RubyGems - spior - Versions diffs - 0.1.6 → 0.3.5 - Mend

spior 0.1.6 → 0.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (44) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data/.github/workflows/rubocop-analysis.yml +47 -0
data/.gitignore +1 -0
data/CHANGELOG.md +21 -0
data/Gemfile +5 -0
data/README.md +13 -3
data/Rakefile +20 -9
data/bin/spior +1 -0
data/lib/auth.rb +46 -0
data/lib/spior/dep.rb +38 -23
data/lib/spior/helpers.rb +22 -25
data/lib/spior/iptables/default.rb +19 -13
data/lib/spior/iptables/root.rb +37 -37
data/lib/spior/iptables/rules.rb +103 -0
data/lib/spior/iptables/tor.rb +24 -23
data/lib/spior/iptables.rb +4 -0
data/lib/spior/ipv6.rb +35 -0
data/lib/spior/menu.rb +18 -24
data/lib/spior/msg.rb +30 -8
data/lib/spior/options.rb +20 -22
data/lib/spior/service/enable.rb +66 -0
data/lib/spior/service/restart.rb +5 -12
data/lib/spior/service/start.rb +7 -17
data/lib/spior/service/stop.rb +14 -0
data/lib/spior/service.rb +5 -0
data/lib/spior/status.rb +32 -24
data/lib/spior/tor/config.rb +137 -0
data/lib/spior/tor/data.rb +53 -0
data/lib/spior/tor/start.rb +65 -0
data/lib/spior/tor/stop.rb +53 -0
data/lib/spior/tor.rb +7 -1
data/lib/spior/version.rb +3 -1
data/lib/spior.rb +18 -23
data/spior.gemspec +24 -21
data/test/test_install.rb +2 -2
data/test/test_options.rb +2 -0
data.tar.gz.sig +2 -2
metadata +59 -51
metadata.gz.sig +0 -0
data/lib/spior/clear.rb +0 -35
data/lib/spior/copy.rb +0 -84
data/lib/spior/persist.rb +0 -51
data/lib/spior/tor/info.rb +0 -96

data/lib/spior/iptables/rules.rb ADDED Viewed

@@ -0,0 +1,103 @@
+# frozen_string_literal: true
+require 'tempfile'
+require 'fileutils'
+require 'nomansland'
+module Spior
+  module Iptables
+    # Iptables::Rules, used to save or restore iptables rules
+    class Rules
+      def initialize
+        @tmp_iptables_rules = Tempfile.new('iptables_rules')
+        @tmp_spior_rules = Tempfile.new('spior_rules')
+        @save_path = search_iptables_config
+      end
+      def save
+        save_rules(@tmp_iptables_rules)
+        insert_comment(@tmp_spior_rules, @tmp_iptables_rules)
+        create_file(@tmp_spior_rules, @save_path)
+        Msg.p "Iptables rules saved at #{@save_path}"
+      end
+      def restore
+        return if restoring_older_rules(@save_path)
+        Msg.p 'Adding clearnet navigation...'
+        Iptables::Default.new.run!
+      end
+      protected
+      def save_rules(tmp_file)
+        Msg.p 'Saving Iptables rules...'
+        Helpers::Exec.new('iptables-save').run("> #{tmp_file.path}")
+      end
+      def insert_comment(spior_file, iptable_file)
+        outfile = File.open(spior_file.path, 'w')
+        outfile.puts '# Rules saved by Spior.'
+        outfile.puts(File.read(iptable_file.path))
+        outfile.close
+      end
+      def search_for_comment(filename)
+        File.open(filename) do |f|
+          f.each do |line|
+            return true if line.match(/saved by Spior/)
+          end
+        end
+        false
+      end
+      def move(src, dest)
+        if Process::Sys.getuid == '0'
+          FileUtils.mv(src, dest)
+        else
+          Helpers::Exec.new('mv').run("#{src} #{dest}")
+        end
+      end
+      def create_file(tmpfile, dest)
+        if File.exist? dest
+          if search_for_comment(dest)
+            Msg.p "Older Spior rules found #{dest}, erasing..."
+          else
+            Msg.p "File exist #{dest}, create backup #{dest}-backup..."
+            move(dest, "#{dest}-backup")
+          end
+        end
+        move(tmpfile.path, dest)
+      end
+      def restoring_older_rules(filename)
+        files = %W[#{filename}-backup #{filename}]
+        files.each do |f|
+          next unless File.exist?(f) || search_for_comment(f)
+          Iptables::Root.new.stop!
+          Msg.p "Found older rules #{f}, restoring..."
+          Helpers::Exec.new('iptables-restore').run(f)
+          return true
+        end
+        false
+      end
+      private
+      def search_iptables_config
+        case Nomansland.distro?
+        when :archlinux || :void
+          '/etc/iptables/iptables.rules'
+        when :debian
+          '/etc/iptables.up.rules'
+        when :gentoo
+          '/var/lib/iptables/rules-save'
+        else
+          Msg.report 'I don`t know where you distro save the rules for iptables yet'
+        end
+      end
+    end
+  end
+end

data/lib/spior/iptables/tor.rb CHANGED Viewed

@@ -1,58 +1,59 @@
+# frozen_string_literal: true
 module Spior
   module Iptables
+    # Make Local Redirection Through Tor.
     class Tor < Iptables::Root
       def initialize
         super
-        @tor     = Spior::Tor::Info.new
-        @non_tor = ["#{@lo_addr}/8", "192.168.0.0/16", "172.16.0.0/12", "10.0.0.0/8"]
-        @tables  = ["nat", "filter"]
+        @non_tor = %W[#{@lo_addr}/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8]
+        @tables  = %w[nat filter]
       end
       private
       def redirect
-        @tables.each { |table|
-          target = "ACCEPT"
-          target = "RETURN" if table == "nat"
+        Msg.p 'Redirecting local traffic though Tor...'
+        @tables.map do |table|
+          target = 'ACCEPT'
+          target = 'RETURN' if table == 'nat'
           ipt "-t #{table} -F OUTPUT"
           ipt "-t #{table} -A OUTPUT -m state --state ESTABLISHED -j #{target}"
-          ipt "-t #{table} -A OUTPUT -m owner --uid #{@tor.uid} -j #{target}"
+          ipt "-t #{table} -A OUTPUT -m owner --uid #{CONFIG.uid} -j #{target}"
-          match_dns_port = @tor.dns
-          if table == "nat"
-            target = "REDIRECT --to-ports #{@tor.dns}"
-            match_dns_port = "53"
+          match_dns_port = CONFIG.dns_port
+          if table == 'nat'
+            target = "REDIRECT --to-ports #{CONFIG.dns_port}"
+            match_dns_port = '53'
           end
           ipt "-t #{table} -A OUTPUT -p udp --dport #{match_dns_port} -j #{target}"
           ipt "-t #{table} -A OUTPUT -p tcp --dport #{match_dns_port} -j #{target}"
-          target = "REDIRECT --to-ports #{@tor.trans_port}" if table == "nat"
-          ipt "-t #{table} -A OUTPUT -d #{@tor.virt_addr} -p tcp -j #{target}"
+          target = "REDIRECT --to-ports #{CONFIG.trans_port}" if table == 'nat'
+          ipt "-t #{table} -A OUTPUT -d #{CONFIG.virt_addr} -p tcp -j #{target}"
-          target = "RETURN" if table == "nat"
-          @non_tor.each { |ip|
-            ipt "-t #{table} -A OUTPUT -d #{ip} -j #{target}"
-          }
+          target = 'RETURN' if table == 'nat'
+          @non_tor.each { |ip| ipt "-t #{table} -A OUTPUT -d #{ip} -j #{target}" }
-          target = "REDIRECT --to-ports #{@tor.trans_port}" if table == "nat"
+          target = "REDIRECT --to-ports #{CONFIG.trans_port}" if table == 'nat'
           ipt "-t #{table} -A OUTPUT -p tcp -j #{target}"
-        }
+        end
       end
       def input
         # SSH
-        ipt "-A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT"
+        ipt '-A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT'
         # Allow loopback
         ipt "-A INPUT -i #{@lo} -j ACCEPT"
         # Accept related
-        ipt "-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT"
+        ipt '-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT'
       end
       def all
-        ipt "-t filter -A OUTPUT -p udp -j REJECT"
-        ipt "-t filter -A OUTPUT -p icmp -j REJECT"
+        ipt '-t filter -A OUTPUT -p udp -j REJECT'
+        ipt '-t filter -A OUTPUT -p icmp -j REJECT'
       end
     end
   end

data/lib/spior/iptables.rb CHANGED Viewed

@@ -1,4 +1,7 @@
+# frozen_string_literal: true
 module Spior
+  # Interact with iptables
   module Iptables
   end
 end
@@ -6,3 +9,4 @@ end
 require_relative 'iptables/root'
 require_relative 'iptables/tor'
 require_relative 'iptables/default'
+require_relative 'iptables/rules'

data/lib/spior/ipv6.rb ADDED Viewed

@@ -0,0 +1,35 @@
+# lib/ipv6.rb
+# frozen_string_literal: true
+require 'auth'
+module Spior
+  # Block or Allow ipv6 traffic with sysctl
+  class Ipv6
+    def initialize
+      @changed = false
+    end
+    def allow
+      apply_option('net.ipv6.conf.all.disable_ipv6', '0')
+      apply_option('net.ipv6.conf.default.disable_ipv6', '0')
+      Msg.p 'ipv6 allowed' if @changed
+    end
+    def block
+      apply_option('net.ipv6.conf.all.disable_ipv6', '1')
+      apply_option('net.ipv6.conf.default.disable_ipv6', '1')
+      Msg.p 'ipv6 blocked' if @changed
+    end
+    private
+    def apply_option(flag, value)
+      flag_path = flag.gsub('.', '/')
+      return unless File.exist?("/proc/sys/#{flag_path}")
+      Auth.new.sysctl(flag, value)
+      @changed = true
+    end
+  end
+end

data/lib/spior/menu.rb CHANGED Viewed

@@ -1,43 +1,37 @@
+# frozen_string_literal: true
 module Spior
+  # Build an interactive menu for spior
   module Menu
-    extend self
-    def run
-      banner
+    def self.run
       loop do
         Msg.head
-        puts %q{Please select an option:
+        puts 'Please select an option:
-  1. Redirect traffic through tor
-  2. Reload tor and change your ip
-  3. Clear and restore your files
-  4. Check info on your current ip
-  5. Quit}
+  1. Redirect traffic through Tor
+  2. Reload Spior and change your IP
+  3. Stop Tor and use a clearnet navigation
+  4. Check info on your current IP
+  5. Install all the dependencies
+  6. Quit'
         puts
-        print ">> "
+        print '>> '
         case gets.chomp
         when '1'
-          Spior::Iptables::Tor.new.run!
+          Service.start
         when '2'
-          Spior::Serice.restart
+          Service.restart
         when '3'
-          Spior::Clear.all
+          Service.stop
         when '4'
-          Spior::Status.info
+          Status.info
         when '5'
+          Dep.looking
+        else
           exit
         end
       end
     end
-    private
-    def banner
-      puts "┏━┓┏━┓╻┏━┓┏━┓"
-      puts "┗━┓┣━┛┃┃ ┃┣┳┛"
-      puts "┗━┛╹  ╹┗━┛╹┗╸"
-      # generated with toilet -F crop -f future spior
-    end
   end
 end

data/lib/spior/msg.rb CHANGED Viewed

@@ -1,28 +1,50 @@
+# frozen_string_literal: true
 require 'rainbow'
+# Used to display various message
 module Msg
-  extend self
+  module_function
+  def banner
+    puts
+    puts '┏━┓┏━┓╻┏━┓┏━┓'
+    puts '┗━┓┣━┛┃┃ ┃┣┳┛'
+    puts '┗━┛╹  ╹┗━┛╹┗╸'
+    puts
+    # generated with toilet -F crop -f future spior
+  end
   def head
-    puts Rainbow("------------------------------------------------").cyan
+    puts Rainbow('------------------------------------------------').cyan
   end
   def p(text)
-    puts Rainbow("[").cyan + Rainbow("+").white + Rainbow("]").cyan + " " + text
+    opn = Rainbow('[').cyan
+    msg = Rainbow('+').white
+    cls = Rainbow(']').cyan
+    puts "#{opn}#{msg}#{cls} #{text}"
   end
   def err(text)
-    puts Rainbow("[").red + Rainbow("-").white + Rainbow("]").red + " " + text
+    opn = Rainbow('[').red
+    msg = Rainbow('-').white
+    cls = Rainbow(']').red
+    puts "#{opn}#{msg}#{cls} #{text}"
   end
   def info(text)
-    puts Rainbow("-").blue + Rainbow("-").white + Rainbow("-").blue + " " + text + " " + Rainbow("-").blue + Rainbow("-").white + Rainbow("-").blue
+    one = Rainbow('_').blue
+    two = Rainbow('-').white
+    thr = Rainbow('_').blue
+    puts "#{one}#{two}#{thr} #{text} #{one}#{two}#{thr}"
   end
   def report(text)
-    puts ""
+    puts
     info text
-    puts "Please, report this issue at https://github.com/szorfein/spior/issues"
-    puts ""
+    puts 'Please, report this issue at https://github.com/szorfein/spior/issues'
+    puts
+    exit 1
   end
 end

data/lib/spior/options.rb CHANGED Viewed

@@ -1,13 +1,11 @@
+# frozen_string_literal: true
 require 'optparse'
 module Spior
+  # Options for the CLI
   class Options
-    attr_reader :install , :tor , :persist
     def initialize(argv)
-      @install = false
-      @tor = false
-      @persist = false
       parse(argv)
     end
@@ -15,46 +13,46 @@ module Spior
     def parse(argv)
       OptionParser.new do |opts|
-        opts.on("-i", "--install", "Install the dependencies") do
-          @install = true
+        opts.on('-i', '--install', 'Install the dependencies.') do
+          Dep.looking
         end
-        opts.on("-t", "--tor", "Redirect traffic through TOR") do
-          @tor = true
+        opts.on('-t', '--tor', 'Redirect traffic through TOR.') do
+          Service.start
         end
-        opts.on("-r", "--reload", "Reload TOR to change your ip") do
-          Spior::Service.restart
+        opts.on('-r', '--reload', 'Reload TOR to change your IP.') do
+          Service.restart
           exit
         end
-        opts.on("-c", "--clearnet", "Reset iptables and return to clearnet navigation") do
-          Spior::Clear.all
+        opts.on('-c', '--clearnet', 'Reset iptables and return to clearnet navigation.') do
+          Service.stop
         end
-        opts.on("-s", "--status", "Look infos about your current ip") do
-          Spior::Status.info
+        opts.on('-s', '--status', 'Look infos about your current IP.') do
+          Status.info
           exit
         end
-        opts.on("-p", "--persist", "Active Spior at every boot.") do
-          @persist = true
+        opts.on('-p', '--persist', 'Active Spior at every boot.') do
+          Service::Enable.new
         end
-        opts.on("-m", "--menu", "Display an interactive menu") do
-          Spior::Menu.run
+        opts.on('-m', '--menu', 'Display an interactive menu.') do
+          Menu.run
         end
-        opts.on("-h", "--help", "Show this message") do
+        opts.on('-h', '--help', 'Show this message.') do
           puts opts
           exit
         end
         begin
-          argv = ["-m"] if argv.empty?
+          argv = ['-m'] if argv.empty?
           opts.parse!(argv)
         rescue OptionParser::ParseError => e
-          STDERR.puts e.message, "\n", opts
+          warn e.message, "\n", opts
           exit(-1)
         end
       end

data/lib/spior/service/enable.rb ADDED Viewed

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+require 'nomansland'
+module Spior
+  # Service make Spior persistent using services on system like iptables and tor
+  module Service
+    # Enable the Tor redirection when you boot your system
+    #
+    # It should use and enable the services:
+    # + tor
+    # + iptables
+    class Enable
+      def initialize
+        case Nomansland.distro?
+        when :gentoo
+          for_gentoo
+        when :archlinux
+          for_arch
+        else
+          Msg.report 'Your distro is not yet supported.'
+        end
+      end
+      protected
+      def for_gentoo
+        Iptables::Rules.new.save
+        case Nomansland.init?
+        when :systemd
+          systemd_enable('iptables-restore', 'tor')
+        when :openrc
+          rc_upd = Helpers::Exec.new('rc-update')
+          rc_upd.run('rc-update add iptables boot')
+          rc_upd.run('rc-update add tor')
+          rc_upd.run('rc-update add tor default')
+        else
+          Msg.report 'Init no yet supported for start Iptables at boot'
+        end
+      end
+      def for_arch
+        Iptables::Rules.new.save
+        Tor::Config.new(Tempfile.new('torrc')).backup
+        systemd_enable('iptables', 'tor')
+        Msg.p 'Services enabled for Archlinux...'
+      end
+      private
+      def systemd_enable(*services)
+        systemctl = Helpers::Exec.new('systemctl')
+        services.each do |s|
+          Msg.p "Search for service #{s}..."
+          systemctl.run("enable #{s}") unless system("systemctl is-enabled #{s}")
+        end
+      end
+      def systemd_start(service)
+        systemctl = Helpers::Exec.new('systemctl')
+        Msg.p "Search for service #{service}..."
+        systemctl.run("start #{service}") unless system("systemctl is-active #{service}")
+      end
+    end
+  end
+end

data/lib/spior/service/restart.rb CHANGED Viewed

@@ -1,21 +1,14 @@
-require 'tty-which'
+# frozen_string_literal: true
 module Spior
+  # Interact with Spior::Tor and Spior::Iptables
   module Service
     module_function
     def restart
-      if TTY::Which.exist?('systemctl')
-        Helpers::Exec.new("systemctl").run("restart tor")
-        Msg.p "ip changed."
-      elsif TTY::Which.exist? 'sv'
-        Helpers::Exec.new('sv').run('restart tor')
-        Msg.p 'ip changed.'
-      elsif File.exist? '/etc/init.d/tor'
-        Helpers::Exec.new('/etc/init.d/tor').run('restart')
-      else
-        Msg.report "Don't known yet how to restart Tor for your system."
-      end
+      Service.stop(clean: false)
+      Service.start
+      Msg.p 'ip changed.'
     end
   end
 end

data/lib/spior/service/start.rb CHANGED Viewed

@@ -1,26 +1,16 @@
-require 'tty-which'
+# frozen_string_literal: true
 module Spior
+  # Interact with Spior::Tor and Spior::Iptables
   module Service
     module_function
+    # Service.start should start Tor if not alrealy running
+    # And start to redirect the local traffic with Iptables
     def start
-      if TTY::Which.exist?('systemctl')
-        state = `systemctl is-active tor`.chomp
-        unless state == 'active'
-          Helpers::Exec.new("systemctl").run("start tor")
-          Msg.p "TOR started."
-        end
-      elsif TTY::Which.exist? 'sv'
-        unless File.exist? '/var/service/tor'
-          Helpers::Exec.new('ln').run('-s /etc/sv/tor /var/service/tor')
-          Msg.p "TOR started."
-        end
-      elsif File.exist? '/etc/init.d/tor'
-        Helpers::Exec.new('/etc/init.d/tor').run('start')
-      else
-        Msg.report "Don't known yet how to start Tor for your system."
-      end
+      Tor::Start.new
+      Iptables::Tor.new.run!
+      Ipv6.new.block
     end
   end
 end

data/lib/spior/service/stop.rb ADDED Viewed

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+module Spior
+  # Interact with Spior::Tor and Spior::Iptables
+  module Service
+    module_function
+    def stop(clean: true)
+      Tor::Stop.new
+      Iptables::Rules.new.restore if clean
+      Ipv6.new.allow if clean
+    end
+  end
+end

data/lib/spior/service.rb CHANGED Viewed

@@ -1,7 +1,12 @@
+# frozen_string_literal: true
 module Spior
+  # Service should start/stop/restart Tor and Iptable.
   module Service
   end
 end
 require_relative 'service/start'
+require_relative 'service/stop'
 require_relative 'service/restart'
+require_relative 'service/enable'

data/lib/spior/status.rb CHANGED Viewed

@@ -1,38 +1,46 @@
+# frozen_string_literal: true
 require 'open-uri'
 require 'json'
 module Spior
+  # Status display information on your current IP addresse
+  #
+  # If you use an IPV6 address, it should fail to display a Tor IP...
   module Status
+    # Check on https://check.torproject.org/api/ip if Tor is enable or not
+    # and display the result.
     def self.enable
-      begin
-        status = "Disable"
-        api_check = "https://check.torproject.org/api/ip"
-        URI.open(api_check) do |l|
-          hash = JSON.parse l.read
-          status = "Enable" if hash["IsTor"] == true
-        end
-        status
-      rescue OpenURI::HTTPError => error
-        res = error.io
-        puts "Fail to join server #{res.status}"
+      status = 'Disable'
+      URI.open('https://check.torproject.org/api/ip') do |l|
+        hash = JSON.parse l.read
+        status = 'Enable' if hash['IsTor'] == true
       end
+      status
+    rescue OpenURI::HTTPError => e
+      res = e.io
+      puts "Fail to join server #{res.status}"
     end
+    # info check and display information from https://ipleak.net/json
+    #
+    # Check for:
+    # * +ip+
+    # * +continent_name+
+    # * +time_zone+
+    #
+    # We can add later info on City/Region or other things.
     def self.info
-      begin
-        api_check = "https://ipleak.net/json"
-        URI.open(api_check) do |l|
-          hash = JSON.parse l.read
-          puts
-          puts " Current ip  ===>  #{hash["ip"]}"
-          puts " Continent   ===>  #{hash["continent_name"]}"
-          puts " Timezone    ===>  #{hash["time_zone"]}"
-        end
-        puts " Status      ===>  #{enable}"
-      rescue OpenURI::HTTPError => error
-        res = error.io
-        puts "Fail to join server #{res.status}"
+      URI.open('https://ipleak.net/json') do |l|
+        hash = JSON.parse l.read
+        puts "  Current ip  ===>  #{hash['ip']}"
+        puts "  Continent   ===>  #{hash['continent_name']}"
+        puts "  Timezone    ===>  #{hash['time_zone']}"
       end
+      puts "  Status      ===>  #{enable}"
+    rescue OpenURI::HTTPError => e
+      res = e.io
+      puts "Fail to join server #{res.status}"
     end
   end
 end