mirror of
https://gitlab.com/hacklab01/pivilion.git
synced 2025-04-30 00:57:16 +00:00
v3d created page: pivilion manual setup
v3d
parent
8d0a82a377
commit
f8c76bff2f
142
pivilion-manual-setup.md
Normal file
142
pivilion-manual-setup.md
Normal file
@ -0,0 +1,142 @@
|
|||||||
|
# Pivilion manual setup
|
||||||
|
|
||||||
|
You can chose to download one of our pre-installed images or follow this guide to install Pivilion on your Raspberry Pi from scratch and use it as a portable darknet gallery. It installs Tor with Lighttpd (Lighty) as a hidden service and runs a simple php based gallery system. Tor is free software for enabling anonymous communication and censorship circumvention. However, Pivilion doesn't use Tor for its anonimity features (but Tor still provides them). Tor is used to host a HTTP server as a hidden service. We make extensive use of its NAT punching capabilites to enable us to host a gallery behind NATs and firewalls. Keep in mind that this may or may not break your ISP contract if you do it from home. Using public WiFi to host hidden services, while not technically illegal if you were provided with the password by the owner of the WiFi, may present certain issues with their ISP. Since we're using Tor there is no way for you to get *caught*. With great power comes great resposibility. Be responsible in what you host and do on the darknet while using Pivilion.
|
||||||
|
## Checklist
|
||||||
|
|
||||||
|
#### Raspbian image
|
||||||
|
https://www.raspberrypi.org/downloads/raspbian/
|
||||||
|
#### Tor Browser
|
||||||
|
https://www.torproject.org/download/download-easy.html.en
|
||||||
|
### Windows only
|
||||||
|
#### Putty SSH client
|
||||||
|
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
|
||||||
|
#### Preparing the SD card with the image
|
||||||
|
First we need to put a fresh Rasbpian image on our RPi's SD card.
|
||||||
|
You can use either the full or the lite image, it’s up to you.
|
||||||
|
## Rpi installing images
|
||||||
|
https://www.raspberrypi.org/documentation/installation/installing-images/README.md
|
||||||
|
|
||||||
|
Choose your system. We’ll be using Linux + dd.
|
||||||
|
|
||||||
|
Once that’s done, connect your RPi to a DHCP network with an ethernet cable and power it on. Depending on your network configuration, you can login to your RPi using it's hostname "raspberry", or use a network discovery tool to find it's IP address.
|
||||||
|
We will use nmap to scan our DHCP IP range for all hosts that are up. Replace 10.0.0.1/24 with your IP address range. You can also check you router's settings to see all devices connected to your network and their IPs.
|
||||||
|
|
||||||
|
nmap 10.0.0.1/24
|
||||||
|
|
||||||
|
Login to your pi using SSH with username: pi password: raspberry.
|
||||||
|
|
||||||
|
ssh pi@{10.0.0.5}
|
||||||
|
|
||||||
|
(Replace 10.0.0.5 with your Rpi's IP)
|
||||||
|
|
||||||
|
### Expand your filesystem.
|
||||||
|
|
||||||
|
sudo raspi-config (select the first option from the menu).
|
||||||
|
|
||||||
|
Select finish and reboot.
|
||||||
|
|
||||||
|
SSH back into your RPi
|
||||||
|
|
||||||
|
Check used and available storage with
|
||||||
|
|
||||||
|
df -h
|
||||||
|
|
||||||
|
### Upgrade your system.
|
||||||
|
|
||||||
|
sudo apt-get update && sudo apt-get upgrade
|
||||||
|
|
||||||
|
### Install Lighttpd
|
||||||
|
|
||||||
|
Lighttpd (pronounced "lighty") is an open-source web server optimized for speed-critical environments while remaining standards-compliant, secure and flexible.
|
||||||
|
|
||||||
|
sudo apt-get install lighttpd
|
||||||
|
|
||||||
|
You can now navigate to your Rpi's IP (or hostname - raspberry) using a browser.
|
||||||
|
|
||||||
|
You will see lighttpd's placeholder page.
|
||||||
|
|
||||||
|
### Install PHP and modules.
|
||||||
|
|
||||||
|
sudo apt-get install php5-cgi php5-gd
|
||||||
|
|
||||||
|
PHP (Hypertext Preprocessor) is a server-side scripting language designed primarily for (but not limited to) web development. We use it to run our basic gallery generation script.
|
||||||
|
|
||||||
|
The GD library (php5-gd) is a graphics drawing library that provides tools for manipulating image data.
|
||||||
|
|
||||||
|
php5-cgi is a PHP to CGI interpreter. CGI (Common Gateway Interface ) offers a standard protocol for web servers to interface with executable programs running on a server that generate web pages dynamically. The interpreter is how Lighty handles PHP.
|
||||||
|
|
||||||
|
Apt will install all required dependencies.
|
||||||
|
|
||||||
|
### Install Hostapd.
|
||||||
|
|
||||||
|
sudo apt-get install hostapd
|
||||||
|
|
||||||
|
Hostapd (Host access point daemon) is a user space software access point capable of turning normal network interface cards into access points and authentication servers. We use it, in conjuction with dnsmaq, to turn the Rpi into an access point.
|
||||||
|
|
||||||
|
### Install Dnsmasq
|
||||||
|
|
||||||
|
sudo apt-get install dnsmaq
|
||||||
|
|
||||||
|
Dnsmasq is a Domain Name System (DNS) forwarder and Dynamic Host Configuration Protocol (DHCP) server for small computer networks. We use it to provide the clients connected to our access point with IP addresses.
|
||||||
|
|
||||||
|
### Install git
|
||||||
|
|
||||||
|
sudo apt-get install git. Git (/ɡɪt/) is a version control system (VCS) that is used for software development and other version control tasks. We use it download settings and scripts from our Gitlab repository.
|
||||||
|
|
||||||
|
### Install Tor.
|
||||||
|
|
||||||
|
sudo apt-get install tor
|
||||||
|
|
||||||
|
You can now chose to either pull the Pivilion scripts and Tor / Rpi configuration (if so skip to here) from our Gitlab or make the next step manually and make your own Tor hidden service without Pivilion.
|
||||||
|
|
||||||
|
### Configure Tor
|
||||||
|
|
||||||
|
Edit Tor's configuration file /etc/tor/torrc by issuing
|
||||||
|
|
||||||
|
sudo nano /etc/tor/torrc
|
||||||
|
|
||||||
|
Uncomment RunAsDeamon 1
|
||||||
|
|
||||||
|
In the section intended for hidden services only, uncomment the two lines
|
||||||
|
|
||||||
|
HiddenServiceDir /var/lib/tor/hidden_service
|
||||||
|
HiddenServicePort 80 127.0.0.1:80
|
||||||
|
|
||||||
|
In order to setup additional services, simply add their port's to this list, followed by your localhost IP (always 127.0.0.1). Eg. for SSH via Tor we would add
|
||||||
|
|
||||||
|
HiddenServicePort 22 127.0.0.1:22
|
||||||
|
|
||||||
|
Note that hidden service ports don't need to be the same as their local ports. It is reccomended to run services on high ports (1024-65535) for (not much) added security. The port for the http service is left at the default port 80, because otherwise we need to input the port in the URL, i.e. 7j4kxhmso6yhz2df.onion:1337 tp access the website on port 1337.
|
||||||
|
|
||||||
|
Now restart tor
|
||||||
|
|
||||||
|
sudo systemctl restart tor
|
||||||
|
|
||||||
|
Tor will generate a hostname. to view your hostname run
|
||||||
|
|
||||||
|
sudo cat /var/lib/tor/hostname/hidden_service/hostname
|
||||||
|
|
||||||
|
Will output your onion domain.
|
||||||
|
|
||||||
|
Check if your hidden service works by opening Tor Browser and navigating to your onion domain.
|
||||||
|
|
||||||
|
You should see the same lighttpd placeholder page as before.
|
||||||
|
|
||||||
|
Cloning Pivilion settings and scripts via Git
|
||||||
|
|
||||||
|
Our script assumes that your user is named pi. It will create direcotries in pi's home dir (/home/pi) and use scripts that reference that directory.
|
||||||
|
|
||||||
|
Make sure you are root before doing these steps. The root account is disabled on Raspbian, so you will have to become root using by issuing
|
||||||
|
|
||||||
|
sudo -s
|
||||||
|
|
||||||
|
### Pull config and settings from Gitlab
|
||||||
|
cd / (DO NOT TO SKIP THIS STEP)
|
||||||
|
|
||||||
|
git init
|
||||||
|
|
||||||
|
git remote add origin https://gitlab.com/hacklab01/pivilion.git
|
||||||
|
|
||||||
|
git fetch origin
|
||||||
|
|
||||||
|
git checkout -f --track origin/master
|
||||||
Loading…
x
Reference in New Issue
Block a user