log/httpd tmpfs defaults,relatime,nodev,nosuid,mode=0754,size=1% 0 0

chroot and configure

# arch-chroot /mnt

delete the # in front of your language of choise (e.g. de_DE.UTF-8 UTF-8) in locale.gen and generate the locale:

# joe /etc/locale.gen

remove hash# form your language

de_DE.UTF-8 UTF-8
de_DE ISO-8859-1
de_DE@euro ISO-8859-15

then:
# locale-gen
# echo LANG=de_DE.UTF-8 > /etc/locale.conf
# echo LC_COLLATE=C >> /etc/locale.conf
# echo LC_TIME=de_DE.UTF-8 >> /etc/locale.conf
# export LANG=de_DE.UTF-8

Generate /etc/vconsole.conf with the following 3 lines to bind your keys correctly:

# echo KEYMAP=de-latin1 >> /etc/vconsole.conf
# echo FONT=Lat2-Terminus16 >> /etc/vconsole.conf
# echo FONT_MAP=8859-1_to_uni >> /etc/vconsole.conf

Create a symbolic link /etc/localtime to your zone file /usr/share/zoneinfo//:
# ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime

Define yout hostename:
# echo myhostname > /etc/hostname

 

Edit /etc/mkinitcpio.conf:

Put „keyboard“, “keymap”, “encrypt” and “lvm2″ before “filesystems” in the HOOKS array
# mkinitcpio -p linux

Now install GRUB (part 2), on a device not a partition or a volume:
# grub-install /dev/sda

In /etc/default/grub edit the line GRUB_CMDLINE_LINUX=”” to GRUB_CMDLINE_LINUX=”cryptdevice=/dev/sda2:archvg” then run:

My SSD config:GRUB_CMDLINE_LINUX=“cryptdevice=/dev/sda2:archvg:allow-discards elevator=noop vga=791 splash“

# grub-mkconfig -o /boot/grub/grub.cfg
# systemctl enable dhcpcd.service

set your root password:
# passwd

add youruser

# useradd -m -G wheel -s /bin/bash youruser
# passwd youruser

uncomment in /etc/sudoers
#  %wheel ALL=(ALL) ALL

[deprecated]
type ‚pacman -Suy cronie‘ here my fstrim cronjob for ssd

[root@munin etc]# cat /etc/cron.hourly/trimfs.sh 
#!/bin/sh
/usr/bin/fstrim -v / 1>> /var/log/trim.root
/usr/bin/fstrim -v /home 1>> /var/log/trim.home
/usr/bin/fstrim -v /boot 1>> /var/log/trim.boot

 

Exit the chroot:
# exit
Unmount:
# umount /mnt/boot
# umount /mnt

reboot

how to make an Android smartphone more secure

carlos computerThe begin to make a Smartphone (SM-G900F) secure.

  1. You need a smartphone LineageOS is running on, have a look on the device list
    1. Your smartphone should be able to use SnoopSnitch
  2. A Mac/Linux PC with latest Heimdall installed
  3. Flash LinageOS
    1. install Superuser Addon
  4. Flash Xposed Framework &
    1. download and install Xprivacy(lua) over Xposed
  5. Install latest SnoopSnitch from srlabs.de
  6. Encrypt your device!

Later I’ll be back on this! If there are questions write ‘it ät carlos.berlin’.

install magisk xposed framework and xprivacy on klte sm-g900f

download xposed framework magisk unity zip

here the xda thread: https://forum.xda-developers.com/xposed/10-31-2017-xposed-framework-v88-2-t3697756

backup

new releases

Reboot in to recovery mode and install the unity zip.

Reboot the device and download xprivacy

After downloading xprivacy (xrprivacy lua is recommended) in the Xposed.app https://forum.xda-developers.com/showthread.php?t=3034811

You have to activate the module and reboot your device.

 

Have fun and block all not needed connections.

Install LineageOS with heimdall on Samsung Galaxy S5 sm-g900f klte

download & install heimdall,  twrp & LineageOS

install LinageOS:

boot the S5

Press the power button and while keep it hold and press immediately home + volume down.

Confirm the download mode!

open a terminal on your mac

run:   heimdall flash –RECOVERY twrp-3.2.1-0-klte.img

Wait…

If the process is ready the phone will reboot, you need to press:

power+home+volumeup now, to get into twrp recovery!

The phone will boot in recovery, download the image on a usb device and conntect to a usb stick.

Install LineageOS zip file!

Secure the Galaxy S5 with xposed framework unity and xprivacy!

Solar powered Galaxy S5

summer, festivals, sun, solar !

I just tested this  solar panel on my Samsung Galaxy S5 …

Now I replaced the cables by gold contracts in the Otterbox and of the cover backside of the phone.

 

 

 

 

 

I framed my Otterbox to place a solar panel on the backside of it.

galaxy s5 solar

 

 

 

 

 

If you need more information just write a mail!