forked from ronnyvdbr/ronnyvdbr.github.io
-
Notifications
You must be signed in to change notification settings - Fork 0
/
installer-jessie.sh
218 lines (189 loc) · 11.1 KB
/
installer-jessie.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
########################################################################################
# Installation procedure for the Raspberry Pi Wireless Access Router
########################################################################################
# This procedure was designed on top of a foundation Raspbian Jessie lite image with build date 18-03-2016
# Download the latest Raspbian Jessie Lite image from https://downloads.raspberrypi.org/raspbian_lite_latest
# Unzip your downloaded image, and write it to SD card with win32 disk imager.
# Boot up your SD card in your Raspberry Pi, and Log into the Raspbian Jessie OS, with pi as username and raspberry as password.
# Start executing below commands in sequence.
########################################################################################
# Bootstrap - Preparing the Raspbian OS.
########################################################################################
# Regen our security keys, it's a best practice
sudo /bin/rm -v /etc/ssh/ssh_host_*
sudo ssh-keygen -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key
sudo ssh-keygen -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key
sudo ssh-keygen -t ecdsa -N "" -f /etc/ssh/ssh_host_ecdsa_key
sudo ssh-keygen -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key
sudo systemctl restart sshd.service
# Resize our root partition to maximum size
sudo raspi-config --expand-rootfs
sudo partprobe
sudo resize2fs /dev/mmcblk0p2
# update raspbian
sudo apt-get update && sudo apt-get -y upgrade
########################################################################################
# Update Firmware - Making sure that your Raspbian firmware is the latest version.
########################################################################################
sudo apt-get -y install rpi-update
sudo rpi-update
sudo reboot
########################################################################################
# Set-up git and clone our repository into place.
########################################################################################
# Install git and clone our repository
sudo apt-get -y install git-core
git clone https://github.com/ronnyvdbr/Raspberry-Wifi-Router.git /home/pi/Raspberry-Wifi-Router
########################################################################################
# Set-up nginx with php support and enable our Raspberry-Wifi-Router website.
########################################################################################
# Install nginx with php support.
sudo apt-get -y install nginx php5-fpm
# Disable the default nginx website.
sudo rm /etc/nginx/sites-enabled/default
# Copy our siteconf into place
sudo cp /home/pi/Raspberry-Wifi-Router/defconfig/RaspberryWifiRouter.Nginx.Siteconf /etc/nginx/sites-available/RaspberryWifiRouter.Nginx.Siteconf
# Lets enable our website
sudo ln -s /etc/nginx/sites-available/RaspberryWifiRouter.Nginx.Siteconf /etc/nginx/sites-enabled/RaspberryWifiRouter.Nginx.Siteconf
# Disable output buffering in php.
sudo sed -i 's/output_buffering = 4096/;output_buffering = 4096/g' /etc/php5/fpm/php.ini
# Set permissions for our router's config file
sudo chgrp www-data /home/pi/Raspberry-Wifi-Router/www/routersettings.ini
sudo chmod g+w /home/pi/Raspberry-Wifi-Router/www/routersettings.ini
# enable file uploads
sudo sed -i 's/;file_uploads = On/file_uploads = On/g' /etc/php5/fpm/php.ini
########################################################################################
# Set-up hostapd.
########################################################################################
# Install some required libraries for hostapd.
sudo apt-get install -y libnl-3-dev libnl-genl-3-dev libssl-dev
# Download and extract the hostapd source files.
wget -O /home/pi/hostapd-2.5.tar.gz http://w1.fi/releases/hostapd-2.5.tar.gz
tar -zxvf /home/pi/hostapd-2.5.tar.gz -C /home/pi
# Prepare for compiling hostapd, create .config and modify some variables.
cp /home/pi/hostapd-2.5/hostapd/defconfig /home/pi/hostapd-2.5/hostapd/.config
sed -i 's/#CONFIG_LIBNL32=y/CONFIG_LIBNL32=y/g' /home/pi/hostapd-2.5/hostapd/.config
sed -i 's/#CFLAGS += -I$<path to libnl include files>/CFLAGS += -I\/usr\/include\/libnl3/g' /home/pi/hostapd-2.5/hostapd/.config
sed -i 's/#LIBS += -L$<path to libnl library files>/LIBS += -L\/lib\/arm-linux-gnueabihf/g' /home/pi/hostapd-2.5/hostapd/.config
sed -i 's/#CONFIG_IEEE80211N=y/CONFIG_IEEE80211N=y/g' /home/pi/hostapd-2.5/hostapd/.config
# Create some links to fix some bugs while compiling
sudo ln -s /lib/arm-linux-gnueabihf/libnl-genl-3.so.200.5.2 /lib/arm-linux-gnueabihf/libnl-genl.so
sudo ln -s /lib/arm-linux-gnueabihf/libnl-3.so.200.5.2 /lib/arm-linux-gnueabihf/libnl.so
# Compile hostapd.
make -C /home/pi/hostapd-2.5/hostapd
# Ok, now install hostapd.
sudo make install -C /home/pi/hostapd-2.5/hostapd
# Create config folder and copy our default hostapd config file into place.
sudo mkdir /etc/hostapd
sudo cp /home/pi/Raspberry-Wifi-Router/defconfig/hostapd.conf /etc/hostapd/hostapd.conf
sudo chgrp www-data /etc/hostapd/hostapd.conf
sudo chmod g+w /etc/hostapd/hostapd.conf
# Set permissions on config file so our router can modify it.
sudo chgrp www-data /etc/hostapd/hostapd.conf
sudo chmod g+w /etc/hostapd/hostapd.conf
# Copy our own systemd service unit into place for starting hostapd during boot time and load it in systemd.
sudo cp /home/pi/Raspberry-Wifi-Router/defconfig/hostapd.service /etc/systemd/system/hostapd.service
sudo chgrp www-data /etc/systemd/system/hostapd.service
sudo chmod g+w /etc/systemd/system/hostapd.service
sudo systemctl daemon-reload
sudo systemctl enable hostapd.service
########################################################################################
# Set-up other network requirements
########################################################################################
sudo apt-get -y install iw bridge-utils dnsmasq iptables
# disable dnsmasq?
sudo sed -i 's/netdev:x:108:pi/netdev:x:108:pi,www-data/g' /etc/group
# Copy some config files into place
sudo cp /home/pi/Raspberry-Wifi-Router/defconfig/interfaces /etc/network/interfaces
sudo chgrp www-data /etc/network/interfaces
sudo chmod g+w /etc/network/interfaces
sudo cp /home/pi/Raspberry-Wifi-Router/defconfig/dhcpcd.conf /etc/dhcpcd.conf
sudo cp /home/pi/Raspberry-Wifi-Router/defconfig/wr_commands /etc/sudoers.d/wr_commands
sudo chmod 644 /etc/sudoers.d/wr_commands
sudo cp /home/pi/Raspberry-Wifi-Router/defconfig/ntp.conf /etc/ntp.conf
sudo chgrp www-data /etc/ntp.conf
sudo chmod g+w /etc/ntp.conf
sudo cp /home/pi/Raspberry-Wifi-Router/defconfig/dnsmasq.conf /etc/dnsmasq.conf
sudo chgrp www-data /etc/dnsmasq.conf
sudo chmod g+w /etc/dnsmasq.conf
# modify some shit in existing config files
sudo chgrp www-data /etc/dhcp/dhclient.conf
sudo chmod g+w /etc/dhcp/dhclient.conf
sudo chgrp www-data /etc/timezone
sudo chmod g+w /etc/timezone
sudo cp /home/pi/Raspberry-Wifi-Router/defconfig/routersettings.ini /home/pi/Raspberry-Wifi-Router/www/routersettings.ini
sudo mount -o remount rw /boot
sudo cp /home/pi/Raspberry-Wifi-Router/defconfig/cmdline.txt /boot/cmdline.txt
# disable ntp in default config
sudo systemctl stop ntp
sudo systemctl disable ntp
# fix a bug in which dnsmasq overwrites our resolv.conf file's dns servers
echo "DNSMASQ_EXCEPT=lo" | sudo tee -a /etc/default/dnsmasq
# set security rights on /etc/rc.local
sudo chgrp www-data /etc/rc.local
sudo chmod g+w /etc/rc.local
# create empty /etc/resolv.conf.head file for dns override
sudo touch /etc/resolv.conf.head
sudo chgrp www-data /etc/resolv.conf.head
sudo chmod g+w /etc/resolv.conf.head
# set permissions on temp folder for router
sudo chgrp -R www-data /home/pi/Raspberry-Wifi-Router/www/temp
sudo chmod -R 775 /home/pi/Raspberry-Wifi-Router/www/temp
########################################################################################
# Set-up mysql
########################################################################################
sudo apt-get -y install debhelper
echo 'mysql-server mysql-server/root_password password raspberry' | debconf-set-selections
echo 'mysql-server mysql-server/root_password_again password raspberry' | debconf-set-selections
sudo apt-get -y install mysql-server php5-mysql
########################################################################################
# Set-up freeradius
########################################################################################
sudo apt-get -y install freeradius freeradius-mysql
echo 'create database radius;' | mysql --host=localhost --user=root --password=raspberry
sudo cat /etc/freeradius/sql/mysql/schema.sql | mysql --host=localhost --user=root --password=raspberry radius
sudo cat /etc/freeradius/sql/mysql/admin.sql | mysql --host=localhost --user=root --password=raspberry radius
echo "insert into radcheck (username, attribute, op, value) values ('user', 'Cleartext-Password', ':=', 'password');" | mysql --host=localhost --user=root --password=raspberry radius
sudo sed -i 's/#[[:space:]]$INCLUDE sql.conf/$INCLUDE sql.conf/g' /etc/freeradius/radiusd.conf
sudo cp /home/pi/Raspberry-Wifi-Router/defconfig/sites-available-default /etc/freeradius/sites-available/default
sudo systemctl restart freeradius.service
########################################################################################
# Login Database - Creating a login database and storing our user passwords
########################################################################################
echo 'create database login;' | mysql --host=localhost --user=root --password=raspberry
echo " \
CREATE TABLE users ( \
id int(11) NOT NULL auto_increment, \
username varchar(64) NOT NULL default '', \
password varchar(64) NOT NULL default '', \
PRIMARY KEY (id) \
) ;" | mysql --host=localhost --user=root --password=raspberry --database login
echo " \
CREATE TABLE openvpnusers ( \
id int(11) NOT NULL auto_increment, \
openvpnservername varchar(64) NOT NULL default '', \
username varchar(64) NOT NULL default '', \
firstname varchar(64) NOT NULL default '', \
lastname varchar(64) NOT NULL default '', \
country varchar(2) NOT NULL default '', \
province varchar(64) NOT NULL default '', \
city varchar(64) NOT NULL default '', \
organisation varchar(64) NOT NULL default '', \
email varchar(64) NOT NULL default '', \
packageurl varchar(64) NOT NULL default '', \
PRIMARY KEY (id) \
) ;" | mysql --host=localhost --user=root --password=raspberry --database login
echo "INSERT INTO users (username,password) VALUES('admin','raspberry');" | \
mysql --host=localhost --user=root --password=raspberry --database login
########################################################################################
# OpenVPN - Installing OpenVPN Requirements
########################################################################################
sudo apt-get -y install openvpn
sudo apt-get -y install zip
mkdir /home/pi/Raspberry-Wifi-Router/www/temp
mkdir /home/pi/Raspberry-Wifi-Router/www/temp/OpenVPN_ClientPackages
sudo systemctl disable openvpn.service
########################################################################################
# Reconfigure networking
########################################################################################
sudo iw wlan0 set 4addr on # for bridging the wlan interface