Compare commits
7 Commits
b65bea2772
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| 92baa514d2 | |||
| 59203c1c30 | |||
| 9fb402fa2b | |||
| 7aa52fcc2c | |||
| 09fbcc881b | |||
| 8bd07d2a77 | |||
| fef4e6b347 |
@ -1,9 +0,0 @@
|
||||
FROM alpine
|
||||
|
||||
MAINTAINER Jaka Hudoklin <offlinehacker@users.noreply.github.com>
|
||||
|
||||
RUN apk add --no-cache bash hostapd iptables dhcp docker iproute2 iw
|
||||
RUN echo "" > /var/lib/dhcp/dhcpd.leases
|
||||
ADD wlanstart.sh /bin/wlanstart.sh
|
||||
|
||||
ENTRYPOINT [ "/bin/wlanstart.sh" ]
|
||||
@ -1,82 +0,0 @@
|
||||
# Docker container stack: hostap + dhcp server
|
||||
|
||||
This container starts wireless access point (hostap) and dhcp server in docker
|
||||
container. It supports both host networking and network interface reattaching
|
||||
to container network namespace modes (host and guest).
|
||||
|
||||
## Requirements
|
||||
|
||||
On the host system install required wifi drivers, then make sure your wifi adapter
|
||||
supports AP mode:
|
||||
|
||||
```
|
||||
# iw list
|
||||
...
|
||||
Supported interface modes:
|
||||
* IBSS
|
||||
* managed
|
||||
* AP
|
||||
* AP/VLAN
|
||||
* WDS
|
||||
* monitor
|
||||
* mesh point
|
||||
...
|
||||
```
|
||||
|
||||
Set country regulations, for example, for Spain set:
|
||||
|
||||
```
|
||||
# iw reg set ES
|
||||
country ES: DFS-ETSI
|
||||
(2400 - 2483 @ 40), (N/A, 20), (N/A)
|
||||
(5150 - 5250 @ 80), (N/A, 23), (N/A), NO-OUTDOOR
|
||||
(5250 - 5350 @ 80), (N/A, 20), (0 ms), NO-OUTDOOR, DFS
|
||||
(5470 - 5725 @ 160), (N/A, 26), (0 ms), DFS
|
||||
(57000 - 66000 @ 2160), (N/A, 40), (N/A)
|
||||
```
|
||||
|
||||
## Build / run
|
||||
|
||||
* Using host networking:
|
||||
|
||||
```
|
||||
sudo docker run -i -t -e INTERFACE=wlan1 -e OUTGOINGS=wlan0 --net host --privileged won10/hostapd
|
||||
```
|
||||
|
||||
* Using network interface reattaching:
|
||||
|
||||
```
|
||||
sudo docker run -d -t -e INTERFACE=wlan0 -v /var/run/docker.sock:/var/run/docker.sock --privileged offlinehacker/docker-ap
|
||||
```
|
||||
|
||||
This mode requires access to docker socket, so it can run a short lived
|
||||
container that reattaches network interface to network namespace of this
|
||||
container. It also renames wifi interface to **wlan0**, so you get
|
||||
deterministic networking environment. This mode can be usefull for example for
|
||||
pentesting, where can you use docker compose to run other wifi hacking tools
|
||||
and have deterministic environment with wifi interface.
|
||||
|
||||
## Environment variables
|
||||
|
||||
* **INTERFACE**: name of the interface to use for wifi access point (default: wlan0)
|
||||
* **OUTGOINGS**: outgoing network interface (default: eth0)
|
||||
* **CHANNEL**: WIFI channel (default: 6)
|
||||
* **SUBNET**: Network subnet (default: 192.168.254.0)
|
||||
* **AP_ADDR**: Access point address (default: 192.168.254.1)
|
||||
* **SSID**: Access point SSID (default: docker-ap)
|
||||
* **WPA_PASSPHRASE**: WPA password (default: passw0rd)
|
||||
* **HW_MODE**: WIFI mode to use (default: g)
|
||||
* **DRIVER**: WIFI driver to use (default: nl80211)
|
||||
* **HT_CAPAB**: WIFI HT capabilities for 802.11n (default: [HT40-][SHORT-GI-20][SHORT-GI-40])
|
||||
* **MODE**: Mode to run in guest/host (default: host)
|
||||
|
||||
## License
|
||||
|
||||
MIT
|
||||
|
||||
## Author
|
||||
|
||||
Jaka Hudoklin <jakahudoklin@gmail.com>
|
||||
|
||||
Thanks to https://github.com/sdelrio/rpi-hostap for providing original
|
||||
implementation.
|
||||
@ -1,2 +0,0 @@
|
||||
#!/bin/bash
|
||||
docker run -i -t -e INTERFACE=wlan0 -e OUTGOINGS=eth0 --net host --privileged won10/hostapd
|
||||
@ -1,126 +0,0 @@
|
||||
#!/bin/bash -e
|
||||
|
||||
# Check if running in privileged mode
|
||||
if [ ! -w "/sys" ] ; then
|
||||
echo "[Error] Not running in privileged mode."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Default values
|
||||
true ${INTERFACE:=wlan0}
|
||||
true ${SUBNET:=192.168.254.0}
|
||||
true ${AP_ADDR:=192.168.254.1}
|
||||
true ${SSID:=docker-ap}
|
||||
true ${CHANNEL:=11}
|
||||
true ${WPA_PASSPHRASE:=passw0rd}
|
||||
true ${HW_MODE:=g}
|
||||
true ${DRIVER:=nl80211}
|
||||
true ${HT_CAPAB:=[HT40-][SHORT-GI-20][SHORT-GI-40]}
|
||||
true ${MODE:=host}
|
||||
|
||||
# Attach interface to container in guest mode
|
||||
if [ "$MODE" == "guest" ]; then
|
||||
echo "Attaching interface to container"
|
||||
|
||||
CONTAINER_ID=$(cat /proc/self/cgroup | grep -o -e "/docker/.*" | head -n 1| sed "s/\/docker\/\(.*\)/\\1/")
|
||||
CONTAINER_PID=$(docker inspect -f '{{.State.Pid}}' ${CONTAINER_ID})
|
||||
CONTAINER_IMAGE=$(docker inspect -f '{{.Config.Image}}' ${CONTAINER_ID})
|
||||
|
||||
docker run -t --privileged --net=host --pid=host --rm --entrypoint /bin/sh ${CONTAINER_IMAGE} -c "
|
||||
PHY=\$(echo phy\$(iw dev ${INTERFACE} info | grep wiphy | tr ' ' '\n' | tail -n 1))
|
||||
iw phy \$PHY set netns ${CONTAINER_PID}
|
||||
"
|
||||
|
||||
ip link set ${INTERFACE} name wlan0
|
||||
|
||||
INTERFACE=wlan0
|
||||
fi
|
||||
|
||||
if [ ! -f "/etc/hostapd.conf" ] ; then
|
||||
cat > "/etc/hostapd.conf" <<EOF
|
||||
interface=${INTERFACE}
|
||||
driver=${DRIVER}
|
||||
ssid=${SSID}
|
||||
hw_mode=${HW_MODE}
|
||||
channel=${CHANNEL}
|
||||
wpa=2
|
||||
wpa_passphrase=${WPA_PASSPHRASE}
|
||||
wpa_key_mgmt=WPA-PSK
|
||||
# TKIP is no secure anymore
|
||||
#wpa_pairwise=TKIP CCMP
|
||||
wpa_pairwise=CCMP
|
||||
rsn_pairwise=CCMP
|
||||
wpa_ptk_rekey=600
|
||||
ieee80211n=1
|
||||
ht_capab=${HT_CAPAB}
|
||||
wmm_enabled=1
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
# unblock wlan
|
||||
rfkill unblock wlan
|
||||
|
||||
echo "Setting interface ${INTERFACE}"
|
||||
|
||||
# Setup interface and restart DHCP service
|
||||
ip link set ${INTERFACE} up
|
||||
ip addr flush dev ${INTERFACE}
|
||||
ip addr add ${AP_ADDR}/24 dev ${INTERFACE}
|
||||
|
||||
# NAT settings
|
||||
echo "NAT settings ip_dynaddr, ip_forward"
|
||||
|
||||
for i in ip_dynaddr ip_forward ; do
|
||||
if [ $(cat /proc/sys/net/ipv4/$i) ]; then
|
||||
echo $i already 1
|
||||
else
|
||||
echo "1" > /proc/sys/net/ipv4/$i
|
||||
fi
|
||||
done
|
||||
|
||||
cat /proc/sys/net/ipv4/ip_dynaddr
|
||||
cat /proc/sys/net/ipv4/ip_forward
|
||||
|
||||
if [ "${OUTGOINGS}" ] ; then
|
||||
ints="$(sed 's/,\+/ /g' <<<"${OUTGOINGS}")"
|
||||
for int in ${ints}
|
||||
do
|
||||
echo "Setting iptables for outgoing traffics on ${int}..."
|
||||
iptables -t nat -D POSTROUTING -s ${SUBNET}/24 -o ${int} -j MASQUERADE > /dev/null 2>&1 || true
|
||||
iptables -t nat -A POSTROUTING -s ${SUBNET}/24 -o ${int} -j MASQUERADE
|
||||
|
||||
iptables -D FORWARD -i ${int} -o ${INTERFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT > /dev/null 2>&1 || true
|
||||
iptables -A FORWARD -i ${int} -o ${INTERFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
|
||||
iptables -D FORWARD -i ${INTERFACE} -o ${int} -j ACCEPT > /dev/null 2>&1 || true
|
||||
iptables -A FORWARD -i ${INTERFACE} -o ${int} -j ACCEPT
|
||||
done
|
||||
else
|
||||
echo "Setting iptables for outgoing traffics on all interfaces..."
|
||||
iptables -t nat -D POSTROUTING -s ${SUBNET}/24 -j MASQUERADE > /dev/null 2>&1 || true
|
||||
iptables -t nat -A POSTROUTING -s ${SUBNET}/24 -j MASQUERADE
|
||||
|
||||
iptables -D FORWARD -o ${INTERFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT > /dev/null 2>&1 || true
|
||||
iptables -A FORWARD -o ${INTERFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
|
||||
iptables -D FORWARD -i ${INTERFACE} -j ACCEPT > /dev/null 2>&1 || true
|
||||
iptables -A FORWARD -i ${INTERFACE} -j ACCEPT
|
||||
fi
|
||||
echo "Configuring DHCP server .."
|
||||
|
||||
cat > "/etc/dhcp/dhcpd.conf" <<EOF
|
||||
option domain-name-servers 8.8.8.8, 8.8.4.4;
|
||||
option subnet-mask 255.255.255.0;
|
||||
option routers ${AP_ADDR};
|
||||
subnet ${SUBNET} netmask 255.255.255.0 {
|
||||
range ${SUBNET::-1}100 ${SUBNET::-1}200;
|
||||
}
|
||||
EOF
|
||||
|
||||
echo "Starting DHCP server .."
|
||||
dhcpd ${INTERFACE}
|
||||
|
||||
echo "Starting HostAP daemon ..."
|
||||
/usr/sbin/hostapd /etc/hostapd.conf
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
FROM nodered/node-red:1.3.3
|
||||
FROM nodered/node-red:2.2.0
|
||||
USER root
|
||||
|
||||
RUN apk update && apk upgrade && \
|
||||
|
||||
@ -1,89 +0,0 @@
|
||||
FROM node:lts-buster AS base
|
||||
|
||||
# Copy scripts
|
||||
COPY scripts/*.sh /tmp/
|
||||
|
||||
RUN mkdir -p /usr/src/node-red /data && \
|
||||
deluser --remove-home node && \
|
||||
adduser --gecos "" --home /usr/src/node-red --disabled-login --uid 1000 node-red && \
|
||||
chown -R node-red:node-red /data && \
|
||||
chown -R node-red:node-red /usr/src/node-red && \
|
||||
chmod +x /tmp/*.sh
|
||||
|
||||
# Install tools, create Node-RED app and data dir, add user and set rights
|
||||
RUN set -ex && \
|
||||
apt-get update && \
|
||||
apt-get upgrade -y && \
|
||||
apt-get install -y \
|
||||
bash \
|
||||
tzdata \
|
||||
iputils-ping \
|
||||
iputils-arping \
|
||||
curl \
|
||||
nano \
|
||||
git \
|
||||
openssl \
|
||||
openssh-client
|
||||
|
||||
# Set work directory
|
||||
WORKDIR /usr/src/node-red
|
||||
|
||||
# package.json contains Node-RED NPM module and node dependencies
|
||||
COPY package.json .
|
||||
|
||||
#### Stage BUILD #######################################################################################################
|
||||
FROM base AS build
|
||||
|
||||
# Install Build tools
|
||||
RUN apt-get update && \
|
||||
apt-get upgrade -y && \
|
||||
apt-get -y install build-essential linux-headers-$(uname -r) udev python && \
|
||||
npm install --unsafe-perm --no-update-notifier --only=production
|
||||
|
||||
RUN /tmp/remove_native_gpio.sh && \
|
||||
cp -R node_modules prod_node_modules
|
||||
|
||||
#### Stage RELEASE #####################################################################################################
|
||||
FROM base AS RELEASE
|
||||
|
||||
COPY --from=build /usr/src/node-red/prod_node_modules ./node_modules
|
||||
|
||||
# Chown, install devtools & Clean up
|
||||
RUN chown -R node-red:node-red /usr/src/node-red && \
|
||||
/tmp/install_devtools.sh && \
|
||||
rm -r /tmp/*
|
||||
|
||||
RUN set -ex \
|
||||
&& apt-get install -y wget sudo net-tools dhcpdump rfkill bluetooth bluez bluez-tools arp-scan libpcap-dev
|
||||
RUN addgroup node-red sudo
|
||||
|
||||
RUN cat /dev/null > /etc/sudoers \
|
||||
&& echo -e "Set disable_coredump false\n" > /etc/sudo.conf \
|
||||
&& touch /etc/sudoers \
|
||||
&& echo "node-red ALL=(ALL) NOPASSWD: ALL\n%sudo ALL=(ALL) NOPASSWD: ALL\n" > /etc/sudoers \
|
||||
&& chmod 0440 /etc/sudoers
|
||||
|
||||
RUN apt-get clean autoclean && \
|
||||
apt-get autoremove --yes && \
|
||||
rm -rf /var/lib/{apt,dpkg,cache,log}/
|
||||
|
||||
USER node-red
|
||||
|
||||
# Env variables
|
||||
ENV NODE_RED_VERSION=$NODE_RED_VERSION \
|
||||
NODE_PATH=/usr/src/node-red/node_modules:/data/node_modules \
|
||||
FLOWS=flows.json
|
||||
|
||||
# ENV NODE_RED_ENABLE_SAFE_MODE=true # Uncomment to enable safe start mode (flows not running)
|
||||
# ENV NODE_RED_ENABLE_PROJECTS=true # Uncomment to enable projects option
|
||||
|
||||
# User configuration directory volume
|
||||
VOLUME ["/data"]
|
||||
|
||||
# Expose the listening port of node-red
|
||||
EXPOSE 1880
|
||||
|
||||
# Add a healthcheck (default every 30 secs)
|
||||
HEALTHCHECK CMD curl http://localhost:1880/ || exit 1
|
||||
|
||||
ENTRYPOINT ["npm", "start", "--", "--userDir", "/data"]
|
||||
@ -1,5 +0,0 @@
|
||||
FROM fauust/docker-systemd:debian-10
|
||||
|
||||
RUN apt-get update && apt-get upgrade --yes && apt-get install curl wget sudo procps --yes
|
||||
|
||||
RUN curl -sL https://install.raspap.com | bash -s -- --yes
|
||||
@ -1,3 +1,3 @@
|
||||
FROM telegraf:1.18-alpine
|
||||
FROM telegraf:alpine
|
||||
RUN apk update && apk upgrade && \
|
||||
apk --no-cache add unbound
|
||||
|
||||
Reference in New Issue
Block a user