mirror of https://github.com/Zelo72/rpi
initial
This commit is contained in:
parent
d186c395a4
commit
38589df9eb
|
@ -0,0 +1,38 @@
|
||||||
|
#Pihole
|
||||||
|
https://mirror1.malwaredomains.com/files/justdomains
|
||||||
|
http://sysctl.org/cameleon/hosts
|
||||||
|
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
|
||||||
|
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
|
||||||
|
#StevenBlack
|
||||||
|
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
|
||||||
|
#OISD
|
||||||
|
https://dbl.oisd.nl/
|
||||||
|
#RPiList
|
||||||
|
https://raw.githubusercontent.com/RPiList/specials/master/Blocklisten/notserious
|
||||||
|
https://raw.githubusercontent.com/RPiList/specials/master/Blocklisten/Streaming
|
||||||
|
https://raw.githubusercontent.com/RPiList/specials/master/Blocklisten/spam.mails
|
||||||
|
https://raw.githubusercontent.com/RPiList/specials/master/Blocklisten/easylist
|
||||||
|
https://raw.githubusercontent.com/RPiList/specials/master/Blocklisten/crypto
|
||||||
|
https://raw.githubusercontent.com/RPiList/specials/master/Blocklisten/gambling
|
||||||
|
#Firebog
|
||||||
|
https://v.firebog.net/hosts/Easyprivacy.txt
|
||||||
|
https://v.firebog.net/hosts/Prigent-Ads.txt
|
||||||
|
https://v.firebog.net/hosts/AdguardDNS.txt
|
||||||
|
#AdAway
|
||||||
|
https://adaway.org/hosts.txt
|
||||||
|
#BlockListProject
|
||||||
|
https://blocklist.site/app/dl/ads
|
||||||
|
https://blocklist.site/app/dl/crypto
|
||||||
|
https://blocklist.site/app/dl/drugs
|
||||||
|
https://blocklist.site/app/dl/fraud
|
||||||
|
https://blocklist.site/app/dl/gambling
|
||||||
|
https://blocklist.site/app/dl/malware
|
||||||
|
https://blocklist.site/app/dl/phishing
|
||||||
|
https://blocklist.site/app/dl/piracy
|
||||||
|
https://blocklist.site/app/dl/proxy
|
||||||
|
https://blocklist.site/app/dl/ransomware
|
||||||
|
https://blocklist.site/app/dl/redirect
|
||||||
|
https://blocklist.site/app/dl/scam
|
||||||
|
https://blocklist.site/app/dl/spam
|
||||||
|
https://blocklist.site/app/dl/torrent
|
||||||
|
https://blocklist.site/app/dl/tracking
|
|
@ -0,0 +1,8 @@
|
||||||
|
# /etc/pihole/pihole-FTL.conf
|
||||||
|
|
||||||
|
PRIVACYLEVEL=0
|
||||||
|
|
||||||
|
# Performance optimization [Zelo72]
|
||||||
|
ANALYZE_ONLY_A_AND_AAAA=true
|
||||||
|
MAXDBDAYS=90
|
||||||
|
DBINTERVAL=60
|
|
@ -0,0 +1,3 @@
|
||||||
|
sendgrid\.net
|
||||||
|
(\.cn$|\.ru$|\.vn$)
|
||||||
|
^wpad\.
|
|
@ -0,0 +1,141 @@
|
||||||
|
# Mailversand auf dem Raspberry Pi einrichten
|
||||||
|
|
||||||
|
**msmtp, mutt, mailutils und ca-certificates installieren**
|
||||||
|
|
||||||
|
`sudo apt-get install msmtp msmtp-mta mutt mailutils ca-certificates`
|
||||||
|
|
||||||
|
***Hinweis:** In der folgenden Konfigurationsanleitung werden unterschiedliche Mailaccounts für den root und den pi Benutzer verwendet. Sollte nur ein Mailaccount gewünscht sein, kann dieser bei allen Konfigurationen verwendet werden.*
|
||||||
|
|
||||||
|
# msmtp
|
||||||
|
|
||||||
|
**msmtp Konfiguration Systemweit und benutzerdefiniert anlegen**
|
||||||
|
|
||||||
|
Systemweite Konfiguration (root, ...):
|
||||||
|
|
||||||
|
`sudo nano /etc/msmtprc`
|
||||||
|
|
||||||
|
Inhalt systemweite Konfiguration:
|
||||||
|
|
||||||
|
```
|
||||||
|
defaults
|
||||||
|
auth on
|
||||||
|
tls on
|
||||||
|
tls_trust_file /etc/ssl/certs/ca-certificates.crt
|
||||||
|
aliases /etc/aliases
|
||||||
|
|
||||||
|
# Mailaccountdaten
|
||||||
|
account mailadresse@rootuser.xy
|
||||||
|
host smtp.mailanbieter.de
|
||||||
|
port 587
|
||||||
|
from mailadresse@rootuser.xy
|
||||||
|
user mailadresse@rootuser.xy
|
||||||
|
password my@P4ssW0rt:0815+PiHol3
|
||||||
|
|
||||||
|
# Default Account festlegen
|
||||||
|
account default: mailadresse@rootuser.xy
|
||||||
|
```
|
||||||
|
***password**: bei Multi Faktor Authentifizierung anwendungsspezifisches Passwort für den Raspberry beim Mailanbieter anlegen.*
|
||||||
|
|
||||||
|
Benutzerdefinierte Konfiguration (pi):
|
||||||
|
|
||||||
|
`nano /home/pi/.msmtprc`
|
||||||
|
|
||||||
|
Inhalt benutzerdefinierte Konfirguration:
|
||||||
|
|
||||||
|
```
|
||||||
|
defaults
|
||||||
|
auth on
|
||||||
|
tls on
|
||||||
|
tls_trust_file /etc/ssl/certs/ca-certificates.crt
|
||||||
|
aliases /etc/aliases
|
||||||
|
|
||||||
|
# Mailaccountdaten
|
||||||
|
account mailadresse@piuser.xy
|
||||||
|
host smtp.mailanbieter.de
|
||||||
|
port 587
|
||||||
|
from mailadresse@piuser.xy
|
||||||
|
user mailadresse@piuser.xy
|
||||||
|
password my@P4ssW0rt
|
||||||
|
|
||||||
|
# Default Account festlegen
|
||||||
|
account default: mailadresse@piuser.xy
|
||||||
|
```
|
||||||
|
***password**: bei Multi Faktor Authentifizierung anwendungsspezifisches Passwort für den Raspberry beim Mailanbieter anlegen.*
|
||||||
|
|
||||||
|
Zugriff auf benutzerdefinierte Konfiguration beschränken:
|
||||||
|
|
||||||
|
`chmod 600 /home/pi/.msmtprc`
|
||||||
|
|
||||||
|
**Empfänger-Adressen der Useraccounts und Fallback-Adresse (default) festlegen**
|
||||||
|
|
||||||
|
`sudo nano /etc/aliases`
|
||||||
|
|
||||||
|
```
|
||||||
|
root: mailadresse@rootuser.xy
|
||||||
|
pi: mailadresse@piuser.xy
|
||||||
|
default: mailadresse@rootuser.xy
|
||||||
|
```
|
||||||
|
|
||||||
|
**Mailprogramm definieren**
|
||||||
|
|
||||||
|
`sudo nano /etc/mail.rc`
|
||||||
|
|
||||||
|
Inhalt der mail.rc:
|
||||||
|
|
||||||
|
`set sendmail="/usr/bin/msmtp -t"`
|
||||||
|
|
||||||
|
# Mutt
|
||||||
|
|
||||||
|
**Mutt Konfiguration Systemweit und benutzerdefiniert anlegen**
|
||||||
|
|
||||||
|
Systemweite Konfiguration:
|
||||||
|
|
||||||
|
`sudo nano /etc/muttrc`
|
||||||
|
|
||||||
|
Inhalt systemweite Konfiguration:
|
||||||
|
|
||||||
|
```
|
||||||
|
my_hdr From: mailadresse@rootuser.xy
|
||||||
|
set realname="system"
|
||||||
|
```
|
||||||
|
|
||||||
|
Benutzerdefinierte Konfiguration für root User:
|
||||||
|
|
||||||
|
`sudo nano /root/.muttrc`
|
||||||
|
|
||||||
|
Inhalt root Konfiguration:
|
||||||
|
|
||||||
|
```
|
||||||
|
my_hdr From: mailadresse@rootuser.xy
|
||||||
|
set realname="root"
|
||||||
|
```
|
||||||
|
|
||||||
|
Benutzerdefinierte Konfiguration für pi User:
|
||||||
|
|
||||||
|
`nano /home/pi/.muttrc`
|
||||||
|
|
||||||
|
Inhalt pi Konfiguration:
|
||||||
|
|
||||||
|
```
|
||||||
|
my_hdr From: mailadresse@piuser.xy
|
||||||
|
set realname="pi"
|
||||||
|
```
|
||||||
|
|
||||||
|
# Test der Konfiguration
|
||||||
|
|
||||||
|
**Mailversand testen**
|
||||||
|
|
||||||
|
**Über mail testen:**
|
||||||
|
|
||||||
|
`echo "Inhalt der E-Mail" | mail -s "Betreff" mein@empfaenger.xy`
|
||||||
|
|
||||||
|
**Über mutt mit Dateianhang testen:**
|
||||||
|
|
||||||
|
```
|
||||||
|
echo "Das ist ein Anhang" > anhang.txt
|
||||||
|
echo "Inhalt der E-Mail" | mutt -s "Betreff" mein@empfaenger.xy -a anhang.txt
|
||||||
|
```
|
||||||
|
|
||||||
|
**Über msmtp direkt mit Ausgabe von Debuginformationen falls eine Fehlersuche nötig ist:**
|
||||||
|
|
||||||
|
`echo "Debug" | msmtp -debug mein@empfaenger.xy`
|
|
@ -0,0 +1,57 @@
|
||||||
|
# /etc/unbound/unbound.conf.d/pi-hole.conf
|
||||||
|
|
||||||
|
server:
|
||||||
|
|
||||||
|
# Performance optimization [Zelo72]
|
||||||
|
cache-min-ttl: 0
|
||||||
|
#cache-max-ttl: 86400
|
||||||
|
msg-cache-size: 128m
|
||||||
|
rrset-cache-size: 256m
|
||||||
|
serve-expired: yes
|
||||||
|
|
||||||
|
# If no logfile is specified, syslog is used
|
||||||
|
# logfile: "/var/log/unbound/unbound.log"
|
||||||
|
verbosity: 0
|
||||||
|
|
||||||
|
port: 5353
|
||||||
|
do-ip4: yes
|
||||||
|
do-udp: yes
|
||||||
|
do-tcp: yes
|
||||||
|
|
||||||
|
# May be set to yes if you have IPv6 connectivity
|
||||||
|
do-ip6: no
|
||||||
|
|
||||||
|
# Use this only when you downloaded the list of primary root servers!
|
||||||
|
root-hints: "/var/lib/unbound/root.hints"
|
||||||
|
|
||||||
|
# Trust glue only if it is within the server's authority
|
||||||
|
harden-glue: yes
|
||||||
|
|
||||||
|
# Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
|
||||||
|
harden-dnssec-stripped: yes
|
||||||
|
|
||||||
|
# Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
|
||||||
|
# see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
|
||||||
|
use-caps-for-id: no
|
||||||
|
|
||||||
|
# Reduce EDNS reassembly buffer size.
|
||||||
|
# Suggested by the unbound man page to reduce fragmentation reassembly problems
|
||||||
|
edns-buffer-size: 1472
|
||||||
|
|
||||||
|
# Perform prefetching of close to expired message cache entries
|
||||||
|
# This only applies to domains that have been frequently queried
|
||||||
|
prefetch: yes
|
||||||
|
|
||||||
|
# One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
|
||||||
|
num-threads: 1
|
||||||
|
|
||||||
|
# Ensure kernel buffer is large enough to not lose messages in traffic spikes
|
||||||
|
so-rcvbuf: 1m
|
||||||
|
|
||||||
|
# Ensure privacy of local IP ranges
|
||||||
|
private-address: 192.168.0.0/16
|
||||||
|
private-address: 169.254.0.0/16
|
||||||
|
private-address: 172.16.0.0/12
|
||||||
|
private-address: 10.0.0.0/8
|
||||||
|
private-address: fd00::/8
|
||||||
|
private-address: fe80::/10
|
|
@ -0,0 +1,53 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Script: updateUnboundRootHints.sh - https://github.com/Zelo72/rpi (/unbound/)
|
||||||
|
#
|
||||||
|
# Beschreibung: Aktualisiert die Unbound root.hints (Rootserver) von internic.net. Das Script sollte
|
||||||
|
# monatlich ausgeführt werden.
|
||||||
|
#
|
||||||
|
# Aufruf: sudo ./updateUnboundRootHints.sh
|
||||||
|
#
|
||||||
|
# Ausgabedateien: /var/log/updateUnboundRootHints.sh.log --> Logfile
|
||||||
|
# /var/log/updateUnboundRootHints.cron.log --> logfile cron job
|
||||||
|
#
|
||||||
|
# Installation: 1. Script downloaden:
|
||||||
|
# wget https://github.com/Zelo72/rpi/master/unbound/updateUnboundRootHints.sh
|
||||||
|
# 2. Script mittels sudo chmod +x updateUnboundRootHints.sh ausführbar machen.
|
||||||
|
#
|
||||||
|
# Installation: 1. Script mittels sudo cp updateUnboundRootHints.sh /root nach /root kopieren.
|
||||||
|
# (als Cron-Job) 2. Script mittels sudo chmod +x /root/updateUnboundRootHints.sh ausfuehrbar machen.
|
||||||
|
# 3. Cron-Job mit sudo crontab -e erstellen
|
||||||
|
# Am Ende der Datei z.B. folgendes einfuegen um das Script monatlich am 1.
|
||||||
|
# um 04:00 Uhr auszuführen:
|
||||||
|
#
|
||||||
|
# 0 4 1 * * /root/updateUnboundRootHints.sh > /var/log/updateUnboundRootHints.cron.log
|
||||||
|
#
|
||||||
|
# 4. Datei speichern und schliessen. (im nano Editor: Strg+o/Enter/Strg+x).
|
||||||
|
|
||||||
|
# Prüfen ob das Script als root ausgefuehrt wird
|
||||||
|
if [ "$(id -u)" != "0" ]; then
|
||||||
|
echo "Das Script muss mit Rootrechten ausgeführt werden!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Logging initialisieren
|
||||||
|
logDir=/var/log/
|
||||||
|
log=$logDir/updateUnboundRootHints.sh.log
|
||||||
|
if test -f "$log"; then rm "$log"; fi
|
||||||
|
|
||||||
|
# Hilfsfunktion zum loggen
|
||||||
|
writeLog() {
|
||||||
|
echo -e "[$(date +'%Y.%m.%d-%H:%M:%S')]" "$*" | tee -a "$log"
|
||||||
|
}
|
||||||
|
writeLog "[I] Start | Logfile: $log"
|
||||||
|
|
||||||
|
writeLog "[I] Hole named.root (Rootserver) von internic.net ..."
|
||||||
|
wget -O /var/lib/unbound/root.hints https://www.internic.net/domain/named.root
|
||||||
|
if [[ $? -ne 0 ]]; then
|
||||||
|
writeLog "[E] named.root von internic.net konnte nicht heruntergeladen werden!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
writeLog "[I] Starte den Unbound Service neu ..."
|
||||||
|
service unbound restart
|
||||||
|
writeLog "[I] Ende | Logfile: $log"
|
Loading…
Reference in New Issue