RubyGems - spior - Versions diffs - 0.1.6 → 0.3.5 - Mend

spior 0.1.6 → 0.3.5

Files changed (44) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data/.github/workflows/rubocop-analysis.yml +47 -0
data/.gitignore +1 -0
data/CHANGELOG.md +21 -0
data/Gemfile +5 -0
data/README.md +13 -3
data/Rakefile +20 -9
data/bin/spior +1 -0
data/lib/auth.rb +46 -0
data/lib/spior/dep.rb +38 -23
data/lib/spior/helpers.rb +22 -25
data/lib/spior/iptables/default.rb +19 -13
data/lib/spior/iptables/root.rb +37 -37
data/lib/spior/iptables/rules.rb +103 -0
data/lib/spior/iptables/tor.rb +24 -23
data/lib/spior/iptables.rb +4 -0
data/lib/spior/ipv6.rb +35 -0
data/lib/spior/menu.rb +18 -24
data/lib/spior/msg.rb +30 -8
data/lib/spior/options.rb +20 -22
data/lib/spior/service/enable.rb +66 -0
data/lib/spior/service/restart.rb +5 -12
data/lib/spior/service/start.rb +7 -17
data/lib/spior/service/stop.rb +14 -0
data/lib/spior/service.rb +5 -0
data/lib/spior/status.rb +32 -24
data/lib/spior/tor/config.rb +137 -0
data/lib/spior/tor/data.rb +53 -0
data/lib/spior/tor/start.rb +65 -0
data/lib/spior/tor/stop.rb +53 -0
data/lib/spior/tor.rb +7 -1
data/lib/spior/version.rb +3 -1
data/lib/spior.rb +18 -23
data/spior.gemspec +24 -21
data/test/test_install.rb +2 -2
data/test/test_options.rb +2 -0
data.tar.gz.sig +2 -2
metadata +59 -51
metadata.gz.sig +0 -0
data/lib/spior/clear.rb +0 -35
data/lib/spior/copy.rb +0 -84
data/lib/spior/persist.rb +0 -51
data/lib/spior/tor/info.rb +0 -96

data/lib/spior/iptables/rules.rb ADDED Viewed

@@ -0,0 +1,103 @@
+# frozen_string_literal: true
+require 'tempfile'
+require 'fileutils'
+require 'nomansland'
+module Spior
+  module Iptables
+    # Iptables::Rules, used to save or restore iptables rules
+    class Rules
+      def initialize
+        @tmp_iptables_rules = Tempfile.new('iptables_rules')
+        @tmp_spior_rules = Tempfile.new('spior_rules')
+        @save_path = search_iptables_config
+      end
+      def save
+        save_rules(@tmp_iptables_rules)
+        insert_comment(@tmp_spior_rules, @tmp_iptables_rules)
+        create_file(@tmp_spior_rules, @save_path)
+        Msg.p "Iptables rules saved at #{@save_path}"
+      end
+      def restore
+        return if restoring_older_rules(@save_path)
+        Msg.p 'Adding clearnet navigation...'
+        Iptables::Default.new.run!
+      end
+      protected
+      def save_rules(tmp_file)
+        Msg.p 'Saving Iptables rules...'
+        Helpers::Exec.new('iptables-save').run("> #{tmp_file.path}")
+      end
+      def insert_comment(spior_file, iptable_file)
+        outfile = File.open(spior_file.path, 'w')
+        outfile.puts '# Rules saved by Spior.'
+        outfile.puts(File.read(iptable_file.path))
+        outfile.close
+      end
+      def search_for_comment(filename)
+        File.open(filename) do |f|
+          f.each do |line|
+            return true if line.match(/saved by Spior/)
+          end
+        end
+        false
+      end
+      def move(src, dest)
+        if Process::Sys.getuid == '0'
+          FileUtils.mv(src, dest)
+        else
+          Helpers::Exec.new('mv').run("#{src} #{dest}")
+        end
+      end
+      def create_file(tmpfile, dest)
+        if File.exist? dest
+          if search_for_comment(dest)
+            Msg.p "Older Spior rules found #{dest}, erasing..."
+          else
+            Msg.p "File exist #{dest}, create backup #{dest}-backup..."
+            move(dest, "#{dest}-backup")
+          end
+        end
+        move(tmpfile.path, dest)
+      end
+      def restoring_older_rules(filename)
+        files = %W[#{filename}-backup #{filename}]
+        files.each do |f|
+          next unless File.exist?(f) || search_for_comment(f)
+          Iptables::Root.new.stop!
+          Msg.p "Found older rules #{f}, restoring..."
+          Helpers::Exec.new('iptables-restore').run(f)
+          return true
+        end
+        false
+      end
+      private
+      def search_iptables_config
+        case Nomansland.distro?
+        when :archlinux || :void
+          '/etc/iptables/iptables.rules'
+        when :debian
+          '/etc/iptables.up.rules'
+        when :gentoo
+          '/var/lib/iptables/rules-save'
+        else
+          Msg.report 'I don`t know where you distro save the rules for iptables yet'
+        end
+      end
+    end
+  end
+end

data/lib/spior/iptables/tor.rb CHANGED Viewed

@@ -1,58 +1,59 @@
+# frozen_string_literal: true
 module Spior
   module Iptables
+    # Make Local Redirection Through Tor.
     class Tor < Iptables::Root
       def initialize
         super
-        @tor     = Spior::Tor::Info.new
-        @non_tor = ["#{@lo_addr}/8", "192.168.0.0/16", "172.16.0.0/12", "10.0.0.0/8"]
-        @tables  = ["nat", "filter"]
+        @non_tor = %W[#{@lo_addr}/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8]
+        @tables  = %w[nat filter]
       end
       private
       def redirect
-        @tables.each { |table|
-          target = "ACCEPT"
-          target = "RETURN" if table == "nat"
+        Msg.p 'Redirecting local traffic though Tor...'
+        @tables.map do |table|
+          target = 'ACCEPT'
+          target = 'RETURN' if table == 'nat'
           ipt "-t #{table} -F OUTPUT"
           ipt "-t #{table} -A OUTPUT -m state --state ESTABLISHED -j #{target}"
-          ipt "-t #{table} -A OUTPUT -m owner --uid #{@tor.uid} -j #{target}"
+          ipt "-t #{table} -A OUTPUT -m owner --uid #{CONFIG.uid} -j #{target}"
-          match_dns_port = @tor.dns
-          if table == "nat"
-            target = "REDIRECT --to-ports #{@tor.dns}"
-            match_dns_port = "53"
+          match_dns_port = CONFIG.dns_port
+          if table == 'nat'
+            target = "REDIRECT --to-ports #{CONFIG.dns_port}"
+            match_dns_port = '53'
           end
           ipt "-t #{table} -A OUTPUT -p udp --dport #{match_dns_port} -j #{target}"
           ipt "-t #{table} -A OUTPUT -p tcp --dport #{match_dns_port} -j #{target}"
-          target = "REDIRECT --to-ports #{@tor.trans_port}" if table == "nat"
-          ipt "-t #{table} -A OUTPUT -d #{@tor.virt_addr} -p tcp -j #{target}"
+          target = "REDIRECT --to-ports #{CONFIG.trans_port}" if table == 'nat'
+          ipt "-t #{table} -A OUTPUT -d #{CONFIG.virt_addr} -p tcp -j #{target}"
-          target = "RETURN" if table == "nat"
-          @non_tor.each { |ip|
-            ipt "-t #{table} -A OUTPUT -d #{ip} -j #{target}"
-          }
+          target = 'RETURN' if table == 'nat'
+          @non_tor.each { |ip| ipt "-t #{table} -A OUTPUT -d #{ip} -j #{target}" }
-          target = "REDIRECT --to-ports #{@tor.trans_port}" if table == "nat"
+          target = "REDIRECT --to-ports #{CONFIG.trans_port}" if table == 'nat'
           ipt "-t #{table} -A OUTPUT -p tcp -j #{target}"
-        }
+        end
       end
       def input
         # SSH
-        ipt "-A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT"
+        ipt '-A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT'
         # Allow loopback
         ipt "-A INPUT -i #{@lo} -j ACCEPT"
         # Accept related
-        ipt "-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT"
+        ipt '-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT'
       end
       def all
-        ipt "-t filter -A OUTPUT -p udp -j REJECT"
-        ipt "-t filter -A OUTPUT -p icmp -j REJECT"
+        ipt '-t filter -A OUTPUT -p udp -j REJECT'
+        ipt '-t filter -A OUTPUT -p icmp -j REJECT'
       end
     end
   end

data/lib/spior/iptables.rb CHANGED Viewed

@@ -1,4 +1,7 @@
+# frozen_string_literal: true
 module Spior
+  # Interact with iptables
   module Iptables
   end
 end
@@ -6,3 +9,4 @@ end
 require_relative 'iptables/root'
 require_relative 'iptables/tor'
 require_relative 'iptables/default'
+require_relative 'iptables/rules'

data/lib/spior/ipv6.rb ADDED Viewed

@@ -0,0 +1,35 @@
+# lib/ipv6.rb
+# frozen_string_literal: true
+require 'auth'
+module Spior
+  # Block or Allow ipv6 traffic with sysctl
+  class Ipv6
+    def initialize
+      @changed = false
+    end
+    def allow
+      apply_option('net.ipv6.conf.all.disable_ipv6', '0')
+      apply_option('net.ipv6.conf.default.disable_ipv6', '0')
+      Msg.p 'ipv6 allowed' if @changed
+    end
+    def block
+      apply_option('net.ipv6.conf.all.disable_ipv6', '1')
+      apply_option('net.ipv6.conf.default.disable_ipv6', '1')
+      Msg.p 'ipv6 blocked' if @changed
+    end
+    private
+    def apply_option(flag, value)
+      flag_path = flag.gsub('.', '/')
+      return unless File.exist?("/proc/sys/#{flag_path}")
+      Auth.new.sysctl(flag, value)
+      @changed = true
+    end
+  end
+end

data/lib/spior/menu.rb CHANGED Viewed

@@ -1,43 +1,37 @@
+# frozen_string_literal: true
 module Spior
+  # Build an interactive menu for spior
   module Menu
-    extend self
-    def run
-      banner
+    def self.run
       loop do
         Msg.head
-        puts %q{Please select an option:
+        puts 'Please select an option:
-  1. Redirect traffic through tor
-  2. Reload tor and change your ip
-  3. Clear and restore your files
-  4. Check info on your current ip
-  5. Quit}
+  1. Redirect traffic through Tor
+  2. Reload Spior and change your IP
+  3. Stop Tor and use a clearnet navigation
+  4. Check info on your current IP
+  5. Install all the dependencies
+  6. Quit'
         puts
-        print ">> "
+        print '>> '
         case gets.chomp
         when '1'
-          Spior::Iptables::Tor.new.run!
+          Service.start
         when '2'
-          Spior::Serice.restart
+          Service.restart
         when '3'
-          Spior::Clear.all
+          Service.stop
         when '4'
-          Spior::Status.info
+          Status.info
         when '5'
+          Dep.looking
+        else
           exit
         end
       end
     end
-    private
-    def banner
-      puts "┏━┓┏━┓╻┏━┓┏━┓"
-      puts "┗━┓┣━┛┃┃ ┃┣┳┛"
-      puts "┗━┛╹  ╹┗━┛╹┗╸"
-      # generated with toilet -F crop -f future spior
-    end
   end
 end

data/lib/spior/msg.rb CHANGED Viewed

@@ -1,28 +1,50 @@
+# frozen_string_literal: true
 require 'rainbow'
+# Used to display various message
 module Msg
-  extend self
+  module_function
+  def banner
+    puts
+    puts '┏━┓┏━┓╻┏━┓┏━┓'
+    puts '┗━┓┣━┛┃┃ ┃┣┳┛'
+    puts '┗━┛╹  ╹┗━┛╹┗╸'
+    puts
+    # generated with toilet -F crop -f future spior
+  end
   def head
-    puts Rainbow("------------------------------------------------").cyan
+    puts Rainbow('------------------------------------------------').cyan
   end
   def p(text)
-    puts Rainbow("[").cyan + Rainbow("+").white + Rainbow("]").cyan + " " + text
+    opn = Rainbow('[').cyan
+    msg = Rainbow('+').white
+    cls = Rainbow(']').cyan
+    puts "#{opn}#{msg}#{cls} #{text}"
   end
   def err(text)
-    puts Rainbow("[").red + Rainbow("-").white + Rainbow("]").red + " " + text
+    opn = Rainbow('[').red
+    msg = Rainbow('-').white
+    cls = Rainbow(']').red
+    puts "#{opn}#{msg}#{cls} #{text}"
   end
   def info(text)
-    puts Rainbow("-").blue + Rainbow("-").white + Rainbow("-").blue + " " + text + " " + Rainbow("-").blue + Rainbow("-").white + Rainbow("-").blue
+    one = Rainbow('_').blue
+    two = Rainbow('-').white
+    thr = Rainbow('_').blue
+    puts "#{one}#{two}#{thr} #{text} #{one}#{two}#{thr}"
   end
   def report(text)
-    puts ""
+    puts
     info text
-    puts "Please, report this issue at https://github.com/szorfein/spior/issues"
-    puts ""
+    puts 'Please, report this issue at https://github.com/szorfein/spior/issues'
+    puts
+    exit 1
   end
 end

data/lib/spior/options.rb CHANGED Viewed

@@ -1,13 +1,11 @@
+# frozen_string_literal: true
 require 'optparse'
 module Spior
+  # Options for the CLI
   class Options
-    attr_reader :install , :tor , :persist
     def initialize(argv)
-      @install = false
-      @tor = false
-      @persist = false
       parse(argv)
     end
@@ -15,46 +13,46 @@ module Spior
     def parse(argv)
       OptionParser.new do |opts|
-        opts.on("-i", "--install", "Install the dependencies") do
-          @install = true
+        opts.on('-i', '--install', 'Install the dependencies.') do
+          Dep.looking
         end
-        opts.on("-t", "--tor", "Redirect traffic through TOR") do
-          @tor = true
+        opts.on('-t', '--tor', 'Redirect traffic through TOR.') do
+          Service.start
         end
-        opts.on("-r", "--reload", "Reload TOR to change your ip") do
-          Spior::Service.restart
+        opts.on('-r', '--reload', 'Reload TOR to change your IP.') do
+          Service.restart
           exit
         end
-        opts.on("-c", "--clearnet", "Reset iptables and return to clearnet navigation") do
-          Spior::Clear.all
+        opts.on('-c', '--clearnet', 'Reset iptables and return to clearnet navigation.') do
+          Service.stop
         end
-        opts.on("-s", "--status", "Look infos about your current ip") do
-          Spior::Status.info
+        opts.on('-s', '--status', 'Look infos about your current IP.') do
+          Status.info
           exit
         end
-        opts.on("-p", "--persist", "Active Spior at every boot.") do
-          @persist = true
+        opts.on('-p', '--persist', 'Active Spior at every boot.') do
+          Service::Enable.new
         end
-        opts.on("-m", "--menu", "Display an interactive menu") do
-          Spior::Menu.run
+        opts.on('-m', '--menu', 'Display an interactive menu.') do
+          Menu.run
         end
-        opts.on("-h", "--help", "Show this message") do
+        opts.on('-h', '--help', 'Show this message.') do
           puts opts
           exit
         end
         begin
-          argv = ["-m"] if argv.empty?
+          argv = ['-m'] if argv.empty?
           opts.parse!(argv)
         rescue OptionParser::ParseError => e
-          STDERR.puts e.message, "\n", opts
+          warn e.message, "\n", opts
           exit(-1)
         end
       end

data/lib/spior/service/enable.rb ADDED Viewed

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+require 'nomansland'
+module Spior
+  # Service make Spior persistent using services on system like iptables and tor
+  module Service
+    # Enable the Tor redirection when you boot your system
+    #
+    # It should use and enable the services:
+    # + tor
+    # + iptables
+    class Enable
+      def initialize
+        case Nomansland.distro?
+        when :gentoo
+          for_gentoo
+        when :archlinux
+          for_arch
+        else
+          Msg.report 'Your distro is not yet supported.'
+        end
+      end
+      protected
+      def for_gentoo
+        Iptables::Rules.new.save
+        case Nomansland.init?
+        when :systemd
+          systemd_enable('iptables-restore', 'tor')
+        when :openrc
+          rc_upd = Helpers::Exec.new('rc-update')
+          rc_upd.run('rc-update add iptables boot')
+          rc_upd.run('rc-update add tor')
+          rc_upd.run('rc-update add tor default')
+        else
+          Msg.report 'Init no yet supported for start Iptables at boot'
+        end
+      end
+      def for_arch
+        Iptables::Rules.new.save
+        Tor::Config.new(Tempfile.new('torrc')).backup
+        systemd_enable('iptables', 'tor')
+        Msg.p 'Services enabled for Archlinux...'
+      end
+      private
+      def systemd_enable(*services)
+        systemctl = Helpers::Exec.new('systemctl')
+        services.each do |s|
+          Msg.p "Search for service #{s}..."
+          systemctl.run("enable #{s}") unless system("systemctl is-enabled #{s}")
+        end
+      end
+      def systemd_start(service)
+        systemctl = Helpers::Exec.new('systemctl')
+        Msg.p "Search for service #{service}..."
+        systemctl.run("start #{service}") unless system("systemctl is-active #{service}")
+      end
+    end
+  end
+end

data/lib/spior/service/restart.rb CHANGED Viewed

@@ -1,21 +1,14 @@
-require 'tty-which'
+# frozen_string_literal: true
 module Spior
+  # Interact with Spior::Tor and Spior::Iptables
   module Service
     module_function
     def restart
-      if TTY::Which.exist?('systemctl')
-        Helpers::Exec.new("systemctl").run("restart tor")
-        Msg.p "ip changed."
-      elsif TTY::Which.exist? 'sv'
-        Helpers::Exec.new('sv').run('restart tor')
-        Msg.p 'ip changed.'
-      elsif File.exist? '/etc/init.d/tor'
-        Helpers::Exec.new('/etc/init.d/tor').run('restart')
-      else
-        Msg.report "Don't known yet how to restart Tor for your system."
-      end
+      Service.stop(clean: false)
+      Service.start
+      Msg.p 'ip changed.'
     end
   end
 end

data/lib/spior/service/start.rb CHANGED Viewed

@@ -1,26 +1,16 @@
-require 'tty-which'
+# frozen_string_literal: true
 module Spior
+  # Interact with Spior::Tor and Spior::Iptables
   module Service
     module_function
+    # Service.start should start Tor if not alrealy running
+    # And start to redirect the local traffic with Iptables
     def start
-      if TTY::Which.exist?('systemctl')
-        state = `systemctl is-active tor`.chomp
-        unless state == 'active'
-          Helpers::Exec.new("systemctl").run("start tor")
-          Msg.p "TOR started."
-        end
-      elsif TTY::Which.exist? 'sv'
-        unless File.exist? '/var/service/tor'
-          Helpers::Exec.new('ln').run('-s /etc/sv/tor /var/service/tor')
-          Msg.p "TOR started."
-        end
-      elsif File.exist? '/etc/init.d/tor'
-        Helpers::Exec.new('/etc/init.d/tor').run('start')
-      else
-        Msg.report "Don't known yet how to start Tor for your system."
-      end
+      Tor::Start.new
+      Iptables::Tor.new.run!
+      Ipv6.new.block
     end
   end
 end

data/lib/spior/service/stop.rb ADDED Viewed

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+module Spior
+  # Interact with Spior::Tor and Spior::Iptables
+  module Service
+    module_function
+    def stop(clean: true)
+      Tor::Stop.new
+      Iptables::Rules.new.restore if clean
+      Ipv6.new.allow if clean
+    end
+  end
+end

data/lib/spior/service.rb CHANGED Viewed

@@ -1,7 +1,12 @@
+# frozen_string_literal: true
 module Spior
+  # Service should start/stop/restart Tor and Iptable.
   module Service
   end
 end
 require_relative 'service/start'
+require_relative 'service/stop'
 require_relative 'service/restart'
+require_relative 'service/enable'

data/lib/spior/status.rb CHANGED Viewed

@@ -1,38 +1,46 @@
+# frozen_string_literal: true
 require 'open-uri'
 require 'json'
 module Spior
+  # Status display information on your current IP addresse
+  #
+  # If you use an IPV6 address, it should fail to display a Tor IP...
   module Status
+    # Check on https://check.torproject.org/api/ip if Tor is enable or not
+    # and display the result.
     def self.enable
-      begin
-        status = "Disable"
-        api_check = "https://check.torproject.org/api/ip"
-        URI.open(api_check) do |l|
-          hash = JSON.parse l.read
-          status = "Enable" if hash["IsTor"] == true
-        end
-        status
-      rescue OpenURI::HTTPError => error
-        res = error.io
-        puts "Fail to join server #{res.status}"
+      status = 'Disable'
+      URI.open('https://check.torproject.org/api/ip') do |l|
+        hash = JSON.parse l.read
+        status = 'Enable' if hash['IsTor'] == true
       end
+      status
+    rescue OpenURI::HTTPError => e
+      res = e.io
+      puts "Fail to join server #{res.status}"
     end
+    # info check and display information from https://ipleak.net/json
+    #
+    # Check for:
+    # * +ip+
+    # * +continent_name+
+    # * +time_zone+
+    #
+    # We can add later info on City/Region or other things.
     def self.info
-      begin
-        api_check = "https://ipleak.net/json"
-        URI.open(api_check) do |l|
-          hash = JSON.parse l.read
-          puts
-          puts " Current ip  ===>  #{hash["ip"]}"
-          puts " Continent   ===>  #{hash["continent_name"]}"
-          puts " Timezone    ===>  #{hash["time_zone"]}"
-        end
-        puts " Status      ===>  #{enable}"
-      rescue OpenURI::HTTPError => error
-        res = error.io
-        puts "Fail to join server #{res.status}"
+      URI.open('https://ipleak.net/json') do |l|
+        hash = JSON.parse l.read
+        puts "  Current ip  ===>  #{hash['ip']}"
+        puts "  Continent   ===>  #{hash['continent_name']}"
+        puts "  Timezone    ===>  #{hash['time_zone']}"
       end
+      puts "  Status      ===>  #{enable}"
+    rescue OpenURI::HTTPError => e
+      res = e.io
+      puts "Fail to join server #{res.status}"
     end
   end
 end