Skip to content

Instantly share code, notes, and snippets.

@d3cod3
Last active January 15, 2021 19:43
Show Gist options
  • Save d3cod3/4a2192eb4853993f3a9378b7888f26b6 to your computer and use it in GitHub Desktop.
Save d3cod3/4a2192eb4853993f3a9378b7888f26b6 to your computer and use it in GitHub Desktop.
MULE - MUrs de Libre Expresión

MULE - MUrs de Libre Expresión

1 - Using the last official Raspbian Buster Lite from https://www.raspberrypi.org/downloads/raspbian/

Direct link: https://downloads.raspberrypi.org/raspbian_lite_latest

2 - Scrambling microSD card (patience here)

This is a good method to make the drive almost impossible to forensic extract previous data, apply this step if you're going to use a previously used microSD card (from a camera, from another raspberry Pi project, etc) so your previous data will be reasonably safe. If you just buyed a new microSD card, this step is not really necessary.

# on OSX
sudo dd if=/dev/urandom of=/dev/YOUR_DEVICE_NAME bs=1m

# on linux
sudo dd if=/dev/urandom of=/dev/YOUR_DEVICE_NAME bs=1M status=progress

3 - Installing raspbian buster lite on microSD card

# on OSX
sudo dd if=raspbian-buster-lite.img of=/dev/YOUR_DEVICE_NAME bs=1m conv=sync

# on linux
sudo dd if=raspbian-buster-lite.img of=/dev/YOUR_DEVICE_NAME bs=1M conv=fdatasync status=progress

3/2 - Launch raspi-config to expand filesystem and activate ssh server, then reboot. Now we can access our device via ssh, with default raspbian credential

user pi, passwd raspberry

4 - Update user password and sudo password

passwd
sudo passwd

4/2 - Update ssh config, edit /etc/ssh/sshd_config:

sudo nano /etc/ssh/sshd_config

And edit:

# Disable ipv6
#ListenAddress ::
ListenAddress 0.0.0.0

# Disallow SSH access to root account
PermitRootLogin no

# Disable X11Forwarding
X11Forwarding no

# Add AllowUsers pi, in order to enable access for your default user ONLY
AllowUsers pi

Save it and restart ssh:

sudo /etc/init.d ssh restart

5 - Change sources.list

deb http://raspbian.raspberrypi.org/raspbian/ buster main contrib non-free rpi deb-src http://raspbian.raspberrypi.org/raspbian/ buster main contrib non-free rpi

6 - Update system

sudo apt update && sudo apt dist-upgrade -y

6/2 - Install some utils

sudo apt install git

7 - Install&configure necessary packages for make the rpi an access point in a standalone network

sudo apt install dnsmasq hostapd
sudo nano /etc/dhcpcd.conf

interface wlan0
    static ip_address=192.168.9.1/24
    nohook wpa_supplicant

sudo systemctl restart dhcpcd

Configure the DHCP server (dnsmasq)

sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
sudo nano /etc/dnsmasq.conf

interface=wlan0      # Use the require wireless interface - usually wlan0
dhcp-range=192.168.9.2,192.168.9.200,255.255.255.0,24h

sudo systemctl reload dnsmasq

Configuring the access point host software (hostapd)

Option 1 - Open network

sudo nano /etc/hostapd/hostapd.conf

interface=wlan0
driver=nl80211
ssid=MULE
hw_mode=g
channel=5

Option 2 - WPA password access network

NOTE: wpa_key must be minimum 8 characters

sudo nano /etc/hostapd/hostapd.conf

interface=wlan0
driver=nl80211
ssid=MULE
hw_mode=g
channel=5
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=MULE0000
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
sudo nano /etc/default/hostapd

DAEMON_CONF="/etc/hostapd/hostapd.conf"

sudo systemctl unmask hostapd
sudo systemctl enable hostapd
sudo systemctl start hostapd

Add routing

sudo nano /etc/sysctl.conf

uncomment line: net.ipv4.ip_forward=1

Finally reboot the device:

sudo shutdown -r now

8 - Connect via ssh

ssh pi@192.168.9.1

9 - Install apache

sudo apt install apache2

Then configure it, edit /etc/apache2/conf-enabled/security.conf:

ServerSignature Off
ServerTokens Prod

Save and restart apache:

sudo systemctl restart apache2

Now edit /etc/apache2/apache2.conf to turn Off Directory Browsing, Disable Symbolic Links, Limit request size (to 600 Kb) and Turn Off Server Side Includes and CGI Execution:

<Directory /var/www/>
        LimitRequestBody 614400
        Options -FollowSymLinks -Includes -ExecCGI
        AllowOverride None
        Require all granted
</Directory>

And finally disable unnecessary modules:

a2dismod autoindex
a2dismod status
sudo /etc/init.d/apache2 restart

If installed, disable mod_security firewall, edit the /etc/modsecurity/modsecurity.conf:

SecRuleEngine Off

10 - Install MariaDB server

sudo apt install mariadb-server mariadb-client

Secure the installation, run the command and follow the instructions:

sudo mysql_secure_installation

Now, create the db and create a new user for database access, log into the mariadb and launch the commands:

sudo mysql -u root -p

MariaDB [(none)]> CREATE DATABASE muledb;
MariaDB [(none)]> use muledb;

MariaDB [muledb]> CREATE TABLE `ml_content` (
    -> `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
    -> `data` text,
    -> `latitude` text,
    -> `longitude` double NOT NULL,
    -> `altitude` double NOT NULL,
    -> `angle` float NOT NULL,
    -> PRIMARY KEY (`id`)
    -> ) ENGINE=InnoDB DEFAULT CHARSET=utf8;

MariaDB [(none)]> CREATE USER 'mula'@'localhost' IDENTIFIED BY 'YOUR_PASSWORD';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON muledb.* TO 'mula'@'localhost';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> exit

Restart mysql:

sudo /etc/init.d/mysql restart

11 - Install Php7

sudo apt install php php-common
sudo apt install php-cli php-fpm php-json php-mysql php-zip php-gd php-mbstring php-curl php-xml php-pear php-bcmath

12 - Set up MULE file package

Download MULE File Package from the official github repository:

cd /var/www/html

sudo git clone https://github.com/d3cod3/taz

cd taz/
ls -la

MULE_FILE_PACKAGE_LS

sudo chown www-data: data/
sudo chmod 775 -R data/
sudo chown www-data: muledata.json
sudo chmod 664 muledata.json

And now edit the includes/db.php file to set your database password (the one you use it in the MariaDB install above)

sudo nano /var/www/html/taz/includes/db.php

At the beginning you'll see:

private static $MULE_config = array(

    "db" => array(
      "host" => "localhost",
      "port" => 3306,
      "name" => "muledb",
      "username" => "mula",
      "password" => "YOUR_PASSWORD" // change this!
    )

  );

Just change the password accordingly and save it.

Your MULE device is ready!!!

13 - IF you're planning to build a lot of MULE devices...

There's no need to repeat all this work for every device, just create an image from the entire raspberri PI hard drive (the microSD card), and clone this image to the others microSD card for all the devices you need.

To create the image:

# on OSX
sudo dd if=/dev/YOUR_DEVICE_NAME conv=sync,noerror bs=16k | gzip -c > image_filename.gz

# on Linux
sudo dd if=/dev/YOUR_DEVICE_NAME conv=sync,noerror status=progress bs=16K | gzip -c > image_filename.gz

And to clone from the image:

# on OSX
gunzip -c image_filename.gz | sudo dd of=/dev/YOUR_DEVICE_NAME

# on Linux
gunzip -c image_filename.gz | sudo dd of=/dev/YOUR_DEVICE_NAME status=progress
@d3cod3
Copy link
Author

d3cod3 commented Aug 1, 2019

MULE_FILE_PACKAGE_LS

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment