askmrsinh · October 22, 2023 12:29
diff --git a/cleanUp.sh b/cleanUp.sh
 #!/bin/bash

 # Remove old Kernel Modules after update
 # Be careful with this.
 sudo rm -rf /lib/modules/!(*$(uname -r | cut -f1 -d"-")*)
diff --git a/configure-netdata.sh b/configure-netdata.sh
 #!/bin/bash

 bash <(curl -Ss https://my-netdata.io/kickstart.sh) --disable-telemetry --stable-channel

 sudo cat << 'EOT' >> /usr/lib/netdata/conf.d/health.d/ri_temp.conf
 alarm: 5m_avg_temp
 on: sensors.temp_thermal_zone0_thermal_thermal_zone0
 os: linux
 hosts: RaspberryPi raspberrypi
 lookup: average -5m
 every: 5m
 green: 50
 red: 60
 warn: $this > $green
 crit: $this > $red
 delay: down 10m 
 to:sysadmin
 EOT

 # manually set registery
 # https://docs.netdata.cloud/registry/#run-your-own-registry
diff --git a/configure-pihole.sh b/configure-pihole.sh
 #!/bin/bash

 sudo apt-get install php-zip -y

 curl -sSL https://install.pi-hole.net | bash

 sudo sed -i.bak d /etc/pihole/adlists.list
 sudo cat << EOT > /etc/pihole/adlists.list

 # The below list amalgamates several lists we used previously.
 # See `https://github.com/StevenBlack/hosts` for details
 ##StevenBlack's list
 #https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
 #https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts
 #https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/gambling/hosts
 #https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/porn/hosts
 #https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/social/hosts
 https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn/hosts

 ##MalwareDomains
 https://mirror1.malwaredomains.com/files/justdomains

 ##Cameleon
 http://sysctl.org/cameleon/hosts

 ##Zeustracker
 https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist

 ##Disconnect.me Tracking
 https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt

 ##Disconnect.me Ads
 https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt

 ##Hosts-file.net
 https://hosts-file.net/ad_servers.txt

 # Mahakala list. Has been known to block legitimage domains including the entire .com range.
 # Warning: Due to the sheer size of this list, the web admin console will be unresponsive
 https://adblock.mahakala.is/

 ##AdAway
 https://adaway.org/hosts.txt

 ##hpHosts
 https://hosts-file.net/ad_servers.txt
 https://hosts-file.net/grm.txt
 https://hosts-file.net/exp.txt
 https://hosts-file.net/emd.txt
 https://hosts-file.net/psh.txt

 ##ZeroDot1 CoinBlockerLists
 https://zerodot1.gitlab.io/CoinBlockerLists/hosts
 EOT

 /usr/local/bin/pihole -up && /usr/local/bin/pihole -g
diff --git a/configure-raspbian.sh b/configure-raspbian.sh
 #!/bin/bash

 ## https://www.raspberrypi.org/documentation/configuration/security.md

 read -r -p "Give name for new user: " username
 sudo useradd -m $username -G sudo
 sudo passwd $username

 #sudo deluser -remove-home pi

 sudo apt-get install -y needrestart unattended-upgrades
 sudo apt-get install -y openssh-server
 sudo apt-get install -y fail2ban firewall-applet firewall-config ufw
 sudo apt-get install -y wireshark
diff --git a/dailyUpdate.sh b/dailyUpdate.sh
 #!/bin/bash

 #set -x

 lockdir="/tmp/dailyUpdate.lock"
 pidfile="$lockdir/$$.pid"

 logFile="/var/log/dailyUpdate.log"

 if [[ -z "$1" ]]; then
 	echo "Script ${0##*/} started manually by $USER."
 else
 	# Make sure you give the 1st argument as "cron" when using in crontab
 	appName=$(dpkg-query -W -f='${binary:Package} ${Version}\n' "$1")
 fi

 if mkdir "$lockdir" &>/dev/null
 then
 	echo -e "\n\e[0;32;47m PID $$ successfully acquired lock on $lockdir \e[0m\n"

 	# Remove lockdir when the script finishes, or when it receives an EXIT signal
 	trap 'rm -rf "$lockdir"; echo -e "\n\e[0;36;47m removed $lockdir \e[0m"' 0

 	# Optionally create temporary files in this directory, because
 	# they will be removed automatically:
 	touch "$pidfile"

 	if [[ ! -f "$logFile" ]]; then
 		sudo touch $logFile
 		sudo chmod 644 $logFile
 		#change this!!!
 		sudo chown ashesh $logFile
 	fi

 	ssh 4-1103tx 'DISPLAY=:0 notify-send "ashesh@raspberrypi:~/bin/dailyUpdate.sh" "Starting scheduled update of RaspberryPi." --icon=dialog-information --category=transfer.complete --urgency=normal'

 	{ echo; date;	echo "============================"; } >> $logFile

 	# Update Packages
 	echo "[1] Updating APT's binary cache files" 2>&1 | tee -a $logFile;
 	echo "    $(date '+%Y-%m-%d %H:%M:%S')" 2>&1 | tee -a $logFile;
 	sudo apt-get update 2>&1 | tee -a $logFile;
 	echo "[2] Upgrading installed packages" 2>&1 | tee -a $logFile;
 	echo "    $(date '+%Y-%m-%d %H:%M:%S')" 2>&1 | tee -a $logFile;
 	sudo apt-get upgrade -y 2>&1 | tee -a $logFile;

 	# Update Distribution
 	echo "[3] Upgrading distribution" 2>&1 | tee -a $logFile;
 	echo "    $(date '+%Y-%m-%d %H:%M:%S')" 2>&1 | tee -a $logFile;
 	sudo apt-get dist-upgrade -y 2>&1 | tee -a $logFile;

 	# Update Pi-hole
 	if [[ -f "/usr/local/bin/pihole" ]]; then
 		echo "[4] Updating Pi-hole" 2>&1 | tee -a $logFile;
 		echo "    $(date '+%Y-%m-%d %H:%M:%S')" 2>&1 | tee -a $logFile;
 		/usr/local/bin/pihole -up 2>&1 | tee -a $logFile;
 		/usr/local/bin/pihole -g 2>&1 | tee -a $logFile;
 	else
 		echo "[4] Pi-hole installation not found" 2>&1 | tee -a $logFile;
 		echo "    $(date '+%Y-%m-%d %H:%M:%S')" 2>&1 | tee -a $logFile;
 	fi

 	# Update Firmware
 	if [[ $(sudo JUST_CHECK=1 rpi-update | grep "Firmware update required. New commits available:" | head -n 1) != "" ]]; then
 		echo "[5] Updating Firmware" 2>&1 | tee -a $logFile;
 		echo "    $(date '+%Y-%m-%d %H:%M:%S')" 2>&1 | tee -a $logFile;
 		echo yes | sudo rpi-update 2>&1 | tee -a $logFile
 		if [[ "${PIPESTATUS[1]}" -ne 0 && ! -z "$appName" ]]; then
 			read -d '' postData << EOF
 				{
 					"source_device_iden":"$(head -1 ~/.config/pushbullet-source_device_iden | base64 -d)",
 					"title":"[$appName] ${0##*/}",
 					"body":"Failed to update $HOST firmware using rpi-update to\\\n\\\t\\\"$(ls -t /lib/modules | head -1)\\\". See logfile for details.\\\n$(date)\\\ndisk /\\\n\\\tfree:$(df --output=avail -h / | sed '1d')  used:$(df --output=pcent -h / | sed '1d')",
 					"type":"note"
 				}
 EOF
 		elif [[ ! -z "$appName" ]]; then
 			read -d '' postData << EOF
 				{
 					"source_device_iden":"$(head -1 ~/.config/pushbullet-source_device_iden | base64 -d)",
 					"title":"[$appName] ${0##*/}",
 					"body":"Updated from\\\n\\\t\\\"$(uname -a)\\\"\\\n to\\\n\\\t\\\"$(ls -t /lib/modules | head -1)\\\".\\\n$(date)\\\ndisk /\\\n\\\tfree:$(df --output=avail -h / | sed '1d')  used:$(df --output=pcent -h / | sed '1d')",
 					"type":"note"
 				}
 EOF
 		else
 			echo -e "\nManual run, not sending Pushbullet Notification.\n"
 		fi
 		curl --header "Access-Token: $(head -1 ~/.config/pushbullet-access_token | base64 -d)" \
 				 --header 'Content-Type: application/json' \
 				 --data-binary  "$postData" \
 				 --request POST \
 		https://api.pushbullet.com/v2/pushes | jq . >> $logFile
 		sudo reboot 2>&1 | tee -a $logFile;
 	fi

 	ssh 4-1103tx 'DISPLAY=:0 notify-send "ashesh@raspberrypi:~/bin/dailyUpdate.sh" "Completed scheduled update of RaspberryPi." --icon=dialog-information --category=transfer.complete --urgency=normal'

 else
 	echo -e "\n\e[0;31;47m PID $$ cannot acquire lock on $lockdir, exiting \e[0m\n"
 	exit 0
 fi

 #set +x
diff --git a/install-packages.sh b/install-packages.sh
 #!/bin/bash

 sudo apt install -y network-manager iotop
 sudo apt install -y network-manager-gtk
diff --git a/RaspbianPostInstall.md b/RaspbianPostInstall.md
	#!/bin/bash

	# Remove old Kernel Modules after update
	# Be careful with this.
	sudo rm -rf /lib/modules/!($(uname -r \| cut -f1 -d"-"))
	#!/bin/bash

	bash <(curl -Ss https://my-netdata.io/kickstart.sh) --disable-telemetry --stable-channel

	sudo cat << 'EOT' >> /usr/lib/netdata/conf.d/health.d/ri_temp.conf
	alarm: 5m_avg_temp
	on: sensors.temp_thermal_zone0_thermal_thermal_zone0
	os: linux
	hosts: RaspberryPi raspberrypi
	lookup: average -5m
	every: 5m
	green: 50
	red: 60
	warn: $this > $green
	crit: $this > $red
	delay: down 10m
	to:sysadmin
	EOT

	# manually set registery
	# https://docs.netdata.cloud/registry/#run-your-own-registry
	#!/bin/bash

	sudo apt-get install php-zip -y

	curl -sSL https://install.pi-hole.net \| bash

	sudo sed -i.bak d /etc/pihole/adlists.list
	sudo cat << EOT > /etc/pihole/adlists.list

	# The below list amalgamates several lists we used previously.
	# See `https://github.com/StevenBlack/hosts` for details
	##StevenBlack's list
	#https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
	#https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts
	#https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/gambling/hosts
	#https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/porn/hosts
	#https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/social/hosts
	https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn/hosts

	##MalwareDomains
	https://mirror1.malwaredomains.com/files/justdomains

	##Cameleon
	http://sysctl.org/cameleon/hosts

	##Zeustracker
	https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist

	##Disconnect.me Tracking
	https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt

	##Disconnect.me Ads
	https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt

	##Hosts-file.net
	https://hosts-file.net/ad_servers.txt

	# Mahakala list. Has been known to block legitimage domains including the entire .com range.
	# Warning: Due to the sheer size of this list, the web admin console will be unresponsive
	https://adblock.mahakala.is/

	##AdAway
	https://adaway.org/hosts.txt

	##hpHosts
	https://hosts-file.net/ad_servers.txt
	https://hosts-file.net/grm.txt
	https://hosts-file.net/exp.txt
	https://hosts-file.net/emd.txt
	https://hosts-file.net/psh.txt

	##ZeroDot1 CoinBlockerLists
	https://zerodot1.gitlab.io/CoinBlockerLists/hosts
	EOT

	/usr/local/bin/pihole -up && /usr/local/bin/pihole -g
	#!/bin/bash

	## https://www.raspberrypi.org/documentation/configuration/security.md

	read -r -p "Give name for new user: " username
	sudo useradd -m $username -G sudo
	sudo passwd $username

	#sudo deluser -remove-home pi

	sudo apt-get install -y needrestart unattended-upgrades
	sudo apt-get install -y openssh-server
	sudo apt-get install -y fail2ban firewall-applet firewall-config ufw
	sudo apt-get install -y wireshark
	#!/bin/bash

	#set -x

	lockdir="/tmp/dailyUpdate.lock"
	pidfile="$lockdir/$$.pid"

	logFile="/var/log/dailyUpdate.log"

	if [[ -z "$1" ]]; then
	echo "Script ${0##*/} started manually by $USER."
	else
	# Make sure you give the 1st argument as "cron" when using in crontab
	appName=$(dpkg-query -W -f='${binary:Package} ${Version}\n' "$1")
	fi

	if mkdir "$lockdir" &>/dev/null
	then
	echo -e "\n\e[0;32;47m PID $$ successfully acquired lock on $lockdir \e[0m\n"

	# Remove lockdir when the script finishes, or when it receives an EXIT signal
	trap 'rm -rf "$lockdir"; echo -e "\n\e[0;36;47m removed $lockdir \e[0m"' 0

	# Optionally create temporary files in this directory, because
	# they will be removed automatically:
	touch "$pidfile"

	if [[ ! -f "$logFile" ]]; then
	sudo touch $logFile
	sudo chmod 644 $logFile
	#change this!!!
	sudo chown ashesh $logFile
	fi

	ssh 4-1103tx 'DISPLAY=:0 notify-send "ashesh@raspberrypi:~/bin/dailyUpdate.sh" "Starting scheduled update of RaspberryPi." --icon=dialog-information --category=transfer.complete --urgency=normal'

	{ echo; date; echo "============================"; } >> $logFile

	# Update Packages
	echo "[1] Updating APT's binary cache files" 2>&1 \| tee -a $logFile;
	echo " $(date '+%Y-%m-%d %H:%M:%S')" 2>&1 \| tee -a $logFile;
	sudo apt-get update 2>&1 \| tee -a $logFile;
	echo "[2] Upgrading installed packages" 2>&1 \| tee -a $logFile;
	echo " $(date '+%Y-%m-%d %H:%M:%S')" 2>&1 \| tee -a $logFile;
	sudo apt-get upgrade -y 2>&1 \| tee -a $logFile;

	# Update Distribution
	echo "[3] Upgrading distribution" 2>&1 \| tee -a $logFile;
	echo " $(date '+%Y-%m-%d %H:%M:%S')" 2>&1 \| tee -a $logFile;
	sudo apt-get dist-upgrade -y 2>&1 \| tee -a $logFile;

	# Update Pi-hole
	if [[ -f "/usr/local/bin/pihole" ]]; then
	echo "[4] Updating Pi-hole" 2>&1 \| tee -a $logFile;
	echo " $(date '+%Y-%m-%d %H:%M:%S')" 2>&1 \| tee -a $logFile;
	/usr/local/bin/pihole -up 2>&1 \| tee -a $logFile;
	/usr/local/bin/pihole -g 2>&1 \| tee -a $logFile;
	else
	echo "[4] Pi-hole installation not found" 2>&1 \| tee -a $logFile;
	echo " $(date '+%Y-%m-%d %H:%M:%S')" 2>&1 \| tee -a $logFile;
	fi

	# Update Firmware
	if [[ $(sudo JUST_CHECK=1 rpi-update \| grep "Firmware update required. New commits available:" \| head -n 1) != "" ]]; then
	echo "[5] Updating Firmware" 2>&1 \| tee -a $logFile;
	echo " $(date '+%Y-%m-%d %H:%M:%S')" 2>&1 \| tee -a $logFile;
	echo yes \| sudo rpi-update 2>&1 \| tee -a $logFile
	if [[ "${PIPESTATUS[1]}" -ne 0 && ! -z "$appName" ]]; then
	read -d '' postData << EOF
	{
	"source_device_iden":"$(head -1 ~/.config/pushbullet-source_device_iden \| base64 -d)",
	"title":"[$appName] ${0##*/}",
	"body":"Failed to update $HOST firmware using rpi-update to\\\n\\\t\\\"$(ls -t /lib/modules \| head -1)\\\". See logfile for details.\\\n$(date)\\\ndisk /\\\n\\\tfree:$(df --output=avail -h / \| sed '1d') used:$(df --output=pcent -h / \| sed '1d')",
	"type":"note"
	}
	EOF
	elif [[ ! -z "$appName" ]]; then
	read -d '' postData << EOF
	{
	"source_device_iden":"$(head -1 ~/.config/pushbullet-source_device_iden \| base64 -d)",
	"title":"[$appName] ${0##*/}",
	"body":"Updated from\\\n\\\t\\\"$(uname -a)\\\"\\\n to\\\n\\\t\\\"$(ls -t /lib/modules \| head -1)\\\".\\\n$(date)\\\ndisk /\\\n\\\tfree:$(df --output=avail -h / \| sed '1d') used:$(df --output=pcent -h / \| sed '1d')",
	"type":"note"
	}
	EOF
	else
	echo -e "\nManual run, not sending Pushbullet Notification.\n"
	fi
	curl --header "Access-Token: $(head -1 ~/.config/pushbullet-access_token \| base64 -d)" \
	--header 'Content-Type: application/json' \
	--data-binary "$postData" \
	--request POST \
	https://api.pushbullet.com/v2/pushes \| jq . >> $logFile
	sudo reboot 2>&1 \| tee -a $logFile;
	fi

	ssh 4-1103tx 'DISPLAY=:0 notify-send "ashesh@raspberrypi:~/bin/dailyUpdate.sh" "Completed scheduled update of RaspberryPi." --icon=dialog-information --category=transfer.complete --urgency=normal'

	else
	echo -e "\n\e[0;31;47m PID $$ cannot acquire lock on $lockdir, exiting \e[0m\n"
	exit 0
	fi

	#set +x
	#!/bin/bash

	sudo apt install -y network-manager iotop
	sudo apt install -y network-manager-gtk