mirror of https://github.com/Zelo72/rpi
initial
This commit is contained in:
parent
d186c395a4
commit
38589df9eb
|
@ -0,0 +1,38 @@
|
|||
#Pihole
|
||||
https://mirror1.malwaredomains.com/files/justdomains
|
||||
http://sysctl.org/cameleon/hosts
|
||||
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
|
||||
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
|
||||
#StevenBlack
|
||||
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
|
||||
#OISD
|
||||
https://dbl.oisd.nl/
|
||||
#RPiList
|
||||
https://raw.githubusercontent.com/RPiList/specials/master/Blocklisten/notserious
|
||||
https://raw.githubusercontent.com/RPiList/specials/master/Blocklisten/Streaming
|
||||
https://raw.githubusercontent.com/RPiList/specials/master/Blocklisten/spam.mails
|
||||
https://raw.githubusercontent.com/RPiList/specials/master/Blocklisten/easylist
|
||||
https://raw.githubusercontent.com/RPiList/specials/master/Blocklisten/crypto
|
||||
https://raw.githubusercontent.com/RPiList/specials/master/Blocklisten/gambling
|
||||
#Firebog
|
||||
https://v.firebog.net/hosts/Easyprivacy.txt
|
||||
https://v.firebog.net/hosts/Prigent-Ads.txt
|
||||
https://v.firebog.net/hosts/AdguardDNS.txt
|
||||
#AdAway
|
||||
https://adaway.org/hosts.txt
|
||||
#BlockListProject
|
||||
https://blocklist.site/app/dl/ads
|
||||
https://blocklist.site/app/dl/crypto
|
||||
https://blocklist.site/app/dl/drugs
|
||||
https://blocklist.site/app/dl/fraud
|
||||
https://blocklist.site/app/dl/gambling
|
||||
https://blocklist.site/app/dl/malware
|
||||
https://blocklist.site/app/dl/phishing
|
||||
https://blocklist.site/app/dl/piracy
|
||||
https://blocklist.site/app/dl/proxy
|
||||
https://blocklist.site/app/dl/ransomware
|
||||
https://blocklist.site/app/dl/redirect
|
||||
https://blocklist.site/app/dl/scam
|
||||
https://blocklist.site/app/dl/spam
|
||||
https://blocklist.site/app/dl/torrent
|
||||
https://blocklist.site/app/dl/tracking
|
|
@ -0,0 +1,8 @@
|
|||
# /etc/pihole/pihole-FTL.conf
|
||||
|
||||
PRIVACYLEVEL=0
|
||||
|
||||
# Performance optimization [Zelo72]
|
||||
ANALYZE_ONLY_A_AND_AAAA=true
|
||||
MAXDBDAYS=90
|
||||
DBINTERVAL=60
|
|
@ -0,0 +1,3 @@
|
|||
sendgrid\.net
|
||||
(\.cn$|\.ru$|\.vn$)
|
||||
^wpad\.
|
|
@ -0,0 +1,141 @@
|
|||
# Mailversand auf dem Raspberry Pi einrichten
|
||||
|
||||
**msmtp, mutt, mailutils und ca-certificates installieren**
|
||||
|
||||
`sudo apt-get install msmtp msmtp-mta mutt mailutils ca-certificates`
|
||||
|
||||
***Hinweis:** In der folgenden Konfigurationsanleitung werden unterschiedliche Mailaccounts für den root und den pi Benutzer verwendet. Sollte nur ein Mailaccount gewünscht sein, kann dieser bei allen Konfigurationen verwendet werden.*
|
||||
|
||||
# msmtp
|
||||
|
||||
**msmtp Konfiguration Systemweit und benutzerdefiniert anlegen**
|
||||
|
||||
Systemweite Konfiguration (root, ...):
|
||||
|
||||
`sudo nano /etc/msmtprc`
|
||||
|
||||
Inhalt systemweite Konfiguration:
|
||||
|
||||
```
|
||||
defaults
|
||||
auth on
|
||||
tls on
|
||||
tls_trust_file /etc/ssl/certs/ca-certificates.crt
|
||||
aliases /etc/aliases
|
||||
|
||||
# Mailaccountdaten
|
||||
account mailadresse@rootuser.xy
|
||||
host smtp.mailanbieter.de
|
||||
port 587
|
||||
from mailadresse@rootuser.xy
|
||||
user mailadresse@rootuser.xy
|
||||
password my@P4ssW0rt:0815+PiHol3
|
||||
|
||||
# Default Account festlegen
|
||||
account default: mailadresse@rootuser.xy
|
||||
```
|
||||
***password**: bei Multi Faktor Authentifizierung anwendungsspezifisches Passwort für den Raspberry beim Mailanbieter anlegen.*
|
||||
|
||||
Benutzerdefinierte Konfiguration (pi):
|
||||
|
||||
`nano /home/pi/.msmtprc`
|
||||
|
||||
Inhalt benutzerdefinierte Konfirguration:
|
||||
|
||||
```
|
||||
defaults
|
||||
auth on
|
||||
tls on
|
||||
tls_trust_file /etc/ssl/certs/ca-certificates.crt
|
||||
aliases /etc/aliases
|
||||
|
||||
# Mailaccountdaten
|
||||
account mailadresse@piuser.xy
|
||||
host smtp.mailanbieter.de
|
||||
port 587
|
||||
from mailadresse@piuser.xy
|
||||
user mailadresse@piuser.xy
|
||||
password my@P4ssW0rt
|
||||
|
||||
# Default Account festlegen
|
||||
account default: mailadresse@piuser.xy
|
||||
```
|
||||
***password**: bei Multi Faktor Authentifizierung anwendungsspezifisches Passwort für den Raspberry beim Mailanbieter anlegen.*
|
||||
|
||||
Zugriff auf benutzerdefinierte Konfiguration beschränken:
|
||||
|
||||
`chmod 600 /home/pi/.msmtprc`
|
||||
|
||||
**Empfänger-Adressen der Useraccounts und Fallback-Adresse (default) festlegen**
|
||||
|
||||
`sudo nano /etc/aliases`
|
||||
|
||||
```
|
||||
root: mailadresse@rootuser.xy
|
||||
pi: mailadresse@piuser.xy
|
||||
default: mailadresse@rootuser.xy
|
||||
```
|
||||
|
||||
**Mailprogramm definieren**
|
||||
|
||||
`sudo nano /etc/mail.rc`
|
||||
|
||||
Inhalt der mail.rc:
|
||||
|
||||
`set sendmail="/usr/bin/msmtp -t"`
|
||||
|
||||
# Mutt
|
||||
|
||||
**Mutt Konfiguration Systemweit und benutzerdefiniert anlegen**
|
||||
|
||||
Systemweite Konfiguration:
|
||||
|
||||
`sudo nano /etc/muttrc`
|
||||
|
||||
Inhalt systemweite Konfiguration:
|
||||
|
||||
```
|
||||
my_hdr From: mailadresse@rootuser.xy
|
||||
set realname="system"
|
||||
```
|
||||
|
||||
Benutzerdefinierte Konfiguration für root User:
|
||||
|
||||
`sudo nano /root/.muttrc`
|
||||
|
||||
Inhalt root Konfiguration:
|
||||
|
||||
```
|
||||
my_hdr From: mailadresse@rootuser.xy
|
||||
set realname="root"
|
||||
```
|
||||
|
||||
Benutzerdefinierte Konfiguration für pi User:
|
||||
|
||||
`nano /home/pi/.muttrc`
|
||||
|
||||
Inhalt pi Konfiguration:
|
||||
|
||||
```
|
||||
my_hdr From: mailadresse@piuser.xy
|
||||
set realname="pi"
|
||||
```
|
||||
|
||||
# Test der Konfiguration
|
||||
|
||||
**Mailversand testen**
|
||||
|
||||
**Über mail testen:**
|
||||
|
||||
`echo "Inhalt der E-Mail" | mail -s "Betreff" mein@empfaenger.xy`
|
||||
|
||||
**Über mutt mit Dateianhang testen:**
|
||||
|
||||
```
|
||||
echo "Das ist ein Anhang" > anhang.txt
|
||||
echo "Inhalt der E-Mail" | mutt -s "Betreff" mein@empfaenger.xy -a anhang.txt
|
||||
```
|
||||
|
||||
**Über msmtp direkt mit Ausgabe von Debuginformationen falls eine Fehlersuche nötig ist:**
|
||||
|
||||
`echo "Debug" | msmtp -debug mein@empfaenger.xy`
|
|
@ -0,0 +1,57 @@
|
|||
# /etc/unbound/unbound.conf.d/pi-hole.conf
|
||||
|
||||
server:
|
||||
|
||||
# Performance optimization [Zelo72]
|
||||
cache-min-ttl: 0
|
||||
#cache-max-ttl: 86400
|
||||
msg-cache-size: 128m
|
||||
rrset-cache-size: 256m
|
||||
serve-expired: yes
|
||||
|
||||
# If no logfile is specified, syslog is used
|
||||
# logfile: "/var/log/unbound/unbound.log"
|
||||
verbosity: 0
|
||||
|
||||
port: 5353
|
||||
do-ip4: yes
|
||||
do-udp: yes
|
||||
do-tcp: yes
|
||||
|
||||
# May be set to yes if you have IPv6 connectivity
|
||||
do-ip6: no
|
||||
|
||||
# Use this only when you downloaded the list of primary root servers!
|
||||
root-hints: "/var/lib/unbound/root.hints"
|
||||
|
||||
# Trust glue only if it is within the server's authority
|
||||
harden-glue: yes
|
||||
|
||||
# Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
|
||||
harden-dnssec-stripped: yes
|
||||
|
||||
# Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
|
||||
# see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
|
||||
use-caps-for-id: no
|
||||
|
||||
# Reduce EDNS reassembly buffer size.
|
||||
# Suggested by the unbound man page to reduce fragmentation reassembly problems
|
||||
edns-buffer-size: 1472
|
||||
|
||||
# Perform prefetching of close to expired message cache entries
|
||||
# This only applies to domains that have been frequently queried
|
||||
prefetch: yes
|
||||
|
||||
# One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
|
||||
num-threads: 1
|
||||
|
||||
# Ensure kernel buffer is large enough to not lose messages in traffic spikes
|
||||
so-rcvbuf: 1m
|
||||
|
||||
# Ensure privacy of local IP ranges
|
||||
private-address: 192.168.0.0/16
|
||||
private-address: 169.254.0.0/16
|
||||
private-address: 172.16.0.0/12
|
||||
private-address: 10.0.0.0/8
|
||||
private-address: fd00::/8
|
||||
private-address: fe80::/10
|
|
@ -0,0 +1,53 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Script: updateUnboundRootHints.sh - https://github.com/Zelo72/rpi (/unbound/)
|
||||
#
|
||||
# Beschreibung: Aktualisiert die Unbound root.hints (Rootserver) von internic.net. Das Script sollte
|
||||
# monatlich ausgeführt werden.
|
||||
#
|
||||
# Aufruf: sudo ./updateUnboundRootHints.sh
|
||||
#
|
||||
# Ausgabedateien: /var/log/updateUnboundRootHints.sh.log --> Logfile
|
||||
# /var/log/updateUnboundRootHints.cron.log --> logfile cron job
|
||||
#
|
||||
# Installation: 1. Script downloaden:
|
||||
# wget https://github.com/Zelo72/rpi/master/unbound/updateUnboundRootHints.sh
|
||||
# 2. Script mittels sudo chmod +x updateUnboundRootHints.sh ausführbar machen.
|
||||
#
|
||||
# Installation: 1. Script mittels sudo cp updateUnboundRootHints.sh /root nach /root kopieren.
|
||||
# (als Cron-Job) 2. Script mittels sudo chmod +x /root/updateUnboundRootHints.sh ausfuehrbar machen.
|
||||
# 3. Cron-Job mit sudo crontab -e erstellen
|
||||
# Am Ende der Datei z.B. folgendes einfuegen um das Script monatlich am 1.
|
||||
# um 04:00 Uhr auszuführen:
|
||||
#
|
||||
# 0 4 1 * * /root/updateUnboundRootHints.sh > /var/log/updateUnboundRootHints.cron.log
|
||||
#
|
||||
# 4. Datei speichern und schliessen. (im nano Editor: Strg+o/Enter/Strg+x).
|
||||
|
||||
# Prüfen ob das Script als root ausgefuehrt wird
|
||||
if [ "$(id -u)" != "0" ]; then
|
||||
echo "Das Script muss mit Rootrechten ausgeführt werden!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Logging initialisieren
|
||||
logDir=/var/log/
|
||||
log=$logDir/updateUnboundRootHints.sh.log
|
||||
if test -f "$log"; then rm "$log"; fi
|
||||
|
||||
# Hilfsfunktion zum loggen
|
||||
writeLog() {
|
||||
echo -e "[$(date +'%Y.%m.%d-%H:%M:%S')]" "$*" | tee -a "$log"
|
||||
}
|
||||
writeLog "[I] Start | Logfile: $log"
|
||||
|
||||
writeLog "[I] Hole named.root (Rootserver) von internic.net ..."
|
||||
wget -O /var/lib/unbound/root.hints https://www.internic.net/domain/named.root
|
||||
if [[ $? -ne 0 ]]; then
|
||||
writeLog "[E] named.root von internic.net konnte nicht heruntergeladen werden!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
writeLog "[I] Starte den Unbound Service neu ..."
|
||||
service unbound restart
|
||||
writeLog "[I] Ende | Logfile: $log"
|
Loading…
Reference in New Issue