spior 0.1.2 → 0.1.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 967b9db246b956fa477b0fcc62212846720f4722799997aff7fa95eb45ff9775
-  data.tar.gz: 3469b8d3829a26bc46b576da7c15cc7bf420516e498d37fde8a39453cd2cff75
+  metadata.gz: fc3cc3a5fd8b8a7ace72820d60d145efa04795f86a3381e3156178d4d4cfd09c
+  data.tar.gz: 8de21a9ee54c6dc50f3aad1e1a828dd92173c7a5b31571498af19d75b6fd20bf
 SHA512:
-  metadata.gz: 9a0e6279b2427995067d4bf4dded5ed0b7a412724009cab08ef5c779558b8e4e80f54b82b0520ca4e949ce7d445ec2fb86a7f954e426358a2162fcd333bd689e
-  data.tar.gz: 2154da0c94cce48f71ff39fac3832ba3145388176b480a392f810ffeb5fa40e7dc66592bdf7aaf695bd2d26d6f27a4f03700a2dcaf375cfd5069afa5eeba8a3c
+  metadata.gz: acb66a1dd30e69c73f7ac79dbca7263fee90bd8bd6a8a1ace9dc7b35365a4996ce29aebde3d0652d1039f56ddcff259c29b739b8f3421bb9701b33a3d7b97c71
+  data.tar.gz: 284146408ef4dd90edf60e74f98488d0f5bf1ea92fdfff72edd30c219c26600c5e7934e71c7b54fc07bf7cf11a0e8b06ab31515d1314cc23ca570c029da551d3

data/CHANGELOG.md

@@ -1,3 +1,30 @@
+## 0.1.6, release 2021-12-30
+* Make it work for Voidlinux.
+* Add a man page.
+* Support init script (but not yet very well).
+* Stop changing /etc/resolv.conf.
+* Dependencies are checked before start anything. Spior exit(1) if fail.
+
+## 0.1.5, release 2020-11-01
+* Simplify lib/spior/copy, lib/spior/clear
+* Write iptables rules for --clearnet and --tor
+* Refacto code
+* Enhance --status with open-uri and json
+* Remove argument --net-card
+
+## 0.1.4, release 2020-05-21
+* torrc and resolv.conf are generate dynamically
+* Remove conf/resolv
+* Correct path of conf_dir for the install on gentoo
+* Remove self from lib/copy
+* Correct little error on lib/copy with undefined method `deps`
+
+## 0.1.3, release 2020-05-14
+* Rename conf dir by ext
+* Clearing all codes about MAC
+* Remove deceitmac
+* Mac change and other randomize features will go on another gem amnesie
+
 ## 0.1.2, release 2020-05-13
 * Add instructions for the persistent mode
 * Add dependency iptables-persistant for distro based on debian

data/README.md

@@ -1,39 +1,48 @@
-# spior
-(Spider|Tor) A tool to make TOR your default gateway and randomize your hardware (MAC).
+# Spior
+
+<div align="center">
+<br/>
+
+[![Gem Version](https://badge.fury.io/rb/spior.svg)](https://badge.fury.io/rb/spior)
+![GitHub](https://img.shields.io/github/license/szorfein/spior)
+
+</div>
+
+(Spider|Tor) A tool to make TOR your default gateway.
 
 ## Install
 Spior is cryptographically signed, so add my public key (if you haven’t already) as a trusted certificate.
 
     $ gem cert --add <(curl -Ls https://raw.githubusercontent.com/szorfein/spior/master/certs/szorfein.pem)
 
-And install the gem
+And install the gem:
 
     $ gem install spior -P MediumSecurity
 
-To be able to use the `persist mode` (with systemd for now), the gem should be installed system-wide:  
-+ For gentoo, a package is available on my repo [ninjatools](https://github.com/szorfein/ninjatools/tree/master/dev-ruby/spior).  
-+ Arch seem to use [Quarry](https://wiki.archlinux.org/index.php/Ruby#Quarry).  
-+ On distro based on debian, gem are installed system-wide.  
+Or user wide (Spior will use `sudo`)
 
-If you can, i recommend that you create a package for your distribution.  
+    $ gem install --user-install spior
 
 ## Usage
 
     $ spior -h
 
 ### Examples
-To change the MAC address for eth0
+Redirect traffic through TOR:
+
+    $ spior --tor
+
+Change your ip address by reloading the TOR circuit:
 
-    $ spior -n eth0 -m
+    $ spior --reload
 
-Redirect traffic through TOR
+Look informations about your current ip address:
 
-    $ spior -t
-    $ spior -t -n eth0
+    $ spior --status
 
-Look informations about your current ip address
+Return to clearnet navigation
 
-    $ spior -s
+    $ spior --clearnet
 
 ## Left Over
 

data/Rakefile

@@ -0,0 +1,20 @@
+# https://github.com/seattlerb/minitest#running-your-tests-
+require "rake/testtask"
+require File.dirname(__FILE__) + "/lib/spior/version"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList["test/test_*.rb"]
+end
+
+namespace :gem do
+  desc "build the gem"
+  task :build do
+    Dir["spior*.gem"].each {|f| File.unlink(f) }
+    system("gem build spior.gemspec")
+    system("gem install --user-install spior-#{Spior::VERSION}.gem -P MediumSecurity")
+  end
+end
+
+task :default => :test

data/bin/spior

@@ -1,6 +1,5 @@
 #!/usr/bin/env ruby
 
-require 'spior/runner'
+require 'spior'
 
-runner = Spior::Runner.new(ARGV)
-runner.run
+Spior::Main.new(ARGV)

data/lib/spior/clear.rb

@@ -1,8 +1,4 @@
-require 'tty-which'
 require 'nomansland'
-require_relative 'copy'
-require_relative 'msg'
-require_relative 'helpers'
 
 module Spior
   module Clear
@@ -10,32 +6,30 @@ module Spior
 
     def all
       iptables
-      rez_configs
+      Spior::Copy.new.restore
     end
 
     private
 
     def iptables
       puts "Clearing rules.."
-      Spior::Iptables::flush_rules
-      if File.exist?("/var/lib/iptables/rules-save")
-        ipt_restore "/var/lib/iptables/rules-save"
-      elsif File.exist?("/etc/iptables/rules.save")
-        ipt_restore "/etc/iptables/iptables.rules"
-      elsif File.exist?("/etc/iptables.rules")
-        ipt_restore "/etc/iptables.rules"
-      else
-        Msg.p "I couldn't find any old rules for iptables to restore, skipping..."
-      end
+      ipt = Spior::Iptables::Default.new
+      ipt.stop!
+      #if File.exist?("/var/lib/iptables/rules-save")
+      #  ipt_restore "/var/lib/iptables/rules-save"
+      #elsif File.exist?("/etc/iptables/rules.save")
+      #  ipt_restore "/etc/iptables/iptables.rules"
+      #elsif File.exist?("/etc/iptables.rules")
+      #  ipt_restore "/etc/iptables.rules"
+      #else
+        #Msg.p "Couldn't find any previous rules for iptables, create basic rules..."
+        ipt.run!
+      #end
     end
 
     def ipt_restore(path)
       puts "Restoring rules #{path}..."
       Helpers::Exec.new("iptables-restore").run("#{path}")
     end
-
-    def rez_configs
-      Spior::Copy::restore_files
-    end
   end
 end

data/lib/spior/copy.rb

@@ -1,107 +1,84 @@
-require 'nomansland'
-require 'date'
 require 'digest'
-require_relative 'msg'
-require_relative 'helpers'
 
 module Spior
   class Copy
-
-    def self.config_files
-      @cp = Helpers::Exec.new("cp -a")
-      @conf_dir = File.expand_path('../..' + '/conf', __dir__)
-      copy_torrc
-      copy_file(@conf_dir + "/resolv.conf", "/etc/resolv.conf")
-      copy_file(@conf_dir + "/ipt_mod.conf", "/etc/modules-load.d/ipt_mod.conf")
-    end
-
-    def self.restore_files
+    def initialize
       @cp = Helpers::Exec.new("cp -a")
-      backup_exist("/etc/tor/torrc")
-      backup_exist("/etc/resolv.conf")
+      @files = []
+      search_conf_dir
+      config_files
+      list
     end
 
-    def self.search_systemd_dir
-      if Dir.exist?("/usr/lib/systemd/system")
-        @systemd_dir = '/usr/lib/systemd/system'
-      elsif Dir.exist?("/lib/systemd/system")
-        @systemd_dir = '/lib/systemd/system'
-      else
-        Msg.report "Directory systemd/system is no found on your system."
-        exit(-1)
-      end
+    def save
+      @files.each { |f|
+        backup = "#{f}_backup"
+        if ! File.exist? backup
+          Msg.p "#{f} saved"
+          @cp.run("#{f} #{backup}")
+        end
+      }
     end
 
-    def self.systemd_services
-      @cp = Helpers::Exec.new("cp -a")
-      search_systemd_dir
-      case Nomansland::installer?
-      when :gentoo
-        Msg.p "Copy #{@conf_dir}/iptables.service"
-        copy_file(@conf_dir + "/iptables.service", @systemd_dir + "/iptables.service")
-      end
+    def restore
+      @files.each { |f|
+        backup = "#{f}_backup"
+        if File.exist? backup
+          Msg.p "#{f} restored"
+          @cp.run("#{backup} #{f}")
+        end
+      }
     end
 
     private
 
-    def self.copy_file(conf, target)
-      @config_file = conf
-      return if check_hash(@config_file, target)
-      if File.exist? target then
-        if ! previous_copy target
-          backup_file(target)
-        end 
-        add_file target
-      else
-        add_file target
-      end
+    def config_files
+      copy_file("#{@conf_dir}/ipt_mod.conf", "/etc/modules-load.d/ipt_mod.conf")
     end
 
-    def self.copy_torrc
-      case Nomansland::distro?
-      when :archlinux
-        copy_file(@conf_dir + "/torrc/torrc_archlinux", "/etc/tor/torrc")
-      else
-        copy_file(@conf_dir + "/torrc/torrc_default", "/etc/tor/torrc")
-        Msg.report "If tor fail to start with the default torrc"
-      end
+    def list
+      add "/etc/tor/torrc"
+      add "/etc/systemd/resolved.conf"
+      add "/var/lib/iptables/rules-save" # gentoo
+      add "/etc/iptables/iptables.rules" # arch
+      add "/etc/iptables/rules.v4" # debian
     end
 
-    def self.previous_copy(target)
-      backup=`ls #{target}.backup-* | head -n 1`.chomp
-      return false if !File.exist?(backup)
-      check_hash(backup, target)
+    def add(file)
+      @files << file if File.exist? file
     end
 
-    def self.check_hash(src, target)
-      return if not File.exist?(target)
-      sha256conf = Digest::SHA256.file src
-      sha256target = Digest::SHA256.file target
-      sha256conf === sha256target
+    def search_conf_dir
+      # ebuild on gentoo copy the ext dir at lib/ext
+      @conf_dir = File.expand_path('../..' + '/lib/ext', __dir__)
+      if ! Dir.exist?(@conf_dir)
+        @conf_dir = File.expand_path('../..' + '/ext', __dir__)
+      end
     end
 
-    def self.backup_file(target)
-      d = DateTime.now
-      backup = target + ".backup-" + d.strftime('%b-%d_%I-%M')
-      @cp.run("#{target} #{backup}")
-      puts "Renamed file #{backup}"
+    def previous_copy(target)
+      backup=`ls #{target}.backup-* | head -1`.chomp
+      return false if ! File.exist? backup
+      check_hash(backup, target)
     end
 
-    def self.add_file(target)
+    def add_file(target)
       @cp.run("#{@config_file} #{target}")
       Msg.p "File #{@config_file} has been successfully copied at #{target}"
     end
 
-    def self.backup_exist(target)
-      backup=`ls #{target}.backup-* | head -n 1`.chomp
-      if File.exist? backup
-        if ! check_hash(target, backup)
-          @cp.run("#{backup} #{target}")
-          Msg.p "Restored #{backup}"
-        end
-      else
-        puts "No found previous backup for #{target}"
-      end
+    def copy_file(conf, target)
+      @config_file = conf
+      add_file target if ! File.exist? target
+      return if check_hash(@config_file, target)
+      add_file target
+    end
+
+    def check_hash(src, target)
+      return if not File.exist?(target)
+      sha256conf = Digest::SHA256.file src
+      sha256target = Digest::SHA256.file target
+      sha256conf === sha256target
     end
   end
 end

data/lib/spior/dep.rb

@@ -0,0 +1,37 @@
+require 'nomansland'
+require 'tty-which'
+
+module Spior
+  module Dep
+    def self.check
+      deps = [ 'iptables', 'tor' ]
+      is_ok = true
+      Msg.p 'Searching dependencies...'
+      deps.each {|dep|
+        unless TTY::Which.exist? dep
+          Msg.err "-> #{dep} is lacked."
+          is_ok = false
+        end
+      }
+      exit 1 unless is_ok
+    end
+
+    def self.install
+      case Nomansland::installer?
+      when :emerge
+        Helpers::Exec.new('emerge -av').run('tor iptables')
+      when :pacman
+        Helpers::Exec.new('pacman -S').run('tor iptables')
+      when :yum
+        Helpers::Exec.new('yum install').run('tor iptables')
+      when :void
+        Helpers::Exec.new('xbps-install -y').run('tor iptables runit-iptables')
+      when :debian
+        Helpers::Exec.new('apt-get install').run('tor iptables iptables-persistent')
+      else
+        Msg.report 'Your system is not yet supported.'
+      end
+      exit 0
+    end
+  end
+end

data/lib/spior/helpers.rb

@@ -1,18 +1,117 @@
+require 'fileutils'
+require 'tempfile'
+require 'open3'
+
 module Helpers
   class Exec
     def initialize(name)
-      @search_uid=`id -u`.chomp
-      @search_uid ||= 1000 unless $?.success?
+      @search_uid = Process::Sys.getuid
       @name = name
     end
 
     def run(args)
-      if @search_uid == '0' then
-        #puts "found root - uid #{@search_uid}"
-        system(@name + " " + args)
+      cmd = @search_uid == '0' ? @name : "sudo #{@name}"
+      Open3.popen2e("#{cmd} #{args}") do |stdin, stdout_err, wait_thr|
+        while line = stdout_err.gets
+          puts line
+        end
+
+        exit_status = wait_thr.value
+        unless exit_status.success?
+          raise "Error, Running #{cmd} #{args}"
+        end
+      end
+    end
+  end
+
+  # Class Newfile
+  # Create a file and move at the dest
+  # === Example
+  # string = "nameserver 127.0.0.1"
+  # name = "resolv.conf"
+  # dest = "/etc"
+  # new_file = Helpers::Newfile.new(string, name, dest)
+  # new_file.add
+  class NewFile
+    # Method #new
+    # === Parameters
+    # * _string_ = string for the whole file
+    # * _name_ = name of the file (e.g: resolv.conf)
+    # * _dest_ = path (e.g: /etc)
+    def initialize(string, name, dest = "/tmp")
+      @string = string
+      @name = name
+      @dest = dest + "/" + @name
+    end
+
+    # Method #add
+    # Add the file at @dest
+    def add
+      @mv = Helpers::Exec.new("mv")
+      tmp = Tempfile.new(@name)
+      File.open(tmp.path, 'w') do |file|
+        file.puts @string
+      end
+      puts "move #{tmp.path} to #{@dest}"
+      @mv.run("#{tmp.path} #{@dest}")
+    end
+
+    def perm(user, perm)
+      chown = Helpers::Exec.new("chown")
+      chmod = Helpers::Exec.new("chmod")
+      chown.run("#{user}:#{user} #{@dest}")
+      chmod.run("#{perm} #{@dest}")
+    end
+  end
+
+  # Class NewSystemd
+  # Used to create a systemd service
+  #
+  # === Example:
+  # require Helpers
+  # string = <<EOF
+  # [Description]
+  #
+  # [Service]
+  # Type=simple
+  #
+  # [Installation]
+  # WantedBy =
+  # EOF
+  # new_systemd = Helpers::NewSystemd.new(string, "tor.service")
+  # new_systemd.add
+  class NewSystemd < NewFile
+    # Method #new
+    # === Parameters:
+    # * _string_ = the string of for whole content file
+    # * _name_ = the name of the service (e.g: tor.service)
+    def initialize(string, name)
+      super
+      @systemd_dir = search_systemd_dir
+      @dest = @systemd_dir + "/" + @name
+    end
+
+    # Method #add
+    # Create a temporary file and move
+    # the service @name to the systemd directory
+    def add
+      @systemctl = Helpers::Exec.new("systemctl")
+      super
+      @systemctl.run("daemon-reload")
+    end
+
+    private
+    # Method search_systemd_dir
+    # Search the current directory for systemd services
+    # + Gentoo can install at /lib/systemd/system or /usr/lib/systemd/system
+    def search_systemd_dir
+      if Dir.exist? "/lib/systemd/system"
+        "/lib/systemd/system"
+      elsif Dir.exist? "/usr/lib/systemd/system"
+        "/usr/lib/systemd/system"
       else
-        #puts "no root - call sudo - uid #{@search_uid}"
-        system("sudo " + @name + " " + args)
+        raise "No directory systemd found"
+        exit
       end
     end
   end

data/lib/spior/iptables/default.rb

@@ -0,0 +1,38 @@
+module Spior
+  module Iptables
+    class Default < Iptables::Root
+      private
+      
+      def input
+        # SSH
+        ipt "-A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT"
+        # Allow loopback, rules
+        ipt "-A INPUT -i #{@lo} -j ACCEPT"
+        # Accept related
+        ipt "-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT"
+      end
+
+      def output
+        ipt "-A OUTPUT -m conntrack --ctstate INVALID -j DROP"
+        ipt "-A OUTPUT -m state --state ESTABLISHED -j ACCEPT"
+
+        # Allow SSH
+        ipt "-A OUTPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT"
+
+        # Allow Loopback
+        ipt "-A OUTPUT -d #{@lo_addr}/8 -o #{@lo} -j ACCEPT"
+
+        # Default
+        ipt "-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT"
+      end
+      
+      def all
+        ipt "-t filter -A OUTPUT -p udp -j ACCEPT"
+        ipt "-t filter -A OUTPUT -p icmp -j REJECT"
+        ipt "-P INPUT ACCEPT"
+        ipt "-P FORWARD ACCEPT"
+        ipt "-P OUTPUT ACCEPT"
+      end
+    end
+  end
+end

data/lib/spior/iptables/root.rb

@@ -0,0 +1,88 @@
+require 'interfacez'
+
+module Spior
+  module Iptables
+    class Root
+      def initialize
+        @lo      = Interfacez.loopback
+        @lo_addr = Interfacez.ipv4_address_of(@lo)
+        @i = Helpers::Exec.new("iptables")
+        Spior::Copy.new.save
+      end
+
+      def run!
+        stop!
+        bogus_tcp_flags
+        bad_packets
+        spoofing
+        redirect
+        input
+        output
+        all
+      end
+
+      def stop!
+        ipt "-F"
+        ipt "-X"
+        ipt "-t nat -F"
+        ipt "-t nat -X"
+        ipt "-t mangle -F"
+        ipt "-t mangle -X"
+      end
+
+      private
+
+      def ipt(line)
+        @i.run("#{line}")
+        puts "added - #{@i} #{line}"
+      end
+
+      def redirect
+      end
+
+      def input
+      end
+
+      def output
+      end
+
+      def all
+      end
+
+      def bogus_tcp_flags
+        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP"
+        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP"
+        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP"
+        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP"
+        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP"
+        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP"
+        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags ACK,FIN FIN -j DROP"
+        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP"
+        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags ALL ALL -j DROP"
+        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP"
+        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP"
+        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,FIN,PSH,URG -j DROP"
+        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP"
+      end
+
+      def bad_packets
+        # new packet not syn
+        ipt "-t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP"
+        # fragment  packet
+        ipt "-A INPUT -f -j DROP"
+        # XMAS
+        ipt "-A INPUT -p tcp --tcp-flags ALL ALL -j DROP"
+        # null packet
+        ipt "-A INPUT -p tcp --tcp-flags ALL NONE -j DROP"
+      end
+
+      def spoofing
+        subs=["224.0.0.0/3", "169.254.0.0/16", "172.16.0.0/12", "192.0.2.0/24", "0.0.0.0/8", "240.0.0.0/5"]
+        subs.each do |sub|
+          ipt "-t mangle -A PREROUTING -s #{sub} -j DROP"
+        end
+        ipt "-t mangle -A PREROUTING -s #{@lo_addr}/8 ! -i #{@lo} -j DROP"
+      end
+    end
+  end
+end