forked from D357R0Y3R/Hardened-Anonymized-DNSCrypt-Proxy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
dnscrypt-proxy.install
106 lines (104 loc) · 6.35 KB
/
dnscrypt-proxy.install
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
post_install() {
echo -e "--------------------------------------"
echo -e "| Hardened-Anonymized-DNSCrypt-Proxy |"
echo -e "| Wipe Snoopers Out Of Your Networks |"
echo -e "--------------------------------------"
echo -e "--------------------------------------"
echo -e "| Disabling SystemD-Resolved Service |"
echo -e "--------------------------------------"
systemctl daemon-reload && systemctl disable --now systemd-resolved -f
echo -e "---------------------------------------------------"
echo -e "| Initializing Hardened-Anonymized-DNSCrypt-Proxy |"
echo -e "---------------------------------------------------"
systemctl daemon-reload && systemctl enable --now dnscrypt-proxy -f
echo -e "--------------------------------------------------------------"
echo -e "| Applying Hardened-Anonymized-DNSCrypt-Proxy Configurations |"
echo -e "--------------------------------------------------------------"
mv /etc/ppp/ip-up.d/00-dns.sh /etc/ppp/ip-up.d/00-dns.sh.backup
touch /etc/ppp/ip-up.d/00-dns.sh && chattr +i /etc/ppp/ip-up.d/00-dns.sh
chattr -i /etc/resolv* && rm -rf /etc/resolv* /etc/NetworkManager/conf.d/*
rm -rf /etc/NetworkManager/NetworkManager* /var/lib/NetworkManager/*conf
echo -e "[main]\ndns=none\nrc-manager=unmanaged\n" &>>/etc/NetworkManager/NetworkManager.conf
echo -e "[device]\nwifi.scan-rand-mac-address=yes" &>>/etc/NetworkManager/NetworkManager.conf
echo -e "ethernet.cloned-mac-address=random" &>>/etc/NetworkManager/NetworkManager.conf
echo -e "wifi.cloned-mac-address=random" &>>/etc/NetworkManager/NetworkManager.conf
echo -e "[connectivity]\n.set.enabled=false" &>>/var/lib/NetworkManager/NetworkManager-intern.conf
echo -e "nameserver 127.0.0.1\noptions edns0\noptions single-request-reopen" &>/etc/resolv.conf && chattr +i /etc/resolv*
echo -e "---------------------------------------------------------"
echo -e "| Generating Certificate For EncryptedClientHello (ECH) |"
echo -e "---------------------------------------------------------"
openssl req -x509 -noenc -newkey rsa:4096 -sha512 -subj / -keyout /etc/dnscrypt-proxy/localhost.pem -out /etc/dnscrypt-proxy/localhost.pem
chmod 644 /etc/dnscrypt-proxy/localhost*
echo -e "----------------------------------------------------------"
echo -e "| Successfully Configured EncryptedClientHello (ECH) |"
echo -e "| Now Add Browser DoH [https://127.0.0.1:3000/dns-query] |"
echo -e "| Visit Full DoH Address On Browser Startup & Accept |"
echo -e "----------------------------------------------------------"
echo -e "-------------------------------------------"
echo -e "| Configuring & Restarting NetworkManager |"
echo -e "-------------------------------------------"
systemctl daemon-reload && systemctl restart --now NetworkManager -f && sleep 15
echo -e "------------------------------------------------------"
echo -e "| Checking Hardened-Anonymized-DNSCrypt-Proxy Status |"
echo -e "------------------------------------------------------"
dnscrypt-proxy -config /etc/dnscrypt-proxy/dnscrypt-proxy.toml --show-certs
systemctl daemon-reload && systemctl restart --now dnscrypt-proxy -f
echo -e "--------------------------------------"
echo -e "| Hardened-Anonymized-DNSCrypt-Proxy |"
echo -e "| Successfully Configured ! |"
echo -e "--------------------------------------"
}
pre_remove() {
echo -e "--------------------------------------"
echo -e "| Hardened-Anonymized-DNSCrypt-Proxy |"
echo -e "| Wipe Snoopers Out Of Your Networks |"
echo -e "--------------------------------------"
echo -e "------------------------------------------------"
echo -e "| Disabling Hardened-Anonymized-DNSCrypt-Proxy |"
echo -e "------------------------------------------------"
systemctl daemon-reload && systemctl disable --now dnscrypt-proxy -f
echo -e "---------------------------------------------------------------"
echo -e "| Reverting Hardened-Anonymized-DNSCrypt-Proxy Configurations |"
echo -e "---------------------------------------------------------------"
chattr -i /etc/ppp/ip-up.d/00-dns.sh
mv /etc/ppp/ip-up.d/00-dns.sh.backup /etc/ppp/ip-up.d/00-dns.sh
rm -rf /etc/dnscrypt-proxy
echo -e "-------------------------------------------"
echo -e "| Configuring & Restarting NetworkManager |"
echo -e "-------------------------------------------"
chattr -i /etc/resolv* && rm -rf /etc/resolv* /etc/NetworkManager/conf.d/*
rm -rf /etc/NetworkManager/NetworkManager* /var/lib/NetworkManager/*conf
echo -e "[device]\nwifi.scan-rand-mac-address=yes" &>>/etc/NetworkManager/NetworkManager.conf
echo -e "ethernet.cloned-mac-address=random" &>>/etc/NetworkManager/NetworkManager.conf
echo -e "wifi.cloned-mac-address=random" &>>/etc/NetworkManager/NetworkManager.conf
echo -e "[connectivity]\n.set.enabled=false" &>>/var/lib/NetworkManager/NetworkManager-intern.conf
echo -e "# Generated by NetworkManager\nnameserver $(routel | grep default | awk '{print $2}')" &>/etc/resolv.conf
systemctl daemon-reload && systemctl restart --now NetworkManager -f
echo -e "--------------------------------------"
echo -e "| Hardened-Anonymized-DNSCrypt-Proxy |"
echo -e "| Successfully Deconfigured ! |"
echo -e "--------------------------------------"
}
post_upgrade() {
echo -e "--------------------------------------"
echo -e "| Hardened-Anonymized-DNSCrypt-Proxy |"
echo -e "| Wipe Snoopers Out Of Your Networks |"
echo -e "--------------------------------------"
echo -e "-------------------------------------------------"
echo -e "| Restarting Hardened-Anonymized-DNSCrypt-Proxy |"
echo -e "-------------------------------------------------"
systemctl daemon-reload && systemctl disable --now dnscrypt-proxy -f
echo -e "--------------------------------------------------"
echo -e "| Restarting NetworkManager & Necessary Services |"
echo -e "--------------------------------------------------"
systemctl daemon-reload && systemctl enable --now dnscrypt-proxy -f
systemctl daemon-reload && systemctl restart --now NetworkManager -f && sleep 15
echo -e "------------------------------------------------------"
echo -e "| Checking Hardened-Anonymized-DNSCrypt-Proxy Status |"
echo -e "------------------------------------------------------"
dnscrypt-proxy -config /etc/dnscrypt-proxy/dnscrypt-proxy.toml --show-certs
echo -e "--------------------------------------"
echo -e "| Hardened-Anonymized-DNSCrypt-Proxy |"
echo -e "| Successfully Updated ! |"
echo -e "--------------------------------------"
}