zlown 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +86 -0
- data/Gemfile +4 -0
- data/Gemfile.lock +56 -0
- data/LICENSE +21 -0
- data/README.md +20 -0
- data/bin/zlown +4 -0
- data/etc/dnsmasq.conf +660 -0
- data/etc/hostapd/hostapd.conf +7 -0
- data/etc/rc.local +16 -0
- data/etc/systemd/system/zlown.service +15 -0
- data/lib/zlown/cli/app.rb +32 -0
- data/lib/zlown/cli/cli.rb +8 -0
- data/lib/zlown/cli/cmd/init_cmd.rb +12 -0
- data/lib/zlown/cli/cmd/run_cmd.rb +13 -0
- data/lib/zlown/cli/cmd/script_cmd.rb +25 -0
- data/lib/zlown/cli/cmd/systemctl_cmd.rb +50 -0
- data/lib/zlown/cli/cmd/version_cmd.rb +19 -0
- data/lib/zlown/cli/shared.rb +23 -0
- data/lib/zlown/core/core.rb +48 -0
- data/lib/zlown/daemon/daemon.rb +19 -0
- data/lib/zlown/script/script.rb +24 -0
- data/lib/zlown/systemctl/systemctl.rb +48 -0
- data/lib/zlown/version.rb +10 -0
- data/scripts/enable-rogue.sh +12 -0
- data/scripts/sniff-httpry.sh +4 -0
- data/scripts/sniff-ngrep.sh +4 -0
- data/scripts/wifi-power.sh +7 -0
- data/zlown.gemspec +30 -0
- metadata +157 -0
data/etc/dnsmasq.conf
ADDED
@@ -0,0 +1,660 @@
|
|
1
|
+
# Configuration file for dnsmasq.
|
2
|
+
#
|
3
|
+
# Format is one option per line, legal options are the same
|
4
|
+
# as the long options legal on the command line. See
|
5
|
+
# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
|
6
|
+
|
7
|
+
# Listen on this specific port instead of the standard DNS port
|
8
|
+
# (53). Setting this to zero completely disables DNS function,
|
9
|
+
# leaving only DHCP and/or TFTP.
|
10
|
+
#port=5353
|
11
|
+
|
12
|
+
# The following two options make you a better netizen, since they
|
13
|
+
# tell dnsmasq to filter out queries which the public DNS cannot
|
14
|
+
# answer, and which load the servers (especially the root servers)
|
15
|
+
# unnecessarily. If you have a dial-on-demand link they also stop
|
16
|
+
# these requests from bringing up the link unnecessarily.
|
17
|
+
|
18
|
+
# Never forward plain names (without a dot or domain part)
|
19
|
+
#domain-needed
|
20
|
+
# Never forward addresses in the non-routed address spaces.
|
21
|
+
#bogus-priv
|
22
|
+
|
23
|
+
# Uncomment these to enable DNSSEC validation and caching:
|
24
|
+
# (Requires dnsmasq to be built with DNSSEC option.)
|
25
|
+
#conf-file=%%PREFIX%%/share/dnsmasq/trust-anchors.conf
|
26
|
+
#dnssec
|
27
|
+
|
28
|
+
# Replies which are not DNSSEC signed may be legitimate, because the domain
|
29
|
+
# is unsigned, or may be forgeries. Setting this option tells dnsmasq to
|
30
|
+
# check that an unsigned reply is OK, by finding a secure proof that a DS
|
31
|
+
# record somewhere between the root and the domain does not exist.
|
32
|
+
# The cost of setting this is that even queries in unsigned domains will need
|
33
|
+
# one or more extra DNS queries to verify.
|
34
|
+
#dnssec-check-unsigned
|
35
|
+
|
36
|
+
# Uncomment this to filter useless windows-originated DNS requests
|
37
|
+
# which can trigger dial-on-demand links needlessly.
|
38
|
+
# Note that (amongst other things) this blocks all SRV requests,
|
39
|
+
# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk.
|
40
|
+
# This option only affects forwarding, SRV records originating for
|
41
|
+
# dnsmasq (via srv-host= lines) are not suppressed by it.
|
42
|
+
#filterwin2k
|
43
|
+
|
44
|
+
# Change this line if you want dns to get its upstream servers from
|
45
|
+
# somewhere other that /etc/resolv.conf
|
46
|
+
#resolv-file=
|
47
|
+
|
48
|
+
# By default, dnsmasq will send queries to any of the upstream
|
49
|
+
# servers it knows about and tries to favour servers to are known
|
50
|
+
# to be up. Uncommenting this forces dnsmasq to try each query
|
51
|
+
# with each server strictly in the order they appear in
|
52
|
+
# /etc/resolv.conf
|
53
|
+
#strict-order
|
54
|
+
|
55
|
+
# If you don't want dnsmasq to read /etc/resolv.conf or any other
|
56
|
+
# file, getting its servers from this file instead (see below), then
|
57
|
+
# uncomment this.
|
58
|
+
#no-resolv
|
59
|
+
|
60
|
+
# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
|
61
|
+
# files for changes and re-read them then uncomment this.
|
62
|
+
#no-poll
|
63
|
+
|
64
|
+
# Add other name servers here, with domain specs if they are for
|
65
|
+
# non-public domains.
|
66
|
+
#server=/localnet/192.168.0.1
|
67
|
+
|
68
|
+
# Example of routing PTR queries to nameservers: this will send all
|
69
|
+
# address->name queries for 192.168.3/24 to nameserver 10.1.2.3
|
70
|
+
#server=/3.168.192.in-addr.arpa/10.1.2.3
|
71
|
+
|
72
|
+
# Add local-only domains here, queries in these domains are answered
|
73
|
+
# from /etc/hosts or DHCP only.
|
74
|
+
#local=/localnet/
|
75
|
+
|
76
|
+
# Add domains which you want to force to an IP address here.
|
77
|
+
# The example below send any host in double-click.net to a local
|
78
|
+
# web-server.
|
79
|
+
#address=/double-click.net/127.0.0.1
|
80
|
+
|
81
|
+
# --address (and --server) work with IPv6 addresses too.
|
82
|
+
#address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83
|
83
|
+
|
84
|
+
# Add the IPs of all queries to yahoo.com, google.com, and their
|
85
|
+
# subdomains to the vpn and search ipsets:
|
86
|
+
#ipset=/yahoo.com/google.com/vpn,search
|
87
|
+
|
88
|
+
# You can control how dnsmasq talks to a server: this forces
|
89
|
+
# queries to 10.1.2.3 to be routed via eth1
|
90
|
+
# server=10.1.2.3@eth1
|
91
|
+
|
92
|
+
# and this sets the source (ie local) address used to talk to
|
93
|
+
# 10.1.2.3 to 192.168.1.1 port 55 (there must be a interface with that
|
94
|
+
# IP on the machine, obviously).
|
95
|
+
# server=10.1.2.3@192.168.1.1#55
|
96
|
+
|
97
|
+
# If you want dnsmasq to change uid and gid to something other
|
98
|
+
# than the default, edit the following lines.
|
99
|
+
#user=
|
100
|
+
#group=
|
101
|
+
|
102
|
+
# If you want dnsmasq to listen for DHCP and DNS requests only on
|
103
|
+
# specified interfaces (and the loopback) give the name of the
|
104
|
+
# interface (eg eth0) here.
|
105
|
+
# Repeat the line for more than one interface.
|
106
|
+
#interface=
|
107
|
+
# Or you can specify which interface _not_ to listen on
|
108
|
+
#except-interface=
|
109
|
+
# Or which to listen on by address (remember to include 127.0.0.1 if
|
110
|
+
# you use this.)
|
111
|
+
#listen-address=
|
112
|
+
# If you want dnsmasq to provide only DNS service on an interface,
|
113
|
+
# configure it as shown above, and then use the following line to
|
114
|
+
# disable DHCP and TFTP on it.
|
115
|
+
#no-dhcp-interface=
|
116
|
+
|
117
|
+
# On systems which support it, dnsmasq binds the wildcard address,
|
118
|
+
# even when it is listening on only some interfaces. It then discards
|
119
|
+
# requests that it shouldn't reply to. This has the advantage of
|
120
|
+
# working even when interfaces come and go and change address. If you
|
121
|
+
# want dnsmasq to really bind only the interfaces it is listening on,
|
122
|
+
# uncomment this option. About the only time you may need this is when
|
123
|
+
# running another nameserver on the same machine.
|
124
|
+
#bind-interfaces
|
125
|
+
|
126
|
+
# If you don't want dnsmasq to read /etc/hosts, uncomment the
|
127
|
+
# following line.
|
128
|
+
#no-hosts
|
129
|
+
# or if you want it to read another file, as well as /etc/hosts, use
|
130
|
+
# this.
|
131
|
+
#addn-hosts=/etc/banner_add_hosts
|
132
|
+
|
133
|
+
# Set this (and domain: see below) if you want to have a domain
|
134
|
+
# automatically added to simple names in a hosts-file.
|
135
|
+
#expand-hosts
|
136
|
+
|
137
|
+
# Set the domain for dnsmasq. this is optional, but if it is set, it
|
138
|
+
# does the following things.
|
139
|
+
# 1) Allows DHCP hosts to have fully qualified domain names, as long
|
140
|
+
# as the domain part matches this setting.
|
141
|
+
# 2) Sets the "domain" DHCP option thereby potentially setting the
|
142
|
+
# domain of all systems configured by DHCP
|
143
|
+
# 3) Provides the domain part for "expand-hosts"
|
144
|
+
#domain=thekelleys.org.uk
|
145
|
+
|
146
|
+
# Set a different domain for a particular subnet
|
147
|
+
#domain=wireless.thekelleys.org.uk,192.168.2.0/24
|
148
|
+
|
149
|
+
# Same idea, but range rather then subnet
|
150
|
+
#domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200
|
151
|
+
|
152
|
+
# Uncomment this to enable the integrated DHCP server, you need
|
153
|
+
# to supply the range of addresses available for lease and optionally
|
154
|
+
# a lease time. If you have more than one network, you will need to
|
155
|
+
# repeat this for each network on which you want to supply DHCP
|
156
|
+
# service.
|
157
|
+
#dhcp-range=192.168.0.50,192.168.0.150,12h
|
158
|
+
|
159
|
+
# This is an example of a DHCP range where the netmask is given. This
|
160
|
+
# is needed for networks we reach the dnsmasq DHCP server via a relay
|
161
|
+
# agent. If you don't know what a DHCP relay agent is, you probably
|
162
|
+
# don't need to worry about this.
|
163
|
+
#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
|
164
|
+
|
165
|
+
# This is an example of a DHCP range which sets a tag, so that
|
166
|
+
# some DHCP options may be set only for this network.
|
167
|
+
#dhcp-range=set:red,192.168.0.50,192.168.0.150
|
168
|
+
|
169
|
+
# Use this DHCP range only when the tag "green" is set.
|
170
|
+
#dhcp-range=tag:green,192.168.0.50,192.168.0.150,12h
|
171
|
+
|
172
|
+
# Specify a subnet which can't be used for dynamic address allocation,
|
173
|
+
# is available for hosts with matching --dhcp-host lines. Note that
|
174
|
+
# dhcp-host declarations will be ignored unless there is a dhcp-range
|
175
|
+
# of some type for the subnet in question.
|
176
|
+
# In this case the netmask is implied (it comes from the network
|
177
|
+
# configuration on the machine running dnsmasq) it is possible to give
|
178
|
+
# an explicit netmask instead.
|
179
|
+
#dhcp-range=192.168.0.0,static
|
180
|
+
|
181
|
+
# Enable DHCPv6. Note that the prefix-length does not need to be specified
|
182
|
+
# and defaults to 64 if missing/
|
183
|
+
#dhcp-range=1234::2, 1234::500, 64, 12h
|
184
|
+
|
185
|
+
# Do Router Advertisements, BUT NOT DHCP for this subnet.
|
186
|
+
#dhcp-range=1234::, ra-only
|
187
|
+
|
188
|
+
# Do Router Advertisements, BUT NOT DHCP for this subnet, also try and
|
189
|
+
# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack
|
190
|
+
# hosts. Use the DHCPv4 lease to derive the name, network segment and
|
191
|
+
# MAC address and assume that the host will also have an
|
192
|
+
# IPv6 address calculated using the SLAAC alogrithm.
|
193
|
+
#dhcp-range=1234::, ra-names
|
194
|
+
|
195
|
+
# Do Router Advertisements, BUT NOT DHCP for this subnet.
|
196
|
+
# Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.)
|
197
|
+
#dhcp-range=1234::, ra-only, 48h
|
198
|
+
|
199
|
+
# Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA
|
200
|
+
# so that clients can use SLAAC addresses as well as DHCP ones.
|
201
|
+
#dhcp-range=1234::2, 1234::500, slaac
|
202
|
+
|
203
|
+
# Do Router Advertisements and stateless DHCP for this subnet. Clients will
|
204
|
+
# not get addresses from DHCP, but they will get other configuration information.
|
205
|
+
# They will use SLAAC for addresses.
|
206
|
+
#dhcp-range=1234::, ra-stateless
|
207
|
+
|
208
|
+
# Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses
|
209
|
+
# from DHCPv4 leases.
|
210
|
+
#dhcp-range=1234::, ra-stateless, ra-names
|
211
|
+
|
212
|
+
# Do router advertisements for all subnets where we're doing DHCPv6
|
213
|
+
# Unless overriden by ra-stateless, ra-names, et al, the router
|
214
|
+
# advertisements will have the M and O bits set, so that the clients
|
215
|
+
# get addresses and configuration from DHCPv6, and the A bit reset, so the
|
216
|
+
# clients don't use SLAAC addresses.
|
217
|
+
#enable-ra
|
218
|
+
|
219
|
+
# Supply parameters for specified hosts using DHCP. There are lots
|
220
|
+
# of valid alternatives, so we will give examples of each. Note that
|
221
|
+
# IP addresses DO NOT have to be in the range given above, they just
|
222
|
+
# need to be on the same network. The order of the parameters in these
|
223
|
+
# do not matter, it's permissible to give name, address and MAC in any
|
224
|
+
# order.
|
225
|
+
|
226
|
+
# Always allocate the host with Ethernet address 11:22:33:44:55:66
|
227
|
+
# The IP address 192.168.0.60
|
228
|
+
#dhcp-host=11:22:33:44:55:66,192.168.0.60
|
229
|
+
|
230
|
+
# Always set the name of the host with hardware address
|
231
|
+
# 11:22:33:44:55:66 to be "fred"
|
232
|
+
#dhcp-host=11:22:33:44:55:66,fred
|
233
|
+
|
234
|
+
# Always give the host with Ethernet address 11:22:33:44:55:66
|
235
|
+
# the name fred and IP address 192.168.0.60 and lease time 45 minutes
|
236
|
+
#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
|
237
|
+
|
238
|
+
# Give a host with Ethernet address 11:22:33:44:55:66 or
|
239
|
+
# 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume
|
240
|
+
# that these two Ethernet interfaces will never be in use at the same
|
241
|
+
# time, and give the IP address to the second, even if it is already
|
242
|
+
# in use by the first. Useful for laptops with wired and wireless
|
243
|
+
# addresses.
|
244
|
+
#dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60
|
245
|
+
|
246
|
+
# Give the machine which says its name is "bert" IP address
|
247
|
+
# 192.168.0.70 and an infinite lease
|
248
|
+
#dhcp-host=bert,192.168.0.70,infinite
|
249
|
+
|
250
|
+
# Always give the host with client identifier 01:02:02:04
|
251
|
+
# the IP address 192.168.0.60
|
252
|
+
#dhcp-host=id:01:02:02:04,192.168.0.60
|
253
|
+
|
254
|
+
# Always give the host with client identifier "marjorie"
|
255
|
+
# the IP address 192.168.0.60
|
256
|
+
#dhcp-host=id:marjorie,192.168.0.60
|
257
|
+
|
258
|
+
# Enable the address given for "judge" in /etc/hosts
|
259
|
+
# to be given to a machine presenting the name "judge" when
|
260
|
+
# it asks for a DHCP lease.
|
261
|
+
#dhcp-host=judge
|
262
|
+
|
263
|
+
# Never offer DHCP service to a machine whose Ethernet
|
264
|
+
# address is 11:22:33:44:55:66
|
265
|
+
#dhcp-host=11:22:33:44:55:66,ignore
|
266
|
+
|
267
|
+
# Ignore any client-id presented by the machine with Ethernet
|
268
|
+
# address 11:22:33:44:55:66. This is useful to prevent a machine
|
269
|
+
# being treated differently when running under different OS's or
|
270
|
+
# between PXE boot and OS boot.
|
271
|
+
#dhcp-host=11:22:33:44:55:66,id:*
|
272
|
+
|
273
|
+
# Send extra options which are tagged as "red" to
|
274
|
+
# the machine with Ethernet address 11:22:33:44:55:66
|
275
|
+
#dhcp-host=11:22:33:44:55:66,set:red
|
276
|
+
|
277
|
+
# Send extra options which are tagged as "red" to
|
278
|
+
# any machine with Ethernet address starting 11:22:33:
|
279
|
+
#dhcp-host=11:22:33:*:*:*,set:red
|
280
|
+
|
281
|
+
# Give a fixed IPv6 address and name to client with
|
282
|
+
# DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2
|
283
|
+
# Note the MAC addresses CANNOT be used to identify DHCPv6 clients.
|
284
|
+
# Note also the they [] around the IPv6 address are obilgatory.
|
285
|
+
#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5]
|
286
|
+
|
287
|
+
# Ignore any clients which are not specified in dhcp-host lines
|
288
|
+
# or /etc/ethers. Equivalent to ISC "deny unknown-clients".
|
289
|
+
# This relies on the special "known" tag which is set when
|
290
|
+
# a host is matched.
|
291
|
+
#dhcp-ignore=tag:!known
|
292
|
+
|
293
|
+
# Send extra options which are tagged as "red" to any machine whose
|
294
|
+
# DHCP vendorclass string includes the substring "Linux"
|
295
|
+
#dhcp-vendorclass=set:red,Linux
|
296
|
+
|
297
|
+
# Send extra options which are tagged as "red" to any machine one
|
298
|
+
# of whose DHCP userclass strings includes the substring "accounts"
|
299
|
+
#dhcp-userclass=set:red,accounts
|
300
|
+
|
301
|
+
# Send extra options which are tagged as "red" to any machine whose
|
302
|
+
# MAC address matches the pattern.
|
303
|
+
#dhcp-mac=set:red,00:60:8C:*:*:*
|
304
|
+
|
305
|
+
# If this line is uncommented, dnsmasq will read /etc/ethers and act
|
306
|
+
# on the ethernet-address/IP pairs found there just as if they had
|
307
|
+
# been given as --dhcp-host options. Useful if you keep
|
308
|
+
# MAC-address/host mappings there for other purposes.
|
309
|
+
#read-ethers
|
310
|
+
|
311
|
+
# Send options to hosts which ask for a DHCP lease.
|
312
|
+
# See RFC 2132 for details of available options.
|
313
|
+
# Common options can be given to dnsmasq by name:
|
314
|
+
# run "dnsmasq --help dhcp" to get a list.
|
315
|
+
# Note that all the common settings, such as netmask and
|
316
|
+
# broadcast address, DNS server and default route, are given
|
317
|
+
# sane defaults by dnsmasq. You very likely will not need
|
318
|
+
# any dhcp-options. If you use Windows clients and Samba, there
|
319
|
+
# are some options which are recommended, they are detailed at the
|
320
|
+
# end of this section.
|
321
|
+
|
322
|
+
# Override the default route supplied by dnsmasq, which assumes the
|
323
|
+
# router is the same machine as the one running dnsmasq.
|
324
|
+
#dhcp-option=3,1.2.3.4
|
325
|
+
|
326
|
+
# Do the same thing, but using the option name
|
327
|
+
#dhcp-option=option:router,1.2.3.4
|
328
|
+
|
329
|
+
# Override the default route supplied by dnsmasq and send no default
|
330
|
+
# route at all. Note that this only works for the options sent by
|
331
|
+
# default (1, 3, 6, 12, 28) the same line will send a zero-length option
|
332
|
+
# for all other option numbers.
|
333
|
+
#dhcp-option=3
|
334
|
+
|
335
|
+
# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
|
336
|
+
#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
|
337
|
+
|
338
|
+
# Send DHCPv6 option. Note [] around IPv6 addresses.
|
339
|
+
#dhcp-option=option6:dns-server,[1234::77],[1234::88]
|
340
|
+
|
341
|
+
# Send DHCPv6 option for namservers as the machine running
|
342
|
+
# dnsmasq and another.
|
343
|
+
#dhcp-option=option6:dns-server,[::],[1234::88]
|
344
|
+
|
345
|
+
# Ask client to poll for option changes every six hours. (RFC4242)
|
346
|
+
#dhcp-option=option6:information-refresh-time,6h
|
347
|
+
|
348
|
+
# Set the NTP time server address to be the same machine as
|
349
|
+
# is running dnsmasq
|
350
|
+
#dhcp-option=42,0.0.0.0
|
351
|
+
|
352
|
+
# Set the NIS domain name to "welly"
|
353
|
+
#dhcp-option=40,welly
|
354
|
+
|
355
|
+
# Set the default time-to-live to 50
|
356
|
+
#dhcp-option=23,50
|
357
|
+
|
358
|
+
# Set the "all subnets are local" flag
|
359
|
+
#dhcp-option=27,1
|
360
|
+
|
361
|
+
# Send the etherboot magic flag and then etherboot options (a string).
|
362
|
+
#dhcp-option=128,e4:45:74:68:00:00
|
363
|
+
#dhcp-option=129,NIC=eepro100
|
364
|
+
|
365
|
+
# Specify an option which will only be sent to the "red" network
|
366
|
+
# (see dhcp-range for the declaration of the "red" network)
|
367
|
+
# Note that the tag: part must precede the option: part.
|
368
|
+
#dhcp-option = tag:red, option:ntp-server, 192.168.1.1
|
369
|
+
|
370
|
+
# The following DHCP options set up dnsmasq in the same way as is specified
|
371
|
+
# for the ISC dhcpcd in
|
372
|
+
# http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
|
373
|
+
# adapted for a typical dnsmasq installation where the host running
|
374
|
+
# dnsmasq is also the host running samba.
|
375
|
+
# you may want to uncomment some or all of them if you use
|
376
|
+
# Windows clients and Samba.
|
377
|
+
#dhcp-option=19,0 # option ip-forwarding off
|
378
|
+
#dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
|
379
|
+
#dhcp-option=45,0.0.0.0 # netbios datagram distribution server
|
380
|
+
#dhcp-option=46,8 # netbios node type
|
381
|
+
|
382
|
+
# Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave.
|
383
|
+
#dhcp-option=252,"\n"
|
384
|
+
|
385
|
+
# Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
|
386
|
+
# probably doesn't support this......
|
387
|
+
#dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
|
388
|
+
|
389
|
+
# Send RFC-3442 classless static routes (note the netmask encoding)
|
390
|
+
#dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
|
391
|
+
|
392
|
+
# Send vendor-class specific options encapsulated in DHCP option 43.
|
393
|
+
# The meaning of the options is defined by the vendor-class so
|
394
|
+
# options are sent only when the client supplied vendor class
|
395
|
+
# matches the class given here. (A substring match is OK, so "MSFT"
|
396
|
+
# matches "MSFT" and "MSFT 5.0"). This example sets the
|
397
|
+
# mtftp address to 0.0.0.0 for PXEClients.
|
398
|
+
#dhcp-option=vendor:PXEClient,1,0.0.0.0
|
399
|
+
|
400
|
+
# Send microsoft-specific option to tell windows to release the DHCP lease
|
401
|
+
# when it shuts down. Note the "i" flag, to tell dnsmasq to send the
|
402
|
+
# value as a four-byte integer - that's what microsoft wants. See
|
403
|
+
# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
|
404
|
+
#dhcp-option=vendor:MSFT,2,1i
|
405
|
+
|
406
|
+
# Send the Encapsulated-vendor-class ID needed by some configurations of
|
407
|
+
# Etherboot to allow is to recognise the DHCP server.
|
408
|
+
#dhcp-option=vendor:Etherboot,60,"Etherboot"
|
409
|
+
|
410
|
+
# Send options to PXELinux. Note that we need to send the options even
|
411
|
+
# though they don't appear in the parameter request list, so we need
|
412
|
+
# to use dhcp-option-force here.
|
413
|
+
# See http://syslinux.zytor.com/pxe.php#special for details.
|
414
|
+
# Magic number - needed before anything else is recognised
|
415
|
+
#dhcp-option-force=208,f1:00:74:7e
|
416
|
+
# Configuration file name
|
417
|
+
#dhcp-option-force=209,configs/common
|
418
|
+
# Path prefix
|
419
|
+
#dhcp-option-force=210,/tftpboot/pxelinux/files/
|
420
|
+
# Reboot time. (Note 'i' to send 32-bit value)
|
421
|
+
#dhcp-option-force=211,30i
|
422
|
+
|
423
|
+
# Set the boot filename for netboot/PXE. You will only need
|
424
|
+
# this is you want to boot machines over the network and you will need
|
425
|
+
# a TFTP server; either dnsmasq's built in TFTP server or an
|
426
|
+
# external one. (See below for how to enable the TFTP server.)
|
427
|
+
#dhcp-boot=pxelinux.0
|
428
|
+
|
429
|
+
# The same as above, but use custom tftp-server instead machine running dnsmasq
|
430
|
+
#dhcp-boot=pxelinux,server.name,192.168.1.100
|
431
|
+
|
432
|
+
# Boot for Etherboot gPXE. The idea is to send two different
|
433
|
+
# filenames, the first loads gPXE, and the second tells gPXE what to
|
434
|
+
# load. The dhcp-match sets the gpxe tag for requests from gPXE.
|
435
|
+
#dhcp-match=set:gpxe,175 # gPXE sends a 175 option.
|
436
|
+
#dhcp-boot=tag:!gpxe,undionly.kpxe
|
437
|
+
#dhcp-boot=mybootimage
|
438
|
+
|
439
|
+
# Encapsulated options for Etherboot gPXE. All the options are
|
440
|
+
# encapsulated within option 175
|
441
|
+
#dhcp-option=encap:175, 1, 5b # priority code
|
442
|
+
#dhcp-option=encap:175, 176, 1b # no-proxydhcp
|
443
|
+
#dhcp-option=encap:175, 177, string # bus-id
|
444
|
+
#dhcp-option=encap:175, 189, 1b # BIOS drive code
|
445
|
+
#dhcp-option=encap:175, 190, user # iSCSI username
|
446
|
+
#dhcp-option=encap:175, 191, pass # iSCSI password
|
447
|
+
|
448
|
+
# Test for the architecture of a netboot client. PXE clients are
|
449
|
+
# supposed to send their architecture as option 93. (See RFC 4578)
|
450
|
+
#dhcp-match=peecees, option:client-arch, 0 #x86-32
|
451
|
+
#dhcp-match=itanics, option:client-arch, 2 #IA64
|
452
|
+
#dhcp-match=hammers, option:client-arch, 6 #x86-64
|
453
|
+
#dhcp-match=mactels, option:client-arch, 7 #EFI x86-64
|
454
|
+
|
455
|
+
# Do real PXE, rather than just booting a single file, this is an
|
456
|
+
# alternative to dhcp-boot.
|
457
|
+
#pxe-prompt="What system shall I netboot?"
|
458
|
+
# or with timeout before first available action is taken:
|
459
|
+
#pxe-prompt="Press F8 for menu.", 60
|
460
|
+
|
461
|
+
# Available boot services. for PXE.
|
462
|
+
#pxe-service=x86PC, "Boot from local disk"
|
463
|
+
|
464
|
+
# Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server.
|
465
|
+
#pxe-service=x86PC, "Install Linux", pxelinux
|
466
|
+
|
467
|
+
# Loads <tftp-root>/pxelinux.0 from TFTP server at 1.2.3.4.
|
468
|
+
# Beware this fails on old PXE ROMS.
|
469
|
+
#pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4
|
470
|
+
|
471
|
+
# Use bootserver on network, found my multicast or broadcast.
|
472
|
+
#pxe-service=x86PC, "Install windows from RIS server", 1
|
473
|
+
|
474
|
+
# Use bootserver at a known IP address.
|
475
|
+
#pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4
|
476
|
+
|
477
|
+
# If you have multicast-FTP available,
|
478
|
+
# information for that can be passed in a similar way using options 1
|
479
|
+
# to 5. See page 19 of
|
480
|
+
# http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf
|
481
|
+
|
482
|
+
|
483
|
+
# Enable dnsmasq's built-in TFTP server
|
484
|
+
#enable-tftp
|
485
|
+
|
486
|
+
# Set the root directory for files available via FTP.
|
487
|
+
#tftp-root=/var/ftpd
|
488
|
+
|
489
|
+
# Make the TFTP server more secure: with this set, only files owned by
|
490
|
+
# the user dnsmasq is running as will be send over the net.
|
491
|
+
#tftp-secure
|
492
|
+
|
493
|
+
# This option stops dnsmasq from negotiating a larger blocksize for TFTP
|
494
|
+
# transfers. It will slow things down, but may rescue some broken TFTP
|
495
|
+
# clients.
|
496
|
+
#tftp-no-blocksize
|
497
|
+
|
498
|
+
# Set the boot file name only when the "red" tag is set.
|
499
|
+
#dhcp-boot=tag:red,pxelinux.red-net
|
500
|
+
|
501
|
+
# An example of dhcp-boot with an external TFTP server: the name and IP
|
502
|
+
# address of the server are given after the filename.
|
503
|
+
# Can fail with old PXE ROMS. Overridden by --pxe-service.
|
504
|
+
#dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
|
505
|
+
|
506
|
+
# If there are multiple external tftp servers having a same name
|
507
|
+
# (using /etc/hosts) then that name can be specified as the
|
508
|
+
# tftp_servername (the third option to dhcp-boot) and in that
|
509
|
+
# case dnsmasq resolves this name and returns the resultant IP
|
510
|
+
# addresses in round robin fasion. This facility can be used to
|
511
|
+
# load balance the tftp load among a set of servers.
|
512
|
+
#dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name
|
513
|
+
|
514
|
+
# Set the limit on DHCP leases, the default is 150
|
515
|
+
#dhcp-lease-max=150
|
516
|
+
|
517
|
+
# The DHCP server needs somewhere on disk to keep its lease database.
|
518
|
+
# This defaults to a sane location, but if you want to change it, use
|
519
|
+
# the line below.
|
520
|
+
#dhcp-leasefile=/var/lib/misc/dnsmasq.leases
|
521
|
+
|
522
|
+
# Set the DHCP server to authoritative mode. In this mode it will barge in
|
523
|
+
# and take over the lease for any client which broadcasts on the network,
|
524
|
+
# whether it has a record of the lease or not. This avoids long timeouts
|
525
|
+
# when a machine wakes up on a new network. DO NOT enable this if there's
|
526
|
+
# the slightest chance that you might end up accidentally configuring a DHCP
|
527
|
+
# server for your campus/company accidentally. The ISC server uses
|
528
|
+
# the same option, and this URL provides more information:
|
529
|
+
# http://www.isc.org/files/auth.html
|
530
|
+
#dhcp-authoritative
|
531
|
+
|
532
|
+
# Run an executable when a DHCP lease is created or destroyed.
|
533
|
+
# The arguments sent to the script are "add" or "del",
|
534
|
+
# then the MAC address, the IP address and finally the hostname
|
535
|
+
# if there is one.
|
536
|
+
#dhcp-script=/bin/echo
|
537
|
+
|
538
|
+
# Set the cachesize here.
|
539
|
+
#cache-size=150
|
540
|
+
|
541
|
+
# If you want to disable negative caching, uncomment this.
|
542
|
+
#no-negcache
|
543
|
+
|
544
|
+
# Normally responses which come from /etc/hosts and the DHCP lease
|
545
|
+
# file have Time-To-Live set as zero, which conventionally means
|
546
|
+
# do not cache further. If you are happy to trade lower load on the
|
547
|
+
# server for potentially stale date, you can set a time-to-live (in
|
548
|
+
# seconds) here.
|
549
|
+
#local-ttl=
|
550
|
+
|
551
|
+
# If you want dnsmasq to detect attempts by Verisign to send queries
|
552
|
+
# to unregistered .com and .net hosts to its sitefinder service and
|
553
|
+
# have dnsmasq instead return the correct NXDOMAIN response, uncomment
|
554
|
+
# this line. You can add similar lines to do the same for other
|
555
|
+
# registries which have implemented wildcard A records.
|
556
|
+
#bogus-nxdomain=64.94.110.11
|
557
|
+
|
558
|
+
# If you want to fix up DNS results from upstream servers, use the
|
559
|
+
# alias option. This only works for IPv4.
|
560
|
+
# This alias makes a result of 1.2.3.4 appear as 5.6.7.8
|
561
|
+
#alias=1.2.3.4,5.6.7.8
|
562
|
+
# and this maps 1.2.3.x to 5.6.7.x
|
563
|
+
#alias=1.2.3.0,5.6.7.0,255.255.255.0
|
564
|
+
# and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40
|
565
|
+
#alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
|
566
|
+
|
567
|
+
# Change these lines if you want dnsmasq to serve MX records.
|
568
|
+
|
569
|
+
# Return an MX record named "maildomain.com" with target
|
570
|
+
# servermachine.com and preference 50
|
571
|
+
#mx-host=maildomain.com,servermachine.com,50
|
572
|
+
|
573
|
+
# Set the default target for MX records created using the localmx option.
|
574
|
+
#mx-target=servermachine.com
|
575
|
+
|
576
|
+
# Return an MX record pointing to the mx-target for all local
|
577
|
+
# machines.
|
578
|
+
#localmx
|
579
|
+
|
580
|
+
# Return an MX record pointing to itself for all local machines.
|
581
|
+
#selfmx
|
582
|
+
|
583
|
+
# Change the following lines if you want dnsmasq to serve SRV
|
584
|
+
# records. These are useful if you want to serve ldap requests for
|
585
|
+
# Active Directory and other windows-originated DNS requests.
|
586
|
+
# See RFC 2782.
|
587
|
+
# You may add multiple srv-host lines.
|
588
|
+
# The fields are <name>,<target>,<port>,<priority>,<weight>
|
589
|
+
# If the domain part if missing from the name (so that is just has the
|
590
|
+
# service and protocol sections) then the domain given by the domain=
|
591
|
+
# config option is used. (Note that expand-hosts does not need to be
|
592
|
+
# set for this to work.)
|
593
|
+
|
594
|
+
# A SRV record sending LDAP for the example.com domain to
|
595
|
+
# ldapserver.example.com port 389
|
596
|
+
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
|
597
|
+
|
598
|
+
# A SRV record sending LDAP for the example.com domain to
|
599
|
+
# ldapserver.example.com port 389 (using domain=)
|
600
|
+
#domain=example.com
|
601
|
+
#srv-host=_ldap._tcp,ldapserver.example.com,389
|
602
|
+
|
603
|
+
# Two SRV records for LDAP, each with different priorities
|
604
|
+
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
|
605
|
+
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
|
606
|
+
|
607
|
+
# A SRV record indicating that there is no LDAP server for the domain
|
608
|
+
# example.com
|
609
|
+
#srv-host=_ldap._tcp.example.com
|
610
|
+
|
611
|
+
# The following line shows how to make dnsmasq serve an arbitrary PTR
|
612
|
+
# record. This is useful for DNS-SD. (Note that the
|
613
|
+
# domain-name expansion done for SRV records _does_not
|
614
|
+
# occur for PTR records.)
|
615
|
+
#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
|
616
|
+
|
617
|
+
# Change the following lines to enable dnsmasq to serve TXT records.
|
618
|
+
# These are used for things like SPF and zeroconf. (Note that the
|
619
|
+
# domain-name expansion done for SRV records _does_not
|
620
|
+
# occur for TXT records.)
|
621
|
+
|
622
|
+
#Example SPF.
|
623
|
+
#txt-record=example.com,"v=spf1 a -all"
|
624
|
+
|
625
|
+
#Example zeroconf
|
626
|
+
#txt-record=_http._tcp.example.com,name=value,paper=A4
|
627
|
+
|
628
|
+
# Provide an alias for a "local" DNS name. Note that this _only_ works
|
629
|
+
# for targets which are names from DHCP or /etc/hosts. Give host
|
630
|
+
# "bert" another name, bertrand
|
631
|
+
#cname=bertand,bert
|
632
|
+
|
633
|
+
# For debugging purposes, log each DNS query as it passes through
|
634
|
+
# dnsmasq.
|
635
|
+
#log-queries
|
636
|
+
|
637
|
+
# Log lots of extra information about DHCP transactions.
|
638
|
+
#log-dhcp
|
639
|
+
|
640
|
+
# Include another lot of configuration options.
|
641
|
+
#conf-file=/etc/dnsmasq.more.conf
|
642
|
+
#conf-dir=/etc/dnsmasq.d
|
643
|
+
|
644
|
+
# Include all the files in a directory except those ending in .bak
|
645
|
+
#conf-dir=/etc/dnsmasq.d,.bak
|
646
|
+
|
647
|
+
# Include all files in a directory which end in .conf
|
648
|
+
#conf-dir=/etc/dnsmasq.d/*.conf
|
649
|
+
|
650
|
+
# EVIL STARTS HERE
|
651
|
+
log-facility=/var/log/dnsmasq.log
|
652
|
+
#address=/#/10.0.0.1
|
653
|
+
#address=/google.com/10.0.0.1
|
654
|
+
interface=wlan1
|
655
|
+
dhcp-range=10.0.0.10,10.0.0.250,12h
|
656
|
+
dhcp-option=3,10.0.0.1
|
657
|
+
dhcp-option=6,10.0.0.1
|
658
|
+
#no-resolv
|
659
|
+
log-queries
|
660
|
+
|
data/etc/rc.local
ADDED
@@ -0,0 +1,16 @@
|
|
1
|
+
#!/bin/sh -e
|
2
|
+
#
|
3
|
+
# rc.local
|
4
|
+
#
|
5
|
+
# This script is executed at the end of each multiuser runlevel.
|
6
|
+
# Make sure that the script will "exit 0" on success or any other
|
7
|
+
# value on error.
|
8
|
+
#
|
9
|
+
# In order to enable or disable this script just change the execution
|
10
|
+
# bits.
|
11
|
+
#
|
12
|
+
# By default this script does nothing.
|
13
|
+
|
14
|
+
exec /root/scripts/enable-rogue.sh
|
15
|
+
|
16
|
+
exit 0
|
@@ -0,0 +1,15 @@
|
|
1
|
+
[Unit]
|
2
|
+
Description=Rogue and Evil Access Point
|
3
|
+
After=network.target dnsmasq.target hostapd.target
|
4
|
+
|
5
|
+
[Service]
|
6
|
+
# Type=forking
|
7
|
+
Environment="USER=root"
|
8
|
+
Environment="HOME=/root"
|
9
|
+
ExecStart=#{RUN_CMD}
|
10
|
+
# ExecReload=/bin/kill -HUP $MAINPID
|
11
|
+
PIDFile=/var/run/zlown.pid
|
12
|
+
|
13
|
+
[Install]
|
14
|
+
WantedBy=multi-user.target
|
15
|
+
|